Tuesday, 2023-06-06

« Monday, 2023-06-05 Index Wednesday, 2023-06-07 »
opendevreviewSahid Orentino Ferdjaoui proposed openstack/keystonemiddleware master: auth_token: fix issue when data in cache gets corrupted  https://review.opendev.org/c/openstack/keystonemiddleware/+/88535109:45
*** EugenMayer44 is now known as EugenMayer411:21
sahido/12:25
sahidquick question, is the ci for keystonemiddleware broken today?12:26
sahidhttps://review.opendev.org/c/openstack/keystonemiddleware/+/88535112:26
d34dh0r53#startmeeting keystone15:04
opendevmeetMeeting started Tue Jun  6 15:04:07 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:04
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:04
opendevmeetThe meeting name has been set to 'keystone'15:04
dmendiza[m]🙋‍♂️15:04
d34dh0r53#topic roll call15:04
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]15:04
d34dh0r53o/15:04
d34dh0r53brb15:04
zaitcevoh15:04
xeko/15:04
d34dh0r53back, hi everybody!15:06
d34dh0r53#topic review past meeting work items15:07
d34dh0r53https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-05-30-15.03.html15:07
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-05-30-15.03.html15:07
knikollao/15:07
d34dh0r53first up d34dh0r53 review https://bugs.launchpad.net/keystone/+bug/200975215:07
d34dh0r53I marked this as confirmed as I'm pretty sure it's an issue15:07
d34dh0r53next up d34dh0r53 Look into adding/restoring a known issues section to our documentation15:08
d34dh0r53I still need to do this and the next one15:08
d34dh0r53#action d34dh0r53 Look into adding/restoring a known issues section to our documentation15:08
d34dh0r53#action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation15:08
d34dh0r53next up d34dh0r53 update https://review.opendev.org/c/openstack/keystonemiddleware/+/882401 to include test_ec2_token_middleware.py15:08
d34dh0r53this has been added but the CI is failing, stevedore I think15:09
d34dh0r53keystonemiddleware seems to be pretty broken due to stevedore and I don't know how to fix it15:09
d34dh0r53I don't understand how those modules are being enumerated15:09
d34dh0r53and I noticed that sahid was asking about keystonemiddleware earlier15:10
d34dh0r53maybe dmendiza[m] and I can put our heads together this afternoon and figure out how to fix keystonemiddleware15:11
dmendiza[m]Yeah, it's been a while since I looked under the hood at stevedore15:11
dmendiza[m]some serious black magic going on there15:11
d34dh0r53yeah, it's not pretty15:11
d34dh0r53#action dmendiza[m] and d34dh0r53 to look at keystonemiddleware stevedore failures15:12
d34dh0r53next up15:12
d34dh0r53d34dh0r53 look at https://bugs.launchpad.net/keystone/+bug/201864415:12
d34dh0r53I haven't gotten to that one yet15:13
d34dh0r53#action d34dh0r53 look at https://bugs.launchpad.net/keystone/+bug/201864415:13
d34dh0r53next up drencrom look at https://review.opendev.org/c/openstack/keystonemiddleware/+/878027 to see if we can add the test_ec2_token_middleware.py to it15:13
d34dh0r53I think this is failing due to stevedore15:13
d34dh0r53we'll see if we can get it passing if we're able to iron out the stevedore issue15:14
d34dh0r53finally we have investigate dependency issue in this patch wallaby: https://review.opendev.org/c/openstack/keystone/+/87484415:14
d34dh0r53not sure who was assigned to this one15:14
xekhttps://review.opendev.org/c/openstack/keystonemiddleware/+/878027 is abandoned15:15
d34dh0r53yep, thanks xek 15:15
d34dh0r53I think we need to re-submit that one once victoria is in better shape15:17
d34dh0r53gerrit was rejecting it15:17
d34dh0r53I'm not sure what's going on with the keystoneauth package version either, which is why https://review.opendev.org/c/openstack/keystone/+/874844 is failing15:19
d34dh0r53#action d34dh0r53 figure out why https://review.opendev.org/c/openstack/keystone/+/874844 is failing15:19
d34dh0r53#topic liaison update15:20
d34dh0r53nothing from VMT this week15:20
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:20
d34dh0r53External OAuth 2.0 Specification15:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/86155415:21
d34dh0r53OAuth 2.0 Implementation15:21
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls15:21
d34dh0r53OAuth 2.0 Documentation15:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/83810815:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/83810415:21
d34dh0r53#topic Secure RBAC (dmendiza[m])15:23
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:23
d34dh0r53Service Role Implementation15:23
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/86342015:23
d34dh0r53Manager Role Implementation15:23
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/82260115:23
dmendiza[m]Yeah, no progress on those, still working on Barbican SRBAC and some downstream Keystone SRBAC stuff... should hopefully get a chance to work on that stuff later this month15:25
d34dh0r53ack, thanks dmendiza[m] 15:25
d34dh0r53#topic specification SQLAlchemy 2.0 (stephenfin)15:26
d34dh0r53#link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone15:26
d34dh0r53Can I get reviews on this, while I have context/time to close it out?15:26
d34dh0r53What more do you need from me?15:26
d34dh0r53Once we get the CI for keystonemiddleware a bit more healthy we'll circle back to these and get them merged15:27
d34dh0r53#topic open discussion15:27
d34dh0r53(drencrom) We need to merge these backports to fix pep8 tests15:27
