Wednesday, 2023-08-30

« Tuesday, 2023-08-29 Index Thursday, 2023-08-31 »
opendevreviewmelanie witt proposed openstack/keystone master: docs: Remove warning about unified limits API  https://review.opendev.org/c/openstack/keystone/+/89312001:43
opendevreviewYusuke Niimi proposed openstack/keystonemiddleware master: External OAuth2.0 Authorization Server Support  https://review.opendev.org/c/openstack/keystonemiddleware/+/88852312:09
*** d34dh0r5- is now known as d34dh0r5312:14
opendevreviewYusuke Niimi proposed openstack/keystonemiddleware master: External OAuth2.0 Authorization Server Support  https://review.opendev.org/c/openstack/keystonemiddleware/+/86873413:25
d34dh0r53#startmeeting keystone15:00
opendevmeetMeeting started Wed Aug 30 15:00:29 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'keystone'15:00
d34dh0r53#topic roll call15:00
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]15:00
d34dh0r53o/15:00
xeko/15:01
noonedeadpunko/15:01
d34dh0r53#topic review past meeting work items15:02
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-08-23-15.02.html15:02
d34dh0r53d34dh0r53 Look into adding/restoring a known issues section to our documentation15:02
d34dh0r53no update on any of the docs issues15:03
d34dh0r53#action d34dh0r53 Look into adding/restoring a known issues section to our documentation15:03
d34dh0r53#action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation15:03
d34dh0r53#action d34dh0r53 look into doc bug of missing Identity section on https://docs.openstack.org/2023.1/projects.html15:03
hiromuo/15:04
d34dh0r53reviewathon get https://review.opendev.org/c/openstack/keystone/+/890661 merged15:05
d34dh0r53this was merged during the reviewathon, thanks!15:05
d34dh0r53reviewathon https://review.opendev.org/c/openstack/keystone/+/89102415:05
d34dh0r53We still need to get this one merged15:05
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystone/+/89102415:05
d34dh0r53and we're going to get to the OAuth 2.0 interoperability this week as hiromu will be able to join15:06
d34dh0r53#action reviewathon https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:06
hiromub15:06
d34dh0r53that does it for the past meeting action items15:06
d34dh0r53next up we have15:06
d34dh0r53#topic liaison updates15:06
d34dh0r53nothing from VMT15:06
noonedeadpunkWould be awesome to have this backport to also merge https://review.opendev.org/c/openstack/keystone/+/892864 not sure if it's for reviewathon or not15:07
d34dh0r53noonedeadpunk: I just did it, thanks for the reminder15:08
d34dh0r53cool, moving on15:09
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:09
d34dh0r53External OAuth 2.0 Specification15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/86155415:09
d34dh0r53OAuth 2.0 Implementation15:09
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls15:09
d34dh0r53OAuth 2.0 Documentation15:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/83810815:09
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/83810415:09
hiromuhttps://review.opendev.org/c/openstack/keystonemiddleware/+/868734 has been updated15:11
hiromuI think the comments we recieved have been solved. I'd appricate if you could check them again.15:12
d34dh0r53excellent, thanks hiromu, I'll try to start looking at that today/tomorrow, hopefully others can as well as we'll hit that in the reviewathon on Friday15:12
hiromuthanks. yes. let's look the details Friday15:13
dmendiza[m]🙋15:13
d34dh0r53hi dmendiza[m]15:14
d34dh0r53speaking of, next up we have15:14
d34dh0r53#topic Secure RBAC (dmendiza[m])15:14
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:14
dmendiza[m]Hi!15:14
d34dh0r53Manager Role Implementation15:14
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/82260115:15
dmendiza[m]Yeah, so I'm hoping we can lad the manager role before M315:15
dmendiza[m]so please hold on on approving the tag until we land it15:15
dmendiza[m]It's a small enough change, but it does not clean up the role implication data during an upgrade15:15
dmendiza[m]basically we end up with this mapping with the current patch:15:16
