Re: [openstack-dev] [keystone] Weekly Policy Meeting

2016-11-16 Thread Lance Bragstad
; > On Wed, Nov 16, 2016 at 1:06 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > >> We had some issues using Hangouts because we hit the maximum limit of >> attendees. To make it so that everyone could participate equally, we moved >> the meeting to #opens

[openstack-dev] [keystone] meeting format poll

2016-11-15 Thread Lance Bragstad
Hey folks, In today's keystone meeting, Morgan mentioned that we had the ability to go back to using OpenStack Wikis for meeting agendas. I created a poll to get feedback [0]. Let's keep it open for the week and look at the results as a team at our next meeting. Thanks! [0]

Re: [openstack-dev] [keystone] Weekly Policy Meeting

2016-11-16 Thread Lance Bragstad
/call/pd36j4qv5zfbldmhxeeatq6f7ae On Fri, Nov 11, 2016 at 8:33 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > I've added some initial content to the etherpad [0], to get things > rolling. Since this is going to be a recurring thing, I'd like our first > meeting to level set th

Re: [openstack-dev] [keystone] Weekly Policy Meeting

2016-11-16 Thread Lance Bragstad
-16.log.html#t2016-11-16T16:01:43 [1] https://review.openstack.org/#/c/398500/ [2] https://etherpad.openstack.org/p/keystone-policy-meeting On Wed, Nov 16, 2016 at 8:32 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > Just sending out a reminder that we'll be having our first meet

Re: [openstack-dev] [keystone] new keystone core (breton)

2016-10-31 Thread Lance Bragstad
Great work Boris. Welcome to the team! On Mon, Oct 31, 2016 at 2:50 PM, Kristi Nikolla wrote: > Congrats Boris! Well deserved! > > Kristi > > On 10/31/2016 03:46 PM, Steve Martinelli wrote: > > I want to welcome Boris Bobrov (breton) to the keystone core team. Boris > > has

Re: [openstack-dev] [keystone][tripleo][ansible][puppet][all] changing default token format

2016-11-03 Thread Lance Bragstad
I totally agree with communicating this the best we can. I'm adding the operator list to this thread to increase visibility. If there are any other methods folks think of for getting the word out, outside of what we've already done (release notes, email threads, etc.), please let me know. I'd be

[openstack-dev] [keystone] 2017-1-11 policy meeting

2017-01-11 Thread Lance Bragstad
Hey folks, In case you missed the policy meeting today, we had a good discussion [0] around incorporating keystone's policy into code using the Nova approach. Keystone is in a little bit of a unique position since we maintain two different policy files [1] [2], and there were a lot of questions

Re: [openstack-dev] [release] subscribe to the OpenStack release calendar

2017-01-12 Thread Lance Bragstad
This is awesome! I pretty much just 'Select All' deleted my other calendars I use for tracking this kind of information. Thank you, Doug! On Thu, Jan 12, 2017 at 12:41 PM, Emilien Macchi wrote: > On Wed, Jan 11, 2017 at 1:51 PM, Doug Hellmann >

Re: [openstack-dev] [keystone][devstack][rally][python-novaclient][magnum] switching to keystone v3 by default

2016-12-01 Thread Lance Bragstad
FWIW - i'm seeing a common error in several of the rally failures [0] [1] [2] [3]. Dims also pointed out a few bugs in rally for keystone v3 support [4]. I checked with the folks in #openstack-containers to see if they were experiencing anymore fallout, but it looks like the magnum gate is under

Re: [openstack-dev] [keystone] Custom ProjectID upon creation

2016-12-05 Thread Lance Bragstad
I put myself in Boris' camp on this one. This can open up the opportunity for negative user-experience, purely based on where I authenticate and which token I happen to authenticate with. A token would no longer be something I can assume to be properly validated against any node in my deployment.

Re: [openstack-dev] [keystone] Custom ProjectID upon creation

2016-12-05 Thread Lance Bragstad
The ability to specify IDs at project creation time was proposed as a specification last summer [0]. The common theme from the discussion in that thread was to use shadow mapping [1] to solve that problem. [0] https://review.openstack.org/#/c/323499/ [1]

Re: [openstack-dev] [keystone] office hours starting January 6th

2017-01-05 Thread Lance Bragstad
something that both keystone and the > community will benefit! :) > > On Wed, Dec 21, 2016 at 4:22 PM, Steve Martinelli <s.martine...@gmail.com> > wrote: > >> Thanks for setting this up Lance! >> >> You can count on me to join and smash some bugs. >> >

Re: [openstack-dev] [keystone] Feedback for upcoming user survey questionnaire

2017-01-04 Thread Lance Bragstad
++ to the suggestions Boris threw out. Answers to any of those would be valuable. In addition to that, I'd find any information about policy useful. Maybe something along the lines of "what changes to the policy files are you making, if any". This could be something that is asked OpenStack-wide

