Monday, 2014-02-10

« Sunday, 2014-02-09 Index Tuesday, 2014-02-11 »
*** devoid has joined #openstack-dev00:00
*** bknudson has joined #openstack-dev00:02
*** joesavak has joined #openstack-dev00:02
*** atiwari has quit IRC00:03
*** jsavak has joined #openstack-dev00:03
*** yamahata has quit IRC00:04
*** joesavak has quit IRC00:07
*** tjones has joined #openstack-dev00:08
*** ihrachyshka has quit IRC00:08
*** tjones has quit IRC00:09
*** praneshp has quit IRC00:11
*** jsavak has quit IRC00:17
*** buzztroll has quit IRC00:19
*** bauzas has quit IRC00:22
*** sarob has joined #openstack-dev00:24
*** tjones has joined #openstack-dev00:25
*** CaptTofu has joined #openstack-dev00:26
*** mikeoutland has joined #openstack-dev00:26
*** sarob has quit IRC00:28
*** mikeoutland has quit IRC00:33
*** alex_xu has quit IRC00:35
*** markmcclain has joined #openstack-dev00:38
*** markmcclain has quit IRC00:43
*** tjones has quit IRC00:43
*** tjones has joined #openstack-dev00:44
*** buzztroll has joined #openstack-dev00:50
*** gokrokve has joined #openstack-dev00:50
*** yamahata has joined #openstack-dev00:54
*** buzztroll has quit IRC00:54
*** yongli has joined #openstack-dev00:57
*** tjones has quit IRC00:58
*** buzztroll has joined #openstack-dev00:59
*** mwagner_lap has joined #openstack-dev00:59
*** sungju has quit IRC01:02
*** noslzzp has quit IRC01:02
*** nosnos has joined #openstack-dev01:12
*** Chaser has joined #openstack-dev01:15
*** e0ne has quit IRC01:17
*** buzztroll has quit IRC01:19
*** dims has joined #openstack-dev01:21
*** nosnos_ has joined #openstack-dev01:21
*** nosnos_ has quit IRC01:21
*** nosnos has quit IRC01:22
*** nosnos_ has joined #openstack-dev01:22
*** noslzzp has joined #openstack-dev01:23
*** CaptTofu has quit IRC01:24
*** dkehn__ has quit IRC01:24
*** locke105 has quit IRC01:24
*** sarob has joined #openstack-dev01:25
*** dkehn__ has joined #openstack-dev01:25
*** locke105 has joined #openstack-dev01:25
*** jasondotstar has joined #openstack-dev01:26
*** ytwu has quit IRC01:27
*** Chaser has quit IRC01:29
*** ytwu has joined #openstack-dev01:29
*** CaptTofu has joined #openstack-dev01:30
*** sarob has quit IRC01:30
*** xingchao has joined #openstack-dev01:31
*** yamahata has quit IRC01:33
*** ijw has quit IRC01:33
*** tserong has joined #openstack-dev01:33
*** Tross1 has quit IRC01:40
*** derekh has quit IRC01:41
*** yamahata has joined #openstack-dev01:48
*** Tross has joined #openstack-dev01:51
*** RajeshMohan has quit IRC01:51
*** kushal has joined #openstack-dev01:52
*** RajeshMohan has joined #openstack-dev01:53
*** dsirrine has joined #openstack-dev01:53
*** buzztroll has joined #openstack-dev01:53
*** yamahata has quit IRC01:53
*** morganfainberg_Z is now known as morganfainberg01:56
morganfainbergflaper87|afk, you're afk01:56
morganfainbergflaper87|afk, when you see this, i need to know why you're aiming to make openstack.common.cache not hard-require oslo.config (or other oslo-isms)01:57
morganfainbergflaper87|afk, because ideally, I'd like to fall back onto some oslo-isms for convienence01:57
*** buzztroll has quit IRC01:57
morganfainbergflaper87|afk, but if there is a good reason not to, i can work around it.01:58
*** yaguang has joined #openstack-dev02:02
*** dbalog has left #openstack-dev02:08
*** networkstatic has joined #openstack-dev02:08
*** e0ne has joined #openstack-dev02:10
*** dsirrine has quit IRC02:14
*** unicell1 is now known as unicell02:20
*** unicell has joined #openstack-dev02:20
*** tsekiyama has joined #openstack-dev02:20
*** qiuyu has left #openstack-dev02:26
*** BStokes has quit IRC02:28
*** erkules_ has joined #openstack-dev02:28
*** sarob has joined #openstack-dev02:28
*** BStokes has joined #openstack-dev02:28
*** erkules has quit IRC02:31
*** yongli has quit IRC02:31
*** sarob has quit IRC02:32
*** CaptTofu has quit IRC02:32
*** kushal has quit IRC02:33
*** yamahata has joined #openstack-dev02:36
*** MaxV has joined #openstack-dev02:37
*** MaxV has quit IRC02:42
*** dkehn__ is now known as dkehn_02:45
*** iamben_tw has quit IRC02:49
*** iamben_tw has joined #openstack-dev02:50
*** buzztroll has joined #openstack-dev02:53
*** buzztroll has quit IRC02:58
*** dstanek has joined #openstack-dev02:59
*** ijw has joined #openstack-dev03:00
*** Tross has quit IRC03:01
*** tdruiva has joined #openstack-dev03:04
*** mikeoutland has joined #openstack-dev03:12
*** mikeoutl_ has joined #openstack-dev03:18
*** edmund1 has joined #openstack-dev03:18
*** morganfainberg is now known as morganfainberg_Z03:19
*** mikeoutland has quit IRC03:20
*** edmund has quit IRC03:20
*** benonsoftware has quit IRC03:20
*** morganfainberg_Z is now known as morganfainberg03:20
*** buzztroll has joined #openstack-dev03:23
*** benonsoftware has joined #openstack-dev03:23
*** buzztroll has quit IRC03:23
*** buzztrol_ has joined #openstack-dev03:23
*** dkranz has quit IRC03:25
*** Chaser has joined #openstack-dev03:25
*** buzztrol_ has quit IRC03:28
*** sarob has joined #openstack-dev03:28
*** bearhands is now known as comstud03:29
*** harlowja is now known as harlowja_away03:30
*** paragan has joined #openstack-dev03:31
*** markmcclain has joined #openstack-dev03:31
*** buzztroll has joined #openstack-dev03:34
*** sarob has quit IRC03:34
*** buzztroll has quit IRC03:35
*** kushal has joined #openstack-dev03:36
*** dsirrine has joined #openstack-dev03:37
*** sarob has joined #openstack-dev03:38
*** e0ne has quit IRC03:42
*** sarob has quit IRC03:43
*** irenab has joined #openstack-dev03:46
*** pradeep has joined #openstack-dev03:47
*** doug_shelley66 has quit IRC03:49
*** Tross has joined #openstack-dev03:50
*** dsirrine has quit IRC03:57
*** mikeoutl_ has quit IRC04:03
*** stevemar has joined #openstack-dev04:05
*** angdraug has joined #openstack-dev04:06
*** baoli has quit IRC04:06
*** mriedem has joined #openstack-dev04:10
*** e0ne has joined #openstack-dev04:10
*** Tross has quit IRC04:14
*** mikeoutland has joined #openstack-dev04:20
*** Tross has joined #openstack-dev04:20
*** jasondotstar has quit IRC04:21
*** aditirav has joined #openstack-dev04:25
*** stevemar has quit IRC04:25
*** tjones has joined #openstack-dev04:25
*** gongysh has joined #openstack-dev04:25
*** sarob has joined #openstack-dev04:32
*** CaptTofu has joined #openstack-dev04:33
*** tjones has quit IRC04:35
*** sarob has quit IRC04:36
*** CaptTofu has quit IRC04:38
*** irenab has quit IRC04:38
*** tsekiyama has quit IRC04:38
*** MaxV has joined #openstack-dev04:39
*** aditirav has quit IRC04:41
*** aditirav has joined #openstack-dev04:42
*** MaxV has quit IRC04:44
*** stevemar has joined #openstack-dev04:45
stevemarmorganfainberg, now you're the one lurking04:46
*** buzztroll has joined #openstack-dev04:46
morganfainbergstevemar, lies.04:46
morganfainbergstevemar, i am actually writing code.  about to post WIP for cache in oslo-incubator04:46
*** alex_xu has joined #openstack-dev04:47
stevemarmorganfainberg, i guess they have a later code cut off date?04:48
morganfainbergstevemar, oslo-incubator?04:48
morganfainbergstevemar, no real cut-off04:48
morganfainbergstevemar, it's on the projects to sync04:48
stevemarmorganfainberg, good point04:48
morganfainbergstevemar, but i am trying to merge KVS in keystone w/ caching04:48
stevemarmorganfainberg, so, this means you are all done your keystone stuff :)04:49
morganfainbergstevemar, nah, still have 1 BP i need to start04:49
morganfainbergstevemar, i'll start that tomorrow04:49
*** dencaval has quit IRC04:49
morganfainbergstevemar, ephemeral keys.04:49
morganfainbergerm tokens04:49
stevemarmorganfainberg, 5 days or so, no biggie04:49
morganfainbergnah04:49
*** aditirav_ has joined #openstack-dev04:49
morganfainbergstevemar, i also have a load of things pending anyway :(04:49
morganfainbergand i need to get on reviews04:49
morganfainbergstevemar, plus i also have CMS work to do for my company :P04:50
morganfainbergstevemar, **eek*04:50
*** buzztroll has quit IRC04:50
morganfainbergstevemar, but i actually need at least a WIP of this posted because it's going to be a big changeset.04:50
*** jvrbanac has quit IRC04:51
morganfainbergstevemar, and i figure there will be a lot of back-and-forth on it04:51
*** aditirav has quit IRC04:52
*** aditirav_ is now known as aditirav04:52
*** jasondotstar has joined #openstack-dev04:53
*** sushils has quit IRC04:54
*** buzztroll has joined #openstack-dev05:05
*** buzztroll has quit IRC05:08
*** sumanthns has joined #openstack-dev05:13
*** jvrbanac has joined #openstack-dev05:14
*** buzztroll has joined #openstack-dev05:15
*** buzztroll has quit IRC05:15
*** chandankumar_ has joined #openstack-dev05:17
*** stevemar has quit IRC05:19
*** david_lyle_ has joined #openstack-dev05:20
*** irenab has joined #openstack-dev05:20
*** david_lyle_ is now known as david_lyle05:22
*** devoid has quit IRC05:22
*** david-lyle has quit IRC05:23
*** e0ne has quit IRC05:24
*** kushal has quit IRC05:24
*** buzztroll has joined #openstack-dev05:28
*** fc__ has quit IRC05:29
*** tjones has joined #openstack-dev05:30
*** tjones has quit IRC05:30
*** sarob has joined #openstack-dev05:32
*** nshaikh has joined #openstack-dev05:34
*** YorikSar has quit IRC05:34
*** kushal has joined #openstack-dev05:36
*** coolsvap has joined #openstack-dev05:38
*** sarob has quit IRC05:39
*** mriedem has quit IRC05:42
*** sarob has joined #openstack-dev05:42
*** markwash has joined #openstack-dev05:44
*** mriedem has joined #openstack-dev05:45
*** mriedem has quit IRC05:47
*** AMike has joined #openstack-dev05:47
*** AMike has quit IRC05:47
*** AMike has joined #openstack-dev05:47
*** sarob has quit IRC05:47
*** markwash has quit IRC05:48
*** markwash has joined #openstack-dev05:49
*** tsekiyama has joined #openstack-dev05:49
*** tsekiyama has quit IRC05:50
*** rdas has joined #openstack-dev05:51
*** mohits has joined #openstack-dev05:52
*** mikeoutland has quit IRC05:55
*** nosnos has joined #openstack-dev05:56
*** e0ne has joined #openstack-dev05:56
*** noslzzp has quit IRC05:56
*** nosnos has quit IRC05:57
*** nosnos has joined #openstack-dev05:58
*** nosnos has quit IRC05:58
*** boris-42_ has quit IRC05:58
*** nosnos has joined #openstack-dev05:59
*** Ryan_Lane has quit IRC05:59
*** nosnos_ has quit IRC05:59
*** e0ne has quit IRC06:00
*** mikeoutland has joined #openstack-dev06:02
*** jasondotstar has quit IRC06:02
*** david_lyle_ has joined #openstack-dev06:04
*** amotoki has joined #openstack-dev06:05
*** david_lyle has quit IRC06:05
*** mikeoutland has quit IRC06:06
*** Ryan_Lane has joined #openstack-dev06:09
*** markmcclain has quit IRC06:13
*** kiwnix has joined #openstack-dev06:16
*** xazel has quit IRC06:16
*** markmcclain has joined #openstack-dev06:16
*** markmcclain1 has joined #openstack-dev06:18
*** doug_shelley66 has joined #openstack-dev06:18
*** rohitk has joined #openstack-dev06:20
*** markmcclain has quit IRC06:21
*** buzztroll has quit IRC06:28
*** avishay has joined #openstack-dev06:30
*** buzztroll has joined #openstack-dev06:34
*** CaptTofu has joined #openstack-dev06:34
*** sarob has joined #openstack-dev06:36
*** tkammer has joined #openstack-dev06:38
*** CaptTofu has quit IRC06:39
*** sarob has quit IRC06:40
*** MaxV has joined #openstack-dev06:41
*** markmcclain1 has quit IRC06:42
*** kiwnix has quit IRC06:43
*** MaxV has quit IRC06:45
*** zoresvit has quit IRC06:46
*** nosnos has quit IRC06:47
*** ihrachyshka has joined #openstack-dev06:47
*** nosnos_ has joined #openstack-dev06:48
*** zoresvit has joined #openstack-dev06:48
*** NikitaKonovalov_ is now known as NikitaKonovalov06:52
*** saju_m has joined #openstack-dev06:53
*** NikitaKonovalov is now known as NikitaKonovalov_06:55
*** YorikSar has joined #openstack-dev06:58
*** saju_m has quit IRC07:00
*** YorikSar has quit IRC07:00
*** david_lyle_ has quit IRC07:02
*** YorikSar has joined #openstack-dev07:02
*** killer_prince has quit IRC07:03
*** chandankumar_ has quit IRC07:07
*** chandan_kumar has joined #openstack-dev07:07
jamielennoxwho would be the best person to find to talk to about pecan problems?07:08
*** uaberme has joined #openstack-dev07:08
*** Nikolay_St has joined #openstack-dev07:09
*** rohitk has quit IRC07:10
*** david-lyle has joined #openstack-dev07:12
*** praneshp has joined #openstack-dev07:13
*** igor has joined #openstack-dev07:16
*** saju_m has joined #openstack-dev07:17
*** dims has quit IRC07:18
*** dims has joined #openstack-dev07:19
*** igor has quit IRC07:20
*** igor has joined #openstack-dev07:21
*** ijw has quit IRC07:21
*** halfie has quit IRC07:26
*** retr0h has quit IRC07:26
*** rohitk has joined #openstack-dev07:27
*** halfie has joined #openstack-dev07:27
*** retr0h has joined #openstack-dev07:27
*** yolanda has joined #openstack-dev07:30
*** xqueralt has joined #openstack-dev07:31
*** tkammer has quit IRC07:32
*** belmoreira has joined #openstack-dev07:34
*** sarob has joined #openstack-dev07:36
*** buzztroll has quit IRC07:39
*** halfie has quit IRC07:42
*** jprovazn has joined #openstack-dev07:42
*** ppetit has joined #openstack-dev07:43
*** vartom1111111118 has joined #openstack-dev07:43
*** sarob has quit IRC07:43
*** MaxV has joined #openstack-dev07:44
*** halfie has joined #openstack-dev07:44
*** ifarkas has joined #openstack-dev07:44
*** praneshp has quit IRC07:45
*** ihrachyshka has quit IRC07:46
*** sarob has joined #openstack-dev07:46
*** mflobo has joined #openstack-dev07:46
*** HenryG has quit IRC07:47
*** sushil_ has joined #openstack-dev07:47
*** ihrachyshka has joined #openstack-dev07:47
*** tkammer has joined #openstack-dev07:47
*** HenryG has joined #openstack-dev07:48
*** gokrokve has quit IRC07:48
*** MaxV has quit IRC07:48
*** sarob has quit IRC07:51
*** ihrachyshka has quit IRC07:51
*** I159 has joined #openstack-dev07:52
*** xga has joined #openstack-dev07:52
*** nelsnelson has quit IRC07:55
*** nelsnelson has joined #openstack-dev07:55
*** sweston_ has joined #openstack-dev07:57
*** boris-42_ has joined #openstack-dev07:57
*** corXi has joined #openstack-dev07:57
*** Drankis has joined #openstack-dev07:58
*** evgenyf has joined #openstack-dev07:58
*** sweston has quit IRC07:58
*** cnesa has quit IRC07:59
*** salv-orlando has joined #openstack-dev07:59
*** markwash has quit IRC07:59
*** ijw has joined #openstack-dev08:00
*** giulivo has joined #openstack-dev08:00
*** nosnos_ has quit IRC08:02
*** nosnos has joined #openstack-dev08:02
*** ekarlso has quit IRC08:04
*** lsmola has joined #openstack-dev08:05
*** ekarlso has joined #openstack-dev08:05
*** bauzas has joined #openstack-dev08:08
*** ekarlso has quit IRC08:12
*** coolsvap1 has joined #openstack-dev08:13
*** sushils_ has joined #openstack-dev08:13
*** ekarlso has joined #openstack-dev08:13
*** pasquier-s has joined #openstack-dev08:14
*** NikitaKonovalov_ is now known as NikitaKonovalov08:16
*** thouveng has joined #openstack-dev08:16
*** coolsvap has quit IRC08:17
*** sushil_ has quit IRC08:17
*** jcoufal has joined #openstack-dev08:18
*** gokrokve has joined #openstack-dev08:18
*** e0ne has joined #openstack-dev08:19
*** MaxV has joined #openstack-dev08:20
*** MaxV has quit IRC08:20
*** marekd|away is now known as marekd08:20
*** yeylon__ has joined #openstack-dev08:20
*** gokrokve_ has joined #openstack-dev08:20
*** pleia2 has quit IRC08:21
*** rmk has quit IRC08:21
*** morganfainberg has quit IRC08:22
*** d0ugal has joined #openstack-dev08:22
*** d0ugal has quit IRC08:22
*** d0ugal has joined #openstack-dev08:22
*** romcheg1 has joined #openstack-dev08:22
*** MaxV has joined #openstack-dev08:22
*** rmk has joined #openstack-dev08:23
*** rmk has quit IRC08:23
*** rmk has joined #openstack-dev08:23
*** pleia2 has joined #openstack-dev08:23
*** morganfainberg has joined #openstack-dev08:23
*** gokrokve has quit IRC08:23
*** ihrachyshka has joined #openstack-dev08:25
*** cnesa has joined #openstack-dev08:25
*** gokrokve_ has quit IRC08:26
*** iartarisi has joined #openstack-dev08:27
*** e0ne has quit IRC08:28
*** zyluo has joined #openstack-dev08:30
*** Ryan_Lane has quit IRC08:30
*** nmagnezi has joined #openstack-dev08:31
*** dtantsur has joined #openstack-dev08:31
*** coolsvap1 has quit IRC08:33
*** CaptTofu has joined #openstack-dev08:35
*** CaptTofu has quit IRC08:39
*** jgallard has joined #openstack-dev08:41
*** sahid has joined #openstack-dev08:42
*** zyluo has quit IRC08:43
*** zoresvit has quit IRC08:45
*** dshulyak has joined #openstack-dev08:48
*** flaper87|afk is now known as flaper8708:49
*** jistr has joined #openstack-dev08:49
flaper87morganfainberg: ping08:49
flaper87morganfainberg: you around ?08:49
morganfainbergflaper87, was just about to go to bed08:50
morganfainbergit's late08:50
*** buzztroll has joined #openstack-dev08:50
flaper87morganfainberg: ttyl, sleep well08:50
morganfainbergflaper87, first pass https://review.openstack.org/#/c/72291/08:50
*** ygbo has joined #openstack-dev08:50
*** feleouet has joined #openstack-dev08:50
morganfainbergflaper87, please take a look at it08:50
morganfainbergi know it'll fail pep8, have a typo (too few lines between function defs)08:50
morganfainbergbut, it is a start and more in line with what keystone already has implemented08:51
*** ijw has quit IRC08:51
morganfainbergi also included the start for @memoize decorator08:51
morganfainbergflaper87, ^08:51
morganfainbergflaper87, i look forward to comments/collaboration.  and for information on the current dogpile backends: http://dogpilecache.readthedocs.org/en/latest/08:52
flaper87morganfainberg: ok, will do! Can't promisse I'll have a whole lot of time today but I'll try08:52
