Friday, 2026-05-29

« Thursday, 2026-05-28 Index
fricklerxek: iiuc nothing will pass gate without https://review.opendev.org/c/openstack/keystone/+/989615 getting merged and backported05:14
frickleroh, well stable/2025.1 patches are green because the oidc job for some reason has been made non-voting there05:18
opendevreviewGrzegorz Grasza proposed openstack/keystone stable/2025.2: Fix project policy allowing unauthorized access to root domains  https://review.opendev.org/c/openstack/keystone/+/99061408:55
opendevreviewGrzegorz Grasza proposed openstack/keystone stable/2025.1: Fix project policy allowing unauthorized access to root domains  https://review.opendev.org/c/openstack/keystone/+/99061508:56
opendevreviewMerged openstack/keystone master: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/98961509:21
opendevreviewArtem Goncharov proposed openstack/keystone stable/2026.1: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/99061709:29
opendevreviewArtem Goncharov proposed openstack/keystone stable/2025.2: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/99061809:30
opendevreviewDr. Jens Harbott proposed openstack/keystone stable/2025.1: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/99062109:56
fricklertobias-urdin: ^^ I get a merge-conflict when I try to cherry-pick ^^ into 2024.1, maybe you have time to look into that?10:02
tobias-urdinfrickler: ack, thanks for notifying me about that one i will have a look but probably next week11:55
fricklergtema: xek: seems there are two more failing jobs for 2025.2, maybe missing some further backports? cf. https://review.opendev.org/c/openstack/keystone/+/99061812:04
blanson[m]Hello guys. I'm currently working on some patch for kolla-ansible keystone deployment, and I'm wondering what would be the recommendations for rotating (if at all) credential encryption keys  ? https://docs.openstack.org/keystone/latest/admin/credential-encryption.html does not mention rotation schedules, wo I'm wondering what could be a sane default ?  12:26
bbobrovblanson[m]: i don't think there is a fit-for-all answer. I would apply the requirements of your ogranization on technical/service password rotation.12:38
bbobrovfrickler: https://review.opendev.org/c/openstack/keystone/+/99063112:39
blanson[m]bbobrov: that's not for my, that's for a sensitive default values for kolla-ansible. would it make sense to rotate at all by default ? or are we better off just not rotating by default, and letting the user decide maybe ? 13:04
blanson[m]for my org*13:04
bbobrovblanson[m]: i'd go with letting the user decide with 14 days default.13:33
opendevreviewMerged openstack/keystone stable/2026.1: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/99061714:57
-opendevstatus- NOTICE: Gerrit will be restarted to pick up a bugfix in the replication plugin. You may notice a short outage of a few minutes.15:33
opendevreviewMathieu Gagné proposed openstack/keystone master: Remove leading space from operation path user policy  https://review.opendev.org/c/openstack/keystone/+/99057416:10
opendevreviewMerged openstack/keystone master: Enforce delegation project boundary for delegated tokens  https://review.opendev.org/c/openstack/keystone/+/99048517:34
opendevreviewMerged openstack/keystone stable/2025.1: Temporarily make grenade non-voting  https://review.opendev.org/c/openstack/keystone/+/99047617:34
opendevreviewMerged openstack/keystone stable/2025.1: Add audience mapper to devstack Keycloak client  https://review.opendev.org/c/openstack/keystone/+/99062117:35
-opendevstatus- NOTICE: The Gerrit service on review.opendev.org will be offline again monentarily while we restart for a configuration adjustment, but should return to service within a few minutes19:09
« Thursday, 2026-05-28 Index

Generated by irclog2html.py 4.1.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!