Thursday, 2015-08-27

« Wednesday, 2015-08-26 Index Friday, 2015-08-28 »
*** sigmavirus24 is now known as sigmavirus24_awa00:06
openstackgerritMerged openstack/keystone: Use wsgi_scripts to create admin and public httpd files  https://review.openstack.org/19444200:08
*** jasonsb has quit IRC00:08
*** r-daneel has joined #openstack-keystone00:09
*** HT_sergio has quit IRC00:14
jamielennoxdolphm: if you're still around i replied to your comment on https://review.openstack.org/#/c/216088/00:22
*** shadower has quit IRC00:23
*** shadower has joined #openstack-keystone00:23
*** dave-mcc_ has joined #openstack-keystone00:24
openstackgerritMerged openstack/keystone: Use entrypoints for paste middleware and apps  https://review.openstack.org/21472000:25
openstackgerritMerged openstack/keystone: Prevent exception for invalidly encoded parameters  https://review.openstack.org/21379600:25
*** dave-mccowan has quit IRC00:27
*** HT_sergio has joined #openstack-keystone00:30
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699800:33
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699800:39
*** asd112z has joined #openstack-keystone00:41
openstackgerritEric Brown proposed openstack/keystone: Set max on max_password_length to passlib max  https://review.openstack.org/21744900:41
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699800:42
*** shoutm has joined #openstack-keystone00:54
*** shoutm_ has quit IRC00:57
*** spandhe has quit IRC00:59
*** _cjones_ has quit IRC01:05
*** shoutm has quit IRC01:10
*** shoutm has joined #openstack-keystone01:14
*** jasonsb has joined #openstack-keystone01:27
*** jasonsb has quit IRC01:28
*** jasonsb has joined #openstack-keystone01:29
*** HT_sergio has quit IRC01:31
*** doug-fish has joined #openstack-keystone01:31
*** jasonsb has quit IRC01:32
*** btully has quit IRC01:35
*** r-daneel has quit IRC01:35
*** doug-fish has quit IRC01:36
*** dims has joined #openstack-keystone01:43
*** fangzhou has quit IRC01:50
*** doug-fish has joined #openstack-keystone01:52
*** lhcheng has quit IRC01:53
*** doug-fish has quit IRC01:56
*** lhcheng has joined #openstack-keystone01:56
*** ChanServ sets mode: +v lhcheng01:56
*** lhcheng has quit IRC01:57
*** lhcheng has joined #openstack-keystone01:57
*** ChanServ sets mode: +v lhcheng01:57
*** lhcheng has quit IRC01:59
*** btully has joined #openstack-keystone02:00
*** jlk has left #openstack-keystone02:04
*** btully has quit IRC02:04
*** btully has joined #openstack-keystone02:06
*** lhcheng has joined #openstack-keystone02:09
*** ChanServ sets mode: +v lhcheng02:09
*** mylu has quit IRC02:10
dstanekis gerrit down or is it just me?02:11
dstanekhmmm....seems to be back02:18
*** spandhe has joined #openstack-keystone02:19
*** ankita_wagh has joined #openstack-keystone02:27
*** HT_sergio has joined #openstack-keystone02:29
*** mylu has joined #openstack-keystone02:30
*** zzzeek has joined #openstack-keystone02:34
*** jasonsb has joined #openstack-keystone02:35
*** zzzeek has quit IRC02:47
*** asd112z has quit IRC02:50
*** jlk has joined #openstack-keystone02:50
*** hakimo_ has joined #openstack-keystone02:52
*** dave-mcc_ has quit IRC02:54
*** hakimo has quit IRC02:55
*** richm has quit IRC02:55
*** dims has quit IRC02:56
*** mylu has quit IRC03:11
*** mylu has joined #openstack-keystone03:11
*** mylu_ has joined #openstack-keystone03:14
*** mylu has quit IRC03:14
*** lhcheng has quit IRC03:17
*** esp has left #openstack-keystone03:20
*** esp has joined #openstack-keystone03:22
*** urulama has quit IRC03:27
*** urulama has joined #openstack-keystone03:28
*** EinstCrazy has joined #openstack-keystone03:32
*** lhcheng has joined #openstack-keystone03:35
*** ChanServ sets mode: +v lhcheng03:35
*** lhcheng_ has joined #openstack-keystone03:40
*** dikonoor has joined #openstack-keystone03:42
*** lhcheng has quit IRC03:42
*** alex_xu has quit IRC03:45
*** alex_xu has joined #openstack-keystone03:46
*** mylu_ has quit IRC03:55
*** mylu has joined #openstack-keystone03:56
*** ankita_w_ has joined #openstack-keystone03:56
*** mylu has quit IRC03:57
*** mylu has joined #openstack-keystone03:57
*** ankita_wagh has quit IRC03:58
*** jamielennox is now known as jamielennox|away04:04
*** jamielennox|away is now known as jamielennox04:05
*** mylu has quit IRC04:13
*** mylu has joined #openstack-keystone04:14
*** ankita_w_ has quit IRC04:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/21450904:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/21748204:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystoneauth-saml2: Updated from global requirements  https://review.openstack.org/21748304:14
openstackgerritOpenStack Proposal Bot proposed openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/21715804:14
*** mylu has quit IRC04:17
*** mylu has joined #openstack-keystone04:17
openstackgerritOpenStack Proposal Bot proposed openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/21749604:18
openstackgerritOpenStack Proposal Bot proposed openstack/pycadf: Updated from global requirements  https://review.openstack.org/21750104:18
openstackgerritOpenStack Proposal Bot proposed openstack/python-keystoneclient: Updated from global requirements  https://review.openstack.org/21720504:18
*** ajayaa has joined #openstack-keystone04:20
*** mylu has quit IRC04:21
*** spandhe has quit IRC04:27
*** ankita_wagh has joined #openstack-keystone04:28
*** spandhe has joined #openstack-keystone04:30
openstackgerritEric Brown proposed openstack/keystone: Set max on max_password_length to passlib max  https://review.openstack.org/21744904:30
*** ankita_wagh has quit IRC04:31
*** ankita_wagh has joined #openstack-keystone04:31
*** links has joined #openstack-keystone04:38
openstackgerritSam Leong proposed openstack/keystone: Tokenless authz with X.509 SSL client certificate  https://review.openstack.org/15687004:42
*** davechen has joined #openstack-keystone04:53
openstackgerritDavid Stanek proposed openstack/keystone: Adds warning when no domain configs were uploaded  https://review.openstack.org/21428704:55
*** _hrou_ has joined #openstack-keystone04:59
*** Guest53419 has quit IRC05:01
*** ajayaa has quit IRC05:01
*** hrou has quit IRC05:02
*** zeus has joined #openstack-keystone05:03
*** zeus is now known as Guest2253005:04
*** openstackgerrit has quit IRC05:16
*** openstackgerrit has joined #openstack-keystone05:17
*** fangzhou has joined #openstack-keystone05:26
*** albertom has quit IRC05:29
*** albertom has joined #openstack-keystone05:30
openstackgerritDave Chen proposed openstack/keystone: Refactor: Don't hard code the error code  https://review.openstack.org/19862305:40
*** dims has joined #openstack-keystone05:46
*** ajayaa has joined #openstack-keystone05:49
*** Nirupama has joined #openstack-keystone05:49
*** EinstCrazy has quit IRC05:50
*** ankita_w_ has joined #openstack-keystone05:51
*** dims has quit IRC05:52
*** EinstCrazy has joined #openstack-keystone05:54
*** ankita_wagh has quit IRC05:55
*** paulose has joined #openstack-keystone05:55
paulosehello all how can i change the role of a user from _member_ to admin05:56
*** afazekas_ has joined #openstack-keystone06:06
*** _hrou_ has quit IRC06:12
paulosei have a user whose role was _member_ later changed to heat_stack_user and again back to _member_ but now the user is not able to do any heat commands as it returns error not authorised .Any idea about this error?06:14
openstackgerritmajianjun proposed openstack/keystone: Possible refactor of keystone.common.validate_token_bind's code Fixes Bug1488451  https://review.openstack.org/21753506:16
*** btully has quit IRC06:16
*** ankita_w_ has quit IRC06:23
*** ankita_wagh has joined #openstack-keystone06:25
*** ankita_wagh has quit IRC06:27
*** ankita_wagh has joined #openstack-keystone06:28
*** albertom has quit IRC06:34
openstackgerritmajianjun proposed openstack/keystone: Return the tenant_id as early as possible Fixes Bug1488715  https://review.openstack.org/21754306:37
*** albertom has joined #openstack-keystone06:39
*** ankita_w_ has joined #openstack-keystone06:46
*** btully has joined #openstack-keystone06:47
*** ankita_wagh has quit IRC06:49
*** ankita_w_ has quit IRC06:50
*** doug-fish has joined #openstack-keystone06:56
*** henrynash has joined #openstack-keystone06:57
*** ChanServ sets mode: +v henrynash06:57
*** doug-fish has quit IRC07:01
*** browne has quit IRC07:01
*** tobasco_ is now known as tobasco07:14
*** e0ne has joined #openstack-keystone07:18
*** mylu has joined #openstack-keystone07:22
*** mylu has quit IRC07:28
*** mylu has joined #openstack-keystone07:29
*** paulose has quit IRC07:30
*** mylu has quit IRC07:30
*** mylu has joined #openstack-keystone07:31
*** katkapilatova has joined #openstack-keystone07:32
openstackgerritMarek Denis proposed openstack/keystone: Validate Mapped User object.  https://review.openstack.org/21704907:34
*** dims has joined #openstack-keystone07:35
*** mylu has quit IRC07:35
*** dims has quit IRC07:40
*** vivekd has joined #openstack-keystone07:41
openstackgerritDave Chen proposed openstack/keystone: Update apache-httpd.rst  https://review.openstack.org/21756507:44
