Tuesday, 2022-10-25

« Monday, 2022-10-24 Index Wednesday, 2022-10-26 »
*** h_asahina is now known as hiromu08:05
*** dviroel|out is now known as dviroel11:29
*** dasm|off is now known as dasm|rover13:24
d34dh0r53#startmeeting keystone15:01
opendevmeetMeeting started Tue Oct 25 15:01:28 2022 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
opendevmeetThe meeting name has been set to 'keystone'15:01
d34dh0r53#topic Roll Call15:01
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek15:01
knikolla[m]o/15:02
hiromuo/15:02
d34dh0r53dmendiza[m], do you want to be on the roll call list?15:02
xeko/15:02
d34dh0r53o/ everyone :)15:03
d34dh0r53hopefully everyone has recovered from the PTG15:03
d34dh0r53let's get started15:04
d34dh0r53#topic Review past meeting work items15:04
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-11-15.02.html15:04
dmendiza[m]🙋‍♂️15:04
d34dh0r53We did some PTG planning, more on that later and we had one Action Item15:05
d34dh0r53https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-11-15.02.html15:05
d34dh0r53oops, wrong paste15:05
d34dh0r53dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/199098715:05
dmendiza[m]did not get a chance to do that yet.  was busy with PTG last week15:05
d34dh0r53dmendiza[m]: ack, can I re-assign that action item to you?15:06
dmendiza[m]yep15:06
d34dh0r53awesome, thank you!15:06
d34dh0r53#action dmendiza[m] will look at https://bugs.launchpad.net/keystone/+bug/199098715:06
d34dh0r53next up we have d34dh0r53 look into user-defined attribute access control15:08
d34dh0r53I did not get to this, will add again for this week15:08
d34dh0r53#action d34dh0r53 look into user-defined attribute access control15:08
d34dh0r53finally we have d34dh0r53 submit fix for Bug/199218315:08
d34dh0r53that review is up here15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/86123215:09
d34dh0r53thanks for the reviews so far15:09
d34dh0r53that does it for the past meeting work items15:09
d34dh0r53#topic Liaison Updates15:10
d34dh0r53Anyone have anything?15:10
d34dh0r53#help still looking for additional cross-project liaisons15:11
* dmendiza[m] checks release patches15:11
dmendiza[m]Ok, yeah15:12
dmendiza[m]https://review.opendev.org/c/openstack/releases/+/86232315:12
dmendiza[m]Release team wants to move Wallaby into EM15:12
dmendiza[m]for us it just means no new releases will be made, but we will still be able to merge backports when necessary15:12
dmendiza[m]d34dh0r53: I should be able to help with release things.15:13
dmendiza[m]at least for the next couple of weeks.15:13
d34dh0r53dmendiza[m]: excellent, thank you15:13
d34dh0r53I'm fine with moving Wallaby to EM, any objections?15:13
dmendiza[m]fine by me as well15:14
d34dh0r53Ok, I'll +1 that patch unless I hear otherwise15:14
d34dh0r53any other Liaison updates? I don't have anything from VMT15:15
d34dh0r53next up on the agenda we have15:17
d34dh0r53#topic specification OAuth 2.0 (h_asahina)15:17
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:17
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/84376515:18
hiromuNo update this week15:18
hiromubut our team's arguing over what grant type should be used15:19
d34dh0r53hiromu: ack15:19
hiromuso, may be I'll change flows in the spec.15:19
knikolla[m]I haven't had a chance yet to look at it in-depth. 15:19
hiromuit's ok :)15:19
hiromuI'll remind you when we fix the contents of the spec.15:20
d34dh0r53thank you hiromu 15:20
hiromubtw, this is just a reminder, please kindly review these docs patches and hopefully backport them to Zed.15:20
hiromuhttps://review.opendev.org/c/openstack/keystoneauth/+/83810415:21
hiromuhttps://review.opendev.org/c/openstack/keystone/+/83810815:21
d34dh0r53#action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/84376515:21
d34dh0r53#undo15:22
opendevmeetRemoving item from minutes: #action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/84376515:22
d34dh0r53#action reviewathon review https://review.opendev.org/c/openstack/keystoneauth/+/83810415:22
d34dh0r53#action reviewathon review https://review.opendev.org/c/openstack/keystone/+/83810815:22
hiromugreat. thanks d34dh0r5315:22
d34dh0r53np hiromu 15:23
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:23
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:23
dmendiza[m]Yeah, there were a few SRBAC sessions during PTG15:25
dmendiza[m]I think the main goals for us this cycle are:15:25
dmendiza[m]1. Merge the "manager" role implementation15:25
dmendiza[m]2. Merge the "service" role spec15:26
dmendiza[m]3. Implement the "service" role after spec has landed15:26
dmendiza[m]I'm  not sure if we're already defaulting to `enforce_scope=True` and `enforce_new_defaults=True` but I think we may be able to do that this cycle.15:26
d34dh0r53ok15:27
d34dh0r53I'd like to look at the manager role implementation during the reviewathon15:28
d34dh0r53#action reviewathon review https://review.opendev.org/c/openstack/keystone/+/82260115:28
dmendiza[m]+115:28
d34dh0r53it looks like gmann has updated the service role spec so we should look at that as well15:29
