| *** dviroel|rover|dinner is now known as dviroel|rover | 00:33 | |
| *** dviroel|rover is now known as dviroel|out | 00:36 | |
| -opendevstatus- NOTICE: review.opendev.org (Gerrit) is currently down, we are working to restore service as soon as possible | 07:31 | |
| *** dviroel|out is now known as dviroel|rover | 11:28 | |
| *** dasm|off is now known as dasm | 13:29 | |
| -opendevstatus- NOTICE: review.opendev.org (Gerrit) is back online | 14:26 | |
| *** ministry is now known as __ministry | 14:52 | |
| d34dh0r53 | #startmeeting keystone | 15:00 |
|---|---|---|
| opendevmeet | Meeting started Tue Nov 1 15:00:56 2022 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:00 |
| d34dh0r53 | #topic Roll Call | 15:01 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek | 15:01 |
| knikolla[m] | o/ | 15:01 |
| hiromu | o/ | 15:02 |
| d34dh0r53 | Hi folks! | 15:03 |
| d34dh0r53 | #topic Review past meeting work items | 15:03 |
| d34dh0r53 | We had a few, first up is | 15:03 |
| d34dh0r53 | dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/1990987 | 15:03 |
| d34dh0r53 | dmendiza[m]: any update? | 15:04 |
| dmendiza[m] | 👀 | 15:04 |
| dmendiza[m] | Still looking | 15:04 |
| d34dh0r53 | ack | 15:04 |
| d34dh0r53 | next up is | 15:04 |
| d34dh0r53 | d34dh0r53 look into user-defined attribute access control | 15:04 |
| d34dh0r53 | no updates | 15:05 |
| d34dh0r53 | we have some reviewathon items that we were going to look at | 15:05 |
| d34dh0r53 | reviewathon review https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:05 |
| d34dh0r53 | reviewathon review https://review.opendev.org/c/openstack/keystone/+/838108 | 15:05 |
| d34dh0r53 | reviewathon review https://review.opendev.org/c/openstack/keystone/+/822601 | 15:05 |
| d34dh0r53 | reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/818616 | 15:05 |
| d34dh0r53 | We didn't get to the first one | 15:06 |
| d34dh0r53 | nor the second | 15:06 |
| d34dh0r53 | the third has -1's and commentary so that is in progress | 15:07 |
| d34dh0r53 | the fourth is the default service role | 15:07 |
| d34dh0r53 | next up is dmendiza[m] and d34dh0r53 make some time to start the gap analysis between CLI and OSC. | 15:07 |
| d34dh0r53 | we didn't get to that | 15:08 |
| d34dh0r53 | and finally we have d34dh0r53 try to reproduce https://bugs.launchpad.net/python-keystoneclient/+bug/1993614 | 15:08 |
| d34dh0r53 | which I wasn't able to get to | 15:08 |
| knikolla[m] | the gap analysis is about sdk and the client | 15:08 |
| knikolla[m] | we don't have any other cli besides osc already :) | 15:08 |
| *** dviroel|rover is now known as dviroel|rover|lunch | 15:09 | |
| d34dh0r53 | knikolla[m]: right | 15:09 |
| d34dh0r53 | #action dmendiza[m] and d34dh0r53 make some time to start the gap analysis between SDK and the Client | 15:11 |
| d34dh0r53 | #action dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/1990987 | 15:11 |
| d34dh0r53 | #action reviewathon review https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:11 |
| d34dh0r53 | #action reviewathon review https://review.opendev.org/c/openstack/keystone/+/838108 | 15:11 |
| d34dh0r53 | #action d34dh0r53 look into user-defined attribute access control | 15:12 |
| d34dh0r53 | ok, next up we have | 15:12 |
| d34dh0r53 | #topic Liaison Updates | 15:12 |
| d34dh0r53 | Nothing from VMT | 15:12 |
| d34dh0r53 | dmendiza[m], knikolla[m] anything from Release Management? | 15:12 |
| dmendiza[m] | I can't think of anything | 15:13 |
| d34dh0r53 | ok, thanks | 15:13 |
| d34dh0r53 | #help still looking for additional cross-project liaisons | 15:14 |
| d34dh0r53 | any other liaison updates? | 15:14 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:15 |
| hiromu | thanks for the remind. | 15:15 |
| hiromu | first, i've updated the spec | 15:15 |
| hiromu | https://review.opendev.org/c/openstack/keystone-specs/+/861554/2..3 | 15:16 |
| hiromu | I think it's now ready for the first review. | 15:16 |
| hiromu | and I have a question | 15:17 |
| d34dh0r53 | ok | 15:17 |
| hiromu | that i wrote on the etherpad. | 15:17 |
| d34dh0r53 | the etherpad is here: https://etherpad.opendev.org/p/keystone-weekly-meeting | 15:18 |
| d34dh0r53 | The question is, which is better? | 15:18 |
| hiromu | yes | 15:18 |
| d34dh0r53 | supporting authentication with external OAuth 2.0 authorization servers (ext authz servers) by keystoneauth | 15:19 |
