| *** gyee has quit IRC | 00:29 | |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove paste-ini https://review.openstack.org/609841 | 00:34 |
|---|---|---|
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove paste-ini https://review.openstack.org/609841 | 00:36 |
| *** mattoliverau has joined #openstack-keystone | 00:38 | |
| *** aojea has joined #openstack-keystone | 00:51 | |
| wxy-xiyuan | kmalloc: amazing! | 01:16 |
| wxy-xiyuan | kmalloc: lbragstad: mordred : BTW, https://review.openstack.org/#/q/status:open+project:openstack/openstacksdk+branch:master+topic:unified_limit this is the openstacksdk patch for unified limit APIs. | 01:18 |
| *** aojea has quit IRC | 01:21 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 01:43 | |
| *** aojea has joined #openstack-keystone | 02:12 | |
| *** zigo has quit IRC | 02:29 | |
| *** aojea has quit IRC | 02:45 | |
| *** lbragstad has joined #openstack-keystone | 02:45 | |
| *** ChanServ sets mode: +o lbragstad | 02:45 | |
| *** Dinesh_Bhor has quit IRC | 02:57 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 03:05 | |
| *** dave-mccowan has quit IRC | 03:05 | |
| *** aojea has joined #openstack-keystone | 03:38 | |
| openstackgerrit | ayoung proposed openstack/keystone master: Re-enable REMOTE_USER tests https://review.openstack.org/609834 | 03:48 |
| *** Dinesh_Bhor has quit IRC | 03:56 | |
| *** felipemonteiro has joined #openstack-keystone | 04:06 | |
| *** aojea has quit IRC | 04:09 | |
| *** lbragstad has quit IRC | 04:21 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 04:29 | |
| *** breton has quit IRC | 04:30 | |
| *** aojea has joined #openstack-keystone | 05:00 | |
| *** pcaruana has joined #openstack-keystone | 05:15 | |
| *** felipemonteiro has quit IRC | 05:31 | |
| *** aojea has quit IRC | 05:34 | |
| *** aojea has joined #openstack-keystone | 06:27 | |
| *** Dinesh_Bhor has quit IRC | 06:45 | |
| *** aojea has quit IRC | 07:00 | |
| *** rcernin has quit IRC | 07:03 | |
| *** aojea has joined #openstack-keystone | 07:52 | |
| openstackgerrit | Andreas Jaeger proposed openstack/keystone master: Use tempest-pg-full https://review.openstack.org/609951 | 08:06 |
| *** d0ugal has quit IRC | 08:07 | |
| *** d0ugal has joined #openstack-keystone | 08:08 | |
| *** Dinesh_Bhor has joined #openstack-keystone | 08:11 | |
| *** aojea has quit IRC | 08:24 | |
| *** zigo has joined #openstack-keystone | 08:34 | |
| *** devx has quit IRC | 08:39 | |
| *** devx has joined #openstack-keystone | 08:40 | |
| *** aojea has joined #openstack-keystone | 09:16 | |
| openstackgerrit | Jose Castro Leon proposed openstack/keystone master: Add caching on trust role validation to improve performance https://review.openstack.org/608963 | 09:40 |
| *** aojea has quit IRC | 09:48 | |
| *** josecastroleon has joined #openstack-keystone | 09:49 | |
| *** imacdonn has quit IRC | 09:53 | |
| *** imacdonn has joined #openstack-keystone | 09:53 | |
| *** Dinesh_Bhor has quit IRC | 09:57 | |
| *** rdopiera has joined #openstack-keystone | 10:25 | |
| rdopiera | Hello, I would like to ask you if there is a better way of doing this? https://review.openstack.org/#/c/609999/1/openstack_dashboard/api/keystone.py | 10:25 |
| openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Fixing update registered limit api-ref https://review.openstack.org/610000 | 10:26 |
| *** Dinesh_Bhor has joined #openstack-keystone | 10:35 | |
| *** aojea has joined #openstack-keystone | 10:39 | |
| openstackgerrit | Merged openstack/pycadf master: Use templates for cover and lower-constraints https://review.openstack.org/606606 | 11:02 |
| *** Dinesh_Bhor has quit IRC | 11:10 | |
| *** aojea has quit IRC | 11:12 | |
| openstackgerrit | Vishakha Agarwal proposed openstack/keystone master: Added test case update registered limit with region https://review.openstack.org/610005 | 11:13 |
| *** dave-mccowan has joined #openstack-keystone | 11:38 | |
| cmurphy | rdopiera: thanks, commented | 11:43 |
| cmurphy | rdopiera: i'm not sure of a better way to solve the problem without a more significant refactor | 11:43 |
| cmurphy | kmalloc: http://lists.openstack.org/pipermail/openstack-dev/2018-October/135696.html | 11:44 |
| *** aojea has joined #openstack-keystone | 11:49 | |
| rdopiera | cmurphy: thank you! | 11:52 |
| *** aojea has quit IRC | 12:22 | |
