Thursday, 2017-03-09

« Wednesday, 2017-03-08 Index Friday, 2017-03-10 »
*** david-lyle has joined #openstack-keystone00:08
*** david-lyle has quit IRC00:15
*** lamt has quit IRC00:18
*** browne has quit IRC00:18
openstackgerritMerged openstack/keystoneauth master: Remove pbr warnerrors in favor of sphinx check  https://review.openstack.org/43979700:22
*** thorst has joined #openstack-keystone00:25
*** spzala has joined #openstack-keystone00:25
*** dave-mccowan has joined #openstack-keystone00:26
*** thorst has quit IRC00:29
openstackgerritMerged openstack/keystoneauth master: Allow users to specify request matchers in Betamax  https://review.openstack.org/44325400:35
*** catintheroof has quit IRC00:46
*** zhurong has joined #openstack-keystone00:47
*** Shunli has joined #openstack-keystone00:50
*** ngupta has quit IRC00:53
*** david-lyle has joined #openstack-keystone00:54
*** ngupta has joined #openstack-keystone00:54
*** david-lyle has quit IRC00:54
*** ngupta has quit IRC00:59
*** dave-mccowan has quit IRC01:02
*** thorst has joined #openstack-keystone01:02
openstackgerritMerged openstack/keystoneauth master: Updated from global requirements  https://review.openstack.org/43931701:11
*** liujiong has joined #openstack-keystone01:11
*** namnh has joined #openstack-keystone01:21
openstackgerritMerged openstack/keystone master: Remove pbr warnerrors in favor of sphinx check  https://review.openstack.org/43967401:21
*** MasterOfBugs has quit IRC01:22
*** adrian_otto has quit IRC01:46
*** dave-mcc_ has joined #openstack-keystone01:50
*** david-lyle has joined #openstack-keystone01:52
*** guoshan has joined #openstack-keystone02:00
*** thorst has joined #openstack-keystone02:03
*** thorst has quit IRC02:08
*** spzala has quit IRC02:10
*** phalmos_ has quit IRC02:12
*** markvoelker has quit IRC02:23
*** erlon has quit IRC02:25
*** knangia has quit IRC02:31
*** rderose has quit IRC02:38
*** ngupta has joined #openstack-keystone02:39
*** ngupta has quit IRC02:41
*** ngupta has joined #openstack-keystone02:42
*** dave-mcc_ has quit IRC02:54
*** thorst has joined #openstack-keystone02:54
*** thorst has quit IRC02:54
*** namnh_ has joined #openstack-keystone02:54
*** namnh has quit IRC02:56
*** ravelar has quit IRC02:57
*** prashkre has joined #openstack-keystone03:01
*** nicolasbock has joined #openstack-keystone03:10
*** frontrunner has joined #openstack-keystone03:15
*** thorst has joined #openstack-keystone03:16
*** thorst has quit IRC03:17
*** nicolasbock has quit IRC03:19
*** markvoelker has joined #openstack-keystone03:24
*** markvoelker has quit IRC03:29
*** guoshan has quit IRC03:46
*** namnh_ has quit IRC03:59
*** frontrunner has quit IRC04:05
*** jamielennox is now known as jamielennox|away04:13
*** links has joined #openstack-keystone04:17
*** thorst has joined #openstack-keystone04:17
*** thorst has quit IRC04:22
*** chris_hultin|AWA is now known as chris_hultin04:24
*** prashkre has quit IRC04:24
*** prashkre has joined #openstack-keystone04:24
*** markvoelker has joined #openstack-keystone04:25
*** guoshan has joined #openstack-keystone04:26
*** markvoelker has quit IRC04:29
*** guoshan has quit IRC04:31
*** chris_hultin is now known as chris_hultin|AWA04:43
*** prashkre has quit IRC04:43
*** jamielennox|away is now known as jamielennox04:47
*** ravelar has joined #openstack-keystone04:54
*** Trident has quit IRC05:13
*** thorst has joined #openstack-keystone05:18
*** ngupta has quit IRC05:19
*** ngupta has joined #openstack-keystone05:20
*** guoshan has joined #openstack-keystone05:21
*** thorst has quit IRC05:23
*** ngupta has quit IRC05:24
*** guoshan has quit IRC05:25
*** markvoelker has joined #openstack-keystone05:25
*** jose-phillips has quit IRC05:30
*** markvoelker has quit IRC05:30
*** adriant has quit IRC05:50
*** links has quit IRC06:04
openstackgerritGage Hugo proposed openstack/keystone-specs master: Add Project tags  https://review.openstack.org/43178506:12