d34dh0r53#action reviewathon review https://review.opendev.org/c/openstack/keystone-specs/+/81861615:30
d34dh0r53So, speaking of the PTG15:31
d34dh0r53#topic Open Discussion15:31
d34dh0r53d34dh0r53: ptg review https://etherpad.opendev.org/p/antelope-ptg-keystone15:31
d34dh0r53#link https://etherpad.opendev.org/p/antelope-ptg-keystone15:31
d34dh0r53anything to add regarding the Secure RBAC community goal?15:32
d34dh0r53ok, hiromu do you have any asks/updates on the Supporting external authz server by Keystone Middleware BP/Spec?15:33
d34dh0r53ok15:34
hiromuthere's no update so far15:35
d34dh0r53ok, thanks hiromu 15:35
d34dh0r53next up we have deprecate python-keystone client that dmendiza[m] and myself have action items on15:35
d34dh0r53I know there was talk at one of the TC sessions about openstacksdk and the individual clients but I'm not sure if any consensus was reached15:36
d34dh0r53knikolla[m]: were there any takeaways we should consider before doing this work?15:36
knikolla[m]It's a slow road and we're well ahead of the rest of OpenStack on it, haha. 15:37
d34dh0r53haha, awesome15:37
knikolla[m]We have removed CLI access from the keystoneclient, and that's the first target of that work. Full parity between CLI clients and OSC. 15:37
knikolla[m]I don't think we've targeted anything yet for moving entirely to SDK. 15:38
d34dh0r53I think a good goal for this cycle is to determine our feature gaps15:38
dmendiza[m]One thing that's not clear to me is whether keystone-manage or keysotne-bootstrap or w/e else needs to also be part of OSC?15:38
knikolla[m]I don't think so. 15:38
knikolla[m]They usually interact with the DB directly, rather than through the API. 15:38
dmendiza[m]Gotcha ... yeah, as I typed that I realized those are CLIs that are part of the server, not the client15:39
d34dh0r53Ok dmendiza[m] and I will try to carve out a little time to start the gap analysis15:40
d34dh0r53#action dmendiza[m] and d34dh0r53 make some time to start the gap analysis between CLI and OSC.15:41
d34dh0r53next up, Ade Lee is working on a new OIDC gate.  He's using the plugin that you wrote knikolla[m], thanks again for pointing us to that15:41
d34dh0r53I think it will be a big help15:42
d34dh0r53any other topics for Open Discussion?15:42
d34dh0r53#topic Bug Review15:44
d34dh0r53Keystone Bugs15:44
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:44
d34dh0r53we have https://bugs.launchpad.net/keystone/+bug/199374215:44
xekthis was fixed in wallaby by an SQL upgrade15:45
d34dh0r53ahh15:45
d34dh0r53xek: would you mind commenting on that bug with a link?15:46
xekd34dh0r53: ok, I'll also look into it to make sure this is the same bug15:47
d34dh0r53xek: thank you15:47
d34dh0r53that's it for new keystone bugs, next up we have python-keystoneclient15:47
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:47
d34dh0r53looks like this is new https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:47
d34dh0r53man, the copy paste game is bad today :/15:48
d34dh0r53https://bugs.launchpad.net/python-keystoneclient/+bug/199361415:48
d34dh0r53hmm, that doesn't seem right, anyone have a devstack up to verify that?15:51
d34dh0r53I'll try to take a look at this one15:51
d34dh0r53#action d34dh0r53 try to reproduce https://bugs.launchpad.net/python-keystoneclient/+bug/199361415:52
d34dh0r53that's all for python-keystoneclient15:52
d34dh0r53next up we have keystoneauth15:52
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:52
d34dh0r53no new bugs there15:52
d34dh0r53keystonemiddleware is next15:53
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:53
d34dh0r53nothing new here15:53
d34dh0r53PyCADF15:53
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:53
d34dh0r53no new bugs15:54
d34dh0r53Finally we have ldappool15:54
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:54
d34dh0r53which has nothing new15:54
d34dh0r53Anything else before we end the meeting?15:54
d34dh0r53Thanks for joining everyone! Have a great week, and I'll see y'all online :)15:55
d34dh0r53#endmeeting15:55
opendevmeetMeeting ended Tue Oct 25 15:55:38 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:55
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-25-15.01.html15:55
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-25-15.01.txt15:55
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-10-25-15.01.log.html15:55
*** dviroel is now known as dviroel|lunch15:56
*** dviroel|lunch is now known as dviroel|17:04
*** dviroel| is now known as dviroel17:04
*** dviroel is now known as dviroel|appt17:27
opendevreviewGhanshyam proposed openstack/keystone-specs master: Describe the need for a default service role  https://review.opendev.org/c/openstack/keystone-specs/+/81861618:18
gmannd34dh0r53: dmendiza[m] knikolla[m] ^^ updated the service role spec for correcting the example code.18:19
*** dviroel|appt is now known as dviroel20:39
*** dviroel is now known as dviroel|afk21:57
« Monday, 2022-10-24 Index Wednesday, 2022-10-26 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!