Skip to content

Instantly share code, notes, and snippets.

dolph / gerrit-dashboard-dstanek-stars.ini
Last active August 27, 2015 16:18
Reviews starred by David Stanek:
title = Starred by David Stanek
description =
foreach =
[section "Needs work"]
query = is:open starredby:dstanek (label:Code-Review<=-1 OR label:Verified<=-1,jenkins OR label:Workflow-1) -label:Workflow+1
[section "Testing"]
query = is:open starredby:dstanek label:Verified+0,jenkins label:Workflow+0
dolph /
Last active August 29, 2015 13:56
Long term fundamentals
  • federation
  • hierchical multitenancy
  • attribute based access controls
  • decentralized attribute based access controls
  • delegation
  • token revocation events
def _get_user(self, external_id):
domain_id, internal_id = self.id_mapping_api.get_mapping(external_id)
return self.identity_api[domain_id].get_user(internal_id)
dolph /
Created March 6, 2014 00:05
Lessons learned from building OpenStack clients.

Every time the client tries to guess something, it gets it wrong.

  • guessing whether the user passed in an ID or a name (not all IDs are UUIDs, as in the case of LDAP and legacy deployments)
  • guessing intended scope in auth request (domain_id + project_id + trust_id)
dolph /
Last active August 29, 2015 13:57
De-duplicate transifex *.po files.
Adapted from
import argparse
import os
import shutil
import tempfile
def patch_po_files(input_dir_name):
dolph /
Last active August 29, 2015 13:59
Optional import required at runtime
oauthlib = None
import oauthlib
except ImportError:
class requires(object):
def __init__(self, f, *requirements):
dolph / token.json
Last active August 29, 2015 13:59
ID-only tokens
"token": {
"catalog": [
"endpoints": [
{"id": "39dc32"},
{"id": "ec642f"},
{"id": "c609fc"}
"id": "4363ae"
dolph /
Created April 16, 2014 22:57
Lazily import dependency package
def access_token(self):
if self._access_token is None:
from contrib import oauth1
self._access_token = oauth1.Whatever()
return self._access_token

Keystone to Keystone federation

`bp keystone-to-keystone-federation

dolph / service.conf
Created July 7, 2014 16:01
Keystone auth_token cache settings
memcached_servers =
token_cache_time = 300
revocation_cache_time = 60
# if your memcached server is shared, use these settings to avoid cache poisoning
memcache_security_strategy = ENCRYPT
memcache_secret_key = <generate a secret key>
# if your keystone deployment uses PKI, and you value security over performance:
check_revocations_for_cached = true