Wednesday, 2018-05-09

*** dgonzalez has quit IRC		00:17
*** dgonzalez has joined #openstack-keystone		00:17
*** gyee has quit IRC		00:36
*** Dinesh_Bhor has joined #openstack-keystone		00:42
*** harlowja has quit IRC		00:51
*** nicolasbock has quit IRC		00:57
*** felipemonteiro__ has joined #openstack-keystone		01:08
*** username_ has joined #openstack-keystone		01:22
*** username_ is now known as username__		01:23
*** felipemonteiro__ has quit IRC		01:27
*** gongysh has joined #openstack-keystone		01:37
openstackgerrit	wangxiyuan proposed openstack/keystone master: Fix the test for unique IdP https://review.openstack.org/563812	02:29
*** username__ has quit IRC		02:35
*** rcernin has quit IRC		03:14
*** threestrands has joined #openstack-keystone		03:38
*** threestrands has quit IRC		03:38
*** threestrands has joined #openstack-keystone		03:38
*** links has joined #openstack-keystone		03:42
*** gyan_ has joined #openstack-keystone		03:44
*** dave-mccowan has quit IRC		03:48
openstackgerrit	wangxiyuan proposed openstack/keystone master: Remove token driver configuration https://review.openstack.org/567110	03:50
*** cburgess_ has quit IRC		04:16
*** cburgess has joined #openstack-keystone		04:26
*** gongysh has quit IRC		04:36
*** Dinesh_Bhor has quit IRC		05:00
*** Dinesh_Bhor has joined #openstack-keystone		05:03
*** aojea has joined #openstack-keystone		05:17
*** gongysh has joined #openstack-keystone		05:18
*** aojea has quit IRC		05:31
*** hoonetorg has quit IRC		05:33
*** gongysh has quit IRC		05:37
*** hoonetorg has joined #openstack-keystone		05:44
*** threestrands has quit IRC		05:54
*** pcaruana has joined #openstack-keystone		05:57
openstackgerrit	wangxiyuan proposed openstack/keystone master: Remove token driver configuration https://review.openstack.org/567110	06:16
*** Dinesh_Bhor has quit IRC		06:16
*** Dinesh_Bhor has joined #openstack-keystone		06:18
*** annp has joined #openstack-keystone		06:22
*** xinran__ has joined #openstack-keystone		06:25
*** jaosorior has joined #openstack-keystone		06:34
*** tesseract has joined #openstack-keystone		07:22
*** masber has quit IRC		07:36
*** rpittau has joined #openstack-keystone		07:57
*** namnh has joined #openstack-keystone		08:02
*** edmondsw has joined #openstack-keystone		08:35
*** jaosorior has quit IRC		08:36
*** edmondsw has quit IRC		08:40
*** jaosorior has joined #openstack-keystone		08:41
*** gyankum has joined #openstack-keystone		08:55
*** nicolasbock has joined #openstack-keystone		08:56
*** Dinesh_Bhor has quit IRC		09:32
openstackgerrit	Stephen Finucane proposed openstack/oslo.policy master: generator: Reimplement wrapping of 'description' https://review.openstack.org/485646	10:22
openstackgerrit	Stephen Finucane proposed openstack/oslo.policy master: trivial: Fix file permissions https://review.openstack.org/567182	10:22
*** namnh has quit IRC		10:28
*** annp has quit IRC		10:33
*** mchlumsky_ has joined #openstack-keystone		10:59
*** mchlumsky has quit IRC		10:59
*** raildo has joined #openstack-keystone		11:54
*** xinran__ has quit IRC		12:05
*** edmondsw has joined #openstack-keystone		12:10
*** jdennis has quit IRC		12:16
*** Raju has joined #openstack-keystone		12:18
*** jmlowe has quit IRC		12:20
*** pcaruana has quit IRC		12:21
Raju	Question on keystone regions and tenants. Is there a way to restrict restrict region access to specific tenants?	12:21
*** jdennis has joined #openstack-keystone		12:22
*** dave-mccowan has joined #openstack-keystone		12:43
*** gyan_ has quit IRC		12:51
*** gyankum has quit IRC		12:51
*** jmlowe has joined #openstack-keystone		13:02
*** sapd has quit IRC		13:05
lbragstad	Raju: there is a endpoint to project mapping API within keystone	13:06
