Wednesday, 2017-08-16

*** edmondsw has quit IRC		00:00
*** lwanderley has joined #openstack-keystone		00:06
*** lwanderley has quit IRC		00:06
*** catintheroof has joined #openstack-keystone		00:23
*** lucasxu has joined #openstack-keystone		00:24
*** markvoelker has quit IRC		00:30
*** dave-mccowan has quit IRC		00:38
*** thorst has joined #openstack-keystone		00:42
*** aojea has quit IRC		00:49
lbragstad	mjax: good to hear!	00:52
*** lucasxu has quit IRC		00:54
*** zhurong has joined #openstack-keystone		00:58
openstackgerrit	zhiguo.li proposed openstack/keystone master: Add the step to create a domain https://review.openstack.org/493729	01:03
openstackgerrit	Merged openstack/keystone master: Remove deprecation of domain_config_upload https://review.openstack.org/492694	01:06
lbragstad	yep	01:09
* lbragstad goes back to the proper window		01:10
*** lucasxu has joined #openstack-keystone		01:11
*** lucasxu has quit IRC		01:13
*** aselius has quit IRC		01:22
*** dave-mccowan has joined #openstack-keystone		01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	01:31
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add test the exposes duplicate roles in token https://review.openstack.org/489647	01:32
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	01:34
lbragstad	closes another bug we can include for rc2 ^	01:34
*** dave-mcc_ has joined #openstack-keystone		01:37
*** dave-mccowan has quit IRC		01:39
*** lbragstad has quit IRC		01:44
*** edmondsw has joined #openstack-keystone		01:44
*** catintheroof has quit IRC		01:47
*** edmondsw has quit IRC		01:48
*** thorst has quit IRC		01:59
*** gongysh has joined #openstack-keystone		02:07
*** r-daneel has joined #openstack-keystone		02:09
*** mjax has quit IRC		02:21
*** mjax has joined #openstack-keystone		02:23
*** mjax has quit IRC		02:24
*** mjax has joined #openstack-keystone		02:24
*** mjax has quit IRC		02:26
*** markvoelker has joined #openstack-keystone		02:31
*** mjax has joined #openstack-keystone		02:38
*** mjax has quit IRC		02:39
*** gongysh has quit IRC		02:47
*** catintheroof has joined #openstack-keystone		02:50
*** gongysh has joined #openstack-keystone		02:53
*** catintheroof has quit IRC		03:03
*** markvoelker has quit IRC		03:04
*** Shunli has joined #openstack-keystone		03:05
*** dklyle has quit IRC		03:12
*** dave-mcc_ has quit IRC		03:21
*** sbezverk has joined #openstack-keystone		03:24
*** david-lyle has joined #openstack-keystone		03:31
*** edmondsw has joined #openstack-keystone		03:32
*** edmondsw has quit IRC		03:37
*** links has joined #openstack-keystone		03:47
*** mvk_ has joined #openstack-keystone		04:01
*** markvoelker has joined #openstack-keystone		04:01
*** david-lyle has quit IRC		04:06
*** david-lyle has joined #openstack-keystone		04:08
*** nicolasbock has joined #openstack-keystone		04:13
*** dklyle has joined #openstack-keystone		04:15
*** david-lyle has quit IRC		04:18
openstackgerrit	Merged openstack/keystone master: Add int storage of datetime for password created/expires https://review.openstack.org/493259	04:30
*** markvoelker has quit IRC		04:34
*** r-daneel has quit IRC		04:50
*** r-daneel has joined #openstack-keystone		04:54
*** gyee has quit IRC		05:17
*** edmondsw has joined #openstack-keystone		05:20
*** mvpnitesh has joined #openstack-keystone		05:21
*** knikolla has quit IRC		05:22
*** edmondsw has quit IRC		05:24
*** rajalokan has joined #openstack-keystone		05:31
*** tobberydberg has joined #openstack-keystone		05:31
*** markvoelker has joined #openstack-keystone		05:32
openstackgerrit	Tin Lam proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456	05:39
openstackgerrit	Tin Lam proposed openstack/keystone master: Add policy for project tags https://review.openstack.org/486757	05:39
*** zsli_ has joined #openstack-keystone		05:43
*** pcaruana has joined #openstack-keystone		05:45
*** Shunli has quit IRC		05:45
*** zsli__ has joined #openstack-keystone		05:49
*** zsli_ has quit IRC		05:52
*** zxy has quit IRC		05:55
*** zxy has joined #openstack-keystone		05:55
*** markvoelker has quit IRC		06:05
*** namnh has joined #openstack-keystone		06:05
*** hoonetorg has quit IRC		06:08
*** zxy has quit IRC		06:11
*** zxy has joined #openstack-keystone		06:11
*** zhurong has quit IRC		06:19
*** hoonetorg has joined #openstack-keystone		06:21
*** zhurong has joined #openstack-keystone		06:22
openstackgerrit	Tin Lam proposed openstack/keystone master: Add database migration for project tags https://review.openstack.org/484456	06:51