*** edmondsw has joined #openstack-keystone06:13
*** guoshan has joined #openstack-keystone06:15
*** links has joined #openstack-keystone06:16
*** murugesh_ has joined #openstack-keystone06:16
murugesh_ Hi There, I have configured swift mitaka on centos 706:17
*** edmondsw has quit IRC06:17
murugesh_when i run "swift stat --debug" command on keystone server06:18
*** prashkre has joined #openstack-keystone06:19
murugesh_i get 503 service unavailable error06:19
*** thorst has joined #openstack-keystone06:19
*** guoshan has quit IRC06:19
murugesh_when i check log of /var/log/swift/swift.log i see below error06:20
murugesh_ proxy-server: Unable to validate token: Identity server rejected authorization necessary to fetch token data06:21
*** thorst has quit IRC06:24
*** henrynash has joined #openstack-keystone06:35
*** jose-phillips has joined #openstack-keystone06:37
*** venki1 has joined #openstack-keystone06:39
*** rrr has joined #openstack-keystone06:40
*** venki1 has left #openstack-keystone06:42
*** rrr has quit IRC06:42
*** richm has quit IRC06:43
*** rcernin has joined #openstack-keystone06:44
*** henrynash has quit IRC06:53
*** links has quit IRC06:58
*** guoshan has joined #openstack-keystone07:09
*** jamielennox is now known as jamielennox|away07:09
*** jose-phillips has quit IRC07:12
*** guoshan has quit IRC07:13
*** links has joined #openstack-keystone07:15
*** thorst has joined #openstack-keystone07:20
*** jose-phillips has joined #openstack-keystone07:20
*** tesseract has joined #openstack-keystone07:22
*** thorst has quit IRC07:24
*** h5t4_ has joined #openstack-keystone07:25
*** jamielennox|away is now known as jamielennox07:27
*** guoshan has joined #openstack-keystone07:44
*** Jack_I has joined #openstack-keystone07:58
*** prashkre has quit IRC08:00
openstackgerritMorgan Fainberg proposed openstack/keystoneauth master: Remove unused test requirement pycrypto  https://review.openstack.org/44331808:06
*** guoshan has quit IRC08:08
*** guoshan has joined #openstack-keystone08:17
*** thorst has joined #openstack-keystone08:21
*** thorst has quit IRC08:25
*** pnavarro has joined #openstack-keystone08:26
*** jaosorior has joined #openstack-keystone08:28
openstackgerritTuan Luong-Anh proposed openstack/keystonemiddleware master: Indicating the location tests directory in oslo_debug_helper  https://review.openstack.org/44348708:34
*** henrynash has joined #openstack-keystone08:37
*** henrynash has quit IRC08:41
*** henrynash has joined #openstack-keystone08:44
*** prashkre has joined #openstack-keystone08:45
*** markvoelker has joined #openstack-keystone08:46
*** guoshan has quit IRC08:54
*** guoshan has joined #openstack-keystone08:56
*** zzzeek has quit IRC09:00
*** zzzeek has joined #openstack-keystone09:02
*** pnavarro has quit IRC09:04
*** thorst has joined #openstack-keystone09:22
*** Dave____ has joined #openstack-keystone09:24
*** namnh has joined #openstack-keystone09:26
*** Dave has quit IRC09:29
*** Dave____ is now known as Dave09:29
*** thorst has quit IRC09:31
*** Shunli has quit IRC09:31
*** guoshan has quit IRC09:34
*** guoshan has joined #openstack-keystone09:34
*** pnavarro has joined #openstack-keystone09:43
*** edmondsw has joined #openstack-keystone09:50
*** edmondsw has quit IRC09:54
*** namnh has quit IRC10:06
*** tovin07 has quit IRC10:11
*** richm has joined #openstack-keystone10:14
*** liujiong has quit IRC10:19
*** edmondsw has joined #openstack-keystone10:22
*** edmondsw has quit IRC10:26
openstackgerritMerged openstack/keystoneauth master: Remove unused test requirement pycrypto  https://review.openstack.org/44331810:27
