Friday, 2014-04-04

« Thursday, 2014-04-03 Index Saturday, 2014-04-05 »
*** arun_kant has quit IRC00:01
openstackgerritBrant Knudson proposed a change to openstack/keystone: Configurable token hash algorithm  https://review.openstack.org/8040100:06
*** dims_ has quit IRC00:07
*** dims_ has joined #openstack-keystone00:21
*** stmi has left #openstack-keystone00:23
dstanekmarekd|away: that would be awesome00:33
*** amcrn has quit IRC00:43
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Ensure JSON headers in Auth Requests  https://review.openstack.org/8520901:04
*** marcoemorais has quit IRC01:10
*** joesavak has joined #openstack-keystone01:18
openstackgerritBrant Knudson proposed a change to openstack/python-keystoneclient: Allow hash tokens with sha256  https://review.openstack.org/8039801:19
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Ensure JSON headers in Auth Requests  https://review.openstack.org/8520901:22
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Add new error for invalid auth response  https://review.openstack.org/8521301:24
*** askb_ has joined #openstack-keystone01:25
*** askb_ has quit IRC01:28
*** askb_ has joined #openstack-keystone01:28
*** askb_ has quit IRC01:28
*** askb_ has joined #openstack-keystone01:29
*** joesavak has quit IRC01:34
*** stevemar has joined #openstack-keystone01:36
*** stevemar has quit IRC01:53
*** mberlin has joined #openstack-keystone01:55
*** mberlin1 has quit IRC01:56
*** stevemar has joined #openstack-keystone02:00
*** morganfainberg is now known as morganfainberg_Z02:22
*** zhiyan_ is now known as zhiyan02:24
*** dims_ has quit IRC02:29
openstackgerritJamie Lennox proposed a change to openstack/python-keystoneclient: Create a V3 Token Generator  https://review.openstack.org/7887802:32
*** stevemar has quit IRC02:33
openstackgerritayoung proposed a change to openstack/keystone: Remove legacy_endpoint_id and enabled from service catalog  https://review.openstack.org/8514703:09
*** ayoung is now known as ayoung_ZZZzzz__03:09
*** polyservice has joined #openstack-keystone03:11
*** stevemar has joined #openstack-keystone03:24
openstackgerritA change was merged to openstack/keystone: Removes useless wrapper from manager base class  https://review.openstack.org/8455303:47
*** jamielennox is now known as jamielennox|away03:58
*** polyservice has quit IRC04:02
*** harlowja is now known as harlowja_away04:03
*** jamielennox|away is now known as jamielennox04:03
*** masoto has joined #openstack-keystone04:10
*** david-lyle has joined #openstack-keystone04:11
*** dstanek has quit IRC04:13
*** chandan_kumar has joined #openstack-keystone04:16
*** stevemar has quit IRC04:20
*** lbragstad has joined #openstack-keystone04:25
*** wchrisj_ has quit IRC04:44
*** wchrisj has joined #openstack-keystone04:54
*** marcoemorais has joined #openstack-keystone05:05
*** chandan_kumar has quit IRC05:06
*** ben00b has joined #openstack-keystone05:06
*** marcoemorais1 has joined #openstack-keystone05:06
*** ben00b has quit IRC05:08
*** chandan_kumar has joined #openstack-keystone05:08
*** marcoemorais has quit IRC05:09
openstackgerritAndrey Kurilin proposed a change to openstack/python-keystoneclient: Use `HttpNotImplemented` in `tests.v3.test_trusts`  https://review.openstack.org/7399305:14
*** marcoemorais1 has quit IRC05:19
*** marcoemorais has joined #openstack-keystone05:19
*** zhiyan is now known as zhiyan_05:25
*** henrynash has joined #openstack-keystone05:29
*** harlowja_away has quit IRC05:29
*** gokrokve has joined #openstack-keystone05:39
*** gokrokve_ has joined #openstack-keystone05:40
*** lbragstad has quit IRC05:43
*** gokrokve has quit IRC05:44
*** topol has quit IRC05:48
*** Guest__ has joined #openstack-keystone05:54
*** Guest__ is now known as bach05:55
*** bach is now known as bachng05:55
*** bachng has quit IRC05:57
*** Guest__ has joined #openstack-keystone05:58
openstackgerritJenkins proposed a change to openstack/keystone: Imported Translations from Transifex  https://review.openstack.org/8395506:00
*** Guest__ is now known as bach06:04
*** gokrokve_ has quit IRC06:07
*** bach has quit IRC06:13
*** Guest__ has joined #openstack-keystone06:18
*** Guest__ has quit IRC06:38
*** bvandenh has joined #openstack-keystone06:38
*** henrynash has quit IRC06:40
*** masoto has quit IRC06:57
*** marekd|away is now known as marekd06:59
*** chandankumar_ has joined #openstack-keystone06:59
*** saju_m has joined #openstack-keystone07:12
*** leseb has joined #openstack-keystone07:23
*** chandankumar_ has quit IRC07:23
*** mberlin has quit IRC07:34
*** mberlin has joined #openstack-keystone07:45
*** marcoemorais has quit IRC07:50
*** henrynash has joined #openstack-keystone07:54
*** zhiyan_ is now known as zhiyan07:56
*** d0ugal has joined #openstack-keystone08:06
*** henrynash has quit IRC08:23
*** henrynash has joined #openstack-keystone08:30
*** henrynash has quit IRC08:32
*** wchrisj has quit IRC08:33
*** wchrisj has joined #openstack-keystone08:33
openstackgerritMarek Denis proposed a change to openstack/keystone: List all forbidden attributes in the request body.  https://review.openstack.org/8438908:55
*** saju_m has quit IRC09:56
openstackgerritMarek Denis proposed a change to openstack/keystone: List all forbidden attributes in the request body.  https://review.openstack.org/8438909:58
*** leseb has quit IRC10:04
*** saju_m has joined #openstack-keystone10:10
*** jaosorior has joined #openstack-keystone10:12
*** saju_m has quit IRC10:14
*** leseb has joined #openstack-keystone10:17
jaosoriorHello10:18
jaosoriorI have a fix for this bug https://bugs.launchpad.net/keystone/+bug/1278738 but I found that I could also refactor some of the code from the create_trust function in keystone/trust/controllers.py to improve readability. If you guys agree that it is a good idea, should I open a separate bug for that?10:20
uvirtbotLaunchpad bug 1278738 in keystone "trusts in keystone fail in driver when impersonation is not provided" [Undecided,New]10:21