dmendiza[m]admin ----> manager... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/rMYUTVpdvlAzUpYCZdTfLcFm>)15:16
dmendiza[m]oops, that looks terrible on paste15:16
dmendiza[m]`admin ----> manager... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/vyrZtAgnsBnXjayvnseDDUka>)15:16
dmendiza[m]yeah, still terrible15:16
dmendiza[m]last try to paste:15:17
dmendiza[m]admin ----> manager15:17
dmendiza[m]      \        |15:17
dmendiza[m]      \        |'15:17
dmendiza[m]ugh, that looks awful too15:17
dmendiza[m]anyway, we end up with the "admin" role  having two mappings15:17
dmendiza[m]which is wrong15:17
dmendiza[m]since the previous mapping does not get removed on upgrade15:17
dmendiza[m]so I'm working on a fix to the patch to do that15:17
dmendiza[m]the barbican-manage bootstrap command is pretty barebones15:18
dmendiza[m]and takes a "insert to DB first, ask questions later" approach, which is not ideal15:18
dmendiza[m]I've also got to check to see if we have any defaults that need to be changed.\15:19
dmendiza[m]I promised gmann I would do something else, and as soon as I remember what that is I'l ltry to do that before M3 too.15:19
d34dh0r53awesome, thank you for that work dmendiza[m] 15:21
d34dh0r53the admin dual mapping does seem wrong to me as well15:21
d34dh0r53I'll hold off on the M3 approvals for now15:23
d34dh0r53next up15:23
d34dh0r53#topic open discussion15:23
d34dh0r53anyone have anything? there's nothing on the agenda15:23
dmendiza[m]You get you PTL in?15:24
dmendiza[m]It's ending super soon15:24
dmendiza[m]Oh, I see it now15:24
dmendiza[m]#link https://review.opendev.org/c/openstack/election/+/89317915:24
dmendiza[m]d34dh0r53: PTLFL!!!15:25
d34dh0r53LOL15:25
d34dh0r53yes, if y'all will have me :)15:25
d34dh0r53I sent out the same thing on the mailing list15:25
andrewbonneySorry if I missed the time for bugs. Is there any chance someone could take a look at / confirm I'm not missing something for https://bugs.launchpad.net/keystone/+bug/2030061 ?15:26
d34dh0r53dmendiza[m], can you look at that one it dovetails into what you're working on15:27
dmendiza[m]ack, I'll take a look15:28
andrewbonneyThanks :)15:28
d34dh0r53np, thanks andrewbonney 15:28
d34dh0r53moving on15:29
d34dh0r53#topic bug review15:29
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:30
d34dh0r53we have one new bug in keystone15:30
d34dh0r53https://bugs.launchpad.net/keystone/+bug/203283915:30
d34dh0r53looks like the enforcer may not be thread safe15:30
d34dh0r53that one will take some replication and digging, any volunteers?15:32
d34dh0r53ok15:35
d34dh0r53next up we have15:35
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:35
d34dh0r53no new bugs there15:35
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:35
d34dh0r53nothing new for keystoneauth15:35
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:35
d34dh0r53keystonemiddleware is good15:36
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:36
d34dh0r53pycadf is operating flawlessly15:36
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:36
d34dh0r53and ldappool is pooling15:37
d34dh0r53#topic conclusion15:37
d34dh0r53anything before we go?15:37
d34dh0r53reviewathon on Friday15:37
d34dh0r53thanks everyone!15:37
d34dh0r53#endmeeting15:37
opendevmeetMeeting ended Wed Aug 30 15:37:45 2023 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:37
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-08-30-15.00.html15:37
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-08-30-15.00.txt15:37
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-08-30-15.00.log.html15:37
opendevreviewDouglas Mendizábal proposed openstack/keystone master: Add default manager role support to bootstrap command  https://review.opendev.org/c/openstack/keystone/+/82260120:04
opendevreviewDouglas Mendizábal proposed openstack/keystone master: Add default manager role support to bootstrap command  https://review.opendev.org/c/openstack/keystone/+/82260123:25
« Tuesday, 2023-08-29 Index Thursday, 2023-08-31 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!