14:59:32 <d34dh0r53> #startmeeting keystone
14:59:32 <opendevmeet> Meeting started Wed May  1 14:59:32 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
14:59:32 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
14:59:32 <opendevmeet> The meeting name has been set to 'keystone'
15:00:07 <d34dh0r53> #topic roll call
15:00:16 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:05:02 <d34dh0r53> #topic review past meeting work items
15:05:44 <d34dh0r53> d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:05:50 <d34dh0r53> no updates on this one
15:05:57 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:06:00 <d34dh0r53> next up
15:06:08 <d34dh0r53> Review https://review.opendev.org/c/openstack/keystone-specs/+/748748 at Reviewathon on 2024-04-26
15:06:39 <d34dh0r53> this is actively being discussed in the spec review
15:06:42 <d34dh0r53> next up
15:06:51 <d34dh0r53> Review https://review.opendev.org/c/openstack/keystone-specs/+/910584 at Reviewathon on 2024-04-26
15:08:23 <d34dh0r53> that one is also being reviewed
15:08:37 <d34dh0r53> #topic liaison updates
15:08:56 <d34dh0r53> nothing from VMT nor releases
15:09:53 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:10:04 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/iQhfEpumMmfORbBorfSsxqSA>)
15:13:29 <d34dh0r53> I don't think hiromu is around, moving on
15:14:00 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/vfWhqxotdqxehDgeSJUpSkMB>)
15:18:27 <d34dh0r53> doesn't look like dmendiza is around, moving on
15:18:57 <dmendiza[m]> oopos
15:19:00 <d34dh0r53> #topic specification Improve federated users management (gtema)
15:19:00 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/748748 - waiting for reviews
15:19:02 <dmendiza[m]> missed the courtesy ping
15:19:34 <d34dh0r53> np, first time on matrix so I'm not sure how my pings are coming through
15:19:58 <dmendiza[m]> the last one worked... the paste for roll call didn't ping me though ... 🤔
15:20:10 <dmendiza[m]> In any case, I don't have any SRBAC updates this week.
15:20:21 <d34dh0r53> ack, thanks
15:20:33 <d34dh0r53> gtema: are you around?
15:21:40 <d34dh0r53> doesn't look like it
15:22:16 <d34dh0r53> as I said earlier there is a lively discussion in that spec, we'll keep an eye on it here
15:22:22 <d34dh0r53> next up
15:22:36 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:22:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:23:01 <d34dh0r53> That one failed the check
15:23:09 <dmendiza[m]> I don't know enough federation to give insightful opinions on the user management spec
15:23:17 <dmendiza[m]> but I did review the OpenAPI spec
15:23:58 <d34dh0r53> cool
15:24:52 <d34dh0r53> Looks like stephenfin made your changes but may have a formatting error
15:25:14 <d34dh0r53> #topic open discussion
15:25:26 <d34dh0r53> passlib update... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/ZNQfAUWzwoXFHyltyOzzWmpt>)
15:26:01 <d34dh0r53> maintainer is awol again, I'll ping the thread and another about the status of the project to see if there is something that can be done
15:26:09 <d34dh0r53> next up
15:26:18 <d34dh0r53> domain manager (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/gjFIauTJcdFnLxAKnEIHpiMZ>)
15:27:21 <d34dh0r53> dmendiza: can you review this? If you're good with it we can merge it
15:28:03 <dmendiza[m]> Ack, will do
15:28:09 <d34dh0r53> thanks
15:28:24 <d34dh0r53> domain list scoping fix (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/sHPIfYScpHKaIACrdRxrhvDs>)
15:29:12 <d34dh0r53> I think we can merge this now, correct dmendiza ?
15:30:12 * dmendiza[m] looks
15:31:02 <dmendiza[m]> yeah, quick glance looks good, I'll give it a full review after the meeting
15:31:13 <d34dh0r53> sweet, thank you
15:31:23 <d34dh0r53> policy API and OS-ENDPOINT-POLICY... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/HSTvhefScMFoLElioJLcNGiI>)
15:31:50 <d34dh0r53> we talked about this last week, any objections to deprecating OS-ENDPOINT-POLICY?
