Wednesday, 2024-12-04

« Tuesday, 2024-12-03 Index Thursday, 2024-12-05 »
*** mhen_ is now known as mhen02:11
d34dh0r53#startmeeting keystone15:04
opendevmeetMeeting started Wed Dec  4 15:04:05 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:04
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:04
opendevmeetThe meeting name has been set to 'keystone'15:04
d34dh0r53Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct15:04
d34dh0r53#link https://openinfra.dev/legal/code-of-conduct15:04
d34dh0r53#topic roll call15:04
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe15:04
gtema0-15:04
cardoeo/15:05
d34dh0r53#topic review past meeting work items15:06
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-11-20-15.12.html15:06
d34dh0r53There was one action item:15:06
d34dh0r53d34dh0r53 Update SHA in https://review.opendev.org/c/openstack/releases/+/934599 to HEAD of keystoneauth15:07
d34dh0r53This has been done15:07
d34dh0r53#topic liaison updates15:07
d34dh0r53nothing from VMT nor releases15:07
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:09
d34dh0r53External OAuth 2.0 Specification15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)15:09
d34dh0r53OAuth 2.0 Implementation15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls15:09
d34dh0r53OAuth 2.0 Documentation15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)15:09
d34dh0r53no updates from me on this one15:09
d34dh0r53next up15:09
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:09
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:09
d34dh0r532024.1 Release Timeline15:10
d34dh0r53Update oslo.policy in keystone to enforce_new_defaults=True15:10
d34dh0r53Update oslo.policy in keystone to enforce_scope=True15:10
d34dh0r53dmendiza: you around?15:11
d34dh0r53guess not15:13
d34dh0r53#topic specification OpenAPI support (gtema)15:13
d34dh0r53#link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone15:13
gtemaafter merging some of the latest changes I noticed some jsonschemas became corrupted (the ones which are not attached to api yet)15:13
gtemabut for the moment I have implemented workaround15:13
gtemathat tells we need to speed up a bit merging the changes15:14
gtemaand so the work is in progress. Nothing else about openapi15:14
d34dh0r53ack, do any of them need reviews right now?15:14
gtemawill check today what is up next15:15
d34dh0r53ack, thanks gtema (Artem Goncharov) 15:15
d34dh0r53#topic specification domain manager (mhen)15:15
d34dh0r53still unmerged are:15:15
d34dh0r53documentation: https://review.opendev.org/c/openstack/keystone/+/92813515:15
d34dh0r53tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/92422215:15
d34dh0r53dmendiza, Grzegorz Grasza please review these15:15
dmendiza[m]🙋‍♂️15:16
d34dh0r53o/ dmendiza 15:16
dmendiza[m]Ack, will take a look at Domain Manager patches15:17
d34dh0r53thanks!15:18
d34dh0r53next up15:18
d34dh0r53#topic specification Include bad password details in audit messages (stanislav-z)15:18
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/91548215:18
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/93242315:18
d34dh0r5320-Nov update: spec and implementation updated for HMAC-based hashing. Looking for reviews.15:18
d34dh0r53Stanislav Zaprudskiy: any updates?15:18
gtemaI guess our reviews are missing 15:19
d34dh0r53indeed15:20
gtemasadly I had no time to look at it so far15:20
d34dh0r53nor me15:21
d34dh0r53we can dedicate some time during the reviewathon this week15:21
d34dh0r53#action reviewathon look at the Bad Password spec https://review.opendev.org/c/openstack/keystone-specs/+/91548215:22
d34dh0r53next up15:22
d34dh0r53#topic open discussion15:22
d34dh0r53new gate (un)blocker15:22
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/93672115:22
gtemalast week I identified (after working on pagination) that I accidentally introduced new blocker with the change in devstack that got merged15:23
d34dh0r53ack, I just reviewed it15:23
d34dh0r53dmendiza: can you push the go button on https://review.opendev.org/c/openstack/keystone/+/93672115:23
gtemathis change fixes that. Point is that 1st I introduced new wsgi module, 2nd devstack switched to using that, 3rd - there are no federation jobs running in devstack changes so I missed breaking federation tests15:24
gtemathks15:24
dmendiza[m]lgtm15:24
d34dh0r53👍️15:25
d34dh0r53next up15:25
d34dh0r53pagination (gtema)15:25
d34dh0r53#link https://review.opendev.org/q/topic:%22pagination%22+project:openstack/keystone15:25
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/933598 must be merged before next work can be started15:25
gtemaright, so last week I have figured out that the change was already paginating domains15:26
gtemabecause domains are, well, projects15:26
gtemaso I fine-tuned the change to explicitly tell that and added sufficient unit tests for the changed API15:26
d34dh0r53ahh15:26
d34dh0r53is the zuul failure still unrelated?15:27
gtemathis is the one from above15:27
gtemathe federation stuff15:27
gtemaonce that is merged should be fine15:27
d34dh0r53ack15:27
d34dh0r53I'll try to review pagination this week15:27
gtemaawesome, thanks15:28
d34dh0r53anything else for open discussion?15:28
gtemanot from me15:28
d34dh0r53#topic bug review15:29
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:29
d34dh0r53#link https://bugs.launchpad.net/keystone/+bug/208905115:29
d34dh0r53gtema (Artem Goncharov): have you seen this one? 15:29
d34dh0r53it looks like Takashi is working on it, but wanted you to see it15:30
gtemaI think I have seen that report15:30
d34dh0r53not sure if it coincides with what you're working on15:30
gtemato some extend it does, but not heavily15:31
d34dh0r53ok15:31
d34dh0r53next up15:31
d34dh0r53#link https://bugs.launchpad.net/keystone/+bug/208940315:31
gtemawe identified that working on openapi15:32
gtemaif you remember we have this one change removing "experimental" label from the unified limits api15:33
gtemaand this is one interesting gotcha there15:33
d34dh0r53indeed15:33
d34dh0r53based on the test that is expected behavior though, which is interesting15:33
gtemayeah, I think people have overseen that15:34
d34dh0r53ok, we at least need documentation15:36
d34dh0r53that does it for keystone15:37
d34dh0r53next up15:37
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:37
d34dh0r53no new bugs in python-keystoneclient15:37
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:38
d34dh0r53looks like keystoneauth is good15:38
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:38
d34dh0r53as is keystonemiddleware15:38
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:38
d34dh0r53pycadf is good15:38
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:38
d34dh0r53so is ldappool15:39
d34dh0r53#topic conclusion15:39
d34dh0r53That's all I have, thanks everyone!15:39
gtemathks15:39
d34dh0r53#endmeeting15:39
opendevmeetMeeting ended Wed Dec  4 15:39:39 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:39
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-12-04-15.04.html15:39
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-12-04-15.04.txt15:39
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-12-04-15.04.log.html15:39
opendevreviewMerged openstack/keystone master: Fix wsgi service name for the federation tests  https://review.opendev.org/c/openstack/keystone/+/93672117:07
opendevreviewGhanshyam proposed openstack/oslo.policy master: DNM: testing gate  https://review.opendev.org/c/openstack/oslo.policy/+/93706219:35
gmanndmendiza[m]: xek: can you check these two easy change https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/934272  https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/933470 19:45
*** elodilles is now known as elodilles_pto19:54
opendevreviewOria Weng proposed openstack/keystone master: Add JSON schema to `registered limits`  https://review.opendev.org/c/openstack/keystone/+/93706921:34
« Tuesday, 2024-12-03 Index Thursday, 2024-12-05 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!