[openstack-dev] [keystone] documenting policy guidelines

2017-01-04 Thread Lance Bragstad
We had another healthy discussion about policy today [0] and most of it revolved around documenting policy guidelines. The question of the day was where should these guidelines live? To answer that we highlighted the following criteria: - Guidelines should be proposed and reviewed in small

[openstack-dev] [keystone] office hours starting January 6th

2016-12-21 Thread Lance Bragstad
Hi folks! If you remember, last year we started a weekly bug day [0]. The idea was to dedicate one day a week to managing keystone's bug queue by triaging, fixing, and reviewing bugs. This was otherwise known as keystone's office hours. I'd like to remind everyone that we are starting up this

[openstack-dev] [keystone] 2016-12-21 policy meeting

2016-12-21 Thread Lance Bragstad
Sending a note to summarize the policy meeting we had today [0]. Also to remind folks that our next policy meeting will be Wednesday, January 4th. Hope everyone has a safe and happy holiday season! [0] http://eavesdrop.openstack.org/meetings/policy/2016/policy.2016-12-21-16.01.log.html

Re: [openstack-dev] [requirements][keystone][glance] WebOb

2017-03-24 Thread Lance Bragstad
Following up again. Today we merged the fixes for some WebOb 1.7 compatibility issues we were having [0]. Thanks to David (dstanek) and John (jdennis) for digging in and getting this squared away. [0] https://review.openstack.org/#/c/422234/ On Wed, Mar 22, 2017 at 1:37 PM, Lance Bragstad

[openstack-dev] [keystone] No policy meeting today

2017-03-29 Thread Lance Bragstad
Hey folks, The schedule for today's meeting is pretty empty [0] so we will go ahead and cancel. There are several policy patches in keystone and nova that are working their way through review. Instead of meeting, a better use of that time might be reviewing what we have in the pipeline (detailed

Re: [openstack-dev] [requirements][keystone][glance] WebOb

2017-03-22 Thread Lance Bragstad
Posting a keystone update here as well. We are iterating on it in review as well as in IRC. There are a few things we're doing within keystone that raised some questions as to how we should handle some of the new changes in WebOb. I'll post another update once we make some more progress. On Wed,

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

2017-03-29 Thread Lance Bragstad
With pycrypto removed from keystoneauth [0] (thanks Brant, Monty, and Morgan!), I did some poking at the usage in keystonemiddleware [1]. The usage is built into auth_token middleware for encrypting and decrypting things stored in cache [2], but it is conditional based on configuration [3] and

Re: [openstack-dev] [requirements] pycrypto is dead, long live pycryptodome... or cryptography...

2017-03-29 Thread Lance Bragstad
/keystonemiddleware/+bug/1677308 On Wed, Mar 29, 2017 at 10:41 AM, Lance Bragstad <lbrags...@gmail.com> wrote: > With pycrypto removed from keystoneauth [0] (thanks Brant, Monty, and > Morgan!), I did some poking at the usage in keystonemiddleware [1]. > > The usage is built into aut

[openstack-dev] [keystone] [all] [tc] OpenStack mission review request

2017-03-28 Thread Lance Bragstad
The TC meeting today [0] had some discussion on an interpretation of OpenStack's mission statement [1]. The purpose of this note is two-fold. First, it would be great to get some keystone folks to review that change, especially paragraph four. Second, is an overall request for any last minute

[openstack-dev] [keystone] broken python35 job due to webob compatibility issues

2017-03-29 Thread Lance Bragstad
The keystone gate is currently broken [0]. This seems related to a previous change we made to be compatible with webob 1.7 [1]. Looks like we missed a couple spots in the original patch that are failing now that we're using a newer version of webob. There is a solution up for review [2] that

Re: [openstack-dev] [Keystone] Admin or certain roles should be able to list full project subtree

2017-03-16 Thread Lance Bragstad
On Thu, Mar 16, 2017 at 8:07 AM, Jeremy Stanley wrote: > On 2017-03-15 13:46:42 +1300 (+1300), Adrian Turjak wrote: > > See, subdomains I can kind of see working, but the problem I have with > > all this in general is that it is kind of silly to try and stop access > > down

Re: [openstack-dev] [keystone] [tripleo] [deployment] Keystone Fernet keys rotations spec

2017-03-16 Thread Lance Bragstad
I think the success of this, or a revived fernet-backend spec, is going to have a hard requirement on the outcome of the configuration opts discussion [0]. When we attempted to introduce an abstraction for fernet keys previously, it led down a rabbit hole of duplicated work across implementations,

Re: [openstack-dev] [keystone] [tripleo] [deployment] Keystone Fernet keys rotations spec

2017-03-16 Thread Lance Bragstad
gt; On Thu, Mar 16, 2017 at 12:45 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > > I think the success of this, or a revived fernet-backend spec, is going > to > > have a hard requirement on the outcome of the configuration opts > discussion > > [0]. When we

Re: [openstack-dev] [Keystone] Admin or certain roles should be able to list full project subtree

2017-03-16 Thread Lance Bragstad
On Thu, Mar 16, 2017 at 12:46 PM, Morgan Fainberg <morgan.fainb...@gmail.com > wrote: > > > On Mar 16, 2017 07:28, "Jeremy Stanley" <fu...@yuggoth.org> wrote: > > On 2017-03-16 08:34:58 -0500 (-0500), Lance Bragstad wrote: > [...] > > These sec

Re: [openstack-dev] [keystone][all] Reseller - do we need it?

