| *** mhen_ is now known as mhen | 02:50 | |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 03:27 |
|---|---|---|
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 04:30 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 06:07 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 06:38 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 07:19 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 08:19 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 08:51 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 09:53 |
| opendevreview | Yaguang Tang proposed openstack/keystoneauth master: fix: correct oidc request error handling logic https://review.opendev.org/c/openstack/keystoneauth/+/941203 | 10:07 |
| opendevreview | Grzegorz Grasza proposed openstack/keystoneauth master: [WiP] External OAuth2.0 plugin https://review.opendev.org/c/openstack/keystoneauth/+/941082 | 11:13 |
| d34dh0r53 | #startmeeting keystone | 15:06 |
| opendevmeet | Meeting started Wed Feb 12 15:06:06 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:06 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:06 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:06 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:07 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:07 |
| d34dh0r53 | #topic roll call | 15:07 |
| gtema | o/ | 15:07 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:07 |
| d34dh0r53 | dmendiza | 15:07 |
| d34dh0r53 | o/ | 15:07 |
| d34dh0r53 | #topic review past meeting work items | 15:10 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-05-15.01.html | 15:10 |
| d34dh0r53 | no action items from our last meeting | 15:10 |
| d34dh0r53 | #topic liaison updates | 15:10 |
| d34dh0r53 | nothing from VMT or releases | 15:10 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:11 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:12 |
| d34dh0r53 | External OAuth 2.0 Specification | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) | 15:12 |
| d34dh0r53 | OAuth 2.0 Implementation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged) | 15:12 |
| d34dh0r53 | OAuth 2.0 Documentation | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) | 15:12 |
| d34dh0r53 | no updates from me this week | 15:12 |
| gtema | not directly related to that in particular, I started writing down ideas around oauth2/oidc/federation in https://gtema.github.io/posts/rethinking-openstack-auth-authz/ | 15:13 |
| d34dh0r53 | oh cool, I'll give it a read | 15:13 |
| gtema | I touched that aspect as well. I think generally idea with adding support for oauth2 for external auth is good, but not in that implementation - we need to flip it around and make keystone issue jwt that can be checked by middleware | 15:14 |
| gtema | anyway - it is a working draft with many topics around | 15:14 |
| d34dh0r53 | thanks gtema | 15:15 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:15 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:15 |
| d34dh0r53 | 2024.1 Release Timeline | 15:15 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:15 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:15 |
| d34dh0r53 | dmendiza: are you around? | 15:15 |
| d34dh0r53 | guess not | 15:17 |
| d34dh0r53 | moving on | 15:17 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:17 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:17 |
| gtema | not much from me this week. I finally got permissions on openstackdocstheme so that I can go on making api-ref builds | 15:18 |
| gtema | other then that few changes are hanging around (I guess) from our intern. Will look later this week | 15:18 |
| dmendiza[m] | 🙋 | 15:19 |
| d34dh0r53 | ohai dmendiza ! | 15:19 |
| d34dh0r53 | any updates on SRBAC dmendiza ? | 15:21 |
| dmendiza[m] | Negative. | 15:21 |
| dmendiza[m] | I think there's a pop-up meeting scheduled today. Not sure if it'll actually happen. | 15:22 |
| d34dh0r53 | ack, thank you | 15:23 |
| d34dh0r53 | and thanks gtema let us know if/when there are more openapi things to review | 15:23 |
| d34dh0r53 | moving on | 15:23 |
| d34dh0r53 | 'v | 15:24 |
| d34dh0r53 | #topic specification domain manager (mhen) | 15:24 |
| d34dh0r53 | still unmerged are: | 15:24 |
| d34dh0r53 | documentation: https://review.opendev.org/c/openstack/keystone/+/928135 | 15:24 |
| d34dh0r53 | tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222 | 15:24 |
| d34dh0r53 | dmendiza: can you take a look at those? | 15:24 |
| dmendiza[m] | ack, yeah, sorry, I've been slacking on gerrit reveiws | 15:24 |
| d34dh0r53 | no worries | 15:27 |
| d34dh0r53 | #topic specification Include bad password details in audit messages (stanislav-z) | 15:27 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged) | 15:27 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22 | 15:27 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/932423 | 15:27 |
| d34dh0r53 | 5-Feb update: implementation to be updated to reflect merged spec state (WIP by @stanislav-z) | 15:27 |
| stanislav-z | hi, no updates so far - didn't find the time yet to bring it to a proper state. will try in the following days/week | 15:28 |
| d34dh0r53 | ack, thank you Stanislav Zaprudskiy | 15:29 |
| d34dh0r53 | #topic open discussion | 15:29 |
| d34dh0r53 | nothing from me | 15:29 |
| gtema | i don't have anything either | 15:29 |
| d34dh0r53 | ack, moving on | 15:29 |
| d34dh0r53 | #topic bug review | 15:29 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:29 |
| d34dh0r53 | one new bug in keystone | 15:30 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2097550 | 15:30 |
| d34dh0r53 | we have quite a bit of flask-restful it looks like | 15:32 |
| gtema | jfyi: I am currently working on "reimplementing" keystone in rust. We could actually combine this with addressing flask. I know how it sounds, so just fyi | 15:33 |
| d34dh0r53 | :) it may be the catalyst we need | 15:34 |
| d34dh0r53 | thanks gtema | 15:34 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:34 |
| d34dh0r53 | no new bugs in python-keystoneclient | 15:35 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:35 |
| d34dh0r53 | keystoneauth has no new bugs | 15:35 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:35 |
| d34dh0r53 | and keystonemiddleware is clean too | 15:35 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:35 |
| d34dh0r53 | nothing new in pycadf | 15:36 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:36 |
| d34dh0r53 | nor in ldappool | 15:36 |
| d34dh0r53 | #topic conclusion | 15:36 |
| d34dh0r53 | nothing from me today, thanks everyone | 15:36 |
| gtema | thks Dave | 15:36 |
| d34dh0r53 | #endmeeting | 15:38 |
| opendevmeet | Meeting ended Wed Feb 12 15:38:17 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:38 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-12-15.06.html | 15:38 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-12-15.06.txt | 15:38 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-12-15.06.log.html | 15:38 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!