#openstack-keystone log

15:03:40 <d34dh0r53> #startmeeting keystone
15:03:40 <opendevmeet> Meeting started Wed Jun 12 15:03:40 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:03:40 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:03:40 <opendevmeet> The meeting name has been set to 'keystone'
15:03:46 <d34dh0r53> o/
15:03:47 <xek> o/
15:03:48 <gtema> o/
15:03:53 <dmendiza[m]> 🙋‍♂️
15:03:55 <d34dh0r53> #topic roll call
15:04:05 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:04:18 <bbobrov> o/
15:04:37 <d34dh0r53> #topic review past meeting work items
15:05:09 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-06-05-15.08.html
15:05:16 <d34dh0r53> no action items from the last meeting
15:05:31 <d34dh0r53> #topic liaison updates
15:05:34 <d34dh0r53> nothing from me
15:06:02 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:06:17 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:06:27 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:06:34 <d34dh0r53> External OAuth 2.0 Specification
15:07:38 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:07:45 <d34dh0r53> OAuth 2.0 Implementation
15:08:02 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:08:12 <d34dh0r53> OAuth 2.0 Documentation
15:08:17 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:08:26 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:08:49 <d34dh0r53> I think just a few more need rebasing and then reviews, we'll get what's left merged and then close out this topic
15:08:56 <d34dh0r53> next up
15:09:09 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:09:18 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:09:29 <d34dh0r53> 2024.1 Release Timeline
15:09:29 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:09:29 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:09:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged)
15:09:44 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged)
15:09:51 <d34dh0r53> #link https://review.opendev.org/c/openstack/tempest/+/912489
15:10:05 <dmendiza[m]> I don't really have any updates since last week
15:10:17 <d34dh0r53> Thanks dmendiza
15:10:27 <d34dh0r53> next up
15:10:38 <d34dh0r53> #topic Improve federated users management (gtema)
15:10:45 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/920892
15:10:48 <d34dh0r53> ready for review
15:11:07 <gtema> right, implemented, tests are passing
15:11:25 <d34dh0r53> I need to review, thanks for this gtema (Artem Goncharov) !
15:11:53 <gtema> welcome. Tell me if I need to do something to speed this up. We really depend on that
15:12:41 <d34dh0r53> will do, Grzegorz Grasza, dmendiza please review
15:12:47 <d34dh0r53> next up
15:12:59 <d34dh0r53> #topic OpenAPI support (gtema)
15:13:08 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:13:14 <d34dh0r53> gtema: waiting for reviews
15:13:44 <gtema> in the light of previous topic I was poking with domain configurations and found another issue in docs
15:14:07 <gtema> so overall we need to get rid of human written api-refs ASAP and do everything through the code
15:14:28 <gtema> this is only possible when OpenAPI is being implemented ;-)
15:14:46 <d34dh0r53> 100% agree
15:16:17 <d34dh0r53> #topic open discussion
15:16:25 <d34dh0r53> passlib update
15:16:59 <d34dh0r53> I've proposed a patch to requirements
15:17:00 <d34dh0r53> #link https://review.opendev.org/c/openstack/requirements/+/921873
15:17:04 <d34dh0r53> please review
15:17:15 <d34dh0r53> there was also a bug filed against this issue
15:17:33 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2068879
15:17:51 <d34dh0r53> next up
15:18:02 <d34dh0r53> domain manager (mhen)
15:18:12 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/903172
15:18:18 <d34dh0r53> I think this just needs reviews
15:18:56 <gtema> yes, just final reviews
15:19:10 <d34dh0r53> next up
15:19:13 <d34dh0r53> domain list scoping fix (mhen)
15:19:20 <d34dh0r53> the main fix was merged a while ago: https://review.opendev.org/c/openstack/keystone/+/900028
15:19:27 <d34dh0r53> Q: is https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/900545 still applicable?
15:19:33 <d34dh0r53> I think we should merge this
15:19:40 <d34dh0r53> it would have been a necessary adjustment to the tempest tests after the above merge but tests have been restructured in the meantime (mentioned at PTG)
15:20:46 <d34dh0r53> anything else for open discussion before we move on?
15:21:35 <gtema> not from me
15:21:58 <d34dh0r53> cool, moving on
15:22:02 <d34dh0r53> #topic bug review
15:22:11 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:22:25 <d34dh0r53> I already linked the only new bug in keystone regarding the bcrypt/passlib problem
15:22:40 <d34dh0r53> I've submitted the patch to requirements and will update this bug
15:22:47 <d34dh0r53> next up
15:22:56 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:23:17 <d34dh0r53> no new bugs in python-keystoneclient
15:23:27 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:23:42 <d34dh0r53> keystoneauth is good
15:23:49 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:24:06 <d34dh0r53> keystonemiddleware is also good
15:24:09 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:24:25 <d34dh0r53> pycadf is clean
15:24:34 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:24:38 <d34dh0r53> as is ldappool
15:24:42 <d34dh0r53> #topic conclusion
15:25:00 <d34dh0r53> no meeting next week due to the US holiday
15:25:10 <d34dh0r53> Juneteenth
15:25:24 <d34dh0r53> that's all I've got, anything else?
15:25:53 <gtema> Juneteenth? ah you Americans ;-)
15:27:20 <d34dh0r53> :) we love our summer holidays
15:27:39 <d34dh0r53> thanks everyone!
15:27:43 <d34dh0r53> #endmeeting