#openstack-keystone log

19:00:02 <lbragstad> #startmeeting keystone-office-hours
19:00:03 <openstack> Meeting started Tue Jul 18 19:00:02 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:00:04 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:00:07 <openstack> The meeting name has been set to 'keystone_office_hours'
19:00:34 <lbragstad> alright - who's around for office hours?
19:00:47 <knikolla> o/
19:02:37 <gagehugo> o/
19:03:53 <lbragstad> o/
19:04:54 <lbragstad> alright i'm working on trying to recreate https://bugs.launchpad.net/keystone/+bug/1694589
19:04:55 <openstack> Launchpad bug 1694589 in OpenStack Identity (keystone) "Federation protocol creation gives error" [Undecided,New]
19:05:00 <lbragstad> #link https://bugs.launchpad.net/keystone/+bug/1694589
19:17:52 <gagehugo> I will be helping with project tags mostly but feel free to ping me
19:18:01 <lbragstad> gagehugo: sounds good - no worries
19:23:05 <lbragstad> knikolla: you're an ldap guy
19:23:12 <lbragstad> right?
19:23:40 <knikolla> lbragstad: i wear that hat in keystone since, but don't have much experience outside
19:24:09 * lbragstad slaps an "LDAP Expert" sticker on knikolla
19:24:15 <lbragstad> knikolla: thoughts - https://bugs.launchpad.net/keystone/+bug/1704205 ?
19:24:16 <openstack> Launchpad bug 1704205 in OpenStack Identity (keystone) "GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error" [Undecided,New]
19:28:00 <knikolla> looking
19:28:48 <knikolla> lbragstad: seems like an easy fix
19:29:08 <lbragstad> knikolla: which part?
19:29:57 <knikolla> lbragstad: what i had in mind before reading the comments. reading the comments now.
19:34:12 <knikolla> lbragstad: i prefer the ' ' approach.
19:34:39 <lbragstad> knikolla: versus using '<missing>'
19:35:12 <knikolla> lbragstad: similar to https://review.openstack.org/#/c/458954/
19:35:15 <openstackgerrit> OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements  https://review.openstack.org/484553
19:36:15 <knikolla> <missing> is a special string. an empty string is an empty string.
19:36:50 <lbragstad> knikolla: yeah - i don't like the '<missing>' approach
19:37:02 <knikolla> the issue is where else will the app break with a missing name
19:37:28 <lbragstad> knikolla: the trick is going to be finding all those places and accounting for it
19:37:44 <lbragstad> and by it, I mean accounting for a misconfigured LDAP installation
19:40:47 <knikolla> lbragstad: yeah. where would we draw the line.
19:41:06 <knikolla> i think also having this as wont fix is acceptable.
19:41:55 <lbragstad> if we did filter within keystone - i would think logging each user that doesn't have a name attribute from LDAP is acceptable
19:43:42 <knikolla> lbragstad: or treat the user as disabled if required attributes are missing.
19:44:13 <lbragstad> knikolla: yeah - logging in addition to ignoring the user completely in keysotne
19:57:03 <lbragstad> knikolla: edmondsw adjusted the priority https://bugs.launchpad.net/keystone/+bug/1704205
19:57:04 <openstack> Launchpad bug 1704205 in OpenStack Identity (keystone) "GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error" [Low,Triaged]
19:59:05 <edmondsw> lbragstad I'm going to try to find time to work on that, or get someone else around here to do so. And don't be surprised if we ask about backporting once it's fixed
19:59:30 <edmondsw> may be low for you, but it's actually a pretty significant problem for us
19:59:37 <lbragstad> edmondsw: backporting to ocata should be fine if we get the fix in before pike releases
19:59:53 <lbragstad> edmondsw: i'm going to target it to pike-3 then
20:00:01 <edmondsw> tx
20:00:02 <knikolla> hmm… it will change behaviour. but of something which is broken. so should be fine.
20:00:26 <lbragstad> knikolla: the behavior is a 500 right now
20:00:39 <knikolla> exactly
20:00:56 <edmondsw> yeah... no interop concern there, at least ;)
20:02:10 <lbragstad> it would effectively fall under the first group here - http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes
20:02:14 <lbragstad> #link http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes
20:02:17 <lbragstad> knikolla: ^
20:02:47 <knikolla> yup
20:17:59 * cmurphy waves to office hours crowd
20:27:03 <knikolla> cmurphy: o/
20:45:28 <lbragstad> cmurphy: o/
20:45:48 <lbragstad> cmurphy: fwiw - i'm going through all new/untriaged bugs
20:53:10 <cmurphy> lbragstad: i'm reviewing mordredcode
20:57:57 <lbragstad> cmurphy: ksa?
20:59:11 <cmurphy> lbragstad: yup
20:59:19 <lbragstad> nice
21:00:16 <lbragstad> that's good because we're going to have to get a release together next week
21:00:47 <lbragstad> for python-keystoneclient and keystoneauth
21:51:25 * samueldmq is back
21:51:35 <samueldmq> lbragstad: office hours running now?
21:51:44 <lbragstad> samueldmq: yessir
21:51:50 <lbragstad> for another 9 minutes!
21:52:14 <samueldmq> lbragstad: nice, anything that needs an extra couple of eyes on?
21:52:25 <samueldmq> just 9 minutes left ?
21:54:50 <morgan> hm.
21:55:11 <morgan> samueldmq: can you look at https://review.openstack.org/#/c/483514/ and let me know if you see anything horribly wrong (looking for a couple spare eyes before writing the tests)
21:56:45 <samueldmq> morgan: sure, looking
21:57:07 <morgan> i am 100% positive some code will need to change.
21:57:17 <morgan> because zero testing.
21:57:43 <morgan> i'm looking for general direction good/bad/"WAIT WHAT WAS THAT?!?!" from folks before doing the next chunk of things which inc. testing
21:57:53 <morgan> s/testing/writing tests/
21:58:03 <samueldmq> morgan: am I understanding it wrong or ... is that an attempt to get something towards a static global catalog for the future?
21:58:38 <morgan> it is a method to do so
21:58:44 <morgan> it replaces templated backend
21:58:52 <morgan> with something that natively does v2/v3 catalogs
21:59:12 <samueldmq> morgan: then I assume we are expecting people to adopt more that
21:59:14 <morgan> and can accurately express most anything in the SQL catalog *except* endpoint groups, filtering, policy
21:59:23 <morgan> we have ~3% of the folks still using templated
21:59:24 <samueldmq> (as I dont think lots of folks use templated catalog as of today)
21:59:29 <morgan> according to the last user poll
21:59:32 <samueldmq> exactly
21:59:43 <morgan> and a general desire to be able to continue using a CMS managed catalog
22:00:01 <morgan> rather than an API driven one
22:00:29 <morgan> the templated one has not been well tested and is extremely limited in what it can produce
22:00:56 <morgan> part of why the templated one has limited use is because it has been semi-broken on an off.
22:01:23 <lbragstad> #endmeeting