15:00:29 <d34dh0r53> #startmeeting keystone
15:00:29 <opendevmeet> Meeting started Wed Aug 30 15:00:29 2023 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:29 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:29 <opendevmeet> The meeting name has been set to 'keystone'
15:00:46 <d34dh0r53> #topic roll call
15:00:47 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m]
15:00:49 <d34dh0r53> o/
15:01:09 <xek> o/
15:01:36 <noonedeadpunk> o/
15:02:26 <d34dh0r53> #topic review past meeting work items
15:02:43 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-08-23-15.02.html
15:02:59 <d34dh0r53> d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:03:21 <d34dh0r53> no update on any of the docs issues
15:03:26 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:03:44 <d34dh0r53> #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation
15:03:54 <d34dh0r53> #action d34dh0r53 look into doc bug of missing Identity section on https://docs.openstack.org/2023.1/projects.html
15:04:26 <hiromu> o/
15:05:07 <d34dh0r53> reviewathon get https://review.opendev.org/c/openstack/keystone/+/890661 merged
15:05:15 <d34dh0r53> this was merged during the reviewathon, thanks!
15:05:23 <d34dh0r53> reviewathon https://review.opendev.org/c/openstack/keystone/+/891024
15:05:35 <d34dh0r53> We still need to get this one merged
15:05:47 <d34dh0r53> #action reviewathon https://review.opendev.org/c/openstack/keystone/+/891024
15:06:12 <d34dh0r53> and we're going to get to the OAuth 2.0 interoperability this week as hiromu will be able to join
15:06:21 <d34dh0r53> #action reviewathon https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:06:35 <hiromu> b
15:06:42 <d34dh0r53> that does it for the past meeting action items
15:06:44 <d34dh0r53> next up we have
15:06:52 <d34dh0r53> #topic liaison updates
15:06:56 <d34dh0r53> nothing from VMT
15:07:30 <noonedeadpunk> Would be awesome to have this backport to also merge https://review.opendev.org/c/openstack/keystone/+/892864 not sure if it's for reviewathon or not
15:08:48 <d34dh0r53> noonedeadpunk: I just did it, thanks for the reminder
15:09:23 <d34dh0r53> cool, moving on
15:09:33 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:09:42 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:09:44 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:09:46 <d34dh0r53> External OAuth 2.0 Specification
15:09:48 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:09:50 <d34dh0r53> OAuth 2.0 Implementation
15:09:52 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:09:54 <d34dh0r53> OAuth 2.0 Documentation
15:09:56 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:09:58 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:11:19 <hiromu> https://review.opendev.org/c/openstack/keystonemiddleware/+/868734 has been updated
15:12:14 <hiromu> I think the comments we recieved have been solved. I'd appricate if you could check them again.
15:12:26 <d34dh0r53> excellent, thanks hiromu, I'll try to start looking at that today/tomorrow, hopefully others can as well as we'll hit that in the reviewathon on Friday
15:13:10 <hiromu> thanks. yes. let's look the details Friday
15:13:27 <dmendiza[m]> 🙋
15:14:31 <d34dh0r53> hi dmendiza[m]
15:14:39 <d34dh0r53> speaking of, next up we have
15:14:47 <d34dh0r53> #topic Secure RBAC (dmendiza[m])
15:14:57 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:14:59 <dmendiza[m]> Hi!