lbragstad	so depending on the project you're working with, you'll get endpoints in the catalog specific to that project	13:06
lbragstad	Raju: here is the API reference - https://developer.openstack.org/api-ref/identity/v3-ext/index.html#os-ep-filter-api	13:07
*** Raju has quit IRC		13:07
lbragstad	mordred: ping	13:09
openstackgerrit	Harry Rybacki proposed openstack/keystone-specs master: Define a set of basic default roles https://review.openstack.org/566377	13:27
*** felipemonteiro__ has joined #openstack-keystone		13:34
hrybacki	o/	13:34
mordred	lbragstad: heya	13:35
hrybacki	Process question -- if we have a LP is raised in Master but determined to actually exist in say Queens and Pike, do we create a LP for each 'backport' that will be required?	13:35
mordred	lbragstad: what did I break?	13:35
lbragstad	mordred: o/ nothing, but i have a question via proxy... a classmate of mine is deploying a small openstack cluster for scientific purposes and is kicking the tires	13:36
mordred	phew	13:36
lbragstad	mordred: he had a question about all these rc files laying around with credentials and wondered if there was a better option	13:36
lbragstad	i thought of clouds.yaml, and wondered if that'd be a better option?	13:37
mordred	yes. noone should ever use rc files for any purpose	13:37
mordred	he should totally use clouds.yaml ... and ...	13:37
* lbragstad waits anxiously in anticipation		13:38
mordred	if he wants, he can optionally put his secrets into ~/.config/openstack/secure.yaml alongside clouds.yaml if he wants to	13:38
mordred	(although I'm not sure that actually buys him a ton just as a local user)	13:38
lbragstad	oh - so clouds.yaml contains the mapping and endpoints, and looks for secure for the password	13:38
mordred	yah. it'll merge the two files if it finds both	13:39
lbragstad	oh - nice	13:39
mordred	it's more useful for places putting clouds.yaml into config management	13:39
lbragstad	that makes total sense	13:39
mordred	death to rc files	13:39
lbragstad	is clouds.yaml parsed on every request?	13:40
*** pcaruana has joined #openstack-keystone		13:40
lbragstad	so after i update it, i don't have to source anything?	13:40
*** jaosorior has quit IRC		13:43
*** jaosorior has joined #openstack-keystone		13:50
*** spilla has joined #openstack-keystone		13:53
*** felipemonteiro_ has joined #openstack-keystone		13:53
*** felipemonteiro__ has quit IRC		13:56
*** xinran__ has joined #openstack-keystone		13:59
cmurphy	lbragstad: that's correct	14:00
*** pcaruana has quit IRC		14:05
gagehugo	o/	14:06
lbragstad	thanks cmurphy	14:07
*** pcaruana has joined #openstack-keystone		14:08
*** pcaruana has quit IRC		14:25
*** pcaruana has joined #openstack-keystone		14:26
lbragstad	kmalloc: curious if you want to follow up here? https://review.openstack.org/#/c/564072/4	14:32
*** felipemonteiro__ has joined #openstack-keystone		14:34
*** felipemonteiro_ has quit IRC		14:37
*** germs has joined #openstack-keystone		14:37
*** germs has quit IRC		14:37
*** germs has joined #openstack-keystone		14:37
*** r-daneel has joined #openstack-keystone		14:37
lbragstad	does anyone else get this when using os-cloud http://paste.openstack.org/show/720687/ ?	14:40
lbragstad	fwiw - my endpoint doesn't have a version appended to it (e.g. http://localhost/identity)	14:41
*** r-daneel_ has joined #openstack-keystone		14:41
*** jaosorior has quit IRC		14:41
*** r-daneel has quit IRC		14:42
*** r-daneel_ is now known as r-daneel		14:42
*** abhi89 has joined #openstack-keystone		14:42
gagehugo	lbragstad I usually specify the version	14:42
lbragstad	gagehugo: in the url?	14:43
gagehugo	yeah	14:43
gagehugo	https://github.com/openstack/openstack-helm/blob/master/tools/deployment/common/setup-client.sh#L24	14:44
lbragstad	hmm	14:44
lbragstad	http://paste.openstack.org/raw/720688/	14:44