d34dh0r53wallaby #link https://review.opendev.org/c/openstack/keystonemiddleware/+/87802615:27
d34dh0r53This is blocking #link https://review.opendev.org/c/openstack/keystonemiddleware/+/87392115:27
d34dh0r53zed #link https://review.opendev.org/c/openstack/keystonemiddleware/+/87802315:27
d34dh0r53we're working on getting these in, we reviewed quite a bit last Friday15:28
d34dh0r53(drencrom) Remove cache invalidation when using expired token (ussuri backport)15:28
d34dh0r53#link https://review.opendev.org/c/openstack/keystonemiddleware/+/87739815:28
d34dh0r53Zuul jobs seem to run but no +1 message 15:28
d34dh0r53we need to see if we can get that one merged as well15:29
d34dh0r53dmendiza[m], xek already has a +2 on https://review.opendev.org/c/openstack/keystonemiddleware/+/877398, can you bump it?15:29
dmendiza[m]d34dh0r53: needs Wallaby first15:30
dmendiza[m]#link https://review.opendev.org/c/openstack/keystonemiddleware/+/87392115:30
d34dh0r53ahh, ack15:30
dmendiza[m]Hmm.. not sure why that's active still actually15:30
d34dh0r53sorry, I missed that one15:30
dmendiza[m]it's got the necessary +'es15:30
dmendiza[m]I tried to add/remove the +W just now ... let'15:31
dmendiza[m]s see if Zuul picks it up15:31
d34dh0r53ok, does it need https://review.opendev.org/c/openstack/keystonemiddleware/+/878026/2 first?15:31
* dmendiza[m] is confused15:32
d34dh0r53me too15:32
drencromYes, I think it needs 87802615:33
drencromwhich needs another +215:34
dmendiza[m]OK, less confused now, haha15:34
dmendiza[m]merging 87802615:34
d34dh0r53sweet, thanks15:35
d34dh0r53let's see how that goes15:35
d34dh0r53(mustafakemalgilor) PooledLdapHandler message.clean() patch backports15:35
d34dh0r53review request15:35
d34dh0r53#link ussuri: https://review.opendev.org/c/openstack/keystone/+/87484615:35
d34dh0r53#link victoria: https://review.opendev.org/c/openstack/keystone/+/87484715:35
d34dh0r53#link wallaby: https://review.opendev.org/c/openstack/keystone/+/87484415:35
d34dh0r53the wallaby patch for this one is complaining about the keystoneauth package version15:36
zaitcevAt this point I'd actually make a little "spreadsheet" in a text file, with all the backports and what needs what. I just cannot keep up.15:36
d34dh0r53so we have a mismatch somewhere15:36
d34dh0r53zaitcev: that's a good idea15:36
d34dh0r53I'll try to do that this afternoon15:36
zaitcevWell... extensive bureaucracy has its costs, but my mind is too small.15:36
d34dh0r53finally we have15:38
d34dh0r53(reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE:15:38
d34dh0r53review request15:38
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/88385215:38
d34dh0r53Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same)15:38
d34dh0r53this looks reasonable at first glance15:38
d34dh0r53depending on how the keystonemiddleware and keystoneauth issues we're facing in CI go this week, maybe we can review this patch during the reviewathon on Friday15:40
d34dh0r53we need to get CI healthy first though15:41
d34dh0r53anything else for open discussion?15:41
zaitcevYou know what I'll say, right? https://review.opendev.org/c/openstack/keystone/+/87434615:42
zaitcevBut I was remiss at looking at Hiromu's stuff too, so oh well15:42
d34dh0r53indeed, we will look at this on Friday15:43
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystone/+/87434615:44
d34dh0r53#topic bug review15:45
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:45
d34dh0r53no new bugs in keystone15:45
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:46
d34dh0r53nothing new in python-keystoneclient15:46
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:46
d34dh0r53nor is there anything new in keystoneauth15:46
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:46
d34dh0r53looks like Sahid added https://bugs.launchpad.net/keystonemiddleware/+bug/202301515:47
d34dh0r53there is a fix proposed to master15:48
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:48
d34dh0r53pycadf is clean15:48
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:48
d34dh0r53so is ldappool15:48
d34dh0r53#topic conclusion15:48
d34dh0r53No meeting or reivewathon next week, OpenInfra Summit and PTG15:49
d34dh0r53I'd like to focus on keystonemiddleware and the keystoneauth package version issues15:49
d34dh0r53I'll start looking at those now and try to come up with a way to better track what we have in flight and what needs merging when15:50
d34dh0r53anyone have anything else?15:51
d34dh0r53thanks folks! Hope to see you in Vancouver :)15:51
d34dh0r53dmendiza[m]: enjoy your PTO15:51
d34dh0r53#endmeeting15:51
opendevmeetMeeting ended Tue Jun  6 15:51:51 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:51
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-06-15.04.html15:51
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-06-15.04.txt15:51
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-06-15.04.log.html15:51
dmendiza[m]thanks d34dh0r53 15:53
drencromHi, you gave a WF +1 to this patch on the meeting but I had to rebase it (https://review.opendev.org/c/openstack/keystonemiddleware/+/877398)17:41
drencromSo it needs another WF +1 if anyone has some free cycles. Thanks.17:41
zaitcevWell.... Kristi thought it was okay. But I don't know how to convince myself that I considered all scenarios.17:50
« Monday, 2023-06-05 Index Wednesday, 2023-06-07 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!