*** fhubik has joined #openstack-keystone07:55
*** shoutm_ has joined #openstack-keystone07:57
*** fhubik is now known as fhubik_brb07:58
*** lhcheng has joined #openstack-keystone07:59
*** ChanServ sets mode: +v lhcheng07:59
*** shoutm has quit IRC08:00
*** e0ne has quit IRC08:01
*** jaosorior has joined #openstack-keystone08:02
*** lhcheng_ has quit IRC08:03
*** fhubik_brb is now known as fhubik08:05
*** boris-42 has quit IRC08:10
*** urulama has quit IRC08:10
*** urulama has joined #openstack-keystone08:11
*** kiran-r has joined #openstack-keystone08:11
openstackgerritMerged openstack/keystone: Remove references to keystone.openstack.common  https://review.openstack.org/21533708:13
*** pnavarro has joined #openstack-keystone08:14
*** jistr has joined #openstack-keystone08:15
openstackgerritMerged openstack/keystoneauth-saml2: Updated from global requirements  https://review.openstack.org/21748308:16
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699808:17
*** spandhe has quit IRC08:19
*** shoutm_ has quit IRC08:32
*** henrynash has quit IRC08:37
*** lhcheng has quit IRC08:44
*** urulama has quit IRC08:51
*** henrynash has joined #openstack-keystone08:51
*** ChanServ sets mode: +v henrynash08:51
*** urulama has joined #openstack-keystone08:51
*** jistr has quit IRC08:54
*** jistr has joined #openstack-keystone08:56
*** e0ne has joined #openstack-keystone08:59
*** wuhg has joined #openstack-keystone09:00
*** davechen has quit IRC09:01
*** jistr has quit IRC09:01
*** jistr has joined #openstack-keystone09:05
*** spandhe has joined #openstack-keystone09:11
*** kiran-r has quit IRC09:27
openstackgerritMerged openstack/keystone: Simplify rule in sample v3 policy file  https://review.openstack.org/21333809:35
openstackgerritMerged openstack/keystonemiddleware: Updated from global requirements  https://review.openstack.org/21715809:35
*** fhubik is now known as fhubik_brb09:39
*** lhcheng has joined #openstack-keystone09:39
*** ChanServ sets mode: +v lhcheng09:39
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699809:42
*** fhubik_brb is now known as fhubik09:45
*** urulama has quit IRC09:49
*** urulama has joined #openstack-keystone09:50
*** dims has joined #openstack-keystone09:50
*** btully has quit IRC09:54
*** katkapilatova has left #openstack-keystone09:57
*** jistr has quit IRC10:06
*** lhcheng has quit IRC10:07
*** eandersson has joined #openstack-keystone10:10
*** EinstCrazy has quit IRC10:13
*** henrynash has quit IRC10:16
*** jistr has joined #openstack-keystone10:18
eanderssonMorning10:21
eanderssonWhen you are using domain-tokens and authenticate as admin with the default domain. Does API request necessarily come with X-Tenant-ID? Trying to figure out if a bug in an update for Designate is well a bug. :D10:23
openstackgerritMerged openstack/keystone: Expose exception due to missing id of LDAP entity  https://review.openstack.org/21108810:23
*** spandhe has quit IRC10:24
openstackgerritMerged openstack/keystone: Prevent exception due to missing id of LDAP entity  https://review.openstack.org/20796010:25
openstackgerritMerged openstack/keystone: Update docs for stevedore drivers  https://review.openstack.org/21059010:26
openstackgerritMerged openstack/keystone: Sample config help for supplied drivers  https://review.openstack.org/21073910:26
openstackgerritMerged openstack/keystone: update links in http-api to point to specs repo  https://review.openstack.org/21444110:26
*** henrynash has joined #openstack-keystone10:31
*** ChanServ sets mode: +v henrynash10:31
*** henrynash has quit IRC10:33
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699810:36
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699810:38
*** Kennan has quit IRC10:38
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699810:39
*** kiran-r has joined #openstack-keystone10:40
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699810:41
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699810:42
*** vivekd has quit IRC10:48
*** Kennan has joined #openstack-keystone10:55
openstackgerritAlexander Makarov proposed openstack/keystone: Make application initialization a critical section  https://review.openstack.org/21000110:57
*** vivekd has joined #openstack-keystone10:57
*** dtantsur has joined #openstack-keystone10:57
dtantsurhey folks! are there any examples on how to create a keystoneclient instance that works?10:58
dtantsure.g. http://docs.openstack.org/developer/python-keystoneclient/using-api-v3.html#authenticating-using-sessions results in client instance that fails for every request10:58
dtantsurthe same problem with other examples...10:58
dtantsurnevermind, v2 examples seem to work, should be enough for me11:00
*** aix has quit IRC11:02
*** Fdaisuke has joined #openstack-keystone11:03
*** alex_xu has quit IRC11:20
*** HT_sergio has quit IRC11:20
*** HT_sergio has joined #openstack-keystone11:21
*** alex_xu has joined #openstack-keystone11:23
*** dave-mccowan has joined #openstack-keystone11:30
*** aix has joined #openstack-keystone11:33
openstackgerritMerged openstack/oslo.policy: Updated from global requirements  https://review.openstack.org/21749611:35
*** fhubik has quit IRC11:37
*** fhubik has joined #openstack-keystone11:37
*** e0ne has quit IRC11:42
*** fhubik_ has joined #openstack-keystone11:43
*** samueldmq has joined #openstack-keystone11:44
samueldmqmorning11:44
*** gordc has joined #openstack-keystone11:45
*** pnavarro is now known as pnavarro|lunch11:46
*** fhubik is now known as fhubik_brb11:47
dtantsurhey folks! is it correct that `openstack endpoint list` is empty on a fresh devstack? Oo11:49
dtantsursamueldmq, morning, maybe you know ^^11:50
*** vivekd has quit IRC11:52
*** lhcheng has joined #openstack-keystone11:55
*** ChanServ sets mode: +v lhcheng11:55
*** kiran-r has quit IRC11:58
samueldmqdtantsur, try again adding : '--os-url <your_keystone_url/v3> --os-identity-api-version=3'11:58
samueldmqjamielennox, cc ^ so we changed endpoint creation to use v3 in (https://review.openstack.org/#/c/186681)11:59
dtantsursamueldmq, that's using v3, which is fine for CLI, but in software I write I have to use v211:59
dtantsur(mostly because I can't make v3 work)11:59
samueldmqdstanek, v3 works fine :)11:59
samueldmqdstanek, not you, dtantsur12:00
samueldmqdstanek, you know that already12:00
samueldmq:)12:00
*** lhcheng has quit IRC12:00
dtantsurI suppose it does :) however, in my environment http://docs.openstack.org/developer/python-keystoneclient/using-api-v3.html#authenticating-using-sessions results in client instance that fails for every request12:00
*** urulama has quit IRC12:00
samueldmqdtantsur, I can't help with any debugging now, have a meeting in a bit12:01
*** urulama has joined #openstack-keystone12:01
dtantsurack, thanks anyway..12:01
jamielennoxsamueldmq: not sure what you mean12:01
samueldmqdtantsur, but feel free to ask any question here in the channel, I am sure someone will have answers for your question12:01
samueldmqjamielennox, so v3 endpoints can't be seen in v212:02
samueldmqjamielennox, and as devstack still defaults to v2, when in a fresh devstack one tris 'openstack endpoint list'12:02
jamielennoxergh12:02
samueldmqjamielennox, it's returned an empty list12:02
samueldmqyeah :-)12:02
jamielennoxum12:03
jamielennoxi'm not sure what i want to do about that12:03
jamielennoxif naything12:03
dtantsurso, with v3 (kilo tripleo, not devstack this time), I get Unauthorized: Could not find project: admin12:06
dtantsurit seems to be like I need some code that can use both v2 and v3 at the same time. any hints?12:06
*** raildo-afk is now known as raildo12:10
*** dims has quit IRC12:14
*** fhubik_ has quit IRC12:14
*** fhubik_ has joined #openstack-keystone12:14
dstanekjamielennox: there is the start of a review to see v3 endpoints on v2, we need to deprecate harder12:17
jamielennoxdstanek: i would love to, but i just don't think operators care12:18
jamielennoxdstanek: on the other hand we are currently talking about devstack and i feel no need to worry about people there12:18
amakarovA question from Horizon folks:  what about pagination support in (domain|project|user|whatever)-list ?12:18
*** ajayaa has quit IRC12:23
*** dims has joined #openstack-keystone12:29
*** openstackgerrit has quit IRC12:31
*** openstackgerrit has joined #openstack-keystone12:32
*** edmondsw has joined #openstack-keystone12:32
*** Nirupama has quit IRC12:36
*** wuhg has quit IRC12:41
*** doug-fish has joined #openstack-keystone12:41
*** e0ne has joined #openstack-keystone12:44
*** fhubik_ has quit IRC12:44
*** afaranha has joined #openstack-keystone12:44
*** afaranha has left #openstack-keystone12:44
*** fhubik has joined #openstack-keystone12:44
*** fhubik_brb has quit IRC12:45
*** fhubik has quit IRC12:45
*** fhubik has joined #openstack-keystone12:45
*** fhubik is now known as fhubik_brb12:45
*** pnavarro|lunch is now known as pnavarro12:51
*** hrou has joined #openstack-keystone12:55
marekdwhat's Sam Leong's IRC handle?12:57
*** richm has joined #openstack-keystone13:00
*** fhubik_brb is now known as fhubik13:00
raildomarekd: problably is chioleong (this is the gerrit login)13:02
marekdraildo: oh, thanks13:02
marekdand he probably lives in California :(13:03
raildoyeap13:03
marekdmorgan: Does this change need a spec? https://review.openstack.org/#/c/216308/2 ?13:03
dstanekmarekd: i think so because it's changing the API13:06