*** mberlin has quit IRC10:28
*** mberlin has joined #openstack-keystone10:30
*** saju_m has joined #openstack-keystone10:30
*** saju_m has quit IRC10:35
*** saju_m has joined #openstack-keystone10:36
*** chandankumar_ has joined #openstack-keystone10:39
*** saju_m has quit IRC10:40
*** saju_m has joined #openstack-keystone10:41
jamielennoxjaosorior: don't worry about a bug for just a refactor like that - if you have it submit it for review10:46
jaosorioralright10:47
jaosoriorthanks10:47
*** jamielennox is now known as jamielennox|away10:49
*** d0ugal has quit IRC10:51
*** chandankumar_ has quit IRC10:55
*** chandankumar_ has joined #openstack-keystone11:13
*** saju_m has quit IRC11:38
*** david-lyle has quit IRC11:54
*** Chicago has quit IRC12:06
*** saju_m has joined #openstack-keystone12:11
*** saju_m has quit IRC12:14
*** saju_m has joined #openstack-keystone12:16
*** dstanek has joined #openstack-keystone12:31
openstackgerritJuan Antonio Osorio Robles proposed a change to openstack/keystone: Fix response for missing attributes in trust  https://review.openstack.org/8532712:34
openstackgerritMarek Denis proposed a change to openstack/python-keystoneclient: Fix base.CrudManager.put() method.  https://review.openstack.org/8502012:35
openstackgerritMarek Denis proposed a change to openstack/python-keystoneclient: Fix base.CrudManager.put() method.  https://review.openstack.org/8502012:39
*** askb_ has quit IRC12:43
*** d0ugal has joined #openstack-keystone12:46
*** d0ugal has joined #openstack-keystone12:46
*** chandankumar_ has quit IRC12:47
*** Fin1te has joined #openstack-keystone12:49
*** Fin1te has left #openstack-keystone12:51
dolphmayoung_ZZZzzz__: bknudson: ping me when one of ya'll has a chance to discuss https://bugs.launchpad.net/keystone/+bug/130210612:55
uvirtbotLaunchpad bug 1302106 in keystone "LDAP non-URL safe characters cause auth failure" [High,Triaged]12:55
*** saju_m has quit IRC12:57
*** henrynash has joined #openstack-keystone12:58
*** ayoung_ZZZzzz__ is now known as ayoung13:02
ayoungdolphm, hmmm13:03
ayoungdolphm, I'm not certain that CN="Doe, John" is right anyway13:03
ayoungI'd defer to some LDAP type folks that are smarter than me on that.  But assuming we have to support it anyway, it should not be too hard to reproduce13:04
ayoungI don't know if it is "Non URL Safe" that is the issue, in that the username is not passed as an URL parameter, but rather in the body of the JSON.  I suspect it is more string handling than anything else, in how the BaseLDAP builds the filter13:05
ayoungdolphm, on the same note, I want to backport the series of patches that John Dennis did for UTF-* characters and LDAP.  We have a requirement it ship it for a Havana based release.  I'm going to submit it for backport to Havana-Stable.13:07
ayoungI'm tempted to take his 4 patches and squash them into one.13:07
bknudsondolphm: It looks like its a failure to properly escape characters in the LDAP filter13:09
dolphmayoung: i think it's just that it's a comma, but yeah, the point is that we're not using http://www.python-ldap.org/doc/html/ldap-filter.html somewhere13:09
*** joesavak has joined #openstack-keystone13:10
*** d0ugal has quit IRC13:11
*** wchrisj is now known as wchrisj_13:14
*** d0ugal has joined #openstack-keystone13:15
ayoungdolphm, regarding your comment "you're introducing a new public method to the driver -- make it private"  is that OK to make private if it is used by a subclass?13:16
dolphmayoung: what subclass?13:17
ayoungdolphm, the endpoint_filter  sql_catalog13:17
dolphmayoung: can you fix the bug before rewriting everything?13:19
*** lbragstad has joined #openstack-keystone13:20
ayoungdolphm, well, when I changed the test to check the endpoint, it broke the test for filter.  I really need to make the change for botrh the baseclass and the subclass to fix the bug, otherwise filtered catalogs will have legacy_endpoint in them as well13:20
dolphmayoung: understood - so make that change carefully, and then refactor later in master13:20
dolphmayoung: the work you did isn't backportable as a single patch - it's too extensive13:20
*** topol has joined #openstack-keystone13:21
ayoungdolphm, really?13:22
ayoungbecuse it changes endpoint_filter as well?13:23
dolphmayoung: because you completely rewrote endpoint_filter and refactored the sql catalog backend13:23
ayoungdolphm, the endpoint filter code as it was written was wrong, and it was hard to see that it was wrong.  It duplicated logic that was done correctly in the baseclass, and duplicated it incorrectly.13:25
dolphmayoung: then you should track that work in a separate bug!13:25
dolphmayoung: we can't backport undocumented changes13:26
*** vhoward- has joined #openstack-keystone13:26
ayoungI'm fairly certain that if we look at the service catalog as produced by that there would be other problems.  But this fix is for "legacy_endpoint and enabled" and the refactoring makes it so that the fix applies across all  catalogs13:26
ayoungits relly not that big a change13:26
dolphmayoung: it's fine for master, but it's completely out of scope to be backported for the referenced bug13:27
ayoungdolphm, so do it as two changes:  one that fixes the bug, and then a second that is a refactor to remove the duplicated code?  OK13:29
dolphmayoung: ++ we'll backport the first one (even to stable/havana) and then the refactor can stay in master13:30
ayoungDeal13:30
ayoungdoes havana have the endpoint_filter bug?13:30
ayounger. extension?13:30
dolphmayoung: yes13:30
ayoungOK., then it should backport clean13:30
dolphmayoung: probably, it hasn't been touched since it landed afaik13:30
dolphmayoung: landed in havana-3 i think13:30
ayoungcool13:31
bknudsonldap.filter.escape_filter_chars('Doe, John') -> 'Doe, John'13:33
dolphmbknudson: really? lol13:33
bknudsonldap.filter.escape_filter_chars('Doe, John',1) -> 'Doe\\2c\\20John'13:33
bknudsonthe code looks like it's doing escape_filter_chars everywhere it needs to.13:34
dolphmbknudson: python -c "import ldap.filter; print ldap.filter.escape_filter_chars('John, Doe', escape_mode=1)"13:34
ayoungdolphm, bknudson do you ever get this when running tox?  http://paste.openstack.org/show/75081/  I ran  tox -epy27 -r  last night and it ran fine, then, to test in the venv, I ran activate then pip install nose.    Now  tox -epy27 fails with the above stack trace13:36