2017-03-16 Thread Lance Bragstad
On Thu, Mar 16, 2017 at 4:31 PM, John Dickinson <m...@not.mn> wrote: > > > On 16 Mar 2017, at 14:10, Lance Bragstad wrote: > > Hey folks, > > The reseller use case [0] has been popping up frequently in various > discussions [1], including unified limits. &g

[openstack-dev] [keystone][all] Reseller - do we need it?

2017-03-16 Thread Lance Bragstad
Hey folks, The reseller use case [0] has been popping up frequently in various discussions [1], including unified limits. For those who are unfamiliar with the reseller concept, it came out of early discussions regarding hierarchical multi-tenancy (HMT). It essentially allows a certain level of

Re: [openstack-dev] [all][ptl] Action required ! - Please submit Boston Forum sessions before April 2nd

2017-03-21 Thread Lance Bragstad
I have a couple questions in addition to Matt's. The keystone group is still trying to figure out what this means for us and we discussed it in today's meeting [0]. Based on early feedback, we're going to have less developer presence at the Forum than we did at the PTG. Are these formal sessions

[openstack-dev] [keystone] slide deck

2017-03-14 Thread Lance Bragstad
Hi all, With the forum approaching, I threw together a slide deck that incorporates the new mascot. I wanted to send this out in enough advance for folks to use them at the forum. This is in no way our *official* deck and you're not required to use it for keystone related talks or presentations.

Re: [openstack-dev] [keystone] slide deck

2017-03-14 Thread Lance Bragstad
Of course I would make changes to the template *right* after sending this email. I'll just share the presentation that I have [0]. https://docs.google.com/presentation/d/1s9BNHI4aHs_fEcCYuekDCFwMg1VTsKCHMkSko92Gqco/edit?usp=sharing On Tue, Mar 14, 2017 at 8:54 PM, Lance Bragstad <lbr

Re: [openstack-dev] [ptls] Project On-Boarding Rooms

2017-03-15 Thread Lance Bragstad
I would love to have one for on-boarding new identity developers. On Wed, Mar 15, 2017 at 1:43 PM, Michał Jastrzębski wrote: > One for Kolla too please:) > > On 15 March 2017 at 11:35, Чадин Александр (Alexander Chadin) > wrote: > > +1 for Watcher > >

Re: [openstack-dev] [keystone][all] Reseller - do we need it?

2017-03-16 Thread Lance Bragstad
ther up or down the tree? If not, would it be a nice-to-have? > > Thanks, > Kevin > > ------ > *From:* Lance Bragstad [lbrags...@gmail.com] > *Sent:* Thursday, March 16, 2017 2:10 PM > *To:* OpenStack Development Mailing List (not for usage questi

Re: [openstack-dev] [Openstack-operators] FW: [quotas] Unified Limits Conceptual Spec RFC

2017-04-10 Thread Lance Bragstad
Sending out a heads up that the initial spec [0] merged. [0] https://review.openstack.org/#/c/440815/ On Thu, Mar 30, 2017 at 1:44 PM, Tim Bell wrote: > > For those that are interested in nested quotas, there is proposal on how > to address this forming in openstack-dev (and

Re: [openstack-dev] [nova][api] quota-class-show not sync to quota-show

2017-04-11 Thread Lance Bragstad
On Tue, Apr 11, 2017 at 1:21 PM, Matt Riedemann wrote: > On 4/11/2017 2:52 AM, Alex Xu wrote: > >> We talked about remove the quota-class API for multiple times >> (http://lists.openstack.org/pipermail/openstack-dev/2016-July/099218.html >> ) >> >> I guess we can deprecate

Re: [openstack-dev] Emails for OpenStack R Release Name voting going out - please be patient

2017-04-12 Thread Lance Bragstad
On Wed, Apr 12, 2017 at 9:42 AM, Amrith Kumar wrote: > Hmm, all the cool kids didn’t receive the email but I did. Now I feel bad > ☹ > > > > -amrith > > > > *From:* Morgan Fainberg [mailto:morgan.fainb...@gmail.com] > *Sent:* Wednesday, April 12, 2017 9:53 AM > *To:*

[openstack-dev] [keystone] policy meeting 2017-4-12

2017-04-12 Thread Lance Bragstad
Just a reminder that we will be having the policy meeting in 45 minutes in #openstack-meeting-cp [0]. It was cancelled last week due to tight schedules. See you there! [0] https://etherpad.openstack.org/p/keystone-policy-meeting

