Wednesday, 2018-06-20

*** felipemonteiro has quit IRC		00:01
*** felipemonteiro has joined #openstack-keystone		00:04
*** zzzeek has quit IRC		00:05
*** zzzeek has joined #openstack-keystone		00:06
*** blake has quit IRC		00:10
*** blake has joined #openstack-keystone		00:12
*** felipemonteiro has quit IRC		00:14
*** felipemonteiro has joined #openstack-keystone		00:17
*** felipemonteiro has quit IRC		00:17
*** zzzeek has quit IRC		00:27
*** zzzeek has joined #openstack-keystone		00:29
*** blake has quit IRC		00:32
*** blake has joined #openstack-keystone		00:38
*** felipemonteiro has joined #openstack-keystone		00:41
*** Dinesh_Bhor has joined #openstack-keystone		00:43
*** blake has quit IRC		00:45
*** gyee has quit IRC		01:02
*** felipemonteiro has quit IRC		01:16
*** annp has joined #openstack-keystone		01:18
*** felipemonteiro has joined #openstack-keystone		01:31
*** mvenesio has quit IRC		01:32
*** Dinesh_Bhor has quit IRC		01:38
*** Dinesh_Bhor has joined #openstack-keystone		01:44
wxy	lbragstad: sqlite doesn't support change primary key, that's the reason I re-create the table	01:51
wxy	lbragstad: a similar case is here: https://github.com/openstack/keystone/blob/master/keystone/common/sql/migrate_repo/versions/095_add_integer_pkey_to_revocation_event_table.py#L20-L22	01:54
*** felipemonteiro has quit IRC		01:56
wxy	kmalloc: lbragstad : If I understand correctly, trigger is used for sync the old data which is newly created during upgrading to the new schema. If drop the triggers, how to deal with this case?	02:01
kmalloc	Use app-level logic to keep the data in sync for a release. Triggers are very hard to debug, are not well tested and could end up causing issues for the small number of cases that use them.	02:04
*** germs has quit IRC		02:05
kmalloc	So, keystone just writes to both places for rocky, and in stien we drop support for the old way. But defer to lbragstad if we are doing that or triggers are acceptable.	02:05
*** germs has joined #openstack-keystone		02:05
*** germs has quit IRC		02:05
*** germs has joined #openstack-keystone		02:05
kmalloc	And contract happens in stein then.	02:05
wxy	kmalloc: emm, that's a way, let the code deal with the mix version data	02:05
kmalloc	That is how I usually handle these cases, easier to test/get right. And not a shot in the dark for say pgsql (very under tested). And not fighting with sqlite to 'test' the code.	02:07
kmalloc	But again, I am not blocking triggers, I just prefer to not use them. Checking with lbragstad on the way forward is best. I'll roll with what he recommends.	02:09
wxy	kmalloc: Ok, got it.	02:10
wxy	kmalloc: and for schema change, adding PK is not allowed in sqlite. So I tried to re-create the table in my new PS.	02:12
kmalloc	Hm. That is annoying.	02:12
wxy	yeah, I tested the in-place way in my env which Lance wrote here https://etherpad.openstack.org/p/keystone-unified-limit-migration-notepad ,all works well, then I upload the PS2 in this way, but the CI tells the sqlite doesn't like it. :(	02:13
kmalloc	I can help write some sqlite specific code.	02:14
kmalloc	If needed.	02:14
kmalloc	We have done that in the past a few times, special case for upgrade test. We will get some better tests in gate. Iirc.	02:15
*** lifeless_ has quit IRC		02:15
*** germs has quit IRC		02:16
*** germs has joined #openstack-keystone		02:17
*** germs has quit IRC		02:17
*** germs has joined #openstack-keystone		02:17
*** namnh has joined #openstack-keystone		02:17
wxy	kmalloc: so you prefer to use the in-place way with specific sqlite related code?	02:18
kmalloc	That is my preference, but I can't really impose my view here as the way forward if the general consensus is "use triggers"	02:21
openstackgerrit	Merged openstack/oslo.policy master: Add examples and clarification around scope_types https://review.openstack.org/568901	02:21
wxy	kmalloc: OK, let's wait for others opinion as well. Thanks for your suggestion.	02:22
kmalloc	+(	02:23
kmalloc	++	02:23
openstackgerrit	sunguangning proposed openstack/oslo.policy master: Remove some description from oslo policy https://review.openstack.org/576683	02:51
*** zzzeek has quit IRC		03:00
*** sonuk has joined #openstack-keystone		03:01
*** zzzeek has joined #openstack-keystone		03:03
*** lifeless has joined #openstack-keystone		03:18
*** links has joined #openstack-keystone		03:23
*** hrybacki has quit IRC		03:40
*** wlmbasson has quit IRC		03:41
*** mnaser has quit IRC		03:42
*** hrybacki has joined #openstack-keystone		03:42
*** samueldmq has quit IRC		03:43
*** gmann has quit IRC		03:44
*** wlmbasson has joined #openstack-keystone		03:45
*** mnaser has joined #openstack-keystone		03:45
*** ykarel has joined #openstack-keystone		03:46
*** gmann has joined #openstack-keystone		03:46
*** samueldmq has joined #openstack-keystone		03:46
*** wolsen has quit IRC		03:47
*** zhongjun_ has quit IRC		03:48
*** mwhahaha has quit IRC		03:48
*** robcresswell has quit IRC		03:49
*** lamt has quit IRC		03:49
*** jamespage has quit IRC		03:49
*** portdirect has quit IRC		03:50
*** pas-ha has quit IRC		03:50
*** hrybacki has quit IRC		03:50
*** yikun has quit IRC		03:50
*** wxy has quit IRC		03:50
*** hogepodge has quit IRC		03:50
*** awestin1 has quit IRC		03:50
*** wlmbasson has quit IRC		03:50
*** samueldmq has quit IRC		03:51
*** tommylikehu has quit IRC		03:51
*** NobodyCam has quit IRC		03:51
*** ildikov has quit IRC		03:51
*** mnaser has quit IRC		03:51
*** gmann has quit IRC		03:51
*** kmalloc has quit IRC		03:51
*** betherly has quit IRC		03:52
adriant	out of curiosity, are they any upstream tools for testing custom policy?	03:58
*** germs has quit IRC		04:06
openstackgerrit	Chason Chan proposed openstack/python-keystoneclient master: Update IdentityProviderManager docstring https://review.openstack.org/576708	04:11