| *** hoonetorg has joined #openstack-keystone | 12:24 | |
| gagehugo | o/ | 12:39 |
| *** aojea has joined #openstack-keystone | 13:14 | |
| *** markvoelker has quit IRC | 13:15 | |
| *** munimeha1 has joined #openstack-keystone | 13:22 | |
| *** lbragstad has joined #openstack-keystone | 13:23 | |
| *** ChanServ sets mode: +o lbragstad | 13:23 | |
| lbragstad | kmalloc yeah - that's the most daunting refactor i've seen on this project yet | 13:29 |
| *** munimeha1 has quit IRC | 13:38 | |
| *** dansmith is now known as SteelyDan | 13:41 | |
| *** felipemonteiro has joined #openstack-keystone | 13:46 | |
| *** aojea has quit IRC | 13:46 | |
| *** munimeha1 has joined #openstack-keystone | 13:57 | |
| *** spilla has joined #openstack-keystone | 14:00 | |
| openstackgerrit | Lance Bragstad proposed openstack/oslo.policy master: Add guidelines for naming policies https://review.openstack.org/606214 | 14:14 |
| *** lbragstad is now known as elbragstad | 14:25 | |
| *** munimeha1 has quit IRC | 14:32 | |
| openstackgerrit | Lance Bragstad proposed openstack/oslo.policy master: Add guidelines for naming policies https://review.openstack.org/606214 | 14:37 |
| *** aojea has joined #openstack-keystone | 14:37 | |
| *** markvoelker has joined #openstack-keystone | 14:41 | |
| *** bnemec is now known as beekneemech | 14:44 | |
| *** felipemonteiro has quit IRC | 14:56 | |
| *** josecastroleon has quit IRC | 15:00 | |
| *** jmlowe has quit IRC | 15:03 | |
| *** aojea has quit IRC | 15:10 | |
| *** awestin1 has joined #openstack-keystone | 15:10 | |
| *** jmlowe has joined #openstack-keystone | 15:18 | |
| kmalloc | cmurphy: ahah. Because I made it always work :P | 15:18 |
| kmalloc | That's kind of hilarious | 15:19 |
| kmalloc | It works for keystone but not Nova. | 15:19 |
| *** gyee has joined #openstack-keystone | 15:19 | |
| kmalloc | Lbragstad cmurphy, pydev stuff only worked under eventlet | 15:21 |
| kmalloc | Afaik | 15:21 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks https://review.openstack.org/608785 | 15:21 |
| kmalloc | It's been dead for multiple releases aiui | 15:21 |
| elbragstad | ok - not sure if we actually deprecated that formally unless people were able to put two and two together :( | 15:22 |
| kmalloc | The bit that stands it up wasn't used in our code base.. | 15:22 |
| kmalloc | I did a code search on all things I removed in that patch. | 15:23 |
| kmalloc | I can re-add the dead function :P | 15:23 |
| kmalloc | Makes no difference to me. | 15:23 |
| kmalloc | ;) | 15:23 |
| kmalloc | I'll just need to find another few lines to delete to get back up to -12999 lines ;) | 15:25 |
| *** spilla has quit IRC | 15:42 | |
| kmalloc | elbragstad: I'll respin that last patch shortly | 15:45 |
| kmalloc | And..... I have a fix for the collection key bit. | 15:45 |
| gagehugo | kmalloc the "__UNUSED__"? | 15:46 |
| kmalloc | Yeah | 15:47 |
| gagehugo | ok cool | 15:47 |
| knikolla | kmalloc: are you going to do it as a follow-up? | 15:47 |
| kmalloc | Yeah. | 15:47 |
| elbragstad | sounds good | 15:47 |
| knikolla | sounds good. i'm reviewing the stack now. | 15:48 |
| elbragstad | i should be able to revisit those patches in bit... i'm currently buried in tempest clients again | 15:48 |
| *** markvoelker has quit IRC | 15:51 | |
| *** markvoelker has joined #openstack-keystone | 15:52 | |
| openstackgerrit | Michael Johnson proposed openstack/keystonemiddleware master: Fix audit target service selection https://review.openstack.org/610099 | 16:11 |
| *** aojea has joined #openstack-keystone | 16:11 | |
| johnsom | ^^^ fixes the audit bug I mentioned yesterday | 16:11 |
| *** aojea has quit IRC | 16:34 | |
| elbragstad | johnsom oh - nice, thanks! | 16:34 |
| *** irclogbot_3 has joined #openstack-keystone | 16:35 | |
| *** irclogbot_3 has quit IRC | 16:42 | |
| *** rdopiera has quit IRC | 16:54 | |
