Tuesday, 2017-12-19

*** d0ugal has joined #openstack-keystone		00:04
*** rcernin has quit IRC		00:09
*** rcernin_ has joined #openstack-keystone		00:09
* lbragstad ducks		00:13
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement backend logic for system roles https://review.openstack.org/507994	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement manager logic for user+system roles https://review.openstack.org/512468	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement manager logic for group+system roles https://review.openstack.org/512641	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add user system grant policies https://review.openstack.org/514471	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add group system grant policies https://review.openstack.org/514725	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement controller logic for system user assignments https://review.openstack.org/515215	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement controller logic for system group assignments https://review.openstack.org/524017	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add system role assignment documentation https://review.openstack.org/524307	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add ability to list all system role assignments https://review.openstack.org/524407	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Ensure building scope is mutually exclusive https://review.openstack.org/498091	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Remove private methods for v2.0 and v3 tokens https://review.openstack.org/525329	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Teach TokenFormatter how to handle system scope https://review.openstack.org/525330	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement system-scope in the token provider API https://review.openstack.org/525360	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Introduce assertions for system-scoped token testing https://review.openstack.org/528037	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement system-scoped tokens https://review.openstack.org/525687	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add release note for system-scope https://review.openstack.org/528039	00:14
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add configuration option for enforcing system-scope https://review.openstack.org/528847	00:14
lbragstad	ayoung: that new series introduces the configuration option we talked about	00:18
ayoung	cool	00:18
lbragstad	so - every time there is a call being made with a token of the wrong scope, a warning will be logged if an exception isn't raised	00:19
*** aojea has joined #openstack-keystone		00:23
*** aojea has quit IRC		00:28
*** d0ugal has quit IRC		00:40
*** rcernin_ has quit IRC		00:50
*** d0ugal has joined #openstack-keystone		00:51
*** jose-phillips has quit IRC		00:53
*** jose-phillips has joined #openstack-keystone		00:54
*** catintheroof has joined #openstack-keystone		00:56
*** edmondsw has joined #openstack-keystone		00:58
*** gyee has quit IRC		01:01
*** catintheroof has quit IRC		01:21
*** linkmark has quit IRC		01:33
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/528904	01:43
*** edmondsw has quit IRC		01:53
*** aselius has quit IRC		02:05
*** rcernin has joined #openstack-keystone		02:11
*** r-daneel has quit IRC		02:17
*** aojea has joined #openstack-keystone		02:25
*** aojea has quit IRC		02:29
openstackgerrit	wangxiyuan proposed openstack/keystone-specs master: Limits API https://review.openstack.org/455709	02:32
*** AlexeyAbashkin has joined #openstack-keystone		02:38
openstackgerrit	wangxiyuan proposed openstack/keystone master: Add db operation for unified limit https://review.openstack.org/524082	02:39
openstackgerrit	wangxiyuan proposed openstack/keystone master: Add limit provider https://review.openstack.org/524109	02:39
openstackgerrit	wangxiyuan proposed openstack/keystone master: [WIP]Expose unified limit APIs https://review.openstack.org/524110	02:39
