| *** dviroel is now known as dviroel|out | 00:04 | |
| opendevreview | Yusuke Niimi proposed openstack/keystone master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystone/+/830739 | 08:18 |
|---|---|---|
| opendevreview | Yusuke Niimi proposed openstack/keystoneauth master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystoneauth/+/830734 | 08:38 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 10:04 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 10:14 |
| opendevreview | Yusuke Niimi proposed openstack/keystoneauth master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystoneauth/+/830734 | 10:43 |
| *** dviroel|out is now known as dviroel | 11:29 | |
| opendevreview | Yusuke Niimi proposed openstack/keystone master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystone/+/830739 | 11:53 |
| opendevreview | Yusuke Niimi proposed openstack/keystone master: OAuth2.0 Client Credentials Grant Flow Support https://review.opendev.org/c/openstack/keystone/+/830739 | 12:31 |
| *** whoami-rajat__ is now known as whoami-rajat | 13:42 | |
| knikolla | i have a scheduling conflict with today's meeting, but i will be reading back the logs as soon as i'm done later today. | 14:47 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 14:59 |
| d34dh0r53 | knikolla: ack, thank you | 15:00 |
| d34dh0r53 | #startmeeting keystone | 15:00 |
| opendevmeet | Meeting started Tue May 31 15:00:28 2022 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:00 |
| d34dh0r53 | #topic Roll Call | 15:00 |
| d34dh0r53 | courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek | 15:01 |
| d34dh0r53 | #topic Review past meeting work items | 15:01 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone_weekly_meeting/2022/keystone_weekly_meeting.2022-05-24-15.04.html | 15:02 |
| d34dh0r53 | I had an action item to discuss with dmendiza[m] the meeting during the summit. | 15:03 |
| d34dh0r53 | I was not able to connect with Doug, so we'll have to talk about it in Berlin. We'll update you here about the status of the meeting | 15:03 |
| d34dh0r53 | #action d34dh0r53 talk to dmendiza[m] about next weeks meeting | 15:04 |
| d34dh0r53 | #topic Specifications | 15:04 |
| d34dh0r53 | OAuth 2.0 | 15:04 |
| h-asahina | o/ | 15:04 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:04 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 15:05 |
| h-asahina | Zuul is still in progress... | 15:05 |
| d34dh0r53 | h-asahina: I see you submitted the additional specification for Mutual-TLS support | 15:05 |
| h-asahina | yes and I've just fixed tox which failed building recently | 15:06 |
| h-asahina | Also, I've submitted the bug report regarding this problem of tox | 15:06 |
| h-asahina | I'll submit the patch to fix it separately later. | 15:07 |
| d34dh0r53 | h-asahina: excellent, thank you | 15:07 |
| h-asahina | :) | 15:07 |
| h-asahina | I'd like to explain the contents of the spec now. is it ok? | 15:07 |
| d34dh0r53 | h-asahina: yes, that is fine | 15:08 |
| h-asahina | thanks | 15:08 |
| h-asahina | I'll briefly explain the background of this spec as we have changed the contents from the BP. | 15:08 |
| h-asahina | Actually, we have to change our contents for Zed release as our priority has been changed. | 15:09 |
| h-asahina | As I explained before, I came from OpenStack Tacker project that try to make Virtual Network Function Manager supporint the famous standard in that area called ETSI NFV SOL. | 15:10 |
| h-asahina | and that's why we need to meet the latest standard | 15:10 |
| h-asahina | In the latest SOL013, which define the common API specification for NFV components (including VNFM), forces the components to use OAuth2.0 mutual TLS, i.e., RFC8705. | 15:11 |
| h-asahina | https://datatracker.ietf.org/doc/html/rfc8705 | 15:12 |
| h-asahina | To meets this requirement, we'd like to implement RFC8705 to Keystone, KeystoneMiddleware and keystoneauth. | 15:12 |
| h-asahina | Changes to do it includes the contents of BP but also includes several new parts like adding APIs. | 15:13 |
| h-asahina | So, I'd like to hear the feasibility of this proposal from Keystone core. | 15:13 |
| h-asahina | I note that this changes will not reduce the security level by the way. | 15:14 |
| h-asahina | Could you tell me your opinion? | 15:15 |
| d34dh0r53 | h-asahina: The specification you've provided looks good, but I am not qualified to fully give an opinion at this time. | 15:17 |
| d34dh0r53 | h-asahina: I will bring this up as an item for discussion with dmendiza[m] and knikolla at the Summit next week. Are you going to be there? | 15:17 |
| h-asahina | unfortunately, I'm not | 15:18 |
| d34dh0r53 | h-asahina: ok | 15:19 |
| d34dh0r53 | #action d34dh0r53 dmendiza[m] knikolla review meeting logs and discuss https://review.opendev.org/c/openstack/keystone-specs/+/843765/4/specs/keystone/zed/support-oauth2-mtls.rst | 15:20 |
| h-asahina | so, plese give me comments on the spec. I'll check and reply it. | 15:20 |
| d34dh0r53 | h-asahina: yes, we will and hopefully time will permit us to hold the weekly meeting so we can discuss further | 15:21 |
| h-asahina | good | 15:21 |
| d34dh0r53 | thank you h-asahina! | 15:21 |
| d34dh0r53 | moving on to Secure RBAC | 15:21 |
| h-asahina | thank you too! | 15:21 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:21 |
