Wednesday, 2024-09-11

« Tuesday, 2024-09-10 Index Thursday, 2024-09-12 »
*** __ministry is now known as Guest311301:25
*** mhen_ is now known as mhen01:30
opendevreviewTakashi Kajinami proposed openstack/keystone master: Remove deprecated [token] cache_on_issue  https://review.opendev.org/c/openstack/keystone/+/92879802:04
*** __ministry is now known as Guest315610:06
opendevreviewTakashi Kajinami proposed openstack/keystone master: Remove deprecated [token] cache_on_issue  https://review.opendev.org/c/openstack/keystone/+/92879813:09
*** whoami-rajat_ is now known as whoami-rajat14:04
opendevreviewTakashi Kajinami proposed openstack/keystone master: Deprecate ineffective [DEFAULT] max_param_size  https://review.opendev.org/c/openstack/keystone/+/92892314:26
opendevreviewTakashi Kajinami proposed openstack/keystone master: Deprecate ineffective [DEFAULT] max_param_size  https://review.opendev.org/c/openstack/keystone/+/92892314:28
opendevreviewDavid Wilde proposed openstack/keystone master: Add doc of OAuth 2.0 Mutual-TLS Authenticate  https://review.opendev.org/c/openstack/keystone/+/86092814:38
dmendiza[m]🙋‍♂️15:03
gtemao/15:03
d34dh0r53o/15:04
d34dh0r53sorry, lost time trying to refactor the oauth2 patches15:04
d34dh0r53#startmeeting keystone15:04
opendevmeetMeeting started Wed Sep 11 15:04:54 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:04
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:04
opendevmeetThe meeting name has been set to 'keystone'15:04
d34dh0r53#topic roll call15:05
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema15:05
mheno/15:05
gtemao/15:05
d34dh0r53#topic review past meeting work items15:06
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-04-15.02.html15:06
d34dh0r53only one15:06
d34dh0r53dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad15:06
dmendiza[m]🙋‍♂️15:09
dmendiza[m]Yeah, I removed the links to reviews that have already merged15:09
dmendiza[m]and left the topic so we can track the change to oslo.policy15:10
dmendiza[m]which now defaults to true15:10
d34dh0r53awesome, thanks dmendiza !!15:10
dmendiza[m]I think we'll want to change our defaults too, but maybe not until we branch the current release15:10
d34dh0r53ack15:11
d34dh0r53moving on to15:11
d34dh0r53#topic liaison updates15:11
d34dh0r53nothing from VMT nor releases15:11
gtemaDave Wilde (d34dh0r53): you should better review https://review.opendev.org/c/openstack/releases/+/928530 to ack release15:13
d34dh0r53thanks just did15:14
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:15
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:15
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:15
d34dh0r53External OAuth 2.0 Specification15:16
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)15:16
d34dh0r53OAuth 2.0 Implementation15:16
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls15:16
d34dh0r53OAuth 2.0 Documentation15:16
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)15:16
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)15:16
d34dh0r53working on rebasing the outstanding patches15:16
d34dh0r53I'll let y'all know when they're ready for reviews15:17
d34dh0r53next up15:17
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:17
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:17
d34dh0r532024.1 Release Timeline15:17
d34dh0r53Update oslo.policy in keystone to enforce_new_defaults=True15:17
d34dh0r53Update oslo.policy in keystone to enforce_scope=True15:17
d34dh0r53any additional updates dmendiza ?15:17
dmendiza[m]negative15:17
d34dh0r53thanks115:17
d34dh0r53#topic specification OpenAPI support (gtema)15:17
d34dh0r53#link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone15:18
d34dh0r53gtema: changes awaiting review15:18
gtemano changes from my side15:18
d34dh0r53ack15:18
d34dh0r53next up15:18
d34dh0r53#topic specification domain manager (mhen)15:18
d34dh0r53#link https://review.opendev.org/q/topic:%22domain-manager%2215:18
d34dh0r53tempest core lib patch has been merged, only keystone-tempest-plugin left15:18
d34dh0r53created a patchset for documentation: https://review.opendev.org/c/openstack/keystone/+/92813515:18
gtemaI mean changes are still waiting for review ;-)15:18
d34dh0r53right, will look at those today15:19
mhend34dh0r53: are you talking about gtema or my part?15:19
d34dh0r53we're on your part now mhen 15:20
