| opendevreview | Merged openstack/oslo.limit master: Fix new mypy errors https://review.opendev.org/c/openstack/oslo.limit/+/986558 | 11:55 |
|---|---|---|
| opendevreview | Merged openstack/oslo.limit master: tox: Use new constraints option https://review.opendev.org/c/openstack/oslo.limit/+/986400 | 12:28 |
| lajoskatona | Hi shall I ask a 2nd review round for my patch for LDAP pw expiry: https://review.opendev.org/c/openstack/keystone/+/976618 , thanks in advance | 14:41 |
| gtema | lajoskatona - you can always ask, whether you will get what you ask is sadly a different question | 14:54 |
| gtema | I leave a tab open in my browser | 14:55 |
| lajoskatona | gtema: thanks, I usually do the same :-) | 15:03 |
| d34dh0r53 | #startmeeting keystone | 15:07 |
| opendevmeet | Meeting started Wed Apr 29 15:07:20 2026 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:07 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:07 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:07 |
| d34dh0r53 | Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct | 15:07 |
| d34dh0r53 | #link https://openinfra.dev/legal/code-of-conduct | 15:07 |
| d34dh0r53 | #topic roll call | 15:07 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra | 15:08 |
| gtema | o/ | 15:08 |
| d34dh0r53 | o/ | 15:09 |
| blasseye | o/ | 15:09 |
| d34dh0r53 | #topic review past meeting work items | 15:10 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-04-15-15.06.html | 15:10 |
| d34dh0r53 | nothing to review, PTG was last week, anything to review from there? | 15:10 |
| gtema | nope | 15:11 |
| d34dh0r53 | #topic liaison updates | 15:11 |
| d34dh0r53 | nothing from me | 15:11 |
| gtema | neither on my side | 15:11 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza) | 15:11 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:11 |
| d34dh0r53 | 2026.1 Release Timeline | 15:12 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:12 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:12 |
| d34dh0r53 | not sure if dmendiza is around or not | 15:12 |
| gtema | you've missed a special treatment of dmendiza ;-) | 15:13 |
| d34dh0r53 | I did, here is YABDM (Yet Another Bespoke dmendiza mention) | 15:13 |
| d34dh0r53 | :) | 15:13 |
| gtema | apparently he is not around | 15:15 |
| d34dh0r53 | I know we talked about this at the PTG, well, removal of the legacy policies. It's not on the etherpad whether a decision was made or not | 15:16 |
| gtema | we ended up in +2 and -2 for re-adding protection tests as one part of the related topic | 15:17 |
| d34dh0r53 | I'm looking at that review now | 15:17 |
| d34dh0r53 | hmm, I see both sides. I'm leaning slightly in favor of moving and fixing the tests in KTP rather than here, but again it's a 50/50 call | 15:20 |
| gtema | I am not strong on that, I have no problem rather than seeing potential brain explosion with a yet another remote context | 15:20 |
| d34dh0r53 | indeed, that's my worry too, but at this point almost all of our testing is in that repo so people should know where to look | 15:21 |
| gtema | deal. But then we need to take this consideration when reviewing changes adding policy related unit tests (for vulnerabilities tests) | 15:22 |
| d34dh0r53 | agreed, a follow-on patch is mandatory | 15:22 |
| d34dh0r53 | next up | 15:23 |
| d34dh0r53 | #topic specification Secuirty Compliance Testing (dmendiza) | 15:23 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/devstack/+/957969 | 15:23 |
| d34dh0r53 | That's getting blocked by Software Factory on devstack :/ not sure what to do there | 15:24 |
| gtema | not really, there is also depends-on tempest | 15:24 |
| gtema | https://review.opendev.org/c/openstack/tempest/+/954029 | 15:24 |
| gtema | and that one is review -1 | 15:25 |
| d34dh0r53 | ahh, I missed that one | 15:26 |
| d34dh0r53 | Okay, I'll get someone to add release notes to that one so that we can get it merged | 15:27 |
| d34dh0r53 | moving on | 15:27 |
| d34dh0r53 | #topic keystone-rs | 15:27 |
| d34dh0r53 | #link https://github.com/openstack-experimental/keystone | 15:27 |
| gtema | not much happening this week since I am in the codegenerator (openstack-apis) madhouse | 15:28 |
| gtema | anyway polishing the code adding bit more docstrings and contrib guide | 15:28 |
| gtema | the mTLS is still on the desk as the next big thing | 15:28 |
| gtema | that's it for now, sadly | 15:30 |
| d34dh0r53 | ack, thanks | 15:32 |
