#openstack-keystone log

15:00:06 <redrobot> #startmeeting keystone
15:00:06 <opendevmeet> Meeting started Tue Oct 26 15:00:06 2021 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:06 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:06 <opendevmeet> The meeting name has been set to 'keystone'
15:00:16 <lbragstad> o/
15:00:27 <redrobot> #topic Roll Call
15:00:32 <redrobot> Courtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, jdennis, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, xek
15:00:35 <gagehugo> o/
15:00:39 <xek> o/
15:00:40 <d34dh0r53> o/
15:01:10 <redrobot> We should probably trim down that ping list at some point
15:01:27 * lbragstad was just looking at all the uncolored nicks
15:02:00 <redrobot> Let's get started
15:02:07 <redrobot> #topic Review Past Meeting Action Items
15:02:09 <redrobot> #link https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-12-15.03.html
15:02:13 <knikolla> o/
15:02:31 <redrobot> > redrobot to ask for help on System-Scope implementation in keystoneauth
15:02:58 <redrobot> This was an ask from rdopiera
15:03:11 <redrobot> I'm sure that our team at RH will be able to help out
15:03:40 <redrobot> I'll bring it up during our team meeting tomorrow
15:04:17 <redrobot> We have a light agenda today
15:04:24 <redrobot> so I'm going to wing it for the most part, haha
15:04:30 <redrobot> #topic PTG Recap
15:04:54 <redrobot> #link https://etherpad.opendev.org/p/oct2021-ptg-keystone
15:05:31 <redrobot> The PTG session was good.  The main topics were OAuth 2.0, Secure RBAC and What to do with all them Bugs
15:05:51 <redrobot> Notes are above ^^^
15:08:19 <redrobot> #topic OAuth 2.0 Spec
15:08:25 <redrobot> #link https://review.opendev.org/c/openstack/keystone-specs/+/813152
15:08:37 <redrobot> This is the weekly reminder to please take a look at the Spec
15:09:10 <redrobot> I think all the active cores have been added to the review
15:10:17 <redrobot> Any questions/comments?
15:11:10 <knikolla> i still haven't gotten around to reviewing that, will do so today
15:11:52 <lbragstad> same here - i don't think i'll get to it this week, but i'm trying to summarize all the RBAC stuff https://review.opendev.org/c/openstack/governance/+/815158
15:13:54 <redrobot> That's a good segue into the next topic
15:14:00 <redrobot> #topic Secure RBAC
15:14:08 <redrobot> lbragstad any updates you want to share from the PTG?
15:14:25 <lbragstad> well - the update is probably going to be long
15:14:43 <lbragstad> but - all in all, i think everything went well
15:14:49 <lbragstad> it was a mind-bender of a week
15:15:01 <lbragstad> and i really need to get everything on paper
15:15:09 <lbragstad> so - that's my top priority at the moment
15:15:26 <lbragstad> but - the tl;dr is,
15:15:45 <lbragstad> we need to get to a point with policy across projects where people can actually start using it - hopefully in yoga
15:16:09 <lbragstad> and we've kinda thought about another approach (and dropped an assumption) that should make that easier
15:17:28 <lbragstad> so - my plan is to update the goal to target that
15:18:08 <redrobot> Great, thanks for the update lbragstad
15:19:48 <redrobot> #topic Open Discussion
15:20:00 <redrobot> Anything else y'all want to talk about before we get into the Bug Review?
15:22:38 <xek> still looking for reviews for https://review.opendev.org/c/openstack/keystone/+/806381
15:22:55 <xek> (Update local_id limit to 255 characters Wallaby backport)
15:23:27 <lbragstad> cc knikolla gagehugo ^
15:24:35 <gagehugo> lbragstad: done
15:24:35 <redrobot> This looks like it's ready to merge
15:25:06 <redrobot> lbragstad do you have +A powers?
