opendevreview | melanie witt proposed openstack/oslo.limit master: Call Keystone API once to get (registered_)limits https://review.opendev.org/c/openstack/oslo.limit/+/944000 | 00:19 |
---|---|---|
*** mhen_ is now known as mhen | 02:44 | |
*** whoami-rajat_ is now known as whoami-rajat | 13:55 | |
d34dh0r53 | o/ sorry, running a bit late | 15:02 |
d34dh0r53 | #startmeeting keystone | 15:03 |
opendevmeet | Meeting started Wed Mar 12 15:03:32 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:03 |
opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:03 |
opendevmeet | The meeting name has been set to 'keystone' | 15:03 |
d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:03 |
d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:03 |
d34dh0r53 | #topic roll call | 15:03 |
gtema | o/ | 15:03 |
d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:03 |
xek | o/ | 15:03 |
d34dh0r53 | superflous dmendiza ping | 15:04 |
dmendiza[m] | much appreciated | 15:04 |
dmendiza[m] | 🙋♂️ | 15:04 |
gtema | you have now DST in force, right? | 15:05 |
d34dh0r53 | 😉 | 15:05 |
d34dh0r53 | gtema: correct | 15:05 |
d34dh0r53 | this meeting is an hour later for those of us in NA | 15:06 |
mharley[m] | o/ | 15:06 |
d34dh0r53 | #topic review past meeting work items | 15:07 |
d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-05-15.01.html | 15:07 |
d34dh0r53 | no action items from last week | 15:07 |
d34dh0r53 | #topic liaison updates | 15:07 |
d34dh0r53 | we're in feature freeze for Epoxy | 15:08 |
d34dh0r53 | Actually this week is RC1 | 15:09 |
d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:10 |
d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:10 |
d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:10 |
d34dh0r53 | External OAuth 2.0 Specification | 15:10 |
d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) | 15:10 |
d34dh0r53 | OAuth 2.0 Implementation | 15:10 |
d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged) | 15:10 |
d34dh0r53 | OAuth 2.0 Documentation | 15:10 |
d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) | 15:10 |
d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) | 15:10 |
d34dh0r53 | no updates from me this week | 15:10 |
d34dh0r53 | 'v | 15:10 |
d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:10 |
d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:10 |
d34dh0r53 | 2024.1 Release Timeline | 15:11 |
d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:11 |
d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:11 |
dmendiza[m] | Still no progress on this. But definitely want to get this done in the new cycle. | 15:11 |
d34dh0r53 | ack | 15:13 |
d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:13 |
d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:13 |
gtema | due to FF waiting for openstackdocstheme to be released after the branching completes | 15:14 |
d34dh0r53 | ack | 15:14 |
gtema | students continue working on jsonschemas | 15:14 |
gtema | nothing else | 15:14 |
d34dh0r53 | thanks gtema | 15:14 |
d34dh0r53 | #topic specification Include bad password details in audit messages (stanislav-z) | 15:15 |
d34dh0r53 | #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22 | 15:15 |
d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged) | 15:15 |
d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed) | 15:15 |
d34dh0r53 | 11-Mar update: the implementation has been updated to incorporate the review feedback | 15:15 |
stanislav-z | thanks for the reviews! I've updated the implementation to address them | 15:16 |
stanislav-z | (hope it's visible ;) ) | 15:16 |
gtema | thanks Stanislav Zaprudskiy will check this Friday during reviewaton | 15:16 |
d34dh0r53 | Thanks Stanislav Zaprudskiy ! | 15:18 |
d34dh0r53 | #topic open discussion | 15:18 |
d34dh0r53 | nothing from me | 15:18 |
gtema | I am playing around with implementing passkeys in rust keystone | 15:18 |
gtema | so far nothing to present, but conceptually I have lots of things covered, looks promising | 15:19 |
gtema | would require new endpoints and new db tables | 15:19 |
gtema | testing it however pretty interesting (every platform is having dedicated libs) | 15:19 |
gtema | not really sure it is testable reasonably at all. It is anyway something close to the mess we have in the federation (oidc) testing | 15:20 |
d34dh0r53 | That's really interesting | 15:21 |
gtema | it would be also possible to implement it in python keystone, but heavy work also on the cli is required to support this as well, not sure whether I will ever even look into tha | 15:22 |
gtema | that | 15:22 |
d34dh0r53 | yeah | 15:22 |
d34dh0r53 | I wouldn't do it in python without a very good reason to do so | 15:23 |
gtema | correct :) - force everybody to jump at the Rust train by implementing new cool features only there ;-) | 15:23 |
d34dh0r53 | exactly :) | 15:24 |
d34dh0r53 | #topic bug review | 15:25 |
d34dh0r53 | 'v | 15:25 |
d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:25 |
d34dh0r53 | no new bugs for keystone | 15:26 |
d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:26 |
d34dh0r53 | python-keystoneclient is good | 15:26 |
d34dh0r53 | maybe there will be a rust-keystoneclient section in here soon ;) | 15:26 |
d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:27 |
gtema | :) | 15:27 |
d34dh0r53 | keystoneauth is good | 15:27 |
d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:27 |
d34dh0r53 | no new bugs in keystonemiddleware | 15:27 |
d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:27 |
d34dh0r53 | pycadf is good | 15:28 |
d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:28 |
d34dh0r53 | so is ldappool | 15:28 |
d34dh0r53 | #topic conclusion | 15:28 |
d34dh0r53 | Thanks everyone! Rooms are booked for the PTG | 15:28 |
d34dh0r53 | #link https://ptg.opendev.org/ptg.html | 15:29 |
d34dh0r53 | And the etherpad is here: | 15:29 |
d34dh0r53 | #link https://etherpad.opendev.org/p/apr2025-ptg-keystone | 15:29 |
gtema | great, I will start adding few rusty things soon | 15:29 |
d34dh0r53 | awesome! | 15:29 |
d34dh0r53 | #endmeeting | 15:30 |
opendevmeet | Meeting ended Wed Mar 12 15:30:41 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:30 |
opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.html | 15:30 |
opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.txt | 15:30 |
opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-12-15.03.log.html | 15:30 |
gtema | thks guys, I think I will go further playing with passkeys | 15:31 |
-opendevstatus- NOTICE: One of our Zuul job log storage providers is experiencing errors. We have removed that storage target from base jobs. You should be able to safely recheck changes now. | 20:23 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!