*** AlexeyAbashkin has quit IRC		02:43
*** edmondsw has joined #openstack-keystone		03:15
*** edmondsw has quit IRC		03:19
*** markvoelker has joined #openstack-keystone		03:24
*** dave-mccowan has quit IRC		03:51
*** markvoelker has quit IRC		03:58
*** bhagyashris has left #openstack-keystone		04:00
openstackgerrit	wangxiyuan proposed openstack/keystone master: Fix sphinx CI failure https://review.openstack.org/528949	04:12
*** aojea has joined #openstack-keystone		04:25
*** aojea has quit IRC		04:30
*** markvoelker has joined #openstack-keystone		04:55
*** markvoelker has quit IRC		05:28
*** links has joined #openstack-keystone		05:47
openstackgerrit	Qinglin Cheng proposed openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	06:01
*** annp has joined #openstack-keystone		06:09
*** afazekas has quit IRC		06:11
*** afazekas has joined #openstack-keystone		06:11
*** namnh has joined #openstack-keystone		06:13
*** aojea has joined #openstack-keystone		06:17
openstackgerrit	Qinglin Cheng proposed openstack/python-keystoneclient master: Create doc/requirements.txt https://review.openstack.org/528964	06:21
*** markvoelker has joined #openstack-keystone		06:25
*** aojea has quit IRC		06:28
openstackgerrit	Dinesh Bhor proposed openstack/python-keystoneclient master: Add Response class to return request-id to caller https://review.openstack.org/329913	06:40
*** aojea has joined #openstack-keystone		06:50
*** aojea has quit IRC		06:50
*** aojea has joined #openstack-keystone		06:50
*** edmondsw has joined #openstack-keystone		06:51
*** aojea has quit IRC		06:52
*** edmondsw has quit IRC		06:55
*** markvoelker has quit IRC		06:59
*** aojea has joined #openstack-keystone		07:02
*** aojea has quit IRC		07:06
*** magicboiz has quit IRC		07:25
*** rcernin has quit IRC		07:31
*** Dave has quit IRC		07:48
*** Dave has joined #openstack-keystone		07:49
*** AlexeyAbashkin has joined #openstack-keystone		07:52
*** samuelbartel has joined #openstack-keystone		07:56
openstackgerrit	wangqiang-bj proposed openstack/keystone master: remove some misleading info in Update user API doc. https://review.openstack.org/528983	08:01
*** rcernin has joined #openstack-keystone		08:02
*** d0ugal has quit IRC		08:03
*** d0ugal has joined #openstack-keystone		08:07
*** apuimedo has joined #openstack-keystone		08:17
*** edmondsw has joined #openstack-keystone		08:39
*** edmondsw has quit IRC		08:44
*** aojea has joined #openstack-keystone		08:45
*** markvoelker has joined #openstack-keystone		08:56
*** magicboiz has joined #openstack-keystone		09:00
*** magicboiz has quit IRC		09:04
*** magicboiz has joined #openstack-keystone		09:05
*** aojea has quit IRC		09:05
*** aojea_ has joined #openstack-keystone		09:08
*** mvk has quit IRC		09:25
*** markvoelker has quit IRC		09:29
*** josecastroleon has joined #openstack-keystone		09:37
*** Dinesh_Bhor has joined #openstack-keystone		09:42
*** Dinesh_Bhor has quit IRC		09:42
*** mvk has joined #openstack-keystone		09:52
*** lxnch has joined #openstack-keystone		09:55
*** rarora has quit IRC		09:57
*** lxnch_ has quit IRC		09:59
*** afazekas has quit IRC		10:01
*** namnh has quit IRC		10:01
*** josecastroleon has quit IRC		10:06
*** josecastroleon has joined #openstack-keystone		10:07
*** afazekas has joined #openstack-keystone		10:07
openstackgerrit	Qinglin Cheng proposed openstack/python-keystoneclient master: Create doc/requirements.txt https://review.openstack.org/528964	10:25
*** markvoelker has joined #openstack-keystone		10:26
*** edmondsw has joined #openstack-keystone		10:27
*** mvk has quit IRC		10:31
*** edmondsw has quit IRC		10:32
*** mvk has joined #openstack-keystone		10:32
*** josecastroleon has quit IRC		10:37
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Fix the docs job after moving to build-sphinx https://review.openstack.org/528845	10:47
*** markvoelker has quit IRC		11:00
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Fix the docs job after moving to build-sphinx https://review.openstack.org/528845	11:07
openstackgerrit	Qinglin Cheng proposed openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	11:18
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Fix the docs job after moving to build-sphinx https://review.openstack.org/528845	11:18
*** AlexeyAbashkin has quit IRC		11:22
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Fix the docs job after moving to build-sphinx https://review.openstack.org/528845	11:30