morganfainbergflaper87, i have a ton of otherthigns to work on, but i figured it was important to get something up to have you, dims, and anyone else look at08:53
morganfainbergflaper87, that was interested in a key-value-store / memoization system08:53
flaper87morganfainberg: +1 thanks for working on that!08:53
morganfainbergflaper87, also, i will provide a couple example backends before it goes "live" (the in-memory one that comes with dogpile has some... *ahem* limitations, that make it less functional than it should be for even a "test" backend)08:54
*** buzztroll has quit IRC08:54
morganfainberganyways... cheers:) have a good day08:54
*** aditirav has quit IRC08:54
*** aditirav has joined #openstack-dev08:55
*** matrohon has joined #openstack-dev08:58
*** AnilV4 has joined #openstack-dev09:00
*** avishayb has joined #openstack-dev09:00
*** safchain has joined #openstack-dev09:00
*** fc__ has joined #openstack-dev09:01
*** tkammer has quit IRC09:02
*** yolanda has quit IRC09:04
*** jpich has joined #openstack-dev09:04
*** yolanda has joined #openstack-dev09:05
*** yolanda has quit IRC09:06
*** vartom1111111119 has joined #openstack-dev09:06
*** vartom1111111118 has quit IRC09:07
*** e0ne has joined #openstack-dev09:07
*** pradeep has quit IRC09:07
*** yolanda has joined #openstack-dev09:07
*** pradeep has joined #openstack-dev09:08
*** yolanda has quit IRC09:08
*** coolsvap has joined #openstack-dev09:08
*** derekh has joined #openstack-dev09:08
*** paragan has quit IRC09:11
*** jamieh has joined #openstack-dev09:11
*** yolanda has joined #openstack-dev09:12
*** yassine has joined #openstack-dev09:12
*** nacim has joined #openstack-dev09:12
*** yolanda has quit IRC09:14
*** tkammer has joined #openstack-dev09:15
*** yolanda has joined #openstack-dev09:16
*** yolanda has quit IRC09:16
*** yolanda has joined #openstack-dev09:17
*** yolanda has quit IRC09:17
*** yolanda has joined #openstack-dev09:18
*** yolanda has quit IRC09:19
*** florentflament has joined #openstack-dev09:19
*** yolanda has joined #openstack-dev09:19
*** athomas has joined #openstack-dev09:20
*** gokrokve has joined #openstack-dev09:21
*** mmagr has joined #openstack-dev09:22
*** lucasagomes has joined #openstack-dev09:22
*** mkerrin has joined #openstack-dev09:23
*** yolanda has quit IRC09:23
*** yolanda has joined #openstack-dev09:23
*** kushal has quit IRC09:24
*** sushils_ has quit IRC09:24
*** sushil_ has joined #openstack-dev09:25
*** yolanda has quit IRC09:25
*** gokrokve has quit IRC09:26
*** yolanda has joined #openstack-dev09:26
*** danpb has joined #openstack-dev09:28
*** morganfainberg is now known as morganfainberg_Z09:28
*** mjbot has joined #openstack-dev09:28
*** afazekas has joined #openstack-dev09:29
*** sushil_ has quit IRC09:29
*** eglynn has joined #openstack-dev09:29
*** coolsvap1 has joined #openstack-dev09:32
*** pradeep1 has joined #openstack-dev09:33
*** pradeep has quit IRC09:33
*** krtaylor has quit IRC09:33
*** krtaylor has joined #openstack-dev09:34
*** yolanda has quit IRC09:34
*** yolanda has joined #openstack-dev09:35
*** paragan has joined #openstack-dev09:35
*** paragan has quit IRC09:35
*** paragan has joined #openstack-dev09:35
*** coolsvap has quit IRC09:35
*** jcoufal has quit IRC09:36
*** jtomasek has joined #openstack-dev09:36
*** jcoufal has joined #openstack-dev09:36
*** kushal has joined #openstack-dev09:37
*** e0ne_ has joined #openstack-dev09:38
*** e0ne has quit IRC09:38
*** fc__ has quit IRC09:39
*** pschaef has joined #openstack-dev09:39
*** bvandenh has joined #openstack-dev09:39
*** sarob has joined #openstack-dev09:40
*** gszasz has joined #openstack-dev09:41
*** comay has quit IRC09:44
*** sarob has quit IRC09:47
*** xga has quit IRC09:47
*** xga has joined #openstack-dev09:47
*** sarob has joined #openstack-dev09:50
*** kolesovdv has joined #openstack-dev09:54
*** sarob has quit IRC09:55
*** gszasz has quit IRC09:56
*** networkstatic has quit IRC09:57
*** fc__ has joined #openstack-dev09:59
*** jasondotstar has joined #openstack-dev10:00
*** gcha has joined #openstack-dev10:00
*** jp_at_hp has joined #openstack-dev10:01
*** andreykurilin has quit IRC10:02
*** andreykurilin has joined #openstack-dev10:02
*** alex_xu has quit IRC10:05
*** capri has quit IRC10:06
*** capri has joined #openstack-dev10:08
*** ihrachyshka has quit IRC10:08
*** markmc has joined #openstack-dev10:10
*** avishayb has quit IRC10:16
*** gongysh has quit IRC10:20
*** networkstatic has joined #openstack-dev10:20
*** networkstatic has quit IRC10:20
*** sergmelikyan has joined #openstack-dev10:21
*** gokrokve has joined #openstack-dev10:21
*** DinaBelova_ is now known as DinaBelova10:21
*** pixelb has joined #openstack-dev10:23
*** gokrokve has quit IRC10:26
*** yatin has joined #openstack-dev10:26
*** paragan has quit IRC10:28
*** jcoufal has quit IRC10:32
*** RajeshMohan has quit IRC10:33
*** xgsa has joined #openstack-dev10:33
*** jtomasek has quit IRC10:33
*** ifarkas has quit IRC10:34
*** RajeshMohan has joined #openstack-dev10:34
*** ppetit has quit IRC10:34
*** ifarkas has joined #openstack-dev10:35
*** CaptTofu has joined #openstack-dev10:36
*** amotoki has quit IRC10:38
*** jcoufal has joined #openstack-dev10:39
*** CaptTofu has quit IRC10:41
*** yamahata has quit IRC10:41
*** aditirav has quit IRC10:42
*** coolsvap_ has joined #openstack-dev10:43
*** sarob has joined #openstack-dev10:44
*** yaguang has quit IRC10:45
*** jtomasek has joined #openstack-dev10:45
*** ppetit has joined #openstack-dev10:46
*** xga_ has joined #openstack-dev10:46
*** avishayb has joined #openstack-dev10:46
*** coolsvap1 has quit IRC10:46
*** xga has quit IRC10:46
*** sushil_ has joined #openstack-dev10:47
*** coolsvap1 has joined #openstack-dev10:48
*** sarob has quit IRC10:48
*** coolsvap_ has quit IRC10:51
*** CaptTofu has joined #openstack-dev10:52
*** coolsvap has joined #openstack-dev10:52
*** yassine has quit IRC10:53
*** coolsvap1 has quit IRC10:53
*** gcha has quit IRC10:54
*** Tingting has joined #openstack-dev10:59
*** jasondotstar has quit IRC11:00
*** ArxCruz has joined #openstack-dev11:01
*** erkules_ is now known as erkules11:04
*** jasondotstar has joined #openstack-dev11:06
*** xingchao has quit IRC11:07
*** irenab has quit IRC11:08
rushiagrSomething's broken with gerrit11:09
rushiagrChange ID links are not working, showing '$1' in the URL and not change ID11:09
*** jgallard has quit IRC11:10
*** safchain has quit IRC11:11
*** safchain has joined #openstack-dev11:12
TingtingHey, we're conducting cloud research in London, and need to find Openstack experts. I'm wondering if anybody here would be interested in it or could advise on how to find them. Any advices would be appreciated! Thanks.11:16
*** gokrokve has joined #openstack-dev11:21
*** vkmc has joined #openstack-dev11:21
*** jtomasek has quit IRC11:22
*** jamieh has quit IRC11:23
*** gszasz has joined #openstack-dev11:25
*** gokrokve has quit IRC11:25
*** pcm_ has joined #openstack-dev11:26
*** CaptTofu has quit IRC11:29
*** pcm_ has quit IRC11:29
*** pcm_ has joined #openstack-dev11:30
*** venkatesh has joined #openstack-dev11:30
*** venkatesh_ has joined #openstack-dev11:30
*** sweston_ has quit IRC11:31
*** jamieh has joined #openstack-dev11:31
*** MaxV has quit IRC11:32
sergmelikyanCan someone share a link to example of handling notifications from oslo.messaging?11:33
sergmelikyanA lot of examples of emitting but could not find clean example of handling.11:33
*** rgerganov has joined #openstack-dev11:34
*** xga_ has quit IRC11:34
*** xga has joined #openstack-dev11:35
*** jasondotstar has quit IRC11:35
*** DinaBelova is now known as DinaBelova_11:39
*** RajeshMohan has quit IRC11:40
*** RajeshMohan has joined #openstack-dev11:41
*** sarob has joined #openstack-dev11:44
*** enykeev has joined #openstack-dev11:45
*** ifarkas_ has joined #openstack-dev11:47
*** tdruiva has quit IRC11:48
*** rodrigods has joined #openstack-dev11:49
*** rodrigods has joined #openstack-dev11:49
*** tonix__ has joined #openstack-dev11:49
*** ifarkas has quit IRC11:51
*** sarob has quit IRC11:51
*** tonix_ has quit IRC11:53
*** rfolco has joined #openstack-dev11:54
*** YorikSar has quit IRC11:57
*** HenryG has quit IRC11:58
*** CaptTofu has joined #openstack-dev11:59
*** rmk has quit IRC11:59
*** rodrigods has quit IRC12:00
*** CrackerJackMack has quit IRC12:00
*** nspmangalore has joined #openstack-dev12:00
*** sudorandom has quit IRC12:01
*** pleia2 has quit IRC12:01
*** pleia2 has joined #openstack-dev12:02
*** jtomasek has joined #openstack-dev12:02
*** MaxV has joined #openstack-dev12:03
*** cburgess has quit IRC12:04
*** CaptTofu has quit IRC12:04
*** nspmangalore has quit IRC12:04
*** xga_ has joined #openstack-dev12:05
*** DinaBelova_ is now known as DinaBelova12:05
*** sudorandom has joined #openstack-dev12:06
*** xga has quit IRC12:07
*** pleia2 has quit IRC12:07
*** MaxV has quit IRC12:07
*** MaxV_ has joined #openstack-dev12:07
*** pleia2 has joined #openstack-dev12:07
*** CrackerJackMack has joined #openstack-dev12:09
*** lbragstad has quit IRC12:09
*** cburgess has joined #openstack-dev12:11
*** rmk has joined #openstack-dev12:11
*** irenab has joined #openstack-dev12:14
*** HenryG has joined #openstack-dev12:14
*** venkatesh_ has quit IRC12:17
*** venkatesh has quit IRC12:17
*** viktors has joined #openstack-dev12:18
*** tdruiva has joined #openstack-dev12:19
*** FunnyLookinHat has joined #openstack-dev12:20
*** CaptTofu has joined #openstack-dev12:21
*** gokrokve has joined #openstack-dev12:21
*** yamahata has joined #openstack-dev12:22
*** gokrokve has quit IRC12:25
*** CaptTofu has quit IRC12:26
*** mkollaro has joined #openstack-dev12:26
*** jamieh has quit IRC12:30
*** tdruiva has quit IRC12:31
*** jamieh has joined #openstack-dev12:31
*** CaptTofu has joined #openstack-dev12:31
*** CaptTofu has quit IRC12:32
*** tmclaugh[work] has joined #openstack-dev12:32
*** CaptTofu has joined #openstack-dev12:32
*** IanGovett has joined #openstack-dev12:33
*** CaptTofu_ has joined #openstack-dev12:35
*** CaptTofu has quit IRC12:35
*** alex_xu has joined #openstack-dev12:37
*** athomas has quit IRC12:37
*** david_lyle_ has joined #openstack-dev12:38
*** bhuvan has joined #openstack-dev12:38
*** athomas has joined #openstack-dev12:39
*** kushal has quit IRC12:39
*** mohits has quit IRC12:41
*** david-lyle has quit IRC12:42
*** tdruiva has joined #openstack-dev12:43
*** epopt37 has quit IRC12:45
*** lbragstad has joined #openstack-dev12:46
*** sarob has joined #openstack-dev12:47
*** raildo has joined #openstack-dev12:49
*** coolsvap has quit IRC12:50
*** sarob has quit IRC12:52
*** dshulyak has quit IRC12:53
*** epopt37 has joined #openstack-dev12:55
*** baoli has joined #openstack-dev12:55
*** sumanthns has quit IRC12:56
*** kragniz has joined #openstack-dev12:57
*** nosnos_ has joined #openstack-dev12:58
*** thouveng has quit IRC12:59
*** killer_prince has joined #openstack-dev12:59
*** eglynn is now known as eglynn-lunch12:59
*** joesavak has joined #openstack-dev13:00
*** nosnos has quit IRC13:01
*** romcheg1 has quit IRC13:02
*** lucasagomes is now known as lucas-hungry13:02
*** max_lobur_afk is now known as max_lobur13:03
*** nosnos_ has quit IRC13:03
*** avishayb has quit IRC13:03
*** bauzas has quit IRC13:03
*** avishayb has joined #openstack-dev13:04
*** bauzas has joined #openstack-dev13:04
*** CaptTofu_ has quit IRC13:05
*** xga__ has joined #openstack-dev13:05
*** xga_ has quit IRC13:06
*** jsavak has joined #openstack-dev13:06
*** dshulyak has joined #openstack-dev13:07
*** nosnos has joined #openstack-dev13:07
*** joesavak has quit IRC13:10
*** vladikr has joined #openstack-dev13:10
*** esheffield has quit IRC13:11
*** esheffield has joined #openstack-dev13:11
*** ndipanov has joined #openstack-dev13:11
*** gcha has joined #openstack-dev13:11
*** jgallard has joined #openstack-dev13:11
*** rtheis has joined #openstack-dev13:12
*** esheffield has quit IRC13:12
*** saju_m has quit IRC13:12
*** esheffield has joined #openstack-dev13:13
*** tonix__ has quit IRC13:13
*** ilyashakhat has quit IRC13:14
*** rodrigods has joined #openstack-dev13:15
*** yassine has joined #openstack-dev13:16
*** dave_tucker is now known as dave_tucker_zzz13:17
*** jdob has joined #openstack-dev13:20
*** gokrokve has joined #openstack-dev13:21
*** rodrigods has quit IRC13:23
*** bhuvan has quit IRC13:24
*** Alexei_987 has joined #openstack-dev13:25
*** pschaef has quit IRC13:25
*** sergmelikyan has quit IRC13:27
*** gokrokve has quit IRC13:27
*** romcheg1 has joined #openstack-dev13:30
*** bhuvan has joined #openstack-dev13:31
*** bswartz has quit IRC13:31
*** ilyashakhat has joined #openstack-dev13:32
*** jsavak has quit IRC13:33
*** jruzicka has joined #openstack-dev13:34
*** mrodden1 has quit IRC13:35
*** jruzicka is now known as nenen13:37
*** rohitk has quit IRC13:37
*** tongli has joined #openstack-dev13:38
*** baoli_ has joined #openstack-dev13:38
*** julienvey has joined #openstack-dev13:38
*** venkatesh has joined #openstack-dev13:39
*** dbalog has joined #openstack-dev13:39
*** baoli has quit IRC13:40
*** eglynn-lunch is now known as eglynn13:42
*** nshaikh has quit IRC13:43
*** dsirrine has joined #openstack-dev13:44
*** alex_xu has quit IRC13:44
*** sgordon has joined #openstack-dev13:45
*** sgordon has joined #openstack-dev13:45
*** xingchao has joined #openstack-dev13:46
*** dave_tucker_zzz is now known as dave_tucker13:46
*** romcheg has quit IRC13:46
*** kolesovdv has quit IRC13:46
*** max_lobur is now known as max_lobur_afk13:47
*** dims has quit IRC13:47
*** romcheg has joined #openstack-dev13:48
*** sarob has joined #openstack-dev13:48
*** achampion has quit IRC13:49
*** mrodden has joined #openstack-dev13:49
*** giroro_ has quit IRC13:49
*** baoli_ is now known as baoli13:50
*** dims has joined #openstack-dev13:50
*** rohitk has joined #openstack-dev13:51
*** julienvey_ has joined #openstack-dev13:53
*** julienvey_ has quit IRC13:53
*** sarob has quit IRC13:54
*** Ruetobas has joined #openstack-dev13:55
*** achampion has joined #openstack-dev13:56
*** yamahata has quit IRC13:56
*** eharney has joined #openstack-dev13:56
*** dklyle has joined #openstack-dev13:58
*** sarob has joined #openstack-dev13:58
*** safchain has quit IRC13:58
*** cagrev has joined #openstack-dev13:59
*** thomasem has joined #openstack-dev13:59
*** yamahata has joined #openstack-dev13:59
*** browne has joined #openstack-dev13:59
*** rtheis has quit IRC14:00
*** safchain has joined #openstack-dev14:00
*** vartom1111111119 has quit IRC14:00
*** achampion has quit IRC14:01
*** omachace has joined #openstack-dev14:01
*** mfer has joined #openstack-dev14:01
*** david_lyle_ has quit IRC14:01
*** lucas-hungry is now known as lucasagomes14:01
sdaguelbragstad: where's the hangout for this?14:01
lbragstadsdague: just sent you an invite14:02
*** sarob has quit IRC14:03
*** tdruiva has quit IRC14:05
*** tdruiva has joined #openstack-dev14:06
*** venkatesh has quit IRC14:07
*** romcheg1 has quit IRC14:07
*** pberis has joined #openstack-dev14:08
*** rohitk has quit IRC14:09
*** dprince has joined #openstack-dev14:09
*** sundjango has quit IRC14:09
*** pradeep1 has quit IRC14:10
*** jamieh has quit IRC14:10
*** e0ne has joined #openstack-dev14:10
*** morazi has joined #openstack-dev14:11
*** hartsocks has joined #openstack-dev14:11
*** bhuvan has quit IRC14:12
*** e0ne_ has quit IRC14:12
*** hartsocks has quit IRC14:13
*** jamieh has joined #openstack-dev14:16
*** rtheis has joined #openstack-dev14:17
*** jobewan has joined #openstack-dev14:17
*** haomaiwang has quit IRC14:17
*** haomaiwang has joined #openstack-dev14:17
*** stevemar has joined #openstack-dev14:18
*** e0ne_ has joined #openstack-dev14:20
*** henrique has quit IRC14:20
*** vijendar1 has quit IRC14:20
*** gokrokve has joined #openstack-dev14:21
*** bauzas has quit IRC14:23
*** cfriesen has joined #openstack-dev14:23
*** e0ne has quit IRC14:23
*** bauzas has joined #openstack-dev14:24
*** tdruiva has quit IRC14:24
*** tdruiva has joined #openstack-dev14:25
*** rossella_s has joined #openstack-dev14:25
*** gokrokve has quit IRC14:26
*** xga_ has joined #openstack-dev14:26
*** max_lobur_afk is now known as max_lobur14:27
*** xga__ has quit IRC14:27
*** jecarey has joined #openstack-dev14:28
raildodolphm: ping14:28
*** jecarey_ has joined #openstack-dev14:29
*** Sumeniac has joined #openstack-dev14:29
*** jistr has quit IRC14:29
*** morazi has quit IRC14:31
*** morazi has joined #openstack-dev14:32
*** stevemar has quit IRC14:32
*** jtomasek has quit IRC14:33
*** dtantsur has quit IRC14:33
*** aeperezt has joined #openstack-dev14:33
*** browne1 has joined #openstack-dev14:33
*** browne2 has joined #openstack-dev14:34
*** ramishra has joined #openstack-dev14:35
*** browne2 has quit IRC14:35
*** browne2 has joined #openstack-dev14:35
*** mdomsch has joined #openstack-dev14:35
*** sirushti has left #openstack-dev14:35
*** browne has quit IRC14:35
*** boris-42_ has quit IRC14:36
*** tdruiva has quit IRC14:36
*** READ10 has joined #openstack-dev14:37
*** ewindisch has joined #openstack-dev14:37
*** yatin has quit IRC14:38
*** browne1 has quit IRC14:38
*** prad has joined #openstack-dev14:38
*** chris_johnson has joined #openstack-dev14:39
*** dvarga has joined #openstack-dev14:39
*** jistr has joined #openstack-dev14:39
*** ayoung-ZzZz is now known as ayoung14:40
*** obondarev_ has joined #openstack-dev14:41
ayoungdolphm, please remote the -2 https://review.openstack.org/#/c/71181/14:41
