#openstack-keystone log

15:01:28 <d34dh0r53> #startmeeting keystone
15:01:28 <opendevmeet> Meeting started Tue Oct 25 15:01:28 2022 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:28 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:28 <opendevmeet> The meeting name has been set to 'keystone'
15:01:42 <d34dh0r53> #topic Roll Call
15:01:44 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek
15:02:05 <knikolla[m]> o/
15:02:09 <hiromu> o/
15:02:14 <d34dh0r53> dmendiza[m], do you want to be on the roll call list?
15:02:54 <xek> o/
15:03:26 <d34dh0r53> o/ everyone :)
15:03:38 <d34dh0r53> hopefully everyone has recovered from the PTG
15:04:06 <d34dh0r53> let's get started
15:04:29 <d34dh0r53> #topic Review past meeting work items
15:04:33 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-11-15.02.html
15:04:40 <dmendiza[m]> 🙋‍♂️
15:05:04 <d34dh0r53> We did some PTG planning, more on that later and we had one Action Item
15:05:14 <d34dh0r53> https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-11-15.02.html
15:05:22 <d34dh0r53> oops, wrong paste
15:05:31 <d34dh0r53> dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/1990987
15:05:52 <dmendiza[m]> did not get a chance to do that yet.  was busy with PTG last week
15:06:06 <d34dh0r53> dmendiza[m]: ack, can I re-assign that action item to you?
15:06:43 <dmendiza[m]> yep
15:06:50 <d34dh0r53> awesome, thank you!
15:06:56 <d34dh0r53> #action dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/1990987
15:08:00 <d34dh0r53> next up we have d34dh0r53 look into user-defined attribute access control
15:08:13 <d34dh0r53> I did not get to this, will add again for this week
15:08:18 <d34dh0r53> #action d34dh0r53 look into user-defined attribute access control
15:08:33 <d34dh0r53> finally we have d34dh0r53 submit fix for Bug/1992183
15:09:00 <d34dh0r53> that review is up here
15:09:03 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/861232
15:09:18 <d34dh0r53> thanks for the reviews so far
15:09:48 <d34dh0r53> that does it for the past meeting work items
15:10:17 <d34dh0r53> #topic Liaison Updates
15:10:30 <d34dh0r53> Anyone have anything?
15:11:21 <d34dh0r53> #help still looking for additional cross-project liaisons
15:11:21 * dmendiza[m] checks release patches
15:12:01 <dmendiza[m]> Ok, yeah
15:12:06 <dmendiza[m]> https://review.opendev.org/c/openstack/releases/+/862323
15:12:18 <dmendiza[m]> Release team wants to move Wallaby into EM
15:12:42 <dmendiza[m]> for us it just means no new releases will be made, but we will still be able to merge backports when necessary
15:13:09 <dmendiza[m]> d34dh0r53: I should be able to help with release things.
15:13:19 <dmendiza[m]> at least for the next couple of weeks.
15:13:20 <d34dh0r53> dmendiza[m]: excellent, thank you
15:13:39 <d34dh0r53> I'm fine with moving Wallaby to EM, any objections?
15:14:06 <dmendiza[m]> fine by me as well
15:14:46 <d34dh0r53> Ok, I'll +1 that patch unless I hear otherwise
15:15:54 <d34dh0r53> any other Liaison updates? I don't have anything from VMT
15:17:13 <d34dh0r53> next up on the agenda we have
15:17:31 <d34dh0r53> #topic specification OAuth 2.0 (h_asahina)
15:17:47 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:18:11 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:18:48 <hiromu> No update this week
15:19:01 <hiromu> but our team's arguing over what grant type should be used
15:19:08 <d34dh0r53> hiromu: ack
15:19:30 <hiromu> so, may be I'll change flows in the spec.
15:19:31 <knikolla[m]> I haven't had a chance yet to look at it in-depth.
15:19:59 <hiromu> it's ok :)
15:20:29 <hiromu> I'll remind you when we fix the contents of the spec.
15:20:42 <d34dh0r53> thank you hiromu
15:20:53 <hiromu> btw, this is just a reminder, please kindly review these docs patches and hopefully backport them to Zed.
15:21:02 <hiromu> https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:21:04 <hiromu> https://review.opendev.org/c/openstack/keystone/+/838108
15:21:42 <d34dh0r53> #action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:22:03 <d34dh0r53> #undo
15:22:03 <opendevmeet> Removing item from minutes: #action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:22:25 <d34dh0r53> #action reviewathon review https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:22:34 <d34dh0r53> #action reviewathon review https://review.opendev.org/c/openstack/keystone/+/838108
15:22:49 <hiromu> great. thanks d34dh0r53
15:23:03 <d34dh0r53> np hiromu
15:23:28 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:23:41 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:25:33 <dmendiza[m]> Yeah, there were a few SRBAC sessions during PTG
15:25:46 <dmendiza[m]> I think the main goals for us this cycle are:
15:25:55 <dmendiza[m]> 1. Merge the "manager" role implementation
15:26:05 <dmendiza[m]> 2. Merge the "service" role spec
15:26:18 <dmendiza[m]> 3. Implement the "service" role after spec has landed
15:26:45 <dmendiza[m]> I'm  not sure if we're already defaulting to `enforce_scope=True` and `enforce_new_defaults=True` but I think we may be able to do that this cycle.