*** AlexeyAbashkin has joined #openstack-keystone		11:38
openstackgerrit	Qinglin Cheng proposed openstack/python-keystoneclient master: Create doc/requirements.txt https://review.openstack.org/528964	11:40
*** magicboiz has quit IRC		11:42
*** magicboiz has joined #openstack-keystone		11:44
openstackgerrit	Qinglin Cheng proposed openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	11:49
*** markvoelker has joined #openstack-keystone		11:57
*** raildo has joined #openstack-keystone		12:00
openstackgerrit	wangxiyuan proposed openstack/keystone master: [WIP]Expose unified limit APIs https://review.openstack.org/524110	12:08
*** edmondsw has joined #openstack-keystone		12:16
*** annp has quit IRC		12:17
*** edmondsw has quit IRC		12:20
openstackgerrit	Qinglin Cheng proposed openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	12:23
*** links has quit IRC		12:23
*** aojea_ has quit IRC		12:24
*** markvoelker has quit IRC		12:29
openstackgerrit	Qinglin Cheng proposed openstack/python-keystoneclient master: Create doc/requirements.txt https://review.openstack.org/528964	12:31
*** JoeStack has joined #openstack-keystone		12:46
*** zhurong has joined #openstack-keystone		13:00
*** davidalles has joined #openstack-keystone		13:00
*** JoeStack has quit IRC		13:00
*** zhurong has quit IRC		13:02
*** zhurong has joined #openstack-keystone		13:03
*** davidalles has quit IRC		13:08
*** catintheroof has joined #openstack-keystone		13:11
*** catintheroof has quit IRC		13:12
*** catintheroof has joined #openstack-keystone		13:12
*** d0ugal has quit IRC		13:14
*** links has joined #openstack-keystone		13:18
*** r-daneel has joined #openstack-keystone		13:19
*** rcernin has quit IRC		13:20
*** r-daneel has quit IRC		13:20
*** iurygregory has joined #openstack-keystone		13:21
*** d0ugal has joined #openstack-keystone		13:23
*** zhurong has quit IRC		13:25
*** aojea has joined #openstack-keystone		13:25
*** markvoelker has joined #openstack-keystone		13:27
*** markvoelker has quit IRC		13:28
*** markvoelker has joined #openstack-keystone		13:29
*** r-daneel has joined #openstack-keystone		13:34
*** d0ugal has quit IRC		13:37
*** aojea has quit IRC		13:38
*** JoeStack has joined #openstack-keystone		13:39
*** d0ugal has joined #openstack-keystone		13:39
*** dave-mccowan has joined #openstack-keystone		13:45
*** links has quit IRC		14:03
*** links has joined #openstack-keystone		14:17
ayoung	cmurphy, lbragstad, knikolla When you get a chance, look in to Istio. I think you will get a sense of what I was trying to do with the RBAC in middleware. It does roughly the same thing, IIUC, which is to provide a centralized place to perform authorization for apps using a Proxy setup.	14:37
cmurphy	o7	14:41
*** JoeStack has quit IRC		14:42
lbragstad	cmurphy: clarkb proposed https://review.openstack.org/#/c/528946/ last night, too... after i mentioned a bunch of things were failing	14:42
cmurphy	lbragstad: our stuff is still broken though	14:43
cmurphy	https://review.openstack.org/#/c/528960 should fix it	14:43
cmurphy	see https://review.openstack.org/#/c/528866/ , rechecked a couple hours ago and still broken	14:44
lbragstad	yeah - that looks consistent with the failures I was seeing last night	14:46
*** panbalag has joined #openstack-keystone		14:49
*** jmlowe has joined #openstack-keystone		14:51
cmurphy	maybe ajaeger can advise us, or clarkb or mordred when they get online	14:52
*** tlam_ has joined #openstack-keystone		14:53
openstackgerrit	Samuel BARTEL proposed openstack/keystone-specs master: Allow admin to specify project id on creation https://review.openstack.org/323499	15:00
*** JoeStack has joined #openstack-keystone		15:00
gagehugo	o/	15:03
*** aojea has joined #openstack-keystone		15:07
knikolla	ayoung: o/ will look into it. sounds interesting.	15:09
*** aojea has quit IRC		15:09
*** aojea has joined #openstack-keystone		15:09
ayoung	knikolla, cmurphy cool. What RH sells with 3scale is also in this space.	15:10
openstackgerrit	Andreas Jaeger proposed openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	15:17
*** JoeStack has quit IRC		15:20
*** aojea has quit IRC		15:25
lbragstad	cmurphy: i'm digging into the http thing a bit more	15:31
