Wednesday, 2025-03-12

opendevreviewmelanie witt proposed openstack/oslo.limit master: Call Keystone API once to get (registered_)limits  https://review.opendev.org/c/openstack/oslo.limit/+/94400000:19
*** mhen_ is now known as mhen02:44
*** whoami-rajat_ is now known as whoami-rajat13:55
d34dh0r53o/ sorry, running a bit late15:02
d34dh0r53#startmeeting keystone15:03
opendevmeetMeeting started Wed Mar 12 15:03:32 2025 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:03
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:03
opendevmeetThe meeting name has been set to 'keystone'15:03
d34dh0r53Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct15:03
d34dh0r53#link https://openinfra.dev/legal/code-of-conduct15:03
d34dh0r53#topic roll call15:03
gtemao/15:03
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra15:03
xeko/15:03
d34dh0r53superflous dmendiza ping15:04
dmendiza[m]much appreciated15:04
dmendiza[m]🙋‍♂️15:04
gtemayou have now DST in force, right?15:05
d34dh0r53😉15:05
d34dh0r53gtema: correct15:05
d34dh0r53this meeting is an hour later for those of us in NA15:06
mharley[m]o/15:06
d34dh0r53#topic review past meeting work items15:07
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-05-15.01.html15:07
d34dh0r53no action items from last week15:07
d34dh0r53#topic liaison updates15:07
d34dh0r53we're in feature freeze for Epoxy15:08
d34dh0r53Actually this week is RC115:09
d34dh0r53#topic specification OAuth 2.0 (hiromu)15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability15:10
d34dh0r53External OAuth 2.0 Specification15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)15:10
d34dh0r53OAuth 2.0 Implementation15:10
d34dh0r53#link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged)15:10
d34dh0r53OAuth 2.0 Documentation15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)15:10
d34dh0r53#link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)15:10
d34dh0r53no updates from me this week15:10
d34dh0r53'v15:10
d34dh0r53#topic specification Secure RBAC (dmendiza[m])15:10
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:10
d34dh0r532024.1 Release Timeline15:11
d34dh0r53Update oslo.policy in keystone to enforce_new_defaults=True15:11
d34dh0r53Update oslo.policy in keystone to enforce_scope=True15:11
dmendiza[m]Still no progress on this.  But definitely want to get this done in the new cycle.15:11
d34dh0r53ack15:13
d34dh0r53#topic specification OpenAPI support (gtema)15:13
d34dh0r53#link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone15:13
gtemadue to FF waiting for openstackdocstheme to be released after the branching completes15:14
d34dh0r53ack15:14
gtemastudents continue working on jsonschemas15:14
gtemanothing else15:14
d34dh0r53thanks gtema 15:14
d34dh0r53#topic specification Include bad password details in audit messages (stanislav-z)15:15
d34dh0r53#link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%2215:15
d34dh0r53#link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged)15:15
d34dh0r53#link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed)15:15
d34dh0r5311-Mar update: the implementation has been updated to incorporate the review feedback15:15
stanislav-zthanks for the reviews! I've updated the implementation to address them15:16
stanislav-z(hope it's visible ;) )15:16
gtemathanks Stanislav Zaprudskiy will check this Friday during reviewaton15:16
d34dh0r53Thanks Stanislav Zaprudskiy !15:18
d34dh0r53#topic open discussion15:18
d34dh0r53nothing from me15:18
gtemaI am playing around with implementing passkeys in rust keystone15:18
gtemaso far nothing to present, but conceptually I have lots of things covered, looks promising15:19
gtemawould require new endpoints and new db tables15:19
gtematesting it however pretty interesting (every platform is having dedicated libs)15:19
gtemanot really sure it is testable reasonably at all. It is anyway something close to the mess we have in the federation (oidc) testing15:20
d34dh0r53That's really interesting15:21
gtemait would be also possible to implement it in python keystone, but heavy work also on the cli is required to support this as well, not sure whether I will ever even look into tha15:22
gtemathat15:22
d34dh0r53yeah15:22
d34dh0r53I wouldn't do it in python without a very good reason to do so15:23
gtemacorrect :) - force everybody to jump at the Rust train by implementing new cool features only there ;-)15:23
d34dh0r53exactly :)15:24
d34dh0r53#topic bug review15:25
d34dh0r53'v15:25
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:25
d34dh0r53no new bugs for keystone15:26
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:26
d34dh0r53python-keystoneclient is good15:26
d34dh0r53maybe there will be a rust-keystoneclient section in here soon ;)15:26
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:27
gtema:)15:27
d34dh0r53keystoneauth is good15:27
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:27
d34dh0r53no new bugs in keystonemiddleware15:27
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:27
d34dh0r53pycadf is good15:28
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:28
d34dh0r53so is ldappool15:28
d34dh0r53#topic conclusion15:28
d34dh0r53Thanks everyone! Rooms are booked for the PTG15:28
d34dh0r53#link https://ptg.opendev.org/ptg.html15:29
d34dh0r53And the etherpad is here:15:29
d34dh0r53#link https://etherpad.opendev.org/p/apr2025-ptg-keystone15:29
gtemagreat, I will start adding few rusty things soon15:29
d34dh0r53awesome!15:29
d34dh0r53#endmeeting15:30
opendevmeetMeeting ended Wed Mar 12 15:30:41 2025 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:30
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.html15:30
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.txt15:30
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.log.html15:30
gtemathks guys, I think I will go further playing with passkeys15:31
-opendevstatus- NOTICE: One of our Zuul job log storage providers is experiencing errors. We have removed that storage target from base jobs. You should be able to safely recheck changes now.20:23

Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!