| d34dh0r53 | #startmeeting keystone | 14:59 |
|---|---|---|
| opendevmeet | Meeting started Wed Jul 19 14:59:50 2023 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 14:59 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 14:59 |
| opendevmeet | The meeting name has been set to 'keystone' | 14:59 |
| xek | o/ | 15:01 |
| d34dh0r53 | #topic roll call | 15:02 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m] | 15:02 |
| d34dh0r53 | o/ | 15:02 |
| hiromu | o/ | 15:03 |
| zaitcev | o/ | 15:03 |
| zaitcev | I'm here, but also not really. | 15:03 |
| d34dh0r53 | :) | 15:04 |
| d34dh0r53 | #topic review past meeting work items | 15:04 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-07-11-14.59.html | 15:04 |
| d34dh0r53 | d34dh0r53 Look into adding/restoring a known issues section to our documentation | 15:05 |
| d34dh0r53 | #action d34dh0r53 Look into adding/restoring a known issues section to our documentation | 15:05 |
| d34dh0r53 | #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation | 15:05 |
| d34dh0r53 | d34dh0r53 pin keystone-tempest-plugin to wallaby for keystone stable/wallaby | 15:07 |
| d34dh0r53 | this was done in https://review.opendev.org/c/openstack/keystone/+/887072, thanks stephenfin | 15:07 |
| d34dh0r53 | I'll try to get to the known issues documentation stuff this week | 15:07 |
| d34dh0r53 | #topic liaison updates | 15:08 |
| d34dh0r53 | nothing from VMT | 15:08 |
| d34dh0r53 | moving on | 15:11 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:12 |
| d34dh0r53 | External OAuth 2.0 Specification | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 | 15:12 |
| d34dh0r53 | OAuth 2.0 Implementation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls | 15:12 |
| d34dh0r53 | OAuth 2.0 Documentation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:12 |
| hiromu | Recently, we submitted patches that add system-scoped token and caching to ext OAuth2.0 https://review.opendev.org/c/openstack/keystonemiddleware/+/888523 | 15:13 |
| d34dh0r53 | ack, thank you hiromu | 15:15 |
| d34dh0r53 | I will start reviewing them | 15:15 |
| hiromu | thanks | 15:15 |
| d34dh0r53 | next up | 15:16 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:16 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:17 |
| d34dh0r53 | Service Role Implementation | 15:17 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/863420 | 15:17 |
| d34dh0r53 | Manager Role Implementation | 15:17 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/822601 | 15:17 |
| d34dh0r53 | Keystone Tempest Plugin Updates | 15:17 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/885799 | 15:17 |
| d34dh0r53 | I saw that there is a new patch to add a default service role to the keystone-manage bootstrap command | 15:17 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/863420 | 15:17 |
| d34dh0r53 | thanks for the reviews on that | 15:18 |
| d34dh0r53 | cool, moving on | 15:20 |
| d34dh0r53 | #topic specification SQLAlchemy 2.0 (stephenfin) | 15:21 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone | 15:21 |
| d34dh0r53 | there is only one patch left and it's a doc fix, awesome work by all getting all of these patches in, thank you! | 15:21 |
| stephenfin | Awesome work indeed. FYI there are still barbican patches that need to get in so maybe that link should be updated? | 15:21 |
| stephenfin | https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/barbican | 15:22 |
| stephenfin | (there's a low-prio bug in sqlalchemy that is causing the two last patches to fail: we've worked around it in oslo.db and will cut a release shortly) | 15:22 |
| d34dh0r53 | xek, dmendiza[m] what do you think? | 15:22 |
| knikolla | stephenfin: we owe you a beer/juice/seltzer. thanks for all the amazing work. | 15:23 |
| xek | @stephenfin Hey, I saw your patches and mentioned them on the barbican meeting | 15:23 |
| d34dh0r53 | indeed knikolla | 15:23 |
| stephenfin | :w | 15:24 |
| stephenfin | whoops | 15:24 |
| stephenfin | xek: d34dh0r53: Great, we can probably remove that from the keystone meeting agenda so if it's being tracked elsewhere | 15:25 |
| xek | Yeah, Barbican is a separate project | 15:25 |
| d34dh0r53 | sweet | 15:25 |
| d34dh0r53 | :wq ing the SQLAlchemy section on the etherpad | 15:26 |
| d34dh0r53 | #topic open discussion | 15:27 |
| d34dh0r53 | (drencrom) Remove cache invalidation when using expired token | 15:27 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystonemiddleware/+/884738 | 15:27 |
| stephenfin | :) | 15:27 |
| d34dh0r53 | just issued a recheck on that job, if zuul still won't vote I'll ping infra about it | 15:28 |
| d34dh0r53 | (mustafakemalgilor) PooledLdapHandler message.clean() patch backports | 15:29 |
| d34dh0r53 | those are all merged, I'll :wq that section as well, unless there's something else we need to look at | 15:29 |
| d34dh0r53 | next up | 15:30 |
| d34dh0r53 | (reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE: | 15:30 |
| d34dh0r53 | review request | 15:30 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/883852 | 15:31 |
| d34dh0r53 | Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same) | 15:31 |
| d34dh0r53 | I'm going to test this as we're starting work on some CLI stuff with OIDC and it likely dovetails | 15:31 |
| d34dh0r53 | #topic bug review | 15:32 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:32 |
| d34dh0r53 | 1 new bug in keystone https://bugs.launchpad.net/keystone/+bug/2027729 | 15:33 |
| d34dh0r53 | knikolla: anything to add? | 15:34 |
| d34dh0r53 | I think we just need to remove the offending line in the docs? | 15:34 |
| d34dh0r53 | just read the RFC, really good to know | 15:36 |
| d34dh0r53 | I was wrong, there is actually a 2nd bug in keystone that is new | 15:37 |
| d34dh0r53 | https://bugs.launchpad.net/keystone/+bug/2026345 | 15:37 |
| d34dh0r53 | based on my reading we need to fix our pillow version in docs/requirements.txt | 15:38 |
| d34dh0r53 | please assign those bugs to yourself if you're interested in fixing them | 15:38 |
| d34dh0r53 | next up python-keystoneclient | 15:38 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:38 |
| d34dh0r53 | no new bugs there | 15:39 |
| d34dh0r53 | keystoneauth? | 15:39 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:39 |
| d34dh0r53 | nothing new | 15:39 |
| d34dh0r53 | on to keystonemiddleware | 15:39 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:39 |
| d34dh0r53 | no new bugs there either | 15:39 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:40 |
| d34dh0r53 | pycadf is clean | 15:40 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:40 |
| d34dh0r53 | as is ldappool | 15:40 |
| d34dh0r53 | #topic conclusion | 15:40 |
| d34dh0r53 | Hopefully this Wednesday time works for everyone, please let me know any feedback on the change | 15:41 |
| d34dh0r53 | That's all I have this week, hope to see folks at the reviewathon | 15:41 |
| d34dh0r53 | Thanks all! | 15:41 |
| d34dh0r53 | #endmeeting | 15:41 |
| opendevmeet | Meeting ended Wed Jul 19 15:41:45 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:41 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-07-19-14.59.html | 15:41 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-07-19-14.59.txt | 15:41 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-07-19-14.59.log.html | 15:41 |
| opendevreview | Merged openstack/keystone master: doc: Correct typo https://review.opendev.org/c/openstack/keystone/+/888443 | 18:39 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!