*** Jack_I has quit IRC10:28
*** Jack_I has joined #openstack-keystone10:29
*** guoshan has quit IRC10:33
*** mvk has quit IRC10:48
*** henrynash has joined #openstack-keystone11:05
*** mvk has joined #openstack-keystone11:27
*** thorst has joined #openstack-keystone11:28
*** nicolasbock has joined #openstack-keystone11:32
*** markvoelker has quit IRC11:33
*** thorst has quit IRC11:33
*** prashkre has quit IRC11:41
*** raildo has joined #openstack-keystone12:01
*** prashkre has joined #openstack-keystone12:03
*** zhurong has quit IRC12:08
*** henrynash has quit IRC12:14
*** henrynash has joined #openstack-keystone12:17
*** rdo has joined #openstack-keystone12:20
*** henrynash has quit IRC12:20
*** rdo_ has quit IRC12:22
*** thorst has joined #openstack-keystone12:37
*** thiagolib has joined #openstack-keystone12:52
*** dave-mccowan has joined #openstack-keystone12:57
*** jaosorior is now known as jaosorior_brb13:03
*** edmondsw has joined #openstack-keystone13:12
*** frontrunner has joined #openstack-keystone13:20
*** murugesh_ has quit IRC13:29
*** chlong_ has joined #openstack-keystone13:33
*** lamt has joined #openstack-keystone13:58
*** spilla has joined #openstack-keystone13:59
lbragstadsigmavirus https://review.openstack.org/#/c/443661/14:26
*** lamt has quit IRC14:27
*** lamt has joined #openstack-keystone14:31
*** links has quit IRC14:35
*** jaosorior_brb is now known as jaosorior14:43
*** adrian_otto has joined #openstack-keystone14:45
*** ngupta has joined #openstack-keystone14:48
*** lamt has quit IRC14:53
*** prashkre has quit IRC15:06
*** thorst is now known as thorst_afk15:06
*** lamt has joined #openstack-keystone15:09
*** spzala has joined #openstack-keystone15:15
*** ravelar has quit IRC15:16
*** chlong_ has quit IRC15:17
*** rderose has joined #openstack-keystone15:18
*** agrebennikov has joined #openstack-keystone15:20
*** rderose has quit IRC15:23
*** rderose has joined #openstack-keystone15:24
*** ravelar has joined #openstack-keystone15:27
*** adrian_otto has quit IRC15:32
openstackgerritRichard Avelar proposed openstack/keystone master: Validate rolling upgrade is run in order  https://review.openstack.org/43744115:33
lbragstadnotmorgan jamielennox quick question on ksc, we talked about deprecating it at the PTG15:40
notmorganI said I'd like to.15:40
notmorgandon't thing we can15:40
notmorganthink*15:40
lbragstadnotmorgan jamielennox but if i remember the deprecations session correctly, deprecating ksc is contingent on talking to dtroyer_zz and mordred ?15:40
notmorganif shade and OSC stop using it... poasible15:41
lbragstadnotmorgan did that conversation happen?15:41
notmorganwell, me for shade15:41
notmorganand that is happening.15:41
notmorganiirc dtroyer_zz wasn't opposed.15:42
notmorganbut it is a ton of work15:42
lbragstadok - that's what i figured15:42
lbragstadi was just looking through some of the python-keystoneclient reviews and wondering if some of them were still applicable if our plan is to deprecate it15:43
openstackgerritRichard Avelar proposed openstack/keystone master: Validate rolling upgrade is run in order  https://review.openstack.org/43744115:43
notmorganI would love to just let ksc not get new code and push on dropping it completely.15:44
notmorganI don't know how viable that is.15:44
lbragstadright15:44
lbragstaddoesn't sound like we can do that until we know work will be done in shade and osc to not use ksc15:44
notmorganshade is actively in process15:44
lbragstadcool - do you think that is something that will be done this release?15:45
notmorganI am working on fixing tests, once that is done, actual calls will be fixed15:45
mordredyah. notmorgan will have ksc erradicated soon :)15:45
lbragstadnot that it needs to, i'm just curious15:45
notmorgangod I hope so15:45
lbragstadok - cool15:45
notmorganif it isn't done early in this cycle I'm quitting keystone core15:45
* mordred hands notmorgan an extra pie15:45
notmorganmy eyes will be bleeding too much15:45
mordrednotmorgan: who needs eyes?15:46
notmorganI won't be able to review code anymore or write it :P15:46
mordrednotmorgan: dictation?15:46
lbragstadso it sounds like we really just need to follow up with dtroyer_zz15:46
bretonhuh15:47
mordrednotmorgan: speaking of: https://review.openstack.org/#/c/443693/ is an occ patch that fixes a ksc workaround we have in occ15:47
