16:00:58 <cmurphy> #startmeeting keystone 16:00:59 <openstack> Meeting started Tue Aug 20 16:00:58 2019 UTC and is due to finish in 60 minutes. The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot. 16:01:00 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 16:01:02 <kmalloc> o/ 16:01:03 <openstack> The meeting name has been set to 'keystone' 16:01:11 <cmurphy> #link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda 16:01:13 <vishakha> o/ 16:01:14 <cmurphy> o/ 16:01:28 <knikolla> o/ 16:01:45 <gagehugo> o/ 16:02:06 <bnemec> o/ 16:02:38 <cmurphy> hey everybody 16:03:07 <cmurphy> #topic cmurphy on vacation 16:03:29 <bnemec> endmeeting? ;-) 16:03:36 <knikolla> \o/ woohoo, haha 16:03:37 <cmurphy> lol 16:03:39 <cmurphy> as an fyi I'll be away with no laptop and little cell service August 26-September 4 16:03:45 <kmalloc> OK everyone, pack it up. we're done ;) 16:03:50 <kmalloc> :P 16:03:53 <gagehugo> lol 16:03:55 <vishakha> lol 16:03:59 <cmurphy> kmalloc: you don't get off the hook that easy :P 16:04:04 <cmurphy> kmalloc has agreed to step up as acting ptl while i'm gone 16:04:18 <cmurphy> (thank you!) 16:04:28 <kmalloc> hehe np 16:04:33 <knikolla> is doggo vice acting ptl? 16:04:46 <bnemec> Always 16:04:59 <kmalloc> figure it's the least i can do, considering i'm going to be disappearing for Good Reasons(tm) soon 16:05:24 <cmurphy> i'll be missing the next two meetings and office hours 16:05:26 <kmalloc> also so cmurphy can get a well deserved break. 16:05:49 <cmurphy> kmalloc: and everyone, do you want to keep the next two meetings or cancel them? 16:06:08 <prometheanfire> just joined, is it open floor time? 16:06:13 <kmalloc> hm. lets see. 16:06:26 <kmalloc> lets keep next meeting and we'll see if we want to skip the following one 16:06:27 <cmurphy> prometheanfire: 6 minutes in? not yet :P 16:06:55 <cmurphy> kmalloc: sounds good 16:07:00 <kmalloc> if there is no agenda, we'll just start and let folks go early 16:07:22 <cmurphy> how about office hours? or do you want to wait to decide? 16:07:32 * prometheanfire has one bug to bring up 16:07:47 <cmurphy> prometheanfire: it's on the agenda already 16:08:28 <kmalloc> office hours i think we'll skip 16:08:34 <kmalloc> uniless there is a good reason to do them. 16:08:48 <kmalloc> meeting check in is more important imo, office hours have been slow-ish anyway 16:09:06 <cmurphy> agreed 16:10:05 <cmurphy> thanks again kmalloc 16:10:26 <cmurphy> #topic oauthlib requirements fix 16:10:34 <cmurphy> prometheanfire: this is what you wanted to talk about right? 16:10:57 <prometheanfire> https://bugs.launchpad.net/keystone/+bug/1839393 16:10:59 <openstack> Launchpad bug 1839393 in OpenStack Identity (keystone) "oauthlib===3.1.0 fails tests (requirements update)" [Low,Triaged] 16:11:23 <prometheanfire> just that freeze is coming up in a couple of weeks so it'd be nice to clear that out 16:12:02 <cmurphy> I haven't looked at it but I'm hoping it will be easyish, any volunteers to take it? 16:12:32 <kmalloc> If I wasn't swamped with resource options and ... doctor appointments, i'd offer 16:12:49 <vishakha> I can look inti it 16:12:49 <cmurphy> maybe vishakha or gagehugo ? ;) 16:12:53 <cmurphy> haha ty 16:12:55 <prometheanfire> thanks 16:13:00 <kmalloc> once i'm done with resource options, etc, if no one else has looked, I'll try and throw something at it, but i think it would be better if I could review. 16:13:00 <vishakha> yw :) 16:13:11 <kmalloc> so we can land it qu... yay vishakha !!! :) 16:13:39 <cmurphy> prometheanfire: when's the deadline again? 