15:01:42 <d34dh0r53> #startmeeting keystone 15:01:42 <opendevmeet> Meeting started Wed Aug 16 15:01:42 2023 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:01:42 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:01:42 <opendevmeet> The meeting name has been set to 'keystone' 15:01:46 <d34dh0r53> #topic roll call 15:01:51 <noonedeadpunk> o/ 15:02:06 <hiromu> o/ 15:02:07 <dmendiza[m]> 🙋 15:02:25 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m] 15:02:28 <d34dh0r53> o/ 15:02:44 <knikolla> o/ 15:02:54 <d34dh0r53> #topic review past meeting work items 15:03:24 <d34dh0r53> d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:03:45 <d34dh0r53> I've started looking into this, we don't have a section and I'm investigating adding one 15:03:54 <d34dh0r53> so I'll carry it forward 15:03:57 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:04:03 <d34dh0r53> the next item as well 15:04:11 <noonedeadpunk> isn't that part of release notes? 15:04:28 <noonedeadpunk> except - you'd need to move renos between releases to keep known issues there 15:05:24 <d34dh0r53> #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation 15:06:42 <d34dh0r53> yeah, I think it's for more long lived known issues, stuff that is idiosyncratic to keystone, and issues that are likely not to be fixed with well known workarounds 15:06:58 <d34dh0r53> d34dh0r53 investigate switching the default hashing algo to scrypt in 2024.x 15:07:47 <d34dh0r53> is next up, noonedeadpunk I know you did some work related to this AI this past week, I haven't had a chance to look at anything 15:08:35 <noonedeadpunk> yeah, patch for https://bugs.launchpad.net/keystone/+bug/2029134 proposed and needs to be reviewed 15:08:43 <noonedeadpunk> it also needs to be backported to 2023.1 15:09:38 <noonedeadpunk> Fix for https://bugs.launchpad.net/openstack-ansible/+bug/2028809 has merged on master and backports proposed to affected stable branches 15:10:09 <noonedeadpunk> #link https://review.opendev.org/q/Iea95a3c2df041a0046647b3d3dadead1a6d054d1 15:10:37 <noonedeadpunk> I didn't look into this one though 15:10:39 <noonedeadpunk> #link https://bugs.launchpad.net/keystone/+bug/2030061 15:11:14 <d34dh0r53> ack 15:13:02 <d34dh0r53> I think maybe a good first step to the hashing algo is to get https://review.opendev.org/c/openstack/keystone/+/891024/3 tested and merged 15:13:19 <d34dh0r53> We can then look into perhaps making that the default in 2024.x 15:14:20 <d34dh0r53> Since there is no length limitation with the additional hash and we're still using bcrypt I'm thinking that is a good way to go. 15:15:28 <d34dh0r53> #action d34dh0r53 test https://review.opendev.org/c/openstack/keystone/+/891024/3 15:15:32 <d34dh0r53> next up 15:15:38 <d34dh0r53> noonedeadpunk and d34dh0r53 are looking for a workaround/fix for https://bugs.launchpad.net/keystone/+bug/2028809 15:16:01 <d34dh0r53> I think this has been resolved in https://review.opendev.org/c/openstack/keystone/+/890936 15:16:07 <noonedeadpunk> yup 15:16:11 <d34dh0r53> thank you for the patch noonedeadpunk 15:16:45 <d34dh0r53> next up we have hiromu is going to look at https://bugs.launchpad.net/keystone/+bug/2029134 15:17:22 <d34dh0r53> this has a patch up https://review.opendev.org/c/openstack/keystone/+/891521 15:17:31 <d34dh0r53> hiromu: were you able to look at this patch? 