#openstack-keystone log

15:00:13 <d34dh0r53> #startmeeting keystone
15:00:13 <opendevmeet> Meeting started Wed Jan  3 15:00:13 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:13 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:13 <opendevmeet> The meeting name has been set to 'keystone'
15:00:21 <d34dh0r53> #topic roll call
15:00:30 <xek> o/
15:00:40 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley
15:00:55 <d34dh0r53> o/
15:01:58 <dmendiza[m]> 🙋
15:02:13 <d34dh0r53> #topic review past meeting work items
15:02:41 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2023/keystone.2023-12-20-15.01.html
15:02:55 <d34dh0r53> both are for me, and I don't have an update on either
15:03:09 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:03:21 <d34dh0r53> #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation
15:03:24 <d34dh0r53> next up
15:03:45 <d34dh0r53> #topic liaison updates
15:03:50 <d34dh0r53> nothing from release or VMT
15:04:50 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:05:05 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:05:07 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:05:09 <d34dh0r53> External OAuth 2.0 Specification
15:05:11 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:05:13 <d34dh0r53> OAuth 2.0 Implementation
15:05:15 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:05:17 <d34dh0r53> OAuth 2.0 Documentation
15:05:19 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:05:21 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:07:08 <d34dh0r53> doesn't look like hiromu is around today
15:07:34 <d34dh0r53> #topic Secure RBAC (dmendiza[m])
15:07:48 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:07:50 <d34dh0r53> 2024.1 Release Timeline
15:07:52 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:07:54 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:07:56 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730
15:09:30 <dmendiza[m]> 🙋
15:09:47 <dmendiza[m]> Yeah, so, I'm just getting back into the swing of things after the holiday break
15:09:55 <dmendiza[m]> Policy changes for Phase 1 are still in flight
15:10:18 <d34dh0r53> understood, I'm trying to remember the before times as well :)
15:10:20 <dmendiza[m]> I updated the patch you linked before the break
15:10:42 <dmendiza[m]> to change a few policies I missed that only had scope = ['system', 'domain']
15:10:42 <d34dh0r53> cool, I'll take a look at it today
15:10:49 <dmendiza[m]> so I added 'project' to those
15:11:00 <d34dh0r53> ok
15:11:00 <dmendiza[m]> and now I've still got to update the Tempest patch to account for those changes
15:11:17 <d34dh0r53> are they linked as dependent?
15:13:38 <dmendiza[m]> Yeah, the tempest patch depends on the Keystone one
15:13:39 <dmendiza[m]> give me a sec I'll get the link to that one
15:13:43 <d34dh0r53> cool
15:14:46 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713
15:16:20 <d34dh0r53> thanks dmendiza[m]
15:16:38 <d34dh0r53> #topic specification Add schema version and support to "domain" attribute in mapping rules (gtema)
15:16:49 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/748042 (merged)
15:16:51 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/739966
15:17:22 <gtema> I started testing the change of Rafael yesterday and found some issues, but we are definitely having progress on it
15:18:59 <d34dh0r53> excellent, thanks for the update gtema
15:19:08 <d34dh0r53> I'll take a look this week as well
15:19:28 <gtema> awesome
15:19:47 <d34dh0r53> #topic open discussion
15:19:56 <d34dh0r53> nothing on the agenda, anyone have anything?
15:21:51 <d34dh0r53> #topic bug review
15:22:18 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:22:26 <d34dh0r53> keystone has one new bug that has a review up
15:22:38 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2047641
15:23:31 <d34dh0r53> please review if you have the chance
15:23:35 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:23:51 <d34dh0r53> no bugs in python-keystoneclient
15:24:00 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:24:14 <d34dh0r53> nor in keystoneauth
15:24:25 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:24:54 <d34dh0r53> keystonemiddleware is clean
15:25:06 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:25:19 <d34dh0r53> pycadf is looking good
15:25:30 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:25:40 <d34dh0r53> as is ldappool
15:25:45 <d34dh0r53> #topic conclusion
15:25:47 <d34dh0r53> Happy
15:25:51 <d34dh0r53> New Year!
15:26:08 <d34dh0r53> My resolution this year is to learn where the enter key is
15:26:29 <d34dh0r53> Thanks for joining folks!
15:26:38 <d34dh0r53> Let me know if you need anything
15:26:41 <d34dh0r53> #endmeeting