*** fhubik is now known as fhubik_brb13:08
openstackgerritMerged openstack/keystoneauth: Updated from global requirements  https://review.openstack.org/21748213:09
*** pgbridge has joined #openstack-keystone13:09
*** doug-fish has quit IRC13:15
*** nicodemos has joined #openstack-keystone13:15
*** doug-fish has joined #openstack-keystone13:15
*** tellesnobrega has quit IRC13:15
*** tellesnobrega has joined #openstack-keystone13:15
marekddstanek: yeah, i wasn't sure.13:19
marekddstanek: so a change where say..we add a new feature to the mapping rules is considered API change13:19
*** doug-fish has quit IRC13:19
*** doug-fish has joined #openstack-keystone13:22
*** zzzeek has joined #openstack-keystone13:22
*** sigmavirus24_awa is now known as sigmavirus2413:24
*** afazekas_ has quit IRC13:26
*** urulama has quit IRC13:29
*** urulama has joined #openstack-keystone13:29
*** bknudson has joined #openstack-keystone13:33
*** ChanServ sets mode: +v bknudson13:33
*** thiagop has joined #openstack-keystone13:37
*** dtantsur has left #openstack-keystone13:44
*** lhcheng has joined #openstack-keystone13:45
*** ChanServ sets mode: +v lhcheng13:45
marekdbknudson, dstanek: and this? https://review.openstack.org/#/c/217049/2 does it need a bp/bug ?13:47
*** fhubik_brb is now known as fhubik13:48
bknudsonmarekd: does it fix something that a user would see?13:48
*** lhcheng has quit IRC13:49
marekdbknudson: no, it makes our tests better IMHO.13:49
*** claudiub has joined #openstack-keystone13:49
bknudsonmarekd: doesn't need a bug or blueprint then imo.13:50
bknudsondoesn't hurt to have a bug or blueprint either.13:50
*** petertr7_away is now known as petertr713:51
bknudsoncould put a note in the commit message that says it makes the tests better.13:51
marekdbknudson: ok13:51
bknudsonkind of obvious since the only change is a test file.13:51
marekdi will add the bug anyway.13:51
claudiubhi. still need reviews for the python-keystone client patch regarding missing socket attrubte error during init_poolmanager: https://review.openstack.org/#/c/211686/13:51
*** mpmsimo has joined #openstack-keystone13:55
openstackgerritMarek Denis proposed openstack/keystone: Validate Mapped User object.  https://review.openstack.org/21704913:55
*** HT_sergio has quit IRC13:58
*** exploreshaifali has joined #openstack-keystone13:59
*** petertr7 is now known as petertr7_away14:01
*** Kennan has quit IRC14:02
*** Kennan has joined #openstack-keystone14:03
amakarovbknudson, greetings! I've moved addressed your comment in https://review.openstack.org/#/c/210001/ Please look at that again!14:03
amakarovs/moved//14:04
bknudsonamakarov: the comment says it's protecting global variable but there's no global variable14:04
*** doug-fish has quit IRC14:04
*** doug-fish has joined #openstack-keystone14:05
bknudsonmaybe initialize_admin_application needs to cache the return value?14:05
*** doug-fish has quit IRC14:05
bknudsonor maybe the change actually goes in pbr now?14:05
*** doug-fish has joined #openstack-keystone14:06
bknudsonamakarov: here's the change in pbr: https://review.openstack.org/#/c/195292/14:06
bknudsonthat added support14:06
*** doug-fish has quit IRC14:07
amakarovbknudson, thanks, I'm looking there14:07
*** doug-fish has joined #openstack-keystone14:07
*** lhcheng has joined #openstack-keystone14:09
*** ChanServ sets mode: +v lhcheng14:09
*** lhcheng has quit IRC14:14
amakarovbknudson, as I can see pbr change protects nothing14:15
amakarovand mine does exactly what you said: caches application14:15
bknudsonif you could make the fix in pbr then everybody that uses it will get the fix.14:16
amakarovwith respect to the naming (main and admin are separate)14:16
bknudsonrather than just keystone14:16
amakarovbknudson, ah, see your point14:16
bknudsonI think it's only keystone using the pbr support for now14:16
*** shoutm has joined #openstack-keystone14:18
*** fhubik is now known as fhubik_brb14:19
amakarovbknudson, https://review.openstack.org/#/c/217733/14:27
openstackgerritDave Chen proposed openstack/keystone: Remove local conf information from paste-ini  https://review.openstack.org/13412414:28
bknudsonamakarov: neat!14:28
*** fangzhou has quit IRC14:30
amakarovbknudson, I suppose PBR is used with devstack?14:30
bknudsonamakarov: it's used when you do pip install -e /opt/stack/keystone14:30
bknudsonif you want to try it out14:30
*** browne has joined #openstack-keystone14:31
amakarovbknudson, so we still need my change for keystone14:31
amakarovand now it'll be double protected :)14:32
bknudsonamakarov: the pbr fix wouldn't take care of it?14:32
*** fangzhou has joined #openstack-keystone14:32
amakarovbknudson, if pip is the only way - yes14:33
*** doug-fish has quit IRC14:36
bknudsonamakarov: pip is the way.14:36
*** links has quit IRC14:37
*** doug-fish has joined #openstack-keystone14:37
bknudsonamakarov: we still have keystone.py ... I think it should be marked as deprecated.14:37
bknudsonalso, I think you should go back to making the change to keystone.py ... I wasn't sure if the pbr change would be accepted so I asked to have it moved down.14:39
amakarovbknudson, there was a change: main and admin app initialization functions added14:40
*** csoukup has joined #openstack-keystone14:40
*** petertr7_away is now known as petertr714:40
amakarovbknudson, I'll try to be careful )14:41
*** csoukup has quit IRC14:42
*** diazjf has joined #openstack-keystone14:42
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider issue_v2_token()  https://review.openstack.org/19764714:42
openstackgerritLance Bragstad proposed openstack/keystone: Consolidate the fernet provider validate_v3_token()  https://review.openstack.org/19687714:42
openstackgerritNina Goradia proposed openstack/keystone: Correct docstrings in resource/core.py  https://review.openstack.org/21740014:44
*** doug-fish has quit IRC14:46
*** fangzhou has quit IRC14:48
*** fhubik_brb is now known as fhubik14:49
*** fhubik has quit IRC14:49
amakarovbknudson, if I move critical section to keystone.py, initialize_(admin|public)_application will be unprotected14:50
amakarovbknudson, ops, sorry - missed the order14:51
*** dims has quit IRC14:51
*** dims has joined #openstack-keystone14:51
openstackgerritOlivier Pilotte proposed openstack/keystone-specs: Accepts Group IDs from the IdP without domain  https://review.openstack.org/21630814:52
*** afazekas_ has joined #openstack-keystone14:54
openstackgerritAlexander Makarov proposed openstack/keystone: Protect WSGI application with a critical section  https://review.openstack.org/21000114:55
amakarovbknudson, ^^14:55
*** hrou has quit IRC14:57
*** tonytan4ever has joined #openstack-keystone14:58
*** petertr7 is now known as petertr7_away15:11
*** Fdaisuke has left #openstack-keystone15:13
*** Guest5469 is now known as brianl15:13
brianlword up15:14
lbragstadbrianl: o/15:14
brianlsorry, lots of issues this morning :)15:14
lbragstaddolphm: ^15:14
*** petertr7_away is now known as petertr715:15
*** thedodd has joined #openstack-keystone15:15
*** HT_sergio has joined #openstack-keystone15:17
dstanekbrianl: that doesn't sound good15:17
dstanekamakarov: did you run into an issue or are you just trying to be careful?15:21
dstanekamakarov: the way i understood mod_wsgi is that it would call that callable in each thread so you don't need to protect it15:21
*** exploreshaifali has quit IRC15:22
amakarovdstanek, yes, under high load15:22
*** links has joined #openstack-keystone15:22
*** urulama has quit IRC15:22
amakarovdstanek, I've provided a link in the bug description - Apache required to protect it15:22
amakarovhttp://code.google.com/p/modwsgi/wiki/ProcessesAndThreading#Building_A_Portable_Application15:23
*** urulama has joined #openstack-keystone15:23
dstanekamakarov: so what does your critical section do? just prevent setup_backends from running in multple threads?15:24
*** brianl is now known as blewis15:25
amakarovdstanek, configure_region - to be more specific15:25
dstanekamakarov: why is this a load induced problem? it would seem to be that in a multi threaded Apache setup that we'd always see a failure15:27
*** afazekas_ has quit IRC15:27
morganI dont think that spec means what this fix is assuming15:28
morganWhat is "high load" btw in this context?15:29
morganThe assignment of application also happens at import time. Multiple threads should never be impacted.15:30
morganS/assignment/binding15:30
morgandstanek: ^ cc15:30
morganamakarov: ^ cc15:30
amakarovdstanek, morgan we have to run it multi-threaded as memcache pool backend for tokens must be shared in order to reduce failover when one controller goes up/down15:30
amakarovmorgan, "high load" is Rally test on 200 nodes env15:32
morganIs this using memcache as a backend for storing tokens or for straight caching15:32
morganWhat is the error you are seeing with rally?15:32
dstanekamakarov: what is the load per node?15:32
amakarovmemcache pool token backend15:32
morganamakarov: stop storing tokens in memcache15:32
morganSeriously. Stop it.15:33
morganThat driver needs to die, it is usig the wrong tool for the job and causes a lot of associated issues.15:33
*** henrynash has joined #openstack-keystone15:33
*** ChanServ sets mode: +v henrynash15:33
dstanekmorgan: maybe it should be deprecated this cycle15:34
