20:04:58 <stevemar> #startmeeting horizon-keystone
20:04:59 <openstack> Meeting started Thu Jan  5 20:04:58 2017 UTC and is due to finish in 60 minutes.  The chair is stevemar. Information about MeetBot at http://wiki.debian.org/MeetBot.
20:05:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
20:05:02 <openstack> The meeting name has been set to 'horizon_keystone'
20:05:18 <stevemar> ping crinkle, david-lyle, dolphm, dstanek, edtubill, kenji-i, knikolla, lbragstad, r1chardj0n3s, rderose, robcresswell, stevemar
20:05:37 <david-lyle> o/
20:05:46 <rderose> o/
20:05:50 <lbragstad> \o/
20:06:01 <gagehugo> o/
20:06:08 <stevemar> looks like we've got some bodies
20:06:08 <robcresswell> o/
20:06:16 <robcresswell> thanks for reminder stevemar
20:06:21 <stevemar> np
20:06:23 <stevemar> #topic v3 policy is not parseable using oslo.policy
20:06:30 <stevemar> #link https://etherpad.openstack.org/p/ocata-keystone-horizon
20:06:32 <stevemar> agenda ^
20:06:38 <stevemar> so starting off with some good news!
20:06:47 <stevemar> scroll to L167 on the etherpad
20:06:53 <stevemar> we knocked off one more bug :D
20:07:19 <lbragstad> stevemar you mean line 176?
20:07:40 <stevemar> sure, i mean that section :)
20:08:13 <lbragstad> stevemar ;)
20:08:15 <stevemar> so policy.v3cloudsample.json had a typo in it :(
20:08:28 <stevemar> and that caused issues for horizon over 2 releases, sigh
20:08:44 <stevemar> I added a test in keystone to make sure we attempt to load both sample policies
20:09:17 <stevemar> i have no idea why our tests which exercise the non-default policy wasn't getting hit, i don't think we "load" the whole policy like you guys do
20:09:37 <stevemar> set of patches that fixed it went here: https://review.openstack.org/#/q/topic:bug/1547684
20:09:47 <robcresswell> Cool
20:09:50 <robcresswell> Nice work!
20:10:02 <stevemar> \o/
20:10:19 <stevemar> crinkle_: you around?
20:11:09 <stevemar> looking at the items on the etherpad, we've got 4 more items that were identified at the summit -- that were seen as long standing pain points
20:11:38 <stevemar> 1) proper domain support, 2) k2k support, 3) roles (needs more detail), and 4) browsing LDAP users
20:11:47 <stevemar> #topic remaining work items
20:12:00 <stevemar> i know crinkle_ is working on 1) and edtubill is working on 2)
20:12:28 <edtubill> I can talk about k2k if you want
20:12:34 <stevemar> I wouldn't mind checking out 4) just to see what it looks like now, but it sounds solved?
20:13:24 <stevemar> edtubill: one sec :)
20:13:37 <edtubill> ok :)
20:13:50 <stevemar> david-lyle: will FILTER_DATA_FIRST cause a search / filter box show up on a specific panel?
20:14:16 <david-lyle> stevemar: the filter is already present, it just requires its use
20:15:00 <stevemar> david-lyle: so it'll skip the call to list all the instances if 'admin.instances': True?
20:15:24 <david-lyle> yes, wonder if we could add another condition for ldap backend
20:15:42 <stevemar> what key shuold i specify to have that behaviour with users? :)
20:15:42 <david-lyle> maybe an overreadh
20:16:00 <stevemar> admin.users?
20:16:09 <david-lyle> stevemar: identity.users
20:16:12 <stevemar> ah
20:16:23 <david-lyle> but I have to check if it's implemented there yet
20:16:30 <stevemar> let me try that out tonight or soon
20:16:30 <stevemar> oh
20:16:33 <stevemar> whaaat
20:17:33 <stevemar> i don't think it is implemented there :(
20:18:07 <david-lyle> me either
20:18:24 <stevemar> is it a lot work to implement it there? or for projects?
20:18:51 <stevemar> at first glance it seems pretty easy?
20:18:59 <stevemar> https://github.com/openstack/horizon/blob/a6b21647dea171d15c6ca16d3ad78f6cf4b1b0bc/openstack_dashboard/dashboards/admin/networks/views.py#L88-L98
20:19:30 <david-lyle> should be as long as the filter is set up
20:19:41 <stevemar> on the server side?
20:19:49 <david-lyle> yeah... looking
20:20:21 <david-lyle> it's there, not sure if complete
20:20:47 <david-lyle> I'll see if I can get ediardo to crank that out
20:20:56 <stevemar> wfm
20:21:48 <stevemar> thanks in advanced ediardo ;)
20:21:54 <stevemar> feel free to add me to any reviews
20:22:00 <stevemar> i'll gladly test things out
20:22:05 <stevemar> #topic k2k
20:22:19 <stevemar> edtubill: you have some decent looking patches up
20:22:34 <david-lyle> the refactor looks good I'm testing it out
20:22:40 <stevemar> https://review.openstack.org/#/q/topic:bp/k2k-horizon
20:22:47 <stevemar> all the reviews ^
20:23:11 <stevemar> david-lyle: yes, it looked OK to me -- tossed a +1 on it
20:23:20 <edtubill> stevemar:  Yeah,  so I did the refactoring and for the other two I need to finish up on the tests.
