#openstack-keystone log

17:00:25 <redrobot> #startmeeting keystone
17:00:25 <opendevmeet> Meeting started Tue Aug 17 17:00:25 2021 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
17:00:25 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
17:00:25 <opendevmeet> The meeting name has been set to 'keystone'
17:00:32 <lbragstad> o/
17:00:37 <redrobot> #topic Roll Call
17:00:40 <redrobot> hi lbragstad!
17:00:52 <redrobot> Courtesy ping for ayoung, bbobrov, cmurphy, crisloma, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, jdennis, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, redrobot, xek
17:02:36 <gagehugo> o/
17:02:44 <redrobot> hi gagehugo
17:03:25 <redrobot> Thanks for joining, y'all.
17:03:41 <redrobot> I don't have anything on the agenda,  I really just wanted to help kickstart these meetings again
17:03:57 <lbragstad> ++
17:04:13 <lbragstad> i do have a review up for KSM that i'd like folks to take a look at if they have time
17:04:22 <redrobot> Sure, do you have a link for that?
17:04:51 <lbragstad> https://review.opendev.org/c/openstack/keystonemiddleware/+/787822
17:04:53 <lbragstad> #link https://review.opendev.org/c/openstack/keystonemiddleware/+/787822
17:06:05 <lbragstad> that implements the KSM portion of the project ID pass through specification redrobot wrote
17:08:04 <lbragstad> i'm hoping to have another review up soon for the KSA bits
17:08:12 <redrobot> lbragstad seems like a good start.  I'd like to see some validation of the value in X-Project-Id header.
17:08:41 <lbragstad> yeah - i need a test that validates we gracefully handle multiple X-Project-Id headers, too
17:08:42 <redrobot> maybe just make sure that it's a UUID in the format that Keystone provides those
17:08:52 <lbragstad> well - that's an interesting bit
17:09:04 <lbragstad> i'm wondering how much validation we need on that kind of stuff
17:09:36 <lbragstad> since we're expecting to use this feature as a way for operators to clean up non-existent project resources
17:10:04 <redrobot> I'm mainly concerned about logging the value (line 707) ... without validation that could be anything. (even something very large that takes up lots of log space
17:10:15 <lbragstad> not that this is a common case, but we have allowed other backends for the resources driver (e.g., ldap)
17:10:51 <lbragstad> so - i'm wondering if we can guarantee that the project ID will always be a uuid formatted string, or if adding that validation will break some deployments
17:11:11 <lbragstad> (when they use the feature)
17:11:41 <redrobot> I see ... do we use the ID that ldap generates in that case?
17:11:52 <redrobot> (some arbitrary string, I assume?)
17:12:03 <lbragstad> yeah - potentially
17:12:27 <lbragstad> but, again, i'm not sure how typical that is, keystone removed LDAP support for projects a while ago
17:13:14 <lbragstad> idk - it just made me think about the validation case and how strict we should be with it
17:14:14 <lbragstad> since we know KSM isn't going to validate that the project actually exists (since that would break the orphaned resources case)
17:15:01 <lbragstad> thoughts?
17:15:23 <redrobot> Maybe start with some light validation and go from there?
17:15:28 <redrobot> like a max length at least
17:15:40 <lbragstad> ok
17:16:32 <redrobot> oops forgot to
17:16:36 <redrobot> #topic Open Discussion
17:17:21 <redrobot> I'm out on PTO next week, so I won't be here for this meeting.  I figure we can probably skip it and meet again in 2 weeks.
17:17:31 <lbragstad> sounds good to me
17:17:41 <redrobot> How does the time work for y'all?
17:17:49 <redrobot> I wonder if it's too late for EMEA folks?
17:18:00 <redrobot> Maybe I should ask that in the ML?
17:18:06 <lbragstad> ++
17:18:44 <redrobot> #action redrobot to ask if this time slot works for folks or if we should try earlier for EMEA contributors
17:19:40 <redrobot> personally, a little earlier would work for me relative to my lunch time. 😅
17:19:49 <lbragstad> very true
17:19:58 <lbragstad> i'm usually double booked around this time anyway
17:21:18 <redrobot> Cool, I'll propose a -2 hr change (to 1500 UTC) and see what kind of feedback we get.
17:21:28 <lbragstad> wfm
17:21:41 <redrobot> Alrighty, that's all I have
17:21:44 <gagehugo> this timeslot works for me usually, I am pretty booked this week though
17:22:22 <redrobot> gagehugo -2 hrs would be better or worse for you?
17:22:39 <gagehugo> worse, but I'll make it work
17:22:53 <redrobot> hmm... how about -1 hr?  better or worse?
17:23:03 * redrobot has a feeling it'll mostly be the 3 of us here
17:23:19 <gagehugo> mornings here are usually crapshoots for me, pick whatever works for you two and I can shuffle things around
17:23:31 <redrobot> gagehugo++ sounds good
17:24:56 <redrobot> Cool
17:25:00 <redrobot> well, thanks for joining, y'all
17:25:07 <redrobot> let's do it again in two weeks.
17:25:13 <redrobot> #endmeeting