*** felipemonteiro has joined #openstack-keystone		04:20
*** openstack has joined #openstack-keystone		04:29
*** ChanServ sets mode: +o openstack		04:29
*** markvoelker has quit IRC		04:45
*** lifeless_ has joined #openstack-keystone		04:54
*** lifeless has quit IRC		04:55
*** nicolasbock has joined #openstack-keystone		04:56
*** masber has quit IRC		04:59
*** felipemonteiro has quit IRC		05:04
*** hoonetorg has quit IRC		05:09
*** hoonetorg has joined #openstack-keystone		05:10
*** zhongjun_ has joined #openstack-keystone		05:21
*** ildikov has joined #openstack-keystone		05:24
*** wlmbasson has joined #openstack-keystone		05:24
*** lamt has joined #openstack-keystone		05:25
*** lamt is now known as Guest81540		05:26
*** NobodyCam has joined #openstack-keystone		05:27
*** mwhahaha has joined #openstack-keystone		05:28
*** yikun has joined #openstack-keystone		05:29
*** jamespage has joined #openstack-keystone		05:29
*** hrybacki has joined #openstack-keystone		05:30
*** wxy has joined #openstack-keystone		05:32
*** pas-ha has joined #openstack-keystone		05:32
*** betherly_ has joined #openstack-keystone		05:34
*** awestin1 has joined #openstack-keystone		05:34
*** quiquell\|off is now known as quiquell\|rover		05:34
*** kmalloc has joined #openstack-keystone		05:40
*** gmann has joined #openstack-keystone		05:40
*** mnaser has joined #openstack-keystone		05:42
*** mnaser has quit IRC		05:51
*** wlmbasson has quit IRC		05:51
*** robcresswell has joined #openstack-keystone		05:53
*** yikun has quit IRC		05:55
*** gmann has quit IRC		05:55
*** hrybacki has quit IRC		05:55
*** mwhahaha has quit IRC		05:56
*** kmalloc has quit IRC		05:56
*** Guest81540 has quit IRC		05:57
*** jamespage has quit IRC		05:57
*** zhongjun_ has quit IRC		05:57
*** ildikov has quit IRC		05:57
*** awestin1 has quit IRC		05:57
*** NobodyCam has quit IRC		05:57
*** robcresswell has quit IRC		05:58
*** pas-ha has quit IRC		05:58
*** wxy has quit IRC		05:58
*** betherly_ has quit IRC		05:58
*** dims has quit IRC		06:09
*** dims has joined #openstack-keystone		06:10
*** mnaser has joined #openstack-keystone		06:10
*** gmann has joined #openstack-keystone		06:12
*** dims has quit IRC		06:16
*** dims has joined #openstack-keystone		06:17
*** hrybacki has joined #openstack-keystone		06:17
*** wlmbasson has joined #openstack-keystone		06:17
*** samueldmq has joined #openstack-keystone		06:19
*** wxy has joined #openstack-keystone		06:20
*** Guest81540 has joined #openstack-keystone		06:21
*** yikun has joined #openstack-keystone		06:21
*** NobodyCam has joined #openstack-keystone		06:21
*** pas-ha has joined #openstack-keystone		06:21
*** jamespage has joined #openstack-keystone		06:21
*** jamespage has quit IRC		06:21
*** jamespage has joined #openstack-keystone		06:21
*** portdirect has joined #openstack-keystone		06:21
*** NobodyCam has quit IRC		06:21
*** NobodyCam has joined #openstack-keystone		06:21
*** betherly_ has joined #openstack-keystone		06:21
*** jamespage has quit IRC		06:21
*** jamespage has joined #openstack-keystone		06:21
*** portdirect has quit IRC		06:21
*** portdirect has joined #openstack-keystone		06:21
*** pas-ha has quit IRC		06:22
*** pas-ha has joined #openstack-keystone		06:22
*** jamespage has quit IRC		06:22
*** jamespage has joined #openstack-keystone		06:22
*** zhongjun_ has joined #openstack-keystone		06:23
*** kmalloc has joined #openstack-keystone		06:23
*** awestin1 has joined #openstack-keystone		06:23
*** d34dh0r53 has quit IRC		06:24
*** d34dh0r53 has joined #openstack-keystone		06:24
*** mwhahaha has joined #openstack-keystone		06:25
*** robcresswell has joined #openstack-keystone		06:26
*** ildikov has joined #openstack-keystone		06:26
*** ykarel_ has joined #openstack-keystone		06:33
*** sonuk has quit IRC		06:34
*** ykarel has quit IRC		06:36
*** ykarel__ has joined #openstack-keystone		06:42
*** ykarel_ has quit IRC		06:42
*** ykarel__ is now known as ykarel		06:43
*** markvoelker has joined #openstack-keystone		06:46
*** Dinesh_Bhor has quit IRC		06:48
*** Dinesh_Bhor has joined #openstack-keystone		06:49
*** tommylikehu has joined #openstack-keystone		06:53
*** wolsen has joined #openstack-keystone		06:55
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement base for new RBAC Enforcer https://review.openstack.org/576639	07:00
*** quiquell\|rover is now known as quique\|rover\|afk		07:00
*** hogepodge has joined #openstack-keystone		07:00
*** martinus__ has joined #openstack-keystone		07:01
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement base for new RBAC Enforcer https://review.openstack.org/576639	07:02
*** ispp has joined #openstack-keystone		07:03
*** tesseract has joined #openstack-keystone		07:04
*** ispp has quit IRC		07:18
*** markvoelker has quit IRC		07:21
*** amoralej\|off is now known as amoralej		07:21
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Add Flask-RESTful as a requirement https://review.openstack.org/574414	07:24
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement scaffolding for Flask-RESTful use https://review.openstack.org/574415	07:24
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Keystone adheres to public_endpoint opt only https://review.openstack.org/574502	07:24
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Convert json_home and version discovery to Flask https://review.openstack.org/574736	07:24
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Add support for before and after request functions https://review.openstack.org/576637	07:25
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement base for new RBAC Enforcer https://review.openstack.org/576639	07:25
cmurphy	adriant: https://docs.openstack.org/patrole/latest/	07:27
