| *** spatel has joined #openstack-keystone | 00:41 | |
| *** gyee has quit IRC | 00:46 | |
| *** openstackstatus has joined #openstack-keystone | 01:03 | |
| *** ChanServ sets mode: +v openstackstatus | 01:03 | |
| *** jistr has quit IRC | 01:14 | |
| *** jistr has joined #openstack-keystone | 01:15 | |
| *** jamesmcarthur has joined #openstack-keystone | 01:34 | |
| *** spatel has quit IRC | 02:37 | |
| *** jamesmcarthur has quit IRC | 03:13 | |
| *** awalende has joined #openstack-keystone | 03:15 | |
| *** awalende has quit IRC | 03:19 | |
| *** dave-mccowan has quit IRC | 04:58 | |
| *** Luzi has joined #openstack-keystone | 06:06 | |
| vishakha | o/ | 06:25 |
|---|---|---|
| *** awalende has joined #openstack-keystone | 06:58 | |
| *** awalende has quit IRC | 07:02 | |
| *** shyamb has joined #openstack-keystone | 07:11 | |
| *** shyamb has quit IRC | 07:38 | |
| *** shyamb has joined #openstack-keystone | 08:09 | |
| *** jawad_axd has joined #openstack-keystone | 08:11 | |
| *** pcaruana has joined #openstack-keystone | 08:21 | |
| *** awalende has joined #openstack-keystone | 08:30 | |
| *** tesseract has joined #openstack-keystone | 08:35 | |
| *** shyamb has quit IRC | 08:57 | |
| *** shyamb has joined #openstack-keystone | 09:04 | |
| *** shyamb has quit IRC | 09:39 | |
| *** shyamb has joined #openstack-keystone | 09:44 | |
| *** shyamb has quit IRC | 09:44 | |
| *** shyamb has joined #openstack-keystone | 09:45 | |
| *** shyamb has quit IRC | 09:54 | |
| *** shyamb has joined #openstack-keystone | 10:14 | |
| *** shyamb has quit IRC | 11:02 | |
| *** raildo has joined #openstack-keystone | 11:39 | |
| *** rcernin has quit IRC | 12:01 | |
| *** jamesmcarthur has joined #openstack-keystone | 13:04 | |
| lbragstad | o/ | 13:06 |
| *** Luzi has quit IRC | 13:09 | |
| *** awalende has quit IRC | 13:22 | |
| *** awalende has joined #openstack-keystone | 13:22 | |
| *** awalende_ has joined #openstack-keystone | 13:27 | |
| *** awalende has quit IRC | 13:27 | |
| *** awalende_ has quit IRC | 13:31 | |
| *** jawad_axd has quit IRC | 13:42 | |
| *** jawad_axd has joined #openstack-keystone | 13:43 | |
| *** jawad_axd has quit IRC | 13:48 | |
| *** openstackgerrit has joined #openstack-keystone | 13:52 | |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Add flat enforcer https://review.opendev.org/695310 | 13:52 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: WIP: Two level limit enforcer https://review.opendev.org/695527 | 13:57 |
| johnthetubaguy | lbragstad: just wondering about the oslo.limit stuff, it would be great to get a new release out with something we can dev against in Nova, although I know the nova spec isn't yet approved | 13:59 |
| *** Ben78 has joined #openstack-keystone | 14:00 | |
| johnthetubaguy | just wondering if its looking roughly like you expected, or if it looks odd | 14:00 |
| *** jaosorior has joined #openstack-keystone | 14:00 | |
| lbragstad | johnthetubaguy i'll be honest, i haven't taken a peak at it, yet | 14:00 |
| lbragstad | lemme look quick | 14:00 |
| lbragstad | starting here - yeah? https://review.opendev.org/#/c/695310/ | 14:01 |
| johnthetubaguy | sorry, didn't mean it had to be now, but now is good :) | 14:01 |
| johnthetubaguy | yes, that is the one | 14:01 |
| johnthetubaguy | its honestly the patch is a bit big, ideas welcome | 14:01 |
| * lbragstad is trying to remember the outcomes the last time we talked about this | 14:01 | |
| johnthetubaguy | I changed my view of the world between patchset 1 and 2 (well a little bit) | 14:03 |
| lbragstad | fwiw - i broke my implement up a little bit | 14:03 |
| lbragstad | https://review.opendev.org/#/c/666085/9/oslo_limit/limit.py | 14:03 |
| lbragstad | in case that helps you reduce patch size | 14:03 |
| johnthetubaguy | ah... that is where I stole it from, sorry I forgot you had stuff up | 14:03 |
| lbragstad | no worries - i honestly haven't touched this stuff in forever, i'm sure it bitrot | 14:04 |
| lbragstad | https://review.opendev.org/#/c/666444/7/oslo_limit/limit.py | 14:04 |
| lbragstad | ^ then i added in the model stuff | 14:04 |
| johnthetubaguy | oh, sweet | 14:04 |
| lbragstad | the flat enforcement was just flushing out https://review.opendev.org/#/c/666444/7/oslo_limit/limit.py@165 after | 14:05 |
| lbragstad | https://review.opendev.org/#/c/667452/3 | 14:05 |
| lbragstad | johnthetubaguy overall - i think what you have in https://review.opendev.org/#/c/695310/4/oslo_limit/limit.py makes sense | 14:07 |
| johnthetubaguy | lbragstad: OK, I like how you split yours up, and the docs element, happy to split mine appart and add in some of the enforcement type logic you have | 14:08 |
