19:00:02 #startmeeting keystone-office-hours 19:00:03 Meeting started Tue Jul 18 19:00:02 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot. 19:00:04 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 19:00:07 The meeting name has been set to 'keystone_office_hours' 19:00:34 alright - who's around for office hours? 19:00:47 o/ 19:02:37 o/ 19:03:53 o/ 19:04:54 alright i'm working on trying to recreate https://bugs.launchpad.net/keystone/+bug/1694589 19:04:55 Launchpad bug 1694589 in OpenStack Identity (keystone) "Federation protocol creation gives error" [Undecided,New] 19:05:00 #link https://bugs.launchpad.net/keystone/+bug/1694589 19:17:52 I will be helping with project tags mostly but feel free to ping me 19:18:01 gagehugo: sounds good - no worries 19:23:05 knikolla: you're an ldap guy 19:23:12 right? 19:23:40 lbragstad: i wear that hat in keystone since, but don't have much experience outside 19:24:09 * lbragstad slaps an "LDAP Expert" sticker on knikolla 19:24:15 knikolla: thoughts - https://bugs.launchpad.net/keystone/+bug/1704205 ? 19:24:16 Launchpad bug 1704205 in OpenStack Identity (keystone) "GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error" [Undecided,New] 19:28:00 looking 19:28:48 lbragstad: seems like an easy fix 19:29:08 knikolla: which part? 19:29:57 lbragstad: what i had in mind before reading the comments. reading the comments now. 19:34:12 lbragstad: i prefer the ' ' approach. 19:34:39 knikolla: versus using '' 19:35:12 lbragstad: similar to https://review.openstack.org/#/c/458954/ 19:35:15 OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/484553 19:36:15 is a special string. an empty string is an empty string. 19:36:50 knikolla: yeah - i don't like the '' approach 19:37:02 the issue is where else will the app break with a missing name 19:37:28 knikolla: the trick is going to be finding all those places and accounting for it 19:37:44 and by it, I mean accounting for a misconfigured LDAP installation 19:40:47 lbragstad: yeah. where would we draw the line. 19:41:06 i think also having this as wont fix is acceptable. 19:41:55 if we did filter within keystone - i would think logging each user that doesn't have a name attribute from LDAP is acceptable 19:43:42 lbragstad: or treat the user as disabled if required attributes are missing. 19:44:13 knikolla: yeah - logging in addition to ignoring the user completely in keysotne 19:57:03 knikolla: edmondsw adjusted the priority https://bugs.launchpad.net/keystone/+bug/1704205 19:57:04 Launchpad bug 1704205 in OpenStack Identity (keystone) "GET /v3/role_assignments?effective&include_names API fails with unexpected 500 error" [Low,Triaged] 19:59:05 lbragstad I'm going to try to find time to work on that, or get someone else around here to do so. And don't be surprised if we ask about backporting once it's fixed 19:59:30 may be low for you, but it's actually a pretty significant problem for us 19:59:37 edmondsw: backporting to ocata should be fine if we get the fix in before pike releases 19:59:53 edmondsw: i'm going to target it to pike-3 then 20:00:01 tx 20:00:02 hmm… it will change behaviour. but of something which is broken. so should be fine. 20:00:26 knikolla: the behavior is a 500 right now 20:00:39 exactly 20:00:56 yeah... no interop concern there, at least ;) 20:02:10 it would effectively fall under the first group here - http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes 20:02:14 #link http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes 20:02:17 knikolla: ^ 20:02:47 yup 20:17:59 * cmurphy waves to office hours crowd 20:27:03 cmurphy: o/ 20:45:28 cmurphy: o/ 20:45:48 cmurphy: fwiw - i'm going through all new/untriaged bugs 20:53:10 lbragstad: i'm reviewing mordredcode 20:57:57 cmurphy: ksa? 20:59:11 lbragstad: yup 20:59:19 nice 21:00:16 that's good because we're going to have to get a release together next week 21:00:47 for python-keystoneclient and keystoneauth 21:51:25 * samueldmq is back 21:51:35 lbragstad: office hours running now? 21:51:44 samueldmq: yessir 21:51:50 for another 9 minutes! 21:52:14 lbragstad: nice, anything that needs an extra couple of eyes on? 21:52:25 just 9 minutes left ? 21:54:50 hm. 21:55:11 samueldmq: can you look at https://review.openstack.org/#/c/483514/ and let me know if you see anything horribly wrong (looking for a couple spare eyes before writing the tests) 21:56:45 morgan: sure, looking 21:57:07 i am 100% positive some code will need to change. 21:57:17 because zero testing. 21:57:43 i'm looking for general direction good/bad/"WAIT WHAT WAS THAT?!?!" from folks before doing the next chunk of things which inc. testing 21:57:53 s/testing/writing tests/ 21:58:03 morgan: am I understanding it wrong or ... is that an attempt to get something towards a static global catalog for the future? 21:58:38 it is a method to do so 21:58:44 it replaces templated backend 21:58:52 with something that natively does v2/v3 catalogs 21:59:12 morgan: then I assume we are expecting people to adopt more that 21:59:14 and can accurately express most anything in the SQL catalog *except* endpoint groups, filtering, policy 21:59:23 we have ~3% of the folks still using templated 21:59:24 (as I dont think lots of folks use templated catalog as of today) 21:59:29 according to the last user poll 21:59:32 exactly 21:59:43 and a general desire to be able to continue using a CMS managed catalog 22:00:01 rather than an API driven one 22:00:29 the templated one has not been well tested and is extremely limited in what it can produce 22:00:56 part of why the templated one has limited use is because it has been semi-broken on an off. 22:01:23 #endmeeting