*** tosky has joined #openstack-keystone		07:30
*** sonuk has joined #openstack-keystone		07:34
*** quique\|rover\|afk is now known as quiquell\|rover		07:36
*** AlexeyAbashkin has joined #openstack-keystone		07:49
openstackgerrit	wangxiyuan proposed openstack/keystone master: Strict two level hierarchical limit https://review.openstack.org/557696	07:51
*** nicolasbock has quit IRC		07:58
*** rcernin has quit IRC		08:03
*** jistr is now known as jistr\|mtg		08:07
*** ispp has joined #openstack-keystone		08:08
*** peereb has joined #openstack-keystone		08:09
*** pcaruana has joined #openstack-keystone		08:11
*** peereb has quit IRC		08:14
*** peereb has joined #openstack-keystone		08:15
*** peereb has quit IRC		08:16
*** peereb has joined #openstack-keystone		08:16
*** ykarel_ has joined #openstack-keystone		08:17
*** peereb has quit IRC		08:17
*** markvoelker has joined #openstack-keystone		08:18
*** peereb has joined #openstack-keystone		08:18
*** peereb has quit IRC		08:19
*** peereb has joined #openstack-keystone		08:19
*** ykarel has quit IRC		08:20
*** peereb has quit IRC		08:20
*** peereb has joined #openstack-keystone		08:21
*** peereb has quit IRC		08:21
*** pcichy has quit IRC		08:29
*** s10 has joined #openstack-keystone		08:35
*** nicolasbock has joined #openstack-keystone		08:41
*** ykarel_ is now known as ykarel\|lunch		08:48
*** markvoelker has quit IRC		08:52
*** rcernin has joined #openstack-keystone		08:54
*** s10 has quit IRC		09:04
*** ykarel_ has joined #openstack-keystone		09:11
*** jistr\|mtg is now known as jistr		09:12
*** ykarel\|lunch has quit IRC		09:13
*** lifeless_ has quit IRC		09:27
*** lifeless has joined #openstack-keystone		09:29
*** ykarel_ has quit IRC		09:35
*** ykarel_ has joined #openstack-keystone		09:35
*** deepak_mourya has joined #openstack-keystone		09:40
*** aojea_ has joined #openstack-keystone		09:42
*** Dinesh_Bhor has quit IRC		09:46
*** aojea_ has quit IRC		09:47
*** namnh has quit IRC		09:49
deepak_mourya	hi, https://bugs.launchpad.net/keystone/+bug/1777671 in this bug what exactly we need to do?	09:54
openstack	Launchpad bug 1777671 in OpenStack Identity (keystone) "Incorrect use of translation _()" [Medium,Triaged] - Assigned to Deepak Mourya (mourya007)	09:54
*** rcernin has quit IRC		09:56
*** annp has quit IRC		09:58
*** ykarel__ has joined #openstack-keystone		09:59
*** ykarel_ has quit IRC		10:02
*** ykarel__ is now known as ykarel		10:04
*** cristicalin has joined #openstack-keystone		10:18
cmurphy	deepak_mourya: here's an example of what needs to be fixed: http://git.openstack.org/cgit/openstack/keystone/tree/keystone/auth/core.py#n170	10:26
cmurphy	the string is being marked for translation with _() and then being passed to both the LOG and the exception	10:26
cmurphy	but we don't actually want to have the string for the LOG translated, only for the exception	10:26
cmurphy	so it should change to something like msg = 'Domain name cannot contain reserved characters.' ; LOG.warning(msg) ; raise exception.Unauthorized(message=_(msg))	10:27
deepak_mourya	cmurphy: ok got it now	10:28
deepak_mourya	Thanks for the reply	10:28
cmurphy	no problem	10:28
*** cristicalin has quit IRC		10:37
*** markvoelker has joined #openstack-keystone		10:48
*** cristicalin has joined #openstack-keystone		10:48
*** cristicalin has quit IRC		10:53
*** jaosorior has quit IRC		10:56
*** belmoreira has joined #openstack-keystone		10:57
*** quiquell\|rover is now known as quiquell\|rover\|b		11:03
*** quiquell\|rover\|b is now known as quique\|rover\|bbl		11:03
*** quique\|rover\|bbl has quit IRC		11:09
*** cristicalin has joined #openstack-keystone		11:20
*** amoralej is now known as amoralej\|out		11:20
*** raildo has joined #openstack-keystone		11:21
*** markvoelker has quit IRC		11:22
*** cristicalin has quit IRC		11:25
*** jaosorior has joined #openstack-keystone		11:36
*** cristicalin has joined #openstack-keystone		11:51
*** cristicalin has quit IRC		11:56
*** germs has joined #openstack-keystone		12:09
*** sonuk has quit IRC		12:09
*** cristicalin has joined #openstack-keystone		12:11
*** germs has quit IRC		12:14
*** ykarel_ has joined #openstack-keystone		12:17
*** markvoelker has joined #openstack-keystone		12:19
*** ykarel has quit IRC		12:19
*** markvoelker has quit IRC		12:22
*** markvoelker has joined #openstack-keystone		12:22
*** cristicalin has quit IRC		12:29
*** kman has joined #openstack-keystone		12:29
*** zhongjun_ has quit IRC		12:29
*** kman has quit IRC		12:38
knikolla	o/	12:39
*** ykarel_ is now known as ykarel		12:50
*** edmondsw has joined #openstack-keystone		12:52
*** ispp has quit IRC		13:07
*** amoralej\|out is now known as amoralej		13:07
*** ispp has joined #openstack-keystone		13:10
lbragstad	this is a good documentation patch if anyone is interested https://review.openstack.org/#/c/569741/	13:32
*** jaosorior has quit IRC		13:42
kmalloc	cmurphy: :)	13:43
*** ykarel has quit IRC		13:44
cmurphy	kmalloc: sup	13:44
*** ykarel has joined #openstack-keystone		13:44
kmalloc	good morning!	13:45
cmurphy	good afternoon!	13:46
kmalloc	or evening... or whatever it is wherever you are	13:46
* kmalloc is pre-coffee.		13:46
kmalloc	lbragstad: i think i've done a reasonable job breaking down @protected and what we're extracting so a proper .enforce_call can be made. https://git.openstack.org/cgit/openstack/keystone/tree/keystone/common/rbac_enforcer/enforcer.py?h=refs/changes/39/576639/4#n157	13:47
kmalloc	lbragstad: it's not done, but it's on it's way.	13:47
lbragstad	sounds good	13:48
kmalloc	ayoung, adriant: ^ cc, just because i know you tried to take a stab at diving into @protected as well	13:48
lbragstad	i can start looking at that today or tomorrow	13:48
kmalloc	this is very flask-specific.	13:48
kmalloc	yeah just a "hey does this make sense" pass	13:48
kmalloc	is fine, because if it looks better than @protected, i've done something right.	13:48
