#openstack-meeting-alt log

16:00:22 <cmurphy> #startmeeting keystone
16:00:23 <openstack> Meeting started Tue Aug  6 16:00:22 2019 UTC and is due to finish in 60 minutes.  The chair is cmurphy. Information about MeetBot at http://wiki.debian.org/MeetBot.
16:00:24 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
16:00:26 <openstack> The meeting name has been set to 'keystone'
16:00:33 <cmurphy> #link https://etherpad.openstack.org/p/keystone-weekly-meeting agenda
16:00:38 <gagehugo> o/
16:00:42 <vishakha> o/
16:03:14 <bnemec> o/
16:04:03 <knikolla> o/
16:04:30 <cmurphy> hi everyone
16:04:37 <cmurphy> #topic Spec implementation/roadmap check-in
16:04:37 <kmalloc> o/
16:05:21 <cmurphy> we're getting close to feature proposal freeze so i wanted to do a check-in about how our planned work is progressing
16:05:35 <cmurphy> #link http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/capabilities-app-creds.html app cred access rules
16:06:09 <cmurphy> status of this is that server side work just needs reviews, i haven't started client side work but will do that this week
16:06:24 <cmurphy> questions/concerns about that one?
16:06:55 <kmalloc> nah no concerns
16:07:07 <kmalloc> it looks fine and needs more eyes, but is on point
16:07:17 <cmurphy> cool
16:07:20 <vishakha> cmurphy: I too can give hands or client side, if needed
16:07:30 <vishakha> s/or/for
16:07:46 <cmurphy> thanks vishakha, maybe we can coordinate that
16:07:57 <cmurphy> #link http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/expiring-group-memberships.html expiring group membership
16:08:02 <vishakha> cmurphy  sure
16:08:05 <cmurphy> knikolla: anything noteworthy about that one? ^
16:08:20 <knikolla> i'm on a good pace with the implementation
16:08:25 <knikolla> haven't pushed anything yet though
16:08:33 <cmurphy> awesome
16:08:42 <kmalloc> nice.
16:08:56 <cmurphy> anyone have questions/concerns about that?
16:09:50 <cmurphy> #link http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/immutable-resources.html immutable resources
16:10:15 <cmurphy> I had started a WIP of this but was waiting on resource options for all to build on top of
16:10:42 <cmurphy> i'll continue working on the keystone-manage part while we get the resource options part squared away
16:10:53 <cmurphy> which brings us to
16:10:57 <cmurphy> #link http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/resource-options-for-all.html resource options for all
16:11:03 <cmurphy> kmalloc: how's that going?
16:11:41 <kmalloc> slow
16:11:45 <kmalloc> but it should speed up
16:11:54 <kmalloc> mostly it's been slow because the code shuffle has been real
16:12:50 <kmalloc> mostly it's moving the user options to common
16:12:57 <kmalloc> and migrations
16:13:28 <kmalloc> the plan is to centralize the options themselves, and then allow any resource to "opt in" [code wise] to having them.
16:13:54 <kmalloc> each resource opted into resource options will also be explicitly allowed to use any code definition (e.g. "immutable") of an option
16:14:17 <kmalloc> this means we have 1 definition of the option and it may be shared across resource types
16:14:23 <kmalloc> and lean on the validation in the same way
16:14:49 <kmalloc> and we will have 1 option table with heavy indexing to make the option lookups as efficient as possible when loading the resource
16:15:01 <kmalloc> i expect to have code up in the not-too-far out.
16:15:23 * kmalloc kicks endless doctor appointments interrupting workflow (but those are now set on the calendar so i cna work around them)(
16:15:46 <cmurphy> sounds good
16:16:01 <cmurphy> anyone have questions on that?
16:17:25 <cmurphy> #link http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/support-federated-attr.html federated attributes
16:17:40 <cmurphy> knikolla: looked like you started pushing patches up for that one ^
16:17:52 <knikolla> yup, rebasing and updating the release notes
16:17:58 <knikolla> should be pretty straightforward
16:18:11 <knikolla> i know adam had some concerns about the creating users with fed attributes part
16:18:20 <knikolla> and if it conflicts with predictable ids
16:18:28 <knikolla> so i'll check on that to make sure all is good
16:19:19 <cmurphy> okay
16:19:44 <gyee> where do we stash the fed attributes? in extras?
