15:00:15 #startmeeting keystone 15:00:15 Meeting started Tue Feb 15 15:00:15 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:15 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:15 The meeting name has been set to 'keystone' 15:00:21 #topic Roll Call 15:00:29 Courtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, ruan_he, wxy, sonuk, vishakha,Ajay, rafaelweingartner, xek 15:00:32 o/ 15:00:34 o/ 15:00:57 Hi y'all! 15:01:02 As usual the agenda is over here: 15:01:04 #link https://etherpad.opendev.org/p/keystone-weekly-meeting 15:01:30 o/ 15:03:21 OK, let's get started 15:03:31 #topic Review Past Meeting Action Items 15:03:41 #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-02-08-15.01.html 15:03:45 We didn't have any 15:04:00 #topic Liaison Updates 15:04:08 knikolla: any updates this week? 15:06:39 we're moving Keystone back to a PTL model since dmendiza[m] offered to be PTL 15:07:17 governance change is tracked here https://review.opendev.org/c/openstack/governance/+/829037 15:07:32 thank you dmendiza[m] 15:07:38 ++ 15:08:55 😁👍️ 15:09:23 Yeah, hopefully we're still on time? I think nominations close today? 15:11:41 yeah 15:12:27 Right on. I'll keep an eye out on that patch 15:13:28 #link https://review.opendev.org/c/openstack/election/+/828927 15:13:33 ^^^ the PTL nomination patch 15:13:46 OK, moving on ... 15:14:02 #topic Specs 15:14:23 First up the OAuth 2.0 spec 15:14:24 #link https://review.opendev.org/c/openstack/keystone-specs/+/813152 15:14:34 Still just a +2 from knikolla 15:15:13 gagehugostill needs to take a look 15:16:16 gagehugo: can you please give that spec a review? it's basically allowing application credentials to serve as oauth 2.0 client secrets, and creates a REST API that implements the OAuth 2.0 client credentials part of the specification 15:16:40 sure 15:19:08 there is a comment chain that is about as long as the spec itself now though haha 15:21:21 haha, well, that comment chain caused the spec to become that short 15:22:19 early in Zed i'll be proposing more aspects of oauth/openid connect as specs 15:23:52 nice 15:24:02 * dmendiza[m] will also take a look at spec 15:24:41 Next, the "service" role spec has more discussion happening 15:24:56 please share thoughts/opinions if you can 15:24:58 #link https://review.opendev.org/c/openstack/keystone-specs/+/818616 15:25:07 i've allocated some time to go through it today 15:25:28 The "manager" role spec didn' tpass the gate 15:25:30 #link https://review.opendev.org/c/openstack/keystone-specs/+/818603 15:25:34 I'll take a look at that today 15:27:04 That's all for the active specs 15:27:15 Moving on ... 15:27:17 #topic PTG 15:27:23 The next PTG is coming up in April 15:27:39 We've tentatively picked a couple of time slots for Keystone discussions: 15:27:52 #link https://ethercalc.openstack.org/7yxdas7suqnd 15:28:10 Tuesday April 5 1500-1700 UTC 15:28:11 and 15:28:25 Thursday April 7 1500-1700 UTC 15:28:34 Please let me know if we need to adjust those for any reason 15:29:50 Those work for me 15:30:13 I've also started an etherpad to collect topics to be covered during the PTG 15:30:15 #link https://etherpad.opendev.org/p/z-ptg-keystone 15:30:24 Please feel free to add any topics you think would be good to discuss 15:31:49 #topic Open Discussion 15:32:05 Any other topics y'all want to talk about before we move on to Bug Review? 15:35:13 OK, moving on 15:35:18 #topic Bug Review 15:35:39 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:35:44 No new Keystone bugs 15:36:01 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:36:09 No new python-keystoneclient bugs 15:36:28 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:36:49 No new keystoneauth bugs 15:36:53 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:36:57 No new keystonemiddleware bugs 15:37:15 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:37:20 No new pycadf bugs 15:37:30 https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:37:48 And no new ldappool bugs 15:38:03 whew, that's a lot of launchpads. 😅 15:38:14 #topic Review Requests 15:38:20 Any reviews we should talk about now? 15:40:03 https://review.opendev.org/c/openstack/keystone/+/828595 let me know what you think, I’m not sure how to fix this without making upgrades terrible 15:42:58 This fix addresses the core of the bug in that it’s no longer silent but it’s not really a fix 15:44:51 Maybe an addition to the keystone-manage doctor CLI to check for this would provide a better user experience 15:45:07 Since this seem to be the case of a mismatch between desired max length, and supported max length by the algorithm 15:45:10 seems* 15:45:30 ahh, that’s a good idea 15:45:46 This way we can push out a warning to operators "hey you want to support 200 char passwords, switch to this other algo" 15:45:58 knikolla: right 15:47:02 is that in python-keystoneclient? 15:47:50 no, it's part of keystone https://github.com/openstack/keystone/tree/master/keystone/cmd 15:48:25 awesome, thank you 15:48:58 np :) 15:51:34 Cool 15:51:41 We've got just a few minutes left. 15:54:18 OK, let's call it a day. 15:54:23 Thanks for joining, everyone! 15:54:26 #endmeeting