dstanekamakarov: you'll have to give some steps to reproduce in the bug15:34
morgandstanek: yeah probably15:34
amakarovmorgan, this is our best solution now until we adopt Fernet15:34
morganamakarov: sql is better even with its issues15:35
morganMemcache is never a better choice15:35
dstanekamakarov: does it fail always in threaded mode?15:35
*** afazekas_ has joined #openstack-keystone15:35
morgandstanek: lets deprecate memcache backend next cycle when we make fernet default15:36
*** tellesnobrega has quit IRC15:36
dstanekmorgan: iirc, mod_wsgi is basically doing an eval in each thread and not importing this code - i can't find a reference to confirm or deny though15:36
amakarovdstanek, it's race condition - it does not :) But the problem was quite persistent. Searching our QA team report15:36
morgandstanek: still should be isolated with an eval.15:37
morganBut regardless the locking there wont do us much good15:37
*** tellesnobrega has joined #openstack-keystone15:37
morganLook at my comment15:37
*** henrynash has quit IRC15:37
morganWe are moving to pbr generated wsgi-app files15:37
openstackgerritLance Bragstad proposed openstack/keystone: Update endpoint filter documentation  https://review.openstack.org/21168115:38
openstackgerritLance Bragstad proposed openstack/keystone: Improve endpoint filtering docs  https://review.openstack.org/20866015:38
morganAlso locking at the top level like that worries me that we have other oversights15:38
dstanekamakarov: so no load induced at all. if the app starts up in such a way that multiple threads and setting up the cache at the same time it fails.15:38
morganThat looks like a poor bandaid15:38
amakarovdstanek, here is from the modwsgi doc: 2. Access to and modification of shared data in an external data store must be protected so as to prevent multiple threads in the same or different processes from interfering with each other. This would normally be achieved through a locking mechanism visible to all child processes.15:39
amakarov4. Where global data in a module local to a child process is still used, for example as a cache, access to and modification of the global data must be protected by local thread locking mechanisms.15:39
dstanekamakarov: i am not saying you are wrong15:40
dstanekmorgan: this is why decorators suck and i hate them15:40
morgandstanek: this isnt really a decorator issue15:40
dstanekamakarov: the critical section should be around the cache initialization15:40
*** jlk has left #openstack-keystone15:41
morganThis is the kvs interface for the token backend issue15:41
dstanekamakarov: what i am saying is that this has nothing to do with high load other than your may be recycling threads more often15:41
amakarovdstanek, we'll end up with application re-initialized several times15:41
amakarovdstanek, even in the middle of some request handling15:41
dstanekamakarov: yes, i know15:42
dstanekamakarov: see my comments above15:42
amakarovdstanek, ah. I'm ebout what to protect15:42
amakarovs/ebout/about/15:42
*** shoutm has quit IRC15:43
dstanekamakarov: move the protection higher up like bknudson suggested15:44
dstanekmorgan: it sort of is a decorator issue. dogpile.cache is designed around global regions and that is the issue15:44
morganIt isnt dogpile.cache in this case really15:45
amakarovdstanek, thought I've done it15:45
morganSure that is impacted too. Somewhat15:45
amakarovdstanek, what do you mean as "higher up" ?15:45
morganBut this is the kvs interface - which isnt driven by decorators15:45
morganamakarov: protect the cache initialization15:45
dstanekamakarov: not in keystone/http.py - closer to the thing that needs the locking15:45
morganNot the wsgi app15:45
dstanekmorgan: ++15:46
morganAnd we need to protect it in 2-3 places15:46
morganIirc15:46
dstanekthis, right now, is like an uber level diaper pattern15:46
morganIn common.cache and common.kvs15:46
amakarovdstanek, morgan: so are we ok, that application is re-created for every thread>15:46
amakarov?15:46
morganamakarov: it shouldnt matter.15:46
*** vivekd has joined #openstack-keystone15:47
dstanekmorgan: application is really just a function15:47
dstanekamakarov: ^15:47
morgan++15:47
dstanekit's the initialization that happens that we may need to protect15:47
amakarovdstanek, application is the object returned by the function15:48
amakarovdstanek, found this bug description (it's from fuel) https://bugs.launchpad.net/fuel/+bug/145703715:48
openstackLaunchpad bug 1457037 in Fuel for OpenStack 7.0.x "Keystone client is not available. Please, refer to OpenStack logs to fix this problem" [Critical,Fix released] - Assigned to Boris Bobrov (bbobrov)15:48
morganIf this is being done via eval like dstanek says. Your locking doesnt help much15:48
morganIn preventing the recreate15:49
dstanekmorgan: did you find a doc or looking through code?15:49
morganIt is putting a bandaid in a place that solves the issue but is not surgical15:49
morgandstanek: going by your assertion15:49
morgandstanek: havent looked at mod_wsgi code15:49
dstanekmorgan: ah, the 'if' didn't register15:50
morganThis is another reason i want to move to uwsgi15:50
amakarovbknudson, cc ^15:50
dstanekamakarov: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/server/wsgi.py#n4615:50
*** afazekas_ has quit IRC15:50
amakarovmorgan, uwsgi is cool, but how shall we use mods for oauth, openid and shibboleth?15:51
morganamakarov: apache still runs in front15:51
dstanekamakarov: apache15:51
morganUwsgi just manages keystone app15:51
morganMod_proxy_uwsgi15:51
morganAlso makes it easier for folks to use nginx15:51
amakarovmorgan, why not gunicorn then? - It's more pythonic than uwsgi :)15:52
morganamakarov: uwsgi is my personal choice. But moving to uwsgi wouldnt prevent someone from using gunicorn. Uwsgi is better architected in a purely personally subjective view15:53
morganI also like that i can use a unix socket and speak uwsgi protocol vs needing a full tcp stack15:53
morganAnd/or do raw http termination15:54
morganAlso uwsgi iirc plays better with individual venvs even is uwsgi is installed at the system level15:55
amakarovmorgan, btw, our QA complained that keystone with mod_wsgi have some problems with graceful restart (sleep is needed)15:55
morganLook at devstack. Known issue with apache and mod_wsgi15:55
morganThat is solved with uwsgi/unicorn15:55
amakarovmorgan, +115:55
morganAnother reason i want to move our recommendation15:56
*** gustavo has joined #openstack-keystone15:58
amakarovdstanek, will protecting setup_backends be enough?16:00
*** jasonsb has quit IRC16:00
*** doug-fish has joined #openstack-keystone16:01
*** jasonsb has joined #openstack-keystone16:01
*** pnavarro has quit IRC16:03
*** bknudson has quit IRC16:03
*** henrynash has joined #openstack-keystone16:04
*** ChanServ sets mode: +v henrynash16:04
*** jasonsb has quit IRC16:05
gustavoHi guys. I have a Swift cluster with swauth as authentication middleware and I would like to migrate to Keystone, but I need to configure the endpoint URL using tenant_name instead of tenant_id as a substitution keyword. Is it posible ? Example: http://storage-endpoint:8080/v1/AUTH_%(tenant_name)s16:06
samueldmqdstanek, hey16:06
samueldmqdstanek, have you committed your ksclient Cache-Control changes  ?16:06
samueldmqdstanek, I am preparing a demo16:07
morganamakarov: maybe. Though you might have more luck just targeting the cache setups - again, i really want to isolate what we put locks around and address the specific issues not just throw locking around everything16:08
*** afazekas_ has joined #openstack-keystone16:08
amakarovmorgan, got it16:08
morganBut at least load_backends is portable to the pbr generated app files16:08
morganSo it is better than in http/eystone.py16:09
*** btully has joined #openstack-keystone16:10
*** mylu has joined #openstack-keystone16:11
*** mylu has quit IRC16:12
openstackgerritAlexander Makarov proposed openstack/keystone: Protect WSGI application with a critical section  https://review.openstack.org/21000116:13
amakarovmorgan, dstanek ^^16:13
*** mylu has joined #openstack-keystone16:13
*** btully has quit IRC16:14
amakarovwait...16:14
openstackgerritMerged openstack/keystone: Refactor: rename Fernet's unscoped federated payload  https://review.openstack.org/20219016:14
morganHehe16:14
*** doug-fish has quit IRC16:14
openstackgerritAlexander Makarov proposed openstack/keystone: Protect WSGI application with a critical section  https://review.openstack.org/21000116:15
*** doug-fish has joined #openstack-keystone16:15
amakarovmorgan, :)16:15
amakarovdone16:15
morganamakarov: also make sure you look at the common.kvs initializer. You arent solving your issue with memcsche token driver16:15
morganhttps://github.com/openstack/keystone/blob/master/keystone/common/kvs/core.py16:16
morganYou are only solving the legitimate cache layer which has next to nothing to do with keystone memcache token driver16:16
*** bknudson has joined #openstack-keystone16:16
*** ChanServ sets mode: +v bknudson16:16
amakarovmorgan, I see...16:17
openstackgerritMerged openstack/keystone: Refactor: Provider._rebuild_federated_info()  https://review.openstack.org/20887216:17
morganAnd please let me know if the fix solves your issue.16:18
morganBefore we merge it16:18
