| opendevreview | Juan Pedro Torres Muñoz proposed openstack/keystone master: Assign user into domain from assertion https://review.opendev.org/c/openstack/keystone/+/896072 | 10:11 |
|---|---|---|
| opendevreview | Aarni Koskela proposed openstack/python-keystoneclient master: Remove six dependency https://review.opendev.org/c/openstack/python-keystoneclient/+/896637 | 10:16 |
| opendevreview | Juan Pedro Torres Muñoz proposed openstack/keystone master: Assign user into domain from assertion https://review.opendev.org/c/openstack/keystone/+/896072 | 12:10 |
| opendevreview | Aarni Koskela proposed openstack/python-keystoneclient master: Remove six dependency https://review.opendev.org/c/openstack/python-keystoneclient/+/896637 | 13:08 |
| *** blarnath is now known as d34dh0r53 | 15:06 | |
| d34dh0r53 | o/ | 15:06 |
| d34dh0r53 | #startmeeting keystone | 15:06 |
| opendevmeet | Meeting started Wed Sep 27 15:06:16 2023 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:06 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:06 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:06 |
| hiromu | o/ | 15:06 |
| d34dh0r53 | #topic roll call | 15:06 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m] | 15:06 |
| d34dh0r53 | o/ sorry I'm late today | 15:06 |
| dmendiza[m] | 🙋♂️ | 15:08 |
| d34dh0r53 | #topic review past meeting work items | 15:08 |
| d34dh0r53 | we didn't have a meeting last week, so this is from a couple of weeks ago | 15:08 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-09-13-15.03.html | 15:08 |
| d34dh0r53 | both of the actions items are on me, and I didn't get a chance to look at either as I was on unscheduled PTO for the majority of the week | 15:09 |
| d34dh0r53 | #action d34dh0r53 Look into adding/restoring a known issues section to our documentation | 15:09 |
| d34dh0r53 | #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation | 15:09 |
| d34dh0r53 | moving on... | 15:09 |
| d34dh0r53 | #topic liaison updates | 15:10 |
| d34dh0r53 | nothing from VMT | 15:10 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:11 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:12 |
| d34dh0r53 | External OAuth 2.0 Specification | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 | 15:12 |
| d34dh0r53 | OAuth 2.0 Implementation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls | 15:12 |
| d34dh0r53 | OAuth 2.0 Documentation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:12 |
| hiromu | We're going to implement FT for ext. Auth server support for Keystone middleware | 15:12 |
| hiromu | and I have a question about that | 15:12 |
| d34dh0r53 | sorry, FT? | 15:13 |
| hiromu | I mean functional tests | 15:13 |
| hiromu | like tempest | 15:13 |
| hiromu | or integrated tests | 15:13 |
| d34dh0r53 | ahh | 15:14 |
| d34dh0r53 | thank you | 15:14 |
| hiromu | no worry. that might be domestic term | 15:14 |
| hiromu | anyway, we're looking for the right place for the tests | 15:14 |
| d34dh0r53 | keystone-tempest-tests I think | 15:15 |
| hiromu | Yeah, but I think implementing the test in other projects that will use this feature can be another option | 15:16 |
| d34dh0r53 | I see | 15:17 |
| hiromu | tacker-tempest-plugin for example, | 15:17 |
| hiromu | although tacker doesn't have the tempest-plugin now | 15:17 |
| hiromu | I think that might be better in terms of maintancability | 15:17 |
| d34dh0r53 | ok, I would like to see some tests in keystone-tempest-plugin as well so that we can run them in the gate | 15:19 |
| d34dh0r53 | and ensure we don't break anything with future code updates | 15:20 |
| hiromu | ok | 15:20 |
| hiromu | but what we should test? | 15:20 |
| hiromu | I mean keystone middleware for ext. oauth server only works with Tacker, Barbican and Ironic | 15:20 |
| hiromu | running integration tests of keystonemiddleware with those services at keystone-tempest-plugin is a little bit unnatural for me. | 15:21 |
| d34dh0r53 | hmm, I see your point | 15:22 |
| d34dh0r53 | maybe we can include those tests as part of our testing then | 15:23 |