16:20:03 * gyee hides from kmalloc
16:20:09 <cmurphy> >.<
16:20:30 <kmalloc> whatever, if that is the place you're going to stash em, just do it.
16:20:42 <kmalloc> and don't tell me
16:20:55 <knikolla> haha
16:21:06 <knikolla> nothing as obscene. i think it mostly uses the federateduser table
16:21:12 <knikolla> and the references from there
16:21:54 <knikolla> no new models jumped out at me, except new driver methods
16:24:28 <cmurphy> sounds like it will be straightforward
16:24:32 <cmurphy> any questions about that one?
16:25:46 <cmurphy> the last priority effort i wanted to mention was finishing the system-scope/default-roles conversion
16:26:01 <cmurphy> last cycle we rammed a bunch of these in after feature freeze and it was kind of a mess
16:26:18 <cmurphy> this cycle i would really like if *all* of them were done before feature freeze
16:26:34 <cmurphy> i would rather not keep piling on deprecation warnings for many cycles
16:27:12 <cmurphy> and lance certainly can't get it done all by himself so i encourage anyone with extra time to pick some of these up
16:29:58 <cmurphy> anything else anyone wants to cover wrt the roadmap and specs?
16:30:41 <knikolla> looks like train will arrive on time
16:30:51 <knikolla> which is uncommon in the US, lol.
16:31:00 <cmurphy> >.>
16:31:28 <vishakha> lol
16:32:14 <gagehugo> lol
16:33:18 <cmurphy> #topic review requests
16:33:20 <cmurphy> any requests?
16:35:56 <cmurphy> i need another review on https://review.opendev.org/674122 to fix a bug i helped write
16:37:20 <knikolla> you got it.
16:37:45 <cmurphy> tyvm
16:38:21 <cmurphy> knikolla: could you also slide https://review.opendev.org/655166 up your priority list
16:38:39 <cmurphy> i know you have infinite time >.>
16:39:21 <cmurphy> kmalloc: if you could give that a onceover too ^
16:39:23 <knikolla> will do
16:39:33 <knikolla> you, i have a picture which ages instead of me
16:39:34 <kmalloc> ++
16:39:35 <kmalloc> will do
16:39:36 <knikolla> yup*
16:39:45 <cmurphy> lol
16:40:18 <cmurphy> any other reviews that are ready to call out?
16:42:08 <cmurphy> #topic open floor
16:42:29 <cmurphy> as mentioned in the newsletter i didn't plan a topic for office hours so no office hours after this
16:42:44 <cmurphy> anything else to discuss or should we call it early?
16:42:47 <gyee> when are we deprecating those openidc auth plugins in keystoneauth1? same with v3kerberos
16:43:08 <gyee> if anybody think they are still useful, I would like to know how are they being used.
16:43:47 <cmurphy> i need to refresh myself on them but i think they may all still be useful for different types of oauth flows
16:44:35 <cmurphy> the oauth2/oidc specs mention all of them
16:44:59 <knikolla> i use them
16:45:07 <knikolla> the oidc ones
16:45:52 <gyee> knikolla, as part of openstack CLI?
16:45:57 <knikolla> https://osticket.massopen.cloud/kb/faq.php?id=16
16:46:23 <cmurphy> osc is not the only consumer of ksa either
16:46:43 <knikolla> yup, either through osc, the clients or keystoneauth session directly
16:47:24 <knikolla> granted, it would only take a couple of lines to rewrite what they do in plain requests, but since oidc isn't gonna change anytime soon they don't need maintenance.
16:47:31 <kmalloc> gyee: krb should be fine to go. but keep in mind deprecation in keystoneauth is fine we can never remove them
16:47:33 <knikolla> and they're already there.
16:47:59 <kmalloc> gyee: ksa has a strict "we will not break you" contract, we can roll keystoneauth2 if we want to drop support wholesale for any api/thing
16:48:07 <gyee> k
16:50:44 <cmurphy> anything else?
16:52:08 <cmurphy> alright thanks everyone
16:52:11 <cmurphy> #endmeeting