| openstackgerrit | Chuck Short proposed openstack/oslo.policy master: Change python3.5 job to python3.7 job on Stein+ https://review.openstack.org/610122 | 17:18 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Convert /v3/users to flask native dispatching https://review.openstack.org/609071 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Convert projects API to Flask https://review.openstack.org/603451 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove skip for test_locked_out_user_sends_notification https://review.openstack.org/609159 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Convert S3 and EC2 auth to flask native dispatching https://review.openstack.org/609500 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Replace JSON Body middleware with flask-native func https://review.openstack.org/609535 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Cleanup keystone.server.flask.application https://review.openstack.org/609548 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Register exceptions with a Flask Error Handler https://review.openstack.org/609796 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Make Request Logging a little better https://review.openstack.org/609804 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Internally defined middleware don't use stevedore https://review.openstack.org/609805 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Convert Normalizing filter to flask native Middleware https://review.openstack.org/609815 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Move AuthContextMiddleware https://review.openstack.org/609836 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Flask comment/docstring cleanup https://review.openstack.org/609837 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Cleanup test_wsgi https://review.openstack.org/609838 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code https://review.openstack.org/609839 | 17:34 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Make collection_key and member_key raise if unset https://review.openstack.org/610129 | 17:34 |
| kmalloc | crap. it rebased everything.... | 17:34 |
| kmalloc | well then. that kicked things out of gate :( | 17:34 |
| kmalloc | sorry | 17:34 |
| kmalloc | gagehugo, elbragstad, knikolla, cmurphy: mind re-kicking those things through? | 17:35 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code https://review.openstack.org/609839 | 17:36 |
| *** aojea has joined #openstack-keystone | 17:36 | |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove paste-ini https://review.openstack.org/609841 | 17:39 |
| gagehugo | oh boy | 17:39 |
| kmalloc | it was just a rebase via git review =/ | 17:40 |
| clarkb | kmalloc: that should never happen without it tell you fwiw | 17:40 |
| clarkb | unless you are running 5 year old git review | 17:40 |
| kmalloc | clarkb: current git review | 17:40 |
| kmalloc | clarkb: it's the first time it's happened in ages | 17:40 |
| clarkb | kmalloc: the behavior should be that it will attempt a rebase and if it doesn't conflict reset back to original head and push that | 17:40 |
| clarkb | if it does conflict it errors out and asks you to rebase manually | 17:41 |
| kmalloc | clarkb: well, i can only comment on what just happened :P | 17:41 |
| kmalloc | i did a git cherry-pick of a patch onto the tree, git review and it rebased the whole stack | 17:41 |
| clarkb | ah see | 17:41 |
| clarkb | cherry pick did it now git review :) | 17:41 |
| clarkb | cherry pick always creates a new commit | 17:41 |
| kmalloc | i've never had cherry-pick rebase the entire stack | 17:41 |
| kmalloc | cherry-pick was the last patch in the stack | 17:42 |
| clarkb | it "rebases" every commit cherry picked | 17:42 |
| clarkb | hrm | 17:42 |
| kmalloc | right, a single patch was cherry picked from a different branch | 17:42 |
| * kmalloc shrugs | 17:42 | |
| kmalloc | it isn't a big deal | 17:42 |
| kmalloc | really, i've not had any issues with git review and this happening once in 5 years is nbd | 17:42 |
| kmalloc | i can only assume i've done something wrong, but it's my normal workflow :P | 17:43 |
| kmalloc | so *shrug* | 17:43 |
| clarkb | ya I thought we'd mostly figured out the warts. I'm still inclined to think cherry pick did something unexpected there | 17:43 |
| kmalloc | now if only i could git review -WIP and have it automatically workflow -1 ;) | 17:43 |
| kmalloc | >.> | 17:43 |
| kmalloc | <.< | 17:43 |
| gagehugo | ¯\_(ツ)_/¯ | 17:45 |
| *** spilla has joined #openstack-keystone | 17:47 | |
| kmalloc | gagehugo: please let me know if you have questions re: final flask patches. | 17:51 |
| kmalloc | i'm here and we're in the home stretch | 17:51 |
| gagehugo | kmalloc will do, I just looked through users and projects this morning | 17:54 |
| *** aojea has quit IRC | 17:59 | |
