16:59:03 <knikolla> #startmeeting keystone
16:59:04 <openstack> Meeting started Tue Aug 25 16:59:03 2020 UTC and is due to finish in 60 minutes.  The chair is knikolla. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:59:05 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:59:06 <knikolla> o/
16:59:08 <openstack> The meeting name has been set to 'keystone'
16:59:13 <cmurphy> o/
16:59:17 <vishakha> o/
17:00:07 <knikolla> how's everyone?
17:01:29 <vishakha> good. How are you?
17:01:31 <cmurphy> pretty good
17:03:37 <knikolla> can't complain.
17:03:56 <knikolla> i'll give it a few more minutes to see if we have some form of quorum.
17:04:20 <rafaelweingartne> ok
17:04:54 <knikolla> hi rafaelweingartne. thanks for joining us and for the feature proposals.
17:06:03 <rafaelweingartne> Welcome :). I will try to be more present in the future
17:07:51 <knikolla> I think we can get started for now
17:08:06 <knikolla> #topic Code Reviews
17:08:42 <knikolla> rafaelweingartne has proposed https://bugs.launchpad.net/keystone/+bug/1887515
17:08:43 <openstack> Launchpad bug 1887515 in OpenStack Identity (keystone) "[RFE] Keystone to honor the "domain" attribute mapping rules" [Undecided,In progress] - Assigned to Rafael Weingartner (rafaelweingartner)
17:09:00 <knikolla> to have keystone honor the domain specified in the mapping rules
17:10:27 <vishakha> I have some requests too #link https://review.opendev.org/#/c/737225/
17:10:27 <vishakha> #link https://review.opendev.org/#/c/746451/
17:10:27 <vishakha> #link https://review.opendev.org/#/c/745112/
17:10:27 <vishakha> #link https://review.opendev.org/#/c/745376/
17:10:27 <vishakha> #link https://review.opendev.org/#/c/657039/
17:10:43 <lbragstad> o/
17:11:45 <knikolla> cmurphy: lbragstad: with regards to https://bugs.launchpad.net/keystone/+bug/1887515 do you think it warrants a spec?
17:11:47 <openstack> Launchpad bug 1887515 in OpenStack Identity (keystone) "[RFE] Keystone to honor the "domain" attribute mapping rules" [Undecided,In progress] - Assigned to Rafael Weingartner (rafaelweingartner)
17:12:19 <cmurphy> knikolla: i lean toward yes since it's an API change
17:12:24 <rafaelweingartne> that was my doubt, sometimes I am not sure if things need a spec or not. Therefore, I normally propose the RFE, and wait for the community to decide.
17:12:48 <rafaelweingartne> The API is not actually changing, but the way we handle the attribute mapping extensions
17:13:10 <rafaelweingartne> A new parameter is being introduced. If we consider that an API, then, yes, it is changing
17:13:56 <cmurphy> ohh changing the api behavior is even more worth a spec
17:14:05 <lbragstad> ++
17:14:24 <rafaelweingartne> that is why I introduced the parameter
17:14:24 <cmurphy> introducing a configuration option on the backend that changes the api behavior is problematic
17:14:46 <rafaelweingartne> the behavior does not change by default, only if the schema is updated to 1.1 that it would change
17:15:03 <cmurphy> the user needs some way to know what the behavior will be without knowing how the operator has configured the server
17:15:37 <rafaelweingartne> I thought that only operators would add IdPs in OpenStack
17:16:05 <rafaelweingartne> since that we need to change configs in Keystone anyways
17:16:23 <rafaelweingartne> such as the Apache's webproxy configurations
17:16:43 <rafaelweingartne> it is not something that a comon user can do
17:17:02 <rafaelweingartne> common/normal
17:18:22 <knikolla> yes, that is true
17:20:13 <knikolla> rafaelweingartne: i would still like to see a spec, since they provide better visibility into the direction the project is taking as opposed to RFEs in bugs.
17:20:31 <rafaelweingartne> no problem, I can create one
17:20:56 <rafaelweingartne> if you guys think that the RFE can be approved
17:21:18 <knikolla> rafaelweingartne: it does make sense to me
17:21:33 <knikolla> and provides better consistency across how we handle domain in mappings
17:21:57 <knikolla> could you create a spec for https://review.opendev.org/#/c/742235/ as well?
17:22:20 <rafaelweingartne> aha, you were faster
17:22:37 <rafaelweingartne> I woudl bring this one to the table only later when moving on with this one
17:23:01 <rafaelweingartne> that is the reason why I started working with a method to handle attribute mapping schema versions
17:23:09 <rafaelweingartne> sure, I can create for that other one as well
17:24:05 <knikolla> rafaelweingartne: the versioning makes total sense and is something we considered too.
17:24:22 <knikolla> it is something i would lean more towards being in the mapping itself rather than a global config though.
17:24:40 <rafaelweingartne> ah
17:24:42 <rafaelweingartne> good idea
17:25:38 <rafaelweingartne> ok, so how does that work. I mean, I create the specs and we discuss in the patch of the spec? Or, do we discuss them in the next meeting?
17:26:21 <knikolla> rafaelweingartne: both are valid approaches, as long as the meeting discussion is also captured and written in the spec review.
17:26:35 <rafaelweingartne> I see
17:27:24 <knikolla> we are also late in this cycle for them to get approved for V. So they'd have to be pushed to W.
17:27:43 <rafaelweingartne> that is fine by me
17:28:06 <knikolla> Assuming there are no strong objections with both specs, and the implementation is done, we can merge them pretty early on in the cycle.
17:28:10 <rafaelweingartne> internally, we already have them in PROD, so now we would like to work with the community to upstream these nice things that we created
17:28:34 <knikolla> rafaelweingartne: totally, always happy to have stuff flow upstream.
17:28:38 <rafaelweingartne> sure, I will work on them in the next coming days
17:29:06 <knikolla> i'd also love to hear what other needs you have with regards to federation going forward.
17:29:23 <rafaelweingartne> a lot :)
17:29:34 <knikolla> we have had very limited success engaging and gathering feedback.
17:29:34 <rafaelweingartne> we have been fixing and patchign things in Kolla-ansible
17:29:54 <rafaelweingartne> and now we started moving to the Keystone and Horizon patches
17:30:31 <rafaelweingartne> We are managing our users just via identity federation, role assignments, projects, and so on.
17:31:04 <rafaelweingartne> we do that to have a solid and centralized place for user managements, since we have much more than just OpenStack in our clients cloud
17:31:37 <knikolla> i will definitely pick your brain
17:32:34 <rafaelweingartne> just ping me, I am not normally on IRC, but you can drop me an email
17:32:45 <knikolla> will do! thanks!
17:37:13 <knikolla> ok, looks like i have already reviewed most of the review requests, that's a first.
17:37:44 <knikolla> i still haven't gotten to cmurphy's RBAC test series from last week, but i'm heavily caffeinated especially for that right now.
17:38:01 <cmurphy> :)
17:39:33 <knikolla> #topic Bugs
17:40:31 <knikolla> Going through bugs... there doesn't seem to be anything worth bringing up in the meeting
17:40:41 <knikolla> #topic Open Floor
17:41:16 <knikolla> Somehow I had missed the email saying that the W release is called Wallaby
17:42:08 <rafaelweingartne> sorry, lost the internet connection
17:43:06 <knikolla> rafaelweingartne: you didn't really miss anything.
17:43:10 <knikolla> no worries
17:44:27 <knikolla> alright, thanks for coming everyone. :)
17:44:30 <knikolla> #endmeeting