| hiromu | also, I'm afraid of that tests will fail due to changes of Tacker, Ironic and Barbican. In that case, Keystone maintainer have to fix Tacker, Ironic and Barbican's codes for keystone-tempest-plugin | 15:24 |
| hiromu | which test you meant? | 15:24 |
| d34dh0r53 | maybe a non-voting or experimental test | 15:24 |
| hiromu | non-voting make sense for me. | 15:25 |
| d34dh0r53 | ok, that sounds good, please let us know if we can assist with reviews | 15:25 |
| hiromu | good. | 15:26 |
| hiromu | thanks | 15:26 |
| d34dh0r53 | anything else hiromu? | 15:26 |
| hiromu | no, but one thing. the implementation of that test might take time | 15:27 |
| hiromu | so I want to put the target date of merging it to the end of release cycle | 15:27 |
| d34dh0r53 | ok | 15:27 |
| d34dh0r53 | that shouldn't be a problem | 15:28 |
| hiromu | perfect. nothing else. thank you for your help. | 15:28 |
| d34dh0r53 | thank you hiromu! | 15:29 |
| d34dh0r53 | next up | 15:29 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:29 |
| d34dh0r53 | I think we've done everything for now, do we still need to keep this on the agenda dmendiza[m]? | 15:29 |
| dmendiza[m] | Yes, there is still work to do | 15:30 |
| dmendiza[m] | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html | 15:30 |
| dmendiza[m] | I think now that bobcat (2023.2) has branched we can move to the next phase | 15:30 |
| d34dh0r53 | ok | 15:31 |
| dmendiza[m] | We can probably change our defaults to use SRBAC by default | 15:31 |
| dmendiza[m] | i.e. enforce_new_defaults=True and enforce_Scope=True | 15:32 |
| d34dh0r53 | cool, updating the agenda | 15:33 |
| d34dh0r53 | Who is doing the oslo.policy work, or is that TBD? | 15:33 |
| dmendiza[m] | not sure I understand your question. What work are you referring to? | 15:35 |
| d34dh0r53 | updating the defaults in oslo.policy, or did I misread? | 15:36 |
| dmendiza[m] | Oh, we do that in keystone | 15:38 |
| dmendiza[m] | there's a function called set_defaults where we can override what oslo.policy has as their default | 15:39 |
| d34dh0r53 | ahh, ok | 15:39 |
| dmendiza[m] | I don't think we can change the defaults in oslo.policy until everyone is on-board | 15:39 |
| d34dh0r53 | I see, I misunderstood what the spec was saying | 15:40 |
| dmendiza[m] | So yeah, I'll be working on that | 15:42 |
| d34dh0r53 | ok, cool | 15:42 |
| d34dh0r53 | thanks dmendiza[m] | 15:42 |
| d34dh0r53 | moving on | 15:42 |
| d34dh0r53 | #topic open discussion | 15:43 |
| d34dh0r53 | nothing on the agenda | 15:43 |
| d34dh0r53 | anyone have anything? | 15:43 |
| d34dh0r53 | cool, moving on | 15:44 |
| d34dh0r53 | #topic bug review | 15:44 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:45 |
| d34dh0r53 | there is one new bug in keystone | 15:45 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2037052 | 15:45 |
| d34dh0r53 | it has a patch up | 15:45 |
| d34dh0r53 | next up we have | 15:46 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:46 |
| d34dh0r53 | nothing new in python-keystoneclient | 15:46 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:46 |
| d34dh0r53 | keystoneauth is clean | 15:46 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:47 |
| d34dh0r53 | one new bug | 15:47 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bug/2037177 | 15:47 |
| d34dh0r53 | we have six still being imported, should be an easy fix | 15:47 |
| d34dh0r53 | that does it for keystonemiddleware | 15:48 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:48 |
| d34dh0r53 | nothing for pycadf | 15:48 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:48 |
| d34dh0r53 | and ldappool is looking good | 15:48 |
| d34dh0r53 | #topic conclusion | 15:48 |
| d34dh0r53 | anyone have anything before we go? | 15:49 |
| d34dh0r53 | thanks everyone! | 15:49 |
| d34dh0r53 | #endmeeting | 15:49 |
| opendevmeet | Meeting ended Wed Sep 27 15:49:24 2023 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:49 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-09-27-15.06.html | 15:49 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-09-27-15.06.txt | 15:49 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-09-27-15.06.log.html | 15:49 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!