*** PsionTheory has joined #openstack-keystone		13:49
lbragstad	yeah - that's my main goal	13:49
lbragstad	if we can remove @protected in favor of something that puts the authorization logic closer to business code	13:49
lbragstad	or makes authorization logic more clean/clear i think that'll be a big win	13:50
lbragstad	which will also be super handy for the default roles + scope types work	13:52
kmalloc	yeah.	13:52
kmalloc	the docstrings need further expansion too.	13:52
kmalloc	and we can add another wrapper syntactic sugar-style to it on top of enforce_call	13:52
kmalloc	but i am feeling much better about the enforcer having spent a ton of time diving into @protected and trying to understand the dense craziness.	13:53
lbragstad	yeah - it's intense	13:54
*** ykarel is now known as ykarel\|afk		13:56
*** david-lyle has joined #openstack-keystone		13:57
*** dklyle has quit IRC		13:57
*** ispp has quit IRC		13:58
*** ispp has joined #openstack-keystone		14:01
*** ispp has quit IRC		14:01
*** ispp has joined #openstack-keystone		14:01
lbragstad	going back to the database migration discussions we were having yesterday	14:07
lbragstad	i _think_ we'll need three migrations	14:07
lbragstad	1. for auto-incrementing primary keys in registered limits	14:07
lbragstad	2. for auto-incrementing primary keys in limits	14:07
lbragstad	3. for reducing duplicate data between limit and registered limit tables	14:08
lbragstad	i think we're at a point with the notes in https://etherpad.openstack.org/p/keystone-unified-limit-migration-notepad that we can probably move them to bugs instead	14:10
*** germs has joined #openstack-keystone		14:10
*** germs has quit IRC		14:10
*** germs has joined #openstack-keystone		14:10
*** ykarel\|afk is now known as ykarel		14:13
*** ayoung has quit IRC		14:14
*** spilla has joined #openstack-keystone		14:15
*** germs has quit IRC		14:16
lbragstad	https://bugs.launchpad.net/keystone/+bug/1777892	14:23
openstack	Launchpad bug 1777892 in OpenStack Identity (keystone) "Reduce duplicate data between unified limit tables" [Medium,Triaged]	14:23
*** ayoung has joined #openstack-keystone		14:30
lbragstad	https://bugs.launchpad.net/keystone/+bug/1777893	14:30
openstack	Launchpad bug 1777893 in OpenStack Identity (keystone) "Limit and registered limit tables should auto-increment primary keys" [Medium,Triaged]	14:30
lbragstad	cmurphy: would i be able to get your eyes on https://review.openstack.org/#/c/571309/ whenever you have a minute?	14:40
cmurphy	lbragstad: looking	14:40
lbragstad	it should be all squared away per your last set of comments	14:41
hrybacki	o/	14:43
*** Guest81540 is now known as lamt		14:46
cmurphy	lbragstad: lgtm!	14:48
lbragstad	thanks cmurphy	14:48
*** ispp has quit IRC		14:55
*** david-lyle has quit IRC		14:56
*** dklyle has joined #openstack-keystone		15:01
*** ispp has joined #openstack-keystone		15:06
*** felipemonteiro has joined #openstack-keystone		15:11
kmalloc	lbragstad: i also advised wxy to confirm with you the direction we're going, trigger or not	15:12
kmalloc	lbragstad: i will stand behind whichever is the end choice, but i've made my opinion clear	15:12
lbragstad	sure - it's a big part of the reason why i wanted to write down a couple of the approachs	15:13
*** belmoreira has quit IRC		15:13
lbragstad	i'd like more feedback on it	15:13
lbragstad	and it's probably easier for people to parse if they have something they can look at	15:13
kmalloc	yep.	15:13
lbragstad	but yeah... it's hard problem	15:13
*** felipemonteiro has quit IRC		15:14
*** germs has joined #openstack-keystone		15:16
*** germs has quit IRC		15:16
*** germs has joined #openstack-keystone		15:16
*** germs has quit IRC		15:16
*** felipemonteiro has joined #openstack-keystone		15:17
*** felipemonteiro has quit IRC		15:18
*** germs has joined #openstack-keystone		15:19
*** germs has quit IRC		15:19
*** germs has joined #openstack-keystone		15:19
gagehugo	o/	15:22
*** PsionTheory has quit IRC		15:27
*** felipemonteiro has joined #openstack-keystone		15:33
*** felipemonteiro has quit IRC		15:34
*** belmoreira has joined #openstack-keystone		15:37
*** felipemonteiro has joined #openstack-keystone		15:38
*** belmoreira has quit IRC		15:38
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Simplify the issue token code path https://review.openstack.org/545450	15:40
lbragstad	kmalloc: ^	15:40
kmalloc	nice	15:41
*** links has quit IRC		15:41
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Add support for before and after request functions https://review.openstack.org/576637	15:42
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement base for new RBAC Enforcer https://review.openstack.org/576639	15:42
kmalloc	lbragstad: ok and that should now be passing tests.	15:43
lbragstad	sweet	15:43
kmalloc	the enforcer is not done, but it's at least got parity with today	15:43
kmalloc	probably another hour of coding and then an hour of test writing [might spin the tests up in a followup for the new enforcer] just to keep reviewability (too much code at once is hard)	15:44
kmalloc	lbragstad: i knew flask was going to be a rabbit hole... but FFS :P	15:44
kmalloc	once the enforcer is ready i'll be able to start moving apis to keystone.api	15:45
lbragstad	that last patch i pushed is in merge conflict, but i should have a cleaned up version here in a minute...	15:58
kmalloc	np, i need to run for some errands, be back around noon	15:59
kmalloc	(pacific)	15:59
lbragstad	ack	15:59
*** r-daneel has joined #openstack-keystone		16:00
*** felipemonteiro has quit IRC		16:09
*** felipemonteiro has joined #openstack-keystone		16:12
*** felipemonteiro has quit IRC		16:14
*** ispp has quit IRC		16:15
*** felipemonteiro has joined #openstack-keystone		16:15
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Introduce new TokenModel object https://review.openstack.org/559129	16:16