*** zhurong has quit IRC		06:53
*** rcernin has joined #openstack-keystone		06:57
*** markvoelker has joined #openstack-keystone		07:02
*** edmondsw has joined #openstack-keystone		07:08
*** edmondsw has quit IRC		07:13
*** masuberu has joined #openstack-keystone		07:14
*** rcernin has quit IRC		07:16
*** masber has quit IRC		07:16
*** masuberu has quit IRC		07:18
*** rcernin has joined #openstack-keystone		07:19
*** masuberu has joined #openstack-keystone		07:28
*** masuberu has quit IRC		07:31
*** markvoelker has quit IRC		07:36
*** mjax has joined #openstack-keystone		07:37
*** mjax has quit IRC		07:38
*** zsli_ has joined #openstack-keystone		07:43
*** zsli__ has quit IRC		07:46
*** guoshan has joined #openstack-keystone		07:47
*** guoshan_ has joined #openstack-keystone		07:50
*** guoshan has quit IRC		07:53
*** iogg has joined #openstack-keystone		07:59
*** ducttap__ has quit IRC		08:00
*** thorst has joined #openstack-keystone		08:04
*** andymccr_ is now known as andymccr		08:08
*** josecastroleon has quit IRC		08:08
*** thorst has quit IRC		08:09
*** ducttape_ has joined #openstack-keystone		08:14
*** zxy has quit IRC		08:16
*** zxy has joined #openstack-keystone		08:17
*** markvoelker has joined #openstack-keystone		08:33
*** aojea has joined #openstack-keystone		08:37
*** aojea has quit IRC		08:42
openstackgerrit	zhengliuyang proposed openstack/keystone master: Confusing log messages in project hierarchy checking https://review.openstack.org/480967	08:43
*** mvpnitesh has quit IRC		08:47
*** mvpnitesh has joined #openstack-keystone		08:48
*** edmondsw has joined #openstack-keystone		08:57
*** aojea has joined #openstack-keystone		08:57
*** sapd has quit IRC		08:57
openstackgerrit	zhengliuyang proposed openstack/keystone master: Add explain of mapping group attribute https://review.openstack.org/493765	08:58
*** edmondsw has quit IRC		09:01
*** aojea has quit IRC		09:01
*** sapd has joined #openstack-keystone		09:04
*** thorst has joined #openstack-keystone		09:05
*** markvoelker has quit IRC		09:06
*** hoonetorg has quit IRC		09:07
*** thorst has quit IRC		09:09
*** hoonetorg has joined #openstack-keystone		09:10
*** kukacz has joined #openstack-keystone		09:14
*** rajalokan has quit IRC		09:30
*** zsli_ has quit IRC		09:33
*** kukacz_ has joined #openstack-keystone		09:44
*** kukacz has quit IRC		09:48
*** zxy has quit IRC		09:55
samueldmq	morning keystone!	10:03
*** kukacz_ is now known as kukacz		10:03
*** markvoelker has joined #openstack-keystone		10:03
*** namnh has quit IRC		10:04
*** thorst has joined #openstack-keystone		10:05
cmurphy	morning samueldmq	10:06
samueldmq	cmurphy: o/	10:08
*** kukacz_ has joined #openstack-keystone		10:09
*** thorst has quit IRC		10:11
*** kukacz has quit IRC		10:12
*** markvoelker has quit IRC		10:38
*** guoshan_ has quit IRC		10:40
*** edmondsw has joined #openstack-keystone		10:45
*** mkrcmari__ has joined #openstack-keystone		10:47
*** rajalokan has joined #openstack-keystone		10:48
*** edmondsw has quit IRC		10:49
*** mvk_ has quit IRC		10:50
*** rajalokan has quit IRC		11:03
*** thorst has joined #openstack-keystone		11:04
*** kukacz_ is now known as kukacz		11:14
*** szaher has joined #openstack-keystone		11:15
*** markvoelker has joined #openstack-keystone		11:35
*** raildo has joined #openstack-keystone		11:54
*** edmondsw has joined #openstack-keystone		11:57
*** markvoelker has quit IRC		12:08
*** jmlowe has quit IRC		12:20
*** kbaegis has joined #openstack-keystone		12:21
openstackgerrit	Samuel de Medeiros Queiroz proposed openstack/keystone master: Add the step to create a domain https://review.openstack.org/493729	12:40
*** lwanderley has joined #openstack-keystone		12:45
*** catintheroof has joined #openstack-keystone		12:49
*** spzala has quit IRC		12:51
*** kbaegis has quit IRC		12:56
*** mvpnitesh has quit IRC		12:57
*** markvoelker has joined #openstack-keystone		12:59
*** gongysh has quit IRC		13:00
*** gongysh has joined #openstack-keystone		13:00
*** gongysh has quit IRC		13:00
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Add method to get the api version https://review.openstack.org/494193	13:01