15:17:43 <hiromu> sure 15:18:02 <d34dh0r53> thank you! 15:18:08 <hiromu> :) 15:18:23 <d34dh0r53> #action hiromu test and review https://review.opendev.org/c/openstack/keystone/+/891521 15:18:36 <d34dh0r53> ok, that does it for the past week action items 15:18:51 <d34dh0r53> next up 15:18:52 <d34dh0r53> #topic liaison updates 15:18:56 <d34dh0r53> nothing from VMT 15:21:15 <d34dh0r53> cool, moving on 15:21:37 <d34dh0r53> #topic specification OAuth 2.0 (hiromu) 15:22:56 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:22:58 <d34dh0r53> External OAuth 2.0 Specification 15:23:00 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 15:23:02 <d34dh0r53> OAuth 2.0 Implementation 15:23:04 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:23:06 <d34dh0r53> OAuth 2.0 Documentation 15:23:08 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 15:23:10 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 15:23:28 <hiromu> no update this week. I hope topic https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability will be reviwered within this cycle if possible 15:24:19 <d34dh0r53> I will add it to the reviewathon 15:24:47 <d34dh0r53> thank you hiromu 15:24:50 <d34dh0r53> next up 15:25:05 <d34dh0r53> #topic Secure RBAC (dmendiza[m]) 15:25:36 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:25:37 <d34dh0r53> Manager Role Implementation 15:25:37 <dmendiza[m]> Not a whole lot of progress 15:25:39 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601 15:25:45 <d34dh0r53> ack, thanks dmendiza[m] 15:25:45 <dmendiza[m]> we had the pop-up meeting yesterday 15:25:59 <dmendiza[m]> and I'll be helping gmann update an srbac patch 15:26:10 <d34dh0r53> cool 15:28:15 <d34dh0r53> #topic open discussion 15:28:40 <d34dh0r53> (reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE: 15:28:42 <d34dh0r53> review request 15:28:44 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/883852 15:28:46 <d34dh0r53> Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same) 15:28:53 <d34dh0r53> this has merged, thanks all! 15:29:00 <d34dh0r53> removing it from the doc 15:29:34 <d34dh0r53> next up 15:29:35 <d34dh0r53> OAuth2.0 External Authorization Server Support (hiromu) 15:29:37 <d34dh0r53> Where is an appropriate place to put the user guide 15:30:49 <dmendiza[m]> https://opendev.org/openstack/keystone/src/branch/master/doc/source/user ? 15:31:44 <hiromu> but it's about keystonemiddleware 15:32:20 <d34dh0r53> slightly off topic, is there a reason keystone isn't listed here: https://docs.openstack.org/2023.1/projects.html ? 15:33:23 <hiromu> I think d34dh0r53 has given us the answer that https://docs.openstack.org/keystonemiddleware/latest/middlewarearchitecture.html can be appropriate last week. 15:33:25 <dmendiza[m]> hiromu https://opendev.org/openstack/keystonemiddleware/src/branch/master/doc/source 15:33:57 <dmendiza[m]> d34dh0r53: seems like a doc site bug. For some reason Identity doesn't show up in the stable branches 15:34:30 <d34dh0r53> yes hiromu that is correct, I think that's where it should go and I should have moved that topic to the archive 15:34:43 <zaitcev> indeed, this seems to contain Identity: https://docs.openstack.org/2023.2/projects.html 15:34:59 <d34dh0r53> #action d34dh0r53 look into doc bug of missing Identity section on https://docs.openstack.org/2023.1/projects.html 15:35:09 <hiromu> thanks d34dh0r53: and dmendiza: 15:35:30 <d34dh0r53> ack, that does it for open discussion 15:36:18 <d34dh0r53> #topic bug review 15:36:28 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:36:39 <d34dh0r53> no new bugs for keystone 15:36:51 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:37:04 <d34dh0r53> nor for python-keystoneclient 15:37:16 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:37:31 <d34dh0r53> keystoneauth is good 15:37:39 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:37:49 <d34dh0r53> as it keystonemiddleware 15:37:56 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:38:09 <d34dh0r53> pycadf is clean 15:38:15 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:38:29 <d34dh0r53> and ldappool is also clean 15:38:34 <d34dh0r53> #topic conclusion 15:39:17 <d34dh0r53> No reviewathon this week as it's a recharge day for Red Hat 15:39:25 <d34dh0r53> anyone have anything else before we close? 15:40:58 <zaitcev> Guess not. 15:42:28 <d34dh0r53> guess not :) 15:42:36 <d34dh0r53> thanks folks! 15:42:39 <d34dh0r53> #endmeeting