17:00:04 <knikolla> #startmeeting keystone
17:00:05 <openstack> Meeting started Tue Apr 21 17:00:04 2020 UTC and is due to finish in 60 minutes.  The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:08 <openstack> The meeting name has been set to 'keystone'
17:00:16 <knikolla> o/
17:00:29 <vishakha> o/
17:00:44 <cmurphy> o/
17:00:55 <knikolla> how's everyone doing?
17:01:06 <bnemec> o/
17:01:27 <cmurphy> dying from pollen but otherwise alive
17:01:46 <lbragstad> o/
17:01:46 <gagehugo> o/
17:01:56 <vishakha> Doing Fine. Lockdown is here in India.
17:02:50 <knikolla> cmurphy: hope you feel better
17:03:17 <knikolla> i took some claritin for the first time, just to realize that my body doesn't like claritin.
17:03:28 <cmurphy> oof
17:04:13 <knikolla> alright, we have quorum. let's start :)
17:04:22 <knikolla> #topic Announcements
17:04:35 <knikolla> Next EOW week is RC1
17:04:41 <knikolla> err, this week
17:04:46 <knikolla> time flies.
17:05:02 <cmurphy> I scanned the bug list and didn't notice anything release-critical so didn't mark any bugs for the rc1 milestone
17:05:57 <knikolla> That's good!
17:06:22 <knikolla> We can talk about final things we want to get in before release in review requests
17:06:23 <knikolla> moving on
17:06:35 <knikolla> #topic PTG Planning
17:06:46 * knikolla hands off mic to cmurphy
17:07:24 <cmurphy> so the people in charge announced a format for the virtual ptg so we can start thinking about how we want to organize ourselves
17:07:53 <cmurphy> we still have our planning etherpad, if you plan on attending please keep the attendee list up to date
17:08:03 <cmurphy> #link https://etherpad.opendev.org/p/yvr-ptg-keystone
17:08:25 <cmurphy> #link http://lists.openstack.org/pipermail/openstack-discuss/2020-April/014126.html planning email
17:09:36 <cmurphy> it will be june 1-5 and we can sign up for four-hour sessions, i think we could maybe do sessions on wednesday and thursday in the 13-17 utc time slot which is when we usually do our other virtual gatherings
17:10:05 <cmurphy> any thoughts on that? is two four-hour sessions enough? too many?
17:10:25 <cmurphy> is that time workable for most or should we create a poll?
17:10:59 <cmurphy> #link https://ethercalc.openstack.org/126u8ek25noy time slots
17:11:10 <gagehugo> that works for me, but a poll would be fine as well
17:11:32 <knikolla> i would go for a poll, since we might have outside participation.
17:12:18 <cmurphy> that's true
17:12:22 <knikolla> A mailing list announcement with the etherpad and poll would advertise our sessions to external people.
17:12:36 <knikolla> (almost typed eternal people)
17:12:50 <cmurphy> them too :)
17:14:25 <cmurphy> okay works for me
17:14:50 <knikolla> okay :) moving on.
17:15:07 <knikolla> #topic L1 Bug Duty
17:15:31 <knikolla> Current person on duty is vishakha, anything to highlight?
17:15:52 <vishakha> There wasn't any new bug in this week
17:16:23 <knikolla> Cool!
17:16:32 <vishakha> I analysed the last week bugs and pushed patches mentioned in the review requests
17:16:58 <knikolla> Thanks, we can talk about those in next topic
17:17:06 <knikolla> cmurphy: still good for this week?
17:17:12 <cmurphy> knikolla: yep
17:17:36 <knikolla> alright, i can take the next, since people covered for me once.