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Update discovery url normalization with catalog info https://review.openstack.org/494194	13:01
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Allow kwargs to be passed to adapter.get_endpoint_data https://review.openstack.org/494195	13:01
cmurphy	morning mordred	13:03
mordred	morning cmurphy !	13:04
mordred	cmurphy, samueldmq: ^^ there's the patches I was talking about yesterday	13:04
* cmurphy looking		13:05
*** spzala has joined #openstack-keystone		13:12
*** spzala has quit IRC		13:12
*** spzala has joined #openstack-keystone		13:12
*** prashkre has joined #openstack-keystone		13:13
*** knikolla has joined #openstack-keystone		13:23
knikolla	o/	13:23
knikolla	after one too many bouncer troubles trying out irccloud	13:23
cmurphy	\o	13:25
*** jmlowe has joined #openstack-keystone		13:28
*** dave-mccowan has joined #openstack-keystone		13:31
*** chlong_ has joined #openstack-keystone		13:31
*** aojea has joined #openstack-keystone		13:32
*** kbaegis has joined #openstack-keystone		13:59
*** chlong_ has quit IRC		13:59
mordred	cmurphy: responded to your question about https://review.openstack.org/494194 about the test	14:04
*** lbragstad has joined #openstack-keystone		14:13
*** ChanServ sets mode: +o lbragstad		14:13
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	14:23
*** lucasxu has joined #openstack-keystone		14:25
knikolla	lbragstad: ^^ feeling better about having a transiently failing test together with the code that fixes it rather than separately.	14:31
*** links has quit IRC		14:32
lbragstad	knikolla: yeah - writing the test first to keep it isolated and create the issue (by running it over and over) was nice - but since both are in review it makes sense to collapse them	14:37
lbragstad	kmalloc: curious if you have feedback here - https://review.openstack.org/#/c/492529/	14:51
cmurphy	mordred: https://review.openstack.org/#/c/494195 confuses me	14:54
mordred	cmurphy: t probably confuses me too	14:55
cmurphy	oh good	14:56
mordred	cmurphy: SO - theres two parts to that patch, and one of them can totally get dropped	14:57
mordred	cmurphy: https://review.openstack.org/#/c/493582/5/shade/_adapter.py is the motivation for the part you asked about ... if you add discover_versions to endpoint_filter on request, the **kwargs gets passed along internally to the request call when it goes to call get_endpoint	14:58
mordred	cmurphy: alternately we could have the request code that calls get_endpoint strip discover_versions before calling it	14:58
*** davechen has quit IRC		14:59
*** davechen has joined #openstack-keystone		15:00
*** aselius has joined #openstack-keystone		15:00
*** spzala has quit IRC		15:01
*** spzala has joined #openstack-keystone		15:01
*** gyee has joined #openstack-keystone		15:02
cmurphy	mordred: that was my thinking too (while i was wrapping my head around how they were connected)	15:03
cmurphy	i think adding a useless parameter is not really great	15:03
*** lwanderley has quit IRC		15:03
* lbragstad sets https://review.openstack.org/#/c/494049/ next to cmurphy		15:06
lbragstad	whenever you have time	15:07
lbragstad	i collapsed the tests and fix into the same patch and added a reno	15:07
*** rcernin has quit IRC		15:07
cmurphy	oh okay	15:07
* cmurphy having lots of deja vu today		15:07
lbragstad	cmurphy: i think that means you need more coffee :)	15:08
lbragstad	backport available for review, too	15:09
lbragstad	https://review.openstack.org/#/c/494238/	15:09
lbragstad	knikolla: kmalloc ^	15:09
kmalloc	lbragstad: only feedback on the krb stuff was FFE/lib release related	15:12
*** tobberyd_ has joined #openstack-keystone		15:14
*** lwanderley has joined #openstack-keystone		15:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	15:14
lbragstad	cmurphy: knikolla sorry - just fixed a spelling mistake	15:14
cmurphy	lbragstad: heh i wasn't going to point it out	15:15
knikolla	didn't feel like requiring another rerun for that	15:15
lbragstad	it's like having popcorn stuck in your teeth	15:16
*** lwanderley has quit IRC		15:16
*** otleimat has joined #openstack-keystone		15:16
knikolla	lbragstad: approved.	15:17
*** tobberydberg has quit IRC		15:17
knikolla	speaking of popcorn in your teeth, proposed this for pike https://review.openstack.org/#/c/494229/	15:17
lbragstad	oh - good call	15:17
*** tobberyd_ has quit IRC		15:19
knikolla	lbragstad: i guess i shouldn't also point out the spelling mistake in the commit message? :P	15:19
