| *** mhen_ is now known as mhen | 01:20 | |
| d34dh0r53 | #startmeeting keystone | 15:02 |
|---|---|---|
| opendevmeet | Meeting started Wed Aug 20 15:02:19 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:02 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:02 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:02 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:02 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:02 |
| d34dh0r53 | #topic roll call | 15:02 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:02 |
| d34dh0r53 | dmendiza: o/ | 15:02 |
| gtema | o/ ouch | 15:02 |
| d34dh0r53 | ouch? | 15:02 |
| seunghunlee | o/ | 15:03 |
| xek | o/ | 15:03 |
| gtema | forgot it is time | 15:03 |
| d34dh0r53 | ahh | 15:03 |
| dmendiza[m] | 🙋♂️ | 15:03 |
| d34dh0r53 | #topic review past meeting work items | 15:05 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-13-15.10.html | 15:05 |
| d34dh0r53 | two from last week | 15:06 |
| d34dh0r53 | dmendiza look into https://bugs.launchpad.net/keystone/+bug/2119091 | 15:06 |
| dmendiza[m] | 🙋♂️ | 15:06 |
| dmendiza[m] | I started looking into the bug ... or rather having Cursor help out with looking into it. | 15:06 |
| dmendiza[m] | I was able to set up an environment where I could recreate it | 15:07 |
| dmendiza[m] | Seems to be a caching issue where the role assignments are not immediately recognized | 15:07 |
| dmendiza[m] | still no fix for it though. | 15:07 |
| gtema | weird, this looked to me like a sort of racing issue, since otherwise we would have seen it earlier | 15:08 |
| dmendiza[m] | Yeah, could also be a race condition ... 🤔 | 15:10 |
| dmendiza[m] | I did have Cursor generate a bash scrip that recreates the bug ... let me put that in a pastebin and share it with y'all | 15:11 |
| gtema | i am lately extremely frustrated by absolutely stupid answers and code generated by AI | 15:12 |
| gtema | things do not even compile | 15:12 |
| dmendiza[m] | lol, yeah, I've been sticking to really simple things | 15:13 |
| d34dh0r53 | Yeah, small and simple or it get's really confused | 15:14 |
| gtema | yeah, simple things as "generate me rust code to verify github jwt using openidconnect crate". It does not even listen for my complains to the code I raise | 15:15 |
| gtema | I tell it: "this function does not exist", and it: "ouch, sorry, you are right, here is the correct code" - damn, with the same function being called again | 15:16 |
| d34dh0r53 | lol | 15:16 |
| dmendiza[m] | In any case, I probably won't have time to work on this this week and will likely not have any updates next week | 15:16 |
| d34dh0r53 | ack, thanks dmendiza | 15:17 |
| gtema | In my eyes this is not a reproducable issue | 15:17 |
| gtema | since it was also rechecked in the initially reported change and the test passed | 15:17 |
| d34dh0r53 | ack, next action item | 15:18 |
| d34dh0r53 | gtema to look into https://bugs.launchpad.net/keystone/+bug/2119543 | 15:18 |
| gtema | fix submitted | 15:18 |
| gtema | https://review.opendev.org/c/openstack/keystone/+/957547 | 15:18 |
| d34dh0r53 | Just saw that, thanks gtema | 15:19 |
| gtema | trusts are also allowing custom attrs and the reporter faced exactly that | 15:19 |
| seunghunlee | Yep | 15:20 |
| d34dh0r53 | I'll review the patch this week | 15:20 |
| gtema | thks | 15:20 |
| d34dh0r53 | next up | 15:20 |
| d34dh0r53 | #topic liaison updates | 15:20 |
| d34dh0r53 | nothing from me | 15:21 |
| gtema | nothing here as well | 15:21 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:21 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:21 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:21 |
| d34dh0r53 | no updates | 15:21 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza) | 15:21 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:21 |
| d34dh0r53 | 2025.2 Release Timeline | 15:22 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:22 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:22 |
| dmendiza[m] | No updates this week. Have not had time to iterate on the failing patch that removes the devstack default. | 15:22 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/devstack/+/956210 | 15:23 |
| d34dh0r53 | ack | 15:23 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:24 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:24 |
| gtema | nothing from me either - summer time with the student being off. Myself I am mostly spending time on the Rust part implementing the JWT auth - hence fighting the AI | 15:25 |
