Tuesday, 2018-01-16

lbragstad	this is an easy one to kick through - https://review.openstack.org/#/c/532257/	00:02
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Reorganize create identity provider API reference https://review.openstack.org/532840	00:06
*** markvoelker has joined #openstack-keystone		00:11
*** itlinux has joined #openstack-keystone		00:14
*** itlinux has quit IRC		00:15
*** bigdogstl has joined #openstack-keystone		00:19
*** itlinux has joined #openstack-keystone		00:21
*** bigdogstl has quit IRC		00:25
*** bigdogstl has joined #openstack-keystone		00:51
*** bigdogstl has quit IRC		01:07
*** mvk has quit IRC		01:10
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add system role assignment documentation https://review.openstack.org/524307	01:21
*** mvk has joined #openstack-keystone		01:25
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add ability to list all system role assignments https://review.openstack.org/524407	01:25
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Teach TokenFormatter how to handle system scope https://review.openstack.org/525330	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement system-scope in the token provider API https://review.openstack.org/525360	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Introduce assertions for system-scoped token testing https://review.openstack.org/528037	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement system-scoped tokens https://review.openstack.org/525687	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Add release note for system-scope https://review.openstack.org/528039	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Update documentation to reflect system-scope https://review.openstack.org/530133	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Grant admin a role on the system during bootstrap https://review.openstack.org/530410	01:28
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Implement GET /v3/auth/system https://review.openstack.org/530490	01:28
* lbragstad slowly backs away from zuul		01:31
SamYaple	lol	01:31
*** sapd__ has joined #openstack-keystone		01:43
*** sapd_ has quit IRC		01:43
*** zhurong has joined #openstack-keystone		01:51
*** masber has joined #openstack-keystone		02:00
*** bigdogstl has joined #openstack-keystone		02:00
*** threestrands_ has joined #openstack-keystone		02:02
*** masuberu has quit IRC		02:02
*** jappleii__ has quit IRC		02:04
*** bigdogstl has quit IRC		02:05
*** annp has joined #openstack-keystone		02:07
*** bigdogstl has joined #openstack-keystone		02:08
*** bigdogstl has quit IRC		02:17
*** edmondsw has quit IRC		02:34
*** bigdogstl has joined #openstack-keystone		02:52
*** abhi89 has joined #openstack-keystone		02:55
*** bigdogstl has quit IRC		02:58
*** bigdogstl has joined #openstack-keystone		03:04
openstackgerrit	wangxiyuan proposed openstack/keystone master: Add limit provider https://review.openstack.org/524109	03:08
openstackgerrit	wangxiyuan proposed openstack/keystone master: Implement policies for limits https://review.openstack.org/530143	03:08
openstackgerrit	wangxiyuan proposed openstack/keystone master: Expose unified limit APIs https://review.openstack.org/524110	03:08
*** markvoelker has quit IRC		03:13
*** nicolasbock has quit IRC		03:15
*** bigdogstl has quit IRC		03:19
*** jmlowe has quit IRC		03:44
*** bigdogstl has joined #openstack-keystone		03:46
*** edmondsw has joined #openstack-keystone		03:47
*** bigdogstl has quit IRC		03:51
*** namnh has joined #openstack-keystone		03:52
*** edmondsw has quit IRC		03:52
*** links has joined #openstack-keystone		04:06
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystone master: Updated from global requirements https://review.openstack.org/533880	04:09
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystoneauth master: Updated from global requirements https://review.openstack.org/533964	04:09
openstackgerrit	OpenStack Proposal Bot proposed openstack/keystonemiddleware master: Updated from global requirements https://review.openstack.org/528867	04:09
*** dave-mccowan has quit IRC		04:15
*** zhurong has quit IRC		04:22
*** SamYaple has quit IRC		04:24
*** SamYaple has joined #openstack-keystone		04:24
*** bigdogstl has joined #openstack-keystone		04:26
openstackgerrit	OpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements https://review.openstack.org/523791	04:28
openstackgerrit	OpenStack Proposal Bot proposed openstack/pycadf master: Updated from global requirements https://review.openstack.org/523791	04:28
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	04:30
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534026	04:30
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534027	04:30