openstackgerrit	Lance Bragstad proposed openstack/keystone master: Simplify the issue token code path https://review.openstack.org/545450	16:16
lbragstad	had to wipe the +2 off of ^ :(	16:16
*** ayoung has quit IRC		16:17
*** gyee has joined #openstack-keystone		16:21
* lbragstad goes for a run		16:21
lbragstad	bbiab	16:22
*** ykarel is now known as ykarel\|away		16:24
*** tesseract has quit IRC		16:34
*** felipemonteiro has quit IRC		16:38
*** felipemonteiro has joined #openstack-keystone		16:40
openstackgerrit	Merged openstack/keystone master: Api-ref: Refresh the Update APIs for limits https://review.openstack.org/569741	16:43
*** felipemonteiro has quit IRC		16:54
*** felipemonteiro has joined #openstack-keystone		17:01
*** felipemonteiro has quit IRC		17:04
*** felipemonteiro has joined #openstack-keystone		17:07
*** felipemonteiro has quit IRC		17:17
*** AlexeyAbashkin has quit IRC		17:23
*** ykarel\|away has quit IRC		17:25
*** amoralej is now known as amoralej\|off		17:27
*** rmascena has joined #openstack-keystone		17:28
*** raildo has quit IRC		17:32
*** links has joined #openstack-keystone		17:37
*** links has quit IRC		17:39
*** links has joined #openstack-keystone		17:39
*** fiddletwix has joined #openstack-keystone		17:40
*** SpamapS has quit IRC		17:46
*** felipemonteiro has joined #openstack-keystone		18:07
*** links has quit IRC		18:11
*** links has joined #openstack-keystone		18:12
*** links has quit IRC		18:14
openstackgerrit	Pavlo Shchelokovskyy proposed openstack/keystone master: Filter by entity_type in get_domain_mapping_list https://review.openstack.org/572446	18:19
*** felipemonteiro has quit IRC		18:22
*** felipemonteiro has joined #openstack-keystone		18:23
*** felipemonteiro has quit IRC		18:26
*** felipemonteiro has joined #openstack-keystone		18:26
*** itlinux has joined #openstack-keystone		18:27
*** germs has quit IRC		18:30
*** germs has joined #openstack-keystone		18:30
*** germs has quit IRC		18:30
*** germs has joined #openstack-keystone		18:31
*** germs has quit IRC		18:31
*** germs has joined #openstack-keystone		18:31
*** r-daneel has quit IRC		18:48
*** r-daneel has joined #openstack-keystone		18:51
lbragstad	i'm noticing something super weird with caching	18:51
lbragstad	i have a token model handler that serializes token objects to dictionary before caching them	18:53
lbragstad	and then it deserializes the data back to token model objects on cache hits	18:54
lbragstad	i can confirm that a token is getting serialized, which means it's getting put in cache	18:54
lbragstad	but when it is deserialized, bit'	18:54
lbragstad	s/bit'//	18:54
lbragstad	it only executes like halfway through the deserialization	18:55
ildikov	knikolla: hi	18:56
ildikov	knikolla: I read through the spec you linked in yesterday quickly for the Devstack plugin and test work	18:56
ildikov	knikolla: is it tracked anywhere what's done and what's in flight/todo?	18:56
*** lifeless has quit IRC		19:00
*** aojea_ has joined #openstack-keystone		19:03
kmalloc	lbragstad: back	19:04
kmalloc	lbragstad: this the context cache?	19:07
kmalloc	lbragstad: or the main cache?	19:07
kmalloc	lbragstad: it might need a msgpack deserializer	19:08
kmalloc	lbragstad: can you post what you have and i'll take a look	19:09
*** r-daneel_ has joined #openstack-keystone		19:11
lbragstad	yeah	19:11
*** r-daneel has quit IRC		19:11
*** r-daneel_ is now known as r-daneel		19:11
lbragstad	i'll post a wip of what i have	19:11
*** aojea_ has quit IRC		19:16
lbragstad	ok - these are the changes i've made http://paste.openstack.org/show/723952/	19:28
lbragstad	this is the failure with logging - http://paste.openstack.org/show/723953/	19:28
*** rmascena is now known as raildo		19:30
openstackgerrit	Morgan Fainberg proposed openstack/keystone master: Implement base for new RBAC Enforcer https://review.openstack.org/576639	19:33
kmalloc	lbragstad: ^ fyi, code complete, needs tests.	19:34
kmalloc	looking at your issue now	19:34
lbragstad	sweet	19:34
lbragstad	fyi - this is the test case that it's failing on https://git.openstack.org/cgit/openstack/keystone/tree/keystone/tests/unit/test_v3_protection.py#n1681	19:36
kmalloc	interesting: Traceback (most recent call last):	19:36
kmalloc	File "keystone/token/provider.py", line 170, in _is_valid_token	19:36
kmalloc	token_data = token.get('token', token.get('access'))	19:36
kmalloc	AttributeError: 'TokenModel' object has no attribute 'get'	19:36
lbragstad	right - did you see the handler code?	19:36
kmalloc	it's making an assumption you're dealing with a dict.	19:36
lbragstad	the authentication code it using the token model	19:37
lbragstad	the validation code is using the token reference (the old way)	19:37
kmalloc	ah	19:37
kmalloc	brb, dog needs to not explode inside	19:38
kmalloc	sorry	19:38
lbragstad	so - technically the token validation code assuming that's a dictionary is correct (for now)	19:38
lbragstad	now worries	19:38
lbragstad	no*	19:38
*** Deknos has joined #openstack-keystone		19:39
kmalloc	the log doesn't ever show deserializing	19:41
lbragstad	weird, right?	19:41
kmalloc	dog wants to play "chase me" instead of "go out"	19:41
lbragstad	even though it says it's been serialized and whatnot	19:41
kmalloc	so, nope. not chasing a dog around.	19:41
*** Deknos has left #openstack-keystone		19:41
lbragstad	that sounds like a fun game	19:42
*** lifeless has joined #openstack-keystone		19:49
kmalloc	near dogsplosion	19:56
kmalloc	ok back	19:56
kmalloc	sooo	19:56
*** spilla has quit IRC		19:56
kmalloc	lbragstad: uhm	20:06
lbragstad	weird, right?	20:07
kmalloc	lbragstad: so, humor me...	20:07
kmalloc	i think you're never hitting a deserialization event	20:07
lbragstad	i would agree	20:07
lbragstad	it's never actually getting to that method	20:07