*** e0ne has quit IRC16:18
*** doug-fish has quit IRC16:19
*** woodster_ has joined #openstack-keystone16:20
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699816:21
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699816:22
*** henrynash has quit IRC16:22
*** hrou has joined #openstack-keystone16:23
*** jistr has quit IRC16:24
*** jaosorior has quit IRC16:25
dstanekmorgan: dolphm: i'm thinking of marking https://bugs.launchpad.net/keystone/+bug/1462152 as wontfix - any objections?16:26
openstackLaunchpad bug 1462152 in Keystone "python-memcache (and therefore) token memcache persistence driver does not support ipv6" [Wishlist,Triaged]16:26
*** exploreshaifali has joined #openstack-keystone16:26
*** _cjones_ has joined #openstack-keystone16:26
morganYep16:27
morganGo for it16:27
*** lhcheng has joined #openstack-keystone16:27
*** ChanServ sets mode: +v lhcheng16:27
*** marzif has joined #openstack-keystone16:27
*** afazekas_ has quit IRC16:27
openstackgerritAlexander Makarov proposed openstack/keystone: Protect WSGI application with a critical section  https://review.openstack.org/21000116:28
*** claudiub has quit IRC16:29
*** spandhe has joined #openstack-keystone16:32
*** spandhe has quit IRC16:32
*** urulama has quit IRC16:36
*** doug-fish has joined #openstack-keystone16:36
*** merimus has joined #openstack-keystone16:37
*** urulama has joined #openstack-keystone16:37
merimusis it possible ot use keystone as a user database ala ldap?  Is there a nss module for it?16:38
openstackgerritAlexander Makarov proposed openstack/keystone: Protect initialization with critical sections  https://review.openstack.org/21000116:39
*** doug-fis_ has joined #openstack-keystone16:39
*** boris-42 has joined #openstack-keystone16:39
*** fangzhou has joined #openstack-keystone16:40
*** doug-fish has quit IRC16:41
*** roxanaghe has joined #openstack-keystone16:42
*** mpmsimo has quit IRC16:43
htrutahey morgan, is this a good day for a workflow? :D16:44
*** links has quit IRC16:45
*** petertr7 is now known as petertr7_away16:46
*** browne has quit IRC16:47
*** browne has joined #openstack-keystone16:47
*** petertr7_away is now known as petertr716:48
*** arunkant_ has joined #openstack-keystone16:49
*** EinstCrazy has joined #openstack-keystone16:51
openstackgerritSamuel de Medeiros Queiroz proposed openstack/keystonemiddleware: Centralized Policy Fetch and Cache  https://review.openstack.org/18856116:51
*** browne has quit IRC16:51
*** afazekas_ has joined #openstack-keystone16:52
*** browne has joined #openstack-keystone16:54
samueldmqdstanek's patch : "WIP: WIPier and most WIPs - ..."16:55
samueldmqhehe16:55
*** marzif has quit IRC16:55
*** harlowja has joined #openstack-keystone16:55
dstaneksamueldmq: did you find this? https://review.openstack.org/#/c/211396/16:56
samueldmqdstanek, yeah found it in this exact moment16:56
samueldmq:)16:56
samueldmqdstanek, gonna add it to my ksclient in devstack and see what happens16:56
dstaneksamueldmq: if it catches on fire it's not my fault16:57
*** aix has quit IRC16:58
samueldmqdstanek, hehe are you expecting something to go wrong already?16:58
samueldmqdstanek, I remember you mentioning something about the X-Vary needed to be updated16:59
samueldmqor something like that16:59
dstaneksamueldmq: https://review.openstack.org/#/c/211693/16:59
dstaneksamueldmq: it's software and software is always broken17:00
samueldmqdstanek, I can't look at that17:00
samueldmqdstanek, it's said: "please don't review me"17:00
samueldmqdstanek, ehhe17:00
samueldmqdstanek, what would be the effect of having X-Auth-TOken inside X-Vary17:03
samueldmqdstanek, the client wouldn't respect the given max-age at all?17:03
*** Guest22530 has quit IRC17:04
*** doug-fis_ has quit IRC17:04
*** doug-fish has joined #openstack-keystone17:04
*** doug-fish has quit IRC17:04
*** doug-fish has joined #openstack-keystone17:05
dstaneksamueldmq: when something goes to cache it uses the URL and the values of the headers that are pointed to by Vary17:06
dstaneksamueldmq: to hitting the same URL with two different tokens (assuming Vary: X-Auth-Token) would result in two responses being cached17:06
*** merimus has quit IRC17:06
dstanekthe Vary header points to headers in the request and not the response17:07
*** henrynash has joined #openstack-keystone17:07
*** ChanServ sets mode: +v henrynash17:07
*** afazekas_ has quit IRC17:07
*** jasonsb has joined #openstack-keystone17:08
samueldmqdstanek, ++ thanks17:08
*** topol has joined #openstack-keystone17:08
*** ChanServ sets mode: +v topol17:08
*** afazekas_ has joined #openstack-keystone17:09
*** petertr7 is now known as petertr7_away17:11
*** henrynash has quit IRC17:11
*** doug-fish has quit IRC17:14
*** doug-fish has joined #openstack-keystone17:14
*** afazekas_ has quit IRC17:15
*** afazekas_ has joined #openstack-keystone17:27
*** urulama has quit IRC17:30
*** urulama has joined #openstack-keystone17:31
*** browne has quit IRC17:33
gustavoHi guys. I have a Swift cluster with swauth as authentication middleware and I would like to migrate to Keystone, but I need to configure the endpoint URL using tenant_name instead of tenant_id as a substitution keyword. Is it posible ? Example: http://storage-endpoint:8080/v1/AUTH_%(tenant_name)s17:37
*** roxanaghe has quit IRC17:37
*** mpmsimo has joined #openstack-keystone17:38
*** ankita_wagh has joined #openstack-keystone17:41
openstackgerritMerged openstack/keystoneauth-saml2: Remove translation  https://review.openstack.org/21296417:41
*** samleon has joined #openstack-keystone17:42
*** e0ne has joined #openstack-keystone17:45
*** roxanaghe has joined #openstack-keystone17:48
*** afazekas_ has quit IRC17:48
*** exploreshaifali has quit IRC17:48
*** EinstCrazy has quit IRC17:48
krotscheckmorgan: Remember that conversation about CORS the other day? The dependencies finally went in and cleared gate -> https://review.openstack.org/#/c/216387/17:51
*** topol has quit IRC17:55
morganYay!17:55
morganPlease dont update the sample config (i mean you can) but we have an auto proposal to do that for us17:56
morganI'll take a look shortly at it for you other than that.17:56
*** btully has joined #openstack-keystone17:57
*** topol has joined #openstack-keystone17:58
*** ChanServ sets mode: +v topol17:58
mtreinishmorgan: fwiw, we recently moved it to be autogenerated and put in the docs for tempest: http://docs.openstack.org/developer/tempest/sampleconf.html18:01
*** btully has quit IRC18:02
mtreinishthen we don't have to worry about an autoproposal bot or things getting out sync18:02
mtreinishmorgan: there's even an oslo.config sphinx extension to do it now18:02
*** topol has quit IRC18:02
*** Kennan has quit IRC18:03
*** tonytan4ever has quit IRC18:03
*** Kennan has joined #openstack-keystone18:03
morganmtreinish: we have been asked for the config to stay in tree for now. But.. Sure thst is also an option :)18:05
mtreinishmorgan: yeah, we also added the sample generation to tempest init when you setup a local working dir to try and mitigate that18:06
mtreinishfigured in the docs + autogenerated when you setup tempest ~= in tree sample18:07
morganIt was an operator ask to have it in git18:07
morganNot just generated18:07
bknudsonI18:07
bknudsonI'd be happy with developer docs18:07
mtreinishthat's roughly equal not not equal (forgot != isn't the only way to do that)18:07
morganI'd be happy to see it in both places, then the in-git one being less relevant/evnetually disappearing18:07
bknudsonI don't think I'd want it only in a separate doc18:08
bknudsonthat should be easy enough.18:08
morganmtreinish: at least you didnt do =~ (perl regex match)18:08
bknudsonmtreinish: do you know what change in tempest was made to generate the sample conf?18:09
mtreinishbknudson: yes, I do since I did the most recent couple of revs, one sec18:10
mtreinishbknudson: https://review.openstack.org/21643818:10
mtreinishthat's switching tempest to use the oslo.config module dhellmann and I made based on what I did in tempest18:10
bknudsonmtreinish: I also found this: https://review.openstack.org/#/c/207612/18:11
bknudsonI should just go over and talk to mrodden.18:11
*** dikonoor has quit IRC18:11
mtreinishbknudson: yeah that was the first draft of doing it, had some issues because it broke the interface contract for generating docs18:11
mtreinishbecause it required things to be manually run before running sphinx18:11
mtreinishwhich is where the oslo.config sphinx ext comes in18:12
mtreinishbknudson: oh, right you sit near mrodden, just poke him18:12
mtreinishhe knows all the gory details18:12
bapalmmrodden is out today18:12
*** telemonster is now known as group18:19
*** group is now known as telemonster18:20
openstackgerritTom Cocozzello proposed openstack/keystone: MappingNotFound should be a UnexpectedError  https://review.openstack.org/21783518:21
