15:00:48 <dmendiza[m]> #startmeeting keystone
15:00:48 <opendevmeet> Meeting started Tue Jul 26 15:00:48 2022 UTC and is due to finish in 60 minutes.  The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:48 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:48 <opendevmeet> The meeting name has been set to 'keystone'
15:00:53 <xek> o/
15:01:02 <dmendiza[m]> #topic Roll Call
15:01:30 <h_asahina> o/
15:01:58 <mauricioharley[m]> o/
15:02:09 <dmendiza[m]> Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek
15:02:18 <knikolla> o/
15:02:26 <dmendiza[m]> As usual the agenda is over here:
15:02:27 <dmendiza[m]> #link https://etherpad.opendev.org/p/keystone-weekly-meeting
15:02:37 <dmendiza[m]> #topic Review Past Meeting Action Items
15:02:50 <dmendiza[m]> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-07-19-15.02.html
15:02:58 <d34dh0r53> o/
15:04:40 <dmendiza[m]> I checked on the milestone-2 patches and I didn't see any patches for Keystone
15:04:50 <dmendiza[m]> I think we're past the deadline, which should be fine, hopefully
15:05:21 <dmendiza[m]> Looks like we did get releases for keystoneauth, python-keystoneclient and keystonemiddleware
15:05:27 <dmendiza[m]> #link https://review.opendev.org/c/openstack/releases/+/849559
15:05:34 <dmendiza[m]> #link https://review.opendev.org/c/openstack/releases/+/849553
15:05:42 <dmendiza[m]> #link https://review.opendev.org/c/openstack/releases/+/849552
15:06:05 <dmendiza[m]> #topic Liaison Updates
15:06:08 <dmendiza[m]> I don't have any updates
15:06:16 * dmendiza[m] needs to catch up on oslo happenings
15:06:23 <dmendiza[m]> Moving on ...
15:06:28 <dmendiza[m]> #topic OAuth 2.0
15:06:40 <dmendiza[m]> We reviewed the mTLS spec last week during the reviewathon
15:06:59 <dmendiza[m]> I think we left a few questions on a few points
15:07:10 <dmendiza[m]> thanks everyone who joined that and took the time to read through the RFC
15:07:22 <dmendiza[m]> h_asahina: any updates for us this week?
15:07:25 <h_asahina> I've confirmed it. thanks a lot. I'll update it tomorrow.
15:07:42 <dmendiza[m]> Great, thanks h_asahina
15:07:59 <dmendiza[m]> If you can get it updated before Friday we can look at it again this week for the reviewathon
15:08:02 <gagehugo> o/
15:08:11 <h_asahina> great, thanks
15:08:11 <dmendiza[m]> Hi gagehugo !
15:08:12 <knikolla> oh, hi gagehugo!
15:08:20 <dmendiza[m]> OK, moving on ...
15:08:24 <h_asahina> can I ask bout xek's comments?
15:08:24 <dmendiza[m]> #topic Secure RBAC
15:08:31 <dmendiza[m]> oops
15:08:36 <dmendiza[m]> sorry,
15:08:37 <h_asahina> sorry for interruption.
15:08:37 <dmendiza[m]> #undo
15:08:37 <opendevmeet> Removing item from minutes: #topic Secure RBAC
15:08:47 <dmendiza[m]> h_asahina: go ahead
15:09:39 <h_asahina> What does you mean by "Maybe there is just one common usecase here, that we could describe here, that we want to support,"?
15:10:12 <h_asahina> should I describe the usecase that we think the ideal, here?
15:10:28 <xek> h_asahina, maybe it's because my experience with TLS everywhere, where all of the endpoints are encrypted I see many ways this could be configured
15:11:12 <xek> h_asahina, or enabled on some endpoints, enabled only on the keystone endpoint, or there could be just one additional mtls endpoint to get the authtoken
15:12:03 <h_asahina> basically we thought of "enabled only on the keystone endpoint"
15:12:40 <h_asahina> I think forcing enabling mtls for all endpoints is out of scope of this spec
15:12:59 <xek> h_asahina, yeah, that's reasonable, I didn't want a situation where people open bugs, because they expect something to work which just isn't there
15:14:22 <h_asahina> So, should I write that is the out of scope clearly?
15:16:15 <xek> h_asahina, yeah, that would be great :)
15:17:19 <d34dh0r53> ++
15:17:40 <dmendiza[m]> Thanks h_asahina
15:17:47 <dmendiza[m]> Anything else on this topic?
15:17:51 <h_asahina> Got it.
15:18:07 <h_asahina> We've updated Yoga OAuth2.0 patch
15:18:31 <h_asahina> but, Zuul jobs in keystonemiddleware one failed.