bretonhow do i get a list of projects without ksc?15:47
lbragstadbreton osc15:47
mordredbreton: either use OSC or shade or REST15:47
lbragstadwhich would have to be changed to call keystone directly instead of relying on ksc15:47
mordredyup15:47
bretonbut15:47
bretonwhy15:47
lbragstadbecause its another library we have to maintain that doesn't really buy us much15:48
mordredyah - and osc is the command line tool - there's no need to have two15:48
mordredother than hysterical raisins15:48
notmorgan"hey Google, write some.code" "line break, line break, Dee ee eff space make underscore keystone underscore endpoint open paren self..."15:48
notmorganmordred lbragstad ++15:49
notmorganwell we don't have CLI in ksc15:49
bretonand nobody uses it to query stuff from their python scripts?15:50
notmorganthat was killed a while ago, KSC for thin wrapping of the API and provides next to zero value15:50
notmorganuse rest or shade15:50
mordredyah - basically ALL of the python client library wrappers actually  make things more complex than add value15:50
mordred++15:50
rodrigodswow15:51
lbragstadand when you have as many projects under the openstack umbrella as we do - it might be arguable better to not have all those thin wrappers everywhere15:51
rodrigodsyou are all rebels15:51
notmorgan++15:52
notmorganshade is a great wrapper if you need it15:52
notmorganif you don't, use the rest API.15:53
*** larsks has joined #openstack-keystone15:53
notmorganshade provides real value as it fixes cloud differences. we don't need two (or a ton) of things doing that15:53
rodrigods^ that's basically how tempest does15:53
notmorganif KSC had done that at some point, shade might not have existed. it exists now though, so let's drop KSC :)15:54
rodrigodsi mean, uses the rest API15:54
larsksI have a keystone server that reports api version 3.4.  My client is calling /v3/role_assignments?include_names=True, but is not getting any names in the response. Was that feature added post-3.4?15:54
mordredrodrigods: yup. turns out using the REST API works really well15:55
mordredrodrigods: unless you have to deal with a bunch of different cloud versions all at the same time - in which case, like notmorgan said, you probably want shade anyway15:55
rodrigodsmordred, hmm15:56
dolphmlarsks: this says include_names was introduced in 3.6 https://developer.openstack.org/api-ref/identity/v3/?expanded=list-roles-detail,list-role-assignments-detail#list-role-assignments15:56
knikollao/15:57
larsksdolphm: ah, thanks. I was looking at the "new in..." details at the top of the page and missed the per-call notation.15:57
*** rcernin has quit IRC15:58
*** jaosorior has quit IRC15:59
*** chris_hultin|AWA is now known as chris_hultin16:00
bretonwho's going to fix all the http://codesearch.openstack.org/?q=from%20keystoneclient%20import&i=nope&files=&repos= ?16:02
dolphmbreton: +116:03
breton"import keystoneclient" shows 236 files16:04
breton"from keystoneclient" 976 files16:05
*** links has joined #openstack-keystone16:07
lbragstadyeah - if this is something we end up doing, it certainly isn't going to happen overnight16:09
lbragstaddstanek are you still not a fan of the design here? https://review.openstack.org/#/c/261188/2316:10
*** h5t4_ has quit IRC16:11
dstaneklbragstad: yeah. it's a hacky way to do it16:11
lbragstaddstanek i haven't reviewed it in a long time - trying to catch back up on it now16:14
mordredlbragstad, breton: well, a non-zero number of those are in keystoneclient, deb-keystoneclient, keystonemiddleware and deb-keystonemiddleware :)16:14
mordredso there's work for sure, but some of it may fall out naturally16:15
rderosenotmorgan samueldmq: "Security Hardening: PCI DSS and security compliance within Keystone" (Accepted)16:17
dstaneklbragstad: i can't look at it anymore. the thought of it makes me cry and seeing the code may make my eyes bleed.16:17
