#openstack-keystone log

15:00:08 <d34dh0r53> #startmeeting keystone
15:00:08 <opendevmeet> Meeting started Tue Feb 21 15:00:08 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:08 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:08 <opendevmeet> The meeting name has been set to 'keystone'
15:00:45 <d34dh0r53> #topic roll call
15:00:51 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, arequate
15:00:52 <zaitcev> o7
15:00:53 <xek> o/
15:01:02 <hiromu_> o/
15:01:07 <knikolla[m]> o/
15:01:19 <d34dh0r53> dmendiza[m], do you want to be added to the roll call list?
15:01:43 <dmendiza[m]> Sure
15:05:27 <d34dh0r53> #topic review past meeting work items
15:05:49 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-02-14-15.03.html
15:06:02 <d34dh0r53> d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more
15:06:20 <d34dh0r53> I started doing this, but didn't finish, I don't think we use that group though
15:06:26 <d34dh0r53> #action d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more
15:07:57 <d34dh0r53> #topic liaison updates
15:08:05 <d34dh0r53> Nothing new from VMT
15:08:56 <d34dh0r53> Antelope release is in full swing
15:12:03 <d34dh0r53> hiromu_ has asked for a feature freeze exception for OAuth 2.0
15:12:05 <d34dh0r53> #link https://lists.openstack.org/pipermail/openstack-discuss/2023-February/032278.html
15:12:13 <d34dh0r53> I have no objections
15:13:07 <d34dh0r53> with that moving on to
15:13:20 <d34dh0r53> #topic specifications OAuth 2.0 (hiromu_)
15:13:31 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:13:33 <d34dh0r53> External OAuth 2.0 Specification
15:13:35 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:13:37 <d34dh0r53> OAuth 2.0 Implementation
15:13:39 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:13:41 <d34dh0r53> OAuth 2.0 Documentation
15:13:43 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:13:45 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:14:33 <hiromu_> I couldn't find any comments yet. is there anything I can do for the review process?
15:16:45 <hiromu_> regarding mTLS Oauth2.0, to be clear. https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:17:03 <zaitcev> Beat the drum more, I suppose. Who do we have on core? Nikola, Greg...?
15:17:05 <d34dh0r53> correct
15:17:14 <d34dh0r53> knikolla[m], xek and dmendiza[m]
15:22:50 <d34dh0r53> Ok, cores, please focus on reviewing this feature
15:23:03 <d34dh0r53> next up
15:23:21 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:23:32 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:23:35 <d34dh0r53> Service Role Implementation
15:23:37 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/863420
15:23:39 <d34dh0r53> Manager Role Implementation
15:23:41 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:25:01 <d34dh0r53> dmendiza[m], I think we need to have another look at the manager role
15:25:16 <dmendiza[m]> Still kind of out of the loop
15:25:18 <dmendiza[m]> No updates from me this week
15:25:24 <dmendiza[m]> d34dh0r53: ack
15:25:25 <d34dh0r53> ack
15:25:31 <d34dh0r53> moving on to
15:25:41 <d34dh0r53> #topic open discussion
15:25:59 <d34dh0r53> The TC is calling for Antelope cycle highlights
15:26:18 <d34dh0r53> I'd like to mention mTLS support
15:27:36 <knikolla[m]> ++
15:28:11 <knikolla[m]> I would also love to see this merge for this cycle https://review.opendev.org/c/openstack/keystoneauth/+/869876
15:28:48 <d34dh0r53> knikolla[m]++ agreed
15:29:25 <d34dh0r53> I don't mind removing my -1 if it help, we can remove six in a follow up patch
15:29:57 <d34dh0r53> anything else for Antelope cycle highlights?
15:30:00 <knikolla[m]> We can just push a new patchset
15:30:36 <d34dh0r53> ack
15:32:38 <d34dh0r53> Ok, anything else for open discussion before we move to bug review?
15:34:00 <d34dh0r53> #topic bug review
15:34:37 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:35:10 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2007982
15:36:17 <d34dh0r53> keystone role cache misbehaving in HA setup
15:38:47 <d34dh0r53> Interesting, does anyone have any cycles to look into this?
15:39:33 <d34dh0r53> ack
15:39:41 <d34dh0r53> next up we have another bug in keystone
15:39:43 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2007915
15:40:20 <d34dh0r53> this reads as a ML question for the nova folks?
15:41:08 <d34dh0r53> I also think the answer to their question is no
15:42:26 <d34dh0r53> I'll reply to that
15:43:02 <d34dh0r53> that does it for keystone
15:43:26 <d34dh0r53> next up we have
15:43:29 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:43:51 <d34dh0r53> we don't have any bugs but the gate is broken
15:43:56 <d34dh0r53> I have submitted
15:44:17 <d34dh0r53> #link https://review.opendev.org/c/openstack/python-keystoneclient/+/874263
15:44:39 <d34dh0r53> to fix it, for bobcat I'd like to look at deprecating python-keystoneclient
15:45:05 <d34dh0r53> other than that nothing new in python-keystoneclient
15:45:07 <d34dh0r53> next up
15:45:22 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:45:42 <d34dh0r53> no new bugs there
15:45:55 <d34dh0r53> #link #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:45:57 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:46:10 <d34dh0r53> nothing new
15:46:22 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:46:27 <d34dh0r53> pycadf is clean
15:46:36 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:46:41 <d34dh0r53> so is ldappool
15:46:54 <d34dh0r53> did we miss anything?
15:47:21 <d34dh0r53> #topic conclusion
15:47:41 <hiromu_> I'd like to mention one thing for ptg
15:47:47 <d34dh0r53> A couple of things before we go, first off don't forget to register for the Virtual PTG
15:47:52 <d34dh0r53> go ahead hiromu_
15:48:10 <hiromu_> thanks. recently I sent this email to ML https://lists.openstack.org/pipermail/openstack-discuss/2023-February/032143.html
15:49:01 <hiromu_> this is the proposal of making discussion time at PTG for External OAuth 2.0 Specification
15:49:51 <d34dh0r53> ack, I will make sure that we don't conflict with any ironic times
15:50:04 <hiromu_> great. thanks a lot.
15:50:08 <d34dh0r53> thank you
15:50:21 <d34dh0r53> Speaking of the PTG, it's free
15:50:39 <d34dh0r53> #link https://openinfra-ptg.eventbrite.com/
15:51:08 <d34dh0r53> Also, please let me know if you have any additional highlights you'd like to call out for the Antelope cycle
15:51:43 <d34dh0r53> Thanks folks, have a great rest of your day!
15:51:50 <d34dh0r53> #endmeeting