16:13:46 <gagehugo> vishakha: ping me if you need any help with that 16:13:47 <prometheanfire> 13th iirc 16:14:03 <cmurphy> alrighty 16:14:05 <vishakha> gagehugo sure 16:14:06 <cmurphy> anything else on that? 16:14:25 <prometheanfire> sept 9-13 time 16:14:38 <prometheanfire> https://releases.openstack.org/train/schedule.html 16:15:09 <vishakha> Thanks prometheanfire for the information 16:15:13 <cmurphy> #info requirements freeze september 9-13 16:15:21 <cmurphy> #action vishakha to look into https://bugs.launchpad.net/keystone/+bug/1839393 16:15:22 <openstack> Launchpad bug 1839393 in OpenStack Identity (keystone) "oauthlib===3.1.0 fails tests (requirements update)" [Low,Triaged] 16:16:10 <cmurphy> #topic Forum, pre-PTG and post-PTG planning 16:16:40 <cmurphy> on this topic, I don't have anything solid to offer yet but wanted to get people thinking about it so we can start working out the details when I get back 16:17:13 <cmurphy> even if you don't plan on going to shanghai I'm hoping people can contribute ideas that they want to see discussed at the forum, I'll be happy to moderate them 16:17:43 <cmurphy> #link https://etherpad.openstack.org/p/keystone-shanghai-ptg Shanghai PTG/Forum brainstorm 16:18:37 <kmalloc> do we know what the next cycle is going to look like, roughly? milestones, etc? 16:19:00 <kmalloc> trying to gauge how much of the cycle i'm going to be missing while i am on leave. 16:19:28 <cmurphy> at the moment I assume it's going to be a regular six-month cycle with the same milestone markers 16:19:48 <kmalloc> ok, so, since i'm bad at math... when would you expect m1 to be? 16:20:07 <kmalloc> i can bug you out of the meeting on this. 16:20:11 <kmalloc> table it. 16:20:18 <cmurphy> yeah i would have to do some counting 16:21:08 <cmurphy> anyone already have topic ideas they want to throw out there? 16:21:25 <bnemec> oslo.limit 16:21:46 <cmurphy> that's a good one 16:21:52 <bnemec> I suppose I should just add that to the etherpad. 16:21:56 <cmurphy> ++ 16:23:02 <bnemec> I put it in both sections since I'm guessing there will be both cross-project and in-Keystone discussion needed. 16:23:24 <cmurphy> yes probably 16:24:03 <bnemec> Maybe the policy scope stuff for the forum? 16:24:14 <bnemec> I know you're wrapping it up, but the other projects will probably need some guidance. 16:24:53 <cmurphy> yep, hopefully we'll have our side done, maybe nova will also have part of theirs done 16:25:02 <cmurphy> in which case we could start talking about making it a community goal 16:25:58 <bnemec> Like the fuchsia etherpad color. :-) 16:26:13 * bnemec has no idea if that's spelled right 16:26:47 <cmurphy> for the virtual PTG i think we decided to do both pre- and post- IRL ptg meetings 16:27:31 <cmurphy> will the week before and after work for most people? ie sometime in oct 28-nov 1 and nov 11-15 16:28:16 <kmalloc> as a note, none of those work for me, but that is to be expected 16:28:33 <kmalloc> please just expect i'll be missing the virtual ptg(s) 16:29:08 <kmalloc> I promise to share some photos in lieu of my joining the PTGs :) 16:29:14 <cmurphy> kmalloc: i'm guessing we won't easily be able to work around your time off 16:29:20 <cmurphy> yay :) 16:29:35 <bnemec> An acceptable trade. :-) 16:32:01 <cmurphy> how many hours/days should we do for each meeting? 16:35:35 <cmurphy> okay well maybe please start adding topics to the etherpad for the ptgs and i'll try to come up with a plan that allows us to cover everything 16:35:44 <cmurphy> and will send out a scheduling poll 16:36:06 <cmurphy> #topic renewable group membership 16:36:06 <gagehugo> ok 16:36:16 <cmurphy> knikolla: all you 16:36:26 <knikolla> o/ 16:36:34 <knikolla> so i wanted some feedback on a few things 16:37:00 <knikolla> first: should these renewable group memberships appear in the API response for list groups in use and list users for group? 