#openstack-keystone log

15:00:11 <d34dh0r53> #startmeeting keystone
15:00:11 <opendevmeet> Meeting started Tue Dec  6 15:00:11 2022 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:11 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:11 <opendevmeet> The meeting name has been set to 'keystone'
15:00:22 <d34dh0r53> #topic roll call
15:00:29 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann
15:02:36 <d34dh0r53> let's get started
15:02:37 <opendevreview> Rafael Weingartner proposed openstack/keystone-specs master: Add schema version and add support to "domain" attribute in mapping rules  https://review.opendev.org/c/openstack/keystone-specs/+/748042
15:02:52 <d34dh0r53> #topic review past meeting work items
15:03:14 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-11-29-15.01.html
15:05:23 <d34dh0r53> sorry, copy pasta issues :/
15:05:33 <d34dh0r53> first up we have reivewathon review https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:06:04 <d34dh0r53> we actually have several OAuth 2.0 things to review, we focused on getting the Spec for M+TLS merged which we're close to doing
15:06:25 <d34dh0r53> once that merges we can focus on the actual code for OAuth 2.0 with M+TLS
15:06:41 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:07:10 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystone/+/838108
15:07:42 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystone/+/860928
15:08:00 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/860923
15:08:28 <d34dh0r53> next up is d34dh0r53 look into user-defined attribute access control
15:08:32 <d34dh0r53> didn't get to it, so pushing
15:08:35 <d34dh0r53> #action d34dh0r53 look into user-defined attribute access control
15:08:54 <d34dh0r53> next up d34dh0r53 request pycadf release once https://review.opendev.org/c/openstack/pycadf/+/863702 merges
15:09:25 <d34dh0r53> we need another core reviewer on this one, going to assign it to knikolla[m] so we can get it merged
15:09:44 <d34dh0r53> #action knikolla[m] please review https://review.opendev.org/c/openstack/pycadf/+/863702
15:10:01 <d34dh0r53> that does it for last meeting action items
15:10:28 <d34dh0r53> #topic liaison updates
15:10:54 <d34dh0r53> nothing from VMT, and neither Doug nor knikolla[m] are here so we can move on
15:11:18 <d34dh0r53> #help Let me know if you're interested in volunteering for a liaison role
15:11:48 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:11:59 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:12:05 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:12:56 <d34dh0r53> I think we're ready to merge this spec, there were just a couple of nits that came out during the reviewathon which Hiromu has cleared up
15:13:22 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:13:32 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:13:42 <d34dh0r53> Service Role Spec
15:13:44 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/818616
15:14:03 <d34dh0r53> the service role spec has merged! Thanks for all the reviews and work on this
15:14:15 <d34dh0r53> Manager Role Implementation
15:14:23 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:14:33 <d34dh0r53> There are some valid -1's on this so more work is needed
15:15:02 <d34dh0r53> I don't think any of the stakeholders are here today so we'll move on, but please update/review if you get a chance
15:15:14 <d34dh0r53> #topic open discussion
15:15:36 <d34dh0r53> drencrom: zuul failing because test-requirements not compatible with python 3.10 (see https://review.opendev.org/c/openstack/keystonemiddleware/+/860481)
15:15:47 <d34dh0r53> I'll look at that this week and try to get it cleared
15:16:11 <d34dh0r53> #action d34dh0r53 unblock https://review.opendev.org/c/openstack/keystonemiddleware/+/860481
15:16:31 <d34dh0r53> anything else for open discussion?
15:21:20 <d34dh0r53> moving on then
15:21:25 <d34dh0r53> #topic bug review
15:21:33 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:22:30 <d34dh0r53> looks like we have a couple of new bugs with fixes proposed
15:22:40 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/1998268
15:22:48 <d34dh0r53> Fernet uid/gid logic issue
15:23:13 <d34dh0r53> #action d34dh0r53 review https://review.opendev.org/c/openstack/keystone/+/866096
15:23:39 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/1998789
15:23:44 <d34dh0r53> PooledLDAPHandler.result3 does not release pool connection back when an exception is raised Edit
15:24:07 <d34dh0r53> #action d34dh0r53 review https://review.opendev.org/c/openstack/keystone/+/866723
15:24:23 <d34dh0r53> thanks for the bug reports and fixes, I'll review this week
15:24:31 <d34dh0r53> next up
15:24:53 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:25:10 <d34dh0r53> nothing new for python-keystoneclient
15:25:22 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:25:47 <d34dh0r53> keystoneauth has a new bug
15:25:57 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bug/1998366
15:26:04 <d34dh0r53> Federated auth plugins do not work with unversioned auth_url
15:26:16 <d34dh0r53> and there is a review, I'll take a look this week
15:26:28 <d34dh0r53> #action d34dh0r53 review https://review.opendev.org/c/openstack/keystoneauth/+/866189
15:26:48 <d34dh0r53> that does it for keystoneauth
15:26:52 <d34dh0r53> next up is
15:26:55 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:27:12 <d34dh0r53> nothing new for keystonemiddleware
15:27:24 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:27:34 <d34dh0r53> pycadf is clean
15:27:39 <d34dh0r53> and finally we have
15:27:52 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:28:02 <d34dh0r53> which has no new issues
15:28:24 <d34dh0r53> #topic conclusion
15:28:36 <d34dh0r53> anyone have anything they need before we close?
15:29:15 <rafaelweingartn> What about this spec https://review.opendev.org/c/openstack/keystone-specs/+/748042?
15:30:46 <d34dh0r53> thanks for bringing that up rafaelweingartn
15:30:57 <d34dh0r53> I will review that this week and bring it up in the reviewathon
15:31:13 <d34dh0r53> #action d34dh0r53 review https://review.opendev.org/c/openstack/keystone-specs/+/748042
15:31:45 <d34dh0r53> AFAIK we've fully moved to alembic but I need to double check that there aren't any lingering dependencies
15:33:00 <d34dh0r53> Anything else?
15:33:35 <d34dh0r53> thanks everyone!
15:33:41 <d34dh0r53> #endmeeting