| kmalloc | ooh i have more cleanup to do in the final patch ... wheeeeee | 18:04 |
| kmalloc | gagehuge, elbragstad: the "collection_key" and "member_key" fixes are not 100% baked =/ | 18:14 |
| kmalloc | because RBACEnforcer leans on them. | 18:14 |
| kmalloc | ugh. | 18:14 |
| gagehugo | hmm | 18:17 |
| kmalloc | think i have it solved now. | 18:19 |
| kmalloc | incoming revisions | 18:19 |
| * gagehugo braces for impact | 18:20 | |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Make collection_key and member_key raise if unset https://review.openstack.org/610129 | 18:22 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove pre-flask legacy code https://review.openstack.org/609839 | 18:22 |
| kmalloc | gagehugo: there we go | 18:22 |
| openstackgerrit | Morgan Fainberg proposed openstack/keystone master: Remove paste-ini https://review.openstack.org/609841 | 18:25 |
| aning | elbragstad: did you change your nick name :)? | 18:27 |
| elbragstad | aning it's casual nick friday :) | 18:27 |
| aning | elbragstad: yesterday we talked about the unique password count ... | 18:28 |
| aning | elbragstad: I believe there is a bug in identity sql driver | 18:28 |
| elbragstad | did you happen to see my last few pings yesterday? | 18:29 |
| aning | yes I did | 18:29 |
| aning | This command: "openstack user password set --password <> --original-password" works as expected. | 18:30 |
| aning | But this command: "openstack user set --password <> <username>" doesn't work properly | 18:31 |
| aning | Underneath, the first command is a POST call, which eventually call change_password() in sql.py | 18:32 |
| aning | While the second is a PATCH call, which is a user update call to user_update() in sql.py. | 18:32 |
| aning | update_user() in sql.py | 18:33 |
| aning | and I can see update_user() never calls _validate_password_history(). | 18:34 |
| kmalloc | aning: correct | 18:34 |
| kmalloc | update_user is meant to be administrative | 18:34 |
| kmalloc | and is exempt from password history checking | 18:35 |
| kmalloc | it is exempt from a number of PCIDSS things | 18:35 |
| kmalloc | that is by design. | 18:35 |
| aning | understood. But admin can change another user's password to its previously used passwords? | 18:35 |
| kmalloc | yes | 18:36 |
| kmalloc | it is assumed short of the user telling the admin what the password is, it would be accidental | 18:36 |
| kmalloc | it is common that admin password setting doesn't check history | 18:37 |
| aning | ok | 18:37 |
| kmalloc | this is also why we have implemented "must change password on first use" functionality | 18:37 |
| kmalloc | so if an admin sets a password, even a previously used one, the user must still change it | 18:37 |
| aning | I'm wondering a user can use the second command to change its own password too ... | 18:38 |
| aning | Let me try ... | 18:38 |
| kmalloc | unless explicitly allowed to call update_user no | 18:38 |
| kmalloc | users are not able to call update_user on self without admin/domain admin/whatever roles | 18:38 |
| kmalloc | (this falls into oslo.policy settings, but by default we don't enable self update of the user object) | 18:39 |
| kmalloc | there are things such as exempting the user from password lockouts, etc that are the reasoning behind that | 18:39 |
| aning | Is oslo.policy settings can be changed by configuration files? I'd like to the self update setttings for users. .. | 18:41 |
| kmalloc | there is a policy.json you can use to customize | 18:42 |
| kmalloc | by default we don't ship one anymore (meaning you get the default values) | 18:42 |
| kmalloc | otherwise you're looking in keystone.common.policies to see what the default rules are | 18:42 |
| aning | got it. Thanks! | 18:45 |
| elbragstad | sorry - just got off a call | 18:45 |
| elbragstad | aning clear as mud now? | 18:45 |
| aning | Yeah, sort of ... need a bit more digest. | 18:46 |
| kmalloc | heck yeah | 18:47 |
| *** kmalloc is now known as needscoffee | 18:48 | |
| needscoffee | mmmm | 18:48 |
| needscoffee | yeah | 18:48 |
| needscoffee | it's this time of day | 18:48 |
| aning | needscoffee: memory leaking :) | 18:49 |
| needscoffee | yhahahaha | 18:49 |
| *** aojea has joined #openstack-keystone | 18:50 | |
| elbragstad | aning fwiw - i was reproducing everything yesterday with a self-service password endpoint | 18:55 |
