15:04:07 #startmeeting keystone 15:04:07 Meeting started Tue Jun 6 15:04:07 2023 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:07 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:04:07 The meeting name has been set to 'keystone' 15:04:27 🙋‍♂️ 15:04:30 #topic roll call 15:04:36 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m] 15:04:38 o/ 15:04:42 brb 15:04:48 oh 15:04:51 o/ 15:06:47 back, hi everybody! 15:07:02 #topic review past meeting work items 15:07:18 https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-05-30-15.03.html 15:07:22 #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-05-30-15.03.html 15:07:36 o/ 15:07:43 first up d34dh0r53 review https://bugs.launchpad.net/keystone/+bug/2009752 15:07:57 I marked this as confirmed as I'm pretty sure it's an issue 15:08:08 next up d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:08:22 I still need to do this and the next one 15:08:26 #action d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:08:37 #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation 15:08:47 next up d34dh0r53 update https://review.opendev.org/c/openstack/keystonemiddleware/+/882401 to include test_ec2_token_middleware.py 15:09:01 this has been added but the CI is failing, stevedore I think 15:09:25 keystonemiddleware seems to be pretty broken due to stevedore and I don't know how to fix it 15:09:43 I don't understand how those modules are being enumerated 15:10:53 and I noticed that sahid was asking about keystonemiddleware earlier 15:11:23 maybe dmendiza[m] and I can put our heads together this afternoon and figure out how to fix keystonemiddleware 15:11:43 Yeah, it's been a while since I looked under the hood at stevedore 15:11:52 some serious black magic going on there 15:11:58 yeah, it's not pretty 15:12:30 #action dmendiza[m] and d34dh0r53 to look at keystonemiddleware stevedore failures 15:12:42 next up 15:12:54 d34dh0r53 look at https://bugs.launchpad.net/keystone/+bug/2018644 15:13:00 I haven't gotten to that one yet 15:13:03 #action d34dh0r53 look at https://bugs.launchpad.net/keystone/+bug/2018644 15:13:12 next up drencrom look at https://review.opendev.org/c/openstack/keystonemiddleware/+/878027 to see if we can add the test_ec2_token_middleware.py to it 15:13:28 I think this is failing due to stevedore 15:14:03 we'll see if we can get it passing if we're able to iron out the stevedore issue 15:14:32 finally we have investigate dependency issue in this patch wallaby: https://review.opendev.org/c/openstack/keystone/+/874844 15:14:38 not sure who was assigned to this one 15:15:10 https://review.opendev.org/c/openstack/keystonemiddleware/+/878027 is abandoned 15:15:26 yep, thanks xek 15:17:27 I think we need to re-submit that one once victoria is in better shape 15:17:36 gerrit was rejecting it 15:19:00 I'm not sure what's going on with the keystoneauth package version either, which is why https://review.opendev.org/c/openstack/keystone/+/874844 is failing 15:19:32 #action d34dh0r53 figure out why https://review.opendev.org/c/openstack/keystone/+/874844 is failing 15:20:06 #topic liaison update 15:20:13 nothing from VMT this week 15:20:49 #topic specification OAuth 2.0 (hiromu) 15:21:14 External OAuth 2.0 Specification 15:21:16 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 15:21:18 OAuth 2.0 Implementation 15:21:20 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:21:22 OAuth 2.0 Documentation 15:21:24 #link https://review.opendev.org/c/openstack/keystone/+/838108 15:21:26 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 15:23:22 #topic Secure RBAC (dmendiza[m]) 15:23:33 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:23:35 Service Role Implementation 15:23:37 #link https://review.opendev.org/c/openstack/keystone/+/863420 15:23:39 Manager Role Implementation 15:23:41 #link https://review.opendev.org/c/openstack/keystone/+/822601 15:25:32 Yeah, no progress on those, still working on Barbican SRBAC and some downstream Keystone SRBAC stuff... should hopefully get a chance to work on that stuff later this month 15:25:44 ack, thanks dmendiza[m] 15:26:02 #topic specification SQLAlchemy 2.0 (stephenfin) 15:26:18 #link https://review.opendev.org/q/topic:sqlalchemy-20+is:open+project:openstack/keystone 15:26:19 Can I get reviews on this, while I have context/time to close it out? 15:26:21 What more do you need from me? 15:27:00 Once we get the CI for keystonemiddleware a bit more healthy we'll circle back to these and get them merged 15:27:19 #topic open discussion 15:27:53 (drencrom) We need to merge these backports to fix pep8 tests 15:27:55 wallaby #link https://review.opendev.org/c/openstack/keystonemiddleware/+/878026 15:27:57 This is blocking #link https://review.opendev.org/c/openstack/keystonemiddleware/+/873921 15:27:59 zed #link https://review.opendev.org/c/openstack/keystonemiddleware/+/878023 15:28:09 we're working on getting these in, we reviewed quite a bit last Friday 15:28:43 (drencrom) Remove cache invalidation when using expired token (ussuri backport) 15:28:44 #link https://review.opendev.org/c/openstack/keystonemiddleware/+/877398 15:28:46 Zuul jobs seem to run but no +1 message 15:29:05 we need to see if we can get that one merged as well 15:29:47 dmendiza[m], xek already has a +2 on https://review.opendev.org/c/openstack/keystonemiddleware/+/877398, can you bump it? 15:30:14 d34dh0r53: needs Wallaby first 15:30:27 #link https://review.opendev.org/c/openstack/keystonemiddleware/+/873921 15:30:47 ahh, ack 15:30:50 Hmm.. not sure why that's active still actually 15:30:54 sorry, I missed that one 15:30:58 it's got the necessary +'es 15:31:41 I tried to add/remove the +W just now ... let' 15:31:48 s see if Zuul picks it up 15:31:58 ok, does it need https://review.opendev.org/c/openstack/keystonemiddleware/+/878026/2 first? 15:32:38 * dmendiza[m] is confused 15:32:46 me too 15:33:43 Yes, I think it needs 878026 15:34:14 which needs another +2 15:34:18 OK, less confused now, haha 15:34:29 merging 878026 15:35:07 sweet, thanks 15:35:10 let's see how that goes 15:35:41 (mustafakemalgilor) PooledLdapHandler message.clean() patch backports 15:35:43 review request 15:35:45 #link ussuri: https://review.opendev.org/c/openstack/keystone/+/874846 15:35:47 #link victoria: https://review.opendev.org/c/openstack/keystone/+/874847 15:35:49 #link wallaby: https://review.opendev.org/c/openstack/keystone/+/874844 15:36:08 the wallaby patch for this one is complaining about the keystoneauth package version 15:36:11 At this point I'd actually make a little "spreadsheet" in a text file, with all the backports and what needs what. I just cannot keep up. 15:36:16 so we have a mismatch somewhere 15:36:24 zaitcev: that's a good idea 15:36:35 I'll try to do that this afternoon 15:36:46 Well... extensive bureaucracy has its costs, but my mind is too small. 15:38:39 finally we have 15:38:42 (reqa) Add openstack cli support for OAuth 2.0 Device Authorization Grant with PKCE: 15:38:44 review request 15:38:46 #link https://review.opendev.org/c/openstack/keystoneauth/+/883852 15:38:48 Reasoning: When switching wsgi-keystone.conf to use PKCE for WebSSO, this also applies to the CLI (e.g. ForgeRock implemented the same) 15:38:56 this looks reasonable at first glance 15:40:52 depending on how the keystonemiddleware and keystoneauth issues we're facing in CI go this week, maybe we can review this patch during the reviewathon on Friday 15:41:15 we need to get CI healthy first though 15:41:29 anything else for open discussion? 15:42:28 You know what I'll say, right? https://review.opendev.org/c/openstack/keystone/+/874346 15:42:46 But I was remiss at looking at Hiromu's stuff too, so oh well 15:43:50 indeed, we will look at this on Friday 15:44:24 #action reviewathon https://review.opendev.org/c/openstack/keystone/+/874346 15:45:18 #topic bug review 15:45:25 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:45:57 no new bugs in keystone 15:46:06 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:46:24 nothing new in python-keystoneclient 15:46:40 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:46:51 nor is there anything new in keystoneauth 15:46:57 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:47:32 looks like Sahid added https://bugs.launchpad.net/keystonemiddleware/+bug/2023015 15:48:05 there is a fix proposed to master 15:48:27 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:48:47 pycadf is clean 15:48:48 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:48:51 so is ldappool 15:48:56 #topic conclusion 15:49:25 No meeting or reivewathon next week, OpenInfra Summit and PTG 15:49:46 I'd like to focus on keystonemiddleware and the keystoneauth package version issues 15:50:52 I'll start looking at those now and try to come up with a way to better track what we have in flight and what needs merging when 15:51:02 anyone have anything else? 15:51:35 thanks folks! Hope to see you in Vancouver :) 15:51:42 dmendiza[m]: enjoy your PTO 15:51:51 #endmeeting