*** peristeri has joined #openstack-dev14:42
*** edmund1 has quit IRC14:43
*** gordc has joined #openstack-dev14:43
*** mriedem has joined #openstack-dev14:43
*** achampion has joined #openstack-dev14:44
*** burt1 has joined #openstack-dev14:45
*** nermina has joined #openstack-dev14:45
*** ndipanov has quit IRC14:47
*** browne2 has left #openstack-dev14:47
*** dtantsur has joined #openstack-dev14:47
*** edmund has joined #openstack-dev14:49
*** matsuhashi has joined #openstack-dev14:49
*** shortstop has joined #openstack-dev14:49
*** browne has joined #openstack-dev14:50
*** tdruiva has joined #openstack-dev14:50
*** vijendar has joined #openstack-dev14:50
*** gszasz has quit IRC14:50
*** tdruiva has quit IRC14:51
*** gszasz has joined #openstack-dev14:51
*** tdruiva has joined #openstack-dev14:51
*** sarob has joined #openstack-dev14:51
*** avishayb has quit IRC14:52
*** dperaza has joined #openstack-dev14:54
*** ramishra has quit IRC14:54
*** ramishra has joined #openstack-dev14:55
*** jordanP has joined #openstack-dev14:55
*** sarob has quit IRC14:56
*** byeager has joined #openstack-dev14:56
*** FunnyLookinHat has quit IRC14:56
*** dperaza1 has quit IRC14:57
jordanPmriedem, regarding the tempest patch "Make endpoint type configurable" : I didn't get why you suggested to abondon your patch regarding s/config.images/config.image/. It looks just fine, I could make my patch depends on yours ?14:57
mriedemjordanP: feel free to rebase on mine14:58
mriedemmine is in a 2-patch series though14:58
mriedembut should be fine14:58
jordanPI'll try to use yours14:58
*** yamahata has quit IRC14:59
*** noslzzp has joined #openstack-dev14:59
*** ramishra_ has joined #openstack-dev15:00
*** xqueralt has quit IRC15:00
*** xqueralt has joined #openstack-dev15:01
*** ramishra has quit IRC15:01
*** irenab has quit IRC15:01
*** saju_m has joined #openstack-dev15:02
*** bhuvan has joined #openstack-dev15:02
*** yamahata has joined #openstack-dev15:03
*** joesavak has joined #openstack-dev15:03
*** damnsmith is now known as dansmith15:03
*** saju_m has quit IRC15:03
*** xingchao has quit IRC15:04
*** kevinconway has joined #openstack-dev15:04
*** saju_m has joined #openstack-dev15:04
*** xingchao has joined #openstack-dev15:04
*** devoid has joined #openstack-dev15:05
*** CaptTofu has joined #openstack-dev15:05
*** AlanClark has joined #openstack-dev15:05
*** gordc has quit IRC15:07
*** max_lobur is now known as max_lobur_afk15:07
*** markwash has joined #openstack-dev15:07
*** nenen has quit IRC15:07
*** otherwiseguy has joined #openstack-dev15:08
*** jmckind has joined #openstack-dev15:08
*** pschaef has joined #openstack-dev15:09
*** radez_g0n3 is now known as radez15:09
*** rcleere has quit IRC15:10
*** CaptTofu has quit IRC15:10
*** spzala has joined #openstack-dev15:11
*** sdague has quit IRC15:12
*** waverider has joined #openstack-dev15:12
*** gordc has joined #openstack-dev15:13
*** vartom1111111119 has joined #openstack-dev15:13
*** mkollaro has quit IRC15:14
*** andreykurilin has quit IRC15:14
*** bhuvan has quit IRC15:14
*** xingchao has quit IRC15:14
*** dklyle is now known as david-lyle15:15
*** jgrimm has joined #openstack-dev15:16
openstackstatusNOTICE: the gate is experiencing delays due to nodepool resource issues (fix in progress, eta 16:00 utc)15:16
*** ChanServ changes topic to "the gate is experiencing delays due to nodepool resource issues (fix in progress, eta 16:00 utc)"15:16
*** rwsu has joined #openstack-dev15:17
*** max_lobur_afk is now known as max_lobur15:18
*** jdennis has joined #openstack-dev15:18
*** mrodden has quit IRC15:20
*** chandan_kumar has quit IRC15:20
*** gokrokve has joined #openstack-dev15:21
*** jruzicka has joined #openstack-dev15:22
*** tsekiyama has joined #openstack-dev15:23
*** stevemar has joined #openstack-dev15:23
*** tiamar has joined #openstack-dev15:24
*** gokrokve has quit IRC15:25
*** mrodden has joined #openstack-dev15:26
*** mbernacc has joined #openstack-dev15:27
*** gokrokve has joined #openstack-dev15:28
jgriffithmarkmc: Thanks for filing that bug: https://bugs.launchpad.net/cinder/+bug/127841615:29
uvirtbotLaunchpad bug 1278416 in cinder "remove_iscsi_target() fails with ENOENT trying to unlink file (dup-of: 1277362)" [High,New]15:29
uvirtbotLaunchpad bug 1277362 in cinder "OSError: [Errno 2] No such file or directory: '/opt/stack/data/cinder/volumes/volume-" [High,In progress]15:29
*** sdague has joined #openstack-dev15:29
jgriffithmarkmc: I marked it as a dup, in progress patch now15:29
*** waverider has left #openstack-dev15:30
markmcjgriffith, cool, thanks15:30
*** mriedem has quit IRC15:30
markmcjgriffith, I tried searching for a dup based on the traceback15:31
*** vartom1111111119 has quit IRC15:31
*** rdas has quit IRC15:32
*** markwash has quit IRC15:32
*** jnoller has joined #openstack-dev15:33
Alexei_987lifeless: ping15:33
*** galstrom_zzz is now known as galstrom15:33
*** sweston has joined #openstack-dev15:33
*** armax has joined #openstack-dev15:34
*** bhuvan has joined #openstack-dev15:36
dhellmannjamielennox: if you're still looking for help with pecan, try #pecanpy15:36
*** bauzas has quit IRC15:36
*** matsuhashi has quit IRC15:37
*** nosnos has quit IRC15:37
*** yamahata has quit IRC15:37
*** nosnos has joined #openstack-dev15:37
*** dkranz has joined #openstack-dev15:37
*** matsuhashi has joined #openstack-dev15:37
*** saju_m has quit IRC15:37
*** sweston has quit IRC15:38
*** stevemar has quit IRC15:39
ayoungdolphm, I need to test verification of the existing format and the new format, thus I need both sets of files.15:39
*** CaptTofu has joined #openstack-dev15:39
*** stevemar has joined #openstack-dev15:39
*** saju_m has joined #openstack-dev15:40
*** boris-42_ has joined #openstack-dev15:40
*** dims has quit IRC15:41
*** rcleere has joined #openstack-dev15:41
dolphmayoung: then heavily document that one format is deprecated, and explain why support remains. those files are basically end-user documentation, and the presentation is confusing15:41
*** markwash has joined #openstack-dev15:42
*** xga has joined #openstack-dev15:42
*** xarses has quit IRC15:42
*** xga_ has quit IRC15:42
*** tkammer has quit IRC15:43
*** dims has joined #openstack-dev15:45
*** FunnyLookinHat has joined #openstack-dev15:46
*** markwash has quit IRC15:46
*** tanisdl has joined #openstack-dev15:47
*** afazekas has quit IRC15:47
*** bhuvan has quit IRC15:50
jgriffithmarkmc: yeah, I figured you looked and my description just wasn't good.15:50
dolphmraildo: o/15:50
jgriffithmarkmc: I didn't put the traceback in there, should have15:51
jgriffithmarkmc: anyway, should link from yours now, thanks for the detailed report on it15:51
*** sarob has joined #openstack-dev15:52
*** gcha has quit IRC15:52
*** NikitaKonovalov is now known as NikitaKonovalov_15:53
*** nermina has quit IRC15:53
*** bauzas has joined #openstack-dev15:53
*** dvarga is now known as dvarga|away15:54
*** dvarga|away is now known as dvarga15:54
raildodolphm: I and tellesnobrega have a doubts about the implementation of the hierarchical project and we think you could help us.Is it possible there is a project with more than one father?15:56
dolphmraildo: how would that be useful?15:57
*** haomai___ has joined #openstack-dev15:57
*** kgriffs_afk is now known as kgriffs15:57
*** dvarga has quit IRC15:57
*** DinaBelova is now known as DinaBelova_15:57
*** sarob has quit IRC15:57
raildoI thought about the possibility of two projects make a "partnership" to create another project. Not sure if this would be true.15:58
*** AlexF has joined #openstack-dev15:59
*** carl_baldwin has joined #openstack-dev15:59
*** tkammer has joined #openstack-dev15:59
dolphmraildo: i'd rather not complicate the model beyond what vishy prototyped, unless there's a strong use case we'd like to pursue separately16:00
*** haomaiwang has quit IRC16:00
*** jprovazn has quit IRC16:00
*** jmontemayor has joined #openstack-dev16:00
*** comay has joined #openstack-dev16:00
*** devoid has quit IRC16:00
*** mikeoutland has joined #openstack-dev16:00
*** jpomero has joined #openstack-dev16:00
*** chris_johnson is now known as wchrisj|away16:01
*** Ruetobas has quit IRC16:01
*** jckasper has joined #openstack-dev16:01
raildodolphm: It was just a question that came up, but now it's clear. thank you =]16:01
*** AlexF has quit IRC16:01
*** wchrisj|away is now known as chris_johnson16:02
*** radez is now known as radez_g0n316:02
*** atiwari has joined #openstack-dev16:02
*** Ruetobas has joined #openstack-dev16:03
*** dvarga has joined #openstack-dev16:05
*** zul has joined #openstack-dev16:05
*** dave_tucker is now known as dave_tucker_zzz16:05
*** mriedem has joined #openstack-dev16:06
*** bswartz has joined #openstack-dev16:06
*** nosnos has quit IRC16:06
*** hartsocks has joined #openstack-dev16:07
*** radez_g0n3 is now known as radez16:07
*** matsuhashi has quit IRC16:07
*** xqueralt has quit IRC16:08
*** Ruetobas has quit IRC16:08
*** AlexF has joined #openstack-dev16:08
*** sweston has joined #openstack-dev16:09
*** sweston is now known as sweston_16:09
*** mgagne has joined #openstack-dev16:11
*** ifarkas_ has quit IRC16:12
*** terrylhowe has joined #openstack-dev16:12
*** Ruetobas has joined #openstack-dev16:13
*** mbernacc has quit IRC16:15
*** david_lyle_ has joined #openstack-dev16:16
*** networkstatic has joined #openstack-dev16:17
*** dave_tucker_zzz is now known as dave_tucker16:17
*** KurtMartin is now known as kmartin16:17
*** reed has joined #openstack-dev16:18
ayoungdolphm, sounds good.   I did a sync of versionutils from oslo to python-keystoneclient.  I am ot certain, though, what we want to put in the deprecated message.  obviosul as_off is not appropriate for a library that is not released on the ICEHOUSE etc  schedule.  I can use in_favor_of, though.  does it make sense to say (in_favor_of="cmsz format") or remove_in...?16:19
*** thedodd has joined #openstack-dev16:19
*** jotan has joined #openstack-dev16:19
*** david-lyle has quit IRC16:20
*** sdake has quit IRC16:20
*** tkammer has quit IRC16:21
*** sdake has joined #openstack-dev16:21
*** sdake has quit IRC16:21
*** sdake has joined #openstack-dev16:21
openstackstatusNOTICE: jobs are running for changes again, but there's a bit of a backlog so it will still probably take a few hours for everything to catch up16:21
*** ChanServ changes topic to "OpenStack development || Support is in #openstack"16:21
*** bvandenh has quit IRC16:21
*** mrda_away is now known as mrda16:22
*** xgsa has quit IRC16:22
*** xarses has joined #openstack-dev16:23
*** dtantsur has quit IRC16:23
*** ijw has joined #openstack-dev16:23
*** stevemar has quit IRC16:23
*** david_lyle_ has quit IRC16:24
*** FunnyLookinHat has quit IRC16:24
*** johnthetubaguy has joined #openstack-dev16:25
*** ramishra_ has quit IRC16:25
*** nermina has joined #openstack-dev16:25
*** Drankis has quit IRC16:26
*** jtomasek has joined #openstack-dev16:26
*** dprince_ has joined #openstack-dev16:28
*** utlemming has joined #openstack-dev16:29
*** FunnyLookinHat has joined #openstack-dev16:29
*** ramishra has joined #openstack-dev16:29
*** dprince has quit IRC16:29
*** tanisdl has quit IRC16:30
*** beekneemech is now known as bnemec16:30
*** reed has quit IRC16:31
*** reed_ has joined #openstack-dev16:31
*** arosen has joined #openstack-dev16:32
*** jdob has quit IRC16:32
*** jdob_ has joined #openstack-dev16:32
*** ndipanov has joined #openstack-dev16:33
*** jistr has quit IRC16:33
*** jistr has joined #openstack-dev16:34
*** CaptTofu has quit IRC16:35
*** fabiomorais has joined #openstack-dev16:35
*** fabiomorais has left #openstack-dev16:36
*** reed_ has quit IRC16:36
*** dtantsur has joined #openstack-dev16:36
*** bhuvan has joined #openstack-dev16:37
*** mlavalle has joined #openstack-dev16:37
*** corXi has quit IRC16:37
*** belmoreira has quit IRC16:37
*** ysk has quit IRC16:38
*** thuc has joined #openstack-dev16:38
*** thuc has quit IRC16:39
*** viktors has quit IRC16:39
*** thuc has joined #openstack-dev16:39
*** terrylhowe_ has joined #openstack-dev16:40
*** terrylhowe_ has left #openstack-dev16:41
*** hartsocks has quit IRC16:42
*** tjones has joined #openstack-dev16:43
*** markmcclain has joined #openstack-dev16:43
*** jgallard has quit IRC16:46
*** markmcclain1 has joined #openstack-dev16:46
*** igor has quit IRC16:47
*** xqueralt has joined #openstack-dev16:47
*** AlexF has quit IRC16:47
*** markmcclain has quit IRC16:47
*** igor has joined #openstack-dev16:47
*** evgenyf has quit IRC16:50
*** tanisdl has joined #openstack-dev16:50
marekdhttps://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L146 it looks like scoping the token is just limited to checking whether the porject exists and is enable. Then, when do we actually check if the user can access that project?16:50
*** nmagnezi has quit IRC16:51
*** devoid has joined #openstack-dev16:51
*** igor has quit IRC16:52
*** pmathews has joined #openstack-dev16:52
*** gyee has joined #openstack-dev16:53
*** mmagr has quit IRC16:53
*** xga has quit IRC16:53
marekddolphm: around?16:54
*** yeylon__ has quit IRC16:54
*** sarob has joined #openstack-dev16:55
*** ysk has joined #openstack-dev16:55
*** xga has joined #openstack-dev16:55
*** jdennis has quit IRC16:56
*** jsavak has joined #openstack-dev16:56
*** dvarga has quit IRC16:56
*** dvarga has joined #openstack-dev16:56
*** dprince_ has quit IRC16:57
tellesnobregaayoung: hi, i have some questions about the creation of the root project for hierarchical projects in keystone16:57
*** gokrokve has quit IRC16:57
ayoungtellesnobrega, OK, but be forewarned that you will only get *my* opinion, not the group consensus16:58
tellesnobregaayoung: ok16:58
dolphmmarekd: o/16:58
tellesnobregaayoung: from what i got, the root project should be hard coded, right?16:59
*** spzala has quit IRC16:59
dolphmtellesnobrega: correct16:59
*** saju_m has quit IRC16:59
ayoungtellesnobrega, Id or name?16:59
dolphmayoung: it's just an id -- it's not an actual entity16:59
*** joesavak has quit IRC17:00
tellesnobregajust id17:00
*** sarob has quit IRC17:00
ayoungthe id is probably going to be autogenerated default, but overridable in the config file17:00
ayoungthe name is going to be ""17:00
ayoungor sometihing17:00
tellesnobregai see17:00
tellesnobregaim going to start working on it now, i have no idea where to start with it17:00
dolphmayoung: the id is a static 'openstack' according to previous discussions17:00
*** sarob has joined #openstack-dev17:00
*** jdennis has joined #openstack-dev17:01
dolphmayoung: it doesn't need to be mutable in the config17:01
*** dave_tucker is now known as dave_tucker_zzz17:01
*** tqtran has joined #openstack-dev17:01
dolphmayoung: it's just a concept, it doesn't need to be an actual record or anything17:01
*** marcoemorais has joined #openstack-dev17:01
*** jcoufal has quit IRC17:02
*** cadenzajon has joined #openstack-dev17:02
*** xga_ has joined #openstack-dev17:03
*** gokrokve has joined #openstack-dev17:03
marekddolphm: need your opinion on scoping federation-tokens. Do you think it's enough just to use the unscoped token id, use auth method 'token' and send scope: {project_id: "idhere" }  in a body, or rather write another auth plugin? So far I have seen that there is no direct check on role when the scope is being set (https://github.com/openstack/keystone/blob/master/keystone/auth/controllers.py#L146).17:03
*** xga has quit IRC17:03
ayoungdolphm, I wonder about that.  THe origianal reason for uuid was to get things that were "cross cloud"  and now we are saying it all is one be hierarchy?  It means that something specifc to a root project in one deployment is the same as the root project on anohter one.17:03
*** baoli has quit IRC17:04
*** CaptTofu has joined #openstack-dev17:04
tellesnobregadolphm, ayoung, can you guys point me where should i start coding this? I don't have a profound knowledge of keystone code, so i'm not sure what should go where17:04
ayoungwhen I was contemplating the distributed token signing, it became clear that such an approach would required "belongs to my keystone" or not17:04
*** jsavak has quit IRC17:04
*** yamahata has joined #openstack-dev17:04
*** baoli has joined #openstack-dev17:04
ayoungtellesnobrega, look at the identity-api documents.  We need that before code17:04
*** saju_m has joined #openstack-dev17:04
dolphmmarekd: let's switch to pm for just a second17:04
marekddolphm: sure.17:05
*** markwash has joined #openstack-dev17:05
*** dtantsur has quit IRC17:05
*** DinaBelova_ is now known as DinaBelova17:06
dolphmayoung: the full project ID can still be unique17:06
dolphmayoung: slash, they will still be unique unless we start allowing user-defined project id's17:06
*** hartsocks has joined #openstack-dev17:07
*** david-lyle has joined #openstack-dev17:08
*** yamahata has quit IRC17:08
*** arunkant has joined #openstack-dev17:08
ayoungdolphm, agreed for the subprojects, just wondering if the root project needs the same disabiguation, or if we would treat root project things as inherantly non-exportable.  IE,  I would never be able to do someong on cloud-deployment-B based on a role I had in root projct on Cloud-deployment-.17:09
*** alop has joined #openstack-dev17:09
*** dave_tucker_zzz is now known as dave_tucker17:09
*** yamahata has joined #openstack-dev17:09
*** andreaf has joined #openstack-dev17:09
*** markmcclain1 has quit IRC17:09
*** asselin has joined #openstack-dev17:09
ayoungtellesnobrega, what feature of it are you going to work on first?  I can guide you through the code17:09
*** markmc has quit IRC17:09
*** networkstatic has quit IRC17:09
tellesnobregaayoung: first i want to create the root project17:10
