Tuesday, 2022-12-20

« Monday, 2022-12-19 Index Wednesday, 2022-12-21 »
opendevreviewOpenStack Proposal Bot proposed openstack/keystonemiddleware master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/keystonemiddleware/+/86155202:13
opendevreviewPavlo Shchelokovskyy proposed openstack/keystonemiddleware master: Configure audit message publisher  https://review.opendev.org/c/openstack/keystonemiddleware/+/84829510:38
opendevreviewPavlo Shchelokovskyy proposed openstack/keystonemiddleware master: Add ignore_path_list option  https://review.opendev.org/c/openstack/keystonemiddleware/+/85066910:39
*** dviroel|out is now known as dviroel10:58
*** dasm|off is now known as dasm13:43
knikolla[m]i merged the oauth 2.0 mtls spec, since it has 2 2+ and a +1 from Dave.14:05
opendevreviewMerged openstack/keystone-specs master: OAuth 2.0 Mutual-TLS Support  https://review.opendev.org/c/openstack/keystone-specs/+/84376514:08
knikolla[m]sorry for not being active in the past week. i was traveling14:11
xekknikolla: hey, can you take a look at https://review.opendev.org/c/openstack/keystoneauth/+/865439 ?14:14
xekI would like to create a new keystoneauth release after it merges14:15
xekd34dh0r53 ^14:16
xekknikolla: I replied14:36
knikolla[m]Grzegorz Grasza: thanks, I had an additional question in there which I forgot to end with a question mark, haha. Sorry about that. Without any prior information, what microversion header would the client send during discovery?14:37
xekknikolla: the barbican client would send 1.1 by default, which is the newest version it supports14:40
xekknikolla: like curl -v -H 'OpenStack-API-Version: key-manager 1.1' <barbican endpoint url>14:40
knikolla[m]is this behavior common across all other openstack services that implement microversions? sending this header in this manner?14:41
xekknikolla: yes, the client specifies the version of the API they want via the header14:42
xekhttps://specs.openstack.org/openstack/api-wg/guidelines/microversion_specification.html#client-interaction14:43
xekknikolla: the way it differs from eg. nova is that the nova api v2.1 supported microversions from it's inception, whereas in barbican we added microversions to the original api (v1), which doesn't change the original api url14:47
opendevreviewGrzegorz Grasza proposed openstack/keystoneauth master: Allow passing of version header  https://review.opendev.org/c/openstack/keystoneauth/+/86543914:55
xekknikolla ^14:56
opendevreviewGrzegorz Grasza proposed openstack/keystoneauth master: Allow passing of version header  https://review.opendev.org/c/openstack/keystoneauth/+/86543914:58
xek^ removed an extra return14:58
d34dh0r53#startmeeting keystone15:00
opendevmeetMeeting started Tue Dec 20 15:00:10 2022 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:00
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:00
opendevmeetThe meeting name has been set to 'keystone'15:00
knikolla[m]o/15:00
xeko/15:00
d34dh0r53#topic roll call15:00
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev15:01
d34dh0r53o/15:01
zaitcevo/15:01
hiromuo/15:01
d34dh0r53wow, great turnout for the end of the year, thanks for joining :)15:01
d34dh0r53#topic review past meeting work items15:02
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-12-13-15.00.html15:02
d34dh0r53first up15:02
d34dh0r53ACTION: reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/838104 (d34dh0r53, 15:03:52)15:02
d34dh0r53we looked a bit at the documentation for the OAuth 2.0 stuff in the reviewathon, now that the m-tls spec has merged we can focus on the outstanding reviews, pushing this again15:04
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/83810415:05
d34dh0r53same with the next one15:05
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystone/+/83810815:05
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystone/+/86092815:06
d34dh0r53another docs patch for oauth 2.015:07
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/86092315:07
d34dh0r53next up we have d34dh0r53 look into user-defined attribute access control15:08
d34dh0r53as far as I can tell user-defined attribute access control is not a thing that we support, hiromu I think you asked about this 15:09