lbragstad	in _TokenModelHandler	20:07
kmalloc	you're failing before you hit deserialize	20:08
kmalloc	in self.get('/auth/tokens', token=admin_token,	20:08
kmalloc	headers={'X-Subject-Token': user_token})	20:08
kmalloc	you've only requested each token a single time until that point	20:08
*** r-daneel has quit IRC		20:08
kmalloc	the context cache wont deserialize unless you get into "get" token.	20:09
lbragstad	right - that makes sense	20:09
kmalloc	you're not getting far enough for the context cache to work, so, caching is not even involved yet	20:09
*** r-daneel has joined #openstack-keystone		20:09
*** boris_42_ has joined #openstack-keystone		20:10
kmalloc	Traceback (most recent call last):	20:10
kmalloc	File "keystone/token/provider.py", line 170, in _is_valid_token	20:10
kmalloc	token_data = token.get('token', token.get('access'))	20:10
kmalloc	AttributeError: 'TokenModel' object has no attribute 'get'	20:10
kmalloc	that is before you get to the deserialize point [somehow]	20:10
lbragstad	yeah...	20:10
lbragstad	hmm	20:10
kmalloc	Unexpected error or malformed token determining token expiry: <TokenModel (audit_id=YPE8qN_qTTuTdAOC-djoMA, audit_chain_id=[u'YPE8qN_qTTuTdAOC-djoMA']) at 0x7fb9a2c5f610>	20:11
kmalloc	soooo	20:11
lbragstad	are we validating a freshly issued token?	20:11
kmalloc	we haven't validated a token at all	20:11
kmalloc	just issued	20:11
lbragstad	right - if what you're saying is true	20:11
lbragstad	we haven't issued the user's token back to them yet...	20:12
kmalloc	even if we had	20:12
kmalloc	context cache is memoization	20:12
kmalloc	meaning it is specific to the validate call	20:12
kmalloc	if you don't call "validate" we aren't caching	20:12
lbragstad	we cache tokens on issue	20:12
kmalloc	then our on-issue cache may be wonky	20:13
lbragstad	it was a thing amakarov implemented a while back	20:13
lbragstad	https://git.openstack.org/cgit/openstack/keystone/tree/keystone/token/provider.py#n173	20:13
kmalloc	yeah... that doesn't look quite right to me	20:14
kmalloc	self._validate_token.set(token_data, TOKENS_REGION, token_id)	20:14
kmalloc	sec.	20:14
kmalloc	yeah that isn't caching anything useful	20:14
kmalloc	it's setting the cache key to the TOKENS_REGION	20:14
kmalloc	which is a bogus cache-key	20:15
kmalloc	basically that code just wastes memory	20:15
kmalloc	both in memcache and in local context	20:15
lbragstad	because it stuff things in that can't result in hits?	20:15
kmalloc	because TOKENS_REGION object isn't a valid cache key	20:16
kmalloc	nothing would ever look that up	20:16
lbragstad	damn	20:16
kmalloc	there is a reason we typically don't use .set()	20:16
lbragstad	what's the method signature for set?	20:16
kmalloc	you have to generate the cache-key with args that look like what _validate would be called with	20:16
lbragstad	set()?	20:16
lbragstad	which should be the token id	20:17
kmalloc	.set(self, key, value)	20:17
kmalloc	where the key is a mangled set of "method, args, etc" run through a sha1	20:17
lbragstad	oh - it doesn't look like we're doing that...	20:17
kmalloc	let me confirm, it may do some cache-key work	20:18
kmalloc	but it for-sure doesn't work with TOKENS_REGION	20:18
kmalloc	as the value	20:18
lbragstad	if you're right about the method signature	20:19
lbragstad	shouldn't it be	20:19
lbragstad	self._validate_token.set(TOKEN_REGION, token.id, token)	20:19
lbragstad	https://review.openstack.org/#/c/309146/	20:20
kmalloc	https://www.irccloud.com/pastebin/BuxcIEpz/	20:20
kmalloc	so maybe it's right...	20:20
kmalloc	but... hold on	20:21
openstackgerrit	Merged openstack/python-keystoneclient master: Add support for registered limits https://review.openstack.org/537668	20:21
kmalloc	hm.	20:21
kmalloc	no, it likely should be self._validate_token.set(token, self, token.id)	20:22
kmalloc	sorry my dogpile foo is a little rusty	20:22
lbragstad	ok	20:22
kmalloc	yeah	20:23
kmalloc	if MEMOIZE.should_cache(ret):	20:23
kmalloc	self.get_project.set(ret, self, project_id)	20:23
kmalloc	self.get_project_by_name.set(ret, self, ret['name'],	20:23
kmalloc	ret['domain_id'])	20:23
kmalloc	return ret	20:23
kmalloc	that is an example	20:23
kmalloc	swaping TOKEN_REGION for self should fix that	20:23
kmalloc	and get you deserializing and actually getting pre-seeded caches	20:23
lbragstad	ok	20:23
kmalloc	right now every single token issued simply caches in the same key	20:23
kmalloc	:P	20:24
kmalloc	over and over and over	20:24
lbragstad	let me give that a shot quick	20:24
lbragstad	and that sounds like a bug	20:24
kmalloc	yeah it is a bug	20:24
kmalloc	and proof that this code was never actually tested	20:24
lbragstad	which would pretty much negate the enitre benefit of that feature	20:24
kmalloc	yep.	20:24
kmalloc	testing the cache is hard	20:24
kmalloc	there is a reason very few of us tend to write cache code.	20:24
kmalloc	which reminds me, i need to unwind the broken config thing soon	20:25
kmalloc	will do that in a few.	20:25
lbragstad	mmmm	20:26
kmalloc	ok let me look at the blame... i think we never had a test implemented for caching code	20:27
kmalloc	i think that needs to be a rule, cache code MUST always have expanded testing	20:27
lbragstad	we're still not hitting the deserialization	20:27
lbragstad	http://paste.openstack.org/show/723962/	20:28
lbragstad	changes http://paste.openstack.org/show/723963/	20:28
lbragstad	test changes - http://paste.openstack.org/show/723966/	20:30
*** aojea has joined #openstack-keystone		20:31
lbragstad	new logs - http://paste.openstack.org/show/723965/	20:31
lbragstad	huh - so it is blowing up in the GET /v3/auth/tokens call on the admin token	20:33
openstackgerrit	Merged openstack/python-keystoneclient master: Add support for project-specific limits https://review.openstack.org/574391	20:33
kmalloc	right	20:33