| d34dh0r53 | i.e., users can use openstack command as usual when using ext authn servers. | 15:19 |
| d34dh0r53 | or do not support ext authn servers by keystoneauth | 15:19 |
| d34dh0r53 | i.e., users set an access token as an environment variable, e.g., OS_TOKEN, to call API of OpenStack services. This is not unnatural, assuming the programmatic access which must be a major usecase of the client credentials grant. | 15:19 |
| hiromu | thank you d34dh0r53 :) | 15:19 |
| d34dh0r53 | :) | 15:20 |
| d34dh0r53 | I think the second approach is simpler and consistent with the way many things already work | 15:21 |
| hiromu | I agree with you | 15:22 |
| d34dh0r53 | knikolla[m], dmendiza[m] any thoughts? | 15:22 |
| knikolla[m] | I also don't think we should worry about authenticating with external servers with keystoneauth | 15:23 |
| d34dh0r53 | ok, so we're in agreement | 15:24 |
| hiromu | ok, i'll go with the second one. | 15:24 |
| d34dh0r53 | awesome! | 15:24 |
| dmendiza[m] | 👍️ | 15:24 |
| hiromu | thanks a lot | 15:24 |
| d34dh0r53 | thank you hiromu! | 15:24 |
| d34dh0r53 | #topic Secure RBAC (dmendiza[m]) | 15:25 |
| dmendiza[m] | Not a whole lot of progress this week. I did bring up the next two tasks with my team downstream: | 15:25 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone/+/822601 | 15:26 |
| *** knikolla[m] is now known as knikolla | 15:27 | |
| dmendiza[m] | Getting the "manager" role patch updated/landed. | 15:27 |
| dmendiza[m] | and 2) | 15:27 |
| dmendiza[m] | The "service" role spec: | 15:28 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/keystone-specs/+/818616 | 15:28 |
| dmendiza[m] | followed by implementation | 15:28 |
| dmendiza[m] | I'll try to help out as much as possible for the next +/-2 weeks before I take leave for a few months. | 15:29 |
| d34dh0r53 | ack, thanks dmendiza[m] | 15:31 |
| d34dh0r53 | #action reviewathon https://review.opendev.org/c/openstack/keystone-specs/+/818616 | 15:31 |
| d34dh0r53 | we really need to get that spec reviewed and merged | 15:32 |
| dmendiza[m] | Agreed. I'm going to read/comment in the next few days and maybe we can check progress on Friday | 15:32 |
| dmendiza[m] | for the reviewathon | 15:32 |
| d34dh0r53 | ack | 15:32 |
| * d34dh0r53 needs to remember to look at the meeting log for the reviewathon action items | 15:33 | |
| d34dh0r53 | #topic Open Discussion | 15:33 |
| d34dh0r53 | we don't have anything on the agenda, does anyone have anything before we do bug review? | 15:34 |
| d34dh0r53 | ok, moving on then | 15:34 |
| d34dh0r53 | #topic bug review | 15:34 |
| d34dh0r53 | First off we have keystone | 15:35 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:35 |
| d34dh0r53 | no new bugs here | 15:35 |
| d34dh0r53 | next up, python-keystoneclient | 15:35 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:35 |
| d34dh0r53 | no new bugs, I'll attempt to reproduce the create service bug this week | 15:36 |
| d34dh0r53 | keystoneauth is next | 15:36 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:36 |
| d34dh0r53 | no new bugs | 15:36 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:36 |
| d34dh0r53 | nothing new in keystonemiddleware | 15:37 |
| d34dh0r53 | pycadf | 15:37 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:37 |
| d34dh0r53 | nothing new | 15:37 |
| d34dh0r53 | finally we have ldappool | 15:37 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:37 |
| d34dh0r53 | no new bugs there either | 15:38 |
| d34dh0r53 | thanks for joining today everyone! Is there anything else before we close? | 15:38 |
| d34dh0r53 | have a great rest of your week then :) | 15:39 |
| d34dh0r53 | #endmeeting | 15:39 |
| opendevmeet | Meeting ended Tue Nov 1 15:39:16 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:39 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-11-01-15.00.html | 15:39 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-11-01-15.00.txt | 15:39 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-11-01-15.00.log.html | 15:39 |
| dmendiza[m] | Thanks d34dh0r53!! | 15:42 |
| *** dviroel|rover|lunch is now known as dviroel|rover | 16:12 | |
| *** dviroel|rover is now known as dviroel|rover|bbl | 21:32 | |
| *** dasm is now known as dasm|off | 23:09 | |
| *** dasm|off is now known as Guest202 | 23:37 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!