15:00:46 #startmeeting keystone 15:00:46 Meeting started Wed Aug 21 15:00:46 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:46 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:46 The meeting name has been set to 'keystone' 15:01:00 #topic roll call 15:01:03 o/ 15:01:10 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:01:12 o/ 15:01:19 o/ 15:01:22 o/ 15:02:30 #topic review past meeting work items 15:02:32 o/ 15:02:37 #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-14-15.06.html 15:02:43 two work items 15:02:55 reviewathon look at updated https://review.opendev.org/c/openstack/keystone/+/924132 15:03:22 there wasn't a reviewathon last week, but I'd really like to get dmendiza to look at this one 15:04:48 #action dmendiza please review the updates to https://review.opendev.org/c/openstack/keystone/+/924132 15:04:51 next up 15:05:01 d34dh0r53 review https://review.opendev.org/c/openstack/keystone/+/924085 15:05:18 I have reviewed this and it's being gated now 15:05:28 :party: - thanks Dave 15:05:38 that does it for the review of last weeks work items 15:05:50 next up 15:05:53 #topic liaison updates 15:06:32 releases, milestone-3 is next week 15:07:17 nothing from vmt 15:07:37 that does it for liaison updates 15:07:49 #topic specification OAuth 2.0 (hiromu) 15:08:15 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:08:48 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:08:55 External OAuth 2.0 Specification 15:09:02 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:09:09 OAuth 2.0 Implementation 15:09:15 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:09:21 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:09:29 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:09:32 no updates from me on this one 15:09:36 next up 15:09:46 #topic specification Secure RBAC (dmendiza[m]) 15:09:54 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:10:00 2024.1 Release Timeline 15:10:07 Update oslo.policy in keystone to enforce_new_defaults=True 15:10:16 Update oslo.policy in keystone to enforce_scope=True 15:10:21 #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) 15:10:28 #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged) 15:10:34 #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged) 15:10:48 any updates dmendiza ? 15:12:23 doesn't look like dmendiza is around, moving on 15:12:40 #topic specification OpenAPI support (gtema) 15:12:43 #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged) 15:12:44 👋 15:12:46 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:12:47 hey, sorry, just catching up 15:12:52 oh hi :) 15:13:00 #undo 15:13:00 Removing item from minutes: #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:13:03 #undo 15:13:03 Removing item from minutes: #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 15:13:08 #undo 15:13:08 Removing item from minutes: #topic specification OpenAPI support (gtema) 15:13:08 Heh 15:13:21 the floor is yours :) 15:13:59 ... was out on PTO last week so not much progress since ... 15:14:16 Definitely going to look at the Domain Manager before the reviewathon 15:14:25 Thanks! 15:14:34 I want to set up a local env and do some manual testing 15:15:59 sounds good 15:17:27 #topic specification OpenAPI support (gtema) 15:17:36 #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged) 15:17:41 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:18:09 gtema: changes awaiting review 15:18:40 I desperately need reviews since otherwise we end up also here in a big dependency hell 15:18:56 ack, I'll review this week 15:19:06 already had last week few issues since the student supporting me accidentially re-pushed the wrong state 15:20:06 ok 15:21:11 #topic specification domain manager (mhen) 15:21:32 #link https://review.opendev.org/q/topic:%22domain-manager%22 15:21:36 keystone: releasenotes entry added 15:21:43 #link https://review.opendev.org/c/openstack/keystone/+/924132/9/releasenotes/notes/domain-manager-persona-7921587ce2fab4fd.yaml 15:22:35 is the format and content for the releasenotes okay like that? 15:22:51 test implementation for project manager now equals project member 15:22:57 (as discussed in the reviewathon, verify that manager in project scope does not receive any magic permissions accidentally) 15:23:04 keystone patchset has three open discussion threads from dmendiza 15:23:32 mhen - yes, it is ok 15:23:35 it looks good to me 15:24:08 dmendiza is going to test this and we can hopefully get this version merged quickly 15:24:10 alright, thanks for the feedback 15:25:41 thank you! 15:25:50 #topic open discussion 15:25:57 codebase renovation (gtema) 15:26:05 #link https://review.opendev.org/q/topic:%22renovate%22+is:open 15:26:29 once the mypy merges last change is moving of hacking under the pre-commit and I am done for now 15:26:40 sweet 15:26:48 mypy should merge in a bit 15:27:18 yes, and after that I rebase the hacking check since I see it is now in the merge conflict 15:27:44 btw thanks for merging the py312 fix 15:28:24 sure thing, we need a good review push to get everything in flight merged before the freeze 15:28:45 exactly 15:29:41 that brings us to the reviewathon, unfortunately we have to cancel this week again. Red Hat has a company wide recharge day on Friday so I'd like to ask that the cores try to review upstream as much as possible this week 15:30:16 would appreciate that 15:30:49 👍️ 15:30:58 anything else before we move on? 15:32:30 cool, moving on 15:32:36 #topic bug review 15:32:45 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:34:04 no new bugs for keystone 15:34:28 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:35:41 no new bugs for python-keystoneclient 15:35:53 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:35:58 keystoneauth is good 15:36:18 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:36:25 keystonemiddleware is also good 15:36:45 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:36:56 pycadf is fine 15:37:03 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:37:12 Dave Wilde (d34dh0r53): any news about that S3 token stuff? 15:37:46 mharley: no 15:37:55 Ok, thank you! 15:37:58 ldappool is good 15:38:51 I think fixing S3 is a good upstream Friday project for a security minded individual ;) 15:39:08 #topic conclusion 15:39:32 other than the canceling of the reviewathon on Friday I don't have anything 15:40:19 me neither 15:40:30 Thanks everyone! 15:40:39 #endmeeting