*** markmcclain has joined #openstack-dev17:10
*** e0ne_ has quit IRC17:10
*** dprince has joined #openstack-dev17:10
tellesnobregai think that should be the first thing to have hierarchical projects17:10
dolphmayoung: bring it up at the meeting on friday?17:10
dolphmayoung: sounds like a juno + 1 thing, at the earliest17:11
*** buzztroll has joined #openstack-dev17:11
ayoungtellesnobrega, a root project would be just a project.17:12
ayoungthat would be a data migration17:12
dolphmtellesnobrega: i think you need to migrate away the domain table first, personally (make them projects); i think morganfainberg_Z might have had a different idea (can't recall exactly)17:12
*** blentz has quit IRC17:12
ayoungdolphm, ++17:12
dolphmtellesnobrega: then refactor the sql identity driver to work with "domains" (where a "domain" is a project will a null parent_project_id)17:12
dolphmsql assignment* driver17:13
*** rossella_s has quit IRC17:13
ayoungso, instert into project values  (...) where id = ...17:13
dolphmtellesnobrega: there's an outline of steps on the bp in keystone17:13
*** relaxdiego has joined #openstack-dev17:13
tellesnobregaayoung, dolphm ok17:13
ayoungselect id from domain;17:13
*** iartarisi has quit IRC17:13
*** coolsvap has joined #openstack-dev17:14
ayoungtellesnobrega, probably next step is to convert the fk domain_id to a local key, with "none" as an acceptable value17:14
ayoungand then drop the domain table17:14
ayoung3 migrations, I would recommend, one for each step17:14
ayoungwe need an API for "get project by name" that can hierarchical search to project table.  THat is going to be multiple-round-trip sql17:15
dolphmmarekd: o/17:15
*** ifarkas_ has joined #openstack-dev17:15
marekddolphm: still here17:15
*** tqtran has quit IRC17:15
*** dave_tucker is now known as dave_tucker_zzz17:16
ayoungdolphm, https://blueprints.launchpad.net/keystone/+spec/hierarchical-multitenancy is "hiogh"  but we are not planning on accepting for Icehouse, right?17:16
*** reed has joined #openstack-dev17:16
ayoungdolphm, "- Manager methods for projects (list_projects, etc) rewrite all project ID's as "openstack.<self.parent_project_id>.<self.id>""  is wrong17:17
dolphmmarekd: so, with an unscoped token id, you need to ensure that the user has access to the requested scope, and figure out what roles they have there, by getting the list of projects available to the user (either based on groups in the token in the case of PKI, which should come through gyee's auth context work), or from the assignments driver directly in the case of UUID (which is what do today anyway)17:17
ayoungids remain single values17:17
*** itzikb has quit IRC17:17
ayoungfor hierarchal queries, limit it to "name"17:17
dolphmmarekd: you'll basically be returning a new token, with "scope": {"project": {"id": "...", "name": "...", ...}, and the same user object that came in originally17:18
*** stevemar has joined #openstack-dev17:18
*** gokrokve has quit IRC17:18
dolphmmarekd: in terms of auth method, you don't need to do anything new (you'll be authenticating the request with the "token" method, i suppose)17:18
*** praneshp has joined #openstack-dev17:19
*** saju_m has quit IRC17:19
*** I159 has quit IRC17:19
*** mikeoutland has quit IRC17:19
marekddolphm: i have submitted patchset where Keystone returns unscoped token with a list of groups a user is member of (based on Steve's mapping engine). Later, as we agreed the user will reuser that token to list all the available projects/domains, again basing on the list of the groups.17:20
*** dave_tucker_zzz is now known as dave_tucker17:21
dolphmmarekd: we need to propose that in the identity api spec ASAP17:21
marekddolphm: high time to scope the token and this17:22
dolphmmarekd: (reuser?)17:22
ayoungmarekd, that was unicode?17:22
ayoung007f?17:22
tellesnobregaayoung, dolphm, thanks. I will start working on this, and when i have questions i will ping you guys here17:22
marekdayoung: sorry, some connectivity problems.17:23
marekddolphm: reuse17:23
marekddolphm: https://review.openstack.org/#/c/71353/4/keystone/assignment/routers.py you can take a look here.17:24
*** Alexei_987 has quit IRC17:24
marekddolphm: not sure if the url's are legit...17:24
*** sweston_ has quit IRC17:25
*** dave_tucker is now known as dave_tucker_zzz17:26
*** jtomasek has quit IRC17:26
*** AlanClark has quit IRC17:26
*** AlanClark has joined #openstack-dev17:26
*** jpich has quit IRC17:26
*** salv-orlando has quit IRC17:27
*** sarob has quit IRC17:28
*** bauzas has quit IRC17:29
*** yassine has quit IRC17:29
*** marcoemorais has quit IRC17:29
*** marcoemorais has joined #openstack-dev17:29
*** Gordonz has joined #openstack-dev17:29
*** sandywalsh has joined #openstack-dev17:30
dolphmmarekd: all sounds right then17:30
ayoungtellesnobrega, need to think this one through.  In the past, we've been able to get away with global UUID for prjects, and also specifying the domain id.  that API is going to be strange now.  We can get any project vie parent UUID and project name17:30
*** salv-orlando has joined #openstack-dev17:30
ayoungbut we need to  be able to walk the path down from the root project to the project specified by name, which means  something like url parsing17:30
*** martyntaylor has joined #openstack-dev17:30
ayoungcurrently we can do17:31
*** sn6i23a has joined #openstack-dev17:31
dolphmayoung: i'm assuming we'll evolve /projects to return hierarchies (the requested parent, plus it's tree of children), just like /v3/regions17:31
ayoungGET /v3/project?name=pname17:31
*** sn6i23a has quit IRC17:31
ayoungdolphm, it would be cleanest if we did17:31
ayoungGET /v3/project/  to get root17:31
tellesnobregawe are also thinking about how the api should be17:31
ayoungGET /v3/project/p1/p32/pasdf/passthedeutchy/passadena17:32
*** mdomsch has quit IRC17:32
marekddolphm: so you are +1 for reusing 'token' method just for scoping the token.17:32
*** sn6i23a has joined #openstack-dev17:32
*** mst89 has joined #openstack-dev17:33
ayoungmarekd, "just"  is the correct long term.  It might break some things in the short.17:33
*** Gordonz has quit IRC17:33
*** romcheg1 has joined #openstack-dev17:33
ayoungSome services, I'm thinking horizon17:33
ayoungwill cache the otken and use it to get another token17:33
*** saju_m has joined #openstack-dev17:33
*** Gordonz has joined #openstack-dev17:33
ayoungnow...the right thing is, as you probably have figured out, only "decrease scope" is legal17:33
tellesnobregawe were thinking on GET /v3/project to list subprojects from the project in context17:33
*** jaybuff has joined #openstack-dev17:34
ayoungtellesnobrega, I'd like an explicit filter on that17:34
tellesnobregafor now anyways17:34
ayoungso ?all=true or something17:34
tellesnobregaayoung: ok17:34
*** jistr has quit IRC17:34
marekdayoung: how can you decrease the scope, since you are starting with unscoped token...17:34
ayoungheh17:35
ayoungunscoped is the most powerful!17:35
*** jistr has joined #openstack-dev17:35
ayoungso...I would agree, that unscoped should be useless for any non-keystone operations17:35
marekdokay, you mean ...so i agree you can only decrease the permissions level.17:36
ayoungand for a user, if they have an unscoped token they can use it only to get a scoped token, or to change password or something specific to keystone17:36
*** dvarga is now known as dvarga|away17:36
*** dvarga|away is now known as dvarga17:36
ayounghowever, if I have a token for P1 and it has 10 roles on it, I should be able to use that to get a token on P1 with just one role17:37
ayoungor...17:37
*** romcheg1 has quit IRC17:37
ayoungin the case of hierarchical, which tellesnobrega is asking about, if I have a token for P1, and it would let me operate on p1/p2/p3  I should be able to trade it dow to a token on just p1/p2/p317:37
*** hartsocks has quit IRC17:38
*** ekhugen has joined #openstack-dev17:38
*** gszasz has quit IRC17:38
*** hartsocks has joined #openstack-dev17:38
*** jaybuff has quit IRC17:38
tellesnobregaayoung: in the case of using just GET /v3/project what should the result be?17:38
ayoungroot project17:39
*** hartsocks has quit IRC17:39
ayoungthe thing that I'm wondering is...if I only have a role on p1/p2/p3 and I do a get on /v3/projects/p1  what do I get?17:39
ayoung403?17:40
*** AlexF has joined #openstack-dev17:40
*** xmltok has joined #openstack-dev17:40
*** relaxdiego has quit IRC17:40
tellesnobregai think so17:41
*** mkoderer has quit IRC17:41
*** johnthetubaguy has quit IRC17:41
*** dave_tucker_zzz is now known as dave_tucker17:42
*** markmcclain has quit IRC17:42
tellesnobregaif you are authenticated to a project in a level you can't go up17:42
tellesnobregayou can always go down17:42
ayoungtellesnobrega, makes it hard to navigate down a tree, though17:43
ayoungthink what it would look like from a visual-web perspective17:43
*** mkoderer has joined #openstack-dev17:43
ayoungmaye a 200 is more appropriate, and then a list of subordinate projects17:43
ayoungor only thos projects you would be able to see?17:44
*** bdpayne has joined #openstack-dev17:44
marekdayoung: you have now switched to discussion with tellesnobrega or still referring to scoping the tokens? :-)17:44
ayoungmarekd, the two are related topics.  Keystone territory is crowded and dense17:45
marekdayoung: understood.17:45
*** moted has joined #openstack-dev17:45
ayoungmarekd, I've been carrying on parallel conversations that touched.  kinda like coloring with a yellow marker that hits a spot of black, the yellow will nevermore be untainted17:46
tellesnobregai think that a user with a admin role in p3 should not be able to do a get /v3/projects/p117:46
*** ygbo has quit IRC17:46
marekdayoung: noticed that.17:47
tellesnobrega403 should be the response here. the other way around should be possible, an user with admin role in p1 can do a get v3/projects/p2 or get v3/projects/p317:48
*** noslzzp has quit IRC17:49
*** browne has quit IRC17:49
*** danpb has quit IRC17:49
*** tjones has left #openstack-dev17:49
*** jistr has quit IRC17:50
*** yjiang51 has joined #openstack-dev17:50
stevemardstanek, you win the award for strangest jenkins error: https://review.openstack.org/#/c/71932/17:50
*** safchain has quit IRC17:50
dolphmmarekd: i simplified (i hope) how the idp/protocol is identified vs the design from the hackathon (it's a bit more similar to a standard token with the same information) https://review.openstack.org/#/c/72431/1/openstack-identity-api/v3/src/markdown/identity-api-v3-os-federation-ext.md17:51
*** kbrierly has joined #openstack-dev17:51
dolphmmarekd: also, because this is too late to propose an impact on the core API for juno, i settled for OS-FEDERATION:groups in the user object17:51
*** dave_tucker is now known as dave_tucker_zzz17:51
marekddolphm: ack.17:52
dolphmerr, for icehouse*17:52
dstanekstevemar: it looks like it timed out doing nothing :-)17:52
dstanekstevemar: it is after all probably the most detailed and complicated changes every made in this project17:53
stevemardstanek, that's why you win the award17:53
*** vuil has joined #openstack-dev17:53
stevemardstanek, was going to look for a bug to recheck against, saw the console log ... decided to walk away for lunch17:53
marekddolphm: in the example you just paster user doesn't have an id - did you skip this intentionally?17:54
*** jotan has quit IRC17:54
marekddolphm: last time we agreed there would be something like user@idp17:54
dolphmmarekd: ooh, i forgot about that17:54
*** florentflament has quit IRC17:54
dolphmmarekd: come to think of it, that's not changing from an API perspective, so it doesn't need to be cited here?17:55
dolphmmarekd: it's just the value that we're affecting17:55
stevemarbknudson, new patch for you review/destroy17:56
*** nermina has quit IRC17:56
bknudsonstevemar: I think this will be the one.17:57
*** alop has quit IRC17:57
marekddolphm: I don't get it...;/17:57
dolphmmarekd: the values of 'id' and 'name' are just implementation details17:57
*** mikeoutland has joined #openstack-dev17:57
*** Tingting has quit IRC17:58
*** angdraug has quit IRC17:58
marekddolphm: yes.17:58
dolphmmarekd: they don't need to be specified by the API contract17:58
*** igor_ has joined #openstack-dev17:58
marekddolphm: ah, okay.17:58
*** nermina has joined #openstack-dev17:58
*** harlowja_away is now known as harlowja17:58
*** alop has joined #openstack-dev17:58
* dolphm food time17:59
*** kbrierly has quit IRC17:59
*** martyntaylor has quit IRC17:59
*** browne has joined #openstack-dev18:00
*** MaxV_ has quit IRC18:01
*** amcrn has joined #openstack-dev18:01
*** joesavak has joined #openstack-dev18:01
*** carl_baldwin has quit IRC18:01
*** derekh has quit IRC18:02
*** omachace has quit IRC18:02
*** igor_ has quit IRC18:02
*** carl_baldwin has joined #openstack-dev18:04
*** capri has quit IRC18:04
*** doug_shelley66 has quit IRC18:04
*** hartsocks has joined #openstack-dev18:04
*** markmcclain has joined #openstack-dev18:04
*** neelashah has quit IRC18:04
*** johnthetubaguy has joined #openstack-dev18:05
*** arnaud has joined #openstack-dev18:05
*** arnaud__ has joined #openstack-dev18:05
*** neelashah has joined #openstack-dev18:05
*** ijw has quit IRC18:05
*** jamieh has quit IRC18:05
*** omachace has joined #openstack-dev18:06
tellesnobregadolphm: i was thinking here, im not sure that we should remove domains. I think we can work with domains and make hierarchical projects starting with domains18:06
*** capri has joined #openstack-dev18:06
*** kbrierly has joined #openstack-dev18:07
*** omachace has quit IRC18:07
*** tqtran has joined #openstack-dev18:08
*** omachace has joined #openstack-dev18:08
*** eglynn has quit IRC18:08
*** tqtran1 has joined #openstack-dev18:08
*** relaxdiego has joined #openstack-dev18:09
*** romcheg1 has joined #openstack-dev18:10
*** ifarkas_ has quit IRC18:10
*** ijw has joined #openstack-dev18:10
*** neelashah has quit IRC18:10
*** jaybuff has joined #openstack-dev18:11
*** e0ne has joined #openstack-dev18:11
*** kris_h has joined #openstack-dev18:11
*** tqtran has quit IRC18:12
*** saju_m has quit IRC18:12
*** martyntaylor has joined #openstack-dev18:13
*** noslzzp has joined #openstack-dev18:13
*** doug_shelley66 has joined #openstack-dev18:14
*** Mandell has quit IRC18:14
harlowjakashyap https://github.com/harlowja/gerrit_view/tree/details if u want to try18:16
*** jp_at_hp has quit IRC18:16
harlowjait will do the git download and such required to get the summaries18:16
harlowjahttps://github.com/harlowja/gerrit_view/commit/a40d1af4f618:16
*** athomas has quit IRC18:16
*** e0ne_ has joined #openstack-dev18:21
*** e0ne has quit IRC18:21
*** CaptTofu has quit IRC18:22
*** angdraug has joined #openstack-dev18:22
*** max_lobur is now known as max_lobur_afk18:23
*** jsavak has joined #openstack-dev18:23
*** joesavak has quit IRC18:23
*** neelashah has joined #openstack-dev18:26
ayoungtellesnobrega, that was my thought.18:26
*** lucasagomes is now known as lucas-afk18:26
ayoungI hate the idea of trying to convince people that they should stop talking about domains.  We've been o-so-successful at removing the term tenant from peoples vocab18:27
*** gokrokve has joined #openstack-dev18:27
*** saju_m has joined #openstack-dev18:29
*** zzelle has joined #openstack-dev18:30
tellesnobregaayoung: our concept would be something like this  http://postimg.org/image/7ds2fqfa5/18:30
tellesnobregaraildo:18:30
raildoI strongly believe that to have hierarchical projects, we need not remove domains, are two different things18:31
*** e0ne_ has quit IRC18:31
ayoungtellesnobrega, um...the link you just sent me had some interesting adverts at the bottom.18:31
*** e0ne has joined #openstack-dev18:31
*** alexpilotti has joined #openstack-dev18:31
*** yjiang51 has quit IRC18:32
*** bdpayne has quit IRC18:32
tellesnobregaayoung: sorry about that, adblock worked good for me here18:32
tellesnobregahttp://s30.postimg.org/akmlzczq9/desing_2.png18:32
*** galstrom is now known as galstrom_zzz18:33
ayoungtellesnobrega, but having the root be something implicit, with domains underneath and then projects would work fine by me.  I'm not the one you need to convince18:34
*** CaptTofu has joined #openstack-dev18:34
*** bdpayne has joined #openstack-dev18:34
*** sarob has joined #openstack-dev18:34
*** jordanP has quit IRC18:35
tellesnobregaayoung: i'm counting on you as a good support to convince others18:35
raildo+118:35
*** sweston has joined #openstack-dev18:35
*** rwsu has quit IRC18:36
ayoungHeh18:37
ayoungI think you greatly overestimate my influence.18:37
*** jdob_ has quit IRC18:37
*** jdob has joined #openstack-dev18:37
tellesnobregathe deadline for the summit is really up and we need to define it quickly, and i believe that this way is more doable and may be accepted for juno still18:38
*** spzala has joined #openstack-dev18:38
*** yjiang51 has joined #openstack-dev18:39
*** pschaef has quit IRC18:39
*** gokrokve has quit IRC18:40
*** ijw_ has joined #openstack-dev18:41
raildodolphm: you could analyze this proposed solution?  http://s30.postimg.org/akmlzczq9/desing_2.png18:42
