Wednesday, 2024-05-08

« Tuesday, 2024-05-07 Index Thursday, 2024-05-09 »
*** mhen_ is now known as mhen01:24
opendevreviewOpenStack Release Bot proposed openstack/keystone master: reno: Update master for unmaintained/zed  https://review.opendev.org/c/openstack/keystone/+/91861712:39
opendevreviewOpenStack Release Bot proposed openstack/keystoneauth master: reno: Update master for unmaintained/zed  https://review.opendev.org/c/openstack/keystoneauth/+/91861912:39
opendevreviewOpenStack Release Bot proposed openstack/keystonemiddleware master: reno: Update master for unmaintained/zed  https://review.opendev.org/c/openstack/keystonemiddleware/+/91862212:40
opendevreviewOpenStack Release Bot proposed openstack/python-keystoneclient master: reno: Update master for unmaintained/zed  https://review.opendev.org/c/openstack/python-keystoneclient/+/91862712:40
d34dh0r53#startmeeting keystone15:02
opendevmeetMeeting started Wed May  8 15:02:56 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:02
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:02
opendevmeetThe meeting name has been set to 'keystone'15:02
d34dh0r53#topic roll call15:03
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema15:04
xeko/15:04
gtemao/15:04
d34dh0r53o/15:07
d34dh0r53#topic review past meeting work items15:07
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-05-01-14.59.html15:08
d34dh0r53no updates from me15:08
d34dh0r53#action d34dh0r53 Look into adding/restoring a known issues section to our documentation15:08
d34dh0r53moving on15:08
d34dh0r53#topic liaison updates15:09
d34dh0r53nothing from VMT or Releases15:09
d34dh0r53next up15:12
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:12
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/ividHSpkyyILFlvpvWGNiSaT>)15:12
d34dh0r53not sure if hiromu is around15:13
d34dh0r53moving on15:14
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:14
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/MRXZRGTYcLqxLCnIuKMEUOqq>)15:14
d34dh0r53dmendiza: is on PTO this week, so no SRBAC update15:15
d34dh0r53next up15:15
d34dh0r53#topic specification Improve federated users management (gtema)15:15
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/74874815:15
d34dh0r53gtema: clearly against of introducing bad API precedent, desperately waiting for other opinions15:15
gtemaas stated in etherpad - against of bad api design, but desperately waiting for feedback from others15:16
gtemaand btw - thinking further (next step) I am actually wondering how external IdP should represent projects and roles15:17
d34dh0r53yeah, I'm not sure, I think it would likely be IdP dependent and might make keystones job very difficult15:18
gtemaright, and I do not want to invent workarounds. On the other side IdP is not really responsible for tracking of provider resources. It just takes care of user/group/role15:19
gtemabut anyway - now there is a problem that any sort of info must come from IdP15:19
gtematoday I started thinking about introducing a plugin to keystone that may be invoked to sync some group/project/role data with external system15:20
gtemathis is just thinking at the moment15:20
gtemaso imagine user wants to login and pre-auth plugin does the job to manage groups for the user in question (or just syncs data with some external system)15:21
gtemathere is definitely a performance issue to keep in mind15:22
gtemaanyway - please please please do review the spec (wrt my comments)15:23
gtemaany opinions are better then silence, because it stuck15:23
d34dh0r53ack, I'll add my thoughts as well15:24
d34dh0r53next up15:24
d34dh0r53#topic specification OpenAPI support (gtema)15:25
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/91058415:25
d34dh0r53gtema: waiting for reviews15:25
gtemayupp, 2 weeks ago dimendiza added comments and stephenfin updated the change (sadly breaking it). But now it passes and following reviews are necessary15:25
d34dh0r53Yeah, I read this but forgot to review, I'm all for it15:26
gtemaawesome, thanks Dave Wilde (d34dh0r53) 15:26
d34dh0r53np15:26
d34dh0r53#topic open discussion15:27
d34dh0r53passlib update... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/qZwZoezsFFwXlIPJOhwabZWn>)15:27
d34dh0r53no update, the maintainer is missing again, we may have to pin requirements until either we can a) find a maintainer for passlib or b) replace it with something else.  Option a is vastly superior as replacing passlib will be difficult to say the least and might break existing deployments.15:29
d34dh0r53several projects rely on passlib and my hope is for a takeover of the maintenance15:30
gtemaI am really wondering that after all discussion it again got stuck15:30
d34dh0r53I just bumped the maintenance thread on passlib15:34
d34dh0r53#link https://foss.heptapod.net/python-libs/passlib/-/issues/18715:34
gtemacool15:34
d34dh0r53next up15:35
d34dh0r53domain manager (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/cZdscGyOSLzDuLBOrUwzdJTm>)15:35
gtemayupp, here few +115:35
d34dh0r53yeah, I'm good with that, I'll let dmendiza give the final +215:36
gtemaawesome, thanks15:36
d34dh0r53domain list scoping fix (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/jUIcjXEcXUXxYElGGWKOpXMR>)15:37
gtemaI think it does not harm15:38
gtemait extends verification15:38
d34dh0r53ack15:39
gtemaah, but dmendiza wrote this was already adapted recently15:39