*** bigdogstl has quit IRC		04:37
*** gyee has quit IRC		04:42
*** vishu1810 has joined #openstack-keystone		04:43
*** bigdogstl has joined #openstack-keystone		04:46
*** bigdogstl has quit IRC		04:51
*** bigdogstl has joined #openstack-keystone		04:58
*** blake has joined #openstack-keystone		04:59
*** cburgess has quit IRC		05:02
*** bigdogstl has quit IRC		05:03
*** cburgess has joined #openstack-keystone		05:08
*** cburgess has quit IRC		05:12
*** cburgess has joined #openstack-keystone		05:13
*** namnh_ has joined #openstack-keystone		05:22
*** namnh_ has quit IRC		05:22
*** bigdogstl has joined #openstack-keystone		05:23
*** namnh has quit IRC		05:25
*** bigdogstl has quit IRC		05:30
*** bigdogstl has joined #openstack-keystone		05:42
*** markvoelker has joined #openstack-keystone		05:44
*** markvoelker has quit IRC		05:49
*** bigdogstl has quit IRC		05:55
*** bigdogstl has joined #openstack-keystone		06:11
*** bigdogstl has quit IRC		06:20
*** bigdogstl has joined #openstack-keystone		06:26
openstackgerrit	Merged openstack/keystone master: Imported Translations from Zanata https://review.openstack.org/533093	06:35
openstackgerrit	Merged openstack/keystone master: Fix wrong url in config-options.rst https://review.openstack.org/533579	06:35
*** blake has quit IRC		06:36
openstackgerrit	wangxiyuan proposed openstack/keystone master: Add limit provider https://review.openstack.org/524109	06:37
openstackgerrit	wangxiyuan proposed openstack/keystone master: Implement policies for limits https://review.openstack.org/530143	06:37
openstackgerrit	wangxiyuan proposed openstack/keystone master: Expose unified limit APIs https://review.openstack.org/524110	06:37
*** bigdogstl has quit IRC		06:41
*** abhi89 has quit IRC		06:58
openstackgerrit	wangxiyuan proposed openstack/keystone master: Expose unified limit APIs https://review.openstack.org/524110	06:58
*** abhi89 has joined #openstack-keystone		07:00
*** links has quit IRC		07:06
*** rcernin has quit IRC		07:14
*** bigdogstl has joined #openstack-keystone		07:15
*** threestrands_ has quit IRC		07:18
*** links has joined #openstack-keystone		07:23
*** bigdogstl has quit IRC		07:23
*** edmondsw has joined #openstack-keystone		07:24
*** bigdogstl has joined #openstack-keystone		07:26
*** bigjools has joined #openstack-keystone		07:28
*** edmondsw has quit IRC		07:28
*** bigdogstl has quit IRC		07:31
*** links has quit IRC		07:39
openstackgerrit	Merged openstack/keystone master: adjust response code order in ''domains-config-v3.inc'' https://review.openstack.org/533103	07:39
openstackgerrit	Merged openstack/keystone master: put response code in table of ''domains.inc'' https://review.openstack.org/533097	07:39
openstackgerrit	Merged openstack/keystone master: add response example and 'extra' info of create user https://review.openstack.org/531156	07:39
*** aojea_ has joined #openstack-keystone		07:45
*** markvoelker has joined #openstack-keystone		07:46
*** abhi89 has quit IRC		07:47
*** abhi89 has joined #openstack-keystone		07:47
openstackgerrit	Merged openstack/keystone master: fix wrong url link of User trusts https://review.openstack.org/533032	07:59
openstackgerrit	Merged openstack/keystone master: Extract expiration validation to utils https://review.openstack.org/532257	07:59
*** dikonoor has joined #openstack-keystone		08:00
*** tesseract has joined #openstack-keystone		08:05
*** AlexeyAbashkin has joined #openstack-keystone		08:15
*** links has joined #openstack-keystone		08:15
*** bigdogstl has joined #openstack-keystone		08:18
*** markvoelker has quit IRC		08:19
*** bigdogstl has quit IRC		08:29
*** bigdogstl has joined #openstack-keystone		08:51
*** Drankis has joined #openstack-keystone		08:55
*** bigdogstl has quit IRC		08:56
openstackgerrit	Merged openstack/keystone master: Expose a get_enforcer method for oslo.policy scripts https://review.openstack.org/530828	09:04
*** edmondsw has joined #openstack-keystone		09:12
*** edmondsw has quit IRC		09:17
*** bigdogstl has joined #openstack-keystone		09:20
*** mvk has quit IRC		09:20
*** bigdogstl has quit IRC		09:31
*** slunkad has quit IRC		09:36
*** mvk has joined #openstack-keystone		09:53
openstackgerrit	wangxiyuan proposed openstack/keystone master: Add limit provider https://review.openstack.org/524109	09:55
openstackgerrit	wangxiyuan proposed openstack/keystone master: Implement policies for limits https://review.openstack.org/530143	09:55
openstackgerrit	wangxiyuan proposed openstack/keystone master: Expose unified limit APIs https://review.openstack.org/524110	09:55
*** bigdogstl has joined #openstack-keystone		10:00
*** slunkad has joined #openstack-keystone		10:03
*** samuelbartel has joined #openstack-keystone		10:08
*** bigdogstl has quit IRC		10:11
*** aojea_ has quit IRC		10:16
*** markvoelker has joined #openstack-keystone		10:16
*** aojea_ has joined #openstack-keystone		10:16
*** abhi89 has quit IRC		10:22
*** AlexeyAbashkin has quit IRC		10:23
*** AlexeyAbashkin has joined #openstack-keystone		10:26
openstackgerrit	Merged openstack/keystone master: adjust response code order in 'regions-v3.inc' https://review.openstack.org/533542	10:48