cmurphy	lbragstad: the error responses?	15:31
lbragstad	yeah...	15:31
lbragstad	dumb question, but do request uris include request body information?	15:32
lbragstad	or is it strictly things on the path?	15:32
lbragstad	https://tools.ietf.org/html/rfc3986#section-1.1.3	15:32
lbragstad	if it does - then 404 seems like the correct thing to do given https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html	15:32
lbragstad	i mean, if a service isn't found when dealing with registered limits or project limits, then it's not necessarily a syntax error, the syntax of the request would be correct	15:35
lbragstad	s/would/can/	15:35
cmurphy	i don't think i understand the question	15:35
lbragstad	400 Bad Request	15:35
lbragstad	The request could not be understood by the server due to malformed syntax. The client SHOULD NOT repeat the request without modifications.	15:35
lbragstad	^ that's the definition for an http 400	15:36
*** slunkad_ has quit IRC		15:36
gagehugo	yes	15:36
lbragstad	404 Not Found	15:36
lbragstad	The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.	15:36
ksalman	I am still trying to figure out why I am still getting 401 when I use interface='public'	15:36
lbragstad	^ part of the definition for http 404	15:37
gagehugo	but I thought URIs were the path	15:37
lbragstad	since the service/region/limit information is relayed in the body of the request, does that classify as the request URI?	15:37
cmurphy	yeah the URI is not the body	15:37
ayoung	426 Upgrade Required.	15:37
cmurphy	it's just the location	15:37
lbragstad	ok	15:37
ayoung	451	15:37
lbragstad	that's what i was afraid of	15:37
ayoung	Heh this could be fun	15:37
cmurphy	:)	15:38
ayoung	ksalman, run it from curl	15:38
ksalman	okay	15:39
*** slunkad has joined #openstack-keystone		15:39
cmurphy	https://developer.mozilla.org/zh-TW/docs/Web/HTTP/Status/404 "The HTTP 404 Not Found client error response code indicates that the server can't find the requested resource." i think "matching the request-uri" might be an ultra-strict interpretation	15:39
lbragstad	yeah...	15:39
ayoung	this is a case of a dependent resource not found?	15:40
lbragstad	yes	15:40
gagehugo	https://httpstatusdogs.com/	15:40
lbragstad	at the same time, the syntax could be completely valid, which makes me think a 400 is slightly inappropriate	15:40
ayoung	We return 404s in other cases, like when building role assignments, for the user or groups not found	15:40
*** aojea has joined #openstack-keystone		15:41
* lbragstad is leaning towards HTTP 404		15:42
cmurphy	+1	15:43
*** slunkad has quit IRC		15:43
ayoung	400 is more than just syntax, WFIW. But I'd go with 404 here for consistancy. It would be nice if we indicated what object could not be found, though.	15:43
gagehugo	404 seems fine	15:43
ayoung	6.5.1. 400 Bad Request	15:43
ayoung	The 400 (Bad Request) status code indicates that the server cannot or	15:43
ayoung	will not process the request due to something that is perceived to be	15:43
ayoung	a client error (e.g., malformed request syntax, invalid request	15:43
ayoung	message framing, or deceptive request routing).	15:43
ayoung	It does seem slightly more correct to 400 if a bad piece of data is included, regardless of whether that is a link to another object or a poorly formatted SSN. 404 would merely be consistent with what we have done thus far.	15:45
lbragstad	i'm failing to see how returning a 400 is more correct when a dependent object in the request is missing	15:46
lbragstad	syntactically - the request could be valid	15:46
ayoung	Its not just Syntax	15:47
ayoung	lbragstad, 400 is "you submitted a form with bad data"	15:47
lbragstad	message request framing seems like syntax	15:48
lbragstad	do you have a link to where you pulled that definition?	15:48
ayoung	" something that is perceived to be a client error"	15:48
ayoung	but, regardless, we are already doing 404. Lets stick with that	15:48
ayoung	mainly because I don't want to rewrite all out other APIs	15:49
*** edmondsw has joined #openstack-keystone		15:52
cmurphy	we're inconsistent	15:52
cmurphy	wxy pointed out https://github.com/openstack/keystone/blob/master/keystone/catalog/core.py#L161-L175 we're returning 400	15:52