kmalloc	and it's still not deserializing	20:34
lbragstad	yeah	20:34
kmalloc	I don't think it's even getting to .validate	20:34
kmalloc	i don't see a "missed" anywhere in your log	20:35
lbragstad	nope - because it's hitting the cache	20:35
lbragstad	but not deserializing	20:35
lbragstad	0.o	20:35
*** martinus__ has quit IRC		20:35
kmalloc	uhm.	20:35
*** felipemonteiro has quit IRC		20:35
kmalloc	is it hitting the cache?	20:35
lbragstad	it has to be	20:35
kmalloc	do me a favor, lets do some exception debugging.	20:36
lbragstad	http://paste.openstack.org/show/723967/	20:36
kmalloc	https://www.irccloud.com/pastebin/9vgqFE2F/	20:36
kmalloc	add in an explicit get	20:36
kmalloc	self._validate_token.get(self, token.id)	20:36
kmalloc	and pprint that	20:36
kmalloc	erm...	20:36
lbragstad	where do you want that?	20:37
kmalloc	right after the set	20:37
kmalloc	let's compare the results	20:37
kmalloc	compared to token/token_data and the return of .get()	20:38
lbragstad	interesting	20:38
lbragstad	http://paste.openstack.org/show/723968/	20:38
lbragstad	http://paste.openstack.org/show/723969/	20:39
lbragstad	^ changes	20:39
kmalloc	well that clearly shows bugs in the deserializing code	20:40
lbragstad	it's failing because i did something wrong in deserialize	20:40
kmalloc	that is a start.	20:40
lbragstad	so - that proves something	20:40
lbragstad	which is that it's getting set in cache	20:40
kmalloc	the next thing to try is: call ._validate directly and compare .get() and ._validate responses	20:40
lbragstad	with self._validate_token.set(token, self, token.id)	20:40
kmalloc	once you have deserialize working	20:40
*** pcaruana has quit IRC		20:41
kmalloc	you should write a test for the handler	20:43
lbragstad	fixed deserialization	20:43
kmalloc	that just does serialize/deserialize of a rendered token	20:43
kmalloc	to ensure changes don't break it	20:43
kmalloc	iirc i did that with the revoke handler	20:43
lbragstad	http://paste.openstack.org/show/723970/	20:43
kmalloc	and that is just doing .get() then ._validate(token.id) ?	20:44
lbragstad	yeah - it's just calling .get() right after it manually sets the token on the _validate_token() method	20:44
kmalloc	i notice two deserializations now	20:45
lbragstad	yeah - because the test is authenticating for two tokens	20:45
lbragstad	the admin_token and the user_token	20:45
kmalloc	ah right.	20:45
lbragstad	but the main issue still exists (where TokenModel is somehow getting in the mix in the validate token path)	20:45
kmalloc	ok now right below the .get call self._validate(token_id)	20:45
kmalloc	and see if it hits the cache	20:46
kmalloc	we can also enable cache-debugging (and show the generated keys)	20:46
lbragstad	http://paste.openstack.org/show/723971/	20:47
lbragstad	deserialized twice, one for each token	20:47
lbragstad	so self._validate_token(token.id) is working	20:47
kmalloc	yep	20:48
kmalloc	thats good news(tm)	20:48
kmalloc	that clearly means we're not populating bad cache now	20:49
kmalloc	ok, but we're still failing.	20:49
lbragstad	because "somehow" validate is getting a TokenModel when it should be getting a dictionary	20:49
kmalloc	yup	20:50
lbragstad	which is still blowing my mind...	20:50
kmalloc	and it's def. not cache related [or well, not "context-cache/validate cache"]	20:50
kmalloc	let me see the whole diff again?	20:50
lbragstad	http://paste.openstack.org/show/723972/	20:50
*** raildo has quit IRC		20:53
*** markguz has joined #openstack-keystone		20:56
lbragstad	note that diff is on top of https://review.openstack.org/#/c/545450/10	20:58
markguz	hi. Just updated to Ocata from Newton, auth stopped working and seeing this error in the logs TypeError: __call__() got an unexpected keyword argument 'default_config_dirs'	20:58
markguz	anyone seen that before?	20:58
markguz	cant find any reference to default_config_dirs in any config files	20:58
kmalloc	lbragstad: so, ._validate is in-fact returning a tokenmodel now	20:59
kmalloc	lbragstad: and you're erroring in .is_valid_token	20:59
lbragstad	yep	20:59
lbragstad	markguz: do you have a whole trace?	20:59
kmalloc	lbragstad: fix is_valid token, the pprint for deserialization may just be getting lost in a flush.	21:00
markguz	lbragstad: http://paste.openstack.org/show/723973/	21:01
kmalloc	lbragstad: my typical view on caching is also: disable caching and see if it works first	21:01
kmalloc	once that works, enable caching again	21:01
kmalloc	markguz: that sounds like some code mismatch of some sort.	21:03
kmalloc	markguz: how was the upgrade performed? [out of curiosity]	21:03
markguz	kmalloc: https://www.rdoproject.org/install/upgrading-rdo-3/	21:04
kmalloc	hmm.	21:05
kmalloc	because default_config_dirs was an option added somewhere along the line.	21:05
kmalloc	it's like the option is being passed to an older [unaware] version of keystone	21:06
markguz	kmalloc: only one keystone running	21:07
kmalloc	right.	21:07
kmalloc	did keystone properly shutdown before the upgrade?	21:08
markguz	yup	21:08
kmalloc	i could see something being weird if some code was still running in mod_wsgi.	21:08
kmalloc	lbragstad: i've never seen that error before.	21:08
lbragstad	me either	21:09
cmurphy	default_config_dirs was added to oslo.confg in ocata so you need to make sure oslo.config is up to date	21:09
markguz	cmurphy: i need to add that option?	21:10
kmalloc	ooh	21:10
lbragstad	just upgrade oslo.config?	21:10
kmalloc	that could do it. thanks cmurphy	21:10
cmurphy	markguz: no, you need to make sure the oslo.config package is on ocata	21:10
markguz	ahhhh	21:10
lbragstad	yeah no kidding, good call cmurphy	21:10
cmurphy	version 3.20.0 at least it looks like	21:10
markguz	yeah that would do it	21:10
kmalloc	lbragstad: yeah might be that oslo.config package was out of date.	21:10
kmalloc	markguz: cmurphy swoops in and saves the day. it's her super power :)	21:11
