16:59:04 <knikolla> #startmeeting keystone
16:59:05 <openstack> Meeting started Tue Jul  7 16:59:04 2020 UTC and is due to finish in 60 minutes.  The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:06 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:59:08 <knikolla> o/
16:59:09 <openstack> The meeting name has been set to 'keystone'
16:59:14 <cmurphy> o/
16:59:15 <vishakha> o/
16:59:50 <lbragstad> o/
16:59:56 <knikolla> how's everyone?
17:00:50 <gagehugo> o/
17:00:52 <vishakha> Good. How are you?
17:01:06 * bnemec is on another call that may or may not require his attention
17:01:28 <knikolla> pretty much only waiting for 2020 to end at this point.
17:02:34 <vishakha> Yeah. Things are same
17:03:07 <gagehugo> got a bit more waiting to do there
17:03:39 <knikolla> half-way there
17:04:16 <knikolla> meeting agenda is pretty much empty for today
17:04:25 <knikolla> #topic Review Requests
17:04:30 <knikolla> anything needing eyes?
17:04:49 <lbragstad> i have a couple easy ones
17:04:49 <lbragstad> https://review.opendev.org/#/c/738459/
17:04:59 <lbragstad> #link https://review.opendev.org/#/c/737579/
17:05:16 <cmurphy> this was requested in the keystone channel https://review.opendev.org/#/c/727891/
17:05:46 <tosky> a bit minor, but it would remove the last non-zuulv3 job from keystone: https://review.opendev.org/#/c/733801/
17:07:12 <vishakha> I have some requests. #link https://review.opendev.org/#/c/656898/  #link https://review.opendev.org/#/c/731087/  #link https://review.opendev.org/#/c/737248/
17:07:20 <cmurphy> tosky: thank you!!! we've been needing to do that for a long time
17:07:51 <vishakha> Also #link https://review.opendev.org/#/c/656898/
17:14:15 <knikolla> awesome!
17:17:22 <knikolla> #topic Bugs
17:17:55 <knikolla> I was going to ask about https://bugs.launchpad.net/keystone/+bug/1886607 but it appears that cmurphy responded to what i was going to ask
17:17:55 <openstack> Launchpad bug 1886607 in OpenStack Identity (keystone) "Application Credentials Specifying Token Produces 500 Internal Server Error" [Medium,Confirmed]
17:20:13 <cmurphy> i'm open to other interpretations on that
17:20:31 <knikolla> I was similarly thinking to return a 40x error
17:21:29 <knikolla> It seems that 400 is what makes sense the most
17:22:28 <cmurphy> it's interesting that at least two separate people are trying to use app creds that way, it makes me wonder if there's a use case there that's not already addressed by app creds themselves or if we haven't done a good job of explaining the purpose of app creds
17:22:44 <lbragstad> it doesn't look like either reporter clarified why they're using them that way
17:22:54 <knikolla> it's the way the openstackclient authenticates
17:23:06 <knikolla> you'd think that by doing --os-token it would use that token
17:23:10 <knikolla> instead it has to fetch another one
17:23:38 <knikolla> though in their case, i'm not sure why they want to get a token and pass it to osc
17:23:38 <knikolla> seems counterproductive
17:25:38 <lbragstad> you can just pass the app cred plugin to osc and it'll do the right thing
17:26:12 <knikolla> yeah, exactly
17:31:21 <knikolla> I'll review the documentation for OSC and how to authenticate with it and see if there's areas for improvement
17:31:29 <knikolla> #topic Open Floor
17:32:14 <lbragstad> do we agree that getting a new token with an application credential isn't valid?
17:34:28 <knikolla> a new token with a token gotten from an application credential, yes
17:35:02 <lbragstad> if we agree on https://bugs.launchpad.net/keystone/+bug/1886607/comments/3 as a group, then we should mark that as a duplicate, fix the 500, and/or close that bug
17:35:02 <openstack> Launchpad bug 1886607 in OpenStack Identity (keystone) "Application Credentials Specifying Token Produces 500 Internal Server Error" [Medium,Confirmed]
17:35:55 <knikolla> ++
17:50:02 <knikolla> thanks everyone!
17:50:04 <knikolla> #endmeeting