Tuesday, 2023-06-27

opendevreview	Stephen Finucane proposed openstack/keystone master: Add job to test with SQLAlchemy master (2.x) https://review.opendev.org/c/openstack/keystone/+/886509	09:58
opendevreview	Stephen Finucane proposed openstack/keystone master: sql: Delay importing SQL modules https://review.opendev.org/c/openstack/keystone/+/879733	09:58
opendevreview	Stephen Finucane proposed openstack/keystone master: sql: Fix incorrect columns https://review.opendev.org/c/openstack/keystone/+/879734	09:58
opendevreview	Stephen Finucane proposed openstack/keystone master: db: Don't rely on branched connections https://review.opendev.org/c/openstack/keystone/+/887028	09:58
*** tobias-urdin is now known as tobias-urdin-pto		10:43
opendevreview	Stephen Finucane proposed openstack/keystone master: doc: Add minimal documentation on generating migrations https://review.opendev.org/c/openstack/keystone/+/887035	12:33
elodilles	hi team, the rocky-eol patch is waiting for a release liaison / PTL approval. keystone is one of the 4 projects that haven't approved the transition yet: https://review.opendev.org/c/openstack/releases/+/881617	12:42
blarnath	elodilles: my bad, I'll take a look at it now	13:26
*** blarnath is now known as d34dh0r53		13:26
d34dh0r53	^ what blarnath said :)	13:26
opendevreview	Merged openstack/oslo.limit master: Bump bandit https://review.opendev.org/c/openstack/oslo.limit/+/883661	14:02
zigo	Hi there! We'd like to upgrade SQLAlchemy to 2.0, and I've heard at the summit that there's a patch for keystone for it. Can someone point me at it, so I can apply it to Zed?	14:22
zigo	Or is it more than a single patch?	14:23
zigo	stephenfin: ^	14:23
stephenfin	zigo: etherpad.opendev.org/p/sqlalchemy-20 everything is linked from there but in general, if I wrote it then the Gerrit topic is 'sqlalchemy-20'	14:42
opendevreview	Merged openstack/keystone master: Fix outdated default catalog template https://review.opendev.org/c/openstack/keystone/+/879142	14:49
elodilles	d34dh0r53: thanks! :)	14:51
opendevreview	Hiromu Asahina proposed openstack/keystone master: Fix presentation of OAuth2.0 user guides https://review.opendev.org/c/openstack/keystone/+/887071	14:57
zigo	stephenfin: Thanks a lot!	15:00
d34dh0r53	keystone meeting will start a bit late	15:01
d34dh0r53	#startmeeting keystone	15:07
opendevmeet	Meeting started Tue Jun 27 15:07:05 2023 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.	15:07
opendevmeet	Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.	15:07
opendevmeet	The meeting name has been set to 'keystone'	15:07
d34dh0r53	#topic roll call	15:07
d34dh0r53	admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]	15:07
d34dh0r53	o/	15:07
zaitcev	o/	15:07
hiromu	o/	15:07
dmendiza[m]	🙋‍♂️	15:08
d34dh0r53	hi everyone!	15:08
d34dh0r53	#topic Review Past Meeting Action Items	15:08
d34dh0r53	d34dh0r53 Look into adding/restoring a known issues section to our documentation	15:08
d34dh0r53	no progress on this one :(	15:09
d34dh0r53	#action d34dh0r53 Look into adding/restoring a known issues section to our documentation	15:09
d34dh0r53	d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation	15:09
d34dh0r53	nor this	15:09
d34dh0r53	#action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation	15:09
d34dh0r53	dmendiza[m] and d34dh0r53 to look at keystonemiddleware stevedore failures	15:09
d34dh0r53	I've been looking at this and it's very strange, it's not 100% reproduceable	15:10
d34dh0r53	I'm still trying to figure out what is going on, but I'd like to get keystonemiddleware unblocked by the end of the week	15:10
d34dh0r53	#action d34dh0r53 get keystonemiddleware gates unblocked	15:11
d34dh0r53	d34dh0r53 look at https://bugs.launchpad.net/keystone/+bug/2018644	15:11
d34dh0r53	looks like dmendiza[m] took this one	15:12
d34dh0r53	d34dh0r53 figure out why https://review.opendev.org/c/openstack/keystone/+/874844 is failing	15:13
dmendiza[m]	Nothing to report this week 😅	15:13
d34dh0r53	I'm also looking into this one, it can't find keystoneauth1-5.1.1 which is very strange since it's listed on PyPi, maybe bumping the version in requirements will fix this.	15:14
d34dh0r53	Anyone have any other ideas on why that is failing?	15:14