kmalloc	(well one of them)	21:11
cmurphy	^.^	21:11
markguz	yeah that was not updated. think rdo need to put that in the update page	21:11
lbragstad	https://git.openstack.org/cgit/openstack/keystone/tree/requirements.txt?h=stable/ocata#n25	21:11
kmalloc	hehe, or make their keystone package depend on the minimum	21:11
markguz	kmalloc: yes	21:12
kmalloc	sounds to me like a bad rpm that doesn't know the minimum oslo.config needed	21:12
kmalloc	s/bad/not-quite-correct	21:12
lbragstad	the minimum we define upstream is 3.14	21:12
lbragstad	at least in stable ocata	21:12
kmalloc	oooh wonderful.	21:12
kmalloc	that might be a g-r bug then	21:13
lbragstad	kmalloc: fwiw - that issues goes away when i disable keystone.conf [token] cache_on_issue and keystone.conf [cache] enabled	21:13
kmalloc	lbragstad: ok that is interesting.	21:13
kmalloc	means it is cache related	21:13
kmalloc	good to know	21:13
kmalloc	somehow with cach...	21:13
kmalloc	oh wait a sec.	21:13
kmalloc	hooooooollllld the door... hodor!	21:14
kmalloc	i mean...	21:14
kmalloc	lbragstad: you didn;t update the validate pipeline to use the toknemodel did you?	21:14
kmalloc	just the issue one?	21:14
kmalloc	lbragstad: you're somehow getting a dict back when you don't pre-seed the cache?	21:16
kmalloc	or when you don't cache at all	21:16
kmalloc	via validate	21:16
* lbragstad back in 5		21:17
kmalloc	ok	21:17
*** rledisez has quit IRC		21:24
*** lifeless has quit IRC		21:46
*** lifeless has joined #openstack-keystone		21:47
*** r-daneel has quit IRC		21:49
lbragstad	sorry	21:52
*** nicolasbock has quit IRC		21:52
* lbragstad was bombarded		21:52
*** itlinux has quit IRC		21:52
kmalloc	heh	21:52
lbragstad	correct - only the issue token patch was updated to use the token model object	21:53
lbragstad	the validate path still builds a dictionary	21:53
kmalloc	and there is why you're failing.	21:53
lbragstad	using all the old way of doing things we're used to	21:53
kmalloc	because issue pre-seeds in the cache of the model	21:53
kmalloc	i wonder if the deserialize pprint is just lost in a flush due to the app bailing	21:53
lbragstad	checkout the last couple lines of the deserialize method though	21:53
lbragstad	i'm converting the token model back to a dictionary	21:54
kmalloc	don't do that.	21:54
lbragstad	(because i'm doing the token model work in two patches, one for token issuance and one for token validation)	21:54
lbragstad	i can squash them	21:54
lbragstad	but i'm not sure if we're covering up a cache problem?	21:55
kmalloc	deserialize should rehydrate to the same state	21:55
kmalloc	always	21:55
kmalloc	you should ensure calls to validate convert -> dict	21:55
kmalloc	if needed	21:55
kmalloc	._validate	21:55
kmalloc	basically you need a "if isTokenModeel: token.to_dict()	21:55
kmalloc	for testing	21:56
kmalloc	if you turn off cache_on_issue	21:56
kmalloc	the problem also goes away, yah?	21:56
kmalloc	basically until both issue and validate emit TokenModel you shouldn't lean on cache_on_issue	21:56
kmalloc	it is a recipe for errors.	21:57
lbragstad	so - smash https://review.openstack.org/#/c/555931/1 into https://review.openstack.org/#/c/545450/	21:57
* kmalloc waits for loading...		21:57
lbragstad	i'd like to make sure cache_on_issue always works	21:57
kmalloc	right, so you have to make sure issue and validate both do tokenmodel	21:59
kmalloc	in a single patch	21:59
kmalloc	... also, i can't load review.openstack.org	21:59
kmalloc	changing fundamental format OR you need to make a dict-interface for the tokenmodel for compat until everything is converted	22:02
kmalloc	both are ok	22:02
kmalloc	i probably would do the dict-compat interface	22:02
kmalloc	[basically, behind the scenes build the token_dict and setup a __getattr__ to reference it]	22:02
kmalloc	erm.	22:03
kmalloc	__getitem__*	22:03
kmalloc	and then delete that interface once everything is converted	22:03
kmalloc	means for less code change in one swoop	22:03
*** spzala has joined #openstack-keystone		22:04
*** spzala has quit IRC		22:04
lbragstad	true	22:04
lbragstad	but if we do that, we aren't reinflating to a the same thing?	22:05
*** edmondsw has quit IRC		22:07
lbragstad	oh...	22:08
lbragstad	i see what you mean	22:08
*** edmondsw has joined #openstack-keystone		22:10
*** rcernin has joined #openstack-keystone		22:10
kmalloc	basically keep a dict state of the token in all cases on like "tokenmodel.__dictstate" and make .__getitem__ on TokenModel just reference TokenModel.__dictstate.__setitem__	22:12
kmalloc	erm... TokenModel.__dictstate.__getitem__	22:14
*** edmondsw has quit IRC		22:14
lbragstad	ok	22:14
lbragstad	that'd be one option - or we use the big hammer and make issue token and validation token work with TokenModel	22:15
kmalloc	it's ugly but can make it so anything that does Token[<thing>] can work until it's converted to know TokenModel.thing	22:15
kmalloc	totally	22:15
kmalloc	it's up to you	22:15
kmalloc	both will do the job	22:15
lbragstad	sure	22:15
* lbragstad assess risk		22:16
*** r-daneel has joined #openstack-keystone		22:34
*** aojea has quit IRC		22:36
*** rcernin has quit IRC		22:50
*** r-daneel has quit IRC		23:15
*** rledisez has joined #openstack-keystone		23:17
*** boris_42_ has quit IRC		23:19
adriant	cmurphy: thanks, will take a look at it!	23:24
adriant	cmurphy: any clue if Patrole works with older versions of openstack services?	23:36
adriant	although I guess in my case the requirements_authority part is all I need and that's just parsing policy files vs requirements	23:39
*** tosky has quit IRC		23:42
*** rcernin has joined #openstack-keystone		23:43
openstackgerrit	Merged openstack/keystone master: Clarify scope responses in authentication api ref https://review.openstack.org/571309	23:48

Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!