Wednesday, 2026-03-25

« Tuesday, 2026-03-24 Index Friday, 2026-03-27 »
opendevreviewBoris Bobrov proposed openstack/keystone master: Update last_active_at on app cred auth  https://review.opendev.org/c/openstack/keystone/+/98202900:28
opendevreviewBoris Bobrov proposed openstack/keystone master: Update last_active_at on app cred auth  https://review.opendev.org/c/openstack/keystone/+/97976300:30
opendevreviewOpenStack Proposal Bot proposed openstack/keystone master: Imported Translations from Zanata  https://review.opendev.org/c/openstack/keystone/+/97756304:17
*** zseguin_ is now known as zseguin06:11
d34dh0r53#startmeeting keystone15:04
opendevmeetMeeting started Wed Mar 25 15:04:15 2026 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.15:04
opendevmeetUseful Commands: #action #agreed #help #info #idea #link #topic #startvote.15:04
opendevmeetThe meeting name has been set to 'keystone'15:04
d34dh0r53Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct15:05
d34dh0r53#link https://openinfra.dev/legal/code-of-conduct15:05
d34dh0r53#topic roll call15:05
d34dh0r53admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra15:05
d34dh0r53#topic review past meeting work items15:05
d34dh0r53#undo15:05
opendevmeetRemoving item from minutes: #topic review past meeting work items15:05
d34dh0r53sorry, I'll leave some time for roll call15:06
d34dh0r53dmendiza 👋15:06
dmendiza[m]🙋 15:07
xeko/15:08
gtemao/15:08
d34dh0r53hi all :)15:09
d34dh0r53#topic review past meeting work items15:09
d34dh0r53#link https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-03-18-15.27.html15:09
d34dh0r53no action items from last week15:09
d34dh0r53#topic liaison updates15:09
d34dh0r53nothing from me15:09
gtemaneither from me15:09
d34dh0r53#topic specification Secure RBAC (dmendiza)15:10
d34dh0r53#link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_15:10
d34dh0r532026.1 Release Timeline15:10
d34dh0r53Update oslo.policy in keystone to enforce_new_defaults=True15:10
d34dh0r53Update oslo.policy in keystone to enforce_scope=True15:10
dmendiza[m]Not a whole lot of progress still... maybe we can make this a priority for HIbiscus?15:14
dmendiza[m]IIRC, gmaan was saying we should just burn it all to the ground and start over, lol15:15
gtemasounds great. With a statement like that I am for it - in the sense of saying the secure RBAC is wrong ;-)15:16
d34dh0r53lol15:17
d34dh0r53SSRBAC the first S is for Super15:17
gtemaneah, I rather say - go for the OpenPolicyAgent reimplementation for openstack with the policy agent talking directly to keystone to ask for necessary data15:18
gtemalinks to my zero-trust concept15:18
dmendiza[m]💯 OPA would be awesome15:19
dmendiza[m]but let's at least get rid of the legacy pre-SRBAC policies 15:19
gtemayeah15:19
d34dh0r53indeed, PTG topic for H?15:20
gtemalet's do15:20
d34dh0r53#link https://etherpad.opendev.org/p/apr2026-ptg-keystone15:21
dmendiza[m]Yeah, do we have an etherpad for the PTG yet?15:21
d34dh0r53btw15:21
dmendiza[m]ha, beat me to it15:21
gtemaI am lost in all those letters, so for me they mean nothing15:21
dmendiza[m]lol, PTG=Project Teams Gathering15:22
dmendiza[m]H=Hibiscus cycle15:22
d34dh0r53btw = by the way15:22
d34dh0r53moving on15:22
d34dh0r53#topic specification Secuirty Compliance Testing (dmendiza)15:22
gtemaare you trolling me?15:22
d34dh0r53#link https://review.opendev.org/c/openstack/devstack/+/95796915:22
d34dh0r53gtema: yes15:23
d34dh0r53:)15:23
dmendiza[m]XD15:24
d34dh0r53any updates on compliance testing dmendiza ?15:26
dmendiza[m]Nope, I need to sync with MIlana at some point to see if she's still going to work on this?15:27
d34dh0r53ack, thanks15:28
d34dh0r53#topic keystone-rs15:28
