| *** mhen_ is now known as mhen | 02:58 | |
| tkajinam | Can anyone review https://review.opendev.org/c/openstack/ldappool/+/904662 and https://review.opendev.org/c/openstack/ldappool/+/906966 ? | 09:29 |
|---|---|---|
| tkajinam | these have been kept open for some time | 09:29 |
| *** d34dh0r5- is now known as d34dh0r53 | 15:02 | |
| d34dh0r53 | #startmeeting keystone | 15:02 |
| opendevmeet | Meeting started Wed Feb 14 15:02:41 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:02 |
| d34dh0r53 | #topic roll call | 15:03 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema | 15:03 |
| bbobrov | hello | 15:03 |
| d34dh0r53 | o/ | 15:03 |
| xek | o/ | 15:04 |
| dmendiza[m] | 🙋♂️ | 15:07 |
| d34dh0r53 | #topic review past meeting work items | 15:09 |
| d34dh0r53 | no updates on either of mine :/ | 15:10 |
| d34dh0r53 | #action d34dh0r53 Look into adding/restoring a known issues section to our documentation | 15:10 |
| d34dh0r53 | #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation | 15:10 |
| d34dh0r53 | oops, forgot the link | 15:10 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-02-07-15.02.html | 15:11 |
| d34dh0r53 | next up | 15:11 |
| d34dh0r53 | #topic liaison updates | 15:11 |
| opendevreview | Boris Bobrov proposed openstack/keystone master: Test listing app creds with deleted role https://review.opendev.org/c/openstack/keystone/+/908998 | 15:12 |
| opendevreview | Boris Bobrov proposed openstack/keystone master: Test listing app creds with deleted role https://review.opendev.org/c/openstack/keystone/+/908998 | 15:13 |
| d34dh0r53 | one note from releases, we've transitioned stable/yoga to unmaintained/yoga as part of the new TC resolution 2023-07-24 Unmaintained status replaces Extended Maintenance | 15:13 |
| d34dh0r53 | #link https://governance.openstack.org/tc/resolutions/20230724-unmaintained-branches.html | 15:13 |
| d34dh0r53 | and I don't have any VMT updates | 15:14 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:15 |
| d34dh0r53 | External OAuth 2.0 Specification | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 | 15:15 |
| d34dh0r53 | OAuth 2.0 Implementation | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls | 15:15 |
| d34dh0r53 | OAuth 2.0 Documentation | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 | 15:15 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:15 |
| d34dh0r53 | doesn't look like hiromu is around | 15:17 |
| d34dh0r53 | so we'll move on | 15:18 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:18 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:18 |
| d34dh0r53 | 2024.1 Release Timeline | 15:18 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:18 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:18 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) | 15:18 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 | 15:18 |
| dmendiza[m] | Yeah, I finally updated all the tempest tests | 15:21 |
| dmendiza[m] | Just looking for reviews now | 15:21 |
| d34dh0r53 | sweet! thanks dmendiza[m] | 15:22 |
| d34dh0r53 | I think I've reviewed everything, but please let me know if not | 15:22 |
| dmendiza[m] | I think there's one more backport I need. I'll ping you once I get the patch up for review. | 15:22 |
| d34dh0r53 | thanks dmendiza[m] | 15:22 |
| d34dh0r53 | next up | 15:23 |
| d34dh0r53 | #topic specification Improve federated users management (previously: Add schema version and support to "domain" attribute in mapping rules) (gtema) | 15:23 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/748748 - waiting for reviews | 15:23 |
| gtema | still waiting for reviews;-) | 15:23 |
| d34dh0r53 | ack, I'll try to get to it this week | 15:25 |
| gtema | would be awesome, thanks | 15:25 |
| d34dh0r53 | np | 15:26 |
| d34dh0r53 | #topic open discussion | 15:26 |
| d34dh0r53 | nothing is on the agenda but I'll leave the floor open for a few minutes | 15:26 |
| d34dh0r53 | cool, moving on | 15:30 |
| d34dh0r53 | #topic bug review | 15:30 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:30 |
| d34dh0r53 | two new bugs for keystone | 15:30 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2052916 | 15:31 |
| d34dh0r53 | looks like someone is working on that, thank you! | 15:31 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2053137 | 15:31 |
| bbobrov | this is mine | 15:32 |
| d34dh0r53 | ack | 15:32 |
| bbobrov | i have discovered a bit more after i posted it | 15:32 |
| d34dh0r53 | thank you for looking into it | 15:32 |
| d34dh0r53 | hmm, I wonder if that notification is ever being processed | 15:33 |
| bbobrov | the problem is in listing role assignments with the role | 15:34 |
| bbobrov | https://opendev.org/openstack/keystone/src/commit/7dc175a41f92e3f01cf26912431d0f2c98a03b32/keystone/assignment/core.py#L103 returns an empty list | 15:34 |
| bbobrov | and i think i understand why | 15:35 |
| bbobrov | https://opendev.org/openstack/keystone/src/commit/7dc175a41f92e3f01cf26912431d0f2c98a03b32/keystone/assignment/core.py#L1342 because the role assignments are first deleted | 15:35 |
| bbobrov | and of course listing them then returns an empty list | 15:35 |
| d34dh0r53 | I was just going to say, probably because the role_id no longer exists | 15:35 |
| d34dh0r53 | I think #1342 needs to move below the notification | 15:36 |
| bbobrov | right, i switched the lines and my test passes | 15:36 |
| bbobrov | i will post the fix after my tox run finishes | 15:36 |
| bbobrov | https://review.opendev.org/c/openstack/keystone/+/908998 - the test to demo the issue btw | 15:36 |
| d34dh0r53 | cool, thank you | 15:38 |
| d34dh0r53 | ping when you're ready for reviews | 15:38 |
| d34dh0r53 | next up | 15:39 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:39 |
| d34dh0r53 | no new bugs for python-keystoneclient | 15:39 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:39 |
| d34dh0r53 | keystoneauth is also good to go | 15:40 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:40 |
| d34dh0r53 | as is keystonemiddleware | 15:40 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:40 |
| d34dh0r53 | pycadf has no new bugs | 15:40 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:41 |
| d34dh0r53 | nor does ldappool | 15:41 |
| d34dh0r53 | #topic conclusion | 15:41 |
| d34dh0r53 | It looks like Registration is open for the PTG | 15:42 |
| d34dh0r53 | #link https://openinfra.dev/ptg/ | 15:42 |
| d34dh0r53 | And here's a link to the etherpad we'll be using | 15:44 |
| d34dh0r53 | #link https://etherpad.opendev.org/p/dalmation-ptg-keystone | 15:44 |
| d34dh0r53 | I just started it so expect more soon | 15:44 |
| bbobrov | i am not sure that my company will pay that price for the ticket | 15:44 |
| gtema | too many zeroes in the price? | 15:45 |
| d34dh0r53 | lol | 15:46 |
| d34dh0r53 | free ninety free! | 15:46 |
| d34dh0r53 | Thanks everyone! | 15:47 |
| d34dh0r53 | #endmeeting | 15:47 |
| opendevmeet | Meeting ended Wed Feb 14 15:47:54 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:47 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-02-14-15.02.html | 15:47 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-02-14-15.02.txt | 15:47 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-02-14-15.02.log.html | 15:47 |
| samcat116 | Hi all, we are trying to configure keystone OIDC with Azure AD and are hitting 400 errors very often. Sometimes I'll do things like hit the back button and it will get me into horizon with the proper user, but not usually. Running keystone with debug logs isn't showing any error messages at all. Any advice on what to look for? | 16:47 |
| *** jph4 is now known as jph | 18:32 | |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!