lbragstaddstanek what the biggest thing you don't agree with about the design?16:18
*** jaosorior has joined #openstack-keystone16:19
dstanekadding attributes to the python builtin types16:20
dstaneklbragstad: if we plan on deprecating it anyway we don't need this change right?16:21
*** aasthad has joined #openstack-keystone16:22
lbragstaddstanek well - i assume if we deprecate ksc, then we'll have to put some equivalent into osc16:22
lbragstaddoes osc already do this?16:22
openstackgerritRichard Avelar proposed openstack/keystone master: Add group_members_are_ids to whitelisted options  https://review.openstack.org/44204816:23
dstaneklbragstad: we wouldn't have to. we're already providing the header in the response16:24
dstaneki hope they wouldn't implement it with this sort of design16:24
lbragstaddstanek oh - so for osc this isn't a problem16:25
dolphmdstanek: what patch are you talking about?16:25
lbragstaddolphm https://review.openstack.org/#/c/26118816:25
dstaneklbragstad: if they don't expose it then they may have some work to do, but this wouldn't change that16:26
dolphmoh, this conversation16:26
dolphmman, this is old16:26
lbragstadi know :(16:27
dstanekdolphm: when will it end?16:27
dolphmdstanek: whenever you end it16:27
lbragstadthat's why i want to come to consensus on it16:27
dolphmi 100% defer to dstanek on that patch16:27
lbragstaddolphm you seemed ok with the patch in previous reviews16:27
dolphmlbragstad: and then i listened to dstanek and backed away slowly16:28
lbragstadbah16:28
lbragstaddstanek so - your issue is solely based on the design of the approach and not the problem itself?16:29
dstaneklbragstad: yes. i proposed an alternative solution. i just need to finish tests for it16:30
lbragstadok - cool16:30
dstanekat PTG we discussed this would be a good way forward if we were still keeping ksc.16:31
*** adrian_otto has joined #openstack-keystone16:31
samueldmqrderose: notmorgan \o/16:38
*** thorst_afk is now known as thorst16:38
rderosesamueldmq: you got the "live" demo portion ;)16:38
rderosehaha16:39
*** knangia has joined #openstack-keystone16:39
lbragstaddstanek cool - well i updated with my comments16:40
lbragstaddstanek thanks for filling me in!16:40
samueldmqrderose: ok, now we will have a demo which will be using a machine entirely setup by the engineer who developed these features!16:41
rderosehaha16:41
samueldmqso.... it's not my fault if it doesn't work as expected. thanks ron16:41
*** spzala has quit IRC16:46
*** browne has joined #openstack-keystone16:55
*** phalmos has joined #openstack-keystone16:56
*** lucasxu has joined #openstack-keystone16:57
openstackgerritMerged openstack/keystone master: Add in-code comment to clarify pattern in tests  https://review.openstack.org/44118717:05
openstackgerritMerged openstack/keystone master: Fix the typo  https://review.openstack.org/44351217:06
openstackgerritMerged openstack/keystone master: Test for fernet rotation recovery after disk full  https://review.openstack.org/44255417:06
*** 7GHAAIPWH has joined #openstack-keystone17:06
*** lucasxu has quit IRC17:08
*** markvoelker has joined #openstack-keystone17:08
openstackgerritMerged openstack/keystone master: Fix the s3tokens endpoint  https://review.openstack.org/43701217:08
* dtroyer_zz in a short break…17:08
dtroyer_zzdropping KSC has to have a replacement for OSC… I'm not sure we want to use shade in OSC, and it seems goofy to do the REST wrappers twice…17:09
timburkethanks rderose!17:09
dtroyer_zzI would totally be in favor of ksc-lite that only takes a Session object and goes and does the REST work17:10
dtroyer_zzlbragstad, mordred, notmorgan ^^^17:11
*** ngupta has quit IRC17:11
lbragstaddtroyer_zz is that something we could do with ksa?17:11
*** mvk has quit IRC17:12
*** ngupta has joined #openstack-keystone17:12
notmorganlbragstad: it couldn't be baked into ksa17:13
*** ravelar1 has joined #openstack-keystone17:15
*** lucasxu has joined #openstack-keystone17:17
*** lucasxu has quit IRC17:17
*** ngupta has quit IRC17:18
rderosetimburke: you bet!17:18