15:27:46 <d34dh0r53> ok
15:28:27 <d34dh0r53> I'd like to look at the manager role implementation during the reviewathon
15:28:52 <d34dh0r53> #action reviewathon review https://review.opendev.org/c/openstack/keystone/+/822601
15:28:52 <dmendiza[m]> +1
15:29:42 <d34dh0r53> it looks like gmann has updated the service role spec so we should look at that as well
15:30:02 <d34dh0r53> #action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/818616
15:31:04 <d34dh0r53> So, speaking of the PTG
15:31:15 <d34dh0r53> #topic Open Discussion
15:31:23 <d34dh0r53> d34dh0r53: ptg review https://etherpad.opendev.org/p/antelope-ptg-keystone
15:31:59 <d34dh0r53> #link https://etherpad.opendev.org/p/antelope-ptg-keystone
15:32:26 <d34dh0r53> anything to add regarding the Secure RBAC community goal?
15:33:58 <d34dh0r53> ok, hiromu do you have any asks/updates on the Supporting external authz server by Keystone Middleware BP/Spec?
15:34:58 <d34dh0r53> ok
15:35:02 <hiromu> there's no update so far
15:35:07 <d34dh0r53> ok, thanks hiromu
15:35:29 <d34dh0r53> next up we have deprecate python-keystone client that dmendiza[m] and myself have action items on
15:36:09 <d34dh0r53> I know there was talk at one of the TC sessions about openstacksdk and the individual clients but I'm not sure if any consensus was reached
15:36:47 <d34dh0r53> knikolla[m]: were there any takeaways we should consider before doing this work?
15:37:01 <knikolla[m]> It's a slow road and we're well ahead of the rest of OpenStack on it, haha.
15:37:23 <d34dh0r53> haha, awesome
15:37:48 <knikolla[m]> We have removed CLI access from the keystoneclient, and that's the first target of that work. Full parity between CLI clients and OSC.
15:38:00 <knikolla[m]> I don't think we've targeted anything yet for moving entirely to SDK.
15:38:22 <d34dh0r53> I think a good goal for this cycle is to determine our feature gaps
15:38:24 <dmendiza[m]> One thing that's not clear to me is whether keystone-manage or keysotne-bootstrap or w/e else needs to also be part of OSC?
15:38:40 <knikolla[m]> I don't think so.
15:38:55 <knikolla[m]> They usually interact with the DB directly, rather than through the API.
15:39:18 <dmendiza[m]> Gotcha ... yeah, as I typed that I realized those are CLIs that are part of the server, not the client
15:40:36 <d34dh0r53> Ok dmendiza[m] and I will try to carve out a little time to start the gap analysis
15:41:04 <d34dh0r53> #action dmendiza[m] and d34dh0r53 make some time to start the gap analysis between CLI and OSC.
15:41:50 <d34dh0r53> next up, Ade Lee is working on a new OIDC gate.  He's using the plugin that you wrote knikolla[m], thanks again for pointing us to that
15:42:13 <d34dh0r53> I think it will be a big help
15:42:38 <d34dh0r53> any other topics for Open Discussion?
15:44:01 <d34dh0r53> #topic Bug Review
15:44:13 <d34dh0r53> Keystone Bugs
15:44:24 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:44:42 <d34dh0r53> we have https://bugs.launchpad.net/keystone/+bug/1993742
15:45:48 <xek> this was fixed in wallaby by an SQL upgrade
15:45:58 <d34dh0r53> ahh
15:46:12 <d34dh0r53> xek: would you mind commenting on that bug with a link?
15:47:07 <xek> d34dh0r53: ok, I'll also look into it to make sure this is the same bug
15:47:12 <d34dh0r53> xek: thank you
15:47:26 <d34dh0r53> that's it for new keystone bugs, next up we have python-keystoneclient
15:47:37 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:47:55 <d34dh0r53> looks like this is new https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:48:12 <d34dh0r53> man, the copy paste game is bad today :/
15:48:20 <d34dh0r53> https://bugs.launchpad.net/python-keystoneclient/+bug/1993614
15:51:20 <d34dh0r53> hmm, that doesn't seem right, anyone have a devstack up to verify that?
15:51:47 <d34dh0r53> I'll try to take a look at this one
15:52:05 <d34dh0r53> #action d34dh0r53 try to reproduce https://bugs.launchpad.net/python-keystoneclient/+bug/1993614
15:52:16 <d34dh0r53> that's all for python-keystoneclient
15:52:22 <d34dh0r53> next up we have keystoneauth
15:52:39 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:52:54 <d34dh0r53> no new bugs there
15:53:02 <d34dh0r53> keystonemiddleware is next
15:53:10 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:53:26 <d34dh0r53> nothing new here
15:53:33 <d34dh0r53> PyCADF
15:53:43 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:54:00 <d34dh0r53> no new bugs
15:54:07 <d34dh0r53> Finally we have ldappool
15:54:15 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:54:25 <d34dh0r53> which has nothing new
15:54:35 <d34dh0r53> Anything else before we end the meeting?
15:55:34 <d34dh0r53> Thanks for joining everyone! Have a great week, and I'll see y'all online :)
15:55:38 <d34dh0r53> #endmeeting