15:33:39 <d34dh0r53> ok, moving on
15:33:50 <d34dh0r53> Old excludes need to be cleaned up from requirement files (tkajinam)
15:33:50 <d34dh0r53> https://review.opendev.org/q/topic:%22excludes-cleanup%22
15:33:50 <d34dh0r53> Please check keystone-related repos (.*keystone.* and ldaptools)
15:34:10 <opendevreview> Takashi Kajinami proposed openstack/pycadf master: Remove old excludes  https://review.opendev.org/c/openstack/pycadf/+/917854
15:34:16 <tkajinam> and probably ^^^
15:34:32 <d34dh0r53> ack, thanks tkajinam I'll take a look today
15:34:53 <tkajinam> requirements-check job has been broken since the global requirements file was cleaned up this week. the job runs only when requirements files are updated but it's better to get these merged asap
15:35:26 <d34dh0r53> ok, thanks
15:35:58 <d34dh0r53> Enforcing scope in keystone breaks heat (and probably magnum) (tkajinam)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/mxhwFFUUGZCjQMfcgYLTTVxf>)
15:36:13 <d34dh0r53> Patches proposed (needs to be merged in the listed order)
15:36:16 <tkajinam> I guess I raised this topic some time ago
15:36:34 <tkajinam> so I tested hear with scope enforced in keystone and found a few bugs in current default policies
15:36:55 <tkajinam> I've pushed the patches which are listed in the etherpad. the patches need to be merged in that specific order because of cross dependency between keystone and keystone-tempest-plugin
15:37:12 <d34dh0r53> ok
15:37:14 <tkajinam> it'd be nice if I can hear any feedback, because these may block switching default of enforce_scope
15:37:26 <d34dh0r53> dmendiza: ^^^ fyi
15:37:37 <tkajinam> note that updating keystone-tempest-plugin may affect stable branches. I think this is a "bug" which we can also fix in stable branches but lmk if you have any concerns
15:38:12 <tkajinam> I don't know in which branch the protection job may pass with the latest keystone-tempest-plugin, though, seeing recent frequent policy update
15:38:29 <tkajinam> but at least we can attempt to backport these to 2024.1, I think
15:39:32 <d34dh0r53> ack
15:40:19 <tkajinam> that's all from my end
15:40:30 <d34dh0r53> thank you tkajinam !
15:40:48 <d34dh0r53> moving on to bug review
15:40:55 <d34dh0r53> #topic bug review
15:41:18 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:42:21 <d34dh0r53> looks like there is one new keystone bug
15:42:27 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2063321
15:42:31 <d34dh0r53> and it's in progress
15:42:40 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:42:56 <d34dh0r53> no new bugs for python-keystoneclient
15:43:06 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:43:34 <d34dh0r53> no new bugs for keystoneauth
15:43:52 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:44:04 <d34dh0r53> keystonemiddleware is good
15:44:13 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:44:26 <d34dh0r53> nothing new for pycadf
15:44:42 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:45:37 <d34dh0r53> nothing new for ldappool
15:45:48 <d34dh0r53> #topic conclusion
15:45:50 <tkajinam> this is not a new bug but I wonder if https://review.opendev.org/c/openstack/keystoneauth/+/907775 can get some attention since it has been left for some time.
15:46:25 <tkajinam> I remember I had some chat with the author some time ago when I found it in notifications
15:46:27 <d34dh0r53> indeed, I'll take a look
15:46:30 <tkajinam> thx
15:47:26 <d34dh0r53> Anyone have anything else before we close?
15:48:09 <d34dh0r53> Thanks everyone!
15:48:16 <d34dh0r53> Have a great rest of you week!
15:48:19 <d34dh0r53> #endmeeting