Tuesday, 2021-10-26

« Monday, 2021-10-25 Index Wednesday, 2021-10-27 »
*** Guest3656 is now known as redrobot13:03
*** lbragstad6 is now known as lbragstad13:28
redrobot#startmeeting keystone15:00
opendevmeetMeeting started Tue Oct 26 15:00:06 2021 UTC and is due to finish in 60 minutes.  The chair is redrobot. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'keystone'15:00
lbragstado/15:00
redrobot#topic Roll Call15:00
redrobotCourtesy ping for ayoung, bbobrov, crisloma, d34dh0r53, dpar, dstanek, gagehugo, hrybacki, knikolla, lamt, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, spilla, jdennis, ruan_he, wxy, sonuk, vishakha,Ajay, raildo, rafaelweingartner, xek15:00
gagehugoo/15:00
xeko/15:00
d34dh0r53o/15:00
redrobotWe should probably trim down that ping list at some point15:01
* lbragstad was just looking at all the uncolored nicks15:01
redrobotLet's get started15:02
redrobot#topic Review Past Meeting Action Items15:02
redrobot#link https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-12-15.03.html15:02
knikollao/15:02
redrobot> redrobot to ask for help on System-Scope implementation in keystoneauth15:02
redrobotThis was an ask from rdopiera 15:02
redrobotI'm sure that our team at RH will be able to help out15:03
redrobotI'll bring it up during our team meeting tomorrow15:03
redrobotWe have a light agenda today15:04
redrobotso I'm going to wing it for the most part, haha15:04
redrobot#topic PTG Recap15:04
redrobot#link https://etherpad.opendev.org/p/oct2021-ptg-keystone15:04
redrobotThe PTG session was good.  The main topics were OAuth 2.0, Secure RBAC and What to do with all them Bugs15:05
redrobotNotes are above ^^^15:05
redrobot#topic OAuth 2.0 Spec15:08
redrobot#link https://review.opendev.org/c/openstack/keystone-specs/+/81315215:08
redrobotThis is the weekly reminder to please take a look at the Spec15:08
redrobotI think all the active cores have been added to the review15:09
redrobotAny questions/comments?15:10
knikollai still haven't gotten around to reviewing that, will do so today15:11
lbragstadsame here - i don't think i'll get to it this week, but i'm trying to summarize all the RBAC stuff https://review.opendev.org/c/openstack/governance/+/81515815:11
redrobotThat's a good segue into the next topic15:13
redrobot#topic Secure RBAC15:14
redrobotlbragstad any updates you want to share from the PTG?15:14
lbragstadwell - the update is probably going to be long15:14
lbragstadbut - all in all, i think everything went well15:14
lbragstadit was a mind-bender of a week15:14
lbragstadand i really need to get everything on paper 15:15
lbragstadso - that's my top priority at the moment15:15
lbragstadbut - the tl;dr is,15:15
lbragstadwe need to get to a point with policy across projects where people can actually start using it - hopefully in yoga15:15
lbragstadand we've kinda thought about another approach (and dropped an assumption) that should make that easier15:16
lbragstadso - my plan is to update the goal to target that15:17
redrobotGreat, thanks for the update lbragstad15:18
redrobot#topic Open Discussion15:19
redrobotAnything else y'all want to talk about before we get into the Bug Review?15:20
xekstill looking for reviews for https://review.opendev.org/c/openstack/keystone/+/80638115:22
xek(Update local_id limit to 255 characters Wallaby backport)15:22
lbragstadcc knikolla gagehugo ^ 15:23
gagehugolbragstad: done15:24
redrobotThis looks like it's ready to merge15:24
redrobotlbragstad do you have +A powers?15:25
lbragstadi have the power15:25
lbragstadi have applied said power15:25
redrobotthanks gagehugo and lbragstad15:26
redrobotOK, moving on to bugs15:26
redrobot#topic Bug Review15:26
redrobotGoing to try what we talked about in the PTG and review the newest and oldest bugs15:27
redrobotLet15:27
redrobot's start with the new bugs15:27
redrobot#link https://bugs.launchpad.net/keystone/+bug/194787015:27
redrobot> Keystone Kerberos auth broken when delegate to HTTP15:27
redrobotThis is a new bug opened last week15:27
redrobotlooks like the reporter has a patch to go along with it15:29
redrobot#link https://review.opendev.org/c/openstack/keystone/+/81477015:29
redrobotAnyone know enough Keberos to take a look?15:30
lbragstadnot off the top of my head 15:31
redrobotK, let's move on to the next one15:33
redrobot#link https://bugs.launchpad.net/keystone/+bug/194697415:34
redrobot>  TypeError: Can't upgrade a READER transaction to a WRITER mid-transaction 15:34
lbragstadthat seems like a legit bug, but probably not used very much since it's relying on project -> endpoint association15:36
redrobotHmm...  anyone want to take that bug?15:39
redrobotWe'll keep that in the TODO pile15:40
redrobotNext15:40
redrobot#link https://bugs.launchpad.net/keystone/+bug/194598815:40
redrobot> [stein] Cannot get openstack role assignment list --names --system all output when all is fulfilled15:40
lbragstadlooks like they're using custom policy 15:42
lbragstadi think the policy they are using requires them to have a system-role assignment for listing assignments (the new default) 15:43
lbragstadso - i wonder if that's the problem 15:43
lbragstadi can leave a comment15:43
redrobotcool, thanks lbragstad15:46
lbragstadyep - done15:46
redrobotThat's it for new unassigned bugs15:47
redrobotNow let's check in on assigned bugs15:47
redrobot#link https://bugs.launchpad.net/keystone/+bug/194586615:47
redrobotI have not had time to look at that one :(15:47
redrobot#link https://bugs.launchpad.net/keystone/+bug/194566215:47
redrobot^^ looks like we're still waiting to see the pastebin15:48
redrobotLooking at old bugs now15:49
redrobot#link https://bugs.launchpad.net/keystone/+bug/113343515:49
redrobot> 15:49
redrobotpolicy should return a 400 if a required field is missing15:49
redrobotwe talked about this one at the PTG15:50
lbragstadyeah15:50
redrobotWe'll keep it around until we are aready to add a microversion to v315:50
redrobotNext15:51
redrobot#link https://bugs.launchpad.net/keystone/+bug/117311715:51
redrobot> API calls need to be atomic15:51
lbragstadgiven keystone's architecture hasn't changed since this bug was opened, i think this is still susceptible15:52
lbragstadand would probably require a significant amount of work15:52
lbragstadthe blueprint/spec comment is still valid i think15:53
redrobotI see the spec landed... did it not get implemented?15:54
lbragstadare you looking at bug 1130676 ? 15:55
redrobot117311715:56
redrobotLooking at steve's comment #415:56
lbragstadoh - the recursive deletion spec15:57
lbragstadi'm not sure that's a solution to this particular bug 15:57
redrobotGotcha15:57
lbragstadi think the purpose of that was to make it easy to delete project trees15:58
redrobotK, let's revisit the bug next time as we're almost out of time.15:58
lbragstadack 15:58
redrobotThanks for joining, everyone!15:58
redrobotSee y'all next week.15:58
lbragstadthanks redrobot15:58
redrobot#endmeeting15:58
opendevmeetMeeting ended Tue Oct 26 15:58:32 2021 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:58
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-26-15.00.html15:58
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-26-15.00.txt15:58
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2021/keystone.2021-10-26-15.00.log.html15:58
« Monday, 2021-10-25 Index Wednesday, 2021-10-27 »

Generated by irclog2html.py 2.17.2 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!