#openstack-keystone log

15:07:11 <d34dh0r53> #startmeeting keystone
15:07:11 <opendevmeet> Meeting started Tue May  9 15:07:11 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:07:11 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:07:11 <opendevmeet> The meeting name has been set to 'keystone'
15:07:54 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]
15:07:59 <d34dh0r53> #topic roll call
15:08:02 <zaitcev> o/
15:08:04 <dmendiza[m]> 🙋‍♂️
15:08:28 <d34dh0r53> o/
15:09:09 <d34dh0r53> #topic review past meeting work items
15:09:14 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-05-02-15.03.html
15:09:23 <d34dh0r53> dmendiza[m], d34dh0r53 update the keystone groups to inherit from keystone-core
15:09:34 <d34dh0r53> This is pretty much done, thanks dmendiza[m]
15:10:00 <d34dh0r53> Lance changed the group we needed and I now have access to update the release groups
15:10:02 <dmendiza[m]> 😎
15:10:37 <dmendiza[m]> I think there was one ldappool group that'll need infra intervention to fix
15:10:43 <dmendiza[m]> (since the members are now long gone)
15:10:50 <dmendiza[m]> ?
15:11:16 <d34dh0r53> I think I now have access to fix that, I'll test today
15:11:38 <d34dh0r53> next up: d34dh0r53 investigate https://bugs.launchpad.net/keystone/+bug/2009752
15:11:52 <d34dh0r53> I still need to do this, working on a reproducer environment now
15:11:57 <d34dh0r53> #action d34dh0r53 investigate https://bugs.launchpad.net/keystone/+bug/2009752
15:12:14 <d34dh0r53> d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:12:26 <d34dh0r53> need to look at this, unless someone wants to take it
15:12:46 <d34dh0r53> it goes along with d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation
15:13:37 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:13:53 <d34dh0r53> #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation
15:14:43 <d34dh0r53> #action d34dh0r53 review our open LDAP bugs https://bugs.launchpad.net/keystone/+bugs?field.tag=ldap
15:14:52 <d34dh0r53> Ok, that does it for the past meeting work items
15:15:09 <d34dh0r53> #topic liaison updates
15:15:13 <knikolla> o/
15:15:20 <d34dh0r53> Hi knikolla o/
15:15:29 <d34dh0r53> No updates from VMT
15:16:04 <hiromu> o/
15:16:21 <dmendiza[m]> This week is Bobcat-1
15:16:43 <dmendiza[m]> I don't think we need to do anything other than +1 the release patch.
15:16:48 <d34dh0r53> ack
15:18:05 <d34dh0r53> Ok, moving on
15:18:26 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:18:38 <d34dh0r53> External OAuth 2.0 Specification
15:18:39 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:18:41 <d34dh0r53> OAuth 2.0 Implementation
15:18:43 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:18:45 <d34dh0r53> OAuth 2.0 Documentation
15:18:47 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:18:49 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:21:45 <knikolla> There were some comments from Julia on the spec which I would like to see addressed.
15:22:32 <hiromu> I'll reply them until next week.
15:23:19 <d34dh0r53> thank you hiromu
15:23:31 <d34dh0r53> any other comments on OAuth 2.0?
15:23:50 <hiromu> I have one
15:24:44 <hiromu> is there any chance to discuss the spec which should be updated soon at PTG at June?
15:25:22 <hiromu> I mean do you plan to attend PTG in person?
15:25:59 <hiromu> especially knikolla and d34dh0r53
15:26:15 <d34dh0r53> I will be there
15:26:19 <knikolla> I will be attending and we can discuss it there, sure
15:26:58 <hiromu> thanks. i'll remind you when PTG is approaching.
15:27:08 <d34dh0r53> thank you hiromu
15:27:34 <d34dh0r53> next up we have:
15:27:55 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:27:57 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:27:59 <d34dh0r53> Service Role Implementation
15:28:01 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/863420
15:28:03 <d34dh0r53> Manager Role Implementation
15:28:05 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:28:21 <dmendiza[m]> Not a whole lot of progress on those
15:28:32 <dmendiza[m]> There's an RBAC pop-up meeting scheduled for later today
15:28:37 <dmendiza[m]> so I'll sync up with gmann then
15:29:00 <d34dh0r53> ack, thanks dmendiza[m]
15:29:21 <d34dh0r53> #topic SQLAlchemy 2.0 (stephenfin)
15:29:23 <d34dh0r53> #link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone
15:29:25 <d34dh0r53> Can I get reviews on this, while I have context/time to close it out?
15:29:27 <d34dh0r53> What more do you need from me?