stephenfin	d34dh0r53: That's running against stable/wallaby. Upper-constraints has a 4.3.1 cap, so pip won't be allowed to install 5.1.1	15:16
stephenfin	https://github.com/openstack/requirements/blob/stable/wallaby/upper-constraints.txt#L514	15:16
stephenfin	I don't know why it's trying to install that version though	15:17
stephenfin	ah, keystone-tempest-plugin depends on it	15:17
d34dh0r53	ahh	15:17
stephenfin	so you need to constraint the version of keystone-tempest-plugin on that branch	15:17
stephenfin	branchless-tempest--	15:17
stephenfin	gmann probably has ideas for resolving that on stable branches, as might elodilles	15:18
d34dh0r53	there is a tag for wallaby-last, can I point it at that I wonder?	15:19
d34dh0r53	ok, I'll play around with that today	15:21
d34dh0r53	#action d34dh0r53 pin keystone-tempest-plugin to wallaby for keystone stable/wallaby	15:21
d34dh0r53	next up: reviewathon https://review.opendev.org/c/openstack/keystone/+/874346	15:21
d34dh0r53	this has been merged, thanks zaitcev!	15:22
d34dh0r53	finally: knikolla to look into focal jobs	15:22
zaitcev	Thanks to Greg	15:22
d34dh0r53	:)	15:23
d34dh0r53	#topic liaison updates	15:23
d34dh0r53	nothing from VMT	15:23
d34dh0r53	ok, as always if you're interested in being a cross project liaison please let me know, the help is most appreciated	15:25
d34dh0r53	next up	15:26
d34dh0r53	#topic specification OAuth 2.0 (hiromu)	15:26
d34dh0r53	#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext	15:26
d34dh0r53	External OAuth 2.0 Specification	15:26
d34dh0r53	#link https://review.opendev.org/c/openstack/keystone-specs/+/861554	15:26
d34dh0r53	OAuth 2.0 Implementation	15:26
d34dh0r53	#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls	15:26
d34dh0r53	OAuth 2.0 Documentation	15:26
d34dh0r53	#link https://review.opendev.org/c/openstack/keystone/+/838108	15:26
d34dh0r53	#link https://review.opendev.org/c/openstack/keystoneauth/+/838104	15:26
hiromu	I have submitted another document patch to apply knikolla's comments	15:27
hiromu	https://review.opendev.org/c/openstack/keystone/+/887071/1	15:27
hiromu	The base document patch: https://review.opendev.org/c/openstack/keystone/+/838108	15:27
opendevreview	Hiromu Asahina proposed openstack/keystonemiddleware master: [DNM] downgrade stevedore https://review.opendev.org/c/openstack/keystonemiddleware/+/887074	15:27
d34dh0r53	thanks hiromu, I just merged the top level doc for you so we can start looking at your follow up patch	15:28
hiromu	That's great. Thanks	15:29
hiromu	Nothing else for OAuth2.0	15:30
d34dh0r53	Cool, thank you!	15:31
d34dh0r53	next up	15:31
d34dh0r53	#topic specification Secure RBAC (dmendiza[m])	15:31
d34dh0r53	#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_	15:31
d34dh0r53	Service Role Implementation	15:32
d34dh0r53	#link https://review.opendev.org/c/openstack/keystone/+/863420	15:32
d34dh0r53	Manager Role Implementation	15:32
d34dh0r53	#link https://review.opendev.org/c/openstack/keystone/+/822601	15:32
dmendiza[m]	Currently trying to sort out the differences between SRBAC in code and TripleO's SRBAC environment	15:32
d34dh0r53	sweet	15:33
dmendiza[m]	WIP patch is here:	15:33
dmendiza[m]	#link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/885799	15:33
dmendiza[m]	The main difference is that TripleO's SRBAC env does not use system scope	15:33
dmendiza[m]	so the refactor is putting those tests under a new flag	15:33
d34dh0r53	cool, thanks for the update dmendiza[m]	15:37
d34dh0r53	I spoke with gmann at the summit about a couple more specs that he's going to propose	15:37
d34dh0r53	one is for a Global Reader Role and the other is for a "super-admin" for the public cloud use case. The name on that one is still up for debate	15:39
d34dh0r53	We won't dive into the details now, just want to give a heads up about what's coming	15:39
d34dh0r53	next up we have	15:39
d34dh0r53	#topic specification SQLAlchemy 2.0 (stephenfin)	15:39
d34dh0r53	#link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone	15:40
d34dh0r53	Can I get reviews on this, while I have context/time to close it out?	15:40
d34dh0r53	What more do you need from me?	15:40
d34dh0r53	thanks for the reviews on these and please continue to do so, I'd like to get these merged before the end of the cycle	15:40