opendevreviewTakashi Kajinami proposed openstack/keystone master: Remove deprecated [token] cache_on_issue  https://review.opendev.org/c/openstack/keystone/+/92879815:20
mhenok was a bit confused because in my IRC log gtema's comment about pending reviews was directly above your "will look at those today" so I was not sure15:20
mhenbut yea, that would be wonderful thanks :)15:21
d34dh0r53indeed, I'll look at both of those today15:22
d34dh0r53next up15:22
d34dh0r53#topic specification Type annotations (stephenfin)15:22
d34dh0r53#link https://review.opendev.org/q/project:openstack/keystoneauth+topic:typing15:22
d34dh0r53This came about from adding type hints to openstacksdk. Since we're based on/heavily use keystoneauth, we need these annotations to be able to type things correctly. After much blood and tears, I now have the thing fully typed (except for tests and fixtures) but have refrained from pushing the full ~50 patch series to avoid overloading CI/humans :)15:22
opendevreviewArtem Goncharov proposed openstack/keystoneauth master: Apply ruff, ruff-format  https://review.opendev.org/c/openstack/keystoneauth/+/92880515:22
d34dh0r53How do we want to review these? They are generally non-functional changes, though I have reworked some logic (to avoid use of try-except pattern that mypy doesn't like) and added lots of asserts to narrow types (which I will eventually convert to proper exceptions). Can I just let gtema review them and rely on CI?15:22
d34dh0r53You'll see I've used ruff and ruff-format. I realise this might be somewhat controversial, but it removes significant friction (from having to manually rewrap stuff) when adding annotations at minimal inconvenience to others15:22
d34dh0r53this is awesome!15:22
stephenfinthanks :) It was a lot of work, but I'm hoping it's a one and done kind of thing15:23
d34dh0r53To answer your question, if gtema (Artem Goncharov) is willing to review them and CI is passing I'm all for it15:23
d34dh0r53I'm fine with ruff-format as well15:24
gtema:), I'm fine, anyway reviewed some and stucked on one which I just pushed update for15:24
gtemawe can try to apply ruff to keystone as well. I think it would be minor change after we blacked it already15:24
stephenfinLovely. That's pretty much all I wanted to know (that it was an okay thing to do)15:24
gtemathen we would have both projects same style15:24
stephenfinoff-topic but ruff is sooo much faster it's not even funny15:25
stephenfinvery impressive tool15:25
gtemaagreed stephenfin15:25
gtemaI myself wonder why the heck it is so fast, is it doing anything?15:25
d34dh0r53I haven't played with it, but am going to try it15:25
d34dh0r53Maybe it's written in rust :o15:25
* d34dh0r53 hides15:25
gtemayupp, which is the reason for the new OSC cli and tui to be written in Rust as well ;-)15:26
stephenfinyeah, funny you should say that 😅15:26
d34dh0r53orly?15:26
gtema:)15:27
stephenfinyeah, again way off topic but all these tools are coming from a VC backed crowd called astral15:27
stephenfinhttps://astral.sh/15:27
d34dh0r53oh wow15:27
d34dh0r53I hadn't even looked15:27
stephenfinthere's also uv which I suspect we (OpenStack) might pivot to down the line. https://lucumr.pocoo.org/2024/2/15/rye-grows-with-uv/ is a good read when you next have spare time15:27
gtemaI also got question some time ago whether we are "willing" to start experimenting with uv, which is their answer to pip/tox15:28
gtemastephenfin - maybe we can start experimenting with it in codegenerator since it is not breaking anybody and fully in our control15:28
stephenfinand another good blog here, which I spotted on the orange site some time back https://astral.sh/blog/uv-unified-python-packaging15:29
stephenfingtema: probably, but let's not take up more of the keystone folks' time here discussing that :)15:29
gtema:)15:29
d34dh0r53very interesting, thanks for the links15:32
d34dh0r53#topic open discussion15:32
d34dh0r53(JayF) Release managers have some concern about Keystone patches not being responded to in a timely manner.15:32
d34dh0r53https://etherpad.opendev.org/p/dalmatian-relmgt-tracking#L47115:32
d34dh0r53I am not a keystone contributor and don't know the best way for you all to tackle this, but wanted to ensure you were able to see it. Thanks!15:32
d34dh0r53this is on me, there were some older EOM reviews that I missed15:32
JayFIs dropping that line in the meeting agenda a good way to point notice at you baout it?15:33