Re: [openstack-dev] [keystone] Adding foreign keys between subsystems

2017-04-12 Thread Lance Bragstad
On Wed, Apr 12, 2017 at 9:28 AM, David Stanek wrote: > [tl;dr I want to remove the artificial restriction of not allowing FKs > between > subsystems and I want to stop FK enforcement in code.] > > The keystone code architecture is pretty simple. The data and > functionality

[openstack-dev] [keystone] pike-1 release

2017-04-12 Thread Lance Bragstad
I've proposed keystone's pike-1 release [0]. If there is anything that we need to wait on for pike-1 that hasn't merged yet, please let me know at your earliest convenience. [0] https://review.openstack.org/#/c/456319/ __

Re: [openstack-dev] [policy][nova][keystone] policy meeting next week

2017-04-06 Thread Lance Bragstad
they've found useful for RBAC discussions, feel free to drop them here. [0] http://csrc.nist.gov/rbac/sandhu-ferraiolo-kuhn-00.pdf On Wed, Apr 5, 2017 at 4:45 PM, Lance Bragstad <lbrags...@gmail.com> wrote: > We ended up cancelling today's policy meeting, but policy discussions

[openstack-dev] [keystone] rejoining our IRC channel

2017-04-06 Thread Lance Bragstad
If you chill in #openstack-keystone, we had a little mishap today that resulted in people getting accidentally kicked from the channel. Everything is back to normal and if you haven't already done so, feel free to hop back in. Thanks!

[openstack-dev] [keystone][horizon] weekly meeting

2017-04-13 Thread Lance Bragstad
Happy Thursday folks, Rob and I have noticed that the weekly attendance for the Keystone/Horizon [0] meeting has dropped significantly in the last month or two. We contemplated changing the frequency of this meeting to be monthly instead of weekly. We still think it is important to have a sync

Re: [openstack-dev] [keystone][horizon] weekly meeting

2017-04-20 Thread Lance Bragstad
nth it falls in. > Thanks! > > Rob > > On 13 April 2017 at 22:03, Lance Bragstad <lbrags...@gmail.com> wrote: > >> Happy Thursday folks, >> >> Rob and I have noticed that the weekly attendance for the >> Keystone/Horizon [0] meeting has dropped signifi

Re: [openstack-dev] [api][qa][tc][glance][keystone][cinder] Testing of deprecated API versions

2017-03-09 Thread Lance Bragstad
On Thu, Mar 9, 2017 at 3:46 PM, Doug Hellmann wrote: > Excerpts from Andrea Frittoli's message of 2017-03-09 20:53:54 +: > > Hi folks, > > > > I'm trying to figure out what's the best approach to fade out testing of > > deprecated API versions. > > We currently host in

Re: [openstack-dev] [Keystone] Admin or certain roles should be able to list full project subtree

2017-03-14 Thread Lance Bragstad
Rodrigo, Isn't what you just described the reseller use case [0]? Was that work ever fully finished? I thought I remember having discussions in Tokyo about it. [0] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/mitaka/reseller.html On Tue, Mar 14, 2017 at 7:38 AM, Rodrigo

[openstack-dev] [keystone] Pike deadlines

2017-03-14 Thread Lance Bragstad
Hello, Sending out a quick announcement that we've merged our project-specific deadlines for the Pike release schedule [0]. Our first deadline this release is spec proposal freeze which is going to be R-20 (April 14th). Thanks! [0] https://releases.openstack.org/pike/schedule.html

Re: [openstack-dev] [api][qa][tc][glance][keystone][cinder] Testing of deprecated API versions

2017-03-10 Thread Lance Bragstad
On Fri, Mar 10, 2017 at 8:49 AM, Andrea Frittoli <andrea.fritt...@gmail.com> wrote: > > > On Fri, Mar 10, 2017 at 2:24 PM Doug Hellmann <d...@doughellmann.com> > wrote: > >> Excerpts from Ghanshyam Mann's message of 2017-03-10 10:55:25 +0900: >> > On Fr

Re: [openstack-dev] [cinder][glance][horizon][keystone][nova][qa][swift] Feedback needed: Removal of legacy per-project vanity domain redirects

2017-03-08 Thread Lance Bragstad
>From a keystone-perspective, I'm fine killing keystone.openstack.org. Unless another team member with more context/history has a reason to keep it around. On Wed, Mar 8, 2017 at 9:12 AM, Monty Taylor wrote: > Hey all, > > We have a set of old vanity redirect URLs from

[openstack-dev] [keystone][nova][neutron][cinder] Limiting RPC traffic with keystoneauth

2017-03-02 Thread Lance Bragstad
Post PTG there has been some discussion regarding quotas as well as limits. While most of the discussion has been off and on in #openstack-dev, we also have a mailing list thread on the topic [0]. I don't want to derail the thread on quotas and limits with this thread, but today's discussion [1]