lbragstad	oh...	14:44
* lbragstad facepalms		14:44
gagehugo	well the url and in identity_api_version	14:45
*** germs has quit IRC		14:46
*** germs has joined #openstack-keystone		14:46
*** germs has quit IRC		14:46
*** germs has joined #openstack-keystone		14:46
abhi89	lbragstad: Hi Lance.. can you please take a look at https://bugs.launchpad.net/keystone/+bug/1767323.. its regarding personal data being logged when configured with ldap..	14:47
openstack	Launchpad bug 1767323 in OpenStack Identity (keystone) "Keystone ldap logs personal information" [Undecided,New]	14:47
kmalloc	lbragstad: +a	14:51
lbragstad	abhi89: that information is only logged when log level is debug	14:52
lbragstad	abhi89: so you have an issue if you turn debug logging on in production?	14:53
abhi89	lbragstad: yes, PI is logged in only debug mode.. many times we would want customers to turn on the debug mode & provide us with the logs, in which case the customer is not aware that his PI is getting logged..	14:54
kmalloc	lbragstad: we can probably offer some filtering in ldap config too. But, this very much goes to (and I agree) don't run prod with production	14:54
kmalloc	Debug in production*	14:55
*** felipemonteiro__ has quit IRC		14:55
*** felipemonteiro_ has joined #openstack-keystone		14:55
kmalloc	We can't 100% sanitize debug logs.	14:56
lbragstad	so would we expose a configuration option that only allows specific information to be, or not be, logged?	14:56
kmalloc	That filters out attributes from the ldap resources	14:57
kmalloc	We can make some assertions based upon the rfc for people	14:57
kmalloc	I can take this on, it is med. Priority at best. Largly, it is to limit pii pulled from ldap.	14:58
lbragstad	cool - i'll update the bug	14:58
kmalloc	So it won't ever leak into logs. That said.... Don't run production in debug, especially with regards to gdpr	14:58
*** spilla has quit IRC		14:58
abhi89	kmalloc, lbragstad: sure, thanks	14:59
*** edmondsw has quit IRC		15:04
kmalloc	Yep. Np	15:04
lbragstad	oh - not sure if folks here saw, but apparently there is test storyboard deployment available for practice migrations	15:07
*** gyankum has joined #openstack-keystone		15:08
lbragstad	people from the storyboard team are offering to do test migrations for projects to this test system	15:08
*** gyan_ has joined #openstack-keystone		15:08
lbragstad	so - if anyone is interesting in tinkering with storyboard with real-ish data, it'll be available	15:08
lbragstad	interested*	15:08
*** felipemonteiro_ has quit IRC		15:16
*** felipemonteiro_ has joined #openstack-keystone		15:16
*** links has quit IRC		15:25
hrybacki	lbragstad: which people?	15:28
lbragstad	hrybacki: as in who is going to be doing the mock migration?	15:31
hrybacki	Aye	15:32
lbragstad	diablo_rojo offered to get things going for us	15:32
lbragstad	i think it also gives them an opportunity to test out the migration tooling they have	15:32
lbragstad	dhellmann was impressed with it	15:33
*** germs has quit IRC		15:36
*** germs has joined #openstack-keystone		15:37
*** gyee has joined #openstack-keystone		15:38
hrybacki	awesome, I'll make a point to reach out to him this week	15:39
hrybacki	him/her/they*	15:39
hrybacki	although diablo_rojo is definitively masculine :P	15:40
lbragstad	kmalloc: this goes hand in hand with the ksm patch :) https://review.openstack.org/#/c/530509/	15:50
lbragstad	hrybacki: this might also be applicable to our work now https://review.openstack.org/#/c/551337/3	15:52
kmalloc	+1, looks good in general	15:52
lbragstad	thanks kmalloc	15:52
*** spilla has joined #openstack-keystone		16:02
lbragstad	does anyone have talks during the summit they want mentioned during the project update?	16:03
lbragstad	or does anyone know of keystone talks that we should mention?	16:03
