15:00:34 <d34dh0r53> #startmeeting keystone
15:00:34 <opendevmeet> Meeting started Tue Jan 24 15:00:34 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:34 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:34 <opendevmeet> The meeting name has been set to 'keystone'
15:00:42 <d34dh0r53> #topic roll call
15:00:57 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev
15:02:06 <d34dh0r53> #topic review past meeting work items
15:02:10 <knikolla[m]> o/
15:02:12 <d34dh0r53> first up we have
15:02:16 <d34dh0r53> o/ knikolla[m]
15:02:21 <d34dh0r53> d34dh0r53 update the CrossProjectLiaisons wiki https://wiki.openstack.org/wiki/CrossProjectLiaisons
15:02:34 <d34dh0r53> I didn't get a chance, will try this week
15:02:37 <d34dh0r53> #action d34dh0r53 update the CrossProjectLiaisons wiki https://wiki.openstack.org/wiki/CrossProjectLiaisons
15:02:48 <d34dh0r53> same for d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more
15:02:51 <d34dh0r53> #action d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more
15:03:11 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:03:28 <d34dh0r53> looks like this was reviewed by xek, thanks!
15:03:45 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystone/+/838108
15:04:07 <d34dh0r53> also has been reviewed
15:04:19 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystone/+/860928
15:05:02 <d34dh0r53> that was reviewed by knikolla[m], and pending testing looks like a good start
15:05:17 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystone/+/863420
15:05:23 <knikolla[m]> yeah, i've been working on that on and off for the past few days.
15:05:49 <d34dh0r53> knikolla[m]: great, how's it looking?
15:06:08 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystone/+/863420 was reviewed as well
15:07:06 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/867603 is the last one and it may be gating
15:07:11 <d34dh0r53> it has all of the votes
15:07:58 <knikolla[m]> d34dh0r53: mostly okay. i'm also trying to fill the gaps in my understanding of mtls and tls
15:08:53 <d34dh0r53> knikolla[m]: cool, good to hear
15:09:16 <d34dh0r53> that does it for the past meeting items, thanks for handling all of those reviews
15:10:00 <d34dh0r53> #topic liaison updates
15:10:10 <d34dh0r53> nothing from the VMT end
15:10:53 <d34dh0r53> moving on then
15:11:11 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:11:19 <hiromu> o/
15:11:39 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:11:41 <d34dh0r53> External OAuth 2.0 Specification
15:11:43 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:11:45 <d34dh0r53> OAuth 2.0 Implementation
15:11:47 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:11:49 <d34dh0r53> OAuth 2.0 Documentation
15:11:51 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:11:53 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:11:55 <d34dh0r53> hello hiromu o/
15:12:50 <d34dh0r53> any updates for the OAuth 2.0 Spec?
15:12:58 <hiromu> no update from me
15:13:17 <hiromu> i have one question
15:13:30 <hiromu> will you two try mtls patch this week reviewathon?
15:13:58 <d34dh0r53> I will not have time to test it this week, not sure about knikolla[m] or xek
15:14:11 <knikolla[m]> i am in the process of
15:15:06 <hiromu> i see. it would be good if you could notify me when you try them
15:15:44 <knikolla[m]> https://review.opendev.org/c/openstack/keystone/+/860613 needs to be update to not pass credential_id as per your comment as well
15:16:15 <knikolla[m]> another thing i noticed, is that this method of authentication can only work for a single project of users. corresponding to the default_project_id
15:16:43 <hiromu> yes, i will update https://review.opendev.org/c/openstack/keystone/+/860613
15:18:10 <hiromu> ah, yes. basically, user (or client) belongs to the single project that what we assumed
15:19:20 <d34dh0r53> cool, we'll re-sync on this during the reviewathon this week
15:19:27 <d34dh0r53> next up we have
15:19:43 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:19:54 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:19:56 <d34dh0r53> Service Role Implementation
15:19:58 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/863420
15:20:00 <d34dh0r53> Manager Role Implementation
15:20:02 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:21:05 <d34dh0r53> the service role looks good to go, but the manager role still needs feedback
15:22:19 <d34dh0r53> #topic open discussion
15:22:29 <d34dh0r53> (drencrom) Need a review for this cherry pick https://review.opendev.org/c/openstack/keystonemiddleware/+/868284
15:22:31 <d34dh0r53> I need to port it all the way to ussuri
15:23:56 <d34dh0r53> drencrom: anything you'd like to add? If not I'll add it to the reviewathon queue for this Friday
15:24:32 <drencrom> hi o/. No nothing special to add.
15:24:36 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystonemiddleware/+/868284
15:24:44 <d34dh0r53> drencrom: cool, thanks for that patch!
15:24:50 <d34dh0r53> next up we have:
15:25:00 <d34dh0r53> PooledLdapHandler MaxConnectionReachedError bug
15:25:02 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/1998789
15:25:04 <d34dh0r53> Review request
15:25:06 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/866723
15:25:24 <d34dh0r53> adding this to the reviewathon queue as well
15:25:44 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystone/+/866723
15:26:05 <d34dh0r53> anything else before we move on to bug review?
15:26:38 <d34dh0r53> #topic bug review
15:26:40 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:27:58 <d34dh0r53> nothing new for keystone
15:29:18 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:29:40 <d34dh0r53> nothing new for python-keystoneclient
15:29:50 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:30:22 <d34dh0r53> no new bugs in keystoneauth
15:30:35 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:31:10 <d34dh0r53> no new issues here
15:31:23 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:31:33 <d34dh0r53> pycadf is clear
15:31:45 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:31:50 <d34dh0r53> as is ldappool
15:31:57 <d34dh0r53> that does it for bug review
15:32:06 <d34dh0r53> #topic conclusion
15:32:15 <d34dh0r53> anyone have anything before we go?
15:34:02 <d34dh0r53> thanks folks!
15:34:07 <d34dh0r53> #endmeeting