#openstack-keystone log

15:05:51 <d34dh0r53> #startmeeting keystone
15:05:51 <opendevmeet> Meeting started Tue Mar 21 15:05:51 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:05:51 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:05:51 <opendevmeet> The meeting name has been set to 'keystone'
15:05:57 <d34dh0r53> #topic roll call
15:06:03 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, arequate, dmendiza[m]
15:06:36 <dmendiza[m]> 🙋
15:07:02 <knikolla[m]> o/
15:08:11 <hiromu> o/
15:08:59 <d34dh0r53> o/
15:09:13 <d34dh0r53> #topic review past meeting work items
15:09:28 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-03-14-15.02.html
15:09:49 <d34dh0r53> #action d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more
15:10:00 <d34dh0r53> d34dh0r53 investigate https://bugs.launchpad.net/keystone/+bug/2009752
15:10:45 <d34dh0r53> I'm still looking at this, my reproducer environment is unreachable ATM
15:10:48 <d34dh0r53> #action d34dh0r53 investigate https://bugs.launchpad.net/keystone/+bug/2009752
15:11:31 <d34dh0r53> that does it for the past meeting work items
15:11:34 <d34dh0r53> next up we have
15:11:40 <d34dh0r53> #topic liaison updates
15:11:47 <d34dh0r53> nothing from VMT
15:12:45 <d34dh0r53> moving on
15:13:05 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:13:17 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:13:20 <d34dh0r53> External OAuth 2.0 Specification
15:13:22 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:13:24 <d34dh0r53> OAuth 2.0 Implementation
15:13:26 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:13:28 <d34dh0r53> OAuth 2.0 Documentation
15:13:30 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:13:32 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:14:03 <hiromu> I sent ML to decide time slot for discussing ext OAuth2.0 server support on vPTG, and I got a reply from Ironic
15:14:09 <hiromu> https://lists.openstack.org/pipermail/openstack-discuss/2023-March/032796.html
15:16:10 <hiromu> I need one slot for this topic, so I'm going to suggest the Keystone's first slot on next Monday. Is this okay for Keystone?
15:16:46 <d34dh0r53> Yes, this is fine for me
15:16:53 <d34dh0r53> Does it work for you knikolla[m] and dmendiza[m] ?
15:17:13 * dmendiza[m] checks PTG calendar
15:18:04 <dmendiza[m]> #link https://ptg.opendev.org/ptg.html
15:18:18 <dmendiza[m]> Works for me.  There's nothing else on MOnday that I need to attend
15:18:24 <d34dh0r53> ack
15:18:37 <hiromu> The date may vary depending on Ironic's reply, please check this thread.
15:19:04 <d34dh0r53> hiromu: I'm watching that thread and will update accordingly
15:19:18 <hiromu> thanks a lot
15:19:46 <d34dh0r53> no problem, anything else?
15:20:13 <hiromu> no, thanks :)
15:20:30 <d34dh0r53> next up
15:20:39 <d34dh0r53> #topic Secure RBAC (dmendiza[m])
15:20:42 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:20:44 <d34dh0r53> Service Role Implementation
15:20:46 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/863420
15:20:48 <d34dh0r53> Manager Role Implementation
15:20:50 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:20:51 <d34dh0r53> any updates dmendiza[m] ?
15:21:09 <dmendiza[m]> No updates, sorry.  I've been focused on downstream things 😅
15:21:15 <d34dh0r53> no worries :)
15:21:21 <d34dh0r53> next up
15:21:29 <d34dh0r53> #topic specification SQLAlchemy 2.0 (stephenfin)
15:21:32 <d34dh0r53> #link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone
15:21:34 <d34dh0r53> Can I get reviews on this, while I have context/time to close it out?
15:21:36 <d34dh0r53> What more do you need from me?
15:22:00 <d34dh0r53> stephenfin: thanks for these, I'll start reviewing this week
15:22:12 <stephenfin> no worries (y)
15:22:52 <d34dh0r53> cool, moving to open discussion
15:23:02 <d34dh0r53> #topic open discussion
15:23:14 <d34dh0r53> (mustafakemalgilor) PooledLdapHandler message.clean() patch backports
15:23:33 * dmendiza[m] needs to catch up on reviews
15:23:55 <dmendiza[m]> what's the next branch on those backports?
15:24:05 <d34dh0r53> review request
15:24:08 <d34dh0r53> #link ussuri: https://review.opendev.org/c/openstack/keystone/+/874846
15:24:10 <d34dh0r53> #link victoria: https://review.opendev.org/c/openstack/keystone/+/874847
15:24:12 <d34dh0r53> #link wallaby: https://review.opendev.org/c/openstack/keystone/+/874844
15:24:14 <d34dh0r53> #link xena: https://review.opendev.org/c/openstack/keystone/+/874843
15:24:16 <d34dh0r53> #link yoga: https://review.opendev.org/c/openstack/keystone/+/874842
15:24:18 <d34dh0r53> #link zed: https://review.opendev.org/c/openstack/keystone/+/874841
15:24:26 <d34dh0r53> #undo
15:24:26 <opendevmeet> Removing item from minutes: #link https://review.opendev.org/c/openstack/keystone/+/874841
15:24:26 <dmendiza[m]> No train?