cmurphy	>.<	15:20
lbragstad	bah!	15:20
kmalloc	lbragstad: so {'id': 1, 'foo': 'bar'} and {'foo': 'bar', 'id': 1} should always be the same within a given process	15:20
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	15:21
kmalloc	because it's based upon the dict hashseed	15:21
kmalloc	i don't think the transient errors are related to dicts being un-ordered	15:21
lbragstad	i can run the test in isolate repeatedly and recreate it	15:21
kmalloc	i think that is related to something else then	15:22
kmalloc	unless the hashseed is changing	15:22
kmalloc	you could also avoid tupling the items.	15:23
kmalloc	lbragstad: are we just trying to eliminate duplicate role names?	15:24
kmalloc	because it's way way easier to do that.	15:24
lbragstad	well - it's a list of role references	15:26
lbragstad	so a list of dictionaries	15:26
lbragstad	http://paste.openstack.org/show/618544/	15:29
knikolla	also http://paste.openstack.org/show/618545/	15:30
kmalloc	lbragstad: likey: roles = {r['id']: r for r in roles}.values() would de-dedup, since ids are unique	15:31
kmalloc	if you wanted to avoid extra if x in unique_roles	15:32
kmalloc	actually: roles = list({r['id']: r for r in roles}.values())	15:33
kmalloc	since .values() is an iter in py3	15:33
*** links has joined #openstack-keystone		15:33
kmalloc	so roughly O(2N) vs O(N^N). but the optimisation is miniamal unless people have a billion roles	15:34
knikolla	kmalloc: oh, i see. the comprehension would reassign it. so no dup	15:34
kmalloc	lbragstad: there is nothing wrong with your current code	15:35
kmalloc	lbragstad: +A	15:37
kmalloc	d the create_time_int for pike	15:37
lbragstad	wouldn't that only give you a list ofrole ids?	15:38
lbragstad	we'd need to iterate the list again and populate it with the reference	15:39
knikolla	lbragstad: it stores the dict value by id.	15:40
knikolla	and then gets all the dict values.	15:40
kmalloc	knikolla: ++	15:40
kmalloc	it's just using the ID to de-dup	15:40
kmalloc	since id is dict key	15:40
kmalloc	but the value is still role	15:40
lbragstad	oh - testing that quikc	15:43
knikolla	like doing `unique = {}; for d in domains: unique[d['id']]=d; unique = list(unique.values())`	15:44
knikolla	kmalloc: oh wow, irc cloud formatted that in a code block. i'm sold on this for replacing my bouncer.	15:45
*** dave-mcc_ has joined #openstack-keystone		15:45
*** dave-mccowan has quit IRC		15:47
*** links has quit IRC		15:49
*** tobberydberg has joined #openstack-keystone		15:49
*** dave-mccowan has joined #openstack-keystone		15:51
*** spzala has quit IRC		15:51
*** spzala has joined #openstack-keystone		15:51
*** prashkre has quit IRC		15:51
*** dave-mcc_ has quit IRC		15:52
kmalloc	knikolla: my recommendation - don't use a bouncer	15:53
kmalloc	i'm trying to do that.	15:54
*** spzala has quit IRC		15:55
*** tobberydberg has quit IRC		15:56
*** pcaruana has quit IRC		15:57
*** prashkre has joined #openstack-keystone		16:00
*** tobberydberg has joined #openstack-keystone		16:02
*** iogg has quit IRC		16:09
*** tobberydberg has quit IRC		16:10
*** aojea has quit IRC		16:13
*** iogg has joined #openstack-keystone		16:21
*** itlinux has quit IRC		16:22
*** tobberydberg has joined #openstack-keystone		16:23
*** aojea has joined #openstack-keystone		16:25
*** iogg has quit IRC		16:26
*** tobberydberg has quit IRC		16:27
*** sjain has joined #openstack-keystone		16:35
openstackgerrit	Merged openstack/keystone master: Add the step to create a domain https://review.openstack.org/493729	16:35
*** tobberydberg has joined #openstack-keystone		16:47
*** rcernin has joined #openstack-keystone		16:49
kmalloc	folks, i chtted w/ jamielennox and he's ok with the removal of positional	16:50
kmalloc	chatted* a couple days ago	16:50
kmalloc	we should push those changes through	16:50
*** tobberydberg has quit IRC		16:52
*** spzala has joined #openstack-keystone		16:52
*** tobberydberg has joined #openstack-keystone		16:58
*** tobberydberg has quit IRC		17:02
*** mjax has joined #openstack-keystone		17:11
*** rajalokan has joined #openstack-keystone		17:13
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Add method to get the api major version https://review.openstack.org/494193	17:16
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Update discovery url normalization with catalog info https://review.openstack.org/494194	17:16