ayoungI'm not certain what file is missing13:36
bknudsonayoung: I haven't seen that one before.13:37
ayoungbknudson, I wonder if it is because I am running tox from within the venv...13:37
ayounglemme try it without13:37
dolphmayoung: that's new to me13:37
dolphmayoung: maybe it's trying to remove itself13:38
ayoungit looks like it.  I ran it from outside the venv and ...well, it is running13:38
dolphmayoung: i've never sourced a tox environment, i suppose13:39
ayoungdolphm, yeah, I think that is the problem here.  tox is itself a python program, so I suspect that running it with the venv active is messing it up.13:39
ayoungdolphm, I'm going to repost the patch.  I ran the failing tests for endpoint filter and they pass now.  I suspect we are good.  I'll keep the tox run going local, too, but it is slow13:40
ayoungdid the sqlite in memory fix go in, or is that Juno?13:40
jaosoriorHi, I uploaded a patch for a bug (https://review.openstack.org/85327) and got a Jenkins error for the environment py27. I ran the tests with that environment in my machine (before pushing, and after I saw the error) and the tests passed here. This is the output of the test in Jenkins http://paste.openstack.org/show/75082/ . Any ideas on how I may reproduce13:40
jaosoriorthis?13:40
dolphmayoung: it's in juno13:41
ayoungah, that is part of my problem...13:41
openstackgerritayoung proposed a change to openstack/keystone: Remove legacy_endpoint_id and enabled from service catalog  https://review.openstack.org/8514713:41
ayoungdolphm, I think you'll prefer ^^13:41
dolphmjaosorior: that looks like a transient error caused by concurrent test runners, which we just introduced to master13:41
ayounghttps://review.openstack.org/#/c/85147/1..3/keystone/contrib/endpoint_filter/backends/catalog_sql.py13:41
bknudsonldapsearch -LL -D cn=Manager,dc=openstack,dc=org -w pwd -s base -b "cn=Doe\\2c\\20John,ou=Users,dc=openstack,dc=org" --> dn: cn=Doe\2C John,ou=Users,dc=openstack,dc=org13:41
bknudsonso looks like the escaping works13:42
dolphmjaosorior: you could probably reproduce by running keystone.tests.test_revoke repeatedly13:42
*** d0ugal has quit IRC13:42
bknudsonoh, this is a filter.13:42
dolphmbknudson: what does the "oh" mean?13:42
bknudsonthe value allowed in a filter might be different than the dn13:43
dolphmayoung: is there an 'enabled' exposed for services too?13:43
*** bknudson has left #openstack-keystone13:43
*** bknudson has joined #openstack-keystone13:43
dolphmayoung: nevermind, doesn't look like it13:43
bknudsonldapsearch -LL -D cn=Manager,dc=openstack,dc=org -w pwd -s one -b "ou=Users,dc=openstack,dc=org" "(cn=Doe, John)" -> dn: cn=Doe\2C John,ou=Users,dc=openstack,dc=org13:43
bknudsonso that gets the user.13:43
dolphmayoung: did you see my comment about moving the new assertions in keystone/tests/test_v3.py ?13:44
bknudsonmaybe active directory is pickier13:44
dolphmbknudson: ++ probably so13:44
bknudsonldapsearch -LL -D cn=Manager,dc=openstack,dc=org -w ofs5dac -s one -b "ou=Users,dc=openstack,dc=org" "(cn=Doe\\2c\\20John)" -> returns the user13:45
dolphmbknudson: that's escape_mode=1 ?13:45
bknudsonso looks like openldap also accepts the escaped filter13:45
jaosoriordolphm, so, how could I get Jenkins to run the tests again?13:47
dolphmjaosorior: file a bug against keystone with the stack trace you saw, note that it was a transient error in the bug report, and then leave a comment on the review with just "recheck bug <the bug number you created>"13:49
jaosoriorthanks13:51
dolphmayoung: and why do you need to "Bypass the check for XML" ?13:52
*** richm has joined #openstack-keystone13:54
*** derek_c has joined #openstack-keystone13:57
marekddstanek: LOL, as usual, 1 line of fixes and 100 of tests, new hierarchy etc :P13:59
dstanekmarekd: gotta love testing :-)14:00
marekddstanek: now even saying I wasted ~1.5h trying to use self.assertRaisesRegexp and compare messages from the raised exception...and failed :P14:01
marekdwhich is strange, as the text is identical and the only difference I could find was comparision of str vs. unicode.14:02
marekd dstanek which was resulting in True when I checked it on the normal interpreter.14:02
dstanekmarekd: i've never tried that before, but you said regexp so i understand14:03
marekddstanek: so please just don't -1 for not comparing exception messages and we all will be happy.14:05
marekddstanek: i am now making the changes to address your comments.14:05
dstanekmarekd: i wouldn't do that to you!14:07
*** d0ugal_ has joined #openstack-keystone14:07
ayoungdolphm, when you said "assert against service_id" do you mean something like self.assertEqual(service['id'], endpoint['service_id'])14:11
ayoungif so, I can't do that.  service_id has been removed from the endpoint14:11
dstanekbknudson: looking at https://review.openstack.org/#/c/75708 - is that to replace the ones generated by sphinx?14:13
bknudsondstanek: that should be a WIP... seems like it lost it when I restored14:14
bknudsondstanek: this will be the input to sphinx14:14
dstanekbknudson: ah ok - i'm move on to the next review then14:15
openstackgerritMarek Denis proposed a change to openstack/keystone: List all forbidden attributes in the request body.  https://review.openstack.org/8438914:17
marekddstanek: ^^14:17
*** d0ugal_ is now known as d0ugal14:18
*** ayoung has quit IRC14:18
dstanekmarekd: nice, i'll take a look after this meeting14:18
marekddstanek: no problem, take your time.14:18
*** d0ugal is now known as d0ugal_14:19
*** d0ugal_ is now known as d0ugal14:19
*** d0ugal has joined #openstack-keystone14:19
*** thedodd has joined #openstack-keystone14:26
*** saju_m has joined #openstack-keystone14:31
dstanekbknudson: i didn't mockpatch existed in oslotest - i'll make a second patch to change the import14:31
*** saju_m has quit IRC14:34
*** saju_m has joined #openstack-keystone14:35
*** stevemar has joined #openstack-keystone14:37
*** vhoward- has left #openstack-keystone14:38
*** david-lyle has joined #openstack-keystone14:38
bknudsondolphm: my active directory server also accepted "(cn=Doe, John)" filter -- didn't need to escape the ,14:40
