19:07:08 <lbragstad> #startmeeting keystone-office-hours
19:07:08 <openstack> Meeting started Tue Nov 28 19:07:08 2017 UTC and is due to finish in 60 minutes.  The chair is lbragstad. Information about MeetBot at http://wiki.debian.org/MeetBot.
19:07:09 <openstack> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
19:07:11 <openstack> The meeting name has been set to 'keystone_office_hours'
19:09:01 <lbragstad> fyi - i'll be multi-tasking meeting for the next hour
19:09:05 <openstackgerrit> Merged openstack/keystone master: Fix role schema in trust object  https://review.openstack.org/523415
19:10:11 <lbragstad> we do have a list of office-hours tagged bugs available, too
19:10:14 <lbragstad> #link https://goo.gl/tRbEsD
19:43:36 <knikolla> i'm picking this up https://bugs.launchpad.net/keystone/+bug/1291157
19:43:36 <openstack> Launchpad bug 1291157 in OpenStack Identity (keystone) "idp deletion should trigger token revocation" [Medium,In progress] - Assigned to Lance Bragstad (lbragstad)
19:43:52 <lbragstad> knikolla: oh - sweet
19:44:09 <lbragstad> knikolla:  i was just about to start working on that but i'll move on to the next one :)
19:45:07 <lbragstad> i'm going to pickup reviews for https://bugs.launchpad.net/keystone/+bug/1728690
19:45:07 <openstack> Launchpad bug 1728690 in OpenStack Identity (keystone) "member_role_id/name conf options reference v2" [Medium,In progress] - Assigned to wangxiyuan (wangxiyuan)
19:45:53 <lbragstad> i can also pick up https://bugs.launchpad.net/keystone/+bug/1662623
19:45:53 <openstack> Launchpad bug 1662623 in OpenStack Identity (keystone) "Testing keystone docs are outdated" [Wishlist,Confirmed]
19:52:31 <efried> lbragstad cmurphy https://review.openstack.org/523515 Release keystoneauth 3.2.1
19:52:59 <efried> lbragstad cmurphy I still really want to get https://bugs.launchpad.net/keystoneauth/+bug/1707993 done and in a release, but I'm stymied by the unit tests.
19:52:59 <openstack> Launchpad bug 1707993 in keystoneauth "EndpointData.url should regurgitate my endpoint_override" [Low,In progress] - Assigned to Eric Fried (efried)
19:54:46 <cmurphy> efried: yeah those tests are really hard to wrap a single brain around :(
20:17:55 <openstackgerrit> Lance Bragstad proposed openstack/keystone master: Update keystone testing documentation  https://review.openstack.org/523524
20:46:10 <lbragstad> cmurphy: nice find - https://bugs.launchpad.net/keystone/+bug/1733836
20:46:10 <openstack> Launchpad bug 1733836 in OpenStack Identity (keystone) "Support LDAP server discovery via DNS SRV records" [Wishlist,New]
20:46:57 <knikolla> lbragstad: quick thought, can we make it so that unscoped tokens give the identity endpoint in the service catalog?
20:47:17 <lbragstad> knikolla: jamielennox had that idea a while back
20:47:23 <knikolla> the empty catalog messes up the clients
20:47:39 <lbragstad> knikolla: i think it was actually proposed as a specification
20:47:52 <lbragstad> i want to say there were some patches available for it, too
20:48:57 <lbragstad> knikolla: yep
20:48:59 <lbragstad> #link https://review.openstack.org/#/c/107333/
20:49:59 <knikolla> i'll give it a look
20:50:29 <knikolla> there's been several cases where i had to use the api directly because clients didn't like unscoped tokens for stuff which unscoped tokens should work
20:50:51 <lbragstad> knikolla: yeah - we've had the discussion before
20:51:02 <lbragstad> knikolla: and i know jamielennox had some work proposed for it
20:51:11 <lbragstad> it might just be that it didn't get finished
20:51:18 <cmurphy> lbragstad: customer wanted that actually, not 100% sure keystone is the right place for it but thought i could bring it up
20:51:23 <knikolla> cool. yeah, proposed for kilo, that predates me by a full cycle.
20:52:06 <lbragstad> cmurphy: it's a good discussion
20:52:15 <lbragstad> cmurphy: what the status of python-ldap?
20:52:44 <cmurphy> i forget, kmalloc ^ ?
20:52:57 <cmurphy> iirc there are two and we're using the python3-compatible one
20:53:00 <lbragstad> was there hesitation to add it because of resources or another reason?
20:56:27 <cmurphy> lbragstad: security concerns https://mail.python.org/pipermail/python-ldap/2013q4/003299.html also concerns that changing how the url is read is a major change in behavior - "<hyc> it would be a major behavior change, I think no." from https://mail.python.org/pipermail/python-ldap/2013q4/003298.html
20:56:44 <lbragstad> mmm
20:56:48 <cmurphy> but that thread is from four years ago and was probably for the older python-ldap, not the one we're using
20:56:57 <cmurphy> so probably worth revisiting with the current maintainer
20:58:57 <lbragstad> ++
21:00:57 <cmurphy> i guess they're merging back https://github.com/pyldap/pyldap/blob/master/README#L2
21:02:49 <lbragstad> huh
21:18:21 <kmalloc> cmurphy: hmmm.
21:18:33 <kmalloc> cmurphy: we moved to a py3 compat one, didn't we?
21:19:04 <kmalloc> oh wow. *eye roll*
21:19:41 <cmurphy> kmalloc: yes we did, i see pyldap in setup.cfg
21:20:06 <kmalloc> pyldap ... back to python-ldap, annoying.
21:20:10 <cmurphy> lol
21:21:20 * kmalloc grumps.
21:21:32 <kmalloc> I have to order a new part for my bike so i can use it on my trainer.
21:29:26 <openstackgerrit> Merged openstack/keystone-specs master: Outline policy goals  https://review.openstack.org/460344
21:33:56 <lbragstad> woo!