lbragstad	luckily the project update is early in the week, so we have the opportunity to plug talks	16:04
cmurphy	lbragstad: https://www.openstack.org/summit/vancouver-2018/summit-schedule/events/20836/enabling-cloud-native-applications-with-application-credentials-in-keystone :)	16:11
* cmurphy should start prepping for that		16:11
lbragstad	perfect - it's already on the list	16:12
*** abhi89 has quit IRC		16:12
*** spilla has quit IRC		16:14
*** abhi89 has joined #openstack-keystone		16:17
*** r-daneel has quit IRC		16:18
openstackgerrit	Merged openstack/keystonemiddleware master: Introduce new header for system-scoped tokens https://review.openstack.org/564072	16:21
lbragstad	another question related to the project update	16:24
lbragstad	for the Stein release, are there any big initiatives we can already see being targeted to that release?	16:24
lbragstad	right now i have cross-project default roles, consumption of unified limits, and a couple other things...	16:24
*** gyankum has quit IRC		16:33
*** gyan_ has quit IRC		16:34
openstackgerrit	Felipe Monteiro proposed openstack/keystone-specs master: Patrole (RBAC) Keystone Gating https://review.openstack.org/464678	16:36
*** masber has joined #openstack-keystone		16:40
lbragstad	cmurphy: i don't want to spoil anything, but are you going to do a live demo in your app cred talk?	16:40
cmurphy	lbragstad: yeah i think so	16:41
cmurphy	will def be an easier demo than the federation demo	16:41
lbragstad	nice!	16:44
*** r-daneel has joined #openstack-keystone		16:54
*** tesseract has quit IRC		17:15
*** aloga has quit IRC		17:19
*** raildo has quit IRC		17:24
kmalloc	not much can be more complex than federation demos :P	17:29
kmalloc	lbragstad, cmurphy: what IDE (if any) are you using these days?	17:29
*** dmellado has quit IRC		17:29
lbragstad	i use vi	17:29
cmurphy	kmalloc: vim	17:30
kmalloc	hmm, i guess i should look into the volume of magic to make it work like a real ide	17:30
kmalloc	i've never put much effort into that.	17:30
cmurphy	me neither	17:30
cmurphy	i don't really use ides	17:30
lbragstad	i use about 100 lines in my vimrc to get the magic	17:30
kmalloc	mostly i lean heavily on the "jump to definition" and "find all usages of" type magic	17:31
kmalloc	and... auto-complete.	17:31
kmalloc	i know that isn't a TON of magic in an ide.	17:31
lbragstad	yeah... the jump to funtionality is nice	17:31
lbragstad	http://vim.wikia.com/wiki/Vim_Tips_Wiki has some good reads	17:32
*** mchlumsky_ has quit IRC		17:35
*** mchlumsky has joined #openstack-keystone		17:37
*** germs has quit IRC		17:37
*** germs has joined #openstack-keystone		17:38
*** germs has quit IRC		17:38
*** germs has joined #openstack-keystone		17:38
*** mchlumsky has quit IRC		17:41
*** mchlumsky has joined #openstack-keystone		17:43
lbragstad	kmalloc: that thing you and zzzeek were talking about yesterday was specifically for multi-region keystone deployments?	17:49
*** r-daneel has quit IRC		18:07
*** r-daneel has joined #openstack-keystone		18:07
*** abhi89 has quit IRC		18:07
*** germs has quit IRC		18:09
*** germs has joined #openstack-keystone		18:10
*** germs has quit IRC		18:10
*** germs has joined #openstack-keystone		18:10
*** pcichy has joined #openstack-keystone		18:12
*** germs has quit IRC		18:12
*** germs has joined #openstack-keystone		18:13
*** germs has quit IRC		18:13
*** germs has joined #openstack-keystone		18:13
*** germs has quit IRC		18:17
*** germs has joined #openstack-keystone		18:17
*** germs has quit IRC		18:17
*** germs has joined #openstack-keystone		18:17
*** dklyle has joined #openstack-keystone		18:19
*** mvenesio has quit IRC		18:20
*** dklyle has quit IRC		18:21
*** mvenesio has joined #openstack-keystone		18:21
*** germs has quit IRC		18:21
*** oikiki has joined #openstack-keystone		18:24
*** dklyle has joined #openstack-keystone		18:25
*** mvenesio has quit IRC		18:25
*** sonuk has joined #openstack-keystone		18:32
*** d0ugal_ has joined #openstack-keystone		18:36
*** d0ugal has quit IRC		18:37
*** xinran__ has quit IRC		18:39
*** sonuk has quit IRC		18:43
*** mvenesio has joined #openstack-keystone		18:51
gagehugo	\o/ vim	18:53