ayoung	Appeal to the API team for a judgement. I can squint and make either one work. 404 might trip up an automated system to think it posted to the wrong URL, whereas bad data in a post seems like 400, but I agree that seems like a catchall	15:54
ayoung	IN the bad old days of server generated UI, a bad post to a form would still generate a 200, but you would be redirectedt back to the form page with all the data pre-filled and an angry red underline for the one you missed	15:55
ayoung	Nowadays in an Ajax world, you would probably want to return a 400 to tell the Single Page app that the data was no good, try again, and a 404 would mean "your remote server URL is no longer there"	15:56
*** edmondsw has quit IRC		15:56
ayoung	i.e. a 400 could be fixed with a different payload. A 404 cannot.	15:56
ayoung	Does seem wrong to have the same response code for bad syntax and bad data values	15:58
*** slunkad has joined #openstack-keystone		15:59
ayoung	but bad syntax means the client is messed up. If both sides disagree on the doctype, you get Not Acceptable. I think that would be a better response for a corrupeted syntax, as your client broke the contract	16:00
ayoung	heh or the server did, but they hold the cards here	16:00
cmurphy	here we go https://specs.openstack.org/openstack/api-wg/guidelines/http.html#failure-code-clarifications	16:00
cmurphy	it should be a 400	16:00
cmurphy	"If a request contains a reference to a nonexistent resource in the body (not URI), the code should be 400 Bad Request"	16:01
ayoung	cmurphy, that seems like a really good thing to fix in t version 4 of our API	16:02
cmurphy	:)	16:02
knikolla	ayoung: istio looks like a generic version of what i'm doing with mix&match.	16:04
ayoung	Really?	16:04
ayoung	knikolla, maybe this is a case of the blind and the elephant...what calls that out to you?	16:04
knikolla	ayoung: a proxy that handles auth and routing between services	16:04
knikolla	i have a proxy that does k2k auth and routing between openstack services in different clouds	16:05
ayoung	knikolla, ah, I get it. I was thinking single org, multiple services, but yeah, it would have to handle multi-org as well.	16:05
*** josecastroleon has joined #openstack-keystone		16:10
lbragstad	cmurphy: oh - nice	16:13
lbragstad	good find!	16:13
*** jmlowe has quit IRC		16:13
cmurphy	yay for having smart people in the api-sig	16:14
lbragstad	right?!	16:14
lbragstad	i was just thinking "someone in our project space has to have hit this before?	16:14
lbragstad	so - given the justification from the api-sig, we should clearly relay the information in the response	16:16
lbragstad	400 - service %(service_id)s does not exist	16:16
cmurphy	yes	16:16
cmurphy	lbragstad: I can submit an update	16:19
lbragstad	cool	16:20
lbragstad	cmurphy: ayoung gagehugo thanks for the help	16:20
*** tlam_ has quit IRC		16:28
openstackgerrit	Colleen Murphy proposed openstack/keystone-specs master: Limits API https://review.openstack.org/455709	16:32
openstackgerrit	Colleen Murphy proposed openstack/keystone-specs master: Limits API https://review.openstack.org/455709	16:34
*** r-daneel has quit IRC		16:38
*** gyee has joined #openstack-keystone		16:42
*** aojea has quit IRC		16:42
openstackgerrit	Colleen Murphy proposed openstack/keystone-specs master: Limits API https://review.openstack.org/455709	16:49
*** AlexeyAbashkin has quit IRC		17:01
*** r-daneel has joined #openstack-keystone		17:07
cmurphy	lbragstad: i'll go ahead and approve https://review.openstack.org/#/c/455709 unless you want to get anyone else to look at it?	17:21
ksalman	I am trying to use curl now, and going off this https://developer.openstack.org/api-guide/quick-start/api-quick-start.html	17:22
ksalman	the very first curl command is to request a token, which makes sense. However, could I not define OS_PROJECT_NAME and get an admin token? I have admin privileges, and I'd like to operate on resources of all tenants	17:23
ksalman	I tried not defining the "scope" in the curl command, naively though that didn't work	17:24
ksalman	"badRequest": {	17:24
ksalman	"message": "Malformed request URL: URL's project_id '059fd3b805f8425995e8be7174347683' doesn't match Context's project_id 'None'",	17:24
ksalman	"code": 400	17:24