*** Gordonz has quit IRC18:43
*** Gordonz_ has joined #openstack-dev18:43
*** Sukhdev has joined #openstack-dev18:43
*** eglynn has joined #openstack-dev18:44
*** ijw has quit IRC18:44
*** MaxV has joined #openstack-dev18:45
*** zigo has quit IRC18:45
*** nermina has quit IRC18:46
*** sushil_ has quit IRC18:46
*** haleyb has quit IRC18:46
*** nermina has joined #openstack-dev18:47
*** dvarga is now known as dvarga|away18:48
*** dvarga|away is now known as dvarga18:48
*** sushils has joined #openstack-dev18:48
*** capri has quit IRC18:49
*** gokrokve has joined #openstack-dev18:49
*** zigo has joined #openstack-dev18:49
*** eglynn has quit IRC18:50
*** ijw_ has quit IRC18:51
*** rwsu has joined #openstack-dev18:51
*** saju_m has quit IRC18:51
*** capri has joined #openstack-dev18:52
*** saju_m has joined #openstack-dev18:53
*** taps has joined #openstack-dev18:53
*** jamieh has joined #openstack-dev18:53
*** morganfainberg_Z is now known as morganfainberg18:53
*** capri has quit IRC18:53
*** bashok has joined #openstack-dev18:53
*** burt1 has quit IRC18:53
morganfainbergdolphm, o/18:54
morganfainbergdolphm, i don't remember my other idea :(18:54
morganfainbergtellesnobrega, ^18:54
morganfainbergso...18:54
morganfainberggo for making them projects!18:54
morganfainberg:)18:54
*** MaxV has quit IRC18:54
*** capri has joined #openstack-dev18:55
*** jruzicka has quit IRC18:55
*** sweston has quit IRC18:56
*** pmathews has quit IRC18:56
tellesnobregawe don't think that is the best approach18:56
tellesnobregawhat about all other implementations that use domains18:57
*** troytoman-away is now known as troytoman18:57
tellesnobregaand making them projects will bring a huge change in keystone checking if its a project with or without a parent_id18:57
*** saju_m has quit IRC18:58
tellesnobregaand probably would only be accepted for k which is pretty far away18:58
morganfainbergtellesnobrega, sure. - like i said, i dont... really remember what my other idea was18:58
tellesnobregakeeping domains we can change a little and may yet be accepted for juno18:58
ayoungmorganfainberg, dstanek dolphm, if I import versionutils from oslo (to get deprecation)  I need to pull in logging as well.  Is there any drawback to pulling oslo logging into our client?18:58
*** lucas-afk is now known as lucasagomes18:59
morganfainbergtellesnobrega, Juno is pretty wide open. i don't know if you'd have an issue18:59
*** otherwiseguy has quit IRC18:59
ayoungtellesnobrega, the deadline for the summit is not up18:59
morganfainbergayoung, hm.. shouldn't be.18:59
tellesnobregaby up i meant close18:59
ayoungonly for "talks"  which is the non-deveoper-we-do-not-care-about-you side18:59
ayoungfor the dev side...we haven;t even begun to submit sessions18:59
morganfainbergtellesnobrega, you have untile ~J2 milestone19:00
*** sushils has quit IRC19:00
ayoungthat will happen ... in about two months19:00
morganfainbergtellesnobrega, i do it the "right way" even if its a lot of restructure19:00
*** hartsocks has quit IRC19:00
morganfainbergtellesnobrega, unless it is a API breaking change19:00
ayoungmorganfainberg, you hate the word domains19:00
ayoungyou are not to be trusted19:00
*** yjiang51 has quit IRC19:00
*** johnthetubaguy has quit IRC19:00
*** kenperkins_ has quit IRC19:00
tellesnobregaayoung: ++19:00
ayoungdomains are part of the verbiage19:00
*** sahid has quit IRC19:00
ayoungand we've done that to ourselves19:01
morganfainbergayoung, i do not hate the word domains, i hate our usage of it in multiple contexts19:01
ayoungblame gyee as he is the one that forced it through19:01
morganfainbergayoung, and we (someday) need to dig ourselves out of this hole19:01
ayoungmorganfainberg, and you are esposing removing it from both identity and now assignments19:01
*** Svedrin has quit IRC19:01
*** kenperkins has joined #openstack-dev19:01
*** sarob has quit IRC19:01
morganfainbergayoung, but i already gave up on the identity one19:01
ayoungmorganfainberg, the only hole is in your mind19:01
*** ssurana has quit IRC19:01
*** jaybuff has quit IRC19:01
ayoungwait, that sounded worse than I...ah I'll just run with it19:01
morganfainbergayoung, phsaw,19:01
morganfainbergayoung, :P19:01
*** markmcclain has quit IRC19:01
*** ssurana1 has joined #openstack-dev19:02
*** kgriffs is now known as kgriffs_afk19:02
ayoungmorganfainberg, seriously, though, I don't think there is anything wrong with saying that, in OpenStack, things are owned by domains19:02
*** markmcclain has joined #openstack-dev19:02
morganfainbergand if we are restructuring things in assignment to where projects are nested, are domains "relevant"... or is a domain just a root-less project19:02
ayoungprojects or users19:02
morganfainbergayoung, i'm not advocating removing the terminology atm.19:02
*** haleyb has joined #openstack-dev19:02
ayoungmorganfainberg, I see a domain as like a ...  mountpoint?  Nah,  supermount?  Something out of vfs19:03
morganfainbergayoung, but we suck at communicating domains19:03
*** MaxV has joined #openstack-dev19:03
*** Svedrin has joined #openstack-dev19:03
morganfainbergayoung, so either we need to get much much better at that, clarify how domains work, or remove some of the scope19:03
*** ijw has joined #openstack-dev19:03
ayoungsomething with the "inator suffix"  --Dr. Heinz Doofenshmirtz19:04
ayoungWe just suck.19:04
*** ssurana has joined #openstack-dev19:04
gyeeayoung, say what?19:04
*** AlexF has quit IRC19:04
*** johnthetubaguy has joined #openstack-dev19:04
morganfainbergayoung, i think my biggest issue is that a single domain contains differing types of data and that becomes harder with the identity / assignment split19:04
gyeemorganfainberg, domains give order to chaos19:05
morganfainberggyee, not really.19:05
morganfainberggyee, they give different chaos ;)19:05
gyeeI am all ears19:05
ayoungmorganfainberg, and the mistake there was that we didn;t specify what domain we were talking about on APIs that referereed to multiple objects19:05
morganfainbergayoung, ++19:05
ayoungmorganfainberg, not that we have a concept of a root for the tree.19:05
gyeeconceptually, they are the same froggin thing19:05
gyeecontainers19:06
ayoungor a namespace19:06
ayounggyee, I am actually in your camp, just want to redirect the ire toward you that I am fielding19:06
gyeeayoung, you smart man :)19:06
* gyee takes one for the team19:06
raildohahahahaha19:07
*** noslzzp has quit IRC19:07
tellesnobregalol19:07
morganfainberggyee, sorry, no ire for you *sends more ire to ayoung*19:07
ayoung"Curse you perry the platypus!"19:07
morganfainbergayoung, i can tell you have kids19:08
morganfainbergayoung, ;)19:08
morganfainbergayoung, you often sound very similar (when referencing cartoons) to my friends with kids...19:08
*** kgriffs_afk is now known as kgriffs19:08
gyeeI tell my kids I often give people the "brother finger" for things I don't like19:08
ayoung Phineas and Ferb is one of the more interesting cartoons to come out.19:08
ayoungrecently19:08
*** yjiang51 has joined #openstack-dev19:09
*** praneshp_ has joined #openstack-dev19:09
morganfainbergayoung, some programming is good, some is terrible... most of it is in the latter camp (unfortunately)19:09
morganfainbergdoesn't matter what age-group youre targeting19:09
*** blentz has joined #openstack-dev19:09
*** jruzicka has joined #openstack-dev19:09
ayoung"That is why I invented the Keystoninator, so I could control all of the identities in the TRI STATE AREA!":19:09
*** jaybuff has joined #openstack-dev19:09
morganfainbergayoung, lol19:10
morganfainbergaaaaaanannyyy way19:10
*** jaybuff has left #openstack-dev19:10
morganfainbergso, are domains just parentless projects in assingmnet?  do they belong in the "domains" table? [no i am not saying remove the domain concept... just possibly change the structure based upon the hiearchy proposal]19:10
*** carl_baldwin has quit IRC19:11
ayoungmorganfainberg, we are the container store.  Keystone provides containers.  Domains are containers that hold other containers, and keep your containers contained.19:11
morganfainbergayoung, still didn't answer my quesiton19:11
morganfainbergayoung, and no we're not the container store.19:12
*** praneshp has quit IRC19:12
*** praneshp_ is now known as praneshp19:12
ayoungmorganfainberg, sorry, I read "parentless" as "pointless"19:12
morganfainbergayoung, hehe19:12
ayoungI think we want to have a domain table, and use it to point to both the projects in the domain and the backing store for the identites for the domain19:12
ayoungprojects don't own users, but domain od19:13
ayoungdo19:13
*** eglynn has joined #openstack-dev19:13
ayoungso they are something more than "just" projects19:13
morganfainbergayoung, and a single domain can own users and projects?19:13
ayoungmorganfainberg, perhaps clearer to say19:13
morganfainbergayoung, or .. can they only contain one type of "thing"19:13
ayounga domain has a set of users and a set of projects19:13
*** sarob has joined #openstack-dev19:13
ayoungmorganfainberg, one thing else19:14
*** jaybuff has joined #openstack-dev19:14
ayoungwe might want to say that domains can contain roles19:14
*** ramishra has quit IRC19:14
ayoungnot role assignments, roles.19:14
morganfainbergayoung, that i can be behind actually19:14
ayoungcue atiwari19:14
morganfainbergayoung, and if it doesn't contain role assignments...19:14
*** ramishra has joined #openstack-dev19:14
morganfainbergayoung, i think that helps some.19:14
atiwariayoung, yes19:15
morganfainbergayoung, though, i think domains should be moved out of assignment (not logically, code wise - i don't care) but documentation/concept wise in that case.  make them really the container19:15
morganfainbergayoung, based on that last set of possibilities19:15
*** pablosan has joined #openstack-dev19:16
morganfainbergayoung, but i think we can circle back on that when we get to J19:16
morganfainbergayoung, or K19:16
morganfainbergor...whenever19:16
*** pablosan has quit IRC19:17
*** ssurana has quit IRC19:17
ayoungmorganfainberg, so, I am kindof in agreement, except that I like the idea of there being integrity constraints on project->domain  but I could see a case where, say for LDAP, even some assignment data was kept in LDAP19:17
*** pablosan has joined #openstack-dev19:17
ayoungso..yeah, domain table could be split19:17
morganfainbergayoung, LDAP is a special case - there are exceptions to the rule19:18
morganfainbergayoung, LDAP != RDBMS19:18
morganfainbergayoung, so i think we can bend those rules19:18
morganfainbergayoung, where appropriate.19:18
ayoungmorganfainberg, domain is the point where we link in disjoint datastores19:18
morganfainbergayoung, ++19:18
gyeemorganfainberg, you'd be surprise how many IdPs use LDAP backend!19:18
morganfainbergayoung, i like that description WAY more than what we have19:18
morganfainberggyee, nope19:18
ayoungI'd be OK with splitting domains off of assignments,19:18
morganfainberggyee, i'd assume most of them19:18
*** johnthetubaguy has quit IRC19:19
gyeemorganfainberg, exactly19:19
ayoungand then...roles stay with assignments19:19
gyeelets shiop OpenLDAP for Identity Management :)19:19
morganfainberggyee, doesn't mean we don't have a logical structure in keystone that makes domain (as ayoung put it) "domain is the point where we link in disjoint datastores"19:19
*** mikeoutland has quit IRC19:20
ayoungso for atiwari's use case of  "service defined role" it is a  case of  "one service = one domain"  and thus we maintain domain as the top level container19:20
*** yeylon__ has joined #openstack-dev19:20
gyeemorganfainberg, I am concerned with administrative and authorization boundaries19:21
morganfainbergayoung, sure. that makes sense to me.19:21
morganfainberggyee, we have those lines massively blurred at the moment19:21
ayoungso...role definitions would be per domain....with a common set precreated?19:21
ayounghmmmm19:21
ayoungneed to chew on that19:21
morganfainberggyee, i think this helps define those.19:21
morganfainbergayoung, i think that might be a lot of administrative overhead.19:21
ayoungmorganfainberg, yeah, it doens't feel right19:22
morganfainbergayoung, i'm not opposed to it conceptually..19:22
morganfainbergayoung, but - i feel like it's lacking something19:22
ayoungmorganfainberg, role-defs should be default global19:22
morganfainbergayoung, i wonder if there is a middle ground.19:22
ayoungI would think that a domain inherits the global list of role defs, but allows its own as well19:22
morganfainbergayoung, hrmmm.19:22
gyeeayoung, how does it solved the problem with service role clash?19:23
morganfainbergayoung, perhaps. - but i think we need to get into per-domain policy then --19:23
atiwariayoung, I was not proposing service linking with domain19:23
atiwarijust service and role definition19:23
morganfainbergayoung, i don't see how domains defining their own roles will make a big difference in usability atm19:23
*** bhuvan has quit IRC19:23
*** jaybuff has quit IRC19:23
*** martyntaylor has quit IRC19:24
morganfainbergayoung, or are you saying nova would define it's set of roles in this setup? atiwari ^19:24
ayoungatiwari  so you are proposing that the service has its own namespace for roles.  And I am trying to generalize that solution.  Domains are our current "top level namespace" and I am plying around with the cleanest implementation19:24
ayoungmorganfainberg, so he wants to be able to define a new service, and then define a role that only applies to that servcie19:24
morganfainbergohhh19:25
gyeemorganfainberg, not just nova, the non-infra services such as *aaS19:25
morganfainbergOH!19:25
ayoungso instead of having nova_admin, keystone_admin19:25
*** Sumeniac has quit IRC19:25
morganfainbergayoung, ok ok that makes sense19:25
ayoungthere would be an admin role, but it would only apply to nova calls19:25
*** epim has joined #openstack-dev19:25
atiwaricorrect, generic name space will work for service and domain/project scoped roles19:25
*** jckasper has quit IRC19:25
ayoungmy complaint is that it was too focused19:25
morganfainbergso, cloud-specific roles are deployer "global" and extra services would be self-defined?19:25
ayoungthe same could be said to apply to a subset of a given service19:25
*** melwitt has joined #openstack-dev19:25
ayoungor to a set of related services19:25
*** Gordonz has joined #openstack-dev19:25
*** Gordonz has quit IRC19:25
atiwarilike https://review.openstack.org/#/c/61897/4/openstack-identity-api/v3/src/markdown/identity-api-v3-os-ns-roles-ext.md19:26
*** Sumeniac has joined #openstack-dev19:26
*** Gordonz has joined #openstack-dev19:26
morganfainbergayoung, ok yes, i agree19:26
ayoungI like the idea, but am not in favor of treating "service" as special, and atiwari and I have not yet come to an agreement.19:26
*** beagles is now known as beagles_brb19:26
morganfainbergayoung, there should be common roles for a group of services19:26
*** capri has quit IRC19:27
ayoungand that is orthoganal to "this set of projects" or "this set of users"19:27
morganfainbergayoung, having to define roles for nova, keystone, etc all separately is way way deployer-unfriendly19:27
morganfainbergatiwari, gyee ^19:27
morganfainbergand what if you are deploying a new service that you want to just use the same roles as a previous one19:27
ayoungmorganfainberg, right...we want to be able to support his use case but not force it on the world19:27
morganfainbergayoung, ++19:28
ayoung++19:28
ayoungthat is it exactly19:28
ayoungor, what if you have a specialized version of a service and you want to define a new role just for that endpoint19:28
ayoungor even a subset of  endpoints19:28
*** NikitaKonovalov_ is now known as NikitaKonovalov19:28
*** NikitaKonovalov is now known as NikitaKonovalov_19:28
ayoungsay you have a specialized glance service that is for HPC.  You could make an HPC namespace and add the roles to that19:28
*** capri has joined #openstack-dev19:29
atiwarihttp://paste.openstack.org/show/63974/ is what I was proposing for generic name space roles19:29
*** Gordonz_ has quit IRC19:29
ayounglooking19:29
* morganfainberg looking too19:29
atiwariayoung and morganfainberg ^^^19:29
ayoungtoo hard coded.19:29
ayoungatiwari, but...19:29
atiwariqname can be remove if name can handle the namespaceing19:30
ayoungHenrynash is working on the normalization of the role assignments, and maybe we could do something comparable ....  "type"  with a known set of types19:30
*** Alexei_987 has joined #openstack-dev19:30
*** thedodd has quit IRC19:30
ayoungatiwari, qname menas qualified name?19:30
atiwaricorrect19:31
atiwarione can define policy with qname or name19:31
gyeemorganfainberg, here are  the glory details of the role overlap problem https://bugs.launchpad.net/keystone/+bug/89041119:31
ayoungatiwari, so...I was thinking instead something like this19:31
uvirtbotLaunchpad bug 890411 in keystone "Tenant role conflicts/overlaps can be a security issue" [Medium,Confirmed]19:31
ayoungnamespace_id =19:31
*** galstrom_zzz is now known as galstrom19:31
morganfainberggyee, oh this discussion?19:31
ayoungand that goes on the role def19:31
gyeemorgainfainberg, ayoung, atiwari, I am fine with namespacing19:31
morganfainberggyee, yeah.19:31
ayoungthen namespace is a top level object19:31
morganfainbergayoung, ++19:31
ayoungso  you would look from role-def to namespace.19:32
*** yjiang51 has quit IRC19:32
ayoungbut we already have a namespace in domain, so before we add a new concept...lets se if that fits better19:32
*** mikeoutland has joined #openstack-dev19:32
atiwariayoung , you are proposing new resource call namesapce19:32
atiwari?19:32
morganfainbergayoung, i am sure domains can fit this bill.  but conceptually is it the right place to put it (no strong feelings yet one-way-or-another)19:32
*** ruhe_ has joined #openstack-dev19:32
ayoungmorganfainberg, what if we thought about it this way19:33
morganfainbergatiwari, domains are effectively that now....and more so with the previous discussion19:33
gyeemorganfainber, so there are essentially two problems we are trying to solve: 1) mitigating the role conflicts, and 2) enable the services to define their roles19:33
