16:00:03 <lbragstad> #startmeeting keystone
16:00:04 <openstack> Meeting started Tue Feb 26 16:00:03 2019 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:07 <openstack> The meeting name has been set to 'keystone'
16:00:11 <lbragstad> #link https://etherpad.openstack.org/p/keystone-weekly-meeting
16:00:14 <lbragstad> agenda ^
16:00:15 <cmurphy> o/
16:00:18 <vishakha> o/
16:00:23 * cmurphy dual meetings again :(
16:00:37 <lbragstad> ouch
16:00:41 <gagehugo> o/
16:01:44 <wxy|> o/
16:02:10 <lbragstad> #topic announcements
16:02:22 <lbragstad> #info feature freeze is next week
16:02:33 <lbragstad> we are in R-6, so not a whole lot of time left in the release
16:02:53 <lbragstad> if you're all wrapped up with features, we can plenty of other features that need reviews
16:02:59 <kmalloc> o/
16:03:11 <cmurphy> also non-client release is this week right?
16:03:14 <lbragstad> otherwise - getting an early start on bugs for after feature freeze is always appreciated
16:03:17 <lbragstad> cmurphy ++
16:03:19 <lbragstad> yep
16:03:30 <hrybacki> o/
16:03:57 <lbragstad> i know some other projects are already expecting a pretty good queue for feature freeze week
16:04:06 <lbragstad> so - the earlier we get things reviewed the better
16:04:19 <kmalloc> i should have a test case for KSA shortly for the fair semaphore. I'd like to get this in the release
16:04:32 <kmalloc> and we need to get Application Credential stuff landed/in
16:04:46 <lbragstad> right - i think we can hit that later in the schedule, when we call for reviews
16:04:55 <lbragstad> i mainly wanted to hit on the release schedule
16:05:24 <lbragstad> also - i don't think we had any action items from last week
16:05:45 <lbragstad> #topic Updating federation jobs
16:05:47 <lbragstad> cmurphy o/
16:05:56 <cmurphy> hello
16:06:09 <cmurphy> #link http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003129.html migrating off xenial message from gmann
16:06:28 <cmurphy> I think this technically doesn't apply to us because we're not using the legacy jobs any more?
16:06:45 <cmurphy> but it's still not ideal to be stuck on xenial while the ubuntu shibboleth package is broken
16:07:15 <cmurphy> thanks to the great work erus has done we can run federation jobs on centos or opensuse now (still nonvoting due to relying on external idp)
16:07:24 <cmurphy> so i propose running them on opensuse
16:07:39 <lbragstad> that's fair
16:07:41 <cmurphy> thoughts?
16:07:45 <kmalloc> wfm.
16:07:47 <kmalloc> +2
16:08:13 <kmalloc> working > distro.
16:08:15 <lbragstad> do we plan to run them on ubuntu again once the packaging issue is squared away?
16:08:34 <kmalloc> honestly, i just don't care what distro it's run on as long as the distro support is maintained
16:08:49 <cmurphy> imo as long as opensuse continues working (and I will be motivated to keep it working) i would stay on opensuse for those
16:08:51 <kmalloc> i don't see a reason to flip-flop for the sake of a distro if opensuse continues to be maintained in gate.
16:09:05 <lbragstad> ok - that works
16:09:22 <cmurphy> okay i'll propose that in gerrit unless anyone tells me they have problems with it
16:09:24 * kmalloc [/s] proposes moving all keystone testing to opensuse because cmurphy is super motivated for it to work :P
16:09:28 <cmurphy> lol
16:09:44 <lbragstad> sounds like someone is getting signed up for work
16:10:02 <kmalloc> having federation testing is super important.
16:10:06 <lbragstad> agreed
16:10:33 <cmurphy> that's all from me on that
16:10:35 <lbragstad> maybe we consider generalizing the federation testing stuff once we no longer require a formal idp and have all the x509 stuff fixed
16:10:45 <vishakha> yeah much important
16:10:59 <kmalloc> i'd still advocate for a real IDP for testing.
16:11:01 <kmalloc> at some point
16:11:11 <kmalloc> something that is stood up per-test run if possible
16:11:30 <lbragstad> ack
16:11:35 <lbragstad> related question
16:11:43 <cmurphy> i thought we agreed having keystone as the idp was mostly good enough to test most federation code paths?
