| *** mhen_ is now known as mhen | 01:32 | |
| opendevreview | Rafael Weingartner proposed openstack/keystone master: Keystone identity mapping to support project definition as a JSON https://review.opendev.org/c/openstack/keystone/+/742235 | 11:04 |
|---|---|---|
| opendevreview | Rafael Weingartner proposed openstack/keystone master: Keystone identity mapping to support project definition as a JSON https://review.opendev.org/c/openstack/keystone/+/742235 | 11:07 |
| opendevreview | Rafael Weingartner proposed openstack/keystone master: Fix federation mapping jsonschema https://review.opendev.org/c/openstack/keystone/+/915401 | 13:32 |
| d34dh0r53 | #startmeeting keystone | 15:10 |
| opendevmeet | Meeting started Wed Aug 13 15:10:26 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:10 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:10 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:10 |
| d34dh0r53 | o/ sorry, lost track of time | 15:10 |
| gtema | right, same do I | 15:10 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:11 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:11 |
| d34dh0r53 | #topic roll call | 15:11 |
| gtema | o/ | 15:11 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:11 |
| d34dh0r53 | dmendiza: o/ | 15:11 |
| d34dh0r53 | welcome back gtema | 15:11 |
| gtema | thks | 15:11 |
| d34dh0r53 | #topic review past meeting work items | 15:14 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-06-15.04.html | 15:14 |
| d34dh0r53 | one action item, dmendiza look into https://bugs.launchpad.net/keystone/+bug/2119091 | 15:15 |
| gtema | looks to me like a race condition since the change from where it was reported is now passing | 15:17 |
| d34dh0r53 | ahh, ok, I didn't look into it | 15:17 |
| d34dh0r53 | I'll re-add it to the action items, looks like dmendiza is AFK | 15:18 |
| d34dh0r53 | #action dmendiza look into https://bugs.launchpad.net/keystone/+bug/2119091 | 15:18 |
| d34dh0r53 | next up | 15:18 |
| d34dh0r53 | #topic liaison updates | 15:18 |
| d34dh0r53 | nothing from me | 15:18 |
| dmendiza[m] | 🙋♂️ | 15:19 |
| dmendiza[m] | Sorry, lost track of time | 15:19 |
| dmendiza[m] | Yes, bump it, will definitely look at this week. 😅 | 15:19 |
| d34dh0r53 | no worries, so did I :D | 15:19 |
| d34dh0r53 | 👍️ | 15:20 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:20 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:20 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:20 |
| d34dh0r53 | no updates | 15:20 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza) | 15:20 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:20 |
| d34dh0r53 | 2025.2 Release Timeline | 15:20 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:20 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:20 |
| d34dh0r53 | any updates on SRBAC dmendiza ? | 15:22 |
| dmendiza[m] | Negative ... I've been focused on the Security Compliance testing upstream | 15:23 |
| dmendiza[m] | I did submit a patch to turn on SRBAC by default on devstack | 15:23 |
| dmendiza[m] | but it failed as I somewhat expected | 15:23 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/devstack/+/956210 | 15:23 |
| gtema | so you found a place where it is overridden, nice | 15:25 |
| dmendiza[m] | That's it on my end, I'll look into the failures eventually. 😅 | 15:29 |
| d34dh0r53 | thanks dmendiza | 15:29 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:29 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:29 |
| gtema | #action gtema to look into https://bugs.launchpad.net/keystone/+bug/2119543 | 15:30 |
| gtema | nothing else | 15:30 |
| d34dh0r53 | cool, I was going to let you know about that bug | 15:30 |
| d34dh0r53 | #topic open discussion | 15:30 |
| d34dh0r53 | drencrom | 15:30 |
| d34dh0r53 | Review patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792 | 15:30 |
| d34dh0r53 | It is passing ldap tests with the devstack patches | 15:31 |
| d34dh0r53 | I've reviewed that one | 15:31 |
| gtema | I just update review-prio on devstack change to +2 | 15:31 |
| gtema | till that lands - ... | 15:32 |
| d34dh0r53 | yeah | 15:32 |
| d34dh0r53 | anything else for open discussion? | 15:34 |
| gtema | not from me | 15:34 |
| d34dh0r53 | cool | 15:35 |
| dmendiza[m] | Still working on the regex thing | 15:36 |
| d34dh0r53 | ack | 15:36 |
| d34dh0r53 | #topic bug review | 15:36 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:36 |
| d34dh0r53 | one new bug in keystone | 15:37 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2119991 | 15:37 |
| d34dh0r53 | looks like an easy fix | 15:39 |
| gtema | calling xmlsec as a subprocess from python looks to me itself like not a great idea in the first place | 15:40 |
| d34dh0r53 | yeah, there's that | 15:40 |
| d34dh0r53 | it's in the SAML code too which is pretty old | 15:42 |
| gtema | and the bug reports hints people do rely on it still | 15:43 |
| d34dh0r53 | I think that's from the ubuntu packager | 15:44 |
| gtema | ah, right | 15:45 |
| d34dh0r53 | we do have saml deployments though, so I know it's still being used | 15:47 |
| gtema | ok | 15:48 |
| d34dh0r53 | that's it for keystone | 15:48 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | nothing new in python-keystoneclient | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | keystoneauth is good | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | nothing new in keystonemiddleware | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | pycadf is good | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | so is ldappool | 15:50 |
| d34dh0r53 | #topic conclusion | 15:50 |
| d34dh0r53 | nothing else from me, thanks folks! | 15:50 |
| gtema | cool | 15:51 |
| d34dh0r53 | #endmeeting | 15:51 |
| opendevmeet | Meeting ended Wed Aug 13 15:51:14 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:51 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-13-15.10.html | 15:51 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-13-15.10.txt | 15:51 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-13-15.10.log.html | 15:51 |
| gtema | have a nice day folks | 15:52 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!