*** dikonoor has quit IRC		10:49
*** markvoelker has quit IRC		10:50
openstackgerrit	Merged openstack/keystone master: adjust response code order in 'authenticate-v3.inc' https://review.openstack.org/533559	10:54
*** mvk has quit IRC		10:58
*** edmondsw has joined #openstack-keystone		11:00
*** edmondsw has quit IRC		11:05
*** bigdogstl has joined #openstack-keystone		11:12
*** mvk has joined #openstack-keystone		11:13
*** aojea_ has quit IRC		11:19
*** bigdogstl has quit IRC		11:19
*** abhi89 has joined #openstack-keystone		11:22
*** aojea has joined #openstack-keystone		11:39
*** aojea has quit IRC		11:40
*** edmondsw has joined #openstack-keystone		12:03
*** sambetts\|afk is now known as sambetts		12:06
*** annp has quit IRC		12:10
*** HW-Peter has joined #openstack-keystone		12:12
*** raildo has joined #openstack-keystone		12:13
*** bigdogstl has joined #openstack-keystone		12:16
*** HW-Peter has quit IRC		12:16
*** HW-Peter has joined #openstack-keystone		12:17
*** HWPeter has joined #openstack-keystone		12:17
*** Peter-HW has joined #openstack-keystone		12:18
*** Peter-HW has quit IRC		12:21
*** Peter-HW has joined #openstack-keystone		12:21
*** nicolasbock has joined #openstack-keystone		12:22
*** Peter-HW has quit IRC		12:22
*** bigdogstl has quit IRC		12:23
*** Peter-HW has joined #openstack-keystone		12:23
*** Peter-HW has quit IRC		12:25
*** Peter-HW has joined #openstack-keystone		12:25
*** Peter-HW has quit IRC		12:26
*** Peter-HW has joined #openstack-keystone		12:27
*** Peter-HW has quit IRC		12:29
*** pcaruana has joined #openstack-keystone		12:33
*** Peter-HW has joined #openstack-keystone		12:36
*** bigdogstl has joined #openstack-keystone		12:38
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:39
*** HW_Peter has joined #openstack-keystone		12:39
*** bigdogstl has quit IRC		12:43
*** markvoelker has joined #openstack-keystone		12:47
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:48
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:50
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:50
*** bigdogstl has joined #openstack-keystone		12:52
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:53
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	12:55
*** bigdogstl has quit IRC		12:58
*** Peter-HW has quit IRC		12:59
*** HW_Peter has quit IRC		12:59
*** HWPeter has quit IRC		12:59
*** HW-Peter has quit IRC		12:59
*** Drankis has quit IRC		12:59
*** HW-Peter has joined #openstack-keystone		12:59
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	13:01
openstackgerrit	OpenStack Proposal Bot proposed openstack/python-keystoneclient master: Updated from global requirements https://review.openstack.org/534025	13:01
*** aloga has quit IRC		13:09
*** aloga has joined #openstack-keystone		13:10
*** markvoelker has quit IRC		13:20
*** bigdogstl has joined #openstack-keystone		13:23
*** bigdogstl has quit IRC		13:28
*** mvenesio has joined #openstack-keystone		13:30
openstackgerrit	Merged openstack/keystone master: adjust response code in order of credentials.inc https://review.openstack.org/533082	13:30
*** bigdogstl has joined #openstack-keystone		13:33
openstackgerrit	Merged openstack/keystone-tempest-plugin master: Use openstackdocstheme for docs and release notes https://review.openstack.org/531097	13:33
*** markvoelker has joined #openstack-keystone		13:33
*** dave-mccowan has joined #openstack-keystone		13:40
*** bigdogstl has quit IRC		13:43
*** dave-mccowan has quit IRC		13:47
openstackgerrit	Merged openstack/keystone master: Rename fernet_utils to token_utils https://review.openstack.org/527537	13:48
*** dave-mccowan has joined #openstack-keystone		13:57
*** links has quit IRC		14:05
*** ayoung has joined #openstack-keystone		14:18
*** jmlowe has joined #openstack-keystone		14:27
lbragstad	cmurphy: thanks for the rechecks this morning on the system scope stuff	14:27
cmurphy	lbragstad: np	14:28
cmurphy	cinder is having some issues, they're aware	14:28
*** david-lyle has quit IRC		14:33
lbragstad	ack	14:48
lbragstad	we'll have to get things merged to ksa this week	14:59
lbragstad	since it's non-client library freeze on the 19th	15:00
* cmurphy will prioritize ksa reviews for office hours		15:00
lbragstad	i need to put my ksa patch on the top of my priority today then	15:04
lbragstad	i need to do https://review.openstack.org/#/c/530509/ today too then	15:06
lbragstad	ayoung: probably has better context on that than i do	15:06
cmurphy	what's the relationship between library/client freeze and feature freeze? definitely not going to have ksa or ksc stuff done for application credentials this week	15:07
lbragstad	if i'm reading things right - https://releases.openstack.org/queens/schedule.html	15:08
lbragstad	ksa, ksm, and oslo libraries all freeze at the end of the week	15:08
lbragstad	Jan 26th client libraries freeze	15:09