*** mvk has quit IRC		17:25
ksalman	Do i have to enumerate getting tokens on projects one at a time just so i could operate on resources within each project?	17:26
lbragstad	cmurphy: i think that's in good shape	17:27
lbragstad	cmurphy: go ahead and push it through	17:27
*** samuelbartel has quit IRC		17:29
*** tlam_ has joined #openstack-keystone		17:34
*** edmondsw has joined #openstack-keystone		17:40
*** smatzek has joined #openstack-keystone		17:40
ksalman	I suppose that is not a question for this channel =)	17:41
*** edmondsw has quit IRC		17:44
lbragstad	ksalman: i think that depends on what you're trying to do to all instances	17:45
kmalloc	O/	17:49
kmalloc	For, I am being bad a vacation right now.	17:49
lbragstad	cool - we do have a kmalloc today	17:49
kmalloc	FTR*	17:49
ksalman	lbragstad: i have a list of instance and stack uuids from various tenants, and I want to delete them	17:49
*** catintheroof has quit IRC		17:50
kmalloc	Yes, I -2'd a patch, I'll circle around for that. You owe me ;). I expect a cup coffee on you in Dublin ^_^ :P	17:50
openstackgerrit	Merged openstack/keystone-specs master: Limits API https://review.openstack.org/455709	17:51
*** josecastroleon has quit IRC		17:51
lbragstad	wxy: woo! ^	17:51
*** catintheroof has joined #openstack-keystone		17:51
lbragstad	kmalloc: since when do we get cups of coffee for -2s?!	17:52
* lbragstad missed the memo		17:52
*** davidalles has joined #openstack-keystone		17:52
davidalles	ruan_he: Ruan, are you there?	17:53
*** r-daneel_ has joined #openstack-keystone		18:01
*** r-daneel has quit IRC		18:01
*** r-daneel_ is now known as r-daneel		18:01
kmalloc	lbragstad: when i take time out of my vacation to visit the meeting because of a -2 ;)	18:02
lbragstad	kmalloc: aha - ack... yes, that makes sense	18:02
*** catintheroof has quit IRC		18:07
*** catintheroof has joined #openstack-keystone		18:08
*** spilla has joined #openstack-keystone		18:10
*** harlowja has joined #openstack-keystone		18:15
*** rmascena has joined #openstack-keystone		18:19
openstackgerrit	Merged openstack/keystone master: Create doc/requirements.txt https://review.openstack.org/528960	18:19
openstackgerrit	Gage Hugo proposed openstack/keystone master: Bump API version and date to 3.9 https://review.openstack.org/528773	18:21
*** raildo has quit IRC		18:22
*** AlexeyAbashkin has joined #openstack-keystone		18:22
*** links has quit IRC		18:23
*** apuimedo has quit IRC		18:24
*** AlexeyAbashkin has quit IRC		18:27
*** aselius has joined #openstack-keystone		18:38
*** panbalag has quit IRC		18:39
*** tlam_ has quit IRC		18:42
*** tlam_ has joined #openstack-keystone		18:43
*** AlexeyAbashkin has joined #openstack-keystone		18:46
*** catintheroof has quit IRC		18:56
*** r-daneel has quit IRC		18:57
*** AlexeyAbashkin has quit IRC		18:58
lbragstad	o/	19:00
kmalloc	o/	19:00
lbragstad	yeah - writing drivers isn't bad	19:00
hrybacki	o/	19:00
lbragstad	you have an abstract interface to follow	19:00
lbragstad	#startmeeting keystone-office-hours	19:00
openstack	Meeting started Tue Dec 19 19:00:36 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.	19:00
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	19:00
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"		19:00
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/5F0h9Hoe/keystone"		19:00
openstack	The meeting name has been set to 'keystone_office_hours'	19:00
cmurphy	o/	19:00
rmascena	davidalles, let's keep talking here	19:00
lbragstad	ruan?	19:00
davidalles	yep	19:00
davidalles	OKi, so the conclusion it: BP is --2	19:01
rmascena	davidalles, can you ask for ruan join this channel?	19:01
kmalloc	davidalles: i walked back to a -1, the fernet bits were removed.	19:01
davidalles	and Orange must work on the 'resources ID' driver	19:01
davidalles	yep, I did	19:01
kmalloc	i'm a strong -1 on the new API, i would be a -2 on "optional" features.	19:01
kmalloc	i recommend this being a driver.	19:01
rmascena	davidalles, the spec can be rewrite to instead of pointing to an API change, to reference that as an new resource driver change	19:02
davidalles	understood; thanks all of you: we found one solution so that Orange will comply to the hard IAM&ACM requirement :)	19:02