*** ngupta has joined #openstack-keystone17:18
*** prashkre has joined #openstack-keystone17:20
lbragstadnotmorgan dtroyer_zz got it17:23
lbragstaddtroyer_zz notmorgan so moving forward all ksc would only be a super thin wrapper?17:24
lbragstador is that something that should live in osc?17:24
*** jaugustine has joined #openstack-keystone17:26
*** jaosorior has quit IRC17:29
lbragstadknikolla do we have a release note going somewhere for the removal of the LDAP write stuff?17:33
*** jaugustine has quit IRC17:37
dtroyer_zzI'll do it in OSC if nobody else wants to use it17:40
lbragstaddtroyer_zz cool - that'd be awesome17:41
*** tesseract has quit IRC17:42
lbragstaddtroyer_zz best way to communicate that? mailing list?17:43
*** ngupta has quit IRC17:43
*** ngupta has joined #openstack-keystone17:43
*** mvk has joined #openstack-keystone17:47
*** prashkre has quit IRC17:48
*** browne has quit IRC17:50
*** prashkre has joined #openstack-keystone17:51
*** lucasxu has joined #openstack-keystone17:58
*** links has quit IRC18:04
*** adrian_otto has quit IRC18:05
*** 7GHAAIPWH has quit IRC18:08
*** 7IZAAPDYC has joined #openstack-keystone18:09
openstackgerritMerged openstack/keystone master: Change is_admin_project to False by default  https://review.openstack.org/43803518:19
*** browne has joined #openstack-keystone18:36
*** ngupta has quit IRC18:36
*** ngupta has joined #openstack-keystone18:37
knikollalbragstad: yes https://github.com/openstack/keystone/blob/master/releasenotes/notes/removed-as-of-ocata-436bb4b839e74494.yaml#L6-L718:44
*** henrynash has joined #openstack-keystone18:50
*** thiagolib has quit IRC18:51
*** 7IZAAPDYC has quit IRC18:54
lbragstadknikolla ah - sweet18:54
*** henrynash_ has joined #openstack-keystone18:54
lbragstadknikolla i didn't know that was there - thanks!18:54
*** henrynash has quit IRC18:55
*** henrynash_ is now known as henrynash18:55
*** adrian_otto has joined #openstack-keystone18:55
*** h5t4 has joined #openstack-keystone18:55
*** henrynash has quit IRC18:59
lbragstadravelar1 o/18:59
*** henrynash has joined #openstack-keystone18:59
ravelar1lbragstad o/19:00
lbragstadabout https://review.openstack.org/#/c/371165/ ?19:00
lbragstadravelar1 maybe a better place to start is to see if https://bugs.launchpad.net/keystone/+bug/1511775 is still applicable19:00
openstackLaunchpad bug 1511775 in OpenStack Identity (keystone) "Revoking a role revokes the unscoped token for a user" [Medium,In progress]19:00
lbragstadI assume it is, but updating it with fresh information might not be a bad idea since a lot as changed in the token provider19:01
ravelar1lbragstad well, worked on it 7 months ago but after the performance gain in revocations with https://review.openstack.org/#/c/382107/19:01
ravelar1I wasn't sure if it was still necessary19:01
ravelar1lbragstad, ah I will check it out19:02
lbragstadravelar1 yeah - that's the big question, because according to https://bugs.launchpad.net/keystone/+bug/1511775 a fix is still necessary if we're revoking unscoped tokens on role removal19:02
openstackLaunchpad bug 1511775 in OpenStack Identity (keystone) "Revoking a role revokes the unscoped token for a user" [Medium,In progress]19:02
*** henrynash has quit IRC19:04
ravelar1lbragstad hmm I remember the reason I was given https://review.openstack.org/#/c/371165/ initially was for revocation performance19:04
ravelar1lbragstad however, that bug reminds me of something else I looked at that was really similar to this bug that I solved a few months ago. Let me see if I can find it19:04
lbragstadravelar1 yeah - that was a problem, but the patch you landed should have mitigated a lot of those specific issues19:05
lbragstadravelar1 https://bugs.launchpad.net/keystone/+bug/1511775 is more about an issue with revocation and token validation - it doesn't really have much to do with performance19:05