*** spandhe has joined #openstack-keystone18:29
*** petertr7_away is now known as petertr718:33
*** browne has joined #openstack-keystone18:35
*** tonytan4ever has joined #openstack-keystone18:35
*** exploreshaifali has joined #openstack-keystone18:40
*** andreaf has quit IRC18:41
*** andreaf has joined #openstack-keystone18:42
*** csoukup has joined #openstack-keystone18:50
*** pnavarro has joined #openstack-keystone18:51
*** e0ne has quit IRC18:53
*** ankita_wagh has quit IRC18:54
*** mylu has quit IRC18:54
*** mylu has joined #openstack-keystone18:55
*** topol has joined #openstack-keystone18:58
*** ChanServ sets mode: +v topol18:58
*** topol has quit IRC19:03
*** mylu has quit IRC19:03
*** mylu has joined #openstack-keystone19:04
*** henrynash has joined #openstack-keystone19:05
*** ChanServ sets mode: +v henrynash19:05
*** mylu_ has joined #openstack-keystone19:05
*** mylu has quit IRC19:06
*** henrynash has quit IRC19:08
*** vivekd has quit IRC19:08
*** btully has joined #openstack-keystone19:09
*** aix has joined #openstack-keystone19:11
*** Guest85823 has joined #openstack-keystone19:11
*** btully has quit IRC19:14
*** Guest85823 has quit IRC19:16
*** pauloewerton has joined #openstack-keystone19:24
*** mylu_ has quit IRC19:33
*** mylu has joined #openstack-keystone19:33
*** e0ne has joined #openstack-keystone19:37
*** stevemar has joined #openstack-keystone19:43
*** ChanServ sets mode: +v stevemar19:43
*** tqtran_ has joined #openstack-keystone19:45
*** fangzhou has quit IRC19:45
*** nicodemos has quit IRC19:48
*** roxanaghe has quit IRC19:48
*** nicodemos has joined #openstack-keystone19:49
stevemardstanek: poke19:50
stevemardolphm: also poke19:50
dstanekouch19:50
stevemardstanek:  :)19:50
*** roxanaghe has joined #openstack-keystone19:51
stevemardstanek: anything in particular you did to mentally grasp: https://review.openstack.org/#/c/149178/45/keystone/tests/unit/test_backend.py19:51
dolphmstevemar: stab19:51
stevemari'm not a big fan of the approach, but it's test code19:51
stevemardolphm: are you going to be in austin soon?19:52
dolphmstevemar: stanek is coming into town on sunday19:52
stevemardolphm: nice19:52
stevemari'm here til the 5th19:52
bknudsonIdentityTests(AssignmentTestHelperMixin)19:52
bknudsonwhy does IdentityTest have AssignmentTest mixin?19:52
stevemarbknudson: to create setup data19:53
stevemarlooks like that anyway19:53
dstanekstevemar: nothing particular. i started with the tests to get a feel for how the data vs. code looks and then dug into impl19:53
dstanekstevemar: why not a fan?19:53
stevemarthe use of indexes seems weird19:54
dstanekbknudson: stevemar: yes, for the assignment setup19:54
bknudsonshouldn't that be AssignmentTests need the mixin?19:54
dstanekstevemar: yeah, but it makes sense because all you know if the order of the data and no the ids for reference19:55
dstanekbknudson: i haven't gone through all of the reviews yes, but he does use the data infrastructure quite a bit more19:55
*** mylu has quit IRC19:55
*** gustavo has quit IRC19:55
*** mylu has joined #openstack-keystone19:56
bknudsonseems like we're just making tests that are too complicated already more complicated.19:57
*** diazjf has quit IRC19:57
bknudsonwhen we should be working towards simplifying the test architecture19:57
*** nicodemos has quit IRC19:58
bknudsonfor example, assignment tests should be in an assignments test class rather than identity test class.19:58
*** mylu has quit IRC20:01
*** diazjf has joined #openstack-keystone20:01
dolphmstevemar: dstanek: lbragstad: doodle survey sent20:01
*** thiagop_ has joined #openstack-keystone20:01
lbragstad\o/ meat shoveling!20:05
dstanektmi20:05
*** jasonsb has quit IRC20:06
*** jasonsb has joined #openstack-keystone20:06
dstaneki don't land on Sunday until 5:3020:06
dolphmthat's late if we're going to austin, or austin-ish20:06
dolphmit'd be 7 before you got there20:06
dolphmeven to drippin'20:06
*** doug-fish has quit IRC20:07
dolphmstevemar: have a car?20:07
stevemardolphm: yessir20:07
*** doug-fish has joined #openstack-keystone20:07
dstanekdolphm: also on Monday we have the 30 min meeting at 5pm20:08
dolphmdstanek: WE DO TOO!20:08
dolphmdstanek: oh that's the same meeting.20:09
dstaneklol20:09
dolphmdstanek: i thought you were stevemar, even after i ds<Tab-complete>'d you20:09
*** tjcocozz has joined #openstack-keystone20:10
*** doug-fish has quit IRC20:12
morganbknudson: sure.20:13
morgani don't like test "mixins" btw20:13
*** e0ne has quit IRC20:13
morgani think they make testing harder to understand20:13
lifelessmorgan: vs20:14
lifelessmorgan: (like, whats your preferred pattern - parameterisation? composition? subclassing?20:14
morganlifeless: in this case, sane breaking up of testcases into logical groupings. - composition where we can, but testcases tend to be subclassing20:14
morganso i'd argue rather than using a "mixin" we should have a few sane classes that are structural but properly inherit from testcase20:15
lifelessmorgan: we have enough facilities to avoid subclassing entirely in our environment, AFAIK.20:15
morganand if a mixin is needed for testing, it is a sign we should have broken the tests up more logically20:15
openstackgerritTom Cocozzello proposed openstack/keystone: MappingNotFound should be a UnexpectedError  https://review.openstack.org/21783520:15
*** thiagop_ has quit IRC20:15
lifelessmorgan: that said, http://bugs.python.org/issue14534 - mixins are currently a necessary thing when using subclasses for parameterisation20:16
lifelessmorgan: (which is why I'd say use testscenarios for parameterisation)20:16
morgansure20:16
lifelessmorgan: [because I agree with you - multiple inheritance is fundamentally harder to reason about)20:16
morganin our cases our parameterization isn't why we have mixins.we have mixins because our previous architecture didn't allow us to do setup cleanly20:17
morganand we never dug ourselves out of that (keystone specific)20:17
lifelessack20:17
morganand ++ on testscenarios20:18
bknudsonwe actually have lots of testcase mixins already20:20
bknudsontjat20:20
bknudsonthat's not what this is20:20
bknudsonwell, maybe it is... scenarios20:21
*** thiagop_ has joined #openstack-keystone20:21
*** thiagop_ has quit IRC20:21
bknudsonI guess this is kind of neat but I wish it wasn't specific to assignments... we could use this for any test type20:22
lifelessbknudson: what 'it' do you refer to ?20:23
bknudsonlifeless: https://review.openstack.org/#/c/149178/45/keystone/tests/unit/test_backend.py is the change under discussion20:24
lifelessok, I meant in the sentence 'I wish it wasn't specific to assignments'20:24
lifelessah20:24
bknudsony, the mixin is called AssignmentTest but it looks like it's somewhat generic.20:25
lifelessI'd be inclined to have it be a Fixture20:25
bknudsonyou can define a test_plan with entities and tests20:25
lifelessparameterised with the plan20:26
dolphmlbragstad: see the mention of tokens: https://mitakadesignsummit.sched.org/event/90e7afebccf16fcb30ab93f9b333afab20:26
lifelessit could expose a matcher trivially20:26
lifelessbut also20:26
lifelessyou could transform that to be a testscenarios scenarios list20:26
lifelesswith a little thought. Mmmm, might have too much cross-linked state for that20:27
lifelesssubtests aren't exposed in testtools yet, or I'd suggest that20:27
bknudsonthere is a lot of state in keystone unit tests :(20:27
*** diazjf has quit IRC20:30
bknudsondon't dig into it too much or you'll have to gouge your eyes out.20:30
bknudsonand we can't make the tests better, just pile more garbage on the garbage.20:30
*** exploreshaifali has quit IRC20:30
*** markvoelker has quit IRC20:33
dstanekmorgan: lifeless: i like mixins when there are lots of tests that require several types of setup.20:34
dstanekbknudson: that's not entirely true. there has been lots of progress in making the tests not suck, but there are still too many bad thing to remove20:36
morgandstanek: I would say we should be making a base test-case class and then subclassing correctly for the setup. the mixin is hard to follow :(20:36
*** diazjf has joined #openstack-keystone20:36
dstanekmorgan: you have the make the tests subclass object so they don't run on their own20:37
morganthe fact we just dump tons of things all into the same test case(s) as giant uber tests, is where this pattern seems to stem from20:37
morgandstanek: isn't that easily done with a _ prefix?20:37
* morgan remembers something similar to that in the way the runner worked.20:37
*** dave-mccowan has quit IRC20:37
*** exploreshaifali has joined #openstack-keystone20:39
*** jasonsb has quit IRC20:43
dstanekmorgan: some of the test runners just find all subclasses of unittest.TestCase, not sure what testtools does exactly20:43
morganwe should check.20:44
dstanekmorgan: that's what you would do for nose since if only cared about naming conventions20:44
dstanekmorgan: doing that right now:-)20:44
morganwe could also just do a .setUp() calls .skip_test if ._initialized() isn't run20:44
morganworst case20:44
morganand just call .init() or something before super()ing up.20:45
*** pnavarro has quit IRC20:45
*** exploreshaifali has quit IRC20:45
morgandstanek: lol I was just doing the same thing, but was slower at setting it up :P20:45
* morgan lets you do it20:45
*** jasonsb has joined #openstack-keystone20:46
dstanekmorgan: naming the class with an _ doesn't help. the tests are still run20:46
morganhm20:47
*** samleon has quit IRC20:47
morgandstanek: http://testrepository.readthedocs.org/en/latest/MANUAL.html#hiding-tests20:47
* dstanek just tried a class named __ for fun20:47
dstanekmorgan: how does tagging apply here?20:48
bknudsonthere's all sorts of handy features... http://testrepository.readthedocs.org/en/latest/MANUAL.html#automated-test-isolation-bisection20:48
