#openstack-keystone log

15:04:54 <d34dh0r53> #startmeeting keystone
15:04:54 <opendevmeet> Meeting started Wed Sep 11 15:04:54 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:04:54 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:04:54 <opendevmeet> The meeting name has been set to 'keystone'
15:05:12 <d34dh0r53> #topic roll call
15:05:19 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:05:26 <mhen> o/
15:05:59 <gtema> o/
15:06:36 <d34dh0r53> #topic review past meeting work items
15:06:42 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-04-15.02.html
15:06:47 <d34dh0r53> only one
15:06:53 <d34dh0r53> dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad
15:09:48 <dmendiza[m]> 🙋‍♂️
15:09:57 <dmendiza[m]> Yeah, I removed the links to reviews that have already merged
15:10:07 <dmendiza[m]> and left the topic so we can track the change to oslo.policy
15:10:10 <dmendiza[m]> which now defaults to true
15:10:15 <d34dh0r53> awesome, thanks dmendiza !!
15:10:32 <dmendiza[m]> I think we'll want to change our defaults too, but maybe not until we branch the current release
15:11:11 <d34dh0r53> ack
15:11:19 <d34dh0r53> moving on to
15:11:20 <d34dh0r53> #topic liaison updates
15:11:28 <d34dh0r53> nothing from VMT nor releases
15:13:54 <gtema> Dave Wilde (d34dh0r53): you should better review https://review.opendev.org/c/openstack/releases/+/928530 to ack release
15:14:48 <d34dh0r53> thanks just did
15:15:43 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:15:50 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:15:55 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:16:01 <d34dh0r53> External OAuth 2.0 Specification
15:16:05 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:16:10 <d34dh0r53> OAuth 2.0 Implementation
15:16:14 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:16:20 <d34dh0r53> OAuth 2.0 Documentation
15:16:22 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:16:26 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:16:38 <d34dh0r53> working on rebasing the outstanding patches
15:17:05 <d34dh0r53> I'll let y'all know when they're ready for reviews
15:17:05 <d34dh0r53> next up
15:17:05 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:17:08 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:17:13 <d34dh0r53> 2024.1 Release Timeline
15:17:16 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:17:19 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:17:34 <d34dh0r53> any additional updates dmendiza ?
15:17:41 <dmendiza[m]> negative
15:17:49 <d34dh0r53> thanks1
15:17:58 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:18:04 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:18:08 <d34dh0r53> gtema: changes awaiting review
15:18:29 <gtema> no changes from my side
15:18:37 <d34dh0r53> ack
15:18:39 <d34dh0r53> next up
15:18:45 <d34dh0r53> #topic specification domain manager (mhen)
15:18:48 <d34dh0r53> #link https://review.opendev.org/q/topic:%22domain-manager%22
15:18:52 <d34dh0r53> tempest core lib patch has been merged, only keystone-tempest-plugin left
15:18:56 <d34dh0r53> created a patchset for documentation: https://review.opendev.org/c/openstack/keystone/+/928135
15:18:56 <gtema> I mean changes are still waiting for review ;-)
15:19:17 <d34dh0r53> right, will look at those today
15:19:40 <mhen> d34dh0r53: are you talking about gtema or my part?
15:20:02 <d34dh0r53> we're on your part now mhen
15:20:05 <opendevreview> Takashi Kajinami proposed openstack/keystone master: Remove deprecated [token] cache_on_issue  https://review.opendev.org/c/openstack/keystone/+/928798
15:20:50 <mhen> ok was a bit confused because in my IRC log gtema's comment about pending reviews was directly above your "will look at those today" so I was not sure
15:21:01 <mhen> but yea, that would be wonderful thanks :)
15:22:07 <d34dh0r53> indeed, I'll look at both of those today
15:22:18 <d34dh0r53> next up
15:22:27 <d34dh0r53> #topic specification Type annotations (stephenfin)
15:22:32 <d34dh0r53> #link https://review.opendev.org/q/project:openstack/keystoneauth+topic:typing
15:22:39 <d34dh0r53> This came about from adding type hints to openstacksdk. Since we're based on/heavily use keystoneauth, we need these annotations to be able to type things correctly. After much blood and tears, I now have the thing fully typed (except for tests and fixtures) but have refrained from pushing the full ~50 patch series to avoid overloading CI/humans :)
15:22:41 <opendevreview> Artem Goncharov proposed openstack/keystoneauth master: Apply ruff, ruff-format  https://review.opendev.org/c/openstack/keystoneauth/+/928805
15:22:43 <d34dh0r53> How do we want to review these? They are generally non-functional changes, though I have reworked some logic (to avoid use of try-except pattern that mypy doesn't like) and added lots of asserts to narrow types (which I will eventually convert to proper exceptions). Can I just let gtema review them and rely on CI?