Re: [openstack-dev] [nova][keystone] Pike PTG recap - quotas

2017-03-01 Thread Lance Bragstad
FWIW - There was a lengthy discussion in #openstack-dev yesterday regarding this [0]. [0] http://eavesdrop.openstack.org/irclogs/%23openstack-dev/%23openstack-dev.2017-02-28.log.html#t2017-02-28T17:39:48 On Wed, Mar 1, 2017 at 5:42 AM, John Garbutt wrote: > On 27

[openstack-dev] [keystone][defcore][refstack] Removal of the v2.0 API

2017-03-01 Thread Lance Bragstad
During the PTG, Morgan mentioned that there was the possibility of keystone removing the v2.0 API [0]. This thread is a follow up from that discussion to make sure we loop in the right people and do everything by the books. The result of the session [1] listed the following work items: - Figure

[openstack-dev] [policy][nova][keystone] policy meeting next week

2017-04-05 Thread Lance Bragstad
We ended up cancelling today's policy meeting, but policy discussions carried on throughout the day in #openstack-keystone [0]. We have several specs up for review [1][2][3][4]. Some are nova specs and a couple are proposed to keystone. With keystone's spec proposal freeze coming up next week [5],

Re: [openstack-dev] [nova][oslo.utils] Bug-1680130 Check validation of UUID length

2017-04-24 Thread Lance Bragstad
We had to do similar things in keystone in order to validate uuid-ish types (just not as fancy) [0] [1]. If we didn't have to worry about being backwards compatible with non-uuid formats, it would be awesome to have one implementation for checking that. [0]

[openstack-dev] [keystone] office hours report 2017-08-01

2017-08-01 Thread Lance Bragstad
Hey all, Here is a condensed report of what was accomplished during office hours today. Most activity focused on reviewing fixes in flight. Full log can be found in IRC [0]. Bug #1635389 in OpenStack Identity (keystone): "keystone.contrib.ec2.controllers.Ec2Controller is untested"

[openstack-dev] [requirements][release][oslo] FFE for oslo.policy

2017-08-01 Thread Lance Bragstad
I was cleaning up a few documentation things for keystone and noticed an issue with how the configuration reference was rendering. It turns out the oslo.policy library needed a few tweaks to the show-policy directive along with some changes to keystone that allowed us to properly render all

[openstack-dev] [all] [ptg] Policy Sessions

2017-08-03 Thread Lance Bragstad
One of the community goals for Queens is to move all policy into code and document it [0]. I'd like to make myself available to work with projects face-to-face if they need help at the PTG. In order to successfully plan that, we need to have an estimate of how many projects are interested in

[openstack-dev] [keystone] Adding Kristi Nikolla to keystone-core

2017-08-15 Thread Lance Bragstad
I made the announcement in today's keystone meeting [0] that the current reviewers have decided to add Kristi Nikolla (knikolla) to the team. Kristi has been an extremely valuable asset to the team over the last couple of releases. He especially stepped up to the plate during Pike. He provides

[openstack-dev] [keystone] office hours report 2017-08-15

2017-08-15 Thread Lance Bragstad
Hey all, Office hours was pretty focused today. We spent the majority of the time discussing and merging fixes we need for RC2. In addition to that we discussed plans for the PTG as well as the schedule. Full details can be found in the logs [0]. Thanks, Lance [0]

[openstack-dev] [keystone] using only sql for resource backends

2017-08-15 Thread Lance Bragstad
During RC, Morgan's made quite a bit of progress on a bug found by the gate [0]. Part of the solution led to another patch that removes the ability to configure anything but sql for keystone's resource backend (`keystone.conf [resource] driver`). The reasoning behind this is that there were FK

Re: [openstack-dev] [keystone] rc2 updates

2017-08-11 Thread Lance Bragstad
working on a fix and we've targeted bug 1702211 to rc2. I'll keep an eye out for the translations patch and make sure that lands before we cut the next release candidate. On 08/11/2017 12:02 PM, Thierry Carrez wrote: > Lance Bragstad wrote: >> We rolled out rc1 last night [0], but missed

Re: [openstack-dev] [qa] [keystone] Random Patrole failures related to Identity v3 Extensions API

2017-08-11 Thread Lance Bragstad
Help if you actually attach the link you want to send [0]. [0] https://bugs.launchpad.net/keystone/+bug/1702211 On 08/11/2017 11:26 AM, Morgan Fainberg wrote: > On Fri, Aug 11, 2017 at 9:25 AM, Morgan Fainberg > wrote: >> On Fri, Aug 11, 2017 at 8:44 AM, Felipe

Re: [openstack-dev] [qa] [keystone] Random Patrole failures related to Identity v3 Extensions API

2017-08-11 Thread Lance Bragstad
More context on the patch Morgan is working on can be found in the bug report [0]. [0] On 08/11/2017 11:26 AM, Morgan Fainberg wrote: > On Fri, Aug 11, 2017 at 9:25 AM, Morgan Fainberg > wrote: >> On Fri, Aug 11, 2017 at 8:44 AM, Felipe Monteiro >>

