14:59:32 <d34dh0r53> #startmeeting keystone 14:59:32 <opendevmeet> Meeting started Wed May 1 14:59:32 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 14:59:32 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 14:59:32 <opendevmeet> The meeting name has been set to 'keystone' 15:00:07 <d34dh0r53> #topic roll call 15:00:16 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:05:02 <d34dh0r53> #topic review past meeting work items 15:05:44 <d34dh0r53> d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:05:50 <d34dh0r53> no updates on this one 15:05:57 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:06:00 <d34dh0r53> next up 15:06:08 <d34dh0r53> Review https://review.opendev.org/c/openstack/keystone-specs/+/748748 at Reviewathon on 2024-04-26 15:06:39 <d34dh0r53> this is actively being discussed in the spec review 15:06:42 <d34dh0r53> next up 15:06:51 <d34dh0r53> Review https://review.opendev.org/c/openstack/keystone-specs/+/910584 at Reviewathon on 2024-04-26 15:08:23 <d34dh0r53> that one is also being reviewed 15:08:37 <d34dh0r53> #topic liaison updates 15:08:56 <d34dh0r53> nothing from VMT nor releases 15:09:53 <d34dh0r53> #topic specification OAuth 2.0 (hiromu) 15:10:04 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/iQhfEpumMmfORbBorfSsxqSA>) 15:13:29 <d34dh0r53> I don't think hiromu is around, moving on 15:14:00 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/vfWhqxotdqxehDgeSJUpSkMB>) 15:18:27 <d34dh0r53> doesn't look like dmendiza is around, moving on 15:18:57 <dmendiza[m]> oopos 15:19:00 <d34dh0r53> #topic specification Improve federated users management (gtema) 15:19:00 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/748748 - waiting for reviews 15:19:02 <dmendiza[m]> missed the courtesy ping 15:19:34 <d34dh0r53> np, first time on matrix so I'm not sure how my pings are coming through 15:19:58 <dmendiza[m]> the last one worked... the paste for roll call didn't ping me though ... 🤔 15:20:10 <dmendiza[m]> In any case, I don't have any SRBAC updates this week. 15:20:21 <d34dh0r53> ack, thanks 15:20:33 <d34dh0r53> gtema: are you around? 15:21:40 <d34dh0r53> doesn't look like it 15:22:16 <d34dh0r53> as I said earlier there is a lively discussion in that spec, we'll keep an eye on it here 15:22:22 <d34dh0r53> next up 15:22:36 <d34dh0r53> #topic specification OpenAPI support (gtema) 15:22:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 15:23:01 <d34dh0r53> That one failed the check 15:23:09 <dmendiza[m]> I don't know enough federation to give insightful opinions on the user management spec 15:23:17 <dmendiza[m]> but I did review the OpenAPI spec 15:23:58 <d34dh0r53> cool 15:24:52 <d34dh0r53> Looks like stephenfin made your changes but may have a formatting error 15:25:14 <d34dh0r53> #topic open discussion 15:25:26 <d34dh0r53> passlib update... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/ZNQfAUWzwoXFHyltyOzzWmpt>) 15:26:01 <d34dh0r53> maintainer is awol again, I'll ping the thread and another about the status of the project to see if there is something that can be done 15:26:09 <d34dh0r53> next up 15:26:18 <d34dh0r53> domain manager (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/gjFIauTJcdFnLxAKnEIHpiMZ>) 15:27:21 <d34dh0r53> dmendiza: can you review this? If you're good with it we can merge it 15:28:03 <dmendiza[m]> Ack, will do 15:28:09 <d34dh0r53> thanks 15:28:24 <d34dh0r53> domain list scoping fix (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/sHPIfYScpHKaIACrdRxrhvDs>) 15:29:12 <d34dh0r53> I think we can merge this now, correct dmendiza ? 15:30:12 * dmendiza[m] looks 15:31:02 <dmendiza[m]> yeah, quick glance looks good, I'll give it a full review after the meeting 15:31:13 <d34dh0r53> sweet, thank you 15:31:23 <d34dh0r53> policy API and OS-ENDPOINT-POLICY... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/HSTvhefScMFoLElioJLcNGiI>) 15:31:50 <d34dh0r53> we talked about this last week, any objections to deprecating OS-ENDPOINT-POLICY? 15:33:39 <d34dh0r53> ok, moving on 15:33:50 <d34dh0r53> Old excludes need to be cleaned up from requirement files (tkajinam) 15:33:50 <d34dh0r53> https://review.opendev.org/q/topic:%22excludes-cleanup%22 15:33:50 <d34dh0r53> Please check keystone-related repos (.*keystone.* and ldaptools) 15:34:10 <opendevreview> Takashi Kajinami proposed openstack/pycadf master: Remove old excludes https://review.opendev.org/c/openstack/pycadf/+/917854 15:34:16 <tkajinam> and probably ^^^ 15:34:32 <d34dh0r53> ack, thanks tkajinam I'll take a look today 15:34:53 <tkajinam> requirements-check job has been broken since the global requirements file was cleaned up this week. the job runs only when requirements files are updated but it's better to get these merged asap 15:35:26 <d34dh0r53> ok, thanks 15:35:58 <d34dh0r53> Enforcing scope in keystone breaks heat (and probably magnum) (tkajinam)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/mxhwFFUUGZCjQMfcgYLTTVxf>) 15:36:13 <d34dh0r53> Patches proposed (needs to be merged in the listed order) 15:36:16 <tkajinam> I guess I raised this topic some time ago 15:36:34 <tkajinam> so I tested hear with scope enforced in keystone and found a few bugs in current default policies 15:36:55 <tkajinam> I've pushed the patches which are listed in the etherpad. the patches need to be merged in that specific order because of cross dependency between keystone and keystone-tempest-plugin 15:37:12 <d34dh0r53> ok 15:37:14 <tkajinam> it'd be nice if I can hear any feedback, because these may block switching default of enforce_scope 15:37:26 <d34dh0r53> dmendiza: ^^^ fyi 15:37:37 <tkajinam> note that updating keystone-tempest-plugin may affect stable branches. I think this is a "bug" which we can also fix in stable branches but lmk if you have any concerns 15:38:12 <tkajinam> I don't know in which branch the protection job may pass with the latest keystone-tempest-plugin, though, seeing recent frequent policy update 15:38:29 <tkajinam> but at least we can attempt to backport these to 2024.1, I think 15:39:32 <d34dh0r53> ack 15:40:19 <tkajinam> that's all from my end 15:40:30 <d34dh0r53> thank you tkajinam ! 15:40:48 <d34dh0r53> moving on to bug review 15:40:55 <d34dh0r53> #topic bug review 15:41:18 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:42:21 <d34dh0r53> looks like there is one new keystone bug 15:42:27 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2063321 15:42:31 <d34dh0r53> and it's in progress 15:42:40 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:42:56 <d34dh0r53> no new bugs for python-keystoneclient 15:43:06 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:43:34 <d34dh0r53> no new bugs for keystoneauth 15:43:52 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:44:04 <d34dh0r53> keystonemiddleware is good 15:44:13 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:44:26 <d34dh0r53> nothing new for pycadf 15:44:42 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:45:37 <d34dh0r53> nothing new for ldappool 15:45:48 <d34dh0r53> #topic conclusion 15:45:50 <tkajinam> this is not a new bug but I wonder if https://review.opendev.org/c/openstack/keystoneauth/+/907775 can get some attention since it has been left for some time. 15:46:25 <tkajinam> I remember I had some chat with the author some time ago when I found it in notifications 15:46:27 <d34dh0r53> indeed, I'll take a look 15:46:30 <tkajinam> thx 15:47:26 <d34dh0r53> Anyone have anything else before we close? 15:48:09 <d34dh0r53> Thanks everyone! 15:48:16 <d34dh0r53> Have a great rest of you week! 15:48:19 <d34dh0r53> #endmeeting