← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #79259

[Bug 1836568] [NEW] Logis filled with uneccesery policy derecation warning

  Thread PreviousDate PreviousThread Next 
Public bug reported:

My today master version of keystone log is full with:

2019-07-15 10:47:25.316828 As of the Stein release, the domain API now understands how to handle
2019-07-15 10:47:25.316831 system-scoped tokens in addition to project-scoped tokens, making the API more
2019-07-15 10:47:25.316834 accessible to users without compromising security or manageability for
2019-07-15 10:47:25.316837 administrators. The new default policies for this API account for these changes
2019-07-15 10:47:25.316840 automatically
2019-07-15 10:47:25.316843 . Either ensure your deployment is ready for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
2019-07-15 10:47:25.316846   warnings.warn(deprecated_msg)
2019-07-15 10:47:25.316849 \x1b[00m

2019-07-15 10:47:25.132244 2019-07-15 10:47:25.131 22582 WARNING py.warnings [req-0162c9d3-9953-4b2d-9587-6046651033c3 7b0f3387e0f942f3bae75cea0a5766a3 98500c83d03e4ba38aa27a78675d2b1b - default default] /usr/lo
cal/lib/python3.7/site-packages/oslo_policy/policy.py:695: UserWarning: Policy "identity:delete_credential":"rule:admin_required" was deprecated in S in favor of "identity:delete_credential":"(role:admin and sys
tem_scope:all) or user_id:%(target.credential.user_id)s". Reason: As of the Stein release, the credential API now understands how to handle system-scoped tokens in addition to project-scoped tokens, making the A
PI more accessible to users without compromising security or manageability for administrators. The new default policies for this API account for these changes automatically.. Either ensure your deployment is rea
dy for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
2019-07-15 10:47:25.132262   warnings.warn(deprecated_msg)
2019-07-15 10:47:25.132266 \x1b[00m
2019-07-15 10:47:25.132979 2019-07-15 10:47:25.132 22582 WARNING


This is fresh setup from `master` without any policy configuration, therefore keystone defaults itself triggers the warning.

grep -R  'As of the Stein release' keystone-error.log |wc -l
820


Current master is for `T` , there is no point to have 820 warning (first ~ 10 minute) for using the keystone default.


Please make these warnings less noise .

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1836568

Title:
  Logis  filled with uneccesery policy derecation warning

Status in OpenStack Identity (keystone):
  New

Bug description:
  My today master version of keystone log is full with:

  2019-07-15 10:47:25.316828 As of the Stein release, the domain API now understands how to handle
  2019-07-15 10:47:25.316831 system-scoped tokens in addition to project-scoped tokens, making the API more
  2019-07-15 10:47:25.316834 accessible to users without compromising security or manageability for
  2019-07-15 10:47:25.316837 administrators. The new default policies for this API account for these changes
  2019-07-15 10:47:25.316840 automatically
  2019-07-15 10:47:25.316843 . Either ensure your deployment is ready for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
  2019-07-15 10:47:25.316846   warnings.warn(deprecated_msg)
  2019-07-15 10:47:25.316849 \x1b[00m

  2019-07-15 10:47:25.132244 2019-07-15 10:47:25.131 22582 WARNING py.warnings [req-0162c9d3-9953-4b2d-9587-6046651033c3 7b0f3387e0f942f3bae75cea0a5766a3 98500c83d03e4ba38aa27a78675d2b1b - default default] /usr/lo
  cal/lib/python3.7/site-packages/oslo_policy/policy.py:695: UserWarning: Policy "identity:delete_credential":"rule:admin_required" was deprecated in S in favor of "identity:delete_credential":"(role:admin and sys
  tem_scope:all) or user_id:%(target.credential.user_id)s". Reason: As of the Stein release, the credential API now understands how to handle system-scoped tokens in addition to project-scoped tokens, making the A
  PI more accessible to users without compromising security or manageability for administrators. The new default policies for this API account for these changes automatically.. Either ensure your deployment is rea
  dy for the new default or copy/paste the deprecated policy into your policy file and maintain it manually.
  2019-07-15 10:47:25.132262   warnings.warn(deprecated_msg)
  2019-07-15 10:47:25.132266 \x1b[00m
  2019-07-15 10:47:25.132979 2019-07-15 10:47:25.132 22582 WARNING

  
  This is fresh setup from `master` without any policy configuration, therefore keystone defaults itself triggers the warning.

  grep -R  'As of the Stein release' keystone-error.log |wc -l
  820

  
  Current master is for `T` , there is no point to have 820 warning (first ~ 10 minute) for using the keystone default.

  
  Please make these warnings less noise .

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1836568/+subscriptions

Follow ups

  Thread PreviousDate PreviousThread Next