| *** mhen_ is now known as mhen | 01:17 | |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Ignore typing on the single import https://review.opendev.org/c/openstack/keystone/+/958665 | 14:51 |
|---|---|---|
| d34dh0r53 | #startmeeting keystone | 15:04 |
| opendevmeet | Meeting started Wed Aug 27 15:04:20 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:04 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:04 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:04 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:04 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:04 |
| d34dh0r53 | #topic roll call | 15:04 |
| gtema | o/ | 15:04 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:04 |
| d34dh0r53 | dmendiza: o/ | 15:04 |
| xek | o/ | 15:05 |
| dmendiza[m] | 🙋♂️ | 15:05 |
| d34dh0r53 | hi all | 15:06 |
| d34dh0r53 | #topic review past meeting work items | 15:06 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-20-15.02.html | 15:06 |
| d34dh0r53 | we have one, which I haven't got to yet | 15:06 |
| d34dh0r53 | dwilde/gtema add PTG topic about service account | 15:06 |
| gtema | and I found i my personal notes that we already talked about that last PTG | 15:07 |
| gtema | :) | 15:07 |
| d34dh0r53 | ahh, I do recall that | 15:07 |
| gtema | but we should do this again and agree. I will definitely implement some poc in the Rust side | 15:08 |
| d34dh0r53 | yeah, agreed | 15:08 |
| d34dh0r53 | #action dwilde/gtema add PTG topic about service account | 15:09 |
| d34dh0r53 | #topic liaison updates | 15:09 |
| gtema | nothing from me | 15:09 |
| d34dh0r53 | nor me | 15:09 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:10 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:10 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:10 |
| d34dh0r53 | no updates from me on this one | 15:10 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza) | 15:10 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:10 |
| d34dh0r53 | 2025.2 Release Timeline | 15:11 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:11 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:11 |
| dmendiza[m] | No updates this week, still haven't had a chance to look into the failures in the devstack patch | 15:12 |
| d34dh0r53 | ack, thanks dmendiza | 15:12 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:12 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:12 |
| gtema | maybe only a fix that was mentioned last week | 15:13 |
| gtema | https://review.opendev.org/c/openstack/keystone/+/957547 | 15:13 |
| gtema | one +2 and +W remaining | 15:13 |
| d34dh0r53 | I can take a look today | 15:14 |
| gtema | cool, thks | 15:14 |
| gtema | nothing else this week, busy also on other fronts | 15:14 |
| d34dh0r53 | thanks gtema | 15:14 |
| d34dh0r53 | #topic open discussion | 15:15 |
| d34dh0r53 | drencrom | 15:15 |
| d34dh0r53 | Patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792 | 15:15 |
| d34dh0r53 | Dependent bugs have been merged, needs a workflow vote | 15:15 |
| gtema | done | 15:15 |
| d34dh0r53 | beat me to it :) | 15:15 |
| d34dh0r53 | thanks drencrom | 15:15 |
| d34dh0r53 | #topic bug review | 15:16 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:16 |
| d34dh0r53 | looks like on new bug in keystone that is already being worked | 15:17 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2121152 | 15:17 |
| dmendiza[m] | 🙋♂️ | 15:17 |
| dmendiza[m] | I need to add the regex thing to the agenda | 15:17 |
| d34dh0r53 | okay, go ahead dmendiza | 15:18 |
| d34dh0r53 | #topic password regex testing | 15:18 |
| dmendiza[m] | I added a second patch as an alternative to the first one: | 15:18 |
| dmendiza[m] | #link https://review.opendev.org/c/openstack/devstack/+/957969 | 15:18 |
| dmendiza[m] | The main point of this patch is to change KEYSTONE_SECURITY_COMPLIANCE_ENABLED=False by default | 15:18 |
| dmendiza[m] | it makes things much easier, since we don't have to worry about every single devstack job out there having it turned on. | 15:19 |
| dmendiza[m] | It seems Sean Mooney is on board, but gmaan may need some convincing. | 15:19 |
| dmendiza[m] | It also adds a job to set it to True to test it, and we can override passwords just in that new job | 15:20 |
| dmendiza[m] | I will iterate on this to move the job into the Keystone repo instead of having it in devstack. | 15:20 |
| d34dh0r53 | Seems like a good compromise to me | 15:22 |
| dmendiza[m] | Yeah, if folks really want that enabled they can then opt-in and override passwords as necessary | 15:23 |
| dmendiza[m] | and we can still use a complex regex for testing | 15:23 |
| dmendiza[m] | That's it for this week on this topic | 15:24 |
| dmendiza[m] | I'll get it added to the agenda for next week. | 15:24 |
| d34dh0r53 | Thanks dmendiza | 15:24 |
| d34dh0r53 | back to bug review | 15:24 |
| d34dh0r53 | #topic bug review | 15:25 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:25 |
| d34dh0r53 | like I said there is one bug that's already being worked | 15:25 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2121152 | 15:25 |
| d34dh0r53 | I'll review the patch today | 15:27 |
| d34dh0r53 | that's it for keystone | 15:27 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:27 |
| d34dh0r53 | no new bugs in python-keystoneclient | 15:28 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:28 |
| d34dh0r53 | keystoneauth is good | 15:28 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:28 |
| d34dh0r53 | all clear or keystonemiddleware | 15:29 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:29 |
| d34dh0r53 | pycadf has no new bugs | 15:29 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:29 |
| d34dh0r53 | nor does ldappool | 15:29 |
| d34dh0r53 | #topic conclusion | 15:29 |
| d34dh0r53 | nothing else from me | 15:29 |
| gtema | https://review.opendev.org/c/openstack/keystone/+/958665 is gate unblocker for 2025.1 | 15:30 |
| gtema | oneliner | 15:30 |
| d34dh0r53 | thanks gtema , +2 from me | 15:30 |
| gtema | thks | 15:30 |
| d34dh0r53 | dmendiza, Grzegorz Grasza mind reviewing as well? | 15:31 |
| dmendiza[m] | Ack | 15:32 |
| d34dh0r53 | thanks! | 15:32 |
| d34dh0r53 | #endmeeting | 15:32 |
| opendevmeet | Meeting ended Wed Aug 27 15:32:23 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:32 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-27-15.04.html | 15:32 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-27-15.04.txt | 15:32 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-27-15.04.log.html | 15:32 |
| gtema | thks guys, have a nice day | 15:33 |
| gmaan | dmendiza[m]: ack, I will check it again. did not look into the sean reply | 16:57 |
| opendevreview | Merged openstack/keystone master: Fix AD nested groups issues https://review.opendev.org/c/openstack/keystone/+/951792 | 19:14 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!