bknudsondolphm: also, looks like the exception is raised by the python-ldap library and not as a response from the server.14:41
dolphmbknudson: so you weren't able to reproduce?14:43
*** browne has joined #openstack-keystone14:43
bknudsondolphm: I wasn't able to reproduce it14:44
bknudsondolphm: I'm not running on ubuntu cloud ... don't know what python-ldap that's using.14:44
dolphmbknudson: i was just trying to figure out what was in use14:45
dolphmbknudson: the bug report was from a stable/havana deployment14:45
bknudsondolphm: I should try my python-ldap... I was just using the command-line.14:45
dolphmbknudson: they could have been using 2.4.13 (released july 2013) versus the latest (2.4.15)14:46
dolphmi doubt that would have changed between the two14:46
*** gokrokve has joined #openstack-keystone14:48
*** topol has quit IRC14:50
dolphmbknudson: could try 2.3.13 i suppose (packaged in precise)14:50
bknudsonno complaints from ldap_.search_s('ou=Users,dc=openstack,dc=org', ldap.SCOPE_ONELEVEL, '(cn=Doe, John)')14:56
openstackgerritDavid Stanek proposed a change to openstack/keystone: Ignore broken endpoints in get_v3_catalog  https://review.openstack.org/8152714:56
dolphmbknudson: thanks for investigating... i untargeted rc2, and left it as rc-potential for now14:57
dolphmbknudson: should probably reduce the priority to medium as well?14:57
bknudsonone more try -- create a user in keystone and try to set its id14:57
bknudsondolphm: I think I recreated it... had to run in keystone15:04
*** jsavak has joined #openstack-keystone15:04
bknudsonkeystone --os-username john --os-password=blkpwd token-get -- {'desc': 'Bad search filter'}15:04
dolphmbknudson: so john is the _name / sAMAccountName and _id is cn with comma there?15:05
bknudsondolphm: I'll need to start up the debugger.15:05
bknudsonor maybe I could just look at the debug15:06
dolphmbknudson: i wonder if we're really butchering something then :-/15:06
bknudson(&(&(objectClass=groupOfNames)(member=cn=Doe\, John,ou=Users,dc=openstack,dc=org))(objectClass=groupOfNames))15:06
dolphmbknudson: that's raising the bad search filter?15:07
bknudsondolphm: looks like it... ldapsearch also doesn't like it15:07
*** joesavak has quit IRC15:07
bknudsonit doesn't mind "(&(&(objectClass=groupOfNames)(member=cn=Doe, John,ou=Users,dc=openstack,dc=org))(objectClass=groupOfNames))" (remove the \ from the ,)15:08
dolphmbknudson: ha15:08
dolphmbknudson: where are we inserting the \ ?15:08
bknudsonhttp://git.openstack.org/cgit/openstack/keystone/tree/keystone/identity/backends/ldap.py#n33115:13
bknudsonit's building a filter and it's not escaping there... maybe that's it.15:13
dolphmbknudson: would it be escaped by _id_to_dn() already?15:14
bknudsonthe dn shouldn't be escaped, but it has to be escaped for the filter15:15
bknudsonit's easy to add the filter escape, but I'll have to look into the _id_to_dn also.15:15
bknudsonwell, I'm able to get a token15:17
bknudsonescaping the user_dn in list_user_groups()15:17
dolphmbknudson: what's the diff?15:18
bknudson(&(&(objectClass=groupOfNames)(member=cn=Doe\5c, John,ou=Users,dc=openstack,dc=org))(objectClass=groupOfNames))15:18
bknudsonweird15:18
dolphmwtf15:18
bknudsonit's getting the right roles15:19
dolphmbknudson: does python-ldap have an unescape method?15:20
bknudsonthe dn shouldn't be escaped... I'll see what id_to_dn is doing15:20
marekdstevemar: https://review.openstack.org/#/c/84389/8/keystone/tests/test_v3_controller.py line 52: you want to move """ from line 52 to line 51 ?15:21
dolphmbknudson: http://www.python-ldap.org/doc/html/ldap-dn.html#ldap.dn.escape_dn_chars15:21
dolphmmarekd: i think he's just saying you can use a """one line docstr"""15:21
stevemarmarekd, if you can15:22
stevemardolphm, knows what i means15:22
marekdstevemar: yeah, i am blind today....15:22
stevemarmarekd, happens :)15:22
marekdthanks dolphm15:22
stevemarmarekd, """one line docstr""" no period at the end of the sentence15:23
dolphmmarekd: regarding being blind http://www.ted.com/talks/chris_hadfield_what_i_learned_from_going_blind_in_space15:23
stevemarmarekd, no issues, it's a friday after all15:23
stevemardolphm, saw that one, it's awesome, anything hadfield is awesome15:23
marekdsounds like good recommendation to watch it.15:25
*** ilives has quit IRC15:25
dstanekhas anyone seen this error? http://logs.openstack.org/50/84050/5/gate/gate-keystone-python26/205fc03/console.html15:26
dstanekmaybe another parallel issue?15:27
marekdstevemar: actually I was not sure about that 'no period': tox -epep8 -> ./keystone/tests/test_v3_controller.py:24:1: H402  one line docstring needs punctuation.15:27
dolphmdstanek: ++ jaosorior ran into something similar http://paste.openstack.org/show/75082/15:27
dolphmmarekd: we don't enforce that15:28
*** browne has quit IRC15:28
dolphmmarekd: and in fact, there's probably more preference against it15:28
dolphmmarekd: just like you wouldn't put a period in an email's subject line15:28
marekddolphm: so pep8 tests are different on gerrit from my local tests ?15:29
marekddifferent on gerrit and my local machine? ***15:29
stevemaryeah, the exceptions are in tox.ini15:30
stevemarmarekd, https://github.com/openstack/keystone/blob/master/tox.ini#L3915:30
dstanekdolphm: looks like it's been reported by stevemar - https://bugs.launchpad.net/keystone/+bug/130058115:30
stevemarrun it using flake815:30
uvirtbotLaunchpad bug 1300581 in keystone "test_revoke.RevokeTreeTests.test_cleanup fails" [Critical,Triaged]15:30
stevemardstanek, yes, it's been creeping up more and more lately15:31
dolphmmarekd: they shouldn't be! tox -e pep8 should be identical, and even running flake8 locally should pickup config from tox.ini15:31
dstanekmarekd: unless you have older pep8, hacking, etc15:31
dolphmdstanek: ooh, that is the same one. thanks!15:31
dstanekyou can 'tox -re pep8' to recreate your venv15:31
dstanekdolphm, stevemar, morganfainberg_Z: is anyone working on that already?15:32
dolphmdstanek: no15:32
stevemardstanek, afaik, no15:32