d34dh0r53that would need a spec for implementation so maybe after antelope we can look at that if it's still needed15:10
d34dh0r53next up we have another rewviewathon that we didn't get to https://review.opendev.org/c/openstack/keystone/+/86342015:11
d34dh0r53we'll look at this one this week15:11
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystone/+/86342015:11
d34dh0r53next up we had15:11
d34dh0r53knikolla[m] please review https://review.opendev.org/c/openstack/pycadf/+/86370215:11
d34dh0r53knikolla[m]: thanks for looking at that, I'll see if I can figure out what failed in the gate for that one15:12
d34dh0r53finally we had 15:13
d34dh0r53knikolla[m] please review https://review.opendev.org/c/openstack/keystonemiddleware/+/86680515:13
d34dh0r53that patch merged and unblocked15:13
hiromusorry took time to remember. regarding the user attributes, i understand it's not supported by Keystone, and for now we don't need to support it as we're trying alternative way.  15:13
d34dh0r53thanks for pushing it through knikolla[m] 15:13
d34dh0r53hiromu: ack, thanks for the update15:13
d34dh0r53that does it for the past meeting work items15:14
d34dh0r53#topic liaison updates15:14
d34dh0r53nothing new from VMT15:14
d34dh0r53knikolla[m]: anything from release management?15:14
knikolla[m]d34dh0r53: to be fair, i haven't had that much time to look into any release work. so perhaps it's best i don't have my name on it anymore. 15:17
d34dh0r53knikolla[m]: ack, thanks15:17
d34dh0r53knikolla[m]: is that in a governance repo or just on our list?15:17
knikolla[m]i think it's a wiki15:18
knikolla[m]https://wiki.openstack.org/wiki/CrossProjectLiaisons#Release_management15:18
knikolla[m]ah, and in fact my name is not there. 15:18
d34dh0r53oh, I didn't know about that wiki15:20
* d34dh0r53 needs to update it15:20
xekbtw I think we also have to sort out this list: https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members15:20
d34dh0r53#action d34dh0r53 update the CrossProjectLiaisons wiki https://wiki.openstack.org/wiki/CrossProjectLiaisons15:21
knikolla[m]i don't think that list is used anywhere :/ 15:22
xekoh, ok, i never did a keystone release so I wasn't sure15:22
d34dh0r53#action d34dh0r53 look into the keystone-groups members as well https://review.opendev.org/admin/groups/d7203dc55fa9bdf98c578b16ac398e0c754a1a67,members not sure if it's used any more15:23
d34dh0r53cool, thanks knikolla[m] and xek15:23
xekthere is a similar keystoneauth-release which includes keystone-release group https://review.opendev.org/admin/groups/defa38d1e363d439a0458380efb0824d639d5ffd,members15:24
knikolla[m]i don't think those groups are still relevant, but if they are, we can just have all of them include -core and not have extra users15:24
xekok, if there are any issues I'll ask lbragstad to do that15:25
d34dh0r53thanks xek15:28
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:29
d34dh0r53The spec merged!15:29
hiromuthanks a lot!15:29
d34dh0r53Thanks knikolla[m] and xek for the final reviews on that15:29
d34dh0r53I've added a link to the etherpad for the implementation topic15:30
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls15:30
hiromuI hope the code review will also go well.15:31
d34dh0r53we can get started reviewing and testing those during the reviewathon15:31
d34dh0r53There are also a couple of documentation reviews15:31
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/83810815:32
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/83810415:32
d34dh0r53next spec is15:33
d34dh0r53#topic specification Secure RBAC15:33
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:33
d34dh0r53the specs have merged and the implementation links are here15:34
d34dh0r53Service Role Implementation15:34
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/86342015:34
d34dh0r53Manager Role Implementation15:34
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/82260115:34
d34dh0r53hopefully we get some feedback/updates from Abhishek on the -1's on the manager implementation patch15:36
d34dh0r53but probably not this year15:37
d34dh0r53that does it for spec review, next up is15:37
d34dh0r53#topic open discussion15:37
d34dh0r53we don't have anything on the agenda, does anyone have anything?15:37