gagehugo	atom is kinda ok too	18:54
*** dmellado has joined #openstack-keystone		18:58
*** mvenesio has quit IRC		19:00
*** raildo has joined #openstack-keystone		19:03
*** r-daneel_ has joined #openstack-keystone		19:11
*** r-daneel has quit IRC		19:11
*** r-daneel_ is now known as r-daneel		19:11
*** felipemonteiro__ has joined #openstack-keystone		19:11
*** mvk has quit IRC		19:13
*** felipemonteiro_ has quit IRC		19:15
*** spilla has joined #openstack-keystone		19:16
kmalloc	lbragstad: yea	19:20
*** links has joined #openstack-keystone		19:22
lbragstad	wow - nice.. os cloud config works with system scope	19:30
*** dklyle has quit IRC		19:40
*** links has quit IRC		19:45
*** edmondsw has joined #openstack-keystone		19:54
*** jmlowe has quit IRC		19:58
*** germs has joined #openstack-keystone		20:18
*** germs has quit IRC		20:22
*** germs has joined #openstack-keystone		20:27
*** germs has quit IRC		20:27
*** germs has joined #openstack-keystone		20:27
*** germs has quit IRC		20:27
kmalloc	noice	20:39
kmalloc	gagehugo: sadly atom required py27 =/	20:39
kmalloc	gagehugo: i was hoping to avoid py27 on my system ;)	20:40
gagehugo	yeah...	20:40
lbragstad	i'm having a hard time groking something	20:40
lbragstad	who feels like being a rubber duck?	20:40
kmalloc	wait... wut?	20:40
kmalloc	oh sure	20:41
kmalloc	bounce ideas	20:41
lbragstad	so - we have a paste pipeline	20:41
kmalloc	right...	20:41
lbragstad	https://github.com/openstack/keystone/blob/master/etc/keystone-paste.ini#L68	20:41
kmalloc	yah	20:42
lbragstad	currently build_auth_context is processed in front of token_auth	20:42
lbragstad	which calls this - https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L137	20:42
lbragstad	as far as i can tell - the variable `token` within that scope only refers to the token id	20:42
lbragstad	which is getting pulled from the header	20:43
kmalloc	sure.	20:43
*** raildo has quit IRC		20:43
lbragstad	the last bit of that method calls fill_context()	20:43
kmalloc	that is support the old admin token string thing (the process request bits and what not)	20:43
kmalloc	before fill_context	20:43
lbragstad	one of the first things we do in fill_context, is build a context object	20:44
lbragstad	https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L202	20:44
kmalloc	right.	20:44
lbragstad	and shortly after that we use the token to generate a token model, which requires a token reference	20:45
kmalloc	yes	20:45
lbragstad	https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L219	20:45
lbragstad	the part i don't get is where keystone if performing that token validation call and setting that reference in the request environment to be pulled out later	20:45
lbragstad	we don't use keystonemiddleware, which is the part the does this for other services	20:46
kmalloc	right we can't use ksm	20:46
lbragstad	there is a method called fetch_token in that same middleware, but it looks like dead code	20:47
lbragstad	we don't call it anywhere in keystone afaict	20:47
kmalloc	that is called from the super class, which is KSM's auth_token	20:48
*** dklyle has joined #openstack-keystone		20:48
kmalloc	we override for local "gets"	20:48
kmalloc	https://github.com/openstack/keystone/blob/master/keystone/middleware/auth.py#L155	20:49
kmalloc	calls the super, so KSM, which in turn is going to call fetch_token	20:49
lbragstad	ahhhh	20:50