15:22:48 <d34dh0r53> You'll see I've used ruff and ruff-format. I realise this might be somewhat controversial, but it removes significant friction (from having to manually rewrap stuff) when adding annotations at minimal inconvenience to others
15:22:57 <d34dh0r53> this is awesome!
15:23:27 <stephenfin> thanks :) It was a lot of work, but I'm hoping it's a one and done kind of thing
15:23:39 <d34dh0r53> To answer your question, if gtema (Artem Goncharov) is willing to review them and CI is passing I'm all for it
15:24:12 <d34dh0r53> I'm fine with ruff-format as well
15:24:15 <gtema> :), I'm fine, anyway reviewed some and stucked on one which I just pushed update for
15:24:42 <gtema> we can try to apply ruff to keystone as well. I think it would be minor change after we blacked it already
15:24:45 <stephenfin> Lovely. That's pretty much all I wanted to know (that it was an okay thing to do)
15:24:52 <gtema> then we would have both projects same style
15:25:01 <stephenfin> off-topic but ruff is sooo much faster it's not even funny
15:25:06 <stephenfin> very impressive tool
15:25:15 <gtema> agreed stephenfin
15:25:30 <gtema> I myself wonder why the heck it is so fast, is it doing anything?
15:25:34 <d34dh0r53> I haven't played with it, but am going to try it
15:25:49 <d34dh0r53> Maybe it's written in rust :o
15:25:54 * d34dh0r53 hides
15:26:15 <gtema> yupp, which is the reason for the new OSC cli and tui to be written in Rust as well ;-)
15:26:31 <stephenfin> yeah, funny you should say that 😅
15:26:43 <d34dh0r53> orly?
15:27:10 <gtema> :)
15:27:14 <stephenfin> yeah, again way off topic but all these tools are coming from a VC backed crowd called astral
15:27:15 <stephenfin> https://astral.sh/
15:27:42 <d34dh0r53> oh wow
15:27:51 <d34dh0r53> I hadn't even looked
15:27:52 <stephenfin> there's also uv which I suspect we (OpenStack) might pivot to down the line. https://lucumr.pocoo.org/2024/2/15/rye-grows-with-uv/ is a good read when you next have spare time
15:28:19 <gtema> I also got question some time ago whether we are "willing" to start experimenting with uv, which is their answer to pip/tox
15:28:59 <gtema> stephenfin - maybe we can start experimenting with it in codegenerator since it is not breaking anybody and fully in our control
15:29:15 <stephenfin> and another good blog here, which I spotted on the orange site some time back https://astral.sh/blog/uv-unified-python-packaging
15:29:34 <stephenfin> gtema: probably, but let's not take up more of the keystone folks' time here discussing that :)
15:29:46 <gtema> :)
15:32:03 <d34dh0r53> very interesting, thanks for the links
15:32:22 <d34dh0r53> #topic open discussion
15:32:26 <d34dh0r53> (JayF) Release managers have some concern about Keystone patches not being responded to in a timely manner.
15:32:29 <d34dh0r53> https://etherpad.opendev.org/p/dalmatian-relmgt-tracking#L471
15:32:33 <d34dh0r53> I am not a keystone contributor and don't know the best way for you all to tackle this, but wanted to ensure you were able to see it. Thanks!
15:32:48 <d34dh0r53> this is on me, there were some older EOM reviews that I missed
15:33:07 <JayF> Is dropping that line in the meeting agenda a good way to point notice at you baout it?
15:33:09 <d34dh0r53> I'll make sure that our queue is clean
15:33:15 <JayF> I missed some for Ironic when I was PTL there, it can be easy to miss.
15:33:25 <d34dh0r53> JayF: yes, that's great
15:33:30 <JayF> Awesome; thanks!
15:33:38 <d34dh0r53> Thank you!
15:36:18 <d34dh0r53> ok, moving on to
15:36:25 <d34dh0r53> #topic bug review
15:36:29 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:36:32 <d34dh0r53> 1 new bug for keystone
15:36:42 <d34dh0r53> https://bugs.launchpad.net/keystone/+bug/2080369
15:37:04 <d34dh0r53> I might be able to test this as I'm doing federation work
15:37:15 <d34dh0r53> I have an LDAP server at the ready
15:37:46 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:38:01 <d34dh0r53> python-keystoneclient has no new bugs
15:38:04 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:38:20 <d34dh0r53> nothing new for keystoneauth
15:38:26 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:38:50 <d34dh0r53> keystonemiddleware is good
15:38:54 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:39:01 <d34dh0r53> pycadf has no new bugs
15:39:09 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=0
15:39:15 <d34dh0r53> neither does ldappool
15:39:22 <d34dh0r53> #topic conclusion
15:39:50 <d34dh0r53> I'm on PTO for 10 days starting tomorrow afternoon CST so I'm going to cancel next weeks meeting
15:40:14 <d34dh0r53> the reviewathons can still happen if y'all want
15:40:18 <gtema> ack
15:41:02 <d34dh0r53> that's all from me
15:41:50 <d34dh0r53> #endmeeting