lbragstad	you could actually inherit the upstream driver and just override the project specific methods	19:02
cmurphy	you can write this driver out of tree, then you wouldn't need a new spec or any buy-in from us	19:02
lbragstad	davidalles: did k2k comply to that hard requirement?	19:02
*** sbezverk has joined #openstack-keystone		19:02
knikolla	and you can make it out of tree, so no need to wait for our go	19:03
*** ruan__he has joined #openstack-keystone		19:03
lbragstad	right - you just need to make sure you read the release notes for interface changes	19:03
davidalles	yep: then I will synchro with Ruan and we will comment the BP	19:03
kmalloc	:)	19:03
davidalles	:) :)	19:03
lbragstad	because sometimes we do change those interfaces, which will impact your implementation	19:03
ruan__he	thanks for your comments, we will try to work on that	19:03
hrybacki	lbragstad: kmalloc out-of-tree like we don't need to worry about upstream timelines?	19:03
*** r-daneel has joined #openstack-keystone		19:03
cmurphy	hrybacki: right	19:03
knikolla	hrybacki: yeah, as long as the interface hasn't changed	19:04
rmascena	hrybacki, yep	19:04
lbragstad	ruan__he: davidalles i'm still really interested in the k2k case	19:04
davidalles	have a nice day (or night)	19:04
hrybacki	ack ack	19:04
lbragstad	i'd like to work on fixing the performance issues there	19:04
kmalloc	davidalles: please let us know where k2k didn't work.	19:04
kmalloc	esp. if it's related to performance	19:04
kmalloc	ruan__he: ^	19:04
cmurphy	fwiw not that anyone should ever use this but i wrote https://github.com/cmurphy/keystone-json-assignment which could be used as an example, specifically setting up the entry points	19:04
davidalles	Ruan will: he was the guy testing it	19:04
kmalloc	cool	19:04
lbragstad	ruan__he: is it possible for you to forward the information about that setup and the results?	19:04
hrybacki	cmurphy: everyone reads TC blogs :)	19:04
kmalloc	i want to fix the k2k bit if it's slow/notworking	19:05
lbragstad	right - because we've been pushing people to use it for years	19:05
lbragstad	and that is going to be critical in making federation a first-class citizen	19:05
knikolla	lbragstad: you'll get a lot of feedback from me in terms of performance in the coming months	19:06
knikolla	we're very close to production deployment for mixmatch	19:06
lbragstad	knikolla: ++	19:06
kmalloc	ok i need to go eat	19:06
*** davidalles has quit IRC		19:11
cmurphy	someone please look at https://review.openstack.org/#/c/523524/ :)	19:22
cmurphy	and https://review.openstack.org/#/c/522356	19:22
kmalloc	cmurphy: +3 on both	19:27
cmurphy	thanks kmalloc	19:27
cmurphy	i give you permission to go enjoy your vacation :P	19:27
*** edmondsw has joined #openstack-keystone		19:28
lbragstad	woo!	19:28
lbragstad	patches are moving!	19:28
lbragstad	cmurphy: ruan__he jdennis hrybacki running this by the mailing list http://lists.openstack.org/pipermail/openstack-dev/2017-December/125744.html	19:29
*** catintheroof has joined #openstack-keystone		19:29
lbragstad	https://review.openstack.org/#/c/528960/ merged - so we should be good to start rechecking?	19:31
cmurphy	ya i think so	19:31
*** edmondsw has quit IRC		19:32
lbragstad	cool - i have like 20 patches failing :)	19:33
cmurphy	lbragstad: might be good to send that email to the -ops list?	19:34
lbragstad	yup - i did	19:36
cmurphy	ah cool	19:36
lbragstad	http://lists.openstack.org/pipermail/openstack-operators/2017-December/014697.html	19:36
*** edmondsw has joined #openstack-keystone		19:37
*** openstack has joined #openstack-keystone		19:41
*** ChanServ sets mode: +o openstack		19:41
*** edmondsw has quit IRC		19:44
*** itlinux has quit IRC		19:52
*** itlinux has joined #openstack-keystone		19:52
cmurphy	I'm not sure about this patch series https://review.openstack.org/#/c/526296/ it's changing the response from 500 -> 400 -> 200, or am I overthinking it?	19:59
gagehugo	it would return a 400 since we check via schema instead of failing loudly and returning a 500?	20:01
cmurphy	gagehugo: right, i'm fine with that, but then the next change in the series makes it accept a name property instead of just an id	20:03
gagehugo	looking at that now	20:04
cmurphy	so something that is illegal in 526296 becomes legal in 526968	20:04