16:12:07 <lbragstad> by show of hands, how many people feel comfortable or understand how the federated testing stuff works?
16:12:18 <cmurphy> o/
16:12:24 * hrybacki has hands down
16:12:46 <vishakha> o/ . I am also working on federation
16:12:52 <kmalloc> cmurphy: its fine if keystone is passing through all the federated paths, if that means shibboleth is also needed, fine, if it can straight be k2k that is fine.
16:13:18 <kmalloc> lbragstad: i mostly understand it, but i've been off reviewing other things, so it's swapping data back into my active memory to be sure.
16:13:28 <lbragstad> ok - i ask because we've had a lot of little changes since the last PTG (x509, keystone as an idp, legacy federation stuff)
16:13:46 <kmalloc> the only bits that are still a relative PITA to understand is the shadowusers bits.
16:13:49 <lbragstad> and i'm wondering if we should dedicate a focuses session on it either at the PTG or forum
16:13:58 <lbragstad> focused*
16:14:07 <kmalloc> and what it does isn't bad... but all the half implemented bits are ... well ugh
16:14:31 <kmalloc> probably a good idea for PTG, a federation testing / functionality bootcamp
16:14:37 <lbragstad> ok
16:14:37 <kmalloc> i don't think it's a forum bit.
16:14:43 <cmurphy> ++
16:14:53 <kmalloc> this really is focused on the team understanding it, not external folks consuming it
16:15:04 <lbragstad> that actually leads to the next topic
16:15:16 <lbragstad> # Forum/PTG proposals and planning
16:15:29 <lbragstad> #topic Forum/PTG proposals and planning
16:15:37 * lbragstad relearns how to meeting
16:15:50 <lbragstad> hopefully everyone saw #link http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003021.html
16:16:02 <lbragstad> as well as #link https://etherpad.openstack.org/p/DEN-keystone-forum-sessions
16:16:38 <lbragstad> we don't have a whole lot of time to think about forum proposals
16:17:38 <lbragstad> but if you have ideas, please write them down on the etherpad
16:17:53 <lbragstad> if you don't have time to submit the proposals to the tool, that's fine, i can do it
16:18:15 <cmurphy> I think the 3-4 on the etherpad are good proposals
16:18:39 <lbragstad> yeah - i'll be honest, i wasn't expecting to do a policy related thing this go around
16:18:40 <kmalloc> just make all the sessions "We're doing stuff with identity, come talk with us, you know you want to"
16:18:54 <lbragstad> but after last week and reading your snippet cmurphy - i'm reconsidering
16:20:03 <cmurphy> yeah i'm not sure, maybe we want another cycle to work through it as a team before bringing it to everyone else?
16:20:09 <kmalloc> also, please make sure you indicate if you'll make it to the summit (forum) or the PTG on the etherpad(s)
16:20:20 <cmurphy> but seems like we're wrapping it up in keystone
16:20:20 <kmalloc> (i know it's up in the air for some folks still)
16:20:30 <kmalloc> but it might direct what is covered.
16:20:35 <lbragstad> cmurphy yeah - there isn't much left for keystone
16:20:35 <cmurphy> i'm still technically not approved
16:21:00 <kmalloc> if there are really only 3 people at the forum from the keystone team, there is less that can be directly covered.
16:21:14 <hrybacki> Adam will be there too fyi
16:21:36 * kmalloc hasn't cleared going yet, some things up in the air.
16:21:46 <kmalloc> i booked hotel :P because that seems to sell out the fastest.
16:21:55 <lbragstad> if we do another session on policy - i think it has to be focused
16:21:55 <kmalloc> (and can be cancelled)
16:22:33 <lbragstad> i also think we need to be prepared to dig into examples with people
16:22:33 <hrybacki> well, fwiw we do have a policy lab ("lab" not enough time to properly cover it imho)
16:23:01 <lbragstad> similar to how we approach the policy-and-docs-in-code community goal the first time we were in denver
16:23:01 <cmurphy> hrybacki: is the audience for that going to be openstack operators or openstack developers?