lbragstad	i think the unified limit implementation is ready for folks to take another pass, too	15:13
lbragstad	https://review.openstack.org/#/c/524109/29	15:13
*** bigdogstl has joined #openstack-keystone		15:13
lbragstad	cmurphy: qq for you on the ksa bits for system scope	15:15
lbragstad	previously - i was detecting system scope by setting OS_SYSTEM_SCOPED = True	15:15
lbragstad	but given the changes to move away from a boolean in the server implementation, i'd think it also makes sense to take that same approach with ksa	15:16
lbragstad	and do something like OS_SYSTEM_SCOPE=all	15:16
cmurphy	lbragstad: makes sense	15:18
lbragstad	my question is - how should that look when you want to scope to a specific service?	15:19
lbragstad	OS_SYSTEM_SCOPE=all/regionOne/compute	15:19
cmurphy	what would it look like on the server side?	15:20
cmurphy	right now it's like '{"scope": { "system": "all" } }' or something?	15:21
lbragstad	i am guessing it would be something like '{"scope": {"system": {$service} }}'	15:22
lbragstad	where the services are components of the system	15:22
*** mvenesio has quit IRC		15:22
lbragstad	and having a role assignment on the entire system means 'all'	15:22
*** bigdogstl has quit IRC		15:22
*** mvenesio has joined #openstack-keystone		15:23
cmurphy	so {$service} means "region" (like the object type) or {$service} means "regionOne" (like the name of the object) ?	15:23
cmurphy	of i guess you mean {$service} means the name/type of the keystone service like "compute" ?	15:25
lbragstad	i suppose service could exist directly below 'all'	15:25
cmurphy	in which case how does keystone know that we means scope to a service as opposed to another type of thing like a region?	15:25
lbragstad	i think you'd have to make it so that you can scope only to a service?	15:26
lbragstad	(unless generating tokens for a region is useful at some point)	15:26
cmurphy	i thought we'd brought up regions as a possible use case for a hierarchical system like this	15:27
*** mvenesio has quit IRC		15:27
lbragstad	yeah - we did	15:27
lbragstad	i'm just wondering if building the initial bit to be OS_SYSTEM_SCOPE=all prevents anything in the future?	15:28
lbragstad	or if we want that to be a different type?	15:28
*** links has joined #openstack-keystone		15:29
cmurphy	i am imagining a future where we have something like '{"scope": { "system": "region", "region": "regionOne" } }' which would need a client that could do something like OS_SYSTEM_SCOPE=region OS_SCOPE_TARGET=regionOne	15:30
cmurphy	but as long as '{"scope": { "system": "$something" }}' is all that's possible then I think OS_SYSTEM_SCOPE covers it	15:32
lbragstad	right now it is '{"system": {"all": True}}'	15:33
cmurphy	oh okay	15:33
lbragstad	that should still work, right?	15:34
cmurphy	so if a service scope was added would it look like '{"system": {"service": "compute"}}' ?	15:35
lbragstad	'{"system": {"all": True, "us-east": {"compute": "..."}, "us-west", {"compute": "..."}}}'	15:36
lbragstad	or yeah - you could just leave the region out of it all together	15:37
lbragstad	because that would be perfect for the global identity use case	15:37
lbragstad	(e.g. get me a token scoped to only identity operations)	15:38
cmurphy	well i didn't mean to suggest leave region out, was just trying to guess what service scope would look like	15:38
lbragstad	right - i can see cases where service scope includes a region and doesn't include a region	15:38
cmurphy	right	15:39
lbragstad	which is probably going to complicate things :)	15:39
cmurphy	lol	15:39
*** spilla has joined #openstack-keystone		15:40
lbragstad	but - from what i can tell, you'd need the ability to drill down to a specific service in a region	15:40
*** prashkre has joined #openstack-keystone		15:40
cmurphy	okay, well it's sort of hard for me to wrap my brain around but as far as I can tell OS_SYSTEM_SCOPE=all is probably fine for now and we can potentially add new parameters if we can't find a way to have OS_SYSTEM_SCOPE describe our future levels of scope	15:41
cmurphy	might be good to get jamielennox's input	15:41
lbragstad	yeah - i think i agree	15:41
lbragstad	so long as we not making it a boolean initially	15:41
lbragstad	because i think we'd be trying to migrate from True -> all or True -> us-east:compute later	15:42
*** itlinux has quit IRC		15:42
lbragstad	cmurphy: thanks for the input cmurphy - that helped	15:48
*** david-lyle has joined #openstack-keystone		15:49
cmurphy	np	15:49
lbragstad	knikolla: i noticed you had a patch up to ksa for the global roles stuff	15:49
lbragstad	but i figured that was prior to the system role changes?	15:49
*** bigdogstl has joined #openstack-keystone		15:50
knikolla	lbragstad: yep, that was before the ptg discussion	15:50
lbragstad	ok - cool	15:50
lbragstad	just fyi - i have https://review.openstack.org/#/c/529665 and i'll be posted some updates to it today	15:50
