| frickler | fyi grenade for 2025.1 seems to be broken, I've asked in the qa channel how we should deal with this. likely making the job n-v as a workaround would be needed as short term solution. | 14:00 |
|---|---|---|
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Temporarily make grenade non-voting https://review.opendev.org/c/openstack/keystone/+/990476 | 14:39 |
| opendevreview | Elod Illes proposed openstack/keystone stable/2025.1: DNM: CI health with tempest workaround https://review.opendev.org/c/openstack/keystone/+/990478 | 14:46 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Temporarily make grenade non-voting https://review.opendev.org/c/openstack/keystone/+/990476 | 15:02 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990485 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990486 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990487 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990488 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990489 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2026.1: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990490 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2026.1: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990491 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2026.1: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990492 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2026.1: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990493 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2026.1: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990494 | 15:05 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.2: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990495 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.2: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990496 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.2: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990497 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.2: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990498 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.2: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990499 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990500 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990501 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990502 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990503 | 15:06 |
| opendevreview | Artem Goncharov proposed openstack/keystone stable/2025.1: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990504 | 15:06 |
| frickler | gtema: looks like there is a pep8 failure right at the bottom of the stack :( https://zuul.opendev.org/t/openstack/build/ebe0ccd76a5845eb97f0d16e8d7df121 | 15:58 |
| gtema | this is insane, but not unfamiliar failure - was dealing with it multiple times and still it squeezed through while I was running pep8 after every single commit and cherry-pick. git still has some rough ends | 16:00 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990485 | 16:02 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990486 | 16:02 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990487 | 16:02 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990488 | 16:02 |
| opendevreview | Artem Goncharov proposed openstack/keystone master: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990489 | 16:02 |
| frickler | seems the keystone-tempest-oidc-federation job is also broken in an unrelated way, oh my https://zuul.opendev.org/t/openstack/build/ea577e8e07da4d5fba368449e37d0334 | 16:32 |
| gtema | yes, there is https://review.opendev.org/c/openstack/keystone/+/989615 addressing that that just didn't merge yet | 16:33 |
| gtema | I pinged other cores, but with no luck. Can force-merge it myself though when necessary | 16:34 |
| frickler | gtema: oh, so that's only a devstack issue at least, good to know | 16:36 |
| frickler | oh, wait, that's the same failure I saw in my unmaintained backport yesterday. so iiuc that keycloak fix will need to be backported all the way back there ... | 17:02 |
| gtema | yes, I see this now also. | 17:02 |
| gtema | and another failure in pep8 is crazy, because it passes for me locally | 17:02 |
| gtema | this drives me so crazy | 17:02 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990485 | 19:41 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990486 | 19:41 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990487 | 19:41 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990488 | 19:41 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990489 | 19:41 |
| xek | gtema, looks like at least one of the pep8 issues was fixed in the second patch, so running pep8 against the whole set didn't catch that there was an issue on the first patch | 19:46 |
| gtema | I was running it after every single change. There is another issue with oep8 that bandit is failing while locally for me it passes | 19:52 |
| opendevreview | Mathieu Gagné proposed openstack/keystone master: Remove leading space from operation path user policy https://review.opendev.org/c/openstack/keystone/+/990574 | 21:08 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990485 | 21:18 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990489 | 21:30 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990487 | 21:31 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990486 | 21:33 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990487 | 21:33 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990488 | 21:33 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone master: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990489 | 21:34 |
| xek | ^ master patches should pass the gate now... | 21:54 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2026.1: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990490 | 21:57 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2026.1: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990491 | 21:57 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2026.1: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990492 | 21:57 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2026.1: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990493 | 21:57 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2026.1: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990494 | 21:57 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.2: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990495 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.2: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990496 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.2: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990497 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.2: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990498 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.2: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990499 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.1: Enforce delegation project boundary for delegated tokens https://review.opendev.org/c/openstack/keystone/+/990500 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.1: Fix user impersonation through application credentials (CVE-2026-42998) https://review.opendev.org/c/openstack/keystone/+/990501 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.1: Forbid trust operations using application credentials (CVE-2026-43000) https://review.opendev.org/c/openstack/keystone/+/990502 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.1: Preserve expires_at when rescoping federated tokens (CVE-2026-44394) https://review.opendev.org/c/openstack/keystone/+/990503 | 21:58 |
| opendevreview | Grzegorz Grasza proposed openstack/keystone stable/2025.1: Prevent RBAC policy bypass via JSON body and query filters (CVE-2026-42999) https://review.opendev.org/c/openstack/keystone/+/990504 | 21:58 |
Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!