#openstack-keystone log

15:00:46 <d34dh0r53> #startmeeting keystone
15:00:46 <opendevmeet> Meeting started Wed Aug 21 15:00:46 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:46 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:46 <opendevmeet> The meeting name has been set to 'keystone'
15:01:00 <d34dh0r53> #topic roll call
15:01:03 <gtema> o/
15:01:10 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:01:12 <d34dh0r53> o/
15:01:19 <jph> o/
15:01:22 <xek> o/
15:02:30 <d34dh0r53> #topic review past meeting work items
15:02:32 <mhen> o/
15:02:37 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-14-15.06.html
15:02:43 <d34dh0r53> two work items
15:02:55 <d34dh0r53> reviewathon look at updated https://review.opendev.org/c/openstack/keystone/+/924132
15:03:22 <d34dh0r53> there wasn't a reviewathon last week, but I'd really like to get dmendiza to look at this one
15:04:48 <d34dh0r53> #action dmendiza please review the updates to https://review.opendev.org/c/openstack/keystone/+/924132
15:04:51 <d34dh0r53> next up
15:05:01 <d34dh0r53> d34dh0r53 review https://review.opendev.org/c/openstack/keystone/+/924085
15:05:18 <d34dh0r53> I have reviewed this and it's being gated now
15:05:28 <gtema> :party: - thanks Dave
15:05:38 <d34dh0r53> that does it for the review of last weeks work items
15:05:50 <d34dh0r53> next up
15:05:53 <d34dh0r53> #topic liaison updates
15:06:32 <d34dh0r53> releases, milestone-3 is next week
15:07:17 <d34dh0r53> nothing from vmt
15:07:37 <d34dh0r53> that does it for liaison updates
15:07:49 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:08:15 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:08:48 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:08:55 <d34dh0r53> External OAuth 2.0 Specification
15:09:02 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:09:09 <d34dh0r53> OAuth 2.0 Implementation
15:09:15 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:09:21 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:09:29 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:09:32 <d34dh0r53> no updates from me on this one
15:09:36 <d34dh0r53> next up
15:09:46 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:09:54 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:10:00 <d34dh0r53> 2024.1 Release Timeline
15:10:07 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:10:16 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:10:21 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged)
15:10:28 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged)
15:10:34 <d34dh0r53> #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged)
15:10:48 <d34dh0r53> any updates dmendiza ?
15:12:23 <d34dh0r53> doesn't look like dmendiza is around, moving on
15:12:40 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:12:43 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged)
15:12:44 <dmendiza[m]> 👋
15:12:46 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:12:47 <dmendiza[m]> hey, sorry, just catching up
15:12:52 <d34dh0r53> oh hi :)
15:13:00 <d34dh0r53> #undo
15:13:00 <opendevmeet> Removing item from minutes: #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:13:03 <d34dh0r53> #undo
15:13:03 <opendevmeet> Removing item from minutes: #link https://review.opendev.org/c/openstack/keystone-specs/+/910584
15:13:08 <d34dh0r53> #undo
15:13:08 <opendevmeet> Removing item from minutes: #topic specification OpenAPI support (gtema)
15:13:08 <dmendiza[m]> Heh
15:13:21 <d34dh0r53> the floor is yours :)
15:13:59 <dmendiza[m]> ... was out on PTO last week so not much progress since ...
15:14:16 <dmendiza[m]> Definitely going to look at the Domain Manager before the reviewathon
15:14:25 <d34dh0r53> Thanks!
15:14:34 <dmendiza[m]> I want to set up a local env and do some manual testing
15:15:59 <d34dh0r53> sounds good
15:17:27 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:17:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged)
15:17:41 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:18:09 <d34dh0r53> gtema: changes awaiting review
15:18:40 <gtema> I desperately need reviews since otherwise we end up also here in a big dependency hell
15:18:56 <d34dh0r53> ack, I'll review this week
15:19:06 <gtema> already had last week few issues since the student supporting me accidentially re-pushed the wrong state
15:20:06 <d34dh0r53> ok
15:21:11 <d34dh0r53> #topic specification domain manager (mhen)
15:21:32 <d34dh0r53> #link https://review.opendev.org/q/topic:%22domain-manager%22
15:21:36 <d34dh0r53> keystone: releasenotes entry added
15:21:43 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/924132/9/releasenotes/notes/domain-manager-persona-7921587ce2fab4fd.yaml
15:22:35 <mhen> is the format and content for the releasenotes okay like that?
15:22:51 <d34dh0r53> test implementation for project manager now equals project member
15:22:57 <d34dh0r53> (as discussed in the reviewathon, verify that manager in project scope does not receive any magic permissions accidentally)
15:23:04 <d34dh0r53> keystone patchset has three open discussion threads from dmendiza
15:23:32 <gtema> mhen - yes, it is ok
15:23:35 <d34dh0r53> it looks good to me
15:24:08 <d34dh0r53> dmendiza is going to test this and we can hopefully get this version merged quickly
15:24:10 <mhen> alright, thanks for the feedback
15:25:41 <d34dh0r53> thank you!
15:25:50 <d34dh0r53> #topic open discussion
15:25:57 <d34dh0r53> codebase renovation (gtema)
15:26:05 <d34dh0r53> #link https://review.opendev.org/q/topic:%22renovate%22+is:open
15:26:29 <gtema> once the mypy merges last change is moving of hacking under the pre-commit and I am done for now
15:26:40 <d34dh0r53> sweet
15:26:48 <d34dh0r53> mypy should merge in a bit
15:27:18 <gtema> yes, and after that I rebase the hacking check since I see it is now in the merge conflict
15:27:44 <gtema> btw thanks for merging the py312 fix
15:28:24 <d34dh0r53> sure thing, we need a good review push to get everything in flight merged before the freeze
15:28:45 <gtema> exactly
15:29:41 <d34dh0r53> that brings us to the reviewathon, unfortunately we have to cancel this week again.  Red Hat has a company wide recharge day on Friday so I'd like to ask that the cores try to review upstream as much as possible this week
15:30:16 <gtema> would appreciate that
15:30:49 <d34dh0r53> 👍️
15:30:58 <d34dh0r53> anything else before we move on?
15:32:30 <d34dh0r53> cool, moving on
15:32:36 <d34dh0r53> #topic bug review
15:32:45 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:34:04 <d34dh0r53> no new bugs for keystone
15:34:28 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:35:41 <d34dh0r53> no new bugs for python-keystoneclient
15:35:53 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:35:58 <d34dh0r53> keystoneauth is good
15:36:18 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:36:25 <d34dh0r53> keystonemiddleware is also good
15:36:45 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:36:56 <d34dh0r53> pycadf is fine
15:37:03 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:37:12 <mharley[m]> Dave Wilde (d34dh0r53): any news about that S3 token stuff?
15:37:46 <d34dh0r53> mharley: no
15:37:55 <mharley[m]> Ok, thank you!
15:37:58 <d34dh0r53> ldappool is good
15:38:51 <d34dh0r53> I think fixing S3 is a good upstream Friday project for a security minded individual ;)
15:39:08 <d34dh0r53> #topic conclusion
15:39:32 <d34dh0r53> other than the canceling of the reviewathon on Friday I don't have anything
15:40:19 <gtema> me neither
15:40:30 <d34dh0r53> Thanks everyone!
15:40:39 <d34dh0r53> #endmeeting