*** links has quit IRC		15:51
knikolla	lbragstad: cool, feel free to abandon my patch since it's superseded.	15:52
*** dave-mccowan has quit IRC		15:52
*** bigdogstl has quit IRC		16:02
gagehugo	o/	16:08
knikolla	o/	16:08
lbragstad	taking an early lunch to shovel the driveway quick before the keystone meeting	16:09
lbragstad	should be back in about 30	16:09
*** dave-mccowan has joined #openstack-keystone		16:21
*** links has joined #openstack-keystone		16:25
*** spilla has quit IRC		16:38
*** spilla_ has joined #openstack-keystone		16:38
*** gyee has joined #openstack-keystone		16:41
*** itlinux has joined #openstack-keystone		16:44
*** panbalag has joined #openstack-keystone		16:46
*** bigdogstl has joined #openstack-keystone		16:47
*** itlinux has quit IRC		16:49
*** rha has joined #openstack-keystone		16:49
prashkre	lbragstad: Hi. Could you please take a look at the bug https://bugs.launchpad.net/keystone/+bug/1743603	16:51
openstack	Launchpad bug 1743603 in OpenStack Identity (keystone) "Unexpected service token warning message in keystone log" [Undecided,New]	16:51
*** bigdogstl has quit IRC		16:51
openstackgerrit	Merged openstack/keystone master: Reorganize api-ref: v3-ext endpoint-policy.inc https://review.openstack.org/531704	16:53
openstackgerrit	Merged openstack/keystoneauth master: Mark SAML loader properties as required https://review.openstack.org/523675	16:53
openstackgerrit	Merged openstack/keystoneauth master: Add osc, shade and sdk tips jobs https://review.openstack.org/524656	16:53
openstackgerrit	Merged openstack/keystoneauth master: Updated from global requirements https://review.openstack.org/533964	16:53
*** bigdogstl has joined #openstack-keystone		16:54
*** mvk has quit IRC		16:54
*** links has quit IRC		16:54
*** bigdogstl has quit IRC		16:59
openstackgerrit	Merged openstack/keystone master: Reorganize api-ref: v3-ext federation projects-domains https://review.openstack.org/507008	17:09
*** AlexeyAbashkin has quit IRC		17:11
openstackgerrit	Gage Hugo proposed openstack/keystone master: Move token_formatter to token https://review.openstack.org/527538	17:16
*** tesseract has quit IRC		17:21
gagehugo	lbragstad cmurphy not sure why that was in merge conflict, I had to pull it down and rebase, but it merged fine ^	17:22
lbragstad	cool - reapplied my +2	17:23
*** bigdogstl has joined #openstack-keystone		17:28
*** zigo has quit IRC		17:33
*** openstackgerrit has quit IRC		17:33
*** mvenesio has joined #openstack-keystone		17:34
*** zigo has joined #openstack-keystone		17:37
*** HW_Peter has joined #openstack-keystone		17:38
*** bigdogstl has quit IRC		17:38
*** openstackgerrit has joined #openstack-keystone		17:51
openstackgerrit	Merged openstack/keystone master: Use keystone.common.provider_api for trust APIs https://review.openstack.org/530247	17:51
openstackgerrit	Merged openstack/keystone master: Reorganize api-ref: v3-ext federation assertion.inc https://review.openstack.org/532855	17:51
ayoung	lbragstad, better context on which topic?	18:02
lbragstad	ayoung: oslo.context + system scope	18:02
ayoung	lbragstad, heh, yeah right now, it is going to show up as a role, but have no project associated with it....	18:03
*** bigdogstl has joined #openstack-keystone		18:06
*** david-lyle has quit IRC		18:08
kmalloc	cmurphy: sorry about the -1 on app-cred db migration. can discuss more if needed, but running through the whole chain and noticed a mis-match in proper schema optimisation (eliminating a future migration need), basicall PK should be INT (and internal only)	18:10
kmalloc	cmurphy: i can help with massaging the code if needed.	18:10
*** bigdogstl has quit IRC		18:11
cmurphy	kmalloc: no need to apologize, will look in a minute	18:11
kmalloc	yeah just wanted to toss in a heads up while the meeting was going on :)	18:12
*** links has joined #openstack-keystone		18:17
*** prashkre has quit IRC		18:18
*** bigdogstl has joined #openstack-keystone		18:19
*** bigdogstl has quit IRC		18:24
*** bigdogstl has joined #openstack-keystone		18:26
*** links has quit IRC		18:34
*** bigdogstl has quit IRC		18:35
*** links has joined #openstack-keystone		18:36
*** panbalag has left #openstack-keystone		18:36
*** prashkre has joined #openstack-keystone		18:41
*** AlexeyAbashkin has joined #openstack-keystone		18:43
*** rmcall_ has joined #openstack-keystone		18:45
*** lbragstad_ has joined #openstack-keystone		18:47
*** AlexeyAbashkin has quit IRC		18:48
*** lbragstad has quit IRC		18:49
*** lbragstad_ is now known as lbragstad		18:50
*** ChanServ sets mode: +o lbragstad		18:50
*** efried is now known as efried_nomnom		18:57
* gagehugo needs food badly		18:58
gagehugo	I'll be back in an hour or so	18:58
gagehugo	for office hours	18:58
*** sambetts is now known as sambetts\|afk		18:58
*** david-lyle has joined #openstack-keystone		18:59
*** spzala has joined #openstack-keystone		19:01
lbragstad	#startmeeting keystone-office-hours	19:02
