| d34dh0r53 | #startmeeting keystone | 15:01 |
|---|---|---|
| opendevmeet | Meeting started Wed Nov 5 15:01:32 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:01 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:01 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:01 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:01 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:02 |
| d34dh0r53 | #topic roll call | 15:03 |
| gtema | o/ | 15:03 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:03 |
| d34dh0r53 | dmendiza: o/ | 15:03 |
| opendevreview | Tobias Urdin proposed openstack/keystone master: wip: Allow service user to get credential policies https://review.opendev.org/c/openstack/keystone/+/966189 | 15:04 |
| d34dh0r53 | #topic review past meeting work items | 15:07 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-10-15-15.03.html | 15:08 |
| gtema | on the working items - are we ready to send out ptg summary? | 15:09 |
| d34dh0r53 | Yeah, getting close | 15:10 |
| d34dh0r53 | the only action item was to plan a session with horizon which was done | 15:11 |
| d34dh0r53 | #topic liaison updates | 15:11 |
| d34dh0r53 | nothing from me | 15:11 |
| gtema | nothing special from me either | 15:11 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:13 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:13 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:13 |
| d34dh0r53 | no updates on this one | 15:13 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza) | 15:13 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:14 |
| d34dh0r53 | 2025.2 Release Timeline | 15:14 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:14 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:14 |
| gmaan | are those disable in keystone? | 15:14 |
| dmendiza[m] | 👋 | 15:14 |
| dmendiza[m] | Sorry, only half-here | 15:14 |
| dmendiza[m] | gmaan there's only one place where they are still set to false | 15:16 |
| gmaan | I think I removed but can you please give me link and I can check | 15:16 |
| dmendiza[m] | #link https://opendev.org/openstack/devstack/src/commit/f6d8dab0e885b8de8c0f44388d538da7d4f9b7ec/lib/keystone#L122 | 15:16 |
| gmaan | oh, for testing | 15:17 |
| dmendiza[m] | Yeah, all the gate jobs are running without it | 15:17 |
| dmendiza[m] | or most jobs anyway | 15:17 |
| gmaan | yes, I am working to enable the things at global level in devstack and also remove it if they are disable like in keystone devstack plugin | 15:17 |
| gmaan | because as per goal timeline, I am going to remove this config option 'enforce_scope' from oslo, 'enforce_new_defaults' will stay same | 15:18 |
| gmaan | and to remove that scope flag I need to cleanup those configurable bits from testing side also | 15:18 |
| gmaan | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#id5 | 15:19 |
| gmaan | this ^^ one basically. which we should have done in lthe ast cycle, but I am intentionally lazy in removing the things | 15:19 |
| gmaan | so I am thinking to do in this cycle if projects are ok. I will send it on ML also to get lazy consensus | 15:20 |
| gtema | next? | 15:25 |
| d34dh0r53 | Sorry | 15:26 |
| d34dh0r53 | Also, half | 15:26 |
| d34dh0r53 | here | 15:26 |
| d34dh0r53 | #topic specification Secuirty Compliance Testing (dmendiza) | 15:26 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/devstack/+/957969 | 15:26 |
| gmaan | Yeah have reviewed this series, devstack, tempest, keystone change long back and many times. One thing left and I am waiting is to add depends-on in keystone change so that we can see the result of new test and devstack change | 15:28 |
| gmaan | #link https://review.opendev.org/c/openstack/keystone/+/961726 | 15:28 |
| gmaan | i thin k I commented it many times in devstack as well as in keystone change | 15:28 |
| gmaan | but to merge the devstack, tempest change, we need keystone change to test it and green | 15:28 |
| gmaan | dmendiza[m]: if you are ok, can you or I can add this change as depends-on in keystone change #link https://review.opendev.org/c/openstack/tempest/+/954029 | 15:29 |