15:25:31 <lbragstad> i have the power
15:25:46 <lbragstad> i have applied said power
15:26:31 <redrobot> thanks gagehugo and lbragstad
15:26:39 <redrobot> OK, moving on to bugs
15:26:42 <redrobot> #topic Bug Review
15:27:04 <redrobot> Going to try what we talked about in the PTG and review the newest and oldest bugs
15:27:21 <redrobot> Let
15:27:27 <redrobot> 's start with the new bugs
15:27:33 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1947870
15:27:42 <redrobot> > Keystone Kerberos auth broken when delegate to HTTP
15:27:48 <redrobot> This is a new bug opened last week
15:29:50 <redrobot> looks like the reporter has a patch to go along with it
15:29:54 <redrobot> #link https://review.opendev.org/c/openstack/keystone/+/814770
15:30:13 <redrobot> Anyone know enough Keberos to take a look?
15:31:17 <lbragstad> not off the top of my head
15:33:41 <redrobot> K, let's move on to the next one
15:34:03 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1946974
15:34:11 <redrobot> >  TypeError: Can't upgrade a READER transaction to a WRITER mid-transaction
15:36:24 <lbragstad> that seems like a legit bug, but probably not used very much since it's relying on project -> endpoint association
15:39:11 <redrobot> Hmm...  anyone want to take that bug?
15:40:27 <redrobot> We'll keep that in the TODO pile
15:40:33 <redrobot> Next
15:40:41 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1945988
15:40:56 <redrobot> > [stein] Cannot get openstack role assignment list --names --system all output when all is fulfilled
15:42:20 <lbragstad> looks like they're using custom policy
15:43:25 <lbragstad> i think the policy they are using requires them to have a system-role assignment for listing assignments (the new default)
15:43:34 <lbragstad> so - i wonder if that's the problem
15:43:49 <lbragstad> i can leave a comment
15:46:14 <redrobot> cool, thanks lbragstad
15:46:35 <lbragstad> yep - done
15:47:21 <redrobot> That's it for new unassigned bugs
15:47:27 <redrobot> Now let's check in on assigned bugs
15:47:28 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1945866
15:47:35 <redrobot> I have not had time to look at that one :(
15:47:55 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1945662
15:48:06 <redrobot> ^^ looks like we're still waiting to see the pastebin
15:49:38 <redrobot> Looking at old bugs now
15:49:49 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1133435
15:49:59 <redrobot> >
15:49:59 <redrobot> policy should return a 400 if a required field is missing
15:50:06 <redrobot> we talked about this one at the PTG
15:50:12 <lbragstad> yeah
15:50:24 <redrobot> We'll keep it around until we are aready to add a microversion to v3
15:51:14 <redrobot> Next
15:51:16 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1173117
15:51:26 <redrobot> > API calls need to be atomic
15:52:38 <lbragstad> given keystone's architecture hasn't changed since this bug was opened, i think this is still susceptible
15:52:53 <lbragstad> and would probably require a significant amount of work
15:53:07 <lbragstad> the blueprint/spec comment is still valid i think
15:54:21 <redrobot> I see the spec landed... did it not get implemented?
15:55:40 <lbragstad> are you looking at bug 1130676 ?
15:56:35 <redrobot> 1173117
15:56:58 <redrobot> Looking at steve's comment #4
15:57:23 <lbragstad> oh - the recursive deletion spec
15:57:34 <lbragstad> i'm not sure that's a solution to this particular bug
15:57:40 <redrobot> Gotcha
15:58:02 <lbragstad> i think the purpose of that was to make it easy to delete project trees
15:58:04 <redrobot> K, let's revisit the bug next time as we're almost out of time.
15:58:07 <lbragstad> ack
15:58:17 <redrobot> Thanks for joining, everyone!
15:58:21 <redrobot> See y'all next week.
15:58:27 <lbragstad> thanks redrobot
15:58:32 <redrobot> #endmeeting