stevemardolphm, i think it merits some investigation now, thats 4 rechecks in 3 days15:33
stevemardstanek, bknudson found a similar one, but it complained about keystoneclient tests15:33
dstanekstevemar: i think i'm going to look at it now15:33
marekddstanek: tox.ini also includes that 'ignore period warning' thing. so maybe my venv is old.15:33
dstanekmarekd: recreate it just to be safe. only takes a min or two15:34
marekddstanek: of course.15:34
marekddstanek: thanks15:34
*** saju_m has quit IRC15:35
marekdo, now it worked :P15:35
dolphmdstanek: should neither of the patches on https://bugs.launchpad.net/keystone/+bug/1230279 be Closes-Bug?15:36
uvirtbotLaunchpad bug 1230279 in keystone "malformed endpoint URLs are destroying the API" [Medium,In progress]15:36
bknudsondolphm: looks like the query is correct... it's able to find the user in the group15:36
bknudsonu'(&(objectClass=groupOfNames)(member=cn=Doe\\5c, John,ou=Users,dc=openstack,dc=org))'15:36
bknudson[{'id': u'4ce1790d07aa44e7aac63daae199943b', 'name': u'blkgrp'}]15:36
bknudsonI added john to the group15:36
dolphmbknudson: that's the strangest looking escape / encoding syntax i've ever seen15:37
*** d0ugal has quit IRC15:38
openstackgerritDolph Mathews proposed a change to openstack/keystone: Remove legacy_endpoint_id and enabled from service catalog  https://review.openstack.org/8514715:38
dolphmayoung: ^15:38
dolphmstevemar: review? https://review.openstack.org/#/c/85147/15:39
marekdstevemar: dolphm: wait a sec, the pep8 failed again with (I guess?) the error H402, whereas the link from stevemar mentioned ignoring H803 and the comment says: "Commit message should not end with a period"15:41
*** kun_huang has joined #openstack-keystone15:43
openstackgerritDavanum Srinivas (dims) proposed a change to openstack/keystone: enable multiple keystone-all worker processes  https://review.openstack.org/8539515:46
*** kun_huang has quit IRC15:47
openstackgerritMarek Denis proposed a change to openstack/keystone: List all forbidden attributes in the request body.  https://review.openstack.org/8438915:53
*** marekd is now known as marekd|away15:54
openstackgerritBrant Knudson proposed a change to openstack/keystone: Fix invalid LDAP filter for user ID with comma  https://review.openstack.org/8540215:57
*** joesavak has joined #openstack-keystone15:59
*** jsavak has quit IRC16:00
*** RockKuo_TW has quit IRC16:01
*** gokrokve has quit IRC16:06
bknudsonI'm working on a unit test for ^ -- not sure if our FakeLdap can handle it.16:09
openstackgerritA change was merged to openstack/keystone: Reduce environment logging  https://review.openstack.org/8239116:14
dstaneki don't see how this test_cleanup failure can be a parallel tests problem - it's not using the DB or anything shared from what i can tell16:24
openstackgerritSteve Martinelli proposed a change to openstack/keystone: List all forbidden attributes in the request body.  https://review.openstack.org/8438916:25
stevemardstanek, you think it's something else?16:28
*** leseb has quit IRC16:31
dstanekstevemar: i don't have any idea what because i can't reproduce, but i can't see how it couldn't be something else16:33
*** topol has joined #openstack-keystone16:36
*** chandankumar_ has joined #openstack-keystone16:42
stevemardstanek, double negatives everywhere16:42
stevemardstanek, but i hear ya :)16:42
dstanekstevemar: :-) that's what happens when you keep editing the same line before sending16:42
dstanekstevemar: that test class is testing RevokeTree which keeps it's own instance state and isn't using a db or shared resource16:43
dstanekstevemar: this line is curious thought - Adding cache-proxy 'keystone.tests.test_cache.CacheIsolatingProxy' to backend.16:45
*** Guest__ has joined #openstack-keystone16:48
openstackgerritDavanum Srinivas (dims) proposed a change to openstack/keystone: enable multiple keystone-all worker processes  https://review.openstack.org/8539516:53
*** Guest__ has quit IRC16:54
*** browne has joined #openstack-keystone16:59
*** gokrokve has joined #openstack-keystone17:00
*** harlowja has joined #openstack-keystone17:04
*** marcoemorais has joined #openstack-keystone17:04
openstackgerritDavanum Srinivas (dims) proposed a change to openstack/keystone: enable multiple keystone-all worker processes  https://review.openstack.org/8539517:07
*** chandankumar_ has quit IRC17:09
*** leseb has joined #openstack-keystone17:32
*** leseb has quit IRC17:37
*** marcoemorais has quit IRC17:40
*** marcoemorais has joined #openstack-keystone17:41
dolphmthird review appreciated on https://review.openstack.org/#/c/85147/ since i refactored the tests in the most recent patchset!17:42
*** zhiyan is now known as zhiyan_17:42
*** morganfainberg_Z is now known as morganfainberg17:45
morganfainbergdolphm, +217:48
dolphmmorganfainberg: thanks!17:48
morganfainbergdolphm, didn't +A though,17:51
morganfainbergdolphm, wasn't sure if you wanted approved or not.17:51
dolphmmorganfainberg: go for it17:52
morganfainbergdolphm, done.17:52
dolphmmorganfainberg: i was about to propose a backport17:52
morganfainbergapproved!17:52
dstanekmorganfainberg: i really like to see this '+0, -229'17:53
morganfainbergdstanek, hehe17:53
dolphmdstanek: ++!17:53
dstanekis it OK to remove that deprecated stuff now?17:53
morganfainbergdstanek, the assignment proxy stuff, yes. it has an erroneously deleted whitespace line in it though17:54
morganfainbergdstanek, bknudson pointed it out. artifact from the rebase.17:54
dolphmdstanek: i think so, there wasn't much we targeted for removal in juno17:54
*** derek_c has quit IRC17:54
morganfainbergdstanek, i'll fix that here in a moment.17:54
dstanekmorganfainberg: that would be awesome17:55
dstanekdolphm: i was thinking the same; particularly because these object would have been used by plugins/programmers and not operators17:56
bknudsonseems like keystone should be picking the attributes from service catalog to put in the token catalog...17:56
bknudsonrather than removing things that show up in there17:56
openstackgerritMorgan Fainberg proposed a change to openstack/keystone: Remove assignment proxy methods/controllers  https://review.openstack.org/8321917:56
