15:04:54 #startmeeting keystone 15:04:54 Meeting started Wed Sep 11 15:04:54 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:54 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:04:54 The meeting name has been set to 'keystone' 15:05:12 #topic roll call 15:05:19 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:05:26 o/ 15:05:59 o/ 15:06:36 #topic review past meeting work items 15:06:42 #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-04-15.02.html 15:06:47 only one 15:06:53 dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad 15:09:48 🙋‍♂️ 15:09:57 Yeah, I removed the links to reviews that have already merged 15:10:07 and left the topic so we can track the change to oslo.policy 15:10:10 which now defaults to true 15:10:15 awesome, thanks dmendiza !! 15:10:32 I think we'll want to change our defaults too, but maybe not until we branch the current release 15:11:11 ack 15:11:19 moving on to 15:11:20 #topic liaison updates 15:11:28 nothing from VMT nor releases 15:13:54 Dave Wilde (d34dh0r53): you should better review https://review.opendev.org/c/openstack/releases/+/928530 to ack release 15:14:48 thanks just did 15:15:43 #topic specification OAuth 2.0 (hiromu) 15:15:50 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:15:55 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:16:01 External OAuth 2.0 Specification 15:16:05 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:16:10 OAuth 2.0 Implementation 15:16:14 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:16:20 OAuth 2.0 Documentation 15:16:22 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:16:26 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:16:38 working on rebasing the outstanding patches 15:17:05 I'll let y'all know when they're ready for reviews 15:17:05 next up 15:17:05 #topic specification Secure RBAC (dmendiza[m]) 15:17:08 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:17:13 2024.1 Release Timeline 15:17:16 Update oslo.policy in keystone to enforce_new_defaults=True 15:17:19 Update oslo.policy in keystone to enforce_scope=True 15:17:34 any additional updates dmendiza ? 15:17:41 negative 15:17:49 thanks1 15:17:58 #topic specification OpenAPI support (gtema) 15:18:04 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:18:08 gtema: changes awaiting review 15:18:29 no changes from my side 15:18:37 ack 15:18:39 next up 15:18:45 #topic specification domain manager (mhen) 15:18:48 #link https://review.opendev.org/q/topic:%22domain-manager%22 15:18:52 tempest core lib patch has been merged, only keystone-tempest-plugin left 15:18:56 created a patchset for documentation: https://review.opendev.org/c/openstack/keystone/+/928135 15:18:56 I mean changes are still waiting for review ;-) 15:19:17 right, will look at those today 15:19:40 d34dh0r53: are you talking about gtema or my part? 15:20:02 we're on your part now mhen 15:20:05 Takashi Kajinami proposed openstack/keystone master: Remove deprecated [token] cache_on_issue https://review.opendev.org/c/openstack/keystone/+/928798 15:20:50 ok was a bit confused because in my IRC log gtema's comment about pending reviews was directly above your "will look at those today" so I was not sure 15:21:01 but yea, that would be wonderful thanks :) 15:22:07 indeed, I'll look at both of those today 15:22:18 next up 15:22:27 #topic specification Type annotations (stephenfin) 15:22:32 #link https://review.opendev.org/q/project:openstack/keystoneauth+topic:typing 15:22:39 This came about from adding type hints to openstacksdk. Since we're based on/heavily use keystoneauth, we need these annotations to be able to type things correctly. After much blood and tears, I now have the thing fully typed (except for tests and fixtures) but have refrained from pushing the full ~50 patch series to avoid overloading CI/humans :) 15:22:41 Artem Goncharov proposed openstack/keystoneauth master: Apply ruff, ruff-format https://review.opendev.org/c/openstack/keystoneauth/+/928805 15:22:43 How do we want to review these? They are generally non-functional changes, though I have reworked some logic (to avoid use of try-except pattern that mypy doesn't like) and added lots of asserts to narrow types (which I will eventually convert to proper exceptions). Can I just let gtema review them and rely on CI? 15:22:48 You'll see I've used ruff and ruff-format. I realise this might be somewhat controversial, but it removes significant friction (from having to manually rewrap stuff) when adding annotations at minimal inconvenience to others 15:22:57 this is awesome! 