| gmaan | this tempest change add new test which will be running in keystone new job added in 961726 | 15:30 |
| gmaan | anyways we can move, I will update the keystone change | 15:32 |
| d34dh0r53 | thanks gmaan | 15:32 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:32 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone | 15:32 |
| gtema | I need a go on https://review.opendev.org/c/openstack/keystone/+/965939 | 15:32 |
| gtema | requirements and python dependency hell broke me AGAIN | 15:33 |
| gtema | so now we are again not able to render the openapi docs properly | 15:33 |
| gtema | I am ready to give up, this is taking much more energy than it is usable | 15:34 |
| gtema | the background for that fix is that I got a report on the rust cli repo for the invalid keystone schema, but the fix cannot be released since that job is now broken | 15:35 |
| gtema | thks Dave for review. That's it on the topic, we can move next | 15:36 |
| d34dh0r53 | cool, thanks | 15:36 |
| d34dh0r53 | #topic open discussion | 15:37 |
| d34dh0r53 | drencrom | 15:37 |
| d34dh0r53 | pep8 (mypy) is broken on 2024.2 branch (see for example https://zuul.opendev.org/t/openstack/build/2fdbd3164c8c4241a5a6edd1895f6d3c) | 15:37 |
| gtema | I removed this from agenda - this was fixed to release the fixes few days back | 15:37 |
| gtema | unfortunately I missed few minutes to land the fix on 2024.1 before it went unmaintained | 15:38 |
| gtema | and now the fix does not work on unmaintained/2024.1 due to other issues, so also here I gave up on trying to fix the world | 15:39 |
| d34dh0r53 | ahh, my copy hadn't updated | 15:41 |
| d34dh0r53 | odd issues with my system today, memory leak somewhere | 15:41 |
| d34dh0r53 | anything else for open discussion? | 15:42 |
| gtema | not from me. On Friday during review-a-ton we should discuss the way out of the token caching hell, I mean the bugs related to caching | 15:43 |
| d34dh0r53 | ack | 15:44 |
| d34dh0r53 | #topic bug review | 15:44 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:44 |
| d34dh0r53 | it doesn't look like we have any new bugs in keystone | 15:45 |
| gtema | right, the ones there are known | 15:45 |
| d34dh0r53 | yeah | 15:45 |
| d34dh0r53 | next up | 15:45 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:45 |
| d34dh0r53 | nothing new here | 15:45 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:47 |
| d34dh0r53 | no new bugs in keystoneauth either | 15:47 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:48 |
| d34dh0r53 | we do have a new bug in keystonemiddleware | 15:48 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bug/2130049 | 15:48 |
| gtema | a broken VMT process - nice | 15:49 |
| d34dh0r53 | indeed | 15:50 |
| gtema | we should than review the fix asap | 15:50 |
| opendevreview | Aarni Koskela proposed openstack/python-keystoneclient master: Remove `debtcollector` dependency https://review.opendev.org/c/openstack/python-keystoneclient/+/966199 | 15:50 |
| d34dh0r53 | yeah, for sure | 15:50 |
| d34dh0r53 | I'll review it today, Grzegorz Grasza , dmendiza can you please review https://review.opendev.org/c/openstack/keystonemiddleware/+/965170 as well | 15:52 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:52 |
| d34dh0r53 | no new bugs in pycadf | 15:53 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:53 |
| d34dh0r53 | and ldappool is also good | 15:53 |
| d34dh0r53 | #topic conclusion | 15:53 |
| d34dh0r53 | Thanks everyone, also thank you for the great PTG | 15:53 |
| gtema | indeed | 15:53 |
| d34dh0r53 | #endmeeting | 15:56 |
| opendevmeet | Meeting ended Wed Nov 5 15:56:01 2025 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:56 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-11-05-15.01.html | 15:56 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-11-05-15.01.txt | 15:56 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-11-05-15.01.log.html | 15:56 |
| gtema | thks Dave Wilde (d34dh0r53) | 15:57 |
Generated by irclog2html.py 4.0.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!