dolphmbknudson: yeah, that's how services are built for v3... i'd like to apply that to v3 endpoints next17:56
morganfainbergdstanek, ^ whitespace change fixed.17:56
dolphmwe should also remove the empty 'extras' dict that was stuffed into the v3 token for absolutely no reason17:57
bknudsonthe 'extras' was what I was wondering about17:57
dolphmbknudson: no use case.17:57
morganfainbergdolphm, bknudson, don't we have a non-extras sqlbase now?17:58
bknudsonyes, finally17:58
dolphmmorganfainberg: yes17:58
morganfainbergwe should be moving (it sounds like) the endpoints to that.17:58
morganfainbergor uhm. service... or whichever17:58
*** marcoemorais has quit IRC17:58
dolphmmorganfainberg: 'extras' in the v3 token isn't coming from an 'extras' column17:58
morganfainbergoh17:58
morganfainbergOH. v3 token extras17:58
* morganfainberg facepalms17:58
bknudsonoh, I was thinking about the extras in endpoints17:59
bknudsonI expect those would wind up in the token catalog17:59
dolphmbknudson: they would, if any17:59
*** wchrisj_ has quit IRC17:59
*** wchrisj has joined #openstack-keystone17:59
*** openstackgerrit has quit IRC18:01
*** openstackgerrit has joined #openstack-keystone18:01
*** marcoemorais1 has joined #openstack-keystone18:02
*** marcoemorais1 has quit IRC18:02
*** marcoemorais1 has joined #openstack-keystone18:03
*** Gue______ has joined #openstack-keystone18:07
*** marcoemorais1 has quit IRC18:12
dolphmbknudson: left a question on https://review.openstack.org/#/c/85402/18:13
*** morganfainberg is now known as morganfainberg_Z18:14
bknudsondolphm: I'm working on a test, but our FakeLDAP doesn't handle DNs correctly (specifically a DN with a , in an attribute value)18:16
dolphmbknudson: figures :P18:16
openstackgerritA change was merged to openstack/keystone: Add slowest output to tox runs (testr)  https://review.openstack.org/7942218:17
bknudsondolphm: it's the regex here: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/fakeldap.py#n40218:17
richmjdennis wrote a DN class for IPA for this and many other reasons - DN handling is "hard"18:18
dolphmskrillex is running for PTL of cinder :D18:18
dolphmrichm: this is why i prefer integration testing over mocksing every time!18:19
* dolphm is wondering where that s came from18:20
richmmocking ldap is "hard"18:20
dstanekrichm, dolphm: part of the reason that it's hard is because we are over mocking18:22
*** marcoemorais has joined #openstack-keystone18:22
dolphm"don't we test for this?" "yes, but our mock code had a bug in it." "we should test the mock." #goinginthewrongdirection18:22
bknudsonthere's a fakeldap package -- https://pypi.python.org/pypi/fakeldap/0.5.118:22
bknudsonmaybe it's better18:22
dstaneki think in many cases like ldap we should just be checking that we conform to the ldap library interface and not worry so much about all of the details18:22
dolphmbknudson: whoa18:22
bknudson"This code is still experimental and not very tested as of yet. So is the documentation"18:23
bknudsonhttps://pypi.python.org/pypi/dataflake.fakeldap/1.118:23
dolphmbknudson: Development Status :: 2 - Pre-Alpha18:23
*** vhoward- has joined #openstack-keystone18:24
richmI see split('=') and split(',') so probably not18:24
*** vhoward- has left #openstack-keystone18:26
*** vhoward- has joined #openstack-keystone18:30
openstackgerritRaildo Mascena de Sousa Filho proposed a change to openstack/keystone: Filter User by project  https://review.openstack.org/8413618:33
*** leseb has joined #openstack-keystone18:33
*** Gue______ has quit IRC18:36
*** morganfainberg_Z is now known as morganfainberg18:37
*** ayoung has joined #openstack-keystone18:37
*** leseb has quit IRC18:37
openstackgerritPriti Desai proposed a change to openstack/keystone: Adding one more check on project_id  https://review.openstack.org/8519918:38
*** Gue______ has joined #openstack-keystone18:40
ayoungdolphm, you realize you removed the part of the test that showed that endpoint_filtering was broken?18:44
dolphmayoung: ?18:45
ayoungdolphm, the change in the test18:45
ayounghttps://review.openstack.org/#/c/85147/3..4/keystone/tests/test_v3.py18:45
ayoungI realize I didn't post my response before disappearing18:46
ayoungthe XML marshalling is broken18:46
ayoungthat is why: #Bypass the check for XML   is done on a string type18:46
dolphmayoung: i kept that, i just inverted the condition from testing for a string, which is just a coincidence, to conditionally executing if it's a list18:46
ayoungservice needs to be something other than string to have endpoints contained.  I was about to run another test in the debugger to see what XML puts in there18:46
ayoungdolphm, am I reading the patch wrong?  Let me look again.  I though that check was just gone18:47
dolphmayoung: it's a "string" because service is actually a key that you're looking at18:47
ayoungdolphm, ah, you moved it to https://review.openstack.org/#/c/85147/4/keystone/tests/test_v3.py18:48
ayoungOK...I like that18:48
ayoungI just looked at the v3 v4 diff and it didn't show that for some reason...another reason not to 100% trust gerrits diffs of patches.  OK,  Looks good18:48
dolphmayoung: <service name="foobar"><endpoint url="abc" interface="public"></service> is being converted to 'catalog': {'service': {'name': 'foobar', 'endpoint': {'url': 'abc', 'interface': 'public'}}18:49
dolphmyou can only have one service and one endpoint - i think it's an unhandled pattern in the xml translation middleware18:49
openstackgerritBrant Knudson proposed a change to openstack/keystone: Fix invalid LDAP filter for user ID with comma  https://review.openstack.org/8540218:50
ayoungdolphm, I suspect that what we will want to do is adopt WSME's marshalling for the XML fix instead of trying to do it ourselves. I'm OK with that18:50
bknudsonI wonder how long the xml has been broken18:51
dolphmbknudson: if it's not tested i guarantee it's broken18:51
dolphmbknudson: so: forever.18:51
ayoungbknudson, when was the spec written.  Bah-dump bump crash.18:51
bknudsonmaybe it's just because they haven't been using v3 in general18:51