15:23:27 thanks :) It was a lot of work, but I'm hoping it's a one and done kind of thing 15:23:39 To answer your question, if gtema (Artem Goncharov) is willing to review them and CI is passing I'm all for it 15:24:12 I'm fine with ruff-format as well 15:24:15 :), I'm fine, anyway reviewed some and stucked on one which I just pushed update for 15:24:42 we can try to apply ruff to keystone as well. I think it would be minor change after we blacked it already 15:24:45 Lovely. That's pretty much all I wanted to know (that it was an okay thing to do) 15:24:52 then we would have both projects same style 15:25:01 off-topic but ruff is sooo much faster it's not even funny 15:25:06 very impressive tool 15:25:15 agreed stephenfin 15:25:30 I myself wonder why the heck it is so fast, is it doing anything? 15:25:34 I haven't played with it, but am going to try it 15:25:49 Maybe it's written in rust :o 15:25:54 * d34dh0r53 hides 15:26:15 yupp, which is the reason for the new OSC cli and tui to be written in Rust as well ;-) 15:26:31 yeah, funny you should say that 😅 15:26:43 orly? 15:27:10 :) 15:27:14 yeah, again way off topic but all these tools are coming from a VC backed crowd called astral 15:27:15 https://astral.sh/ 15:27:42 oh wow 15:27:51 I hadn't even looked 15:27:52 there's also uv which I suspect we (OpenStack) might pivot to down the line. https://lucumr.pocoo.org/2024/2/15/rye-grows-with-uv/ is a good read when you next have spare time 15:28:19 I also got question some time ago whether we are "willing" to start experimenting with uv, which is their answer to pip/tox 15:28:59 stephenfin - maybe we can start experimenting with it in codegenerator since it is not breaking anybody and fully in our control 15:29:15 and another good blog here, which I spotted on the orange site some time back https://astral.sh/blog/uv-unified-python-packaging 15:29:34 gtema: probably, but let's not take up more of the keystone folks' time here discussing that :) 15:29:46 :) 15:32:03 very interesting, thanks for the links 15:32:22 #topic open discussion 15:32:26 (JayF) Release managers have some concern about Keystone patches not being responded to in a timely manner. 15:32:29 https://etherpad.opendev.org/p/dalmatian-relmgt-tracking#L471 15:32:33 I am not a keystone contributor and don't know the best way for you all to tackle this, but wanted to ensure you were able to see it. Thanks! 15:32:48 this is on me, there were some older EOM reviews that I missed 15:33:07 Is dropping that line in the meeting agenda a good way to point notice at you baout it? 15:33:09 I'll make sure that our queue is clean 15:33:15 I missed some for Ironic when I was PTL there, it can be easy to miss. 15:33:25 JayF: yes, that's great 15:33:30 Awesome; thanks! 15:33:38 Thank you! 15:36:18 ok, moving on to 15:36:25 #topic bug review 15:36:29 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:36:32 1 new bug for keystone 15:36:42 https://bugs.launchpad.net/keystone/+bug/2080369 15:37:04 I might be able to test this as I'm doing federation work 15:37:15 I have an LDAP server at the ready 15:37:46 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:38:01 python-keystoneclient has no new bugs 15:38:04 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:38:20 nothing new for keystoneauth 15:38:26 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:38:50 keystonemiddleware is good 15:38:54 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:39:01 pycadf has no new bugs 15:39:09 #link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=0 15:39:15 neither does ldappool 15:39:22 #topic conclusion 15:39:50 I'm on PTO for 10 days starting tomorrow afternoon CST so I'm going to cancel next weeks meeting 15:40:14 the reviewathons can still happen if y'all want 15:40:18 ack 15:41:02 that's all from me 15:41:50 #endmeeting