openstack	Meeting started Tue Jan 16 19:02:26 2018 UTC and is due to finish in 60 minutes. The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.	19:02
openstack	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	19:02
*** openstack changes topic to " (Meeting topic: keystone-office-hours)"		19:02
*** ChanServ changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/5F0h9Hoe/keystone"		19:02
openstack	The meeting name has been set to 'keystone_office_hours'	19:02
*** links has quit IRC		19:07
cmurphy	kmalloc: can you show me an example of one of our tables that use an int as the PK? checking a few the only one i've found so far is password which isn't exposed publicly	19:08
kmalloc	sure.	19:09
kmalloc	sec.	19:09
kmalloc	most are the new tables	19:10
kmalloc	aka, localuser nonlocaluser, etc, this is all because the rest is historical	19:10
kmalloc	and changing the id/pk structure is hard(tm)	19:11
cmurphy	kmalloc: are you suggesting that the ID that's exposed to the user should be an int rather than a uuid? or you want two columns?	19:12
kmalloc	no, two columns	19:12
cmurphy	okay	19:12
kmalloc	the int PK should just be used internal PK, and referenced for FKs etc as needed	19:12
kmalloc	but converting to the user, the app_cred_id the user sees is "uuid"	19:13
kmalloc	and the int pk is always stripped	19:13
kmalloc	i wont be too picky if you don't want to do this.	19:13
kmalloc	it is just a better mechanism for the RDBMS backends.	19:14
*** prashkre has quit IRC		19:14
cmurphy	no that all sounds fine, i was going to object if you were wanting the external ID to be an int	19:14
kmalloc	nope, 100% should not expose the PK as an int :)	19:15
kmalloc	should be a separate id that is "user-friendly/unique" for whatever value uuid is user-friendly	19:16
*** abhi89 has quit IRC		19:19
*** itlinux has joined #openstack-keystone		19:20
ayoung	jamielennox, or anyone that can answer for him...I was creating a session in some resurrected code using keystoneclient.auth.Session...specificallty, I need the arg parse stuff. Do we have comparable examples for keystoneauth1?	19:24
ayoung	keystoneauth1.loading.cli.register_argparse_arguments( something?	19:28
kmalloc	cli arg parsing?	19:34
kmalloc	ayoung: https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L32 and https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/loading/cli.py#L77	19:35
kmalloc	register adds the values to argparse	19:35
kmalloc	so you pass your parser and the ARGV in	19:35
kmalloc	and then the load_from_argparse does the plugin magic based upon the compiled argparse results	19:36
*** bigdogstl has joined #openstack-keystone		19:38
ayoung	kmalloc, right...what do I need to do to call that?	19:40
ayoung	before I had	19:40
ayoung	https://github.com/admiyo/ossipee/blob/master/ossipee-inventory.py#L9	19:40
ayoung	kmalloc, ^^	19:40
ayoung	seems like there is one more call there than there should be	19:41
kmalloc	hmm.	19:41
ayoung	that was keystone client,. based on jamielennox	19:41
ayoung	's example	19:41
ayoung	so I would think I would be mapping one to one with ksa	19:41
ayoung	AttributeError: module 'keystoneauth1.loading.adapter' has no attribute 'load_from_argparse_arguments'	19:42
ayoung	So it is something different	19:42
ayoung	and the warning I got on the old code was	19:43
ayoung	UserWarning: Using keystoneclient sessions has been deprecated. Please update your software to use keystoneauth1.	19:43
ayoung	so something to make a ksa session, I think	19:43
*** harlowja has joined #openstack-keystone		19:44
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credentials db migration https://review.openstack.org/524927	19:47
ayoung	argparse.ArgumentError: argument --os-auth-type/--os-auth-plugin: conflicting option strings: --os-auth-type, --os-auth-plugin	19:48
ayoung	hmmm	19:48
*** bigdogstl has quit IRC		19:48
*** itlinux has quit IRC		19:50
*** pcaruana has quit IRC		19:50
kmalloc	that sounds like you've registered multiple times	19:52
ayoung	kmalloc, got successful code for doing this?	19:54
kmalloc	not on hand	19:55
*** david-lyle has quit IRC		19:57
*** david-lyle has joined #openstack-keystone		19:57
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928	19:58
*** mvk has joined #openstack-keystone		19:59
ayoung	maybe we need to say jamielennox 's names 3 times to summon him	20:01
*** itlinux has joined #openstack-keystone		20:05
*** bigdogstl has joined #openstack-keystone		20:09
openstackgerrit	Merged openstack/keystone master: Implement controller logic for system user assignments https://review.openstack.org/515215	20:09
*** dave-mccowan has quit IRC		20:12
gagehugo	o/	20:14
*** bigdogstl has quit IRC		20:14
*** mvk has quit IRC		20:19
*** panbalag has joined #openstack-keystone		20:27
*** panbalag has left #openstack-keystone		20:28
*** bigdogstl has joined #openstack-keystone		20:28
*** dave-mccowan has joined #openstack-keystone		20:33
*** bigdogstl has quit IRC		20:38
openstackgerrit	Lance Bragstad proposed openstack/keystoneauth master: Implement system scope https://review.openstack.org/529665	20:39