| gtema | my brain is much better than AI, that is for sure ;-) | 15:25 |
| gtema | but I again came to the point that we need to have "service account" concept | 15:26 |
| gtema | when github workflow jwt is exchanged for the keystone token we can't map it to the normal user | 15:26 |
| gtema | anyway - not really related to the openapi | 15:28 |
| d34dh0r53 | let's add a PTG topic around service account | 15:29 |
| d34dh0r53 | we should decide on that | 15:29 |
| gtema | yeah | 15:29 |
| d34dh0r53 | #topic open discussion | 15:30 |
| d34dh0r53 | #action dwilde/gtema add PTG topic about service account | 15:30 |
| d34dh0r53 | next up for open discussion | 15:31 |
| d34dh0r53 | drencrom | 15:31 |
| d34dh0r53 | Review patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792 | 15:31 |
| d34dh0r53 | I need another +2 | 15:31 |
| gtema | yeah, but it is anyway blocked on devstack | 15:31 |
| d34dh0r53 | yeah | 15:32 |
| d34dh0r53 | The first one has merged, but the second is missing the +W | 15:33 |
| gtema | it recently got +2 so hopefully it lands soon | 15:33 |
| d34dh0r53 | Yeah, hopefully | 15:34 |
| d34dh0r53 | anything else for open discussion? | 15:34 |
| drencrom | hi, I need another +2 review for my patch | 15:34 |
| drencrom | sorry for being late :( | 15:35 |
| drencrom | I'm in another meeting also | 15:35 |
| seunghunlee | Hello. Could anyone have a look at CI on stable/2025.1? The cherry-pick I proposed at https://review.opendev.org/c/openstack/keystone/+/956549 is failing CI but looks like it's missing dependency problem from CI. | 15:36 |
| gtema | yeah, right | 15:36 |
| gtema | I wanted to mention this as well | 15:36 |
| gtema | I tried to cherry-pick the fix from master, but it fails as well since it depends on the different runtime | 15:37 |
| gtema | so most likely we would | 15:37 |
| gtema | need just to drop one part of the verification | 15:37 |
| gtema | I will work on that on friday | 15:37 |
| seunghunlee | That's great. Thank you! | 15:37 |
| d34dh0r53 | cool | 15:39 |
| d34dh0r53 | no reviewathon on Friday, by the way | 15:39 |
| gtema | ough, good that you say this | 15:39 |
| dmendiza[m] | Yeah, Recharge Day at Red Hat :D | 15:39 |
| gtema | again?? you have to many of them XD | 15:40 |
| d34dh0r53 | 1 a quarter :) | 15:40 |
| gtema | lucky you | 15:40 |
| d34dh0r53 | anything else for open discussion? | 15:42 |
| gtema | not from me | 15:42 |
| dmendiza[m] | Just a fun news bit for gtema | 15:42 |
| dmendiza[m] | #link https://blog.openpolicyagent.org/note-from-teemu-tim-and-torin-to-the-open-policy-agent-community-2dbbfe494371 | 15:42 |
| gtema | ouch | 15:43 |
| gtema | hope apple will not destroy this | 15:44 |
| dmendiza[m] | 🤞 | 15:45 |
| * gtema prepares to fork OPA :) | 15:45 | |
| dmendiza[m] | lol | 15:45 |
| d34dh0r53 | lol | 15:47 |
| d34dh0r53 | #topic bug review | 15:47 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:47 |
| d34dh0r53 | one new bug in keystone | 15:47 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2120923 | 15:47 |
| gtema | I was participating in the discussion in the mailing list | 15:48 |
| gtema | so i'll take it on me | 15:48 |
| gtema | point is to get rid of stacktrace where only a 404 should be logged | 15:48 |
| d34dh0r53 | ack | 15:48 |
| d34dh0r53 | thanks gtema | 15:49 |
| d34dh0r53 | thats it for keystone | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | no new bugs here | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugsdd?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | also no new bugs | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | keystonemiddleware is good | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | nothing new in pycadf | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | pycadf is also good | 15:50 |
| d34dh0r53 | #topic conclusion | 15:50 |
| d34dh0r53 | Thanks folks, nothing else from me | 15:51 |
| gtema | thanks | 15:51 |
| dmendiza[m] | thanks, Dave Wilde (d34dh0r53) ! | 15:51 |
| d34dh0r53 | #endmeeting | 15:51 |
| opendevmeet | Meeting ended Wed Aug 20 15:51:57 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:51 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-20-15.02.html | 15:51 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-20-15.02.txt | 15:51 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-20-15.02.log.html | 15:51 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!