15:29:31 <d34dh0r53> we need to review these patches
15:31:48 <d34dh0r53> anything else before we move on?
15:32:29 <d34dh0r53> #topic open discussion
15:32:37 <d34dh0r53> first up
15:32:43 <d34dh0r53> (drencrom) We need to merge these backports to fix pep8 tests
15:33:04 <d34dh0r53> we started doing the backports, the gates look like they may be failing due to a Stevedore issue
15:33:11 <d34dh0r53> does anyone here know how to troubleshoot those?
15:34:06 <zaitcev> Not me.
15:34:52 <drencrom> Where do you see these errors? I see all green on opendev
15:35:19 <d34dh0r53> drencrom: https://review.opendev.org/c/openstack/keystonemiddleware/+/882401
15:35:58 <d34dh0r53> the cover test, a couple of months ago I traced a failure that looks like that to stevedore
15:40:08 <d34dh0r53> ok, maybe drencrom and I can sync on this
15:40:47 <d34dh0r53> next up
15:40:57 <d34dh0r53> (mustafakemalgilor) PooledLdapHandler message.clean() patch backports
15:41:15 <d34dh0r53> we looked at these during the reviewathon as well and I think the backports are now getting votes
15:42:17 <d34dh0r53> we still need +2 +W on
15:42:20 <d34dh0r53> #link ussuri: https://review.opendev.org/c/openstack/keystone/+/874846
15:42:22 <d34dh0r53> #link victoria: https://review.opendev.org/c/openstack/keystone/+/874847
15:42:24 <d34dh0r53> #link wallaby: https://review.opendev.org/c/openstack/keystone/+/874844
15:42:26 <d34dh0r53> #link xena: https://review.opendev.org/c/openstack/keystone/+/874843
15:42:42 <d34dh0r53> next up (reqa) OAuth 2.0 Device Authorization Grant bugfix
15:43:12 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/876893
15:43:21 <d34dh0r53> it has votes, but knikolla has a question on that one
15:44:10 <d34dh0r53> anything else for open discussion before we move on to bug review?
15:45:07 <d34dh0r53> #topic bug review
15:45:42 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:46:15 <d34dh0r53> Keystone has a new bug #link https://bugs.launchpad.net/keystone/+bug/2018644
15:46:35 <d34dh0r53> this looks like an S-RBAC bug, dmendiza[m] mind taking a look at it?
15:47:10 <dmendiza[m]> Sure.  I'll assign it to myself.
15:47:38 <d34dh0r53> thanks
15:48:10 <d34dh0r53> next up is #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:48:18 <d34dh0r53> nothing new for python-keystoneclient
15:48:42 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bug/2012047
15:48:49 <d34dh0r53> #undo
15:48:49 <opendevmeet> Removing item from minutes: #link https://bugs.launchpad.net/keystoneauth/+bug/2012047
15:48:59 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:49:06 <d34dh0r53> nothing new for keystoneauth
15:49:25 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:49:38 <d34dh0r53> keystonemiddleware is the same as last week
15:49:50 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:49:56 <d34dh0r53> pycadf has no new bugs
15:50:02 <zaitcev> What's going on with all these undecideds in keystoneauth
15:50:16 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:50:43 <zaitcev> Oh, it's a priority, not disposition. Okay, sorry.
15:50:56 <d34dh0r53> yeah
15:51:13 <d34dh0r53> ldappool is clean as well
15:51:38 <d34dh0r53> but to your point zaitcev we need to set priority on some of those as they are valid bugs
15:51:50 <d34dh0r53> #topic conclusion
15:52:07 <d34dh0r53> No reviewathon this week as it's a day off for Red Hat
15:52:26 <d34dh0r53> any this else?
15:52:38 <zaitcev> As usual I need to drum up reviews
15:52:42 <d34dh0r53> *thing
15:52:45 <zaitcev> See https://review.opendev.org/c/openstack/keystone/+/874346
15:53:11 <zaitcev> I thought it was okay to let it sit because it's attached to a bug and eventually you'll notice that the bug is fixed.
15:53:28 <zaitcev> But I'm getting impatient :-)
15:53:34 <d34dh0r53> ack, I'll take a look today
15:53:36 <d34dh0r53> thank you
15:53:59 <zaitcev> Well, it's my real contribution to Keystone. Not just fixing typos in setup.cfg.
15:54:04 <d34dh0r53> :)
15:54:36 <d34dh0r53> Thanks Folks! See everyone online and have a great rest of your week.  Please reach out if you need anything :)
15:54:40 <d34dh0r53> #endmeeting