#openstack-keystone log

15:01:18 <d34dh0r53> #startmeeting keystone
15:01:18 <opendevmeet> Meeting started Wed May 15 15:01:18 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:18 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:18 <opendevmeet> The meeting name has been set to 'keystone'
15:01:27 <d34dh0r53> #topic roll call
15:01:38 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:03:13 <d34dh0r53> #topic review past meeting work items
15:03:43 <d34dh0r53> no updates from me on my thing
15:03:48 <dmendiza[m]> 🙋‍♂️
15:04:02 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:04:17 <d34dh0r53> #topic liaison updates
15:05:24 <d34dh0r53> nothing from VMT or releases
15:06:21 <d34dh0r53> next up
15:06:36 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:06:58 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/WiPtVMMrPffHmSPHVuMyBtEp>)
15:07:53 <d34dh0r53> I don't see hiromu around, if anyone else is picking up this work please let me know.
15:07:56 <d34dh0r53> next up
15:08:05 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/hbIMQqpYYmKjMZvbJOXGBUHV>)
15:08:26 <dmendiza[m]> 🙋‍♂️
15:08:43 <dmendiza[m]> Yeah, we're in the process of backporting a couple of bug fixes for SRBAC
15:09:01 <dmendiza[m]> there's a couple of APIs that Heat needs to access with domain-scoped tokens
15:09:21 <dmendiza[m]> which have landed on master and are working their way back to 2024.1
15:09:24 <dmendiza[m]> *2023.1
15:09:39 <dmendiza[m]> Other than that no updates from me.
15:10:49 <d34dh0r53> Thanks dmendiza, more on those backports later
15:10:52 <d34dh0r53> moving on
15:11:16 <d34dh0r53> #topic specification Improve federated users management (gtema)
15:11:16 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/748748
15:11:16 <d34dh0r53> gtema: clearly against of introducing bad API precedent, desperately waiting for other opinions
15:11:41 <d34dh0r53> I still need to add my review, sorry
15:12:22 <bbobrov> we actually talked about it with him today
15:12:34 <bbobrov> (o/ from openinfra days in Berlin)
15:13:03 <d34dh0r53> o/ greetings!
15:13:26 <gtema> Same o/ from session on Oid berlin
15:14:26 <gtema> No changes from my side
15:15:09 <d34dh0r53> were any conclusions made in your conversation?
15:15:23 <bbobrov> not yet
15:15:32 <d34dh0r53> ack
15:17:02 <gtema> Not really, but I am going to work hard for the SCS on that topic evaluating also alternative option involving VexxHost workaround
15:17:28 <gtema> So that we can maybe come up with a proper solution and not a workaround
15:17:45 <gtema> I suggest for 1-2 weeks put the topic on hold
15:17:59 <d34dh0r53> Ok, sounds good
15:18:37 <d34dh0r53> next up
15:18:51 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:18:51 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:18:51 <d34dh0r53> gtema: waiting for reviews
15:19:25 <d34dh0r53> I've added my review, maybe dmendiza or Grzegorz Grasza can give it a review :)
15:20:13 <gtema> Right, I just need a final go to start working on implementation
15:21:24 <d34dh0r53> 👍️
15:22:07 <d34dh0r53> #topic open-discussion
15:22:23 <d34dh0r53> passlib update... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/RajZtPVbWINdhlDeMVxxEzid>)
15:22:48 <d34dh0r53> No updates yet, but more people are being vocal on the issues in the repo
15:23:03 <d34dh0r53> Hopefully we'll get 1.7.5 soon
15:23:09 <d34dh0r53> next up
15:23:17 <bbobrov> (what is this matrix.org link?)
15:23:20 <d34dh0r53> domain manager (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/EQdkThSTGnReSSyZpmoqoaFw>)
15:23:34 <d34dh0r53> Needs reviews, dmendiza or Grzegorz Grasza
15:23:51 <bbobrov> d34dh0r53: i think that your messages are getting truncated and displayed as links to matrix.org
15:24:07 <gtema> Bbobrov, if you use matrix (element) you will know
15:24:29 <d34dh0r53> They are?