*** rwsu has quit IRC18:57
*** marcoemorais has quit IRC19:06
*** chenxu has joined #openstack-keystone19:06
*** marcoemorais has joined #openstack-keystone19:06
*** marcoemorais has quit IRC19:07
chenxuhey folks… just curious, if there a way for an admin user to obtain a token as another user?19:07
*** marcoemorais has joined #openstack-keystone19:07
chenxubasically, I want an admin user to be able to create VMs for a particular user/tenant19:08
chenxunot sure if there is a good way of doing so19:08
*** rwsu has joined #openstack-keystone19:13
*** Gue______ has quit IRC19:22
dolphmchenxu: the admin would either have to reset the user's credentials and authenticate normally, or the user would have to explicitly create a trust with the admin allowing impersonation19:24
*** leseb has joined #openstack-keystone19:24
dolphmchenxu: if you only care about tenancy (which it sounds like you should, as the identity shouldn't matter there), then the admin can assign themselves the appropriate role(s) on that tenant, do the work, and revoke the assignment if necessary19:24
bknudsonthere's an ldap.filter.escape_filter_chars but I don't see an unescape_filter_chars19:26
*** chenxu has quit IRC19:27
*** leseb has quit IRC19:28
dolphmbknudson: i figure the client might not have reason to unescape things, but i wanted to play with it if it was there19:28
dolphmbknudson: +219:30
dolphmdstanek: https://review.openstack.org/#/c/85402/19:30
bknudsonI'm thinking it's not worth it to try to get fakeldap to make this testable19:31
bknudsonwell, let me think about it some more.19:31
bknudsonmaybe I'll just skip mucking with the dn if we can't parse the dn.19:32
openstackgerritA change was merged to openstack/keystone: Replace all use of mox with mock  https://review.openstack.org/8405019:33
dolphmbknudson: i agree, it'd be nice to have for master though19:34
dolphmbknudson: proposed backports btw https://review.openstack.org/#/q/Ib4886e66af0e979fcf23a84bcd51b07034547cb9,n,z19:35
*** topol has quit IRC19:35
bknudsondolphm: why no (cherry-picked) in the backports?19:37
dolphmbknudson: git ready milestone-proposed && git review -x 85402 && git review milestone-proposed # shrug19:38
*** dstanek has quit IRC19:38
*** elmiko has joined #openstack-keystone19:39
bknudsondolphm: use -X rather than -x19:39
elmikohey all, i'm doing some work with openstack-sahara and i'm running into an issue with a keystone endpoint. where might i find the v3 api?19:39
bknudson"not recommended in most situations" -- not sure why it says that.19:39
dolphmbknudson: *reading*19:39
bknudsonelmiko: here's the spec: https://github.com/openstack/identity-api/blob/master/openstack-identity-api/v3/src/markdown/identity-api-v3.md19:40
elmikobknudson: tyvm :)19:40
*** jaosorior has quit IRC19:40
dolphmbknudson: -x be aware: if you are not careful, this can easily result in additional patch sets for dependent changes.19:40
*** morganfainberg is now known as morganfainberg_Z19:42
dolphmbknudson: i think i just want -x because i don't want a new branch created either (git ready creates a untracked/disposable branch)19:42
bknudsondolphm: the only diff with -X should be that it adds the (cherry-picked) ?19:43
dolphmbknudson: just tried it, i end up untracked as well. -X will also pull a change without its dependent reviews, potentially breaking it19:44
bknudsondolphm: -x does more?19:44
openstackgerritA change was merged to openstack/keystone: Remove legacy_endpoint_id and enabled from service catalog  https://review.openstack.org/8514719:45
dolphmbknudson: this is what i'm reading http://pasteraw.com/chldonzbj7q4muvifhdykikx9j4r3l119:45
dolphmbknudson: from man git-review19:45
*** dstanek has joined #openstack-keystone19:46
dolphmbknudson: i think you're right, the help text just needs to be updated. they shouldn't be copy/pasted and out of sync19:46
bknudsonI think it's just saying that a cherry-pick doesn't create a branch like "review/dolph_mathews/(detached"19:48
*** Gue______ has joined #openstack-keystone19:48
dstanekdolphm: i don't know much about ldap, but that change looks fine to me19:48
elmikois there an endpoint "v3/tokens"?19:48
bknudsonelmiko: v3/auth/tokens19:49
dolphmelmiko: /v3/auth/tokens19:49
elmikohmm, i'm getting an error with keystoneclient.sessions trying to POST to "v3/tokens", could that be coming from sahara?19:49
dstanekmy next-review list for openstack/keystone keep shrinking!19:50
bknudsonnext feature for next-review and maybe reviewday is to know about the dependencies between reviews.19:51
dolphmbknudson: why is this wip? https://review.openstack.org/#/c/84912/19:53
dolphmbknudson: ++19:53
bknudsondolphm: marekd|away (I think) has a review that just removes the code...19:53
bknudsondolphm: https://review.openstack.org/#/c/84952/19:54
*** morganfainberg_Z is now known as morganfainberg20:00
dolphmbknudson: isn't the federation controller already using it's own version of this?20:01
bknudsondolphm: I think it was moved up so that it could be used otherwise.20:01
bknudsonused in other places.20:01
dolphmbknudson: right, i'd rather use it in more places i suppose20:01
dolphmbknudson: and delete the one in contrib.federation20:02
dolphmalthough it must not be called check_required_params20:02
bknudsonI think we should switch to the same technique that nova uses -- they have jsonschema20:03
*** chenxu has joined #openstack-keystone20:03
dolphmdstanek: this done broke https://review.openstack.org/#/c/81527/20:05
dolphmbknudson: ++ i've been wanting jsonschema forever20:05
chenxudolphm: I wonder if the admin can simply use its token to post to compute API v2/{tenant_id}/servers20:06
chenxudolphm: maybe nova won’t check if a user belongs to the tenant as long as it’s an admin?20:06
dolphmchenxu: if so, i wouldn't rely on that behavior20:07
chenxudolphm: I hope this is configurable in policy.json20:07
*** erecio has joined #openstack-keystone20:07
dstanekdolphm: i thought it may have failures and was waiting to rebase it on my mox commit that just merged20:08
dstanekdolphm: i didn't expect the failures to look like that though20:08