| elbragstad | so - openstack user password set and not openstack user set | 18:56 |
| elbragstad | `openstack user password set` | 18:56 |
| aning | elbragstad: there is a self_service column is password table, is that the same thing as what you mean? | 18:58 |
| aning | in password table | 18:58 |
| elbragstad | yeah - that's for keystone to keep track of if the password was set by a user or an administrator | 18:59 |
| elbragstad | it's all part of the PCI-DSS logic | 18:59 |
| elbragstad | because administrators need to be able to do things that users shouldn't be able to in certain PCI-DSS deployments | 18:59 |
| elbragstad | depending on the requirements you're trying to fill | 19:00 |
| aning | if the password is set by self, sefl_service will be "t" | 19:00 |
| aning | if it is set by admin, the self_service will be "f", a wild guess ... | 19:00 |
| elbragstad | http://paste.openstack.org/raw/731979/ | 19:01 |
| elbragstad | it's a tinyint | 19:01 |
| elbragstad | so 0 or 1 | 19:01 |
| elbragstad | i think | 19:01 |
| elbragstad | acting as boolean values | 19:01 |
| elbragstad | 1 meaning the password was self-serviced | 19:01 |
| elbragstad | 0 meaning it was setup by an administrator | 19:01 |
| aning | ok | 19:02 |
| *** pooja-jadhav has joined #openstack-keystone | 19:03 | |
| needscoffee | ++ | 19:03 |
| needscoffee | that sounds right | 19:03 |
| *** pooja_jadhav has quit IRC | 19:05 | |
| *** pooja_jadhav has joined #openstack-keystone | 19:10 | |
| *** jmlowe has quit IRC | 19:12 | |
| *** pooja-jadhav has quit IRC | 19:13 | |
| *** aojea has quit IRC | 19:23 | |
| * elbragstad hands our earmuffs | 19:27 | |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Make policy file support in fixture optional https://review.openstack.org/595279 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Move loadapp to a generic place https://review.openstack.org/595371 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Add test case for expanding implied roles in system tokens https://review.openstack.org/596356 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Expand implied roles in system-scoped tokens https://review.openstack.org/596357 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Loosen the assertion for logging scope type warnings https://review.openstack.org/597186 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement scope_type checking for credentials https://review.openstack.org/594547 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Pass context objects to policy enforcement https://review.openstack.org/605539 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement system reader role in domains API https://review.openstack.org/605485 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement system member role in domains API https://review.openstack.org/605849 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement system admin role in domains API https://review.openstack.org/605850 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Allow domain users to access the GET domain API https://review.openstack.org/605851 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Allow project users to retrieve domains https://review.openstack.org/605871 | 19:27 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove domain policies from policy.v3cloudsample.json https://review.openstack.org/605876 | 19:27 |
| elbragstad | rebased those ^ to fix merge conflicts and added a dependency to a tempest patch for implementing system scope | 19:38 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Implement scaffolding for upgrade checks https://review.openstack.org/608785 | 19:41 |
| gagehugo | elbragstad: It looks like your ps for project users to retrieve domains covers this: https://review.openstack.org/#/c/605560/ | 19:54 |
| gagehugo | right? | 19:54 |
| elbragstad | it should, yes | 19:55 |
| gagehugo | ok good, I'll abandon that then | 19:55 |
| elbragstad | we'll want to make sure your test case is covered in my patch though | 19:55 |
| gagehugo | it looks like it with: https://review.openstack.org/#/c/605871/3/keystone/tests/unit/protection/v3/test_domains.py | 19:56 |
| gagehugo | as that tests all three default roles | 19:57 |
| elbragstad | cool | 20:01 |
| needscoffee | elbragstad: most of those patches ^ look good | 20:05 |
| needscoffee | i'm looking through them, but most should be ready to land. | 20:05 |