lbragstad	wth - i totally missed that	20:50
lbragstad	and we override it because we're not an external service sitting behind keystone	20:50
kmalloc	lbragstad: yes	20:51
kmalloc	exactly	20:51
kmalloc	and because we support old-"admin" style tokens, if we didn't we would be able to eliminate a chunk more of that process_request	20:51
kmalloc	since... fetch_token is the magic part	20:51
*** jmlowe has joined #openstack-keystone		20:53
lbragstad	and it's set right here https://github.com/openstack/keystonemiddleware/blob/master/keystonemiddleware/auth_token/__init__.py#L417	20:53
lbragstad	huh	20:54
kmalloc	lbragstad: also note: https://review.openstack.org/#/c/508412/	20:54
kmalloc	we have an active "kill the token_auth" part because it's superfluous	20:55
lbragstad	that gets handled by ksm, too?	20:55
kmalloc	most of that is merged into the authcontext middleware if it isn't (by that patch)	20:56
lbragstad	oh - nevermind	20:56
lbragstad	i see it	20:56
kmalloc	yeah	20:56
lbragstad	its in the Request class	20:56
kmalloc	yep	20:56
kmalloc	token_auth filter does nothing interesting	20:56
kmalloc	it used to do a ton more	20:57
kmalloc	but we've been making our code better.	20:57
lbragstad	that makes sense	20:57
kmalloc	we still need to merge more things down imo	20:57
kmalloc	keystone should not, in any-way-shape-or-form, offer multiple middleware/filters	20:57
lbragstad	yeah... it takes a bit to wrap your head around how context is handled	20:57
kmalloc	i'm of the opinion we should just merge authcontext down into the service_3 or whatver the basic one is	20:58
lbragstad	after staring at some of the other context middleware bits of other services, it'd be nice to build context all at once	20:58
kmalloc	so keystone (the app[tm]) is everything keystone	20:58
lbragstad	sure	20:58
kmalloc	and the pipeline is really just adding external things	20:58
kmalloc	we are mostly there	20:58
kmalloc	notably, ec2 and s3 need to be merged still	20:59
lbragstad	it seemed a bit strange to build a context object and then override a bunch of stuff when the RequestContext constructor is really rich	20:59
kmalloc	and a few other things... though authcontext may need to be separate	20:59
*** pcaruana has quit IRC		20:59
kmalloc	but if we merge ec2 and s3 into service_v3, the questionis json_body	21:00
kmalloc	but i think that can come before authcontext	21:00
lbragstad	what about it?	21:00
lbragstad	just where to put it in the pipeline?	21:00
kmalloc	oh it's a keystone specific thing	21:00
kmalloc	we can merge that in too	21:00
kmalloc	we could collapse authcontext and after into service_3	21:01
*** raildo has joined #openstack-keystone		21:01
kmalloc	healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id are all external to us, right?	21:01
lbragstad	....yes	21:01
lbragstad	i believe so	21:01
kmalloc	ah url_normalize is not	21:01
lbragstad	we offer four middleware bits,	21:01
*** spilla has quit IRC		21:02
lbragstad	oh - right	21:02
kmalloc	we could probably move url_normalize after request_id	21:02
kmalloc	and merge it in as well	21:02
lbragstad	yeah - i can't imagine that ordering would be important	21:02
kmalloc	i don't see why we can't make keystone a single entry in the pipeline and anything/everything else is meant to be external	21:02
kmalloc	want me to spin up a patch to try and finish this up?	21:03
lbragstad	sure - if you don't mind	21:03
kmalloc	sure.	21:03
lbragstad	i was just tinkering with another series	21:03
kmalloc	it is effectively removing the pipeline [which... i mean we could do that too, in the grand scheme of things]	21:03
lbragstad	to give hrybacki a leg up on the default role stuff	21:03
kmalloc	honestly,if we could ditch paste all together, i'd be stoked	21:03
lbragstad	well - it is a dead project	21:04