Re: [openstack-dev] [keystone] removing domain configuration upload via keystone-manage

2017-08-10 Thread Lance Bragstad
I proposed a patch to remove the deprecation [0]. [0] https://review.openstack.org/492694 On 06/28/2017 09:33 PM, Lance Bragstad wrote: > Cool - I'm glad this is generating discussion. I personally don't see > a whole lot of maintenance costs with `keystone-manage > domain_config_u

Re: [openstack-dev] [keystone] rc2 updates

2017-08-11 Thread Lance Bragstad
/1702211 [3] fail tempest run --regex tempest.api.identity.admin.v3.test_users.UsersV3TestJSON.test_password_history_not_enforced_in_admin_reset On 08/11/2017 06:26 PM, Morgan Fainberg wrote: > On Fri, Aug 11, 2017 at 11:10 AM, Lance Bragstad <lbrags...@gmail.com> wrote: >> Thanks

[openstack-dev] [keystone] rc2 updates

2017-08-11 Thread Lance Bragstad
We rolled out rc1 last night [0], but missed a couple important documentation patches and release notes [1]. I'll propose rc2 as soon as those merge. I've also created a new official bug tag, pike-backport-potential. Please feel free to use the tag if you're doing bug triage and find something you

Re: [openstack-dev] [keystone] stable/ocata and stable/newton are broken

2017-07-13 Thread Lance Bragstad
Oh - the original issues with the stable branches were reported here: https://bugs.launchpad.net/keystone/+bug/1704148 On 07/13/2017 06:00 PM, Lance Bragstad wrote: > Colleen found out today while doing a backport that both of our stable > branches are broken. After doing some digging, it

[openstack-dev] [keystone] stable/ocata and stable/newton are broken

2017-07-13 Thread Lance Bragstad
Colleen found out today while doing a backport that both of our stable branches are broken. After doing some digging, it looks like bug 1687593 is the culprit [0]. The fix to that bug merged in master and the author added some nicely written functional tests using the keystone-tempest-plugin. The

[openstack-dev] [keystone] feature freeze and spec status

2017-07-17 Thread Lance Bragstad
Hi all, I wanted to send a friendly reminder that feature freeze for keystone will be in R-5 [0], which is the end of next week. That leaves just under 10 business days for feature work (8 considering the time to get through the gate). Of the specifications we've committed to for Pike, the

Re: [openstack-dev] [keystone] We still have a not identical HEAD response

2017-07-11 Thread Lance Bragstad
Based on the comments and opinions in the original thread, I think a fix for this is justified. I wouldn't mind running this by the TC to double check that nothing has changed from the first time we had to fix this issue though. On 07/11/2017 06:03 AM, Attila Fazekas wrote: > Hi all, > > Long

[openstack-dev] [keystone] office hours reminder

2017-07-11 Thread Lance Bragstad
Hey all, Just a quick reminder that today we will be holding office hours after the keystone meeting [0]. See you there! Thanks, Lance [0] http://eavesdrop.openstack.org/#Keystone_Team_Meeting signature.asc Description: OpenPGP digital signature

Re: [openstack-dev] [keystone] deprecating and removing tools/sample_data.sh

2017-07-11 Thread Lance Bragstad
#L331 On 07/05/2017 04:28 PM, Colleen Murphy wrote: > On Wed, Jul 5, 2017 at 9:36 PM, Lance Bragstad <lbrags...@gmail.com > <mailto:lbrags...@gmail.com>> wrote: > > Hi all, > > Keystone has a script to perform some bootstrapping operations > [0]. It'

Re: [openstack-dev] [keystone] office hours report 2017-7-7

2017-07-12 Thread Lance Bragstad
On 07/12/2017 09:17 AM, Akihiro Motoki wrote: > 2017-07-12 10:35 GMT+09:00 Lance Bragstad <lbrags...@gmail.com>: >> Hey all, >> >> This is a summary of what was worked on today during office hours. Full logs >> of the meeting can be found below: >> >

[openstack-dev] [all] Queens Goal for policy-in-code

2017-07-12 Thread Lance Bragstad
Hi all, I'd like to reach out and get ahead of the curve now that we established the community goals for Queens. If you have any questions about the policy-in-code work [0] and how it pertains to your project, please don't hesitate to ping me in #openstack-dev. Once pike starts winding down, I'll

[openstack-dev] [keystone] office hours report 2017-7-7

2017-07-11 Thread Lance Bragstad
Hey all, This is a summary of what was worked on today during office hours. Full logs of the meeting can be found below: http://eavesdrop.openstack.org/meetings/office_hours/2017/office_hours.2017-07-11-19.00.log.html *The future of the templated catalog backend * Some issues were uncovered,