lifelessmorgan: no, I linked you the bug about this20:48
lifelessmorgan: using subclasses to provide the parameters implies mixins20:49
lifelessmorgan: its a unittest limitation today20:49
*** fangzhou has joined #openstack-keystone20:49
morganbah, we could just do an explicit skipTest in .setUp20:49
lifelesssure, but remember you have to upcall always20:49
lifelessor else testtools will error the test20:50
morganthat is easy to detect if we are a subclass or the partent20:50
* morgan has done this before.20:50
lifelessk, sure20:50
lifelessanyhow, since i"m not offering to cut code here right now20:50
morganand then the skip can go away once that thing is done :)20:50
lifelessall I can do is offer some options and get out of your way :)20:51
morganoh sure! :)20:51
dstanekmorgan: then you are inflating skips20:51
morganand it is appreciated.20:51
lifelessfor now -> PLANE20:51
morganlifeless: safe travels20:51
*** gyee has joined #openstack-keystone20:51
*** ChanServ sets mode: +v gyee20:51
morgandstanek: i care less about skips and more about runs. I'm ok if we never ever ever ever ever ever ever look at skips20:51
morgandstanek: but we should track # of tests run20:51
bknudsonI think we skip 1/4 tests already20:52
*** claudiub|2 has joined #openstack-keystone20:52
* morgan finds skips with our current setup to be largely a useless number20:52
morganbknudson: yah20:52
*** samleon has joined #openstack-keystone20:53
bknudsonjust shows that our backend drivers aren't compatible20:53
dstanekmorgan: so lets fix it, not make it more meaningless20:53
dstanekthis is the pattern that i am used to: http://paste.openstack.org/show/430077/20:54
dstanekshared setUp is basically a no-no20:54
morgansee that just makes me unhappy.20:54
dstanekmorgan: i don't get why20:55
dstanekthe alternative you are talking about is even harder to understand because it's not how the tooling works20:55
morgandstanek: it's because of the way we initialize all the attributes on the test cases20:55
morganif we moved our initialization of stuff into a shared thing so we can tell what attrributes are on the test cases it would make me happier20:56
morganTestCase(object)20:56
bknudsonwe have a TestCase with a setUp, and then it calls methods overridden in the subclasses.20:56
*** raildo is now known as raildo-afk20:56
morgandoesn't have a ton of the stuff that basetest case setups20:56
morganso it's really painful to follow20:56
morganbecause setUp() in the base testcase adds all the self.identity_api etc20:57
dstanekbknudson: yeah, i truely hate that pattern because it causes use to do all sorts of dumb stuff20:57
morganthings20:57
*** pnavarro has joined #openstack-keystone20:57
*** ankita_wagh has joined #openstack-keystone20:57
bknudsonwe do all sorts of dumb stuff because we're too lazy to refactor20:57
dstanekin some subclass you have to load_backends *before* super().setUp and in some cases *after*20:58
morgandstanek: that I'm trying to fix.20:58
dstanekand the only way to know is to do it wrong and try again20:58
morgandstanek: once i fix the load_fixtures one to not be called 4000000 places20:58
morganthen load backends is next20:58
morgancall it once.20:58
morgannever more than once20:58
bknudsonsomehow the keystone server is able to get by calling load_backends only once.20:59
bknudsontests should be able to also20:59
morganbknudson:  the reason we do it in tests is because we call it on .setUP, then the test modifies config20:59
morganthen needs to reload20:59
dstanekbknudson: it's not changing its configuration are runtime a few hundred times20:59
morgani'm working on solving that20:59
bknudsonoops!21:00
morgani've isolated a chunk of those already, next is fix load_fixtures to only be callable once21:00
morganthen load_backends21:00
morgani've already made .reload_backends go away21:00
morgan(thankfully)21:00
bknudsonadd a check to the base test case to ensure load_backends is only called once21:00
morganbknudson: yep21:00
morganwill be doing that21:00
morgansame as I did for .config_overrides21:00
bknudsonnice21:00
morgan:)21:00
morganthe real culprit for all this uglyness is the ldap tests21:01
*** henrynash has joined #openstack-keystone21:01
*** ChanServ sets mode: +v henrynash21:01
*** thedodd has quit IRC21:01
*** tsymanczyk has quit IRC21:01
morganand the root of all this is to make it so we can isolate the ldap tests in a way to not need a clean reset midway through a test cases21:02
morganwhich will then open the door to allow us to not need a "clean" db every test case (functional testing!)21:02
*** thiagop has quit IRC21:04
dstanekuuuugggg.... that reminds me i have to finish up that commit for the stable driver interfaces21:06
lbragstaddolphm: re: https://mitakadesignsummit.sched.org/event/90e7afebccf16fcb30ab93f9b333afab#.Vd97Y9NVhBc didn't we already do that?21:07
*** pauloewerton has quit IRC21:08
morganlbragstad: somewhat, but it also doesn't hurt to hear what else people have done :)21:08
lbragstadmorgan: ++, so they *are* using PKIZ?21:09
morganyeah looks like21:09
lbragstadmorgan: cool, looks like I'm going to that one21:09
morganI totally plan to be at that one21:09
* lbragstad loves trolling the list of summit talks21:09
*** petertr7 is now known as petertr7_away21:09
dolphmlbragstad: switch to UUID!21:10
morgandolphm: UDID? wait i didn't think keystone was used on iOS or android >.>21:10
* morgan goes back under the rock.21:10
morganit's too warm out ... I feel loopy today21:10
dolphmmorgan: two factor, yo21:11
*** tsymanczyk has joined #openstack-keystone21:12
tonytan4everHi keystone folks, any boday can help me with an V3 authenticate issue?21:12
*** tsymanczyk is now known as Guest7435121:12
tonytan4everI am trying to post something to <my_keystone_server>/v3/auth/tokens21:13
tonytan4everAnd response I got is this:21:13
*** ankita_w_ has joined #openstack-keystone21:13
tonytan4ever{21:13
tonytan4ever  "error": {21:13
tonytan4ever    "message": "The request you have made requires authentication.",21:13
tonytan4ever    "code": 401,21:13
tonytan4ever    "title": "Unauthorized"21:13
tonytan4ever  }21:13
tonytan4ever}21:13
tonytan4everThe post body I am using is:21:13
lbragstadtonytan4ever: would you be able toput that in paste?21:13
lbragstadtonytan4ever: http://pasteraw.com21:13
tonytan4everSure21:14
lbragstadtonytan4ever: thank you :)21:14
tonytan4everThis is the post body: http://cdn.pasteraw.com/iftsn6r5l5rba9zo3s9iq2urea5azc921:14
tonytan4everAnd this is the response I got: http://cdn.pasteraw.com/jqookcxcgfaxc2qyi01uhjjuyyr4wlb21:15
tonytan4everWonder I missed anything there.21:15
openstackgerritMerged openstack/keystone: Enforce .config_overrides is called exactly once  https://review.openstack.org/21689221:15
*** ankita_wagh has quit IRC21:16
morganis it a post to /auth/tokens?21:18
* morgan checks quickly21:18
morganthat doesn't look right21:18
tonytan4everYes21:18
*** urulama has quit IRC21:18
morganoh i guess it is21:18
morgani've been looking at other bits so much i haven't done curl stuff lately21:18
*** urulama has joined #openstack-keystone21:18
morganor post that is.21:19
*** henrynash has quit IRC21:21
morgantonytan4ever: hm.21:21
tonytan4everAnything wrong I did there ?21:21
tonytan4evermorgan: ?21:21
morganthat looks well formed21:21
lbragstadtonytan4ever: can you verify that your user has a role on the default domain?21:21
morganwhat are you using to post the data? curl?21:21
dstanektonytan4ever: do you have access to the server logs to see if there is a hint there?21:22
tonytan4everPostman21:22
tonytan4everI am testing on a local docker keystone server.21:22
morganthe post body looks sane fwiw21:23
morganbut if somehow you're issuing a GET instead, that would be an error I would expect21:23
lbragstadtonytan4ever: see if you can get an unscoped token. http://cdn.pasteraw.com/epapqo0bjof10j34d6t0gdrv0fpozu21:23
morganlbragstad: that wont work21:23
dstanektonytan4ever: yeah, what does your curl command look like?21:23
morganlbragstad: auth via username21:23
morganlbragstad: the domain_id is used to identify the user not the scope21:24
morganthere21:24
lbragstadhttp://cdn.pasteraw.com/39ect846c5x4kl4rlclk89ev5k2goz921:24
morgandomain is in the user{} block21:24
lbragstadyep, fixed21:24
* morgan nods21:24
lbragstadmorgan: nice catch21:24
morganlbragstad:  ;)21:24
morganlbragstad: i'm occasionally useful for something.21:24
dstanektonytan4ever: also make sure the domain is enabled21:25
tonytan4everOK21:25
tonytan4everLet me try21:25
morgandstanek: context switch - would you prefer to call .use_fixture in setUp() where appropriate or do a .use_fixtures like we do with config_overrides21:26
tonytan4everThis time gets an 500 Internal Error21:26
tonytan4everLet me check the logs21:26
morgandstanek: where it is overridden but it means we call the fixture use at the same point each time (not the load_fixture, but lke ldapdb)21:26
morgantonytan4ever: yeah logs will help with that21:26
dstanekmorgan: i'd rather use it explicitly in the setup so that we don't run into the same templating issues we have now21:27
morganhm. ok some fixtures have to be used before we .super() up though.21:27
dstanekand for whatever reason it leads people to think they need to inherit for setup21:27