| d34dh0r53 | I don't have any updates for Secure RBAC | 15:22 |
| *** dviroel is now known as dviroel|lunch | 15:22 | |
| d34dh0r53 | next up: Gate inherited assignments from parent (bbobrov) | 15:23 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/334364 | 15:23 |
| d34dh0r53 | we will review this at the summit as well as it's been updated recently | 15:25 |
| d34dh0r53 | bbobrov: do you have anything you'd like to add? | 15:25 |
| d34dh0r53 | #action d34dh0r53 dmendiza[m] knikolla review https://review.opendev.org/c/openstack/keystone-specs/+/334364 | 15:26 |
| d34dh0r53 | #topic public discussion | 15:27 |
| d34dh0r53 | I need to ask dmendiza[m] about bandit and building from git | 15:28 |
| d34dh0r53 | #action d34dh0r53 ask dmendiza[m] about this bandit line in the agenda | 15:28 |
| d34dh0r53 | anything else? | 15:28 |
| d34dh0r53 | ok, moving on | 15:29 |
| opendevreview | Alexandre arents proposed openstack/keystone master: Federation: add support for projects_json assertion https://review.opendev.org/c/openstack/keystone/+/844098 | 15:29 |
| d34dh0r53 | #topic bug review | 15:30 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:30 |
| d34dh0r53 | looks like one new keystone bug: https://bugs.launchpad.net/keystone/+bug/1976387 | 15:30 |
| d34dh0r53 | this was from h-asahina and a fix is forthcoming | 15:30 |
| h-asahina | yes | 15:31 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:31 |
| d34dh0r53 | no new python-keystoneclient bugs | 15:31 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:31 |
| d34dh0r53 | no new keystoneauth bugs | 15:31 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:32 |
| d34dh0r53 | no new keystomemiddleware bugs | 15:32 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:32 |
| d34dh0r53 | no new pycadf bugs | 15:32 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:33 |
| d34dh0r53 | and, no new ldappool bugs | 15:33 |
| d34dh0r53 | #topic open floor | 15:33 |
| d34dh0r53 | Does anyone have anything else for this week? | 15:33 |
| d34dh0r53 | Reminder than the OpenInfra Summit is next week in Berlin, I'm looking forward to meeting and seeing those who can make it | 15:34 |
| d34dh0r53 | Another reminder that we'll be having another reviewathon at 15:00 UTC this Friday. Please let me know if you'd like to be included and I can send you the invite. | 15:35 |
| d34dh0r53 | Thanks everyone! | 15:38 |
| d34dh0r53 | #endmeeting | 15:38 |
| opendevmeet | Meeting ended Tue May 31 15:38:20 2022 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:38 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.html | 15:38 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.txt | 15:38 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-05-31-15.00.log.html | 15:38 |
| alistarle | Hello, in order to enhance a little bit the mapping in the federation system, we propose a patch to allow specify a JSON of project/role, coming directly from the IdP (like we do for the groups by example): https://review.opendev.org/c/openstack/keystone/+/844098 | 15:43 |
| alistarle | d34dh0r53 you seem to know well the federation, do you have any clue about this patch ? | 15:44 |
| d34dh0r53 | alistarle: I can look :) | 15:45 |
| aarents | d34dh0r53: thanks for having a look, FYI the change in mapped.py is mainly a move of the inner function because we reach the pep8 complex founction' | 15:48 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: [WIP] Fix document build https://review.opendev.org/c/openstack/keystone-specs/+/844100 | 15:49 |
| d34dh0r53 | aarents: ack, I was wondering about that | 15:49 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: [WIP] Fix document build https://review.opendev.org/c/openstack/keystone-specs/+/844100 | 16:21 |
| *** dviroel|lunch is now known as dviroel | 16:24 | |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: [WIP] Fix document build https://review.opendev.org/c/openstack/keystone-specs/+/844100 | 17:00 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: Disable auto-discovery for setuptools https://review.opendev.org/c/openstack/keystone-specs/+/839909 | 17:04 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: Update python testing template to latest version https://review.opendev.org/c/openstack/keystone-specs/+/839945 | 17:04 |
| opendevreview | Hiromu Asahina proposed openstack/keystone-specs master: OAuth 2.0 Mutual-TLS Support https://review.opendev.org/c/openstack/keystone-specs/+/843765 | 17:04 |
| opendevreview | Pedro Henrique Pereira Martins proposed openstack/keystoneauth master: Add OTP to v3OIDCpassword plugin https://review.opendev.org/c/openstack/keystoneauth/+/697348 | 17:31 |
| opendevreview | Pedro Henrique Pereira Martins proposed openstack/keystoneauth master: Add OTP to v3OIDCpassword plugin https://review.opendev.org/c/openstack/keystoneauth/+/697348 | 17:32 |
| *** dviroel is now known as dviroel|afk | 20:25 | |
| opendevreview | Ghanshyam proposed openstack/keystone-tempest-plugin master: Add stable/yoga jobs on master gate https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/838070 | 21:24 |
| opendevreview | Ghanshyam proposed openstack/keystone-tempest-plugin master: Update stable branches jobs on master gate https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/838070 | 23:50 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!