Re: [openstack-dev] [keystone] office hours report 2017-7-7

2017-07-12 Thread Lance Bragstad
On 07/11/2017 09:28 PM, Mathieu Gagné wrote: > Hi, > > So this email is relevant to my interests as an operator. =) Glad to hear it! > > On Tue, Jul 11, 2017 at 9:35 PM, Lance Bragstad <lbrags...@gmail.com > <mailto:lbrags...@gmail.com>> wrote: > >

Re: [openstack-dev] [keystone] stable/ocata and stable/newton are broken

2017-07-14 Thread Lance Bragstad
All the patches in the original note have merged for both stable/ocata and stable/newton. Existing patches to both branches are being recheck and rebased. On 07/13/2017 06:04 PM, Lance Bragstad wrote: > Oh - the original issues with the stable branches were reported here: > &

Re: [openstack-dev] [keystone][nova] Persistent application credentials

2017-07-17 Thread Lance Bragstad
On Mon, Jul 17, 2017 at 6:39 PM, Zane Bitter wrote: > So the application credentials spec has merged - huge thanks to Monty and > the Keystone team for getting this done: > > https://review.openstack.org/#/c/450415/ > http://specs.openstack.org/openstack/keystone-specs/specs/

Re: [openstack-dev] [keystone][nova] Persistent application credentials

2017-07-18 Thread Lance Bragstad
On 07/17/2017 10:12 PM, Lance Bragstad wrote: > > > On Mon, Jul 17, 2017 at 6:39 PM, Zane Bitter <zbit...@redhat.com > <mailto:zbit...@redhat.com>> wrote: > > So the application credentials spec has merged - huge thanks to > Monty and the Ke

Re: [openstack-dev] [all][stable][ptls] Tagging mitaka as EOL

2017-07-18 Thread Lance Bragstad
On 07/18/2017 08:21 AM, Andy McCrae wrote: > > > > The branches have now been retired, thanks to Joshua Hesketh! > > > Thanks Josh, Andreas, Tony, and the rest of the Infra crew for sorting > this out. ++ thanks all! > > Andy > > >

Re: [openstack-dev] [keystone][nova] Persistent application credentials

2017-07-20 Thread Lance Bragstad
On 07/19/2017 09:27 PM, Monty Taylor wrote: > On 07/19/2017 12:18 AM, Zane Bitter wrote: >> On 18/07/17 10:55, Lance Bragstad wrote: >>>> >>>> Would Keystone folks be happy to allow persistent credentials once >>>> we have a way to

[openstack-dev] [keystone] [all] keystoneauth version discovery is here

2017-07-20 Thread Lance Bragstad
Happy Thursday, We just released keystoneauth 3.0.0 [0], which contains a bunch of built-in functionality to handle version discovery so that you don't have to! Check out the documentation for all the details [1]. Big thanks to Eric and Monty for tackling this work, along with all the folks who

[openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-21 Thread Lance Bragstad
I started noticing some trivial changes failing in the keystonemiddleware gate [0]. The failures are in tests that use the keystoneauth1 library (8 tests are failing by my count), which we released a new version of yesterday [1]. I've proposed a patch to blacklist keystoneauth1 3.0.0 from

Re: [openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-21 Thread Lance Bragstad
-keystonemiddleware-python27-ubuntu-xenial/7c079da/testr_results.html.gz [1] https://github.com/openstack/keystoneauth/blob/5715035f42780d8979d458e9f7e3c625962b2749/keystoneauth1/discover.py#L947 [2] https://review.openstack.org/#/c/486231/1 On 07/21/2017 04:43 PM, Lance Bragstad wrote: > The pa

Re: [openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-21 Thread Lance Bragstad
:00 PM, Lance Bragstad wrote: > I started noticing some trivial changes failing in the > keystonemiddleware gate [0]. The failures are in tests that use the > keystoneauth1 library (8 tests are failing by my count), which we > released a new version of yesterday [1]. I've prop

Re: [openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-21 Thread Lance Bragstad
On Fri, Jul 21, 2017 at 9:39 PM, Monty Taylor <mord...@inaugust.com> wrote: > On 07/22/2017 07:14 AM, Lance Bragstad wrote: > >> After a little head scratching and a Pantera playlist later, we ended up >> figuring out the main causes. The failures can be found in the gate

Re: [openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-21 Thread Lance Bragstad
The patch to blacklist version 3.0.0 is working through the moment [0]. We also have a WIP patch proposed to handled the cases exposed by keystonemiddleware [1]. [0] https://review.openstack.org/#/c/486223/ [1] https://review.openstack.org/#/c/486231/ On 07/21/2017 03:58 PM, Lance Bragstad

Re: [openstack-dev] [keystone] [all] keystoneauth version discovery is here

2017-07-22 Thread Lance Bragstad
/openstack-dev/2017-July/120012.html [1] https://review.openstack.org/#/c/486223/ On Thu, Jul 20, 2017 at 5:41 PM, Lance Bragstad <lbrags...@gmail.com> wrote: > Happy Thursday, > > We just released keystoneauth 3.0.0 [0], which contains a bunch of > built-in functionality to handle ve