morgana lot of the issue is we rely on .setup to populate data21:28
morganso, if we didn't do that, a lot of these issues go away21:28
*** tjcocozz has quit IRC21:28
morgansince config has to be before we add data to the store21:29
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updating sample configuration file  https://review.openstack.org/21699821:29
dstanekmorgan: yeah, i started to break off tests that weren't using the backend or fixture data to directly use BaseTestCase and not have all that created on every run21:29
morgandstanek: well we have a bigger issue21:30
tonytan4everGot logs: http://cdn.pasteraw.com/hza9lt2dytfnpylkp1qz6b6kpl5v0du21:30
tonytan4everAnd the post body I got is:21:30
dstanekha, that doesn't surprise me!21:30
*** pnavarro has quit IRC21:30
morgandstanek: when we load data it's based on .load_backends which is based on config21:30
morgandstanek: so maybe we whittle this down to calling these in one place (templating issues known)21:30
morganthen start breaking it back up so we know what we're breaking out21:31
morganit's more work, but it at least will be more consistent than today?21:31
tonytan4everhttp://cdn.pasteraw.com/glfgpa1l1s4ze4n5y7u7w7yjlfl227d21:31
tonytan4everThis is the post body21:31
morgandstanek: i'm asking since I don't want to do a ton of work if it's really a bad idea21:31
morgantonytan4ever: you can't have domain: be a string21:32
morganthat should be a 400 not a 500 but that asign21:32
morganaside21:32
dstanekmorgan: that sounds like a good plan. i've been down many false paths trying to fix the tests21:32
morganlbragstad: ^ our validator isn't doing it's job21:32
dstanekmorgan: i'd find that what i really wanted to do was too insane for the current architecture21:32
morgandstanek: ok I'll isolate .use_fixture to one place in our path. and then isolate the .load_fixtures21:33
morganand .load_backends21:33
morganand i think that'll put us in a happier place to unwind the other issues21:33
morganand i'll make sure .use_fixtures is called only once (might cause slight up-tick in memory usage)21:33
morganand same with .load_backends and .load_fixtures21:33
dstanektonytan4ever: your example showed that domain was a dict. why did that change?21:34
lbragstadmorgan: you mean for /auth and /token paths?21:34
morganlbragstad: yeah see the 500 error when domain in the user block was a string21:34
dstanekmorgan: i didn't think we had schema yet for auth21:34
morgandstanek: ah we might not21:35
lbragstadmorgan: we don't have a schema for auth21:35
morganlbragstad: ahah we should fix that :)21:35
dstanekalright.... i need to walk away for a bit21:35
tonytan4everdstanek: That's the previous one. Now I am getting 40021:36
tonytan4everhttp://cdn.pasteraw.com/mm894xdt9rwag9h0396z3qlsf0zi4p621:36
lbragstadmorgan: we could introduce jsonschema validation on versionless auth?21:36
morganlbragstad: yes21:36
tonytan4everPost body and response are all in there.21:37
morganlbragstad:  100%21:37
tonytan4everSeems like I still need to put in domain in user dict21:37
morganyep expected 400. you need to swithc to the user_id in that syntax21:37
morgannot the username21:37
morganusername is unique within a domain21:37
lbragstadmorgan: we can mark that as a reason to do versionless auth instead of implementing two auth jsonschema validators, one for /auth and one for /token21:37
morganlbragstad: ++21:37
tonytan4everso id: <username>, like this ?21:38
morganid: <user_id>21:38
morganthe user_id would be a uuid if the user is in the SQL user db21:38
tonytan4everOk21:38
tonytan4everThis time goes back to 401 Unauthorized21:41
tonytan4everhttp://cdn.pasteraw.com/jfulyesc4ejdou6jmgjmbaomwenw9al21:41
*** ankita_wagh has joined #openstack-keystone21:44
*** HT_sergio has quit IRC21:44
tonytan4everNevermind, I got the password wrong. Now I got it working now.21:45
tonytan4everThanks a lot guys21:45
lbragstadtonytan4ever: good deal, glad you got it21:46
*** henrynash has joined #openstack-keystone21:47
*** ChanServ sets mode: +v henrynash21:47
*** ankita_w_ has quit IRC21:47
morgantonytan4ever: np!21:49
*** doug-fish has joined #openstack-keystone21:50
*** diazjf has left #openstack-keystone21:52
*** doug-fish has quit IRC21:54
lbragstadmarekd: jamielennox o/ I'd value any feedback you all have on this guy when you have a minute - https://review.openstack.org/#/c/214766/21:56
openstackgerritMichael Krotscheck proposed openstack/keystone: Added CORS support to Keystone  https://review.openstack.org/21638722:02
openstackgerritNina Goradia proposed openstack/keystone: Correct docstrings in resource/core.py  https://review.openstack.org/21740022:02
*** Guest74351 is now known as tsymanczyk_22:14
*** tsymanczyk_ is now known as Guest7549522:14
*** Guest75495 has quit IRC22:14
*** tsymanczyk has joined #openstack-keystone22:16
*** hrou has quit IRC22:16
*** mpmsimo has quit IRC22:19
*** csoukup has quit IRC22:19
*** pgbridge has quit IRC22:20
morgandstanek: ping re flask stuff...22:20
morgandstanek: or is it jamielennox at this point?22:20
* morgan is wants to see if we can get flask happily in liberty22:20
morganif possible22:20
*** zzzeek has quit IRC22:26
*** bknudson has quit IRC22:26
*** btully has joined #openstack-keystone22:26
*** gordc has quit IRC22:27
*** btully has quit IRC22:30
*** tonytan4ever has quit IRC22:36
*** Ephur has quit IRC22:36
dstanekmorgan: yes, i've been working on getting it shaped up22:39
morgandstanek: cool22:39
morgan:)22:39
morganjust checking in22:39
morganlet me know if i can do anything to help22:39
dstaneki'll let you know when i have more patches that need merged. if i get 2 or 3 queued up for a given branch i move on temporarily to another branch22:41
*** samleon has quit IRC22:42
*** samleon has joined #openstack-keystone22:43
*** stevemar has quit IRC22:50
*** edmondsw has quit IRC22:51
*** henrynash has quit IRC23:02
*** sigmavirus24 is now known as sigmavirus24_awa23:02
*** claudiub|2 has quit IRC23:09
*** shoutm has joined #openstack-keystone23:12
*** dims_ has joined #openstack-keystone23:18
jamielennoxmorgan: do we want this yet: https://review.openstack.org/#/c/217806/ ?23:19
morganno. i want a 1.x before it hits g-r (feel free to disagree with me)23:20
*** arunkant_ has quit IRC23:20
morganjamielennox: the 0.4.0 was so we can do a last pass before cutting 1.x incase we still have a "OMG THIS IS BROKEN" moment23:21
morganbut i don't see that being super likely23:21
jamielennoxmorgan: that was my understanding, i don't mind if we have it in g-r as i don't think anyone will pick it up23:21
jamielennoxi just saw it and was surprised23:21
jamielennoxi think SDK wants to do some proper testing with ti23:22
openstackgerritOpenStack Proposal Bot proposed openstack/keystone: Updated from global requirements  https://review.openstack.org/21450923:22
*** dims has quit IRC23:22
morgani think if we let 0.4.0 hit g-r we are going to be very stuck with it in the pre-1.0 form23:22
jamielennoxmorgan: i don't mind23:22
jamielennoxsounds ok to me23:22
morganso, i'll defer to you here. do we want 0.4.0 in g-r?23:23
morganor should we do one last pass with the ksc integration branch23:24
morganand then go 1.0 if nothing is out of whack23:24
morganbecause before it goes in g-r i want to remove the "WARNING THE APIs ARE GOING TO CHANGE"23:24
morganline23:24
morganfrom the readme23:24
jamielennoxmorgan: the ksc-integration branch is somewhat useless at this point anyway23:24
jamielennoxbecause we are breaking APIs23:25
jamielennoxi'm happy to wait till 1.023:25
jamielennoxSDK can get a requirements exception like the integration branch did23:25
morganok. how far from 1.0 do you think we are? I think maybe a couple minor patches.23:25
morgan?23:25
jamielennoxi need to fix up https://review.openstack.org/#/c/216512/23:26
jamielennoxumm23:26
jamielennoxand i still feel a little funny about the session loading stuff23:26
jamielennoxbut i don't have any other plans23:26
morgani thought we were going to hide session loading23:27
morganso we could use internally but not expose it23:27
jamielennoxmorgan: we need to provide something like session loading for CLIs and CONF23:28
jamielennoxi moved it under loading because everything else is there23:28
jamielennoxi'm thinking the best way to do it for now is have just the register and load methods as standalone methods and completely hide the details23:31
morganok23:31
jamielennoxergh, there's a reason that stuff is on the class for session23:33
*** dims_ has quit IRC23:38
*** hrou has joined #openstack-keystone23:48
openstackgerritJamie Lennox proposed openstack/keystoneauth: Remove plugin.load_from_conf_options and argparse  https://review.openstack.org/21651223:49
openstackgerritJamie Lennox proposed openstack/keystoneauth: Give easy entry points for session loading  https://review.openstack.org/21797223:49
jamielennoxmorgan: that would make me happy enough regarding session loading i think ^23:49
morganlet me take a look23:50
morganthose look good to me23:51
morganprovided jenkins doesn't really complain23:51
jamielennoxi'm not sure it's perfect, but i don't think perfect is the goal - they should work for what we ned23:51
morgannod23:52
« Wednesday, 2015-08-26 Index Friday, 2015-08-28 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!