ayoungexisting role-defs belong to the default domain19:33
morganfainbergerm, in scope of the earlier discussion19:33
morganfainberggyee, right.19:33
ayoungany new role defs we create can belong to smaller scoped domains19:33
ayounggyee, so I have a problem with defining the argument in terms of "the services" as I see that as only a subset of the usecases19:34
gyeeI know ayoung hates metadata, but this is like adding metadata to role defs19:34
ayoungendpoints, services, or a set of services should have the flexibility as well19:34
morganfainbergayoung, and roles are scoped to the domain they exisit in (default being the exceptional case since they cascade out)?19:34
ayounggyee, so, what if we put all these things into a domain19:34
gyeeayoung, services = infra services and *aaS19:35
ayounga specific endpoint, a specific service, or even a set of either one19:35
ayoungthe existing set of services and endpoints also go into the default domain19:35
*** chris_johnson is now known as wchrisj|away19:35
ayoung but to support atiwari 's use case, if I want a service specific role name, I create a domain for just that service, as well as all of the endpoints of that service19:36
gyeeone drawback with namespacing is that policy enforcement will become complex19:36
ayounggyee, so...policy files for an endpoint also go into the domain19:37
ayoungeverything has a domain id!19:37
gyeeayoung, if I understand you correctly, domain = separatable service?19:38
atiwariayoung, can all service falls under one domain?19:38
ayounggyee, I would not say "19:38
ayoungatiwari, *can* yes, but not *have to*19:38
*** markmcclain has quit IRC19:38
ayounggyee I would not say =19:38
*** saju_m has joined #openstack-dev19:38
ayoungI would say that "to do a  separatable service put it into its own domain"19:39
ayoungwhich is, I think, what you were really asking gyee19:39
*** hartsocks has joined #openstack-dev19:39
*** MaxV has quit IRC19:39
*** sweston has joined #openstack-dev19:40
*** ssurana has joined #openstack-dev19:40
*** schwicht has joined #openstack-dev19:40
*** zaitcev has joined #openstack-dev19:41
*** ijw has quit IRC19:41
gyeeayoung, separate domain for a service won't work as services are global19:41
gyeeservices are shared resource19:41
atiwarigyee ++19:41
ayounggyee, they don;t have to be19:41
*** godara has joined #openstack-dev19:41
atiwarithat where I can not able to link19:41
*** ijw has joined #openstack-dev19:41
ayoungatiwari, wha>19:42
gyeecan't isolate nova in a domain, for example19:42
morganfainberggyee, you're asking for services to be shared but roles to not be? or am i totally missing the discussion?19:42
ayoungwath was that?19:42
*** wchrisj|away is now known as chris_johnson19:42
* morganfainberg is lost now.19:42
*** otherwiseguy has joined #openstack-dev19:42
atiwariayoung, in an OS deployment services are global resource19:42
gyeemorganfainberg, who consume the roles?19:42
ayoungatiwari, in an OS deployment roles are global19:43
gyeeservices middleware/policy.json correct?19:43
morganfainberggyee, sure.19:43
atiwariand I am lost when you say domain per service19:43
ayounglets not be beholden to the sins of the past19:43
gyeemorganfainberg, roles are for the services really19:43
morganfainberggyee, so, what is wrong with namspacing the roles? you are still validating against an assignment for that service - a mapping of user/group to role, whether the role is global, isolated, inherited, etc19:44
ayoungQOTD  " Brace yourself... systemd based Debian is coming"19:44
*** Mandell has joined #openstack-dev19:44
morganfainbergayoung, because i was so unhappy w/ sysv init19:44
morganfainbergayoung, *rolls eyes* though, i do like systemd more than upstart personally19:44
ayoungatiwari, OK...so you have the use case where someone says "I have a new service and to manage it, I need to give someone the 'admin' role but I want it to be a separate 'admin' role than the rest of Open Stack uses."19:45
*** ijw has quit IRC19:46
ayoungmorganfainberg, I think it was a change that was painful due to how long the old system stayed around, but probably necessary.  Socket activation is probably the compelling argument...but systemd aside....19:46
*** thuc has quit IRC19:46
atiwariayoung, correct and all roles for that service should be scoped to that only19:46
*** ramishra has quit IRC19:46
*** thuc has joined #openstack-dev19:46
atiwariso that no other service useses it for role assignments19:47
gyeemorganfainberg, we need the granularity of assigning a role to a user/group for a project to use a given service or endpoint19:47
*** DinaBelova is now known as DinaBelova_19:47
morganfainbergayoung, sure19:48
gyeenamspacing should get us there, but need more thought19:48
ayoungatiwari, so I think that you have fixated on "service" there and that is too narrow an approach.  We wrat the service with a namespace and get the same effect, but now with a way to both grow or shrink the scope of that decision19:48
*** zigo has quit IRC19:48
ayoungatiwari, let me make it concrete19:48
ayoungyou havea user come and add a new...photo services19:49
ayoungand they get the role admin for that19:49
ayoungnow they realize they also want to have a music service19:49
ayoungand all the same roles apply19:49
ayoungeither you duplicate, or you expand19:49
gyeeayoung, we need assignment as (user, role, project, service) or (user, role, project, service, endpoint)19:49
atiwarilet me resd19:50
atiwariread19:50
morganfainberggyee, ok, i see what you're going for, but i think you're going to make this very hard to managed and ultimately.19:50
morganfainbergnot as usable*19:50
ayoungso..if you started by putting the photo service in a domain  it would be "add the music service to that domain"19:50
*** tjones has joined #openstack-dev19:50
ayounggyee, so, no19:50
gyeemorganfainberg, that's the challenge, make it work and simple19:50
ayoungassignment is role, user, project.  or role, user, domain19:50
*** thuc has quit IRC19:50
ayoungand applies to the objects inside that domain19:51
atiwariayoung, problem start when music and picture service want to rename their roles19:51
morganfainberggyee, but wouldn't it just make more sense to make an assignment user/group - role - service?19:51
*** tkay has joined #openstack-dev19:51
morganfainberggyee, rather than user in project -> service?19:51
atiwariadmin = madmin/padmin19:51
morganfainberggyee, again, i feel like i'm missing some context.19:51
ayoungmorganfainberg, the role needs to get resolved at the endpoint, but that should not be how it is assigned19:52
bknudsonI don't even see what the point of domains is if you've got federation19:52
atiwarisecond there is no way we can solve admin-ness with same role name for both19:52
ayoungit get assigned to the user/project, with project being a cross cutting concern19:52
morganfainbergbknudson, i tried to make that argument at one point. - i'm fine with leaving domain concept in.19:52
ayoungbknudson, Federation just calls them IdPs but the same problem exisits,19:52
gyeebknudson, public clouds link domain to IdP19:53
*** johnthetubaguy has joined #openstack-dev19:53
bknudsonmultiple idps in a domain?19:54
bknudsonor multiple domains in an idp?19:54
gyeebknudson, highly unlikely19:54
*** kenperkins_ has joined #openstack-dev19:54
*** DinaBelova_ is now known as DinaBelova19:54
ayoungmultiple domains in an IdP19:54
ayoungpotential, but unlikely19:54
ayoungand no multiple IdPs per domain19:54
ayoungdomain is a Keystone concept to knit together things19:55
morganfainbergbknudson, unrelated, good catch on the RBAC for v3 ec2 stuff. thanks! :)19:55
ayounglike IdPs and projects and roles and whiskers on kittens, bright copper kettles...19:55
bknudsonmorganfainberg: it was when you said that we needed policy_api to require admin.19:55
morganfainbergbknudson, yeah totally missed it. :)19:55
*** eglynn has quit IRC19:56
morganfainbergbknudson, this is why we have code reviews!19:56
gyeemorganfainberg, I think atiwari's wiki documented the role use cases19:56
morganfainbergbknudson, you think the same RBAC constructs as credential are sufficient, or does it need it's own?19:56
gyeeatiwari, you have the link handy?19:56
atiwari1 sec19:57
morganfainberggyee, i've read it.  i still feel like i'm missing some context.19:57
ayoungHeh, the guy that voices Ferb has green hair19:57
morganfainberggyee, it seems like the use case is ultra-narrow19:57
atiwarilink: https://blueprints.launchpad.net/keystone/+spec/name-spaced-roles19:57
bknudsonmorganfainberg: I didn't think about it much so don't know what the details are... I assume we have new lines in policy.json for each of the operations19:57
morganfainberggyee, and will make working with roles in general onerous for OS and a deployer19:57
*** kenperkins has quit IRC19:57
* ayoung fears the word credentials19:57
atiwarigyee ^^^19:57
morganfainbergbknudson, ah fair point. new lines in policy = new RBAC entries19:58
morganfainbergbknudson, thanks :)19:58
ayounghttp://en.wikipedia.org/wiki/Credential19:58
*** markmcclain has joined #openstack-dev19:58
morganfainbergbknudson, even if they just leverage an already existing rule e.g. is_admin_or_owner19:58
atiwariRFE bug https://bugs.launchpad.net/keystone/+bug/127092619:58
morganfainbergor whathavetyou19:58
uvirtbotLaunchpad bug 1270926 in keystone "[RFE] Enhancement needed on role data model to support name-spaced roles" [Wishlist,Confirmed]19:58
*** eglynn has joined #openstack-dev19:58
ayoungRBAC is authorization attributes but not authentication, and we use the two terms way too interchangeably.19:58
bknudsonmorganfainberg: I'm not sure that we really have another way to do it... and yes I'd expect some existing rules would be used.19:59
morganfainbergbknudson, yep. it's been a while since i poked at the enforce stuff19:59
bknudsonI'm not sure that we can have separate operations use the same rule in policy.json.19:59
morganfainbergbknudson, trying to get abck to it :)19:59
*** jaybuff has joined #openstack-dev19:59
bknudsonmorganfainberg: I'm guessing there will be less common code... it was kind of nice the way it was.19:59
morganfainbergbknudson, yeah it'll break things up some unfortunately :(20:00
ayounghttp://en.wikipedia.org/wiki/Credential#Cryptography   Keystone token should not be considered is a credential by this definition.20:00
gyeemorganfainberg, unless we are introducing Keystone as a Service, I don't know how to separate OS and deployers20:00
ayoungBut we treat them as such20:00
*** glenng has joined #openstack-dev20:00
morganfainbergbknudson, i might be able to do a little magic wrapper that does the work (like the deprecate __getattribute__ thing)20:01
morganfainbergbknudson, looking into what it's going to take20:01
*** pmathews has joined #openstack-dev20:01
*** saju_m has quit IRC20:01
gyeeayoung, why are we linking ec2 key with trust?20:01
*** openstack has joined #openstack-dev21:33
-dickson.freenode.net- [freenode-info] channel trolls and no channel staff around to help? please check with freenode support: http://freenode.net/faq.shtml#gettinghelp21:33
*** hartsocks has joined #openstack-dev21:33
stevemardolphm ++21:34
stevemarayoung, he's probably sleeping, euro time21:34
marekdstevemar: i am here.21:34
stevemarmarekd :O21:34
stevemardolphm, so just user name with domain, and user id -- really?21:35
marekdstevemar: doing the same thing when I see your patches added at 6am my time which means it's...midnight or 1am your time? :P21:35
*** tanisdl has quit IRC21:35
stevemarmarekd, who needs sleep right21:36
marekdstevemar: i do :(21:36
dolphmstevemar: if you can just do user_id, i'd just stick with that21:36
*** cnesa has quit IRC21:36
stevemardolphm, fair enough21:36
ayoungmarekd, so...why a new controller?21:36
dolphmstevemar: pick the easy one: (user_name + domain_id) || (user_name + domain_name) || (user_id)21:37
stevemaruser_id it is!21:37
stevemardolphm, and gyee's request? me think it's out of scope21:37
*** martyntaylor has joined #openstack-dev21:37
*** omachace has left #openstack-dev21:38
marekdayoung: because it's functionalities didn't fit (IMHO) to any other already existing controller in the federation...21:38
ayoungmarekd, what about the auth controller21:38
carl_baldwinarosen: Nothing strikes me from looking at the bug report except that the hosts file is correct and the code hasn't changed around sending a kill -HUP is just as it was before.  It is odd that they report a SIGHUP to dnsmasq does not fix the problem.21:38
dolphmmorganfainberg: any chance you can have something in review tomorrow for: https://blueprints.launchpad.net/keystone/+spec/ephemeral-pki-tokens21:38
*** galstrom_zzz is now known as galstrom21:38
marekdayoung: keystone.auth.*?21:39
ayoungmarekd, yes,21:39
ayoungas an auth plugin21:39
ayoungspecifically look at the remote user stuff21:39
marekdayoung: hmmm, just a reminder I cannot write 'just another' plugin, as user initially cannot access POST /auth/tokens21:40
ayoungof course they can21:40
ayoungthat is how they create tokens normally21:41
marekdayoung: right. but remember it will be that lovely mod_shib protected url21:41
stevemardolphm, i added comments and such to the patch21:41
marekdso if you configure apache to protect /auth/tokens you will not be able to authn with other methods.21:42
*** martyntaylor has left #openstack-dev21:42
morganfainbergdolphm, hopefully i will21:42
ayoungmarekd, that is OK21:42
ayoungthat is a deployment choice21:42
marekdayoung: OK.21:42
ayoungand the same suburl can be mounted multiple locations in Apache if so desired21:43
ayoungmarekd, I thought you prime problem would be that to do so would require reworking the token provider code.21:43
ekarlsoanyone know if there's any java thing lying around for keystone ?21:43
*** BLZbubba_ has quit IRC21:43
ayoungthat is, I think, the real issue:  we need to fetch the user object outside the provider and pass it in21:43
ekarlsoas in a middleware or similar21:44
ayoungekarlso, not a one21:44
hddbelliott, you around?21:44
*** amcrn_ has joined #openstack-dev21:44
*** BLZbubba has joined #openstack-dev21:44
ekarlsoayoung: so sad :(21:44
ayoungekarlso, let me know if you find one21:44
*** BLZbubba has quit IRC21:44
*** BLZbubba has joined #openstack-dev21:44
marunsamalba: ping21:44
carl_baldwinarosen: Looks like release is not being called as it should be in the patch.  Not sure why yet.  You mentioned you might see a bug in the review?21:44
arosenTesting till21:45
arosenseems like there is a new behavior that was added that it doesnt' recycle the ips right away.21:45
marekdayoung: i am not creating any user, at least not in the backend. It's token that identifies the user. And yes, there were few workarounds needed as in few places an assumption was made that the token would be issued for existing user.21:45
ayoungmarekd, I'm talkking about the user object that is used by the pipeline,  In this case it will be populated by info out of the SAML assertion21:45
*** amcrn has quit IRC21:45
*** gokrokve has quit IRC21:46
*** tqtran1 has joined #openstack-dev21:46
arosencarl_baldwin:  yea i can confirm the bug reproduce the behavior on my end21:46
gyeestevemar, which request, the making environ var configurable part?21:46
stevemargyee, yep, that one21:46
*** gokrokve has joined #openstack-dev21:46
gyeestevemar, it can go into a separate patch if you want, but if Keystone is HAed and fronted by VIP, the REMOTE_ADDR is likely the IP of the VIP21:47
gyeeinstead of the real client IP21:47
*** tqtran has quit IRC21:47
*** joesavak has quit IRC21:47
carl_baldwinarosen:  If anything, not recycling the ip right away should improve this situation rather than compound it, right?21:48
*** ramishra has joined #openstack-dev21:48
*** amcrn_ is now known as amcrn21:48
*** eharney has quit IRC21:49
ayoungmarekd,  so you understand my comment on the review.  Let me know if you need help on reworking the provider stuff.21:49
*** chris_johnson is now known as wchrisj|away21:50
marekdayoung: cannot see any comment on a review :(21:50
*** gokrokve has quit IRC21:50
ayoungmarekd, of course not, I am still writing them21:51
marekdayoung: oh, good.21:51
*** baoli has quit IRC21:51
ayoungmarekd, it should simplify the "external facing" aspect of your code, though. No hcanges to policy or routers21:52
*** ramishra has quit IRC21:52
marekdpersonally i don't see any option to use /auth/tokens and SAML protect it, but I don't consider myself Apache master...21:53
marekdayoung: if that waas your point about NOT changing routers.21:53
morganfainberghuh21:53
morganfainberguhm...21:53
morganfainbergso... i think we have an issue21:54
ayoungmarekd, it would be the same as the REMOTE_USERcode in the external auth plugin21:54
ayoungmorganfainberg, define "we"21:54
morganfainbergdolphm, bknudson, policy - you can't have multiple API methods protected with the same name21:54
dolphmmorganfainberg: why not?21:55
morganfainbergdolphm, bknudson, so it looks like for enforcement the same policy will be used for EC2 and credential as implemented for V321:55
ayoungmorganfainberg, nope21:55
ayoungyup21:55
dstanekjamielennox: i'll take back my -121:55
ayoungbut there is a way around that....dolphm?21:55
morganfainbergdolphm, identity:create_credential21:55
ayoungright21:55
morganfainbergdolphm, what method does that map to if you have EC2.create_credential or credential.create_credential21:55
morganfainbergi guess i could renamed all the methods to "ec2_<name>"21:56
ayoungbofe21:56