15:18:48 <h_asahina> Do you have any clues to fix it. It seems unrealted to this patch.
15:19:14 <h_asahina> /fix it./fix it?/
15:19:32 <h_asahina> https://review.opendev.org/c/openstack/keystonemiddleware/+/830737
15:20:03 <h_asahina> Zuul: https://zuul.opendev.org/t/openstack/build/1df2f66746174d7994f698d0170b6d6e
15:20:32 <h_asahina> File "/home/zuul/src/opendev.org/openstack/keystonemiddleware/keystonemiddleware/tests/unit/audit/test_logging_notifier.py", line 36, in test_api_request_no_messaging
15:20:33 <h_asahina> call_args = log.call_args_list[0][0]
15:20:35 <h_asahina> IndexError: list index out of range
15:21:41 <h_asahina> or maybe I should say Have you seen this error?
15:22:09 <dmendiza[m]> Hmm... that's strange
15:23:57 <dmendiza[m]> h_asahina: are you able to reproduce that locally?
15:24:37 <h_asahina> I did't try yet
15:25:44 <h_asahina> I've tried, it occurs.
15:28:44 <dmendiza[m]> Yeah, weird.  Works for me locally
15:29:04 <dmendiza[m]> oh sorry on master branch
15:29:07 <dmendiza[m]> let me try your patch
15:32:35 <dmendiza[m]> Yeah, I get the same error
15:32:45 <dmendiza[m]> I'll have to look into it further after the meeting
15:32:52 <dmendiza[m]> I'll ping you if I find anything h_h
15:32:59 <dmendiza[m]> h_asahina: ^^^
15:33:08 <dmendiza[m]> OK, moving on ...
15:33:10 <h_asahina> thanks. I'll do so too.
15:33:24 <dmendiza[m]> #topic Secure RBAC
15:33:47 <dmendiza[m]> No updates from me this week.  The pop-up team should be meeting again next week, so we'll see how that goes.
15:34:04 <dmendiza[m]> #topic Implement pagination in list APIs
15:34:11 <dmendiza[m]> #link https://etherpad.opendev.org/p/Horizon_pagination_discussion
15:34:21 <dmendiza[m]> sdrozdov: around?
15:38:22 <dmendiza[m]> I guess not
15:38:30 <dmendiza[m]> but they were asking about this in the channel yesterday
15:38:56 <dmendiza[m]> I don't know the historical context, but the Keystone API does not support pagination in list calls?
15:39:15 <dmendiza[m]> but it was supported before?
15:39:23 <gagehugo> I thought it was supported
15:39:29 <dmendiza[m]> So the ask is to re-enable, or I guess re-implement pagination.
15:39:32 <gagehugo> but it's been awhile since I last looked
15:39:42 <dmendiza[m]> Yeah, I haven't dug into the code
15:39:57 <dmendiza[m]> sdrozdov is running a cloud with lots of entities
15:40:20 <dmendiza[m]> and having issues with certain horizon pages crashing because they cannot paginate through our APIs
15:40:29 <dmendiza[m]> It seems like a reasonable request to me.
15:41:22 <mauricioharley[m]> Agreed.
15:42:10 <dmendiza[m]> I think we might need a spec for that though
15:44:43 <dmendiza[m]> OK, moving on ...
15:44:51 <dmendiza[m]> #topic Open Discussion
15:45:01 <dmendiza[m]> Any other topics we should cover before we look at bug reports?
15:46:15 <gagehugo> sorry I stepped away for a second
15:46:30 <gagehugo> If anyone has time to review https://review.opendev.org/c/openstack/keystone/+/849724, I'd appreciate it
15:46:38 <gagehugo> that's all I got
15:47:45 <dmendiza[m]> Ack, I'll take a look
15:52:09 <dmendiza[m]> #topic Bug Review
15:52:15 <dmendiza[m]> Let's quickly go through the new bugs
15:52:26 <dmendiza[m]> #link https://bugs.launchpad.net/keystone/+bug/1982489
15:52:35 <dmendiza[m]> > keystoneauth dependencies appear broken
15:52:43 <dmendiza[m]> I was not able to recreate this in Fedora
15:53:53 <dmendiza[m]> I was talking to Julia about it, and she mentioned she's using Debian
15:54:00 <dmendiza[m]> so I'll have to set up a Debian VM to check this out
15:54:07 <dmendiza[m]> unless someone is a Debian user here?
15:58:06 <dmendiza[m]> And that's the only new bug this week.
15:58:16 <dmendiza[m]> That's all the time we have for today
15:58:20 <dmendiza[m]> thanks for joining, y'all
15:58:23 <dmendiza[m]> #endmeeting