lbragstad	cmurphy: jamielennox ^ my ksa system scope patch	20:41
lbragstad	i reworked it to expect a string instead of a boolnea	20:41
lbragstad	boolean*	20:41
*** efried_nomnom is now known as efried		20:42
ayoung	kmalloc, I wonder if I should just jump to using osc-lib	20:43
ayoung	looks like it goes too far in the init process, won't let me controll the parts I need before parsing, etc, but I can probably duplicate what iti is doing	20:44
*** rmcall_ has quit IRC		20:45
*** rmcall_ has joined #openstack-keystone		20:49
ayoung	dtroyer, I was trying to update some code that origianlly followed jamielennox 's approach to creating a sessions, but it has bit rotted. As I track what is going on now, I wonder if I should be using osc-lib	20:57
ayoung	the code is mostly neutron and nova calls for setting up and tearing down a development environ, and I might decided to redo it using shade.	20:58
gagehugo	lbragstad not sure where exactly, but that is probably something good to document	20:58
lbragstad	gagehugo: yeah	20:58
lbragstad	dev docs maybe?	20:58
gagehugo	I feel like that may have gotten brought up for tags as well before we nix'd the id	20:58
gagehugo	sure	20:58
lbragstad	oh - that's right, because tag name and project were unique..	20:59
ayoung	kmalloc, if I use shade, is there a way I can keep the passwords out of config files?	20:59
lbragstad	so no id required	20:59
gagehugo	ye	21:00
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928	21:04
mordred	ayoung: the os_client_config.Config constructor supports a pw_func parameter which is a function to call in the case of a missing password	21:08
mordred	ayoung: which, incidentally, is what osc-lib uses to prompt you for a password	21:10
ayoung	mordred, so the thing I liked about creaing a session from cli args is that it get OS_PASSWORD implicitly.	21:10
mordred	ah - yes. if that's all you want it's even easier	21:11
ayoung	so people source the same .rc file as they do for cli calls, but then called my code instead	21:11
ayoung	I'm really trying to not rewrite my 4 year old code	21:11
openstackgerrit	Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place https://review.openstack.org/534440	21:11
mordred	yah. please don't resurrect any additional ways of creating keystone sessions - we've got that very well covered now :)	21:11
ayoung	actually, last commit was Mar 17, 2016	21:12
mordred	ayoung: all of the helper factory functions in os_client_config/__init__.py support passing in an argparse instance	21:12
*** david-lyle has quit IRC		21:12
mordred	ayoung: and will register the common argparse options for you, then os_client_config will consume them when creating the config object	21:13
ayoung	mordred, let me cut to the chase. I need a novaclient and a neutron client from environ vars	21:13
openstackgerrit	Lance Bragstad proposed openstack/oslo.policy master: Move _capture_stdout to a common place https://review.openstack.org/534440	21:14
mordred	yup. that's SUPER easy	21:14
ayoung	https://docs.openstack.org/os-client-config/latest/user/using.html something off there?	21:14
mordred	ayoung: do you specifically want an instance of python-novaclient and python-neutronclient? or do you want ksa Adapters to make REST calls on them?	21:15
*** bigdogstl has joined #openstack-keystone		21:15
ayoung	um....	21:15
ayoung	I was working with python-nova and pythonneutron clients	21:15
mordred	gotcha.	21:15
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager https://review.openstack.org/524747	21:15
mordred	so for that, you want https://docs.openstack.org/os-client-config/latest/user/using.html#constructing-legacy-client-objects	21:15
ayoung	from novaclient import client as novaclient	21:15
mordred	yah	21:15
mordred	I mean- I'd avoid using that myself	21:16
mordred	but if that's what you want, we got you covered :)	21:16
ayoung	mordred, this code is almost old enough to buy cigaretts	21:16
ayoung	just trying to get it working again	21:16
ayoung	if I end up doing too much work, I'll redo it as an ansible playbook	21:16
mordred	the simplest way is nova = os_client_config.make_client('compute', cloud='envvars')	21:16
mordred	that'll get youa novaclient.Client from OS_ env vars	21:16
ayoung	++	21:17
ayoung	I'll try that, thanks	21:17
mordred	you can get fancier if you need to - like if you also want to support argparse arguments	21:17
mordred	ayoung: nova = os_client_config.make_client('compute', cloud='envvars', options=Some_argparse_namespace_object)	21:18
*** threestrands_ has joined #openstack-keystone		21:18
mordred	ayoung: let me know if you run in to any issues - the use case you describe should be pretty solid	21:18