openstackLaunchpad bug 1511775 in OpenStack Identity (keystone) "Revoking a role revokes the unscoped token for a user" [Medium,In progress]19:05
ravelar1lbragstad right, ahh I remember now, what I had looked at that involved a bug for revoking was deleting a group revoked all user tokens19:06
ravelar1lbragstad let me look into this19:06
lbragstadrevoking an unscoped token because a user had a role removed from a project is poor user experience19:06
lbragstadravelar1 yeah - there was a patch recently that closed that specific issue19:07
lbragstadravelar1 it was solved by not persisting the revocation event at all19:07
ravelar1lbragstad yeah I worked on that lol19:07
lbragstadravelar1 ok yeah, i thought you did19:07
lbragstadmy guess is that we should be able to solve https://bugs.launchpad.net/keystone/+bug/1511775 with a similar pattern19:08
openstackLaunchpad bug 1511775 in OpenStack Identity (keystone) "Revoking a role revokes the unscoped token for a user" [Medium,In progress]19:08
ravelar1lbragstad I'm on board19:08
lbragstad(by relying on the roles calculated at validation time instead of a revocation event)19:08
lbragstadideally - there is nothing stopping us from *not* persisting any more role+project or role+domain revocation events, since they are not irrelevant with how we do token validation now19:09
lbragstadat least as far as i can tell19:09
ravelar1lbragstad I see. I don't have much time before meetings hit today, would it be okay if I play with this till then and get back to you tomorrow?19:09
lbragstadravelar1 yeah - no rush19:09
ravelar1lbragstad have to get reacquainted with this old stuff lol19:10
lbragstadravelar1 i was more or less just throwing it out there so that we don't forget about it19:10
ravelar1lbragstad good call, I already had19:10
lbragstadthat's also all the more reason to finishing knocking out the remaining bits of revocation clean up19:10
ravelar1lbragstad yeah especially given that we've cleaned up revocations and token provider since then19:11
lbragstadright19:11
ravelar1kk im on it19:11
lbragstadravelar1 thanks!19:12
ravelar1lbragstad np! happy to help19:13
*** david-lyle has quit IRC19:14
*** ngupta has quit IRC19:14
*** ngupta has joined #openstack-keystone19:15
*** MasterOfBugs has joined #openstack-keystone19:26
*** h5t4 has quit IRC19:27
*** h5t4 has joined #openstack-keystone19:28
*** ngupta has quit IRC19:31
*** ngupta has joined #openstack-keystone19:32
*** ngupta_ has joined #openstack-keystone19:44
*** ngupta has quit IRC19:45
*** adrian_otto1 has joined #openstack-keystone19:52
*** david-lyle has joined #openstack-keystone19:53
robcresswellayoung, crinkle, david-lyle, dolphm, dstanek, edtubill, kenji-i, knikolla, lbragstad, r1chardj0n3s, rderose, robcresswell, stevemar <- Keystone/Horizon meeting reminder. 5 mins in #openstack-meeting-cp19:53
dstanekrobcresswell: aye19:54
dstaneki like the 5 minute warning19:54
robcresswelldstanek: Its in the etherpad, thought I might as well use it19:55
robcresswellProbably just be a quick one this week though19:55
*** adrian_otto has quit IRC19:56
lbragstadrobcresswell o/ thanks19:56
*** henrynash has joined #openstack-keystone20:02
*** ayoung has quit IRC20:03
*** henrynash has quit IRC20:06
knikollalbragstad: thanks for reviewing the ldap patch. i responded to your comments.20:09
lbragstadknikolla yep - i'll update my review since the main concerns i had were around the release note20:12
*** chris_hultin is now known as chris_hultin|AWA20:14
notmorgandolphm: answered your question re the sql model mixin. but in short, unless we can guarantee the test has loaded all the models at that point (import) we can't guarantee the whitelist20:14
notmorgandolphm: i am trying some work with metaclasses, but it will require some restructuring. i think it is safe to do the restructuring actually, since we always use one of the mixins.20:15