bknudsonmorganfainberg: rename them21:56
dolphmmorganfainberg: it seems that you *should* need to pass two policy checks to use /credentials for ec2, no?21:56
dolphmidentity:create_credential and maybe ec2:create_credential ?21:56
morganfainbergthe only one that differs from the policy file is delete_credential, in V2 it's the equivalent to admin_or_owner21:56
morganfainbergin v3 policy we set it to "admin_required"21:56
*** tmclaugh[work] has quit IRC21:56
gyeemorganfainberg, ayoung, we should retire the ec2 API and use signature auth plugin instead21:56
morganfainbergdolphm, don't think it works like that21:56
dolphmoh i forgot someone added policy to the v2 ec2 stuff21:56
gyeesame goes with s321:57
morganfainbergdolphm, i need to add policy for the V3 pipeline21:57
dolphmmorganfainberg: all i'm saying is that a single code path might have multiple checks along the way21:57
morganfainbergdolphm, rather than the dumb assert_admin21:57
dolphmmorganfainberg: ++21:57
morganfainbergdolphm, we don't really call controller -> controller21:57
*** oro has joined #openstack-dev21:57
morganfainbergdolphm, it is the exception to the rule we have multiple enforcement points21:57
morganfainbergif at all21:58
morganfainbergi might have removed that when i restructured the manager stuff21:58
morganfainbergs/that/all of them/21:58
morganfainbergso, best bet is rename? identity:ec2<blah> ?21:58
morganfainbergor do we want the same policy for ec2 credentials as the credential api21:58
*** mfer has quit IRC21:59
morganfainberggyee, yes, but that wont fit the bill for current usecase / timeline21:59
bknudsonpolicy is up to the deployer21:59
marekdayoung: http://docs.openstack.org/developer/keystone/external-auth.html looking at this for instance and X.509 example. If I apply that config, will I be able to authn myself without a x.509 certificate?21:59
*** hartsocks has quit IRC21:59
morganfainbergbknudson, right, should they be the same enforcement because they... are performing effectively the same action or are they really different enforcement rules?21:59
*** dmsimard has left #openstack-dev21:59
morganfainbergbknudson, before i renamed everything i wanted ot be sure :)21:59
bknudsonmorganfainberg: if you re-use the same rules then it's not up to the deployer.22:00
*** edmund has quit IRC22:00
morganfainbergbknudson, that is a fair enough argument for me.22:00
*** edmund has joined #openstack-dev22:00
morganfainberglet me rename these (v3) ones22:01
dolphmmorganfainberg: to?22:01
morganfainbergdolphm, ec2_createcredential22:01
morganfainbergit only matters what the method on the controller is, decorated with controller.protected()22:01
morganfainbergwont change the REST api, since the routers to that work for uyou22:01
*** RajeshMohan has quit IRC22:02
*** oro has quit IRC22:02
*** pmathews has joined #openstack-dev22:02
*** carl_baldwin has quit IRC22:02
gyeemorganfainberg, not sure if I understand, why are we still using EC2 CRUD now that we have the credential API22:02
morganfainberggyee, yes, heat is using it in some cases.  it presents different than the credential api does22:03
dolphmmorganfainberg: fwiw, the left side of the colon was originally intended to reflect core vs extensions, but i think we've broken that quite a bit already22:03
dolphmmorganfainberg: so "os-ec2:create_credential" or something would be most correct22:03
morganfainbergdolphm, oh it is?22:03
dolphmyeah..22:03
morganfainbergdolphm, *goes and looks*22:03
dolphm"identity" == "core identity api"22:03
*** yjiang51 has joined #openstack-dev22:04
dolphmor, was supposed to22:04
morganfainbergdolphm, we only ever use "identity:<thing>"22:04
*** RajeshMohan has joined #openstack-dev22:04
dolphmi know22:04
morganfainberggyee, the issue is we placed the V2 EC2 api in the V3 pipeline22:04
*** carl_baldwin has joined #openstack-dev22:04
morganfainbergand the v2 one issues a v2 token22:04
gyeemorganfainberg, but in the V3 world, there's no need for them anymore22:04
morganfainberggyee, so to solve it for "ominous deadline" of feb 18, just splitting out V3 version properly22:05
morganfainberggyee, it offers an authenticate api, and a different presentation22:05
ayoungmarekd, yes22:05
morganfainberggyee, in J we can deprecate Ec2 completely if we have full credential support, but for now, path of least resistance since we are under tight schedules22:05
morganfainbergif that makes sense22:06
gyeemorganfainberg, looking at the code, ec2 CRUD difference only slightly and both can be done  at the client side22:06
*** jecarey_ has quit IRC22:06
dolphmeasy review- https://review.openstack.org/#/c/71690/22:06
gyee1) pack the cred into the blob, and 2) don't link the cred to trust22:06
*** jhesketh has joined #openstack-dev22:06
morganfainberggyee, i think the trust bit is the important peice22:06
ayoungmarekd, it depends on Apache, but that is not a concern here.  For example, you can specify multple authentication mechanisms.  Not that it is guaranteed to work, but in theory22:06
*** nermina has quit IRC22:06
*** jecarey_ has joined #openstack-dev22:06
ayoungmarekd, howerver...you could also do this:22:07
morganfainbergdolphm, i'll defer to you on the decision.22:07
marekdayoung: i still need to pack IdP and protocol in the URL as I cannot POST anything..22:07
dolphmmorganfainberg: on which conern?22:07
dolphmconcern*22:07
*** gokrokve has joined #openstack-dev22:07
morganfainbergdolphm, restructure and hit real credential api use...or just split for v3 ec2 and fix in J?22:07
morganfainbergdolphm, ^ gyee's22:07
morganfainbergcredential is close to ec2 for crud etc22:07
ayoungmarekd, huh?22:07
*** johnthetubaguy has joined #openstack-dev22:07
gyeedolphm, I don't think we want to maintain ec2 CRUD22:07
gyeein the v3 land22:07
dolphmmorganfainberg: i'd like to fix it for icehouse, and look at quickly deprecating if that's definitely an option22:08
*** ekhugen has quit IRC22:08
ayoungmarekd, that seems wrong22:08
*** bswartz has quit IRC22:08
*** dvarga_ has joined #openstack-dev22:08
ayoungmarekd, wouldn't those values come through from mod_shib?22:08
morganfainbergdolphm, my thought is V3 ec2 icehouse, proper full credential stuff J22:08
morganfainbergdolphm, just due to timelines22:08
*** ramishra has joined #openstack-dev22:08
dolphmmorganfainberg: ++22:08
morganfainbergdolphm, if it wasn't (basically) end of the week targets for stuff, i'd be inverted in opinion22:08
marekdayoung: which values? our own {auth: {} } object?22:08
ayoung IdP and protocol22:09
*** eglynn has quit IRC22:09
*** nmagnezi has quit IRC22:09
morganfainberggyee, ^ that work for you.  Ec2 crud deprecated early in J, and we fix it properly22:09
*** eglynn has joined #openstack-dev22:09
morganfainberggyee, full on credential auth - plugin etc22:09
marekdayoung: i would not rely on that assumption. I must confess I ONLY check it on a websso and there..no, i was literally redirected from the IdP and even my initial data sent as a body to the SP was lost..22:09
*** dvarga has quit IRC22:10
gyeemorganfainberg, well, if they make it into stable release, we'll have to maintain them, that's all I am saying22:10
ayoungmarekd, where is the body of the SAML assertion?22:10
*** salv-orlando_ has joined #openstack-dev22:10
marekdcookie or something.22:10
morganfainberggyee, we already provided V3 support for this by putting the V2 ec2 crud in the v3 pipeline22:10
ayoungmarekd, something is out of whack here...22:10
morganfainberggyee, so i would equate that to already being in a stable release (havana)22:10
*** yjiang51 has quit IRC22:10
*** dmsimard has joined #openstack-dev22:10
marekdayoung: i once make a small test with websso. tried to send some data from a html form to a saml protected url.22:11
dmsimardHey guys, is it possible to have your opinion on https://bugs.launchpad.net/python-keystoneclient/+bug/1231339 ? We switched it from swift to keystone and want to make sure it's in the right place.22:11
uvirtbotLaunchpad bug 1231339 in swift "keystone s3_token middleware not usable" [Undecided,Confirmed]22:11
*** ssurana1 has quit IRC22:11
marekdayoung: i was redirected to the IdP, auth'ed, redirected to the SP again but my initial body was lost.22:11
morganfainbergdolphm, looks like we don't get to specify anything but "identity:" in policy the way .protected() works.  should file a BP to fix that. i would like to make policy more ... distinct (assignment:<thing> identity:<thing> if we want to)22:12
*** vuil has quit IRC22:12
gyeemorganfainberg, I know, so two wrongs make it right type of thing huh? :)22:12
ayoungmarekd, ah22:12
ayoungmarekd, since it is redirects,  it is no longer POST verbs?22:12
*** giulivo has quit IRC22:12
*** arnaud has quit IRC22:12
marekdayoung: hah, in my case the method even changed to GET!22:12
morganfainberggyee, i think we need to issue a correct token... and then worry about fixing it.  we can't rip the rug out of people who expect/use the ec2 extension in v3 (as broken as it may be...it still provides a semblance of working)22:12
*** dvarga_ has quit IRC22:12
*** arnaud__ has quit IRC22:13
*** ramishra has quit IRC22:13
morganfainbergand if they only had the default domain, it really wouldn't be a huge issue to use it as is.22:13
marekdayoung: i later spoke with our federation achitect, and he said changing POST->GET was weird, but the body loss was pretty standard.22:13
*** xga has joined #openstack-dev22:13
gyeemorganfainberg, I hear ya, go with your plan then22:13
*** cnesa has joined #openstack-dev22:13
*** salv-orlando has quit IRC22:14
*** salv-orlando_ is now known as salv-orlando22:14
*** shakayumi has joined #openstack-dev22:15
marekdayoung: that's why i proposed another url, something i wrote to the ml and was discussed during one of the tuesday meetings.22:15
marekdayoung: i do agree that maybe the controller should not be located under keystone/federation but for now I would go with that dedicated url.22:16
dolphmmorganfainberg: @protected(extension='os-ec2') --> "os-ec2:whatever_method" ?22:16
morganfainbergdolph, controller.protected only takes a callback as an argument https://github.com/openstack/keystone/blob/master/keystone/common/controller.py#L6822:17
sandywalshhdd: sorry, missed your ping ... here now22:18
*** jdob has quit IRC22:18
morganfainbergdolphm, but yes, that would be my choice syntax (or similar)22:18
marekdayoung: The only workaround I could recognize at the moment was: a) fetching available projects/domains based on the group ids.22:18
*** xga has quit IRC22:18
*** vladikr has quit IRC22:18
dolphmmorganfainberg: yeah, it was just a suggestion22:18
hddsandywalsh, jog0 asked me to update the description for https://blueprints.launchpad.net/nova/+spec/cross-service-request-id , but I don't have permission to edit that section22:18
hdddo you?22:19
sandywalshlemme see22:19
ayoungmarekd, so...I don't think that is necessary.22:19
*** jamieh has quit IRC22:19
sandywalshhdd, yep ... lemme see if I can add you (or you can send me a new paste)22:20
morganfainbergdolphm, https://blueprints.launchpad.net/keystone/+spec/policy-enforce-alternate-prefix juno perhaps22:20
marekdayoung: what exactly is not necessary?22:20
ayoungmarekd, part of the problem is that we are treating the token as a resource, and only allowed it to be created on POST, but that is out of line with how auth is typically done22:20
* ayoung thinking22:20
marekdayoung: i know.22:20
ayoungmarekd, I mean, if it were just basic-auth, then the equiv of a token could be put in a cookie22:21
*** shakayumi has quit IRC22:21
ayoungit should not be outside of /auth22:21
sandywalshhdd: assigned you to the bp ... you should have full control now22:22
ayoungmarekd, let me chew it over tonight.22:22
ayoungI'll have something by tomorrows meeting.22:22
hddsandywalsh, cool. Thanks a lot.22:22
*** jaybuff has left #openstack-dev22:23
marekdayoung: OK22:24
*** glenng has quit IRC22:24
marekdwhat exactly was your point with token_providers reworking?22:25
*** peristeri has quit IRC22:25
marekdayoung:  ^^22:25
ayoungmarekd, you see how you tacked on the "issue_federation_token" there?  That needs to be merged in with the other things that create tokens22:26
ayoungmarekd, this is not your fault, you are uncovering all our cruft22:26
*** jmckind has quit IRC22:27
*** thomasem has quit IRC22:27
*** jergerber has joined #openstack-dev22:28
marekdayoung: by saying merged you mean in terms of arguments passed or something else? Because I think I did spend some time thinking how to reuse some methods like issue_v3_token and AFAIR it was not so easy.22:29
ayoungmarekd, yep22:29
ayoungmarekd, I took at stab at it a few months back and concluded the same thing22:29
ayoungI want the same parameter list for issue v2 and issue v322:30
ayoungand you should be calling oissue v322:30
ayoungmarekd, the whole thing needs to be a pipelie22:30
ayoungpipeline22:30
*** ysk has quit IRC22:30
marekdthis means refactoring issue_v3_token - OK then.22:30
ayoungmarekd, yep, and the really nasty thing is this is a public API22:31
*** rtheis has quit IRC22:31
*** dkranz has quit IRC22:32
ayoungmarekd, OK....I knew this was coming.  I need to sit down in a quite room with a notebook, a pencil, and a glass of good scotch and think this through.  Ideally with no computer near me.22:32
*** gokrokve has quit IRC22:32
ayoungbut...this code helps22:32
*** gokrokve has joined #openstack-dev22:32
ayoungcux it makes real what the interface to the token provider really needs to look like22:32
ayoungmarekd, let me see if I can find the snap we took of the whiteboard22:33
*** achampion has quit IRC22:33
ayounghttps://twitter.com/admiyoung/status/429060448462577664/photo/1  marekd sorry that is not more legible22:33
*** tongli has quit IRC22:34
*** arosen has quit IRC22:35
*** arosen has joined #openstack-dev22:35
marekdayoung: why is scope just after authenticate?22:36
*** gokrokve has quit IRC22:36
marekdayoung: we are starting with SAML assertion.22:37
stevemardolphm, any way I can test this out locally? https://review.openstack.org/#/c/72492/22:38
*** yeylon__ has joined #openstack-dev22:38
dolphmdstanek: ^ i assume not "tox -e docs"22:39
*** salv-orlando_ has joined #openstack-dev22:39
stevemardolphm, and we would need to resolve the oslo warnings first right?22:39
*** lucas-dinner has quit IRC22:40
dstanekdolphm: stevemar: yeah, tox -e docs should do it22:40
*** jab416171_ has quit IRC22:40
morganfainbergbknudson, dolphm, v3 ec2 stuff w/ policy.json enforcement almost ready to post (waiting on unit tests)22:41
morganfainbergwill be up shortly22:41
dstanekthat just calls the sphinx stuff under the hood22:41
*** jab416171_ has joined #openstack-dev22:41
morganfainbergbknudson, dstanek, i should have the last comments for the Limit calls to memcache review done shortly22:41
morganfainberg(and posted)22:41
stevemarbknudson, take a quick 2nd look? https://review.openstack.org/#/c/67645/ I just changed your 1 inline comment22:42
marekdayoung: still here?22:42
marekdayoung: otherwise i am going to bed for now.22:42
stevemardolphm, dstanek want to review: https://review.openstack.org/#/c/67645/ - it's already gone throug brant, so good luck finding anything wrong, buahaha22:43
*** salv-orlando has quit IRC22:43
*** salv-orlando_ is now known as salv-orlando22:43
dstanekstevemar: sure22:44
stevemardstanek, don't take this as a challenge, and i apologize for -1'ing your fix for misspellings :)22:44
dolphmstevemar: rofl22:45
dstanekstevemar: :)22:45
dolphmstevemar: i'm skimming it, but dstanek would be a more valuable +2 at this point22:45
*** armax has quit IRC22:47
dstanekdolphm, bknudson: can i assume that the client version works the same as the server version in https://review.openstack.org/#/c/71690?22:47
*** kgriffs is now known as kgriffs_afk22:47
bknudsondstanek: I wouldn't make any assumptions22:47
*** wchrisj|away is now known as chris_johnson22:47
*** kevinconway has quit IRC22:47
dolphmbknudson: it's a copy/paste, no?22:48
*** hartsocks has joined #openstack-dev22:48
*** hartsocks has quit IRC22:48
bknudsonit was mostly a copy/paste but there are minor differences... in logging and translations.22:48
dolphmbknudson: but from an API perspective, it provides the same behavior on the things imported into keystone22:48
bknudsondstanek: https://review.openstack.org/#/c/52702/22:48
bknudsondolphm: right there's no change to the API.22:50
dolphmdstanek: ^22:50
*** jecarey_ has quit IRC22:50
dolphmstevemar: i thought i found a problem and then i was wrong i apologize to bkhudson22:51
dolphmturns out i just misread a new docstr22:51
morganfainbergdolphm, bknudson, https://review.openstack.org/#/c/70631/ update posted.22:52
stevemardolphm, you should have known bettter22:52
morganfainbergV3EC222:52
*** arnaud has joined #openstack-dev22:53
*** arnaud__ has joined #openstack-dev22:53
*** Sukhdev has quit IRC22:54
dolphmmorganfainberg: why is ec2_delete_credential the only admin_or_owner?22:54
morganfainbergdolphm, that is the same as the V2 functionality22:54
morganfainbergdolphm, delete was the one that checked admin, secondarily checked owner22:54
dolphmemulating "log out" ?22:54
morganfainberghm. i think so22:54
*** armax has joined #openstack-dev22:54
dstanekbknudson: yeah they are basically the same - the client version just wasn't converted to using six22:55
dolphmmorganfainberg: anything else new in this patch i should pay attention to?22:55
morganfainbergdolphm, actually22:55
morganfainbergthese might all need to be admin or owner22:55