| lbragstad | johnthetubaguy i eventually ran into a problem where i was passing a lot of the same data between objects | 14:09 |
| *** awalende has joined #openstack-keystone | 14:09 | |
| lbragstad | like the enforcer and the enforcement model objects... | 14:09 |
| lbragstad | iirc - the enforcement implementation need things like the projects, services, endpoints, etc... | 14:09 |
| lbragstad | i thought i remember having a awkward time establishing that boundary between the objects | 14:10 |
| lbragstad | without duplicating too much stuff | 14:10 |
| lbragstad | i want to say that's where the _BaseEnforcer came from | 14:11 |
| johnthetubaguy | I guess that is why I went for logic blocks in the utils class | 14:11 |
| lbragstad | sure | 14:11 |
| johnthetubaguy | not sure I like it, but the two level enforcer didn't need too much fresh logic | 14:11 |
| lbragstad | i suppose - you're utils class is pretty close to what i was trying to do with base enforcer | 14:12 |
| *** jamesmcarthur has quit IRC | 14:12 | |
| lbragstad | most of it has to do with grabbing data from keystohne | 14:12 |
| johnthetubaguy | I have just gone off inheritance for that kind of sharing | 14:12 |
| johnthetubaguy | I basically have resource_name to int dicts been passed around, which doesn't feel too bad | 14:13 |
| lbragstad | looks like the only difference is that enforce() is still in the model implementations in my patch, versus being in the utility | 14:13 |
| lbragstad | yeah... i think that's fine for now? | 14:13 |
| johnthetubaguy | the second patch is the main reason for the structure in the first | 14:13 |
| lbragstad | i always liked the idea of a formal python object that represented the claim | 14:13 |
| *** awalende has quit IRC | 14:14 | |
| lbragstad | but - if the dict isn't external (or handed back to the service in anyway) it should remain only within oslo.limit, so we can evolve it later... | 14:14 |
| johnthetubaguy | yeah, true | 14:14 |
| lbragstad | i had a script that i should have ported to a functional test | 14:15 |
| lbragstad | https://review.opendev.org/#/c/667242/7 | 14:15 |
| johnthetubaguy | do you have a fake keystone for functional tests, or a real one I guess? | 14:16 |
| lbragstad | well - that example started as just a way to document how things work for service developers | 14:16 |
| lbragstad | ideally, i wanted to give nova that document and say "here's how you can incorporate this stuff into your service" | 14:17 |
| johnthetubaguy | I was hoping the unit tests would get close enough for that, but a script is good | 14:17 |
| lbragstad | but - i actually used it as a functional test with a devstack deployment | 14:17 |
| johnthetubaguy | ah, nice | 14:17 |
| lbragstad | at which point, i should have just added a functional gate to oslo.limit | 14:17 |
| lbragstad | and ported the script to a test | 14:17 |
| lbragstad | since it exercises most of the cases for flat enforcement | 14:18 |
| johnthetubaguy | so you have resource_filter... what was that for again? | 14:21 |
| johnthetubaguy | ah, so I think I rolled that into deltas | 14:22 |
| johnthetubaguy | I only check the resources in the deltas dict | 14:22 |
| lbragstad | oh - it's a way for services to grab specific resource limits | 14:22 |
| lbragstad | instead of all the things | 14:23 |
| johnthetubaguy | yeah, I just made deltas specify the specific resources to check (if the delta is zero) or any additional resource if > than 0 | 14:23 |
| lbragstad | oh - sure | 14:23 |
| johnthetubaguy | I think that is just what we did in Nova, more than thinking about it too much | 14:24 |
| johnthetubaguy | I was thinking in Cinder, you limit volumes and snapshots, so you kinda only want to check one of the resources on each API call | 14:24 |
| lbragstad | yeah | 14:25 |
| johnthetubaguy | I was thinking for GPU quotas, if you are using too many GPUs, it shouldn't stop you starting an non-GPU instance, etc | 14:25 |
| lbragstad | right | 14:28 |
| johnthetubaguy | lbragstad: if its looking close, I am happy to pull this into a few chunks, and merge it with the patches you have up, what do you think? worth trying? | 14:29 |
| lbragstad | johnthetubaguy sure - the library isn't past 1.0 yet | 14:30 |
| lbragstad | if we need to back something out, we can | 14:30 |
| lbragstad | at least it gets you a library you can start using in nova | 14:30 |
| johnthetubaguy | yeah, I was kinda expecting we will have to rework that interface as we find out how it feels | 14:31 |
| lbragstad | i expected that we would find oddities after the initial implementation | 14:31 |
| johnthetubaguy | +1 | 14:31 |
