Wednesday, 2025-02-26

« Tuesday, 2025-02-25 Index Thursday, 2025-02-27 »
*** mhen_ is now known as mhen02:59
gtemaDave Wilde (d34dh0r53): do you want me to lead the meeting or are you willing to do this for some time?15:03
gtemaapparently Dave is not here, then let's start15:05
gtema#startmeeting keystone15:05
opendevmeetMeeting started Wed Feb 26 15:05:20 2025 UTC and is due to finish in 60 minutes.  The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot.15:05
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:05
opendevmeetThe meeting name has been set to 'keystone'15:05
gtemaReminder: This meeting takes place under the OpenInfra Foundation Code of Conduct15:05
gtema    #link https://openinfra.dev/legal/code-of-conduct15:05
gtema#link https://openinfra.dev/legal/code-of-conduct15:05
gtema#topic roll call15:05
gtemaadmiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra15:05
d34dh0r53sorry, VPN outage knocked out my DNS :/15:06
d34dh0r53but I'll let you run it gtema ;)15:06
gtemano worry, I would also not mind you still doing that ;-)15:06
xeko/15:07
d34dh0r53ok, I can run it15:07
gtemapls, thanks15:07
d34dh0r53#topic review past meeting work items15:08
mheno/15:08
d34dh0r53#link thttps://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html15:08
d34dh0r53#undo15:08
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html15:08
d34dh0r53no action items from last week15:08
d34dh0r53#topic liaison updates15:09
d34dh0r53nothing from VMT or releases15:09
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:10
d34dh0r53External OAuth 2.0 Specification15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)15:10
d34dh0r53OAuth 2.0 Implementation15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged)15:10
d34dh0r53OAuth 2.0 Documentation15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)15:10
dmendiza[m]🙋‍♂️15:10
d34dh0r53no updates from me on this one, we're nearing a release so everyone is focusing on downstream right now, I'll have time for more upstream things next week15:11
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:11
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:11
d34dh0r532024.1 Release Timeline15:11
d34dh0r53Update oslo.policy in keystone to enforce_new_defaults=True15:12
d34dh0r53Update oslo.policy in keystone to enforce_scope=True15:12
d34dh0r53ohai dmendiza 15:12
d34dh0r53😊15:12
gtemasince we are few days before feature freeze we should decide whether 2024.1 timeline for RBAC is done for 2025.1 or not15:13
d34dh0r53yeah15:13
d34dh0r53dmendiza: thoughts?15:15
dmendiza[m]We're way behind the published timeline15:15
dmendiza[m]but yeah I can review and ping y'all after I think about it a bit15:15
gtemagreat. afaik FF is this Friday 15:16
d34dh0r53Yeah, FF is this Friday15:16
d34dh0r53next up15:17
d34dh0r53#topic specification OpenAPI support (gtema)15:17
d34dh0r53#link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone15:17
gtemanothing from me on that. Slightly behind the desired progress, but still we were able to cover majority of the resources already15:17
d34dh0r53ack, thanks gtema 15:18
d34dh0r53#topic specification domain manager (mhen)15:18
d34dh0r53documentation was merged15:18
d34dh0r53still unmerged are:15:18
d34dh0r53tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/92422215:18
mhenthanks for merging the docs!15:18
gtemaI left a second +2 there, so unless somebody else is able to review we can merge this remaining change15:19
d34dh0r53can we +W the tests?15:19
gtemai hear no objections, would say - let's go Dave Wilde (d34dh0r53) 15:20
d34dh0r53done15:20
d34dh0r53#topic specification Include bad password details in audit messages (stanislav-z)15:21
d34dh0r53#link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%2215:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged)15:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed)15:21
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/942084 (to be reviewed)15:21
d34dh0r5318-Feb update: the implementation has been updated to reflect the merged spec state15:21
stanislav-znothing to add, waiting for reviews :)15:22
gtemaI was not able to review on Friday. And also here - we are 2 days before FF, need to decide whether we try it or not15:22
d34dh0r53I think we're so close to FF we should wait to merge the code, the spec can merge and we'll get the code in after FF15:24
d34dh0r53Objections?15:24
gtemaI also tend for that, sadly no capacity to ensure we get it in15:25
stanislav-znp, sounds good15:25
gtemawhich means + half year delay for the feature15:25
gtemaI mean for the final release. But if you Stanislav Zaprudskiy is ok - let's plan it this way15:26
d34dh0r53yeah15:33
d34dh0r53#topic open discussion15:33
d34dh0r53Congratulations to the new PTL - gtema 🎉15:34
gtemalol, thanks15:34
xekCongrats!15:34
opendevreviewMerged openstack/keystone-specs master: Claim `Include invalid password details in audit messages`  https://review.opendev.org/c/openstack/keystone-specs/+/94208415:35
d34dh0r53Looking forward to the future15:35
d34dh0r53It should be interesting15:35
d34dh0r53any other open discussion topicsf/15:35
d34dh0r53?15:35
gtemanot from me15:35
gtemabut yeah - the future should be interesting15:36
gtemawe chatted a bit on Monday with knikolla and concluded there are quite a few things to become better15:36
d34dh0r53Yeah, I read through most of the scrollback on that conversation, lots of things to improve on15:37
d34dh0r53and good to see knikolla back at least a little bit15:37
gtemaindeed15:37
d34dh0r53#topic bug review15:39
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:39
d34dh0r53no new bugs for keystone15:39
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:39
d34dh0r53also no new bugs for python-keystoneclient15:39
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:39
d34dh0r53looks like we have a new bug for keystoneauth15:40
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bug/209966915:40
d34dh0r53v3oidcdeviceauthz does not work with Microsoft Entra Edit15:40
d34dh0r53* v3oidcdeviceauthz does not work with Microsoft Entra15:40
gtemaone of those things where I say it is all doomed15:41
gtemawhen certain IdP add mandatory fields to the previously established standard it is not going to work15:42
d34dh0r53Yeah15:43
gtemaanyway, I'll try to check at least the last part of the bug "verification_uri_complete"15:46
gtemait is indeed optional in the RFC15:46
d34dh0r53Yeah, they may have a malformed URL15:47
d34dh0r53ok, moving on15:47
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:47
d34dh0r53nothing new in keystonemiddleware15:47
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:47
d34dh0r53pycadf is good15:47
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:47
d34dh0r53no new bugs in ldappool15:48
d34dh0r53#topic conclusion15:48
d34dh0r53Thanks everyone! Have a great rest of your day!15:48
d34dh0r53#endmeeting15:48
d34dh0r53gtema: you may have to run #endmeeting as you started it15:49
gtemaok15:49
gtema#endmeeting15:49
opendevmeetMeeting ended Wed Feb 26 15:49:42 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:49
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-26-15.05.html15:49
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-26-15.05.txt15:49
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-26-15.05.log.html15:49
d34dh0r53Thanks15:49
gtemathk you guys and have a nice day, mine is nearly over15:50
cardoegtema: keekz's case is my case. I'd be happy to connect sometime and maybe we can make some future roadmap for keystone work?16:28
gtemaCardoe: PTG is exactly for that16:49
opendevreviewMerged openstack/keystonemiddleware master: reno: Update master for unmaintained/2023.1  https://review.opendev.org/c/openstack/keystonemiddleware/+/93596319:56
« Tuesday, 2025-02-25 Index Thursday, 2025-02-27 »

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!