*** galstrom is now known as galstrom_zzz22:55
bknudsondstanek: probably because I submitted it before anyone was posting changes to use six...22:55
morganfainberg*checking*22:55
ayoungmarekd, go to bed...I've been invaded by kids22:56
*** ytwu1 has joined #openstack-dev22:56
*** jobewan has quit IRC22:56
dolphmmarekd: isn't it like 5am there?22:56
marekdmidnight.22:56
*** ytwu has quit IRC22:56
morganfainbergdolphm, oooh22:56
stevemardedication22:56
morganfainbergdolphm, how do i .. check to make sure a user is the user in the credential in policy?22:56
*** zzelle has quit IRC22:57
dstanekbknudson: lgtm - looks like it deserves to be approved22:57
*** cagrev has quit IRC22:57
morganfainbergthe rest should be admin_or_owner22:57
morganfainbergi.. uhm think22:57
dolphmmorganfainberg: umm, not user_id=22:57
*** eharney has joined #openstack-dev22:58
morganfainbergdolphm, huh.22:58
*** marekd is now known as marekd|away22:58
morganfainbergnot sure how this gets modelled in policy enforcement22:58
morganfainbergdolphm, trying to say "if user_id != cred_ref['user_id']:" is22:59
*** ssurana1 has joined #openstack-dev22:59
morganfainbergdolphm, not clear to me22:59
ekarlsowhat happened to the "congress" thing vmware did for policies ?22:59
morganfainbergdolphm, oh, i need to write this as a callback23:00
dolphmuser_id:%(credential.user_id)s ?23:00
*** tkay has quit IRC23:00
dolphmmorganfainberg: what's the operation you're protecting?23:00
dolphmmorganfainberg: update?23:00
morganfainbergdolphm, no because you don't have access to that information (credential) at the point23:00
morganfainbergdolphm, delete23:00
dolphmthen callback sounds right23:00
morganfainbergdolphm, yeah.23:00
*** nati_uen_ has quit IRC23:01
*** shardy is now known as shardy_afk23:01
bknudsondstanek: thanks. I think that closes a bug.23:01
dstanekstevemar: nice docstrings!23:01
*** tkay has joined #openstack-dev23:02
*** sweston has quit IRC23:02
dstanekstevemar: you almost make me with i wrote docstrings like that23:02
*** packet has quit IRC23:02
*** JoshNang has joined #openstack-dev23:03
*** gokrokve has joined #openstack-dev23:04
dolphmdstanek: is there a way to have apidoc ignore keystone.openstack.common ?23:04
*** romcheg1 has quit IRC23:04
*** galstrom_zzz is now known as galstrom23:04
*** mdomsch has quit IRC23:04
dolphmstevemar: to avoid/ignore warnings /errors there ^23:04
*** kgriffs_afk has quit IRC23:05
dstanekdolphm: not that i know of23:06
*** stevemar has quit IRC23:06
jamielennoxgyee (and interested others): new auth plugins - have a look when you get a minute and make sure they still work for you: https://review.openstack.org/#/c/68006/ and https://review.openstack.org/#/c/68007/23:06
ayoungok...so bascially a token is a signed subset of the data that keystone knows about a user....so, if we add on ?signed or an accepts header of "application/cmsz"  we could turn and keystone response into a token.  I think I might have finally cracked....23:06
jamielennoxayoung: s/and/any ?23:07
ayoungjamielennox, yes23:07
*** kgriffs_afk has joined #openstack-dev23:07
dolphmayoung: s/think I might have//23:07
*** kgriffs_afk is now known as kgriffs23:07
ayoungdolphm, almost certainly23:08
*** vijendar has quit IRC23:08
jamielennoxayoung: so i put in an email that i think you are right about sign/compress and that we just take ID from the uncompressed token23:08
ayoungdolphm, I was thinking, though, that a user might like to create a token with just enough role-assignment data to get a job done.  It would be nice to just be on the role_assignement url and say "convert this to token"23:08
jamielennoxit means though that you could actually implement token compression as middleware23:08
dstanekdolphm: https://bitbucket.org/birkenfeld/sphinx/issue/944/sphinx-apidoc-add-ability-to-exclude23:09
ayoungjamielennox, ahhh23:09
jamielennox:)23:09
ayoungjamielennox, cool....23:09
*** ramishra has joined #openstack-dev23:09
ayoungI think I was hovering around that idea23:09
bknudsondolphm: the warnings in openstack/common should be fixed with https://review.openstack.org/#/c/71311/23:09
dolphmjamielennox: rather than affecting the signature?23:09
dolphmdstanek: ooh23:09
jamielennoxdolphm: right, so on issue a token you take X-Auth-Token and the zip it, on receiving a zipped token you unzip it - nothing else changes23:10
*** dave_tucker_zzz is now known as dave_tucker23:10
jamielennoxjust insert that before auth_token middleware23:10
*** jecarey has joined #openstack-dev23:11
morganfainbergdolphm, does.. this look right? "rule:admin or rule:owner and user_id:%(target.user_id)s"23:11
*** prad has quit IRC23:11
ayoungdolphm, but I was also thinking of the Federation issue that marekd|away was hitting.  Namely, that the resource he is trying to request is only avaialble via post, and the redirect breaks that.  What if a user had an URL that represented "here is my current token data"23:11
morganfainbergor is there like parens and such that should be added?23:11
jamielennoxnote to self: should never say 'this could be middleware' around dolphm23:11
dolphmjamielennox: my only complaint with that, which isn't entirely valid, is that people have to opt-in to that, and i'd rather they not have to :P23:11
ayoungthen to get a token, you go to that URL with a content-type that indicates "give it to me signed and compressed"23:12
dolphmjamielennox: ;)23:12
bknudsonthe doc warnings I get with master + https://review.openstack.org/#/c/71311/ are keystone.contrib.kds.db.connection.Connection.get_key:1823:12
bknudsonand keystone.tests.contrib.kds.fixture.rst:723:12
ayoungdolphm, and...if we did it that way, it would provide Keystone a clean way to sign (and compress )other data like the revocation events23:12
dolphmbknudson: are you excluding keystone.openstack.common, or actually not seeing any errors there?23:13
jamielennoxdolphm: right it can be inline but just a very simple if it's compressed then uncompress and do regular token processing so that token_id is not affected by the compression23:13
morganfainbergdolphm, actually i think... http://pastebin.com/iyrZrAf5 is right?23:13
bknudsondolphm: https://review.openstack.org/#/c/71311/ fixes the warnings in keystone.openstack.common, so there are no errors there.23:13
*** thedodd has quit IRC23:13
*** ramishra has quit IRC23:13
jamielennoxalso we have a lot of stuff in our pipeline that you can't really opt out of23:13
*** alexpilotti has quit IRC23:13
*** dvarga has joined #openstack-dev23:14
dolphmjamielennox: we trimmed down the default after grizzly23:14
jamielennoxi'd be interested to know how many deployments actually mess with that23:14
dolphmtoo few23:15
jamielennoxanyway i was thinking that was interesting as the same middleware could be used on the client and the server23:15
jamielennoxbut maybe it's just better to build it into auth_token and then have keystone use that - again23:15
*** dstanek is now known as dstanek_afk23:16
*** dmsimard has quit IRC23:16
*** henrynash has joined #openstack-dev23:17
dolphmjamielennox: works for me, but i wouldn't mind if that was a refactor in juno23:17
*** nati_ueno has joined #openstack-dev23:17
jamielennoxdolphm: lol, it's not going to happen in the next couple of weeks23:17
*** vartom1111111119 has quit IRC23:18
*** yjiang51 has joined #openstack-dev23:18
*** byeager has quit IRC23:19
*** jgrimm has quit IRC23:19
*** pixelb has quit IRC23:19
morganfainbergdstanek_afk, bknudson, https://review.openstack.org/#/c/71683/ - Memcache (master) fix for the token backend limiting calls to memcache23:20
*** galstrom is now known as galstrom_zzz23:22
ayoungjamielennox, I like what you are thinking.  But the middleware could go in the client, and be consumed by the server23:22
ayoungI'll play around with it....23:22
*** ayoung is now known as ayoung-Dad23:22
jamielennoxayoung: i'm not sure i'm advocating it, it was just a it's possible23:22
jamielennoxayoung-Dad: also that i'm reverting my old position to compress then sign23:22
Alexei_987lifeless: ping23:22
*** nati_ueno has quit IRC23:23
*** dperaza has quit IRC23:23
*** lbragstad has quit IRC23:23
lifelessAlexei_987: hi23:23
Alexei_987lifeless: could you please take a look at this issue https://bugs.launchpad.net/testrepository/+bug/1271133 ?23:24
uvirtbotLaunchpad bug 1271133 in testrepository "Cryptic error from subunit when an import fails" [Undecided,In progress]23:24
*** schwicht has quit IRC23:24
dolphmjamielennox: that i would like a firm direction on (compress -> sign) or (sign -> compress); i haven't seen reasoning either way, but it greatly affects the viability of the middleware approach23:24
dolphmin which case i vote for sign -> compress23:24
dolphmwhich i think ayoung was doing last i checked?23:24
jamielennoxdolphm: my case for compress -> sign was that the token we would produce is always the same and because we currently rely on the md5sum of the token for our token id23:25
*** sgordon has quit IRC23:25
jamielennoxany form of decompress -> recompress would create a new token_id that would still validate but not be retrievable by keysotne23:26
jamielennoxdolphm: however it becomes really simple by just saying that the token id is only computed on the uncompressed data (which is why middelware make sense)23:26
dolphmjamielennox: then you're forcing clients to decompress tokens before validating them23:27
jamielennoxdolphm: yes23:27
dolphmjamielennox: which makes this API-breaking and a no-go23:27
Alexei_987lifeless: it was quite a quest to debug this thing23:27
jamielennoxdolphm: it's going to be somewhat breaking anyway23:27
jamielennoxat some point the client is going to need to decrypt the data to retrieve token information23:28
dolphmjamielennox: yes, but only auth_token - right?23:28
dolphmit's also not "encrypted"23:28
jamielennoxright, i used encrypted wrongly in a number of places23:28
jamielennoxwhat do you mean only auth_token23:29
dolphmjamielennox: careful!23:29
*** armax has quit IRC23:29
dolphmjamielennox: what other clients have to read PKI tokens, other than keystoneclient?23:29
jamielennoxauth token is going to need to do a decrypt regardless23:29
dolphmdecompress*23:29
jamielennoxdolphm: keep doing that23:29
jamielennoxauth_token will need to decompress regardless23:29
dolphmjamielennox: that'll send the wrong message in our community and we'll get very confusing security vulnerabilities reported lol23:30
jamielennoxkeystoneclient does not *open* the token23:30
*** ramishra has joined #openstack-dev23:30
*** sarob has quit IRC23:30
*** jaybuff has joined #openstack-dev23:30
jamielennoxit reads the json from the response and saves that but it always treats the token as a blob23:30
dolphmnor does it need to - excluding auth_token, correct?23:30
jamielennoxcorrect23:30
*** sarob has joined #openstack-dev23:31
dolphmright, clients should be allowed to be dumb there23:31
jamielennox(though i would like to eventually move that functionallity towards the client)23:31
dolphm+++23:31
dolphmi've always wanted a c.tokens.validate()23:31
dolphmhaven't gotten around it it myself23:31
lifelessAlexei_987: I think you have the wrong end of it; its a single patch to testr to fix.23:31
jamielennoxdolphm: i'm hoping to get all this discover and auth plugin stuff figured out before i go back to looking at auth_token23:31
lifelessAlexei_987: I'm glad you want to hack on it, I will give direction in the bug23:31
Alexei_987lifeless: not sure it will work23:32
*** slagle has quit IRC23:32
*** jergerber has quit IRC23:32
morganfainbergdolphm, ok i think... the policy is correct for this: https://review.openstack.org/#/c/70631/23:32
Alexei_987lifeless: testr doesn't have any info about the failure to show it23:32
dolphmmorganfainberg: test it!23:33
morganfainbergdolphm, LOL i am trying to stand up a devstack for it.23:33
*** sarob has quit IRC23:33
morganfainbergdolphm, but figured i'd post it up so tempest could get chewing on it23:33
dolphmmorganfainberg: cool -- what tests does tempest have against that api?23:34
morganfainbergdolphm, if heat is covered possibly heat things23:34
dolphmmight be easier to write that test there23:34
morganfainbergdolphm, honestly, not sure.23:34
*** mtreinish has quit IRC23:34
dolphmmorganfainberg: poke shardy23:34
morganfainbergdolphm, but going to test this for now locally in devstack and possibly need to add a unit test for the immidiate usecase23:35
morganfainbergshardy_afk, ping23:35
morganfainbergdolphm, but in either case you can look to see if the code has anything outstanding that is wrong while i do the more functional tests.23:36
*** denis_makogon has quit IRC23:36
dolphmmorganfainberg: i looked though the last patchset -- don't see anything23:36
morganfainbergdolphm, ok23:36
morganfainbergdolphm, there is now the callback for policy magic, but that wont be fully tested until i get this devstack up and see if i need a new test23:37
*** asalkeld has joined #openstack-dev23:37
*** achampion has joined #openstack-dev23:38
*** Gordonz has quit IRC23:38
*** dkranz has joined #openstack-dev23:38
*** chris_johnson is now known as wchrisj|away23:38
bknudsonam I supposed to be able to do a file search on gerrit using file: ?23:39
bknudsonit says "operator not permitted here"23:39
*** mtreinish has joined #openstack-dev23:39
sdaguebknudson: it's not supported in the web ui23:39
sdaguethat's in the docs23:39
sdagueuntil gerrit 2.8 with secondary indexes23:39
bknudsonso I can put it on a watched project or something.23:40
*** cadenzajon has quit IRC23:40
morganfainbergsdague, does it work in the "watched" projects settings?  i am trying to figure out the syntax so i can see some oslo bits23:40
morganfainbergbut ... i don't think they are working as expected23:40
sdaguemorganfainberg: it's supposed to work for the emails23:40
sdaguebut I've not actually tested it23:40
morganfainberghmmm.23:40
morganfainbergsdague, ok i'll keep poking at it23:41
sdagueit definitively will not work in the web UI23:41
morganfainbergsdague, okie.23:41
morganfainbergsdague, thanks23:41
*** CaptTofu has quit IRC23:41
sdagueand that was supposed to autocomplete to bknudson, I have no idea how I screwed that up :)23:41
*** jnoller has quit IRC23:42
*** e0ne has quit IRC23:42
*** praneshp has joined #openstack-dev23:43
lifelessAlexei_987: oh, I see23:44
lifelessAlexei_987: I mis read23:44
*** abhirc has quit IRC23:44
*** e0ne has joined #openstack-dev23:44
*** mlavalle has quit IRC23:46
*** henrynash has quit IRC23:46
*** cadenzajon has joined #openstack-dev23:47
*** mgagne has quit IRC23:47
*** AlanClark has quit IRC23:48
*** begin has joined #openstack-dev23:49
*** tjones has quit IRC23:49
*** yjiang51 has quit IRC23:49
*** dstanek_afk is now known as dstanek23:49
*** johnthetubaguy has quit IRC23:49
*** johnthetubaguy has joined #openstack-dev23:50
*** mrda is now known as mrda_away23:50
*** morazi has quit IRC23:50
*** johnthetubaguy has quit IRC23:50
*** ijw_ has joined #openstack-dev23:50
beginGuys can you help with a basic question?23:51
*** markwash has quit IRC23:51
*** jaybuff has quit IRC23:52
*** sarob has joined #openstack-dev23:52
*** neelashah has quit IRC23:52
*** mriedem has quit IRC23:52
beginwhy is it needed to put in the code something like: self.conn_timeout = float(conf.get('conn_timeout', 0.5)) if this information could be provided in a conf file: conn_timeout = 0.5?23:52
Alexei_987lifeless: do not agree with you on subunit patch23:53
*** ssurana has quit IRC23:53
*** markmcclain has quit IRC23:53
StevenKBecause then it's a string, and not a float23:53
*** bauzas has quit IRC23:53
*** ijw has quit IRC23:53
*** sandywalsh has quit IRC23:53
Alexei_987lifeless: it is available to subunit but I don't like that valid and invalid testcases are streamed through the same pipe23:53
*** henrynash has joined #openstack-dev23:53
*** jaybuff has joined #openstack-dev23:53
*** jaybuff has quit IRC23:54
*** zul has quit IRC23:54
Alexei_987lifeless: I think we should use 2 separate pipes23:54
StevenKbegin: Basically, it's defensive coding.23:54
*** arosen has quit IRC23:54
*** slagle has joined #openstack-dev23:54
lifelessAlexei_987: subunit is a multiplexing protocol, there's no need for two pipes23:55
StevenKbegin: We want to coerce the value to a float, but if it's not specified in the config, we have a default. Not certain if rubbish values get replaced by the default.23:55
lifelessAlexei_987: the data is already attached in the right place, testr just isn't showing it cleanly.23:55
Alexei_987lifeless: how you are going to separate it to show it cleanly?23:55
lifelessAlexei_987: see my review on the testr patch23:55
*** iamben_tw has quit IRC23:56
lifelessAlexei_987: but - subunit.v2.ByteStreamToStreamResult(BytesIO(out)).run(gatherer)23:56
Alexei_987lifeless: I don't really like your binary parser magic :(23:56
Alexei_987binary - evil23:56
lifelessAlexei_987: we have lots of corruption issues with the plain text version of subunit, waaay more flaky.23:57
*** iamben_tw has joined #openstack-dev23:57
*** ndipanov has quit IRC23:57
lifelessAlexei_987: but there is no magic here, pipes are pipes23:57
Alexei_987lifeless: well ok we can do it without stderr :(, however I don't think that we should dig down to unittest to fix this issue23:57
*** sweston has joined #openstack-dev23:57
*** bdpayne has quit IRC23:58
lifelessAlexei_987: we can do the work around, but unittest should be fixed23:59
lifelessAlexei_987: otherwise we end up with code that is just an unmaintainable mess of workarounds23:59
« Sunday, 2014-02-09 Index Tuesday, 2014-02-11 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!