16:37:40 <knikolla> Should they appear in a separate API or with a special flag? Or should they just be a backend thing and not really be exposed with listing. 16:40:42 <cmurphy> the only way these users become members of groups is through mappings right? 16:40:49 <knikolla> yes 16:41:11 <knikolla> creating these directly will not be supported, just through mappings. 16:41:43 <cmurphy> hmm 16:42:50 <cmurphy> is there any need for a user to be able to view their own expiring group membership? or for admins to be able to see whose memberships are about to expire? 16:44:06 <kmalloc> i think it might be nice if a user could see it 16:44:07 <knikolla> just for info, cause they won't be able to act on that info returned. 16:44:21 <kmalloc> but ^ yeah, it's informational strictly 16:44:38 <knikolla> i was thinking of a include_expiring=True flag on listings 16:44:53 <kmalloc> ?include_expiring 16:44:59 <knikolla> yes 16:45:06 <kmalloc> hm. sure 16:45:20 <kmalloc> filter_by=expiring 16:45:54 <cmurphy> if it's not too difficult to implement it doesn't seem like a bad idea 16:45:55 <knikolla> hmmm.... it does seem a bit of a lie if you "filter" by returning different content 16:46:13 <cmurphy> otoh if it's a pain then we could keep it just on the backend for now and expose it later if we decide we need it 16:46:44 <kmalloc> ^ 16:46:46 <knikolla> ++ 16:46:51 <kmalloc> wfm 16:47:04 <kmalloc> expose it unless it's a royal PITA then, expose it later if needed 16:47:17 <knikolla> sure 16:47:49 <knikolla> the other point i had, is that the dependencies between identity backend and federation backend are growing stronger 16:47:58 <knikolla> and if it makes sense to just merge the two together in a future cycle 16:48:20 <knikolla> FederatedUser has a foreign key on IdentityProvider 16:48:31 <knikolla> ExpiringUserGroupMembership will have one as well 16:52:11 <kmalloc> *shrug* they can merge. 16:52:19 <kmalloc> it's not really that big a deal imo. 16:52:38 <cmurphy> I don't really think of idps/mappings/protocols as in the same category as users/groups 16:53:00 <cmurphy> it would feel a little weird to me to merge them 16:53:30 <cmurphy> also - the federation stuff can't be backed by ldap 16:54:44 <knikolla> that's all i had, we don't have to take a decision now 16:54:49 <knikolla> just wanted to get an overall feeling 16:55:11 * knikolla yields floow 16:55:13 <knikolla> floor 16:56:00 <cmurphy> knikolla: i guess my last message was more of a question - what happens when the identity backend is backed by ldap, if federation merges with it? 16:56:20 <kmalloc> i think with FKs, it kindof breaks as is 16:56:41 <knikolla> cmurphy: there shouldn't be any difference to how it works today. 16:56:56 <knikolla> I think domain specific drivers would still be applicable. 16:57:14 <cmurphy> hmm okay 16:57:19 <knikolla> You kinda have to use a shadow backend with sql anyway with ldap 16:57:31 <cmurphy> that's true 16:58:00 <knikolla> this was more of a realization that we've separated two things and required using them together 16:58:59 <knikolla> i can propose a spec to backlog with a more argumentative problem description and gather feedback there. 16:59:12 <cmurphy> sounds good 16:59:23 <kmalloc> wfm 16:59:25 <cmurphy> #action knikolla propose spec to backlog about merging federation and identity backends 16:59:33 <cmurphy> #topic open floor 16:59:51 <cmurphy> i proposed an office hours topic to discuss the spec features in flight 17:00:14 <cmurphy> and we're out of time 17:00:17 <cmurphy> #endmeeting