d34dh0r53I'll make sure that our queue is clean15:33
JayFI missed some for Ironic when I was PTL there, it can be easy to miss.15:33
d34dh0r53JayF: yes, that's great15:33
JayFAwesome; thanks!15:33
d34dh0r53Thank you!15:33
d34dh0r53ok, moving on to15:36
d34dh0r53#topic bug review15:36
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:36
d34dh0r531 new bug for keystone15:36
d34dh0r53https://bugs.launchpad.net/keystone/+bug/208036915:36
d34dh0r53I might be able to test this as I'm doing federation work15:37
d34dh0r53I have an LDAP server at the ready15:37
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:37
d34dh0r53python-keystoneclient has no new bugs15:38
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:38
d34dh0r53nothing new for keystoneauth15:38
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:38
d34dh0r53keystonemiddleware is good15:38
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:38
d34dh0r53pycadf has no new bugs15:39
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=015:39
d34dh0r53neither does ldappool15:39
d34dh0r53#topic conclusion15:39
d34dh0r53I'm on PTO for 10 days starting tomorrow afternoon CST so I'm going to cancel next weeks meeting15:39
d34dh0r53the reviewathons can still happen if y'all want15:40
gtemaack15:40
d34dh0r53that's all from me15:41
d34dh0r53#endmeeting15:41
opendevmeetMeeting ended Wed Sep 11 15:41:50 2024 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:41
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-11-15.04.html15:41
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-11-15.04.txt15:41
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-09-11-15.04.log.html15:41
opendevreviewDavid Wilde proposed openstack/keystone-tempest-plugin master: OAuth2.0 Client Credentials Grant Flow Support  https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/87471616:04
opendevreviewDavid Wilde proposed openstack/keystone-tempest-plugin master: OAuth 2.0 Mutual-TLS Support  https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/87579216:04
opendevreviewMerged openstack/keystoneauth master: Update betamax extra deps  https://review.opendev.org/c/openstack/keystoneauth/+/92880116:30
opendevreviewMerged openstack/keystoneauth master: Add pre-commit  https://review.opendev.org/c/openstack/keystoneauth/+/92880216:36
opendevreviewMerged openstack/keystoneauth master: docs: Remove cruft from configuration files  https://review.opendev.org/c/openstack/keystoneauth/+/92880316:37
opendevreviewMerged openstack/keystoneauth master: trivial: Remove errant trailing commas  https://review.opendev.org/c/openstack/keystoneauth/+/92880416:37
opendevreviewStephen Finucane proposed openstack/keystoneauth master: Apply ruff, ruff-format  https://review.opendev.org/c/openstack/keystoneauth/+/92880517:44
opendevreviewStephen Finucane proposed openstack/keystoneauth master: Enable ruff, ruff-format  https://review.opendev.org/c/openstack/keystoneauth/+/92880617:44
opendevreviewStephen Finucane proposed openstack/keystoneauth master: typing: Make abstract method actually abstract  https://review.opendev.org/c/openstack/keystoneauth/+/92880717:44
opendevreviewStephen Finucane proposed openstack/keystoneauth master: typing: Synchronise overridden method signatures  https://review.opendev.org/c/openstack/keystoneauth/+/92880817:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: typing: Add variable for auth plugin opts  https://review.opendev.org/c/openstack/keystoneauth/+/92880917:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: typing: Resolve remaining initial issues  https://review.opendev.org/c/openstack/keystoneauth/+/92881017:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: Enable mypy  https://review.opendev.org/c/openstack/keystoneauth/+/92881117:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: discover: Expand use of kwargs  https://review.opendev.org/c/openstack/keystoneauth/+/92881217:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: discover: Rework normalization  https://review.opendev.org/c/openstack/keystoneauth/+/92881317:45
opendevreviewStephen Finucane proposed openstack/keystoneauth master: typing: Annotate keystoneauth1.discover  https://review.opendev.org/c/openstack/keystoneauth/+/92881417:45
« Tuesday, 2024-09-10 Index Thursday, 2024-09-12 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!