| needscoffee | elbragstad: a few conflict with the final patches to flask. | 20:06 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Use auth_context in issue_token exclusively https://review.openstack.org/582635 | 20:07 |
| elbragstad | needscoffee yeah - i needed to resolve a couple of them but it wasn't bad | 20:08 |
| gagehugo | elbragstad: that looks better, it seemed like we relied on having auth_context | 20:09 |
| needscoffee | elbragstad: so last three things on my plate for the near term: 1) AuthContext/KSM fixes (should be small/isolating some details in ksm), 2) oslo.cache dict config grossness, 3) OSC (keystone) CLI -> SDK | 20:13 |
| needscoffee | oh and 4) official deprecation of ksc | 20:13 |
| needscoffee | (basically freeze ksc, all new stuff goes into SDK) | 20:14 |
| needscoffee | i'd like to do #4 as of this realease | 20:14 |
| needscoffee | regardless of anything else | 20:14 |
| needscoffee | just lock down the repo to "security fixes only" and push all new stuff to SDK. | 20:15 |
| needscoffee | and backfill SDK as needed to meed parity | 20:15 |
| needscoffee | meet* | 20:15 |
| elbragstad | sweet | 20:15 |
| needscoffee | limits is already going that way | 20:15 |
| needscoffee | once SDK is at parity, KSC will be frozen (no security fixes). | 20:16 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Use auth_context in issue_token exclusively https://review.openstack.org/582635 | 20:16 |
| needscoffee | or 90% parity or some marker | 20:16 |
| needscoffee | we can evaluate that freeze at S2 or so (the "nothing but security fixes to KSC") | 20:18 |
| mordred | needscoffee: I can't keep up with all of the different people you are | 20:20 |
| needscoffee | mordred: because i change names in IRC/elsewhere so often | 20:20 |
| *** needscoffee is now known as kmalloc | 20:20 | |
| mordred | needscoffee: it's the real life changes that get me | 20:21 |
| kmalloc | LOL | 20:21 |
| kmalloc | oh cause my name has changed SO much in the entire time you've known me ;) | 20:21 |
| mordred | yup. I just gave up trying to follow it | 20:21 |
| mordred | kmalloc: btw - the discovery patch for sdk has landed - so sdk is now fully-discovery driven and config settings are only overrides | 20:22 |
| kmalloc | NICE | 20:23 |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: Remove obsolete credential policies https://review.openstack.org/597187 | 20:29 |
| elbragstad | bah... users isn't on flask native yet | 20:50 |
| * elbragstad sets https://bugs.launchpad.net/keystone/+bug/1748027 back on the shelf | 20:50 | |
| openstack | Launchpad bug 1748027 in OpenStack Identity (keystone) "The v3 users API should account for different scopes" [High,Triaged] - Assigned to sonu (sonu-bhumca11) | 20:50 |
| elbragstad | cmurphy should we make system-scope an official bug tag? | 20:51 |
| elbragstad | i saw your updates to the policy bugs | 20:51 |
| *** spilla has quit IRC | 20:55 | |
| *** dave-mccowan has quit IRC | 20:57 | |
| openstackgerrit | Michael Johnson proposed openstack/keystonemiddleware master: Fix audit target service selection https://review.openstack.org/610099 | 21:16 |
| kmalloc | elbragstad: yes | 21:24 |
| kmalloc | elbragstad: we should | 21:25 |
| *** jistr has quit IRC | 21:55 | |
| *** jistr has joined #openstack-keystone | 21:56 | |
| *** jistr has quit IRC | 22:05 | |
| *** jistr has joined #openstack-keystone | 22:06 | |
| *** aojea has joined #openstack-keystone | 22:07 | |
| *** aojea has quit IRC | 22:11 | |
| openstackgerrit | Lance Bragstad proposed openstack/keystone master: WIP: Implement scope_type checking for project API https://review.openstack.org/610178 | 22:18 |
| *** pcaruana has quit IRC | 22:20 | |
| openstackgerrit | Merged openstack/keystone master: Convert /v3/users to flask native dispatching https://review.openstack.org/609071 | 22:44 |
| openstackgerrit | Merged openstack/keystone master: Convert projects API to Flask https://review.openstack.org/603451 | 22:44 |
| *** elbragstad has quit IRC | 22:56 | |
| *** elbragstad has joined #openstack-keystone | 23:15 | |
| *** ChanServ sets mode: +o elbragstad | 23:15 | |
| *** elbragstad has quit IRC | 23:15 | |
| *** jmlowe has joined #openstack-keystone | 23:18 | |
| *** gyee has quit IRC | 23:52 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!