20:23:24 <david-lyle> trying out the corner cases is my only hold up
20:23:39 <david-lyle> code looks good
20:24:17 <edtubill> david-lyle stevemar: cool
20:24:42 <edtubill> david-lyle I still need to ask about creating the tests on horizon (not doa), not sure where to start
20:25:09 <david-lyle> edtubill ok we can chat after if you want
20:25:21 <edtubill> david-lyle: ok sounds good.
20:25:58 <stevemar> david-lyle: i assume DOA is a non-client lib? and subject to freeze in 2 weeks?
20:26:36 <david-lyle> stevemar: not sure when the freeze is, would have to ask Richard, but I assume so yes
20:26:50 <stevemar> https://releases.openstack.org/ocata/schedule.html
20:26:54 <stevemar> Jan 16-20	R-5	Final release for non-client libraries
20:27:22 <stevemar> edtubill: so you've got a deadline for DOA code :(   assuming you want this in O
20:27:46 <stevemar> plenty of time to add tests!
20:27:55 <david-lyle> Horizon has always been a bit more flexible, but I think we're moving away from that
20:28:09 <david-lyle> hence my unspecific answer :)
20:28:13 <edtubill> stevemar: ok, I'm gonna try to get the tests in as soon possible. But the non test code is available to review.
20:28:20 <robcresswell> horizon freeze is like next week iirc
20:28:26 <robcresswell> its one week before global FF
20:28:36 <robcresswell> because plugins kept yelling at us
20:28:36 <stevemar> yah, if something is nicely isolated I'm usually OK with is going in
20:29:01 <david-lyle> yeah k2k support shouldn't effect plugins
20:29:27 <stevemar> robcresswell: i have no idea what its like to be on the receiving end of yelling, everyone loves keystone
20:29:42 <stevemar> oh whoops, forgot these -- <sarcasm>
20:29:49 <robcresswell> :p
20:30:20 <stevemar> but i agree k2k shouldn't affect plugins
20:30:30 <stevemar> edtubill: bug david-lyle if you need help with tests
20:30:49 <stevemar> edtubill: also clu and tqtran work at ibm, so you can ping them too :P
20:30:52 <david-lyle> some of that may not be easily testable, we'll have to see
20:31:22 <edtubill> ok I'll bug david-lyle after this.
20:31:25 <david-lyle> our integration tests went away and spoofing k2k could be interesting
20:31:44 <david-lyle> we'll test as much as makes sense
20:32:45 <stevemar> edtubill: anything else to add?
20:33:17 <edtubill> stevemar: Nothing else, I think it's just the tests and the release notes I need to do.
20:34:03 <stevemar> yep, please don't hesitate on reaching out :)
20:34:13 <edtubill> stevemar: will do :)
20:34:26 <stevemar> last thing on the list from the summit is "roles"
20:35:45 <david-lyle> other than triaging it a bit, I have made no progress on that
20:35:50 <stevemar> i'm OK with skipping it, seems like something we need to verify
20:36:01 <stevemar> david-lyle: i'm not sure what there is to do?
20:36:22 <stevemar> sounds like you're saying it works, assume you are the purple text of the etherpad
20:36:37 <david-lyle> well, there's handling None as the project that could be added
20:37:42 <stevemar> david-lyle: the flows are the same for v2 and v3 right?
20:37:52 <david-lyle> yes, I think so
20:38:08 <david-lyle> in v3 we don't require a default project I believe
20:38:16 <stevemar> that sounds right
20:38:16 <david-lyle> may be the only difference
20:38:28 <stevemar> so for 'create user' you require a role be specified?
20:39:04 <stevemar> david-lyle: "for the user create we could just default to none and error out if the admin does not select a role "
20:39:10 <david-lyle> yes because a user without a role is somewhat useless
20:39:37 <stevemar> david-lyle: role assignment is handled in the same panel i guess?
20:39:48 <david-lyle> by defining a default role, we can try to guarantee the user can do something
20:39:57 <david-lyle> yes
20:40:21 <stevemar> yeah, i see what you mean. from an API point of view, creating a user with no role is fine, but they are functionally useless
20:40:36 <stevemar> bah, i need to look at the damn panels
20:41:04 <david-lyle> we could move to making roleless users
20:41:05 * stevemar boots up his vm
20:41:16 <david-lyle> but I think you'll get more support calls about that
20:41:26 <stevemar> yeah, no no, i get what you mean
20:41:32 <david-lyle> maybe not you personally
20:41:54 <stevemar> i was just thinking how we handle this in OSC
20:42:16 <stevemar> create user is a simple call, but you're right, it's just a line in a DB without a role on a project
20:42:37 <stevemar> we handle role assignment very differently though
20:44:52 <stevemar> #topic open discussion
20:45:10 <stevemar> i'm currently running devstack, so opening up the discussion
20:45:30 <stevemar> trying to see what exactly those panels look like david-lyle
20:46:23 <david-lyle> perfection
20:46:31 <david-lyle> ;)
20:46:59 <stevemar> *eye roll*
20:47:00 <stevemar> :P
20:47:06 <david-lyle> jealous
20:47:10 <david-lyle> :-D
20:47:10 <stevemar> true
20:47:25 <stevemar> if no else wants to chime in with corny jokes we can end the meeting early
20:47:45 <stevemar> see everyone next week, same bat time, same bat channel
20:47:51 <stevemar> #endmeeting