15:24:40 <d34dh0r53> I don't see one
15:24:55 <dmendiza[m]> Yoga +2/+A
15:25:17 <d34dh0r53> thanks dmendiza[m]
15:25:32 <dmendiza[m]> I'll keep an eye out for this to merge and kick the next branch
15:25:40 <dmendiza[m]> Going back to the Gerrit group AI
15:25:44 <d34dh0r53> ack, TYS
15:25:45 <dmendiza[m]> so we don't have to keep kicking it
15:26:10 <d34dh0r53> next up
15:26:13 <d34dh0r53> (drencrom) We need to merge and backport this patch https://review.opendev.org/c/openstack/keystonemiddleware/+/877808 to fix pep8 tests
15:26:50 <d34dh0r53> dmendiza[m]: mind looking at ^ while you have gerrit open ;)
15:27:03 * dmendiza[m] looks
15:27:39 <dmendiza[m]> d34dh0r53: +2/+A'd
15:28:02 <d34dh0r53> thanks dmendiza[m]
15:28:10 <d34dh0r53> any thing else for open discussion>
15:28:12 <d34dh0r53> ?
15:28:30 <d34dh0r53> cool, moving on to
15:28:33 <drencrom> Thanks, I'll do the cherry picks for backports later
15:28:35 <opendevreview> Takashi Kajinami proposed openstack/keystone-tempest-plugin master: Replace deprecated tenant_id property  https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/878111
15:28:40 <d34dh0r53> thanks drencrom
15:28:52 <d34dh0r53> #topic bug review
15:29:00 <d34dh0r53> #link ussuri: https://review.opendev.org/c/openstack/keystone/+/874846
15:29:06 <dmendiza[m]> wait hold up
15:29:07 <d34dh0r53> #undo
15:29:07 <opendevmeet> Removing item from minutes: #link https://review.opendev.org/c/openstack/keystone/+/874846
15:29:14 <d34dh0r53> #undo
15:29:14 <opendevmeet> Removing item from minutes: #topic bug review
15:29:14 <dmendiza[m]> I wanted to talk about the gerrit groups
15:29:23 <dmendiza[m]> sorry, missed the last call there
15:29:29 <d34dh0r53> ahh, no worries dmendiza[m]
15:29:36 * d34dh0r53 hands dmendiza[m] the mic
15:29:38 <dmendiza[m]> #link https://paste.opendev.org/show/bnWClSh0CkCnc87qc8aG/
15:29:43 <dmendiza[m]> this is currently what's in project-config
15:30:48 <dmendiza[m]> I'm not sure exactly what group you were wanting to check
15:30:49 <dmendiza[m]> ?
15:31:22 <dmendiza[m]> We could probably do some group linking so that keystone-core is the main group and the others include keystone-core
15:31:31 <dmendiza[m]> so we don't have to go update every single group every time keystone-core changes
15:33:20 <d34dh0r53> right, I think we should do that.  Do you know if https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members is used at all?
15:34:23 <dmendiza[m]> It's used here:
15:34:25 <dmendiza[m]> #link https://opendev.org/openstack/project-config/src/branch/master/gerrit/acls/openstack/keystone.config#L4-L5
15:34:53 <dmendiza[m]> pushMerge for "refs/for/refs/*", which my gerrit-fu is not strong enough to decypher
15:34:58 <dmendiza[m]> the ref spec looks weird
15:35:13 <d34dh0r53> yeah
15:35:43 <d34dh0r53> and where does keystonemiddleware inherit from?
15:37:54 <dmendiza[m]> #link https://opendev.org/openstack/project-config/src/branch/master/gerrit/projects.yaml#L3626-L3630
15:38:15 <d34dh0r53> ack
15:38:23 <dmendiza[m]> looks like keystonemiddlware is configured to use keystoneauth
15:38:25 <dmendiza[m]> #link https://opendev.org/openstack/project-config/src/branch/master/gerrit/acls/openstack/keystoneauth.config
15:38:56 <dmendiza[m]> so it uses keystoneauth-core and keystone-stable-maint,
15:39:15 <d34dh0r53> yep
15:39:46 <d34dh0r53> dmendiza[m]: let's work to get this cleaned up, I think everything should inherit from keystone-core unless there are objections
15:40:06 <dmendiza[m]> Sounds good to me.  knikolla ?
15:41:45 <d34dh0r53> I've added it as a quick PTG agenda item
15:42:21 <d34dh0r53> thanks dmendiza[m]
15:42:35 <d34dh0r53> anything else for open discussion?
15:42:35 <knikolla[m]> sure
15:42:45 <dmendiza[m]> nope, I'm good now, thanks
15:43:04 <d34dh0r53> ++
15:43:08 <d34dh0r53> #topic bug review
15:43:13 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:43:20 <d34dh0r53> no new bugs for keystone
15:43:32 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:43:48 <d34dh0r53> python-keystoneclient is clean
15:43:57 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:44:11 <d34dh0r53> nothing new in keystoneauth
15:44:19 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:44:31 <d34dh0r53> nor in keystonemiddleware
15:44:40 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:45:21 <d34dh0r53> pycadf has nothing new
15:45:29 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:45:45 <d34dh0r53> and no new bugs in ldappool
15:45:53 <d34dh0r53> #topic conclusion
15:45:57 <d34dh0r53> PTG is next week
15:46:09 <d34dh0r53> #link https://etherpad.opendev.org/p/bobcat-ptg-keystone
15:46:39 <d34dh0r53> dmendiza[m]: we have a topic on there from last cycle for deprecating python-keystoneclient.  Are you still interested in helping/advising with that?
15:47:35 <dmendiza[m]> Yeah, sure
15:48:18 <d34dh0r53> tys!
15:48:26 <d34dh0r53> please add agenda items
15:49:12 <d34dh0r53> no weekly meeting next week.  We'll talk about the reviewathon in one of our sessions
15:49:18 <d34dh0r53> thanks all!
15:49:32 <d34dh0r53> #endmeeting