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credentials db migration https://review.openstack.org/524927	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credentials driver https://review.openstack.org/524928	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add Application Credentials manager https://review.openstack.org/524747	21:20
mordred	os_client_config.make_client('compute', cloud='envvars', options=argparse.ArgumentParser()) will do the trick if you don't have any _other_ argparse items to add	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add Application Credentials controller https://review.openstack.org/524423	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add application credential auth plugin https://review.openstack.org/525346	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Allow overriding app cred restrictions https://review.openstack.org/533431	21:20
openstackgerrit	Colleen Murphy proposed openstack/keystone master: Add api-ref for application credentials https://review.openstack.org/533744	21:20
*** david-lyle has joined #openstack-keystone		21:23
*** HW-Peter has quit IRC		21:38
*** bigdogstl has quit IRC		21:45
*** bigdogstl has joined #openstack-keystone		21:51
*** rmcall_ has quit IRC		21:55
*** itlinux has quit IRC		21:58
openstackgerrit	Lance Bragstad proposed openstack/oslo.policy master: Render deprecated policy names when generating files https://review.openstack.org/532685	22:00
lbragstad	whew - barely beat the buzzer!	22:00
lbragstad	#endmeeting	22:00
*** openstack changes topic to "Queens release schedule: https://releases.openstack.org/queens/schedule.html \| Meeting agenda: https://etherpad.openstack.org/p/keystone-weekly-meeting \| Bugs that need triaging: http://bit.ly/2iJuN1h \| Trello: https://trello.com/b/5F0h9Hoe/keystone"		22:00
openstack	Meeting ended Tue Jan 16 22:00:47 2018 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	22:00
openstack	Minutes: http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-16-19.02.html	22:00
openstack	Minutes (text): http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-16-19.02.txt	22:00
openstack	Log: http://eavesdrop.openstack.org/meetings/keystone_office_hours/2018/keystone_office_hours.2018-01-16-19.02.log.html	22:00
lbragstad	mgagne: added some tests to https://review.openstack.org/#/c/532685/	22:01
*** bigdogstl has quit IRC		22:03
*** bigdogstl has joined #openstack-keystone		22:05
*** spilla_ has quit IRC		22:09
jamielennox	ayoung: did you figure it out	22:11
jamielennox	got mentioned a bunch of times there, haven't read it all	22:11
lbragstad	cmurphy: i took a stab at addressing your comments here - https://review.openstack.org/#/c/524307/12	22:17
lbragstad	and in the subsequent patch,too	22:17
lbragstad	jamielennox: i know we pinged you at least once about the ksa system scope bits :)	22:18
lbragstad	i reworked them to not be booleans	22:18
jamielennox	no worries, haven't been online for a day or two so not sure how old the different messages are	22:18
jamielennox	they have timestamps, but no date stamps	22:19
*** bigdogstl has quit IRC		22:22
lbragstad	i think they were from today	22:22
lbragstad	jamielennox: does ksa have testing in place for things like scope?	22:22
jamielennox	it has tests for domain and project, obviously nothing for system	22:23
jamielennox	i can't point to exactly where	22:23
jamielennox	off the top of my head	22:23
jamielennox	mostly there's a v2 and v3 folder and it's probably called test_auth or something	22:24
lbragstad	ok	22:24
lbragstad	looks like it might be in test/unit/access	22:26
openstackgerrit	Colleen Murphy proposed openstack/keystoneauth master: WIP Add an application credentials auth method https://review.openstack.org/534455	22:30
*** rcernin has joined #openstack-keystone		22:31
*** itlinux has joined #openstack-keystone		22:39
*** mvenesio has quit IRC		22:41
*** itlinux has quit IRC		22:41
*** itlinux has joined #openstack-keystone		22:42
*** itlinux has quit IRC		22:47
*** jroll has quit IRC		22:53
*** edmondsw has quit IRC		22:55
*** edmondsw has joined #openstack-keystone		22:56
*** dave-mccowan has quit IRC		22:56
*** jroll has joined #openstack-keystone		22:58
*** edmondsw has quit IRC		23:00
*** bigdogstl has joined #openstack-keystone		23:00
openstackgerrit	Lance Bragstad proposed openstack/keystoneauth master: Implement system scope https://review.openstack.org/529665	23:01
*** jmlowe_ has joined #openstack-keystone		23:04
*** jmlowe has quit IRC		23:05
*** bigdogstl has quit IRC		23:08
openstackgerrit	Merged openstack/keystonemiddleware master: Updated from global requirements https://review.openstack.org/528867	23:09
*** bigdogstl has joined #openstack-keystone		23:16
*** bigdogstl has quit IRC		23:22
*** bigdogstl has joined #openstack-keystone		23:33
*** sticker has joined #openstack-keystone		23:38
*** bigdogstl has quit IRC		23:45

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!