[openstack-dev] [keystone] office hours report 2017-7-25

2017-07-25 Thread Lance Bragstad
Hey all, Nearly all of today's activity in office hours consisted of bug triage. We now have a list of target bugs for rc1 [0]. Full logs can be found below [1]. The following is a summary of what was accomplished: Bug #1669080 in OpenStack Identity (keystone): ""openstack role create" should

Re: [openstack-dev] [keystone] Queens PTG Planning

2017-07-27 Thread Lance Bragstad
, Lance Bragstad wrote: > Hey all, > > I've started an etherpad [0] for us to collect topics and ideas for the > PTG in September. I hope to follow the same planning format as last > time. Everyone has the opportunity to add topics to the agenda and after > some time we'll gr

[openstack-dev] [keystone] canceling policy meeting 2017-07-26

2017-07-26 Thread Lance Bragstad
Hey all, There isn't anything on the agenda for today's policy meeting [0] and I know several members of the team are wrapping things up for pike-3. As a result, I'm canceling the policy meeting today and we can reconvene next week after the dust settles. Thanks, Lance [0]

Re: [openstack-dev] [keystone] office hours report 2017-7-7

2017-07-19 Thread Lance Bragstad
68 participants: gagehugo, kaerie Reproposed patch in review For what it's worth, I also apparently thought office hours occurred on the 7th when it was actually on the 11th. On 07/11/2017 08:35 PM, Lance Bragstad wrote: > > Hey all, > > This is a summary of what was worked on today

Re: [openstack-dev] [keystone] keystoneauth1 3.0.0 broken keystonemiddleware

2017-07-22 Thread Lance Bragstad
rged yet > > https://review.openstack.org/#/c/486231/ > > > Thansk, > Dims > > On Fri, Jul 21, 2017 at 11:40 PM, Lance Bragstad <lbrags...@gmail.com> > wrote: > > > > > > On Fri, Jul 21, 2017 at 9:39 PM, Monty Taylor <mord...@inaugust.com> > wr

[openstack-dev] [keystone] office hours report 2017-7-18

2017-07-19 Thread Lance Bragstad
Hi all, This is a day late, but here is the summary for what we worked on during office hours yesterday. The full log can be found below [0]. Bug #1689888 in OpenStack Identity (keystone): "/v3/users is unproportionally slow" https://bugs.launchpad.net/keystone/+bug/1689888 participants:

Re: [openstack-dev] [keystone] removing domain configuration upload via keystone-manage

2017-06-28 Thread Lance Bragstad
t; >> On Wed, Jun 28, 2017 at 2:00 AM, Lance Bragstad >> <lbrags...@gmail.com <mailto:lbrags...@gmail.com>> wrote: >> >> Hi all, >> >> Keystone has deprecated the domain configuration upload >>

Re: [openstack-dev] [TripleO][keystone] Pt. 2 of Passing along some field feedback

2017-06-28 Thread Lance Bragstad
On 06/28/2017 03:20 PM, Ben Nemec wrote: > > > On 06/28/2017 02:47 PM, Lance Bragstad wrote: >> >> >> On 06/28/2017 02:29 PM, Fox, Kevin M wrote: >>> I think everyone would benefit from a read-only role for keystone >>> out of the box. Can we get this

[openstack-dev] [keystone] office-hours tag

2017-06-28 Thread Lance Bragstad
Hey all, I've created a new official tag, 'office-hours' [0]. If you're reviewing or triaging bugs and come across one that would be a good fit for us to tackle during office hours, please feel free to tag it. I was maintaining lists locally, and I'm sure you were, too. This should help reduce

Re: [openstack-dev] [keystone] removing domain configuration upload via keystone-manage

2017-06-28 Thread Lance Bragstad
d, Jun 28, 2017 at 2:00 AM, Lance Bragstad <lbrags...@gmail.com > <mailto:lbrags...@gmail.com>> wrote: > > Hi all, > > Keystone has deprecated the domain configuration upload capability > provided through `keystone-manage`. We discussed it's removal in

Re: [openstack-dev] [TripleO][keystone] Pt. 2 of Passing along some field feedback

2017-06-28 Thread Lance Bragstad
On 06/28/2017 02:29 PM, Fox, Kevin M wrote: > I think everyone would benefit from a read-only role for keystone out of the > box. Can we get this into keystone rather then in the various distro's? Yeah - I think that would be an awesome idea. John Garbutt had some good work on this earlier in

[openstack-dev] [keystone] stable/newton is broken

2017-06-29 Thread Lance Bragstad
Keystone's stable/newton gate is broken [0] [1]. The TL;DR is that our keystone_tempest_plugin is validating federated mappings before updating the protocol [2]. The lack of validation was a bug [3] that was fixed in Ocata, but the fix [4] was never backported. Since stable/newton is in Phase II,

<    1   2   3   4   >