kmalloc	exactly	21:04
kmalloc	so merge our bits together and pull in something else to glue our parts/other parts in	21:04
lbragstad	kmalloc: would that make building the context object simpler?	21:04
kmalloc	potentially.	21:04
lbragstad	not a hard requirement, just curiosu	21:04
kmalloc	but it means we can streamline a lot of things in general	21:04
kmalloc	since we control the entire entry	21:05
kmalloc	no one can wedge something in the middle to break us	21:05
lbragstad	sure	21:05
kmalloc	i am still an advocate of getting us on Flask	21:05
kmalloc	which could, in theory, simplify our context generation code.	21:06
kmalloc	since it becomes part of the flask framework [filter] instead of pulling all this stuff together ... oddly	21:06
*** spilla has joined #openstack-keystone		21:07
lbragstad	so would all this middleware get pushed into the keystone.common.wsgi.Router object?	21:07
lbragstad	or be invoked from that point?	21:07
kmalloc	i'd have to look at current-state-of-flask	21:08
kmalloc	to know	21:08
lbragstad	some where right after it comes off the pipeline and before it hits the router map?	21:08
kmalloc	yeah	21:09
lbragstad	got it, that makes sense	21:09
*** mvenesio has joined #openstack-keystone		21:10
lbragstad	regardless the system-scope process and context handling will be similar either way i think	21:10
lbragstad	https://review.openstack.org/#/c/551336/1	21:10
lbragstad	https://review.openstack.org/#/c/551336/1/keystone/middleware/auth.py@170 is what i was trying to do	21:11
kmalloc	yeah	21:12
kmalloc	that wont changemuch	21:12
lbragstad	ok	21:12
lbragstad	but more importantly (some what unrelated to middleware) this is how i'd like to try and break apart the default role tests and protection tests https://review.openstack.org/#/c/551337/3	21:13
* kmalloc goes hunting for "how I merged the filters together" patches again.		21:13
kmalloc	i know i did most of these...	21:13
kmalloc	that looks reasonable	21:14
lbragstad	which should help with the organization of it all	21:14
lbragstad	but also - it's dependent on decoupling bootstrap from the cli stuff	21:14
lbragstad	https://review.openstack.org/#/c/551337/3/keystone/tests/unit/protection/v3/test_projects.py@35	21:14
kmalloc	right	21:15
*** dmellado has quit IRC		21:15
lbragstad	so maybe i need to revisit that first	21:15
kmalloc	yeah, do the underlying work first	21:15
kmalloc	make your job easier and reviewer's jobs easier too ;)	21:15
lbragstad	right	21:16
* lbragstad makes a note to pick up https://review.openstack.org/#/c/558903/ tomorrow		21:16
lbragstad	there is a race condition in there somewhere yet	21:16
*** dave-mccowan has quit IRC		21:17
*** dmellado has joined #openstack-keystone		21:23
*** dave-mccowan has joined #openstack-keystone		21:23
*** mvenesio has quit IRC		21:24
*** dmellado has quit IRC		21:27
*** jmlowe has quit IRC		21:39
*** spilla has quit IRC		21:40
*** raildo has quit IRC		21:47
*** felipemonteiro__ has quit IRC		22:06
*** zigo has quit IRC		22:11
*** zigo has joined #openstack-keystone		22:11
*** raildo has joined #openstack-keystone		22:16
*** raildo has quit IRC		22:16
*** mvk has joined #openstack-keystone		22:32
*** threestrands has joined #openstack-keystone		22:33
*** threestrands has quit IRC		22:33
*** threestrands has joined #openstack-keystone		22:33
*** threestrands_ has joined #openstack-keystone		22:36
*** threestrands has quit IRC		22:38
*** r-daneel has quit IRC		22:43
*** dklyle has quit IRC		22:57
*** oikiki has quit IRC		23:01
*** edmondsw has quit IRC		23:10
*** edmondsw has joined #openstack-keystone		23:11
*** edmondsw has quit IRC		23:15
*** oikiki has joined #openstack-keystone		23:16
*** oikiki has quit IRC		23:17

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!