17:18:37 <knikolla> #topic Review Requests
17:19:29 <knikolla> floor is all yours vishakha
17:20:14 <vishakha> There are patches ready for two bugs, not much critical though
17:20:36 <vishakha> https://review.opendev.org/#/c/720789/ Fixes Bug 1872732
17:20:36 <openstack> bug 1872732 in OpenStack Identity (keystone) "no user limit of ec2 credentials" [Low,In progress] https://launchpad.net/bugs/1872732 - Assigned to Vishakha Agarwal (vishakha.agarwal)
17:20:36 <vishakha> https://review.opendev.org/#/c/721267/ Fixed Bug 1872753
17:20:37 <openstack> bug 1872753 in OpenStack Identity (keystone) "Updating EC2 credential blob can lead to a ec2 credential id / credential id mismatch" [Medium,In progress] https://launchpad.net/bugs/1872753 - Assigned to Vishakha Agarwal (vishakha.agarwal)
17:21:17 <knikolla> One of them creates a new config option, I'm not sure how I feel merging that past feature freeze.
17:21:18 <cmurphy> for 720789 i haven't looked at the code but if it's adding a config option we can't merge it yet as we're past feature freeze
17:21:22 <cmurphy> knikolla: jinx
17:21:36 <knikolla> haha :)
17:22:00 <cmurphy> it's also past string freeze and adding a config option adds strings that need translation
17:22:41 <vishakha> cmurphy: knikolla okay thanks. I thought so
17:23:20 <cmurphy> for 721267 i think the tempest failure shows why we can't change the id of a resource out from under it, we need a different approach
17:24:38 <vishakha> cmurphy: But the id of the ec2 creds will be changed when an access ID of the blob of ec2 creds is changed
17:25:35 <cmurphy> maybe it shouldn't allow changing the access id
17:26:24 <knikolla> Do we need EC2 credentials to be mutable?
17:27:06 <cmurphy> yes i think so, the secret in the blob should at least be changeable
17:27:44 <cmurphy> i mean if we were designing it from scratch i would say no, just delete and recreate if you need to change it, but it's already here and PATCH is already allowed
17:28:43 <knikolla> true
17:29:46 <vishakha> Should I raise exception if anyone tries to change access_Id?
17:29:55 <knikolla> though, we already treat credentials of type EC2 as special, and they're broken anyway after update
17:30:02 <knikolla> (just thinking out loud)
17:31:23 <cmurphy> knikolla: so you think just block PATCH if type == ec2?
17:32:07 <knikolla> cmurphy: the bug is that ID of the credential should be recalculated, right?
17:32:37 <knikolla> I don't think we have any other case where we update the ID of an object.
17:35:28 <cmurphy> if it's recalculated then anything that was referring to it by its resource id has now lost it
17:36:04 <cmurphy> which i feel like misses the point of having a resource id kinda
17:37:06 <knikolla> gagehugo, lbragstad: opinions?
17:37:20 <cmurphy> lol this api is such a pita
17:37:41 <lbragstad> ^ +1
17:37:48 <gagehugo> haha
17:38:08 <knikolla> IKR, on one case you have to treat a very specific entry in the body as special and change the id of the entire resource. on the other you have to block patch on a very specific entry in the body.
17:39:05 <gagehugo> updating the id seems off
17:40:00 <cmurphy> imo it's not release critical, we could put a pin in it and talk about it next week, i might have some better answers by then
17:40:09 <knikolla> ++
17:40:29 <vishakha> cmurphy: knikolla thanks
17:40:32 <cmurphy> thanks for looking into it vishakha
17:40:57 <knikolla> based on this, i'm also thinking of just deprecating changes to updating credentials entirely.
17:41:08 <knikolla> deprecating changes to*
17:41:54 <knikolla> might have to talk to my therapist about those first.
17:41:57 <knikolla> moving on
17:41:59 <cmurphy> we could deprecate but not remove without a v4
17:42:10 <knikolla> argh... true
17:42:25 <knikolla> #topic Open Floor
17:43:14 <cmurphy> thanks knikolla for chairing :)
17:43:59 <knikolla> you're welcome :)
17:44:16 <knikolla> thanks for doing that for ~1yr.
17:44:24 <cmurphy> :)
17:44:27 <lbragstad> ++
17:45:14 * knikolla realizes he moved to the US ~6yrs ago.
17:45:43 * bnemec fondly remembers 6 years ago
17:45:51 <cmurphy> time flies :)
17:46:43 <knikolla> on that fond note, and thinking about fondue...
17:46:46 <knikolla> #endmeeting