keystoneauth dependencies appear broken

Using python 3.8.5 on Debian, trying to run tox commands, it appears the test-requirements.txt defines ranges of packages. Even with an upgraded pip, although it seems to default to by base os pip of 22.1.2, dependency resolution takes 30+ minutes. Updating hacking, certifi, and commenting out pycodestyle, that gets down to about 5 minutes, but still fails with an underlying dependency issue rooted.

The state of my test-requirements.txt:

+++ b/test-requirements.txt
@@ -2,10 +2,10 @@
 # of appearance. Changing the order has an impact on the overall integration
 # process, which may cause wedges in the gate later.

-hacking>=3.0.1,<3.1.0 # Apache-2.0
+hacking>=4.1.0,<5.0.0 # Apache-2.0
 flake8-docstrings==0.2.1.post1 # MIT
 flake8-import-order>=0.17.1 #LGPLv3
-pycodestyle>=2.0.0,<2.6.0 # MIT
+#pycodestyle>=2.8.0,<2.9.0 # MIT

 bandit<1.6.0,>=1.1.0 # Apache-2.0
 coverage!=4.4,>=4.0 # Apache-2.0
@@ -23,3 +23,4 @@ PyYAML>=3.12 # MIT
 requests-kerberos>=0.8.0 # ISC
 lxml>=4.2.0 # BSD
 oauthlib>=0.6.2 # BSD
+certifi>=2022.5.18.1

Fatal error:

ERROR: Cannot install pyspnego[kerberos]==0.5.2 because these package versions have conflicting dependencies.

The conflict is caused by:
    pyspnego[kerberos] 0.5.2 depends on krb5>=0.3.0; sys_platform != "win32" and extra == "kerberos"
    The user requested (constraint) krb5===0.3.0

To fix this you could try to:
1. loosen the range of package versions you've specified
2. remove package versions to allow pip attempt to solve the dependency conflict