| d34dh0r53 | #topic open discussion | 15:33 |
| gtema | nothing from me | 15:33 |
| d34dh0r53 | nor me | 15:33 |
| moutazchaara[m] | Only one patch from my side. Fixing ldap. | 15:34 |
| moutazchaara[m] | https://review.opendev.org/c/openstack/keystone/+/982913 | 15:34 |
| moutazchaara[m] | Not sure if we mentioned this in this meeting, i joined late | 15:35 |
| d34dh0r53 | Thanks moutaz.chaara , I'll take a look | 15:36 |
| d34dh0r53 | #topic bug review | 15:36 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:37 |
| moutazchaara[m] | thanks, it was already reviewed +2, but i discovred something else so i needed to push another commit .. | 15:37 |
| d34dh0r53 | 👍 | 15:37 |
| d34dh0r53 | some new bugs in keystone, not sure if we've gone over this first one yet | 15:37 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2148259 | 15:37 |
| d34dh0r53 | I think we have, looks like low hanging fruit if anyone wants to take a stab at it | 15:38 |
| d34dh0r53 | next up #link https://bugs.launchpad.net/keystone/+bug/2148599 | 15:38 |
| d34dh0r53 | This is what they asked for | 15:39 |
| d34dh0r53 | That's a reviewathon discussion | 15:42 |
| d34dh0r53 | next up | 15:42 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2148617 | 15:42 |
| gtema | so many bugs and so few time to keep the context of all of them | 15:43 |
| d34dh0r53 | I know | 15:43 |
| gtema | I still need to go back to security vuln bugs though | 15:44 |
| gtema | the openapi madhouse distructed me so heavily that I understood I have a brain overflow | 15:44 |
| d34dh0r53 | do you dream in json? | 15:45 |
| gtema | in jsonschemas, it is worse than just json | 15:45 |
| d34dh0r53 | lol | 15:45 |
| gtema | multi-level oneOf | 15:45 |
| opendevreview | Takashi Kajinami proposed openstack/keystone master: zuul: Use ansible variable to configure tempest plugins https://review.opendev.org/c/openstack/keystone/+/986680 | 15:46 |
| d34dh0r53 | this is an iteresting bug, but I agree with Boris it's a contrived example | 15:46 |
| d34dh0r53 | Going to set it to low | 15:46 |
| gtema | you mean the race one? | 15:46 |
| d34dh0r53 | yeah | 15:46 |
| gtema | well, no clue how to chace/fix those - python is not good for that | 15:47 |
| gtema | chase | 15:47 |
| d34dh0r53 | Yeah, if you want to run that many threads in Python you're on your own | 15:48 |
| d34dh0r53 | finally for keystone | 15:48 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2150088 | 15:48 |
| gtema | yeah, I've seen that and agree, but we need to address security vulns first in that area to not to produce merge conflicts | 15:49 |
| d34dh0r53 | indeed | 15:49 |
| d34dh0r53 | cool, that does it for keystone, moving on | 15:49 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:49 |
| d34dh0r53 | nothing new in python-keystoneclient | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | keystoneauth is goo | 15:50 |
| d34dh0r53 | *good | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | no new bugs in keystonemiddleware | 15:50 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:50 |
| d34dh0r53 | pycadf is good | 15:51 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:51 |
| d34dh0r53 | as is ldappool | 15:51 |
| d34dh0r53 | #topic conclusion | 15:51 |
| d34dh0r53 | Thanks folks! | 15:51 |
| gtema | thanks Dave, and have a nice long weekend | 15:51 |
| moutazchaara[m] | thanks | 15:52 |
| d34dh0r53 | Not for me :( Our day off is at the end of the month | 15:52 |
| d34dh0r53 | But you enjoy your long weekend | 15:52 |
| gtema | haven't you said no reviewathon this week? | 15:52 |
| gtema | May 1st - public holiday in many countries | 15:52 |
| d34dh0r53 | Oops, NO REVIEWATHON this week | 15:52 |
| d34dh0r53 | Public holiday | 15:52 |
| gtema | :) | 15:53 |
| d34dh0r53 | I just canceled the calendar invite as well | 15:53 |
| d34dh0r53 | Thanks for reminding me :) | 15:53 |
| gtema | you are welcome | 15:53 |
| d34dh0r53 | cheers! | 15:54 |
| d34dh0r53 | #endmeeting | 15:54 |
| opendevmeet | Meeting ended Wed Apr 29 15:54:10 2026 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:54 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-04-29-15.07.html | 15:54 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-04-29-15.07.txt | 15:54 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2026/keystone.2026-04-29-15.07.log.html | 15:54 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!