#openstack-keystone log

15:11:15 <d34dh0r53> #startmeeting keystone
15:11:15 <opendevmeet> Meeting started Wed Apr 24 15:11:15 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:11:15 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:11:15 <opendevmeet> The meeting name has been set to 'keystone'
15:11:27 <d34dh0r53> #topic roll call
15:11:32 <xek> o/
15:11:41 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:11:45 <d34dh0r53> o/
15:11:46 <gtema> o/
15:12:11 <dmendiza[m]> 🙋‍♂️
15:13:26 <d34dh0r53> #topic review past meeting work items
15:14:04 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-04-17-15.05.html
15:14:50 <d34dh0r53> I've started looking at where to add the known issues to the keystone docs, not sure what the best place for it is now, thinking User
15:17:15 <d34dh0r53> #action d34dh0r53 Look into adding/restoring a known issues section to our documentation
15:17:24 <d34dh0r53> wow, gremlins are real today
15:17:26 <dmendiza[m]> Does reno have a space for it?
15:18:55 <d34dh0r53> these are more global than reno known-issues which to me are per-release
15:19:40 <dmendiza[m]> Release notes just seems like the natural place to look for known issues
15:19:54 <dmendiza[m]> 🤷
15:21:16 <d34dh0r53> and then just carry them forward?
15:21:28 <dmendiza[m]> Yup, unless they get fixed
15:21:38 <JayF> Reno does have a "issues" section which maps to known issues https://docs.openstack.org/releasenotes/ironic/2024.1.html#known-issues
15:21:47 <JayF> at least in the way Ironic has it implemented
15:22:34 <d34dh0r53> ack, maybe I'll do it there then
15:23:05 <d34dh0r53> cool, thanks for the feedback
15:23:13 <d34dh0r53> next up
15:23:23 <d34dh0r53> #topic liaison updates
15:23:32 <d34dh0r53> nothing from VMT or releases
15:25:23 <d34dh0r53> moving on to specifications
15:25:42 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:25:55 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:25:57 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:25:59 <d34dh0r53> External OAuth 2.0 Specification
15:26:01 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554
15:26:03 <d34dh0r53> OAuth 2.0 Implementation
15:26:05 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:26:07 <d34dh0r53> OAuth 2.0 Documentation
15:26:09 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108
15:26:11 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104
15:26:53 <d34dh0r53> doesn't look like hiromu is around
15:27:01 <d34dh0r53> moving on
15:27:09 <d34dh0r53> #topic specification
15:27:13 <d34dh0r53> #undo
15:27:13 <opendevmeet> Removing item from minutes: #topic specification
15:27:37 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:27:50 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:27:52 <d34dh0r53> 2024.1 Release Timeline
15:27:52 <dmendiza[m]> 🙋‍♂️
15:27:54 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:27:56 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:27:58 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged)
15:28:00 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged)
15:28:02 <d34dh0r53> #link https://review.opendev.org/c/openstack/tempest/+/912489
15:28:06 <d34dh0r53> o/
15:28:59 <dmendiza[m]> Looks like that last tempest patch merged
15:29:01 <dmendiza[m]> 🎉
15:29:45 <dmendiza[m]> which means that all tempest test for Keystone are being run with SRBAC turned on for new tempest patches
15:31:05 <dmendiza[m]> We might be able to change the defaults for oslo.policy this cycle. 👀
15:33:36 <dmendiza[m]> d34dh0r53 got disconnected :(
15:33:40 <dmendiza[m]> #chair dmendiza[m]
15:34:36 <dmendiza[m]> Any questions RE: RBAC?
15:34:50 <dmendiza[m]> ... OK, moving on ...
15:35:01 <dmendiza[m]> #topic Improve federated users management (gtema)
15:35:16 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:35:49 <gtema> on friday there was one comment added to the spec, but it does not really help to move forward. Otherwise still waiting for useful reviews in the spec
15:38:47 <dmendiza[m]> haven't had a chance to read through it yet. 😅
15:39:00 <dmendiza[m]> but in general I am pro-swagger
15:39:11 <gtema> that was the other spec
15:39:18 <dmendiza[m]> oops wrong link
15:39:23 <dmendiza[m]> hmm ...
15:39:32 <gtema> for adding users projects mapping from external IDP
15:39:41 * dmendiza[m] is reading the agenda like a teleprompter
15:39:51 * dmendiza[m] I am dmendiza? 🤔
15:40:10 <gtema> do we have AI kicked in?
15:40:24 <dmendiza[m]> ok, bad copy pasta on my end
15:40:31 <dmendiza[m]> 🍝
15:40:37 <dmendiza[m]> #undo
15:40:41 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/748748
15:41:37 <dmendiza[m]> I think Grzegorz Grasza and d34dh0r53 were looking at this one ...
15:41:57 <gtema> right
15:42:00 <dmendiza[m]> I need to make some time to catch up on specs
15:42:28 <gtema> and as said one non-review comment has been added (only)
15:44:14 <dmendiza[m]> Ack, we'll discuss on video at this Friday's reviewathon.
15:44:39 <gtema> thks
15:45:08 <dmendiza[m]> #action Review https://review.opendev.org/c/openstack/keystone-specs/+/748748 at Reviewathon on 2024-04-26
15:46:01 <dmendiza[m]> #topic OpenAPI support (gtema)
15:46:15 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:46:25 <dmendiza[m]> OK, I am still pro-swagger
15:46:31 <gtema> great
15:46:42 <gtema> and here same - waiting for reviews ;-)
15:49:00 <dmendiza[m]> #action Review https://review.opendev.org/c/openstack/keystone-specs/+/910584 at Reviewathon on 2024-04-26
15:49:17 <gtema> thks
15:49:49 <dmendiza[m]> OK, moving on
15:49:56 <dmendiza[m]> #topic Open Discussion
15:50:05 <gtema> nothing from my side
15:59:50 <dmendiza[m]> OK, looks like we're done then
15:59:54 <dmendiza[m]> since we're almost out of time.
16:00:12 <dmendiza[m]> We'll review the bug boards next week.
16:00:15 <dmendiza[m]> #endmeeting
16:00:55 <dmendiza[m]> I guess the meetbot is not listening to me 😢
16:01:09 <dmendiza[m]> See y'all online.  Thanks for joining!
16:01:40 <xek> dmendiza Thanks!
16:02:31 <d34dh0r53> #endmeeting