*** aojea has quit IRC		17:19
*** tobberydberg has joined #openstack-keystone		17:29
*** aojea has joined #openstack-keystone		17:29
otleimat	Any feedback on the proposed changes here https://review.openstack.org/#/c/408304/?	17:31
*** tobberydberg has quit IRC		17:33
*** spzala has quit IRC		17:34
*** spzala has joined #openstack-keystone		17:35
samueldmq	kmalloc: kk all the @positional changes are on the gate now	17:38
*** spzala has quit IRC		17:39
kmalloc	samueldmq: except oslo.context	17:39
kmalloc	but that aside...	17:39
*** itlinux has joined #openstack-keystone		17:40
samueldmq	kmalloc: true, I +1ed that one, not much I can do there :-)	17:40
*** sjain has quit IRC		17:40
mjax	anyone have some time help me with setting up domain specific identity drivers?	17:46
lbragstad	knikolla: kmalloc https://gist.github.com/lbragstad/a81776e2c679f728c19cad7f3a35703f	17:48
kmalloc	lbragstad: are we going to land https://review.openstack.org/#/c/493621/ for pike?	17:53
kmalloc	want to make sure we have that done if we are. I'm not pushing +A w/o your go-ahead	17:53
*** mvk_ has joined #openstack-keystone		17:54
lbragstad	kmalloc: yeah - i +2'd it, i know cmurphy and samueldmq had comments, if they +1 it then i think we're good	17:56
*** mvk has joined #openstack-keystone		17:57
*** mkrcmari__ has quit IRC		17:57
ayoung	I can look at that lbragstad	17:59
*** mvk_ has quit IRC		17:59
lbragstad	ayoung: thanks	17:59
* lbragstad grabs lunch quick		17:59
ayoung	kmalloc, done	18:00
*** lwanderley has joined #openstack-keystone		18:02
*** spzala has joined #openstack-keystone		18:03
*** lwanderley has quit IRC		18:04
edmondsw	kmalloc don't we need to get lbragstad added to https://review.openstack.org/#/admin/groups/538,members ?	18:05
edmondsw	that list is really thin on people that are around these days... and missing the PTL?	18:05
*** dave-mccowan has quit IRC		18:05
edmondsw	stevemar ^	18:07
ayoung	knikolla, https://review.openstack.org/#/c/494049/5 want to re +A that	18:07
ayoung	edmondsw, yep	18:08
prashkre	kmalloc: Hi morgan. could you please take a look at https://review.openstack.org/#/c/490138/.	18:09
*** pcaruana has joined #openstack-keystone		18:09
*** dave-mcc_ has joined #openstack-keystone		18:09
ayoung	lbragstad, kmalloc https://review.openstack.org/#/c/462670/ when you get a chance...want to clean out some old tech debt	18:12
ayoung	prashkre, looking	18:16
ayoung	prashkre, you do any real world testing on that?	18:17
*** tobberydberg has joined #openstack-keystone		18:18
ayoung	ah...yeah, you need kmalloc as he's the only one with +2 left on stable.	18:18
ayoung	stevemar, ^^ you should force merge that one, and get lbragstad on as stable...	18:18
*** tobberydberg has quit IRC		18:19
*** tobberydberg has joined #openstack-keystone		18:20
kmalloc	ayoung: both +2/+A	18:20
kmalloc	lbragstad: still need your "hey are we RCing this" for resource being SQL-only :)	18:21
kmalloc	ayoung: looks like we get to drop positional decorator	18:21
kmalloc	yay	18:21
kmalloc	almost removed from everything in openstack	18:21
*** tobberydberg has quit IRC		18:22
*** tobberydberg has joined #openstack-keystone		18:22
prashkre	ayoung: yes, we have tested with the patch in https://review.openstack.org/#/c/490138/.	18:26
*** tobberydberg has quit IRC		18:26
prashkre	kmalloc: thank you!	18:27
*** rajalokan1 has joined #openstack-keystone		18:27
*** rajalokan has quit IRC		18:28
*** rajalokan1 is now known as rajalokan		18:28
*** mvk has quit IRC		18:30
*** lwanderley has joined #openstack-keystone		18:33
*** rajalokan has quit IRC		18:35
*** tobberydberg has joined #openstack-keystone		18:46
*** tobberydberg has quit IRC		18:51
*** nicolasbock has quit IRC		18:55
openstackgerrit	Merged openstack/python-keystoneclient master: Remove use of positional decorator https://review.openstack.org/491592	18:56
openstackgerrit	Morgan Fainberg proposed openstack/keystoneauth master: Add method to get the api major version https://review.openstack.org/494193	18:57
*** jmlowe has quit IRC		18:57
openstackgerrit	Morgan Fainberg proposed openstack/keystoneauth master: Add method to get the api major version https://review.openstack.org/494193	18:58
openstackgerrit	Merged openstack/keystoneauth master: Remove use of positional decorator https://review.openstack.org/491632	18:59