zaitcev	I'm very proud to say that I've foreseen all of that Global Reader thing and in fact I have implemented it in Swift and Ceph under the carpet. so it's all there and available.	15:41
d34dh0r53	awesome	15:41
zaitcev	By Ceph unfortunately I only mean Ceph RGW. not CephFS or block.	15:41
stephenfin	yup, thanks for the reviews. Just to note that there are also some changes needed for Barbican but thankfully they're very small (one issue)	15:41
opendevreview	Merged openstack/keystone master: db: Don't pass strings to 'Connection.execute' https://review.opendev.org/c/openstack/keystone/+/875761	15:41
opendevreview	Merged openstack/keystone master: db: Replace use of Query.get() https://review.opendev.org/c/openstack/keystone/+/875762	15:41
d34dh0r53	kismet LOL	15:42
d34dh0r53	ok, moving on	15:43
d34dh0r53	#topic open discussion	15:44
d34dh0r53	(drencrom) We need to merge this backport to fix pep8 tests	15:44
d34dh0r53	zed #link https://review.opendev.org/c/openstack/keystonemiddleware/+/878023	15:44
d34dh0r53	the zed patch merged, but we're running into the stevedore issue on other branches	15:44
d34dh0r53	namely 2023.1	15:45
d34dh0r53	so I'm working on that this week but if anyone has any Stevedore foo help would be welcomed ;)	15:45
d34dh0r53	next up	15:46
d34dh0r53	(drencrom) Remove cache invalidation when using expired token	15:46
d34dh0r53	#link https://review.opendev.org/c/openstack/keystonemiddleware/+/884738	15:46
d34dh0r53	Zuul jobs seem to run but no +1 message	15:46
zaitcev	I'm trying to find that timeout patch for other branches...	15:47
zaitcev	sorry I mean 2023.1	15:47
d34dh0r53	I think that's merged up to stable/ussuri now, so hopefully we can merge that one	15:47
zaitcev	https://review.opendev.org/c/openstack/keystonemiddleware/+/882401	15:47
d34dh0r53	zaitcev: yeah, that's what I'm talking about with the stevedore thing, but it's not 100% reproduceable locally so it may be a red herring	15:48
opendevreview	Merged openstack/keystoneauth master: Add doc of OAuth 2.0 Mutual-TLS Authenticate https://review.opendev.org/c/openstack/keystoneauth/+/860923	15:49
d34dh0r53	I just saw this https://review.opendev.org/c/openstack/keystone/+/887072, thanks stephenfin	15:50
d34dh0r53	next up	15:51
d34dh0r53	(mustafakemalgilor) PooledLdapHandler message.clean() patch backports	15:51
d34dh0r53	review request	15:51
d34dh0r53	#link ussuri: https://review.opendev.org/c/openstack/keystone/+/874846	15:51
d34dh0r53	#link victoria: https://review.opendev.org/c/openstack/keystone/+/874847	15:51
d34dh0r53	#link wallaby: https://review.opendev.org/c/openstack/keystone/+/874844	15:51
d34dh0r53	the wallaby patch should be fixed by https://review.opendev.org/c/openstack/keystone/+/887072	15:52
d34dh0r53	finally	15:53
d34dh0r53	(reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE:	15:53
d34dh0r53	review request	15:53
d34dh0r53	#link https://review.opendev.org/c/openstack/keystoneauth/+/883852	15:53
d34dh0r53	Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same)	15:53
d34dh0r53	I'll try to review this week, maybe a candidate for the reviewathon	15:54
d34dh0r53	#topic bug review	15:54
d34dh0r53	#link https://bugs.launchpad.net/keystone/?orderby=-id&start=0	15:55
d34dh0r53	we have a new bug in keystone	15:55
d34dh0r53	#link https://bugs.launchpad.net/keystone/+bug/2025146	15:55
d34dh0r53	I can take a look at this one	15:56
d34dh0r53	next up	15:56
d34dh0r53	#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0	15:56
d34dh0r53	no new bugs in python-keystoneclient	15:57
d34dh0r53	#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0	15:57
d34dh0r53	no new bugs in keystoneauth either	15:57
d34dh0r53	#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0	15:57
d34dh0r53	#link https://bugs.launchpad.net/keystonemiddleware/+bug/2023689	15:59
d34dh0r53	is a new bug in keystonemiddleware, I'm also encountering this when I pass the stevedore tests	15:59
d34dh0r53	hiromu has a patch up, we may just need to strategically merge things into keystonemiddleware to get it working	16:00
d34dh0r53	thanks for the help on this one	16:00
d34dh0r53	#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0	16:00