gtemaand still he was not against of that (just asking for rebase)15:40
d34dh0r53Yeah, that's the question I have, I'll bug dmendiza about it when he gets back15:40
d34dh0r53next up15:41
d34dh0r53Enforcing scope in keystone breaks heat (and probably magnum) (tkajinam)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/eoeipWuHhWbAXsurVjJXfmJB>)15:41
tkajinamok the first one got 2nd +2. that's nice15:42
d34dh0r53I'm going to merge 914759, I just saw that dmendiza gave it a 15:42
d34dh0r53+c15:42
d34dh0r53keyboard fail +215:42
tkajinamthx. I'll submit backport once these are merged in master.15:42
d34dh0r53thank you tkajinam !15:43
tkajinam:-)15:43
d34dh0r53I'll go through the rest of the reviews after the meeting15:43
tkajinamthanks15:44
d34dh0r53FYI. Some of the post-release patches are still open (tkajinam)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/FgMfMrBJsuDCSfWaTPwoMYBN>)15:44
d34dh0r53ditto for these15:44
d34dh0r53anything that needs special attention?15:44
tkajinamyeah. I think you already gave your +2 to these.15:44
tkajinambecause these are automated patches, I'd suggest single core approval rather than leaving these for long15:44
tkajinambut it's basically up to the team. I just want to make sure these are in radar of cores15:44
tkajinamthat's it15:45
d34dh0r53no, I owe reviews for these, I'll take care of them today15:45
d34dh0r53thanks15:45
d34dh0r53moving on15:45
d34dh0r53#topic bug review15:45
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:45
d34dh0r53no new bugs for keystone15:46
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:46
d34dh0r53keystoneclient is good15:46
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:46
d34dh0r53no new bugs in keystoneauth15:47
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:47
d34dh0r53keystonemiddleware is also good15:47
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:47
d34dh0r53pycadf is clean15:48
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:48
d34dh0r53as is ldappool15:48
d34dh0r53#topic conclusion15:48
d34dh0r53Thanks everyone!15:48
d34dh0r53Anyone have anything before we close?15:49
gtemanothing from me15:49
tkajinamit'd be nice if https://review.opendev.org/c/openstack/keystonemiddleware/+/909322 can be merged soon. we are quite close to get rid of six which has been unnecessary for long.15:49
tkajinamthat's all from me :-)15:49
d34dh0r53indeed15:50
gtemaI left +2, d34dh0r53 - feel free to +w15:51
d34dh0r53done15:51
tkajinamthanks, both :-D15:51
d34dh0r53Awesome, thanks again all!15:51
d34dh0r53#endmeeting15:51
opendevmeetMeeting ended Wed May  8 15:51:48 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:51
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-05-08-15.02.html15:51
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-05-08-15.02.txt15:51
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-05-08-15.02.log.html15:51
opendevreviewMerged openstack/python-keystoneclient master: reno: Update master for unmaintained/xena  https://review.opendev.org/c/openstack/python-keystoneclient/+/91430816:01
opendevreviewMerged openstack/python-keystoneclient master: reno: Update master for unmaintained/wallaby  https://review.opendev.org/c/openstack/python-keystoneclient/+/91430016:01
opendevreviewMerged openstack/python-keystoneclient master: reno: Update master for unmaintained/victoria  https://review.opendev.org/c/openstack/python-keystoneclient/+/91429116:01
opendevreviewMerged openstack/keystonemiddleware master: reno: Update master for unmaintained/xena  https://review.opendev.org/c/openstack/keystonemiddleware/+/91430616:13
opendevreviewMerged openstack/keystonemiddleware master: reno: Update master for unmaintained/wallaby  https://review.opendev.org/c/openstack/keystonemiddleware/+/91429816:13
opendevreviewMerged openstack/keystonemiddleware master: reno: Update master for unmaintained/victoria  https://review.opendev.org/c/openstack/keystonemiddleware/+/91428916:13
opendevreviewMerged openstack/keystonemiddleware master: Update master for stable/2024.1  https://review.opendev.org/c/openstack/keystonemiddleware/+/91218216:13
opendevreviewMerged openstack/keystoneauth master: reno: Update master for unmaintained/xena  https://review.opendev.org/c/openstack/keystoneauth/+/91430416:19
opendevreviewMerged openstack/keystoneauth master: reno: Update master for unmaintained/wallaby  https://review.opendev.org/c/openstack/keystoneauth/+/91429616:19
opendevreviewMerged openstack/keystoneauth master: reno: Update master for unmaintained/victoria  https://review.opendev.org/c/openstack/keystoneauth/+/91428716:19
opendevreviewMerged openstack/keystone master: Allow domain admin to view roles  https://review.opendev.org/c/openstack/keystone/+/91475917:04
opendevreviewAndrew Bogott proposed openstack/keystone master: UserAppCredListCreateResource: remove check for third-part app cred creation  https://review.opendev.org/c/openstack/keystone/+/91869720:03
opendevreviewMerged openstack/keystone-tempest-plugin master: Allow domain admin to list/show roles  https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/91670520:28
opendevreviewMerged openstack/keystone master: Allow domain users to manage credentials  https://review.opendev.org/c/openstack/keystone/+/91613020:28
« Tuesday, 2024-05-07 Index Thursday, 2024-05-09 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!