chenxudolphm: I mean, if admin can add itself to the tenant anyway, why not allow it to perform in that tenant in the first place20:08
dolphmchenxu: that's an authorization question that falls on the individual services to answer (nova, in this case); keystone's answer is to provide the appropriate authorization data for nova to make explicit decisions via policy.json :)20:09
nkinderayoung: how big of a size reduction did you see with your changes to remove the legacy endpoint ID from the tokens?20:10
chenxudolphm: cool, thanks!20:11
dstanekdolphm: ah, it looks like my rebase onto jamie's change was a bad merge20:11
*** erecio has quit IRC20:14
*** erecio has joined #openstack-keystone20:14
ayoungbknudson, nkinder each endpoint went from 800 bytes to 400, I think....X about 8....maybe 3K?20:15
ayoungnkinder, I'm about to compate20:15
ayoungcompare20:15
*** morganfainberg is now known as morganfainberg_Z20:15
*** Gue______ has quit IRC20:17
ayoungnkinder, last one I fetched was 6798  after applying the fix20:19
ayounglemme try again without it20:19
*** erecio has quit IRC20:20
*** erecio has joined #openstack-keystone20:21
*** leseb has joined #openstack-keystone20:24
openstackgerritBrant Knudson proposed a change to openstack/keystone: Add tests for user ID with comma  https://review.openstack.org/8547820:25
*** chenxu has quit IRC20:26
bknudsonyou won't be impressed with the change to fakeldap.20:26
bknudsonor you will be impressed by my laziness20:27
*** leseb has quit IRC20:29
dolphmbknudson: lazy works for me20:32
*** Guest___ has joined #openstack-keystone20:34
dolphmbknudson: that self.db stuff is nasty20:35
*** afaranha has quit IRC20:38
bknudsonthe tests didn't work... need to do some encoding/decoding20:38
*** raildo has quit IRC20:38
*** Guest___ has quit IRC20:38
*** afaranha has joined #openstack-keystone20:42
*** afaranha has quit IRC20:47
*** chenxu has joined #openstack-keystone20:48
*** afaranha has joined #openstack-keystone20:51
dolphmjust went through a bunch of bugs and added official tags to them as necessary... it seems most of our bug reports are against the ldap driver20:52
dolphmand i tried to populate this tag a bit https://bugs.launchpad.net/keystone/+bugs?field.tag=performance20:52
*** elmiko has left #openstack-keystone20:53
*** erecio has quit IRC20:54
dolphmi've been asked a few times about small ways to improve performance - it'd be nice to have more reports for known performance bottlenecks. (like a lot of things) those end up being cultural knowledge rather than documented anywhere20:54
*** dstanek has quit IRC20:56
*** afaranha has left #openstack-keystone20:58
*** chenxu has quit IRC20:58
*** florentflament has quit IRC21:00
bknudsonfetching the service catalog from the db every time is not the fastest.21:01
bknudsonwell, building the service catalog from the db21:01
*** florentflament has joined #openstack-keystone21:02
openstackgerritBrant Knudson proposed a change to openstack/keystone: Add tests for user ID with comma  https://review.openstack.org/8547821:04
ayoungdolphm, what is the magic incantation to push something for backport review again?21:06
ayoungI thought it was git push gerrit HEAD:refs/for/milestone-proposed21:07
*** ayoung is now known as ayoung-afk21:10
*** joesavak has quit IRC21:11
openstackgerritBrant Knudson proposed a change to openstack/python-keystoneclient: Prefer () to continue line per PEP8  https://review.openstack.org/8401021:12
dolphmayoung-afk: git review milestone-proposed21:12
*** chenxu has joined #openstack-keystone21:14
openstackgerritA change was merged to openstack/keystone: Remove assignment proxy methods/controllers  https://review.openstack.org/8321921:16
*** leseb has joined #openstack-keystone21:25
*** chenxu has quit IRC21:26
*** chenxu has joined #openstack-keystone21:29
*** chenxu has quit IRC21:29
*** leseb has quit IRC21:29
*** david-lyle has quit IRC21:40
*** stevemar has quit IRC22:13
*** thedodd has quit IRC22:22
*** dstanek has joined #openstack-keystone22:23
*** leseb has joined #openstack-keystone22:26
*** leseb has quit IRC22:30
openstackgerritBrant Knudson proposed a change to openstack/keystone: Convert test_backend_ldap to config fixture  https://review.openstack.org/8550922:40
openstackgerritBrant Knudson proposed a change to openstack/keystone: Allow any attributes in mapping  https://review.openstack.org/8104022:40
openstackgerritBrant Knudson proposed a change to openstack/keystone: Include extra attributes in list results  https://review.openstack.org/8104122:40
openstackgerritBrant Knudson proposed a change to openstack/keystone: Enhance tests for user extra attribute mapping  https://review.openstack.org/8104622:40
*** gokrokve has quit IRC22:44
openstackgerritA change was merged to openstack/keystone: Fix invalid LDAP filter for user ID with comma  https://review.openstack.org/8540222:45
*** dstanek has quit IRC22:49
*** henrynash has quit IRC22:52
*** dstanek has joined #openstack-keystone22:53
*** Fin1te has joined #openstack-keystone22:55
openstackgerritBrant Knudson proposed a change to openstack/keystone: Use oslo.test mockpatch  https://review.openstack.org/8396822:55
*** jaosorior has joined #openstack-keystone23:01
bknudsondstanek: pep8 1.5.3 can enforce space after a '#' in a comment23:06
dstanekbknudson: nice, i'll test that out and adjust my changeset23:17
dstanekbknudson: i just got finished adding the noqa support to address your comments23:18
*** gokrokve has joined #openstack-keystone23:23
*** topol has joined #openstack-keystone23:26
*** leseb has joined #openstack-keystone23:27
*** derek_c has joined #openstack-keystone23:28
*** leseb has quit IRC23:31
nkindercan anyone explain the purpose of hash_ldap_user_password()?23:35
nkinderit looks like we call it in the LDAP identity backend for create and update, but I don't really understand why23:36
*** dstanek has quit IRC23:37
*** serverascode has joined #openstack-keystone23:39
*** dstanek has joined #openstack-keystone23:39
*** browne has quit IRC23:42
*** Fin1te has quit IRC23:55
« Thursday, 2014-04-03 Index Saturday, 2014-04-05 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!