*** adriant has joined #openstack-keystone20:19
openstackgerritAnusha Unnam proposed openstack/oslo.policy master: Seperate each policy rule with new line  https://review.openstack.org/44333220:20
*** Anticimex has quit IRC20:21
*** dave-mccowan has quit IRC20:30
*** Anticimex has joined #openstack-keystone20:31
*** Anticimex has quit IRC20:40
*** Anticimex has joined #openstack-keystone20:40
*** ayoung has joined #openstack-keystone20:42
*** ngupta has joined #openstack-keystone20:44
*** dave-mcc_ has joined #openstack-keystone20:47
*** ngupta_ has quit IRC20:47
*** chlong_ has joined #openstack-keystone20:47
*** raildo has quit IRC20:51
*** frontrunner has quit IRC20:57
cmurphystevemar: notmorgan I found a fun bug in ldappool if you have time to take a look https://review.openstack.org/#/c/443264/20:59
*** chris_hultin|AWA is now known as chris_hultin21:00
notmorgancmurphy: easy +2/+A21:01
cmurphyty notmorgan21:02
*** henrynash has joined #openstack-keystone21:03
openstackgerritMerged openstack/ldappool master: Don't call start_tls_s() twice  https://review.openstack.org/44326421:05
*** ayoung has quit IRC21:06
*** Jack_I has quit IRC21:10
*** gyee has joined #openstack-keystone21:11
*** henrynash has quit IRC21:14
*** prashkre has quit IRC21:15
*** Guest88274 has joined #openstack-keystone21:19
*** Guest88274 has quit IRC21:19
*** henrynash has joined #openstack-keystone21:21
*** adriant has quit IRC21:21
*** henrynash has quit IRC21:23
*** jaosorior has joined #openstack-keystone21:25
*** ngupta_ has joined #openstack-keystone21:27
*** ngupta has quit IRC21:31
*** ngupta_ has quit IRC21:32
*** jaosorior has quit IRC21:33
*** dave-mcc_ has quit IRC21:36
gagehugodoes anyone know if speakers are getting a free ticket for the boston summit?21:36
*** ayoung has joined #openstack-keystone21:40
*** dave-mccowan has joined #openstack-keystone21:45
*** jose-phi_ has joined #openstack-keystone21:51
*** gyee has quit IRC21:51
*** aojea has joined #openstack-keystone21:52
*** jose-phillips has quit IRC21:52
knikollagagehugo: yes they do21:55
brownegagehugo: you get a free ticket if you attend the PTG also21:57
gagehugook wasn't sure if they changed that or not22:00
gagehugoI know they changed how ATC discounts worked22:00
*** adriant has joined #openstack-keystone22:03
*** edmondsw has quit IRC22:03
*** ayoung has quit IRC22:03
*** ravelar has quit IRC22:05
*** jose-phi_ has quit IRC22:14
*** jose-phillips has joined #openstack-keystone22:19
*** gyee has joined #openstack-keystone22:24
*** adrian_otto1 has quit IRC22:28
*** adrian_otto has joined #openstack-keystone22:30
*** lucasxu has quit IRC22:31
*** edmondsw has joined #openstack-keystone22:33
*** edmondsw has quit IRC22:38
*** thorst has quit IRC22:39
*** catintheroof has joined #openstack-keystone22:39
*** jamielennox is now known as jamielennox|away22:42
*** jamielennox|away is now known as jamielennox22:45
*** gyee has quit IRC22:48
*** adrian_otto has quit IRC22:49
*** blancos has joined #openstack-keystone22:50
*** obedmr has left #openstack-keystone22:50
*** spilla has quit IRC22:54
*** blancos has quit IRC22:56
*** simondodsley has quit IRC22:57
*** gyee has joined #openstack-keystone23:00
*** thorst has joined #openstack-keystone23:03
*** gyee has quit IRC23:04
*** aojea has quit IRC23:05
*** gyee has joined #openstack-keystone23:07
*** thorst has quit IRC23:07
*** ravelar1 is now known as ravelar23:08
*** chlong_ has quit IRC23:21
*** ngupta has joined #openstack-keystone23:25
*** h5t4 has quit IRC23:26
*** h5t4 has joined #openstack-keystone23:28
*** gyee has quit IRC23:33
*** guoshan has joined #openstack-keystone23:34
*** phalmos has quit IRC23:36
*** ayoung has joined #openstack-keystone23:37
*** dave-mccowan has quit IRC23:43
*** h5t4 has quit IRC23:43
*** larsks has left #openstack-keystone23:46
*** MasterOfBugs has quit IRC23:53
*** MasterOfBugs has joined #openstack-keystone23:53
« Wednesday, 2017-03-08 Index Friday, 2017-03-10 »

Generated by irclog2html.py 2.14.0 by Marius Gedminas - find it at mg.pov.lt!