openstackgerrit	Merged openstack/keystonemiddleware master: Remove use of positional decorator https://review.openstack.org/491596	19:06
lbragstad	kmalloc: ayoung https://review.openstack.org/#/c/462670/15/keystone/tests/unit/test_v3_protection.py,unified breaks constraints listed in http://specs.openstack.org/openstack/api-wg/guidelines/api_interoperability.html#evaluating-api-changes	19:06
kmalloc	lbragstad: it does?	19:07
lbragstad	kmalloc: line 1043	19:07
lbragstad	403 -> 201	19:07
ayoung	nothing in there about config options, just api IIUC	19:07
lbragstad	if i'm reading it correctly	19:07
kmalloc	let me 2x check it	19:07
kmalloc	toss a -2 on it to block	19:07
kmalloc	or a WIP	19:07
ayoung	I don't think that is what it means	19:07
kmalloc	i'll circle back post lunch	19:07
ayoung	lbragstad, if, say for a missing object, we changed from 404 to 403, that would "mean" something different	19:08
ayoung	here for a value, we are changing the significance....	19:08
ayoung	let me see if I can say that better	19:08
ayoung	we had a bug, and as a result of that bug, we did something wrong, and as a result of doing that thing wrong, we returned an error	19:09
ayoung	we have not changes what is meant by the request, just that something that used to fail now succeeds, and that, of course, changes the error	19:09
ayoung	if it had returned a 500 before, you would not think twice about it, and that is roughly comparable to wht we are doing here	19:10
ayoung	assume, for a moment, that there was another implementation of Keystone that always had the new behavior. Implemented in, say, Rust!	19:11
ayoung	We would not say that they are running different API versions, just because the behavior on this was different	19:11
knikolla	back, sorry, was taking the road test for the driving license.	19:13
lbragstad	ayoung: so - domain-id would break in the decorator, which masked the error as a 403?	19:13
*** aojea has quit IRC		19:15
knikolla	approved https://review.openstack.org/#/c/494049	19:16
ayoung	yep	19:19
ayoung	lbragstad, yes	19:19
lbragstad	that stinks	19:19
lbragstad	ayoung: can we call that out in the comment message or unit test?	19:20
lbragstad	s/or unit test//	19:20
lbragstad	commit*	19:20
ayoung	Ah...yeah, sure	19:21
ayoung	one sec....	19:21
lbragstad	all i see is the http status code change and red lights start flashing but it's not completely clear why we're going from a 403 -> 201	19:22
openstackgerrit	ayoung proposed openstack/keystone master: Shift to check_policy for resource creation https://review.openstack.org/462670	19:22
*** kbaegis1 has joined #openstack-keystone		19:22
ayoung	lbragstad, I used the comment message in the commit message. Is that OK?	19:22
*** kbaegis has quit IRC		19:23
lbragstad	ayoung: sure - mind if i amend it with a statement about 500s/	19:23
ayoung	lbragstad, go ahead, please	19:23
lbragstad	also - throughts on https://review.openstack.org/#/c/462670/15/keystone/identity/controllers.py ?	19:23
ayoung	lbragstad, vague memory that this needed to be this far down...I didn't do that arbitrarily	19:24
ayoung	I think it was the same kind of issue, if a user only submitted domain name, we needed the domain Id to policy check? lbragstad something like that?	19:25
lbragstad	hmm	19:26
lbragstad	testing it locally quick to see what happens	19:26
ayoung	the prep info uses the ref from the normalize	19:26
*** ducttap__ has joined #openstack-keystone		19:26
ayoung	lbragstad, cool...thanks for taking interest. Are you driving on with Global Roles?	19:27
lbragstad	ayoung: working on a PoC with hrybacki and knikolla	19:28
ayoung	cuz you'll need this fix for enforcing on Global roles, too	19:28
ayoung	very good	19:28
*** ducttape_ has quit IRC		19:29
lbragstad	ayoung: hm	19:30
lbragstad	http://paste.openstack.org/show/618572/	19:30
lbragstad	passes `tox -e py27 -- keystone.tests.unit.test_v3_protection` locally, running the whole suite	19:30
openstackgerrit	Morgan Fainberg proposed openstack/keystoneauth master: Add method to get the api major version https://review.openstack.org/494193	19:35
*** ducttape_ has joined #openstack-keystone		19:36
*** prashkre has quit IRC		19:38
*** prashkre has joined #openstack-keystone		19:38
*** nicolasbock has joined #openstack-keystone		19:39
*** ducttap__ has quit IRC		19:40
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Shift to check_policy for resource creation https://review.openstack.org/462670	19:44