zaitcevnot me15:40
d34dh0r53ok, moving on to bug review15:40
d34dh0r53#topic bug review15:40
d34dh0r53before we get into the projects, I've started cleaning up some old bugs15:40
d34dh0r53starting with keystone15:40
d34dh0r53you may get some strange emails from bugs that are ~3, 4 even 5 years old15:41
d34dh0r53I don't have a ton of context on some of them so if I mistakenly close something that is still valid please don't hesitate to re-open15:41
d34dh0r53we just have a ton of cruft in there and it would be nice to clean house a bit15:41
d34dh0r53this is just spare time work, but I plan to do some during the holidays15:42
d34dh0r53first up for bug-review is:15:42
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:42
*** dviroel is now known as dviroel|lunch15:43
d34dh0r53next up is python-keystoneclient15:43
d34dh0r53link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:44
d34dh0r53all good there15:44
d34dh0r53keystoneauth is next15:44
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:44
d34dh0r53thanks for your patch on https://bugs.launchpad.net/keystoneauth/+bug/1999431 zaitcev 15:45
d34dh0r53#action reviewathon https://review.opendev.org/c/openstack/keystoneauth/+/86760315:45
zaitcevMuch easier than client TLS certs :-)15:46
d34dh0r53or if knikolla[m] or xek can look at ^^ before then that would be great15:46
d34dh0r53zaitcev: indeed :)15:46
d34dh0r53next up we have keystonemiddleware15:46
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:46
d34dh0r53which has no new bugs15:47
d34dh0r53moving on to pycadf15:47
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:47
d34dh0r53also nothing new15:47
d34dh0r53and finally ldappool15:47
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:47
d34dh0r53also clean15:47
d34dh0r53that does it for bug review15:48
d34dh0r53#topic conclusion15:48
d34dh0r53this is the last keystone weekly meeting of 202215:48
d34dh0r53A personal thanks from me for the work in getting the specs merged and the help in trying to get keystone back into shape15:49
d34dh0r53the reviewathons have been a big help15:49
d34dh0r53we'll keep those going into next year and continue to work to reduce the backlog of reviews and bugs15:50
d34dh0r53I hope everyone has a wonderful new year, safe travels and enjoy any time off you may take :)15:51
d34dh0r53Thanks all!15:53
d34dh0r53#endmeeting15:53
opendevmeetMeeting ended Tue Dec 20 15:53:27 2022 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:53
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-12-20-15.00.html15:53
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-12-20-15.00.txt15:53
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-12-20-15.00.log.html15:53
opendevreviewDavid Wilde proposed openstack/pycadf master: Fix pep8 gate  https://review.opendev.org/c/openstack/pycadf/+/86822116:27
opendevreviewSergiy Markin proposed openstack/keystone master: Emit project tags CADF notifications  https://review.opendev.org/c/openstack/keystone/+/86011316:31
*** whoami-rajat__ is now known as whoami-rajat16:45
*** dviroel|lunch is now known as dviroel16:59
opendevreviewSergiy Markin proposed openstack/keystone master: Emit project tags CADF notifications  https://review.opendev.org/c/openstack/keystone/+/86011317:30
opendevreviewSergiy Markin proposed openstack/keystone master: Emit project tags CADF notifications  https://review.opendev.org/c/openstack/keystone/+/86011317:52
opendevreviewSergiy Markin proposed openstack/keystone master: Emit project tags CADF notifications  https://review.opendev.org/c/openstack/keystone/+/86011318:44
opendevreviewMerged openstack/keystoneauth master: Allow passing of version header  https://review.opendev.org/c/openstack/keystoneauth/+/86543919:07
opendevreviewSergiy Markin proposed openstack/keystone master: Emit project tags CADF notifications  https://review.opendev.org/c/openstack/keystone/+/86011319:38
*** dviroel is now known as dviroel|out21:42
opendevreviewMerged openstack/keystoneauth master: Enforce scope mutual exclusion for system  https://review.opendev.org/c/openstack/keystoneauth/+/80268322:37
« Monday, 2022-12-19 Index Wednesday, 2022-12-21 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!