#openstack-keystone log

15:00:12 <d34dh0r53> #startmeeting keystone
15:00:12 <opendevmeet> Meeting started Wed Aug  2 15:00:12 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:12 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:12 <opendevmeet> The meeting name has been set to 'keystone'
15:00:14 <d34dh0r53> o/
15:00:18 <d34dh0r53> #topic roll call
15:00:31 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]
15:00:51 <knikolla> o/
15:00:54 <dmendiza[m]> 🙋‍♂️
15:01:51 <xek> o/
15:04:52 <d34dh0r53> howdy all
15:05:04 <d34dh0r53> #topic review past meeting work items
15:05:20 <d34dh0r53> no movement on either
15:05:29 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:05:43 <d34dh0r53> #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation
15:06:10 <d34dh0r53> #topic liaison updates
15:06:20 <d34dh0r53> no news from the VMT
15:08:40 <d34dh0r53> moving on
15:08:51 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:09:02 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:09:04 <d34dh0r53> External OAuth 2.0 Specification
15:09:06 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:09:08 <d34dh0r53> OAuth 2.0 Implementation
15:09:10 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:09:12 <d34dh0r53> OAuth 2.0 Documentation
15:09:14 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:09:16 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:11:51 <hiromu> o/
15:12:00 <d34dh0r53> o/ hiromu
15:12:04 <hiromu> nothing special this week
15:12:12 <d34dh0r53> ok, thank you
15:12:36 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:12:44 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:12:47 <d34dh0r53> Service Role Implementation
15:12:49 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/863420
15:12:49 <dmendiza[m]> No updates from me. 😅
15:12:51 <d34dh0r53> Manager Role Implementation
15:12:53 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:12:55 <d34dh0r53> Keystone Tempest Plugin Updates
15:12:57 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/885799
15:12:59 <dmendiza[m]> Didn't get around to deploying the Manager patch
15:13:18 <d34dh0r53> ack, thanks dmendiza[m]
15:13:36 <d34dh0r53> #topic open discussion
15:13:46 <d34dh0r53> (drencrom) Remove cache invalidation when using expired token
15:13:48 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystonemiddleware/+/889191
15:14:08 <d34dh0r53> dmendiza[m], knikolla, xek can y'all do the needful on that patch?
15:14:25 <d34dh0r53> I had to resubmit it to get around some zuul/gerrit confusion
15:14:43 <drencrom> thanks d34dh0r53, zuul is working now
15:15:05 <xek> ah, with a different change-id
15:15:48 <d34dh0r53> yeah, gerrit must have had communication issues with the DB because 3 different patches (2 were abandoned) had the same change-id which made zuul angry
15:17:47 <d34dh0r53> (reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE:
15:17:50 <d34dh0r53> review request
15:17:52 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/883852
15:17:54 <d34dh0r53> Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same)
15:17:58 <d34dh0r53> also review requests on this one
15:21:44 <d34dh0r53> anything else for open discussion?
15:22:40 <d34dh0r53> #topic bug review
15:23:22 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:23:50 <d34dh0r53> there are a couple of new bugs for keystone that have to do with the bcrypt password length truncation
15:24:02 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2029134
15:24:05 <d34dh0r53> and
15:24:19 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2028809
15:26:05 <d34dh0r53> sorry, only the second bug is related to that, the first is another upgrade bug
15:26:55 <d34dh0r53> I'll take a look at those
15:27:22 <d34dh0r53> Next up
15:27:31 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:27:44 <d34dh0r53> no new bugs
15:27:57 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:28:17 <d34dh0r53> nothing new in keystoneauth
15:28:29 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:28:51 <d34dh0r53> no new bugs in keystonemiddleware
15:29:02 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:29:05 <d34dh0r53> pycadf is clean
15:29:17 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:29:22 <d34dh0r53> as is ldappool
15:29:34 <d34dh0r53> #topic conclusion
15:29:42 <d34dh0r53> Anyone have anything?
15:30:31 <d34dh0r53> Ok, thanks folks!
15:30:43 <d34dh0r53> See you at the reviewathon on Friday :)
15:30:46 <d34dh0r53> #endmeeting