15:14:59 <d34dh0r53> Manager Role Implementation
15:15:01 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/822601
15:15:12 <dmendiza[m]> Yeah, so I'm hoping we can lad the manager role before M3
15:15:20 <dmendiza[m]> so please hold on on approving the tag until we land it
15:15:48 <dmendiza[m]> It's a small enough change, but it does not clean up the role implication data during an upgrade
15:16:09 <dmendiza[m]> basically we end up with this mapping with the current patch:
15:16:11 <dmendiza[m]> admin ----> manager... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/rMYUTVpdvlAzUpYCZdTfLcFm>)
15:16:21 <dmendiza[m]> oops, that looks terrible on paste
15:16:41 <dmendiza[m]> `admin ----> manager... (full message at <https://matrix.org/_matrix/media/v3/download/matrix.org/vyrZtAgnsBnXjayvnseDDUka>)
15:16:54 <dmendiza[m]> yeah, still terrible
15:17:03 <dmendiza[m]> last try to paste:
15:17:12 <dmendiza[m]> admin ----> manager
15:17:20 <dmendiza[m]> \        |
15:17:29 <dmendiza[m]> \        |'
15:17:35 <dmendiza[m]> ugh, that looks awful too
15:17:45 <dmendiza[m]> anyway, we end up with the "admin" role  having two mappings
15:17:47 <dmendiza[m]> which is wrong
15:17:54 <dmendiza[m]> since the previous mapping does not get removed on upgrade
15:17:59 <dmendiza[m]> so I'm working on a fix to the patch to do that
15:18:07 <dmendiza[m]> the barbican-manage bootstrap command is pretty barebones
15:18:29 <dmendiza[m]> and takes a "insert to DB first, ask questions later" approach, which is not ideal
15:19:12 <dmendiza[m]> I've also got to check to see if we have any defaults that need to be changed.\
15:19:50 <dmendiza[m]> I promised gmann I would do something else, and as soon as I remember what that is I'l ltry to do that before M3 too.
15:21:40 <d34dh0r53> awesome, thank you for that work dmendiza[m]
15:21:51 <d34dh0r53> the admin dual mapping does seem wrong to me as well
15:23:29 <d34dh0r53> I'll hold off on the M3 approvals for now
15:23:42 <d34dh0r53> next up
15:23:47 <d34dh0r53> #topic open discussion
15:23:58 <d34dh0r53> anyone have anything? there's nothing on the agenda
15:24:04 <dmendiza[m]> You get you PTL in?
15:24:11 <dmendiza[m]> It's ending super soon
15:24:57 <dmendiza[m]> Oh, I see it now
15:24:59 <dmendiza[m]> #link https://review.opendev.org/c/openstack/election/+/893179
15:25:05 <dmendiza[m]> d34dh0r53: PTLFL!!!
15:25:10 <d34dh0r53> LOL
15:25:36 <d34dh0r53> yes, if y'all will have me :)
15:25:54 <d34dh0r53> I sent out the same thing on the mailing list
15:26:27 <andrewbonney> Sorry if I missed the time for bugs. Is there any chance someone could take a look at / confirm I'm not missing something for https://bugs.launchpad.net/keystone/+bug/2030061 ?
15:27:11 <d34dh0r53> dmendiza[m], can you look at that one it dovetails into what you're working on
15:28:16 <dmendiza[m]> ack, I'll take a look
15:28:21 <andrewbonney> Thanks :)
15:28:38 <d34dh0r53> np, thanks andrewbonney
15:29:46 <d34dh0r53> moving on
15:29:59 <d34dh0r53> #topic bug review
15:30:09 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:30:15 <d34dh0r53> we have one new bug in keystone
15:30:30 <d34dh0r53> https://bugs.launchpad.net/keystone/+bug/2032839
15:30:43 <d34dh0r53> looks like the enforcer may not be thread safe
15:32:36 <d34dh0r53> that one will take some replication and digging, any volunteers?
15:35:01 <d34dh0r53> ok
15:35:05 <d34dh0r53> next up we have
15:35:20 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:35:30 <d34dh0r53> no new bugs there
15:35:41 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:35:53 <d34dh0r53> nothing new for keystoneauth
15:35:59 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:36:16 <d34dh0r53> keystonemiddleware is good
15:36:23 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:36:35 <d34dh0r53> pycadf is operating flawlessly
15:36:47 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:37:07 <d34dh0r53> and ldappool is pooling
15:37:13 <d34dh0r53> #topic conclusion
15:37:18 <d34dh0r53> anything before we go?
15:37:37 <d34dh0r53> reviewathon on Friday
15:37:41 <d34dh0r53> thanks everyone!
15:37:45 <d34dh0r53> #endmeeting