Tuesday, 2022-08-16

« Monday, 2022-08-15 Index Wednesday, 2022-08-17 »
opendevreviewKe Niu proposed openstack/keystonemiddleware master: remove unicode prefix from code  https://review.opendev.org/c/openstack/keystonemiddleware/+/85312204:35
opendevreviewKe Niu proposed openstack/keystonemiddleware master: remove unicode prefix from code  https://review.opendev.org/c/openstack/keystonemiddleware/+/85312204:37
opendevreviewKe Niu proposed openstack/keystonemiddleware master: remove unicode prefix from code  https://review.opendev.org/c/openstack/keystonemiddleware/+/85312204:42
*** whoami-rajat__ is now known as whoami-rajat08:08
*** dviroel_ is now known as dviroel11:38
knikolladmendiza[m]: won't be able to attend the weekly meeting. I'm flying to Boston. 13:51
*** dasm|off is now known as dasm13:55
dmendiza[m]knikolla: ack, have a safe trip13:59
knikollathanks! 14:01
dmendiza[m]#startmeeting keystone15:01
opendevmeetMeeting started Tue Aug 16 15:01:03 2022 UTC and is due to finish in 60 minutes.  The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.15:01
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:01
opendevmeetThe meeting name has been set to 'keystone'15:01
dmendiza[m]#topic Roll Call15:01
dmendiza[m]Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek15:01
d34dh0r53o/ lurking15:01
xeko/15:02
h-asahinao/15:02
xek-15:02
dmendiza[m]Hi y'all!15:04
dmendiza[m]Let's get started15:04
dmendiza[m]#topic Review Previous Meeting Action Items15:04
dmendiza[m]#link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-09-15.02.html15:04
dmendiza[m]We didn't have any15:04
dmendiza[m]#topic Liaison  U pdates15:05
dmendiza[m]Just a quick update from the release/maintenance side15:05
dmendiza[m]We've marked the Pike branck as EOL15:05
dmendiza[m]#link https://review.opendev.org/c/openstack/releases/+/85155915:05
dmendiza[m]#info Pike is now EOL15:05
dmendiza[m]OK, moving on 15:10
dmendiza[m]#topic OAuth 2.015:10
dmendiza[m]h_asahina 👋15:10
h-asahinahi15:10
dmendiza[m]Any updates this week?15:10
h-asahinafirst of all, we submitted a patch for keystonemiddleware Zuul error   https://review.opendev.org/c/openstack/keystonemiddleware/+/85259015:11
h-asahinaplease kindly reveiew it. by this patch we can merge https://review.opendev.org/c/openstack/keystonemiddleware/+/830737. of cource we have to reply knikolla's comment before doing that.15:12
h-asahinaI also updated the spec https://review.opendev.org/c/openstack/keystone-specs/+/843765, according to the previous meeting.15:13
dmendiza[m]h-asahina: ac, merged the first patch15:13
dmendiza[m]*ack15:13
h-asahinathanks15:13
dmendiza[m]h-asahina: yeah, last Friday was a day off for Red Hat, so we didn't get a chance to review your udpates15:14
dmendiza[m]we'll review this Friday for the reviewathon15:14
h-asahinagot it thanks.15:14
h-asahinacan i confirm the schedule?15:14
h-asahinaI suppose this spec and 3 patches that we submitted during Yoga cycle can be merged within Zed cycle. do you feel it possible?15:15
dmendiza[m]#link https://releases.openstack.org/zed/schedule.html15:16
dmendiza[m]We have a couple of weeks before Zed-315:16
dmendiza[m]we should try to get everything reviewed this week so we can have some time to update patches if needed.15:16
h-asahinaokey. that's right. from our side, it would be helpful at least if these three patches will be merged in Zed: https://review.opendev.org/c/openstack/keystoneauth/+/830734; https://review.opendev.org/c/openstack/keystonemiddleware/+/830737; https://review.opendev.org/c/openstack/keystone/+/83073915:19
h-asahinalike you said, we have tiem. if you leave the comment this week, we'll update the patches next week.15:21
dmendiza[m]great, thanks h-asahina 15:21
h-asahinathanks. that's all from my side :)15:23
dmendiza[m]OK, moving on ...15:24
dmendiza[m]#topic Secure RBAC15:24
dmendiza[m]Looks like the pop-ups are not really happening anymore.  15:27
dmendiza[m]The patch to delay system scope did merge so I'll have to review that15:27
dmendiza[m]#link https://review.opendev.org/c/openstack/governance/+/847418/14/goals/selected/consistent-and-secure-rbac.rst15:27
dmendiza[m]#topic Open Discussion15:31
dmendiza[m]Anything else y'all want to talk about before we look at bug reports?15:32
h-asahinaif you have time, i'd like to talk about my comment on the spec briefly15:36
h-asahina:dmendiza15:36
h-asahinaif it's better to wait for the next review comment, i'll wait.15:36
dmendiza[m]h-asahina: I think maybe it would be better to talk about it after folks have a had a chance to read it15:37
* dmendiza[m] has not read the update yet 😅15:37
h-asahinaah, sorry, i meant my reply comment which is the questions about the last meeting.15:38
dmendiza[m]Sure go ahead15:38
h-asahinathanks, I have two questions: (i) delegation of Users' permission; (ii) usage of mapping API in our case.15:39
h-asahina(i) according to your suggestion, we are implementing mTLS OAuth2.0 so that User API is used for OAuth2.0 client management15:41
h-asahinabasically we think it'll work, but we have concerns that delegation of user permission is not possible.15:42
h-asahinafor example, it's not possible for non-admin user who is only allowed to access Tacker API to delegate it's role to a client15:42
h-asahinabut it's possible if we use credentials API and allow this user to access the credentials API.15:43
h-asahinado you have any idea to solve this problem or justify this issue?15:44
dmendiza[m]Hmm... I am not sure.  I'd like to find out what knikolla thinks...  we should follow-up with him and try to get an answer.15:46
h-asahinaok15:46
h-asahina(ii) You said we can look at mapping API as a reference15:46
h-asahinabut we feel we can just use it to manage mapping rules between DN in a client cert and keystone Users' attributes (e.g., username, project_id).15:47
h-asahinado you feel it's reasonable?15:48
h-asahinalet me explain further, we thought we have to implement the similar codes from scratch but now we think we don't have to.15:50
h-asahinait's also knikolla's comment https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-09-15.02.log.html#l-65, maybe it's better to wait for him?15:55
dmendiza[m]Yeah ... I think he may be referring to mapping cert attributes -> user attributes so we can get the correct roles in the token15:58
dmendiza[m]I'll ask knikolla about it if he joins the review on Friday15:59
dmendiza[m]That's about all the time we have for the meeting this week.15:59
dmendiza[m]Thanks for joining, everyone!15:59
dmendiza[m]#endmeeting15:59
opendevmeetMeeting ended Tue Aug 16 15:59:57 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:59
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-16-15.01.html15:59
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-16-15.01.txt15:59
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-08-16-15.01.log.html15:59
h-asahinagot it. thanks. dmendiza:16:00
opendevreviewMerged openstack/keystonemiddleware master: Fix logging notifier unit test  https://review.opendev.org/c/openstack/keystonemiddleware/+/85259017:00
*** dviroel is now known as dviroel|brb20:02
*** dviroel|brb is now known as dviroel21:15
*** dviroel is now known as dviroel|afk21:40
*** dasm is now known as dasm|off22:26
« Monday, 2022-08-15 Index Wednesday, 2022-08-17 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!