16:23:16 <hrybacki> cmurphy: operators
16:23:36 <hrybacki> I need to sync w/ adam (will do on Friday) because we were expecting to have like 3 hours
16:23:42 <cmurphy> hrybacki: i think if we do a forum session it would be more future-looking and developer-focused
16:23:45 <hrybacki> so 'what it is' may change
16:24:06 <hrybacki> cmurphy: oh then yes, I'm for it. Even if it we review the current attack plan
16:24:19 <hrybacki> maybe another project is interested in prototyping the work we are doing in Keystone already
16:25:50 <lbragstad> ok - if this is a forum session
16:26:00 <lbragstad> do we want to do anything for the ptg on policy?
16:26:15 <lbragstad> or should we carve out some time at the ptg to "work through examples"?
16:27:38 <cmurphy> might be good to have a kind of recap session at ptg so we can formulate a plan for closing 968698 based on what's discussed at the forum session
16:27:47 <lbragstad> ok
16:28:31 <hrybacki> we have the old plan still -- we could use that as scaffolding for the discussion too
16:29:34 <lbragstad> ack
16:29:41 <lbragstad> kind of related
16:29:48 <lbragstad> that etherpad is for the forum, specifically
16:30:08 <lbragstad> but i'm fine recycling it for PTG topics, too
16:30:41 <cmurphy> might as well use the same one unless it totally blows up
16:30:59 <lbragstad> if you have ideas for the PTG, please add them
16:31:06 <lbragstad> doesn't have to be crazy detailed
16:31:21 <lbragstad> just enough to get us started, we'll filter the topics later when we get closer to the event
16:36:16 <lbragstad> anyone else have ideas or suggestions for the PTG or forum?
16:37:01 <lbragstad> ok - moving on
16:37:05 <lbragstad> #topic Reviews
16:37:14 <lbragstad> does anyone have reviews they need eyes on?
16:37:38 <cmurphy> some easy ones https://review.openstack.org/#/q/(topic:py37+OR+topic:py37-job)+owner:%22Colleen+Murphy+%253Ccolleen%2540gazlene.net%253E%22++is:open https://review.openstack.org/636966
16:38:35 <lbragstad> https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:bp/domain-level-limit
16:38:37 <cmurphy> and if we want to at least partially land access rules for app creds then we need this https://review.openstack.org/633369 and its two dependencies and releases of those dependencies this week
16:39:19 <lbragstad> also - for those unfamiliar with the changes to app creds
16:39:21 <lbragstad> #link https://review.openstack.org/#/c/639182/
16:40:04 <lbragstad> a bunch of patches here have at least one +2
16:40:07 <lbragstad> #link https://review.openstack.org/#/q/status:open+project:openstack/keystone+branch:master+topic:implement-default-roles
16:40:12 <lbragstad> others just need a rebase
16:40:57 <lbragstad> also - i had a long discussion with melwitt last week on scope types and how other openstack developers can actually use them
16:41:03 <lbragstad> i've attempted to write that up
16:41:05 <lbragstad> #link https://review.openstack.org/#/c/638563/
16:42:03 <cmurphy> nice
16:42:51 <lbragstad> anyone else have anything for review?
16:43:15 <lbragstad> #topic open discussion
16:43:49 <lbragstad> reminder: next week is ptl self-nomination period
16:44:07 <lbragstad> and R-4 will be the elections
16:44:25 <lbragstad> (for projects with more than one candidate)
16:44:27 <vishakha> lbragstad: I am not able to run domain test cases for role assignment https://review.openstack.org/#/c/638587/
16:44:49 <lbragstad> vishakha need some help with the failures?
16:45:19 <cmurphy> oh vishakha i wrote out how the openstack_groups mapping might work here https://review.openstack.org/638684
16:45:30 <vishakha> yes. I tried debugging. But facing similar issues
16:46:12 <lbragstad> vishakha want me to take a look a little later today?
16:46:41 <vishakha> cmurphy: Thanks. I will take a look over it.
16:47:20 <vishakha> lbragstad:  whenever you have spare time.no hurries
16:47:33 <lbragstad> vishakha sounds good - i'll put it on my list
16:47:43 <lbragstad> thanks for picking that up
16:47:57 <lbragstad> anything else for open discussion?
16:49:04 <lbragstad> alright - looks like we can get some time back
16:49:13 <lbragstad> i appreciate everyone making the time to be here
16:49:17 <cmurphy> thanks lbragstad
16:49:20 <hrybacki> thanks lbragstad o/
16:49:24 <lbragstad> thanks all :)
16:49:27 <lbragstad> #endmeeting