gagehugo	ah I see	20:05
gagehugo	since that second changes the schema	20:06
gagehugo	but it currently only uses an id, the name change seems to be adding a new feature?	20:12
cmurphy	yeah that's true	20:14
cmurphy	+1 on letting it accept names	20:15
gagehugo	it might be fine then, if that change is allowing to authorize via role names OR id	20:15
*** mvk has joined #openstack-keystone		20:16
gagehugo	but it is changing what is accepted	20:22
cmurphy	i feel like it would be okay if the order was just switched, first accept names and then second reject everything else	20:23
gagehugo	sure	20:23
gagehugo	could those changes be combined?	20:26
*** jmlowe has joined #openstack-keystone		20:28
cmurphy	yeah probably	20:31
openstackgerrit	Gage Hugo proposed openstack/keystone master: Reorganize api-ref: v3 credentials https://review.openstack.org/504459	20:35
*** AlexeyAbashkin has joined #openstack-keystone		20:37
*** AlexeyAbashkin has quit IRC		20:41
*** smatzek has quit IRC		20:54
*** catintheroof has quit IRC		21:02
*** catintheroof has joined #openstack-keystone		21:03
*** catintheroof has quit IRC		21:07
openstackgerrit	Colleen Murphy proposed openstack/keystonemiddleware master: Fix docs builds https://review.openstack.org/529158	21:16
*** edmondsw has joined #openstack-keystone		21:17
openstackgerrit	Colleen Murphy proposed openstack/keystonemiddleware master: Fix docs builds https://review.openstack.org/529158	21:18
openstackgerrit	Colleen Murphy proposed openstack/python-keystoneclient master: Create doc/requirements.txt https://review.openstack.org/528964	21:20
*** edmondsw has quit IRC		21:22
*** rmascena has quit IRC		21:27
openstackgerrit	Colleen Murphy proposed openstack/keystoneauth master: Fix docs builds https://review.openstack.org/529164	21:31
lbragstad	#endmeeting	22:07
lbragstad	#startmeeting keystone-office-hours	22:07
openstack	Meeting started Tue Dec 19 22:07:28 2017 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.	22:07
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	22:07
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"		22:07
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/5F0h9Hoe/keystone"		22:07
openstack	The meeting name has been set to 'keystone_office_hours'	22:07
lbragstad	#endmeeting	22:07
*** openstack changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/5F0h9Hoe/keystone"		22:07
openstack	Meeting ended Tue Dec 19 22:07:37 2017 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	22:07
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-12-19-22.07.html	22:07
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-12-19-22.07.txt	22:07
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone_office_hours/2017/keystone_office_hours.2017-12-19-22.07.log.html	22:07
lbragstad	humm	22:07
lbragstad	maybe the bot was restarted during office hours	22:08
openstackgerrit	Colleen Murphy proposed openstack/keystonemiddleware master: Fix docs builds https://review.openstack.org/529158	22:08
cmurphy	hmm yep 19:41:09 <-- \| openstack (~openstack@openstack/openstack) has quit (Remote host closed the connection)	22:08
lbragstad	aha	22:22
*** rcernin has joined #openstack-keystone		22:28
*** spilla has quit IRC		22:54
*** panbalag has joined #openstack-keystone		22:54
*** edmondsw has joined #openstack-keystone		23:06
*** edmondsw has quit IRC		23:10
openstackgerrit	Merged openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/528904	23:21
openstackgerrit	Gage Hugo proposed openstack/keystone master: Refactor project tags encoding https://review.openstack.org/529179	23:22
openstackgerrit	Gage Hugo proposed openstack/keystone master: Refactor project tags encoding https://review.openstack.org/529179	23:23
*** itlinux has quit IRC		23:33
openstackgerrit	Colleen Murphy proposed openstack/keystonemiddleware master: Fix docs builds https://review.openstack.org/529158	23:39
*** catinthe_ has joined #openstack-keystone		23:43
*** catintheroof has joined #openstack-keystone		23:52
*** catintheroof has quit IRC		23:52
*** catintheroof has joined #openstack-keystone		23:53
*** catinthe_ has quit IRC		23:55
*** catintheroof has quit IRC		23:58

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!