| johnthetubaguy | that point on endpoint_id is interesting... I am just checking our kolla-ansible logic... the problem is remembering a thing we didn't decide in advance (the id) vs stuff we know and set (the region name and endpoint type) | 14:32 |
| lbragstad | ah - yeah | 14:33 |
| lbragstad | i think cmurphy and bnemec were having a discussion about that in the patch somewhere? | 14:33 |
| johnthetubaguy | yeah | 14:34 |
| johnthetubaguy | actually... fast forward upgrade (or whatever we call them now) | 14:35 |
| johnthetubaguy | skip level | 14:35 |
| johnthetubaguy | you need the API off during the upgrade right? | 14:35 |
| *** jawad_axd has joined #openstack-keystone | 14:36 | |
| johnthetubaguy | so no way to fetch the service id you don't have in your config | 14:36 |
| *** jamesmcarthur has joined #openstack-keystone | 14:37 | |
| *** jawad_axd has quit IRC | 14:40 | |
| bnemec | I vaguely recall that, but I can't remember which one I was advocating for. :-) | 14:43 |
| bnemec | Probably the one that doesn't require a lookup, but who knows what me from six months ago was thinking? | 14:44 |
| johnthetubaguy | :) | 14:46 |
| bnemec | Also, +1 to merging something even if it's not perfect. Until we release a 1.0 we're not committed to anything. | 14:47 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Add ksa connection logic https://review.opendev.org/666085 | 14:48 |
| knikolla | o/ | 14:52 |
| *** jawad_axd has joined #openstack-keystone | 15:21 | |
| *** ayoung has quit IRC | 15:40 | |
| *** jawad_axd has quit IRC | 16:08 | |
| *** gyee has joined #openstack-keystone | 16:09 | |
| *** jmlowe has joined #openstack-keystone | 16:41 | |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Add ksa connection logic https://review.opendev.org/666085 | 16:59 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Pick between Flat and StrictTwoLevel enforcement https://review.opendev.org/666444 | 16:59 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Add flat enforcer https://review.opendev.org/695310 | 16:59 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: WIP: Two level limit enforcer https://review.opendev.org/695527 | 16:59 |
| openstackgerrit | John Garbutt proposed openstack/oslo.limit master: Fetch limits from keystone https://review.opendev.org/695724 | 16:59 |
| *** jaosorior has quit IRC | 17:04 | |
| *** jmlowe has quit IRC | 17:10 | |
| *** awalende has joined #openstack-keystone | 17:23 | |
| *** awalende has quit IRC | 17:27 | |
| *** Guest24639 has joined #openstack-keystone | 17:32 | |
| *** Guest24639 is now known as mgagne_ | 17:34 | |
| *** tesseract has quit IRC | 17:35 | |
| *** jaosorior has joined #openstack-keystone | 17:44 | |
| *** jamesmcarthur has quit IRC | 18:00 | |
| *** bnemec is now known as beekneemech | 18:04 | |
| *** cmurphy is now known as cmorpheus | 18:18 | |
| cmorpheus | lbragstad: i think i was advocating for using endpoint types because it's easier for deployment tools, since they don't need to orchestrate creating the endpoint and getting the id before creating the config | 18:20 |
| cmorpheus | johnthetubaguy: i don't think the keystone API needs to be off for upgrades? i mean we support rolling upgrades | 18:21 |
| cmorpheus | knikolla: we forgot to talk about it during the ptg but want to propose http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/support-federated-attr.html and http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/expiring-group-memberships.html to the ussuri director? | 18:22 |
| cmorpheus | directory* | 18:22 |
| *** irclogbot_2 has quit IRC | 18:27 | |
| *** irclogbot_0 has joined #openstack-keystone | 18:30 | |
| johnthetubaguy | cmorpheus: I was just meaning for the skip level ones, I think we have to assume all services are turned off for those, but I might have the all messed up | 18:31 |
| cmorpheus | oh i see | 18:31 |
| johnthetubaguy | ah, yeah, fast forward, I always forget the final name | 18:32 |
| *** jaosorior has quit IRC | 19:08 | |
| *** Ben78 has quit IRC | 20:37 | |
| *** rcernin has joined #openstack-keystone | 20:49 | |
| *** raildo has quit IRC | 20:58 | |
| *** mgagne_ is now known as mgagne | 21:13 | |
| *** awalende has joined #openstack-keystone | 21:23 | |
| *** awalende has quit IRC | 21:28 | |
| *** spatel has joined #openstack-keystone | 21:38 | |
| *** spatel has quit IRC | 21:39 | |
| *** spatel has joined #openstack-keystone | 22:08 | |
| *** spatel has quit IRC | 22:13 | |
| *** spatel has joined #openstack-keystone | 22:15 | |
| *** rcernin has quit IRC | 22:24 | |
| *** spatel has quit IRC | 22:58 | |
| *** jmlowe has joined #openstack-keystone | 23:15 | |
Generated by irclog2html.py 2.15.3 by Marius Gedminas - find it at mg.pov.lt!