d34dh0r53	pycadf is clean	16:00
hiromu	:)	16:00
d34dh0r53	#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0	16:01
d34dh0r53	as is ldappool	16:01
zaitcev	That's fine but the fix fails tests itself too (https://review.opendev.org/c/openstack/keystonemiddleware/+/886521).	16:01
d34dh0r53	yep, that's the stevedore failure	16:01
opendevreview	Merged openstack/keystone master: db: Replace use of reverse cascades https://review.opendev.org/c/openstack/keystone/+/875763	16:02
opendevreview	Merged openstack/keystone master: db: Remove legacy migrations https://review.opendev.org/c/openstack/keystone/+/875764	16:02
opendevreview	Merged openstack/keystone master: tests: Rework BannedDBSchemaOperations fixture https://review.opendev.org/c/openstack/keystone/+/875765	16:02
d34dh0r53	keystonemiddleware.auth_token and others are supposed to be in that list	16:02
d34dh0r53	for some reason keystonemiddleware isn't being registered correctly in stevedore	16:02
d34dh0r53	it seems to be exceptionally difficult to debug too	16:03
d34dh0r53	#topic conclusion	16:03
d34dh0r53	keystonemiddleware is broken :)	16:04
d34dh0r53	the tests that is	16:04
d34dh0r53	It was really nice to meet some folks in person at the summit :)	16:04
d34dh0r53	Reviewathon is Friday, 14:00 UTC	16:05
d34dh0r53	we're a bit over time so I'll end it here, thanks all!	16:05
d34dh0r53	#endmeeting	16:05
opendevmeet	Meeting ended Tue Jun 27 16:05:37 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)	16:05
opendevmeet	Minutes: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-27-15.07.html	16:05
opendevmeet	Minutes (text): https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-27-15.07.txt	16:05
opendevmeet	Log: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-06-27-15.07.log.html	16:05
opendevreview	Merged openstack/keystone master: Add doc of OAuth2.0 Client Credentials Grant Flow https://review.opendev.org/c/openstack/keystone/+/838108	16:23
opendevreview	Stephen Finucane proposed openstack/keystonemiddleware master: Make tox.ini tox 4.0.0 compatible/fix gate https://review.opendev.org/c/openstack/keystonemiddleware/+/887085	17:03
opendevreview	Stephen Finucane proposed openstack/keystonemiddleware master: tox: Trivial formatting changes https://review.opendev.org/c/openstack/keystonemiddleware/+/887086	17:03
opendevreview	Stephen Finucane proposed openstack/keystonemiddleware master: Bump hacking to 6.0.x https://review.opendev.org/c/openstack/keystonemiddleware/+/887087	17:03
opendevreview	Stephen Finucane proposed openstack/keystonemiddleware master: Remove six https://review.opendev.org/c/openstack/keystonemiddleware/+/887088	17:03
stephenfin	d34dh0r53: ^ in tox 4, skipsdist means the package isn't installed in the venv created by tox. If it's not installed, you don't get your entrypoints. We saw it in a few oslo projects previously.	17:04
gmann	stephenfin: d34dh0r53: on keystone-tempest-plugin pin on stable/wallaby. yes we need to pin that. I will propose that today	17:14
stephenfin	gmann: I think I've done so at https://review.opendev.org/c/openstack/keystone/+/887072 Maybe you can take a look?	17:14
gmann	stephenfin: perfect, checking	17:15
d34dh0r53	dmendiza[m]: mind taking a look at https://review.opendev.org/c/openstack/keystonemiddleware/+/887085 ?	19:30
dmendiza[m]	d34dh0r53: lgtm	19:32
d34dh0r53	woot, tys!	19:32
opendevreview	David Wilde proposed openstack/keystone-tempest-plugin master: Refactor RBAC tests https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/885799	20:14
opendevreview	Merged openstack/keystonemiddleware master: Make tox.ini tox 4.0.0 compatible/fix gate https://review.opendev.org/c/openstack/keystonemiddleware/+/887085	21:35
opendevreview	Pete Zaitcev proposed openstack/keystonemiddleware master: Add missing doc requirements https://review.opendev.org/c/openstack/keystonemiddleware/+/887120	21:35
opendevreview	Pete Zaitcev proposed openstack/keystonemiddleware master: Add missing doc requirements https://review.opendev.org/c/openstack/keystonemiddleware/+/887120	21:38
gmann	d34dh0r53: dmendiza[m]: did you get chance to check this https://review.opendev.org/c/openstack/keystone/+/886434	21:55

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!