#openstack-keystone log

15:00:55 <redrobot> #startmeeting keystone
15:00:55 <opendevmeet> Meeting started Tue Nov  2 15:00:55 2021 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:55 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:55 <opendevmeet> The meeting name has been set to 'keystone'
15:01:01 <redrobot> #topic Roll Cal
15:01:04 <opendevreview> Merged openstack/python-keystoneclient master: Fix doc error to unblock the gate  https://review.opendev.org/c/openstack/python-keystoneclient/+/813810
15:01:05 <redrobot> *Call
15:01:31 <knikolla> o/
15:01:35 <redrobot> Courtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, xek
15:01:50 <gagehugo> o/
15:02:09 <lbragstad> o/
15:02:39 <redrobot> Hi y'all!
15:02:42 <redrobot> Let's get started
15:02:53 <redrobot> #topic Review Past Meeting Action Items
15:03:10 <redrobot> #link https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-26-15.00.html
15:03:17 <redrobot> We didn't have any action items...
15:03:22 <redrobot> ... moving on
15:03:35 <redrobot> #topic Liaison Updates
15:03:40 <redrobot> knikolla anything you want to sahre today?
15:03:44 <redrobot> *share
15:05:41 <knikolla> no, not really
15:06:10 <redrobot> Cool beans
15:06:12 <redrobot> let's move on
15:06:27 <knikolla> that probably says more about my not devoting a lot of time to doing those liaison roles, than anything, though.
15:08:12 <redrobot> Gotcha ... I'll try to keep an eye out on some of that stuff too
15:09:38 <redrobot> #topic OAuth 2.0
15:09:58 <redrobot> #link https://review.opendev.org/c/openstack/keystone-specs/+/813152
15:10:03 <redrobot> thanks for reviewing knikolla
15:10:11 <redrobot> still looking for gagehugo and lbragstad reviews
15:10:18 <lbragstad> ack
15:11:23 <redrobot> Does not look like h_asahina is online so we can move on
15:13:26 <redrobot> #topic Secure RBAC
15:13:31 <redrobot> lbragstad any updates for today?
15:13:48 <lbragstad> just one
15:14:00 <lbragstad> #link https://review.opendev.org/c/openstack/governance/+/815158/ has been taking most if not all of my time upstream
15:14:09 <lbragstad> and it's currently under review and discussion
15:14:20 <lbragstad> any additional input is greatly appreciated
15:14:29 <lbragstad> we will be having a meeting on it tomorrow - gmann set that up
15:14:41 <lbragstad> but - it could affect things in keystone
15:14:47 <lbragstad> and it might lead to another default role
15:15:12 <redrobot> Ah yeah, good to know
15:15:24 <redrobot> Do you have the details for the meeting tomorrow for folks interested in listening in?
15:15:37 <lbragstad> i don't but let me check the mailing list
15:15:45 <lbragstad> gmann sent out a poll last week
15:16:30 <lbragstad> http://lists.openstack.org/pipermail/openstack-discuss/2021-October/025569.html
15:16:54 <lbragstad> http://lists.openstack.org/pipermail/openstack-discuss/2021-November/025619.html
15:16:59 <lbragstad> details ^
15:17:04 <lbragstad> tomorrow @ 15:00 UTC
15:17:04 <redrobot> awesome, thanks lbragstad
15:17:24 <lbragstad> that's all i have unless folks have questions
15:20:53 <redrobot> Looks like we're good on questions
15:20:56 <redrobot> moving on
15:21:11 <redrobot> #topic Open Discussion
15:21:17 <redrobot> Anything else y'all want to talk about right now?
15:28:21 <redrobot> I'll take that as a no
15:28:25 <redrobot> let's move on to bugs
15:28:27 <redrobot> #topic Bug Review
15:28:38 <redrobot> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:29:00 <redrobot> No new bugs
15:29:31 <redrobot> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:29:37 <redrobot> and no new client bugs
15:30:17 <redrobot> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:30:22 <redrobot> and no new middleware bugs
15:32:36 <redrobot> Looking at the newest bugs
15:32:50 <redrobot> #link https://bugs.launchpad.net/keystone/+bug/1947870
15:33:04 <redrobot> > Keystone Kerberos auth broken when delegate to HTTP
15:33:32 <redrobot> We talked about this briefly last week.  Anyone become a Kerberos expert since last week?
15:33:41 <lbragstad> i have not
15:33:52 <lbragstad> i'm still looking for that specific matrix card
15:35:43 <redrobot> heh
15:35:57 <redrobot> #link https://bugs.launchpad.net/python-keystoneclient/+bug/1945785
15:36:10 <redrobot> > Can't find project by project_id
15:39:27 <redrobot> This looks fairly easy to try to recreate
15:40:08 <redrobot> I might try to take a look at this one
15:40:17 <redrobot> seems like good low-hanging-fruit
15:40:40 <redrobot> #link https://bugs.launchpad.net/keystonemiddleware/+bug/1946117
15:40:48 <redrobot> > Unify keystone and keystonemiddleware cache
15:44:15 * redrobot realizes he doesn't know anything about Keystone caching
15:45:14 <lbragstad> i think the benefit of that it that it would allow a token to get cached immediately, and then as soon as someone goes to nova to use that token and create a server - they would see the performance benefit
15:45:34 <lbragstad> the keystone caching implementation is completely separate from ksm i think
15:45:53 <redrobot> It's an intersting bug report.  I wonder why keystone and keystonemiddleware have different code for storing tokens to cache?  Seems like a good place where common code could be used.
15:46:10 <lbragstad> but if the keystone caching implementation for tokens and the caching implementation for ksm could be generalized - they could be shared
15:48:08 <redrobot> Is it typicall that the same cache is used for the keystone service and other services using the middleware?
15:48:27 <lbragstad> i don't think so?
15:49:05 <redrobot> I can see where this would improve performance when they do
15:49:15 <lbragstad> yeah for sure
15:50:30 <redrobot> What do we user for cache?  Memcached?
15:50:40 <lbragstad> yeah
15:52:28 <redrobot> So you'd have to have the same authn/authz for memcached in both services for this to work
15:56:58 <lbragstad> well - we don't implement authn/authz for memcached yet
15:57:15 <lbragstad> i think memcached supports SASL, but we don't support that yet in openstakc
15:57:31 <lbragstad> or the python clients we use don't have support for it yet?
15:59:03 <lbragstad> real quick - we do need to merge https://review.opendev.org/c/openstack/python-keystoneclient/+/784744 to unblock the python-keystoneclient gate
16:02:51 <redrobot> Looks like it's on its way to the merge gate
16:03:11 <redrobot> Aaaand that's all the time we have.
16:03:16 <redrobot> Thanks for joining, everyone!
16:03:18 <redrobot> #endmeeting