d34dh0r53#link https://github.com/openstack-experimental/keystone15:28
gtemaI spent one week of work, multiple kWh of energy to save some Wh of energy during compilation of the rs (bringing it down from 2min to 1min)15:29
gtemait costed me quote some gray hairs15:29
gtemabut now it it going much better and the laptop is not causing burn to the body15:31
d34dh0r53:) awesome15:31
gtemathere was also a distraction caused by openapi-core python package update that broke codegenerator and while fixiing it I spotted few issues crawled while it was not very nit-picky15:31
gtemaanyway - now I am back at implementing mTLS15:31
gtemaI promise15:31
gtema:)15:31
gtemalast week and this week was deep into the profiling compiler - it is not a fun15:32
gtemathat's it on the topic this week15:33
d34dh0r53👍️15:36
d34dh0r53#topic open discussion15:36
gtemaI do not have anything15:39
d34dh0r53cool, moving on15:39
d34dh0r53'v15:39
d34dh0r53#topic bug review15:39
d34dh0r53#link https://bugs.launchpad.net/keystone/?orderby=-id&start=015:39
d34dh0r53no new bugs for keystone15:39
d34dh0r53#link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=015:40
d34dh0r53nothing new for python-keystoneclient either15:40
d34dh0r53#link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=015:40
d34dh0r53keystoneauth is good15:40
d34dh0r53#link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=015:40
d34dh0r53so is keystonemiddleware15:41
d34dh0r53#link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=015:41
d34dh0r53no new bugs in pycadf15:41
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=015:41
d34dh0r53It looks like there was a bug in ldappool last week that I missed15:42
d34dh0r53bbobrov_ is working on it15:43
d34dh0r53#link https://bugs.launchpad.net/ldappool/+bug/214444015:43
d34dh0r53#topic conclusion15:44
d34dh0r53Thanks folks, PTG etherpad is up if you want to add anything15:44
d34dh0r53#link https://etherpad.opendev.org/p/apr2026-ptg-keystone15:44
gtemayupp, thanks Dave15:45
d34dh0r53#endmeeting15:46
opendevmeetMeeting ended Wed Mar 25 15:46:17 2026 UTC.  Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4)15:46
opendevmeetMinutes:        https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-03-25-15.04.html15:46
opendevmeetMinutes (text): https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-03-25-15.04.txt15:46
opendevmeetLog:            https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-03-25-15.04.log.html15:46
opendevreviewHarry Kominos proposed openstack/keystone master: [doc] Amend IDP list-idp example  https://review.opendev.org/c/openstack/keystone/+/97991017:31
opendevreviewBoris Bobrov proposed openstack/keystone master: Block app credential token rescoping  https://review.opendev.org/c/openstack/keystone/+/98217122:04
opendevreviewBoris Bobrov proposed openstack/keystone master: Include system scope in rescope guard  https://review.opendev.org/c/openstack/keystone/+/98217222:04
opendevreviewBoris Bobrov proposed openstack/keystone master: Block app credential token rescoping  https://review.opendev.org/c/openstack/keystone/+/98217122:05
opendevreviewBoris Bobrov proposed openstack/keystone master: Include system scope in rescope guard  https://review.opendev.org/c/openstack/keystone/+/98217222:05
opendevreviewBoris Bobrov proposed openstack/keystone master: Block app credential token rescoping  https://review.opendev.org/c/openstack/keystone/+/98217122:39
opendevreviewBoris Bobrov proposed openstack/keystone master: Include system scope in rescope guard  https://review.opendev.org/c/openstack/keystone/+/98217222:39
« Tuesday, 2026-03-24 Index Friday, 2026-03-27 »

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!