*** rmascena has joined #openstack-keystone		19:48
*** iogg has joined #openstack-keystone		19:49
*** nicolasbock has quit IRC		19:49
*** raildo has quit IRC		19:51
*** rcernin has quit IRC		19:55
openstackgerrit	Merged openstack/keystone master: Resource backend is SQL only now https://review.openstack.org/493621	19:55
lbragstad	ayoung: i think it's because of this - https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L746-L750	19:59
lbragstad	which isn't a 500... but..	19:59
lbragstad	we set do_raise explicitly	19:59
lbragstad	in keystone	19:59
lbragstad	and the domain-id bit doesn't seem to be recognized by oslo.policy	19:59
lbragstad	either way - the result is None	20:00
*** aojea has joined #openstack-keystone		20:05
lbragstad	ayoung: kmalloc we explicitly tell oslo.policy to raise a 403	20:09
lbragstad	https://github.com/openstack/keystone/blob/master/keystone/common/policy.py#L60-L61	20:09
*** aojea has quit IRC		20:10
lbragstad	https://github.com/openstack/oslo.policy/blob/master/oslo_policy/policy.py#L746-L748	20:10
kmalloc	then we need to raise a 403.	20:10
lbragstad	i was thinking a 500 of some sort was being masked as a 403 because the policy enforcement didn't know how to handle domain-id	20:10
lbragstad	instead - oslo.policy doesn't render a result with domain-id - and without a result it raises an exception	20:12
*** prashkre has quit IRC		20:12
*** prashkre has joined #openstack-keystone		20:12
lbragstad	fwiw - i'm trying to determine how this specific case fits into the api change guidelines	20:14
stevemar	ayoung: i would have added lbragstad months ago, but i don't control the stable-maint-keystone group	20:15
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Shift to check_policy for resource creation https://review.openstack.org/462670	20:22
lbragstad	kmalloc: ayoung updated and fix ^	20:24
lbragstad	fixed* mainly the commit message describing why the status code is changing	20:24
kmalloc	status code change is likely a api contract/behavior break	20:27
kmalloc	and worthy of a -2.	20:27
kmalloc	fyi	20:27
*** rmascena has quit IRC		20:29
lbragstad	kmalloc: wanna review a backport? https://review.openstack.org/#/c/494238/3	20:29
mordred	kmalloc: thanks for those updates - fwiw, the allow={} was a copy-pasta from one of the other pre-existing methods :	20:32
mordred	:(	20:32
*** aojea has joined #openstack-keystone		20:32
mordred	so a) sorry I didn't notice but b) ... should we maybe fix that on the other ones too? (and how have I actually never noticed that???)	20:32
mordred	cmurphy: also - that third patch you were asking about? turns out we actually don't need it yay!	20:34
kmalloc	mordred: yeah we should	20:35
kmalloc	lbragstad: uh	20:36
kmalloc	that backport?	20:36
kmalloc	doesn't land in master?	20:36
kmalloc	i'm a bit confused	20:36
lbragstad	kmalloc: to include anything in rc2 we have to merge it in master and backport it to stable/pike	20:36
kmalloc	but uh...	20:37
kmalloc	the master is -1?	20:37
kmalloc	oh wait	20:37
lbragstad	https://review.openstack.org/#/c/494049/	20:37
lbragstad	^	20:37
kmalloc	the topic was the same not the same change id	20:37
lbragstad	https://review.openstack.org/#/q/058a23c0873723d5a4ffa8e99121f7b3b4485db5,n,z should be the ones you need	20:38
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Update discovery url normalization with catalog info https://review.openstack.org/494194	20:38
openstackgerrit	Monty Taylor proposed openstack/keystoneauth master: Don't use mutable defaults in allow arguments https://review.openstack.org/494320	20:38
kmalloc	lbragstad: waitingf on master.	20:38
lbragstad	kmalloc: thanks	20:39
lbragstad	https://review.openstack.org/#/c/493622/ and https://review.openstack.org/#/c/494238/ should be the only patches left until we cut rc2!	20:40
*** pcaruana has quit IRC		20:41
*** lwanderley has quit IRC		20:42
*** lwanderley has joined #openstack-keystone		20:42
cmurphy	mordred: well i was okay with part of the patch, actually i don't understand how get_endpoint_data on the adapter is useful without it	20:45