15:24:32 <gtema> On irc this is not rendered the same way
15:25:03 <d34dh0r53> bah, need to get a weechat matrix client going
15:25:47 <gtema> Why, element is absolutely fine. Helps me sitting on mobile doing few things in parallel being part of conference
15:27:51 <d34dh0r53> Now I'm wondering if it's a matrix thing or a client thing.
15:28:18 <bbobrov> we can just continue and fix it later, i can click the links
15:28:27 <d34dh0r53> indeed, moving on
15:28:38 <gtema> I think it's matrix rendering internal thing and it bringe converting it to it differently
15:29:14 <d34dh0r53> domain list scoping fix (mhen)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/DNUyjPcVXSYvmKHgpoWxaExj>)
15:29:53 <d34dh0r53> have we decided if the test in 900545 is needed?
15:31:33 <bbobrov> lets please leave it as is
15:31:39 <bbobrov> for now
15:32:05 <d34dh0r53> ack, so do-not-merge?
15:32:09 <bbobrov> i still want to file that bugreport about the scoping fix being merged differently from other changes related to scope
15:32:22 <bbobrov> do-not-merge-for-a-couple-of-weeks
15:33:02 <d34dh0r53> I set it to WF -1
15:33:53 <d34dh0r53> Enforcing scope in keystone breaks heat (and probably magnum) (tkajinam)... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/CBPtqGhuayloTyABSistVbbu>)
15:34:47 <tkajinam> no blocker atm. thanks for submitting backports
15:35:01 <d34dh0r53> Everything has merged into master, I'm currently backporting 914759 and 916130 down to 2023.1
15:35:07 <tkajinam> probably https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/919405 may need to be merged asap to restore test coverage
15:35:10 <tkajinam> d34dh0r53, thanks !
15:35:32 <d34dh0r53> Once those are merged we can backport he protection job patch
15:36:05 <d34dh0r53> indeed tkajinam , I added that to the list
15:36:20 <tkajinam> nice :-)
15:36:44 <d34dh0r53> anything else for open discussion?
15:37:53 <tkajinam> just in case you are not aware of this, sqlalchemy in global u-c was bumped
15:38:15 <tkajinam> so now all jobs are using sqlalchemy 2.0. so we might need a bit attention to CI this week
15:38:25 <d34dh0r53> I was not aware, thank you for the heads up
15:39:05 <tkajinam> I think keystone still holds the job with sqlalchemy master which can be removed. I don't have the link handy but there is a change proposed to remove that job
15:39:56 <tkajinam> ok this one https://review.opendev.org/c/openstack/keystone/+/915566
15:40:37 <tkajinam> this is now ready for merge. that's all from me now
15:40:54 <d34dh0r53> ack, thanks!
15:41:25 <d34dh0r53> moving on to bug review
15:41:31 <d34dh0r53> #topic bug review
15:41:40 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:41:45 <d34dh0r53> no new bugs for keystone
15:42:27 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:42:50 <d34dh0r53> keystoneclient is good
15:42:59 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:43:17 <d34dh0r53> no new bugs in keystoneauth
15:43:32 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:43:39 <d34dh0r53> keystonemiddleware is also good
15:43:48 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:44:06 <d34dh0r53> pycadf is also good
15:44:08 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:44:13 <d34dh0r53> so is ldappool
15:44:19 <d34dh0r53> #topic conclusion
15:44:58 <d34dh0r53> Thanks folks! Enjoy the rest of OID in Berlin!
15:45:09 <d34dh0r53> Wish I was there :)
15:45:19 <bbobrov> (the OID is over since 20 minutes)
15:45:54 <d34dh0r53> ahh, now I really wish I was there, time for beer 😉
15:46:32 <d34dh0r53> #endmeeting