*** vegarl has joined #openstack-keystone		20:49
*** prashkre_ has joined #openstack-keystone		20:51
*** prashkre has quit IRC		20:51
mjax	is there anything special I need to do if I want to have 2 domains using the same sql database, but with different drivers? Right now I have set up domain specific config for the two domains, one of them using sql.py and the other one using an exact copy of sql.py, but any operation results in an unexpected error preventing the server from fulfilli	20:53
mjax	ng the request	20:53
gagehugo	lbragstad ayoung sorry was pulled away most of today, it seems like we are relaxing the use of '-' vs '_' for the same value, so it's not really adding a new value, but the API guidelines don't seem clear on this specific issue imo	20:55
*** prashkre__ has joined #openstack-keystone		20:57
*** prashkre_ has quit IRC		20:57
*** lucasxu has quit IRC		20:57
*** spzala has quit IRC		20:58
mordred	cmurphy: yah - turns out it was an earlier stab at fixing the problem which was obviated by fixing some other things	21:00
mordred	cmurphy: so - yay - and thanks for the question :)	21:00
*** spzala has joined #openstack-keystone		21:00
cmurphy	yay	21:01
*** aojea has quit IRC		21:03
openstackgerrit	Merged openstack/keystone master: Remove duplicate roles from federated auth https://review.openstack.org/494049	21:04
*** spzala has quit IRC		21:05
*** prashkre__ has quit IRC		21:16
*** thorst has quit IRC		21:19
*** catintheroof has quit IRC		21:21
*** itlinux has quit IRC		21:21
*** aojea has joined #openstack-keystone		21:22
*** edmondsw has quit IRC		21:32
*** kukacz_ has joined #openstack-keystone		21:41
*** kbaegis has joined #openstack-keystone		21:44
*** kukacz has quit IRC		21:44
*** kukacz_ has quit IRC		21:45
*** aojea has quit IRC		21:46
*** kbaegis1 has quit IRC		21:47
*** thorst has joined #openstack-keystone		21:53
*** thorst has quit IRC		21:53
*** iogg has quit IRC		21:55
*** aojea has joined #openstack-keystone		21:56
openstackgerrit	Octave Orgeron proposed openstack/keystone master: Enables MySQL Cluster support for Keystone https://review.openstack.org/431229	22:05
*** strawberry has joined #openstack-keystone		22:10
strawberry	trying to create a custom identity backend and make it to be used only with a specific domain	22:11
strawberry	made the changes as per the documentation and facing the following error	22:12
strawberry	There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. fill_context /opt/stack/keystone/keystone/middleware/auth.py:188 2017-08-16 21:19:53.120 4020 INFO keystone.common.wsgi [req-392d9116-d501-458b-bbb6-94ec535c71e9 - - - - -] POST http://10.90.114.122/identity_admin/v3/auth/tokens 2017-08-16 21:19:53.130 4020 ERROR keystone.common.wsgi [req-392d9116-d501-45	22:13
*** kbaegis1 has joined #openstack-keystone		22:18
knikolla	strawberry: can you paste on paste.openstack.org ?	22:19
*** kbaegis has quit IRC		22:21
*** thorst has joined #openstack-keystone		22:24
strawberry	yeah one sec	22:24
*** strawberry has quit IRC		22:24
*** thorst has quit IRC		22:29
*** aojea has quit IRC		22:39
*** aojea has joined #openstack-keystone		22:40
*** edmondsw has joined #openstack-keystone		22:49
*** ducttap__ has joined #openstack-keystone		22:52
*** edmondsw has quit IRC		22:54
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Call methods with kwargs instead of positionals https://review.openstack.org/494337	22:55
openstackgerrit	Lance Bragstad proposed openstack/keystone master: WIP: Implement backend logic for global roles https://review.openstack.org/494338	22:55
*** ducttape_ has quit IRC		22:55
openstackgerrit	Jaewoo Park proposed openstack/keystone master: WIP: Extend comparator support for project list by tags https://review.openstack.org/494339	22:55
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Call methods with kwargs instead of positionals https://review.openstack.org/494337	22:57
*** lwanderley has quit IRC		23:00
*** thorst has joined #openstack-keystone		23:11
*** thorst has quit IRC		23:13
*** spzala has joined #openstack-keystone		23:34
*** spzala has quit IRC		23:38
*** aojea has quit IRC		23:40
*** lwanderley has joined #openstack-keystone		23:45
knikolla	lbragstad: any preference on shibboleth-idp vs keycloak for the federation tests?	23:45
knikolla	i want to experiment a bit with keycloak as i think i'm gonna have to deploy that in our cloud.	23:46
knikolla	kmalloc: cc	23:52
kmalloc	As long as it works	23:54
kmalloc	And tests federation.	23:54
*** lwanderley has quit IRC		23:56

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!