#openstack-keystone log

15:04:29 <d34dh0r53> #startmeeting keystone
15:04:29 <opendevmeet> Meeting started Wed Aug 28 15:04:29 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:04:29 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:04:29 <opendevmeet> The meeting name has been set to 'keystone'
15:05:15 <d34dh0r53> there we go, the bot was slow
15:05:32 <xek> o/
15:05:32 <d34dh0r53> #topic roll call
15:05:33 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:05:35 <d34dh0r53> o/
15:05:36 <mhen> o/
15:05:40 <gtema> o/
15:06:23 <dmendiza[m]> 🙋‍♂️
15:07:12 <d34dh0r53> #topic review past meeting work items
15:07:44 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-21-15.00.html
15:07:58 <d34dh0r53> just one: dmendiza please review the updates to https://review.opendev.org/c/openstack/keystone/+/924132
15:08:11 <d34dh0r53> I workflowed that about 5 minutes ago
15:08:30 <dmendiza[m]> lgtm
15:08:47 <dmendiza[m]> thank you, mhen
15:08:57 <mhen> thanks dmendiza[m] for the review and the suggestions regarding simplifications due to role inheritance!
15:09:10 <gtema> thats awesome, thanks guys. We are right in time for the feature freeze
15:10:39 <d34dh0r53> Indeed, it's great that we got that merged, thank you all!
15:10:55 <d34dh0r53> well, almost merged 🤞
15:11:04 <d34dh0r53> next up
15:11:11 <d34dh0r53> #topic liaison updates
15:11:16 <d34dh0r53> nothing from VMT
15:11:38 <d34dh0r53> as mentioned we're coming up on feature freeze on Friday so any last things, now is the time :)
15:11:55 <d34dh0r53> that's it from Release Management
15:12:09 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:13:18 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:13:26 <d34dh0r53> t
15:13:26 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:13:42 <d34dh0r53> External OAuth 2.0 Specification
15:13:49 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:13:57 <d34dh0r53> OAuth 2.0 Implementation
15:14:04 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:14:08 <d34dh0r53> OAuth 2.0 Documentation
15:14:14 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:14:20 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:14:33 <d34dh0r53> no updates
15:14:35 <d34dh0r53> next up
15:14:51 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:14:55 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:14:58 <d34dh0r53> 2024.1 Release Timeline
15:15:03 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:15:08 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:15:11 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged)
15:15:15 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged)
15:15:20 <d34dh0r53> #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged)
15:16:34 <gtema> is anything open on srbac at all?
15:16:42 <gtema> feels like everything is completed
15:17:33 <dmendiza[m]> Not sure if we've tested with the new srbac defaults in oslo.policy?
15:19:04 <d34dh0r53> not sure either, sorry, my element timeline is really confused so I got lost
15:19:16 <gtema> aren't all the tempest tests everywhere doing that already since the change in oslo.policy merged?
15:20:12 <dmendiza[m]> Possibly?  ...  Depends on whether Keystone is overriding the oslo defaults or not (e.g. using set_default(...))
15:20:32 <gtema> hmm, ok
15:22:03 <d34dh0r53> Are we done with Phase 3 from the Governance doc?
15:23:14 <gtema> we even went further and implemented another persona ;-)
15:24:00 <gtema> btw, I think there is no much for project-manager in keystone. It is more for other services
15:25:10 <d34dh0r53> Yeah, I was just wondering because I didn't see anything about keystone in the tracking etherpad
15:25:27 <d34dh0r53> brb, I hate element
15:26:34 <d34dh0r53> back
15:27:18 <gtema> and everything is still here ;-) I think it is not the element with a problem but a oftc bridge
15:27:38 <d34dh0r53> It could be the bridge
15:27:57 <d34dh0r53> but element has some UX things that bother me, but in this case I do think it's the bridge
15:28:09 <gtema> indeed
15:28:56 <d34dh0r53> Ok, we should clean up the SRBAC speci section of the weekly etherpad then
15:29:08 <gtema> +1
15:29:14 <d34dh0r53> and perhaps remove it entirely
15:29:26 <d34dh0r53> dmendiza: can you take a stab at that?
15:30:16 <dmendiza[m]> ack
15:30:59 <d34dh0r53> #action dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad
15:31:02 <d34dh0r53> thanks!
15:31:04 <d34dh0r53> next up
15:31:26 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:31:30 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged)
15:31:34 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:31:39 <d34dh0r53> gtema: changes awaiting review
15:32:00 <d34dh0r53> I will review these today
15:32:09 <gtema> great, appreciate
15:36:01 <d34dh0r53> no problem
15:36:05 <d34dh0r53> next up
15:36:21 <d34dh0r53> #topic specification domain manager (mhen)
15:36:26 <d34dh0r53> #link https://review.opendev.org/q/topic:%22domain-manager%22
15:36:30 <d34dh0r53> keystone patchset adjusted according to Douglas' review, keystone-tempest-plugin aligned accordingly
15:37:11 <gtema> hopefully Zuul will not complain
15:37:54 <d34dh0r53> yeah, thanks again Grzegorz Grasza, dmendiza and mhen for getting this in before the deadline
15:38:06 <mhen> seconded, much appreciated!
15:39:39 <d34dh0r53> cool, there are some tests to merge but those should be easier to get in
15:39:55 <d34dh0r53> that does it for specifications
15:39:58 <d34dh0r53> next up
15:40:02 <d34dh0r53> #topic open discussion
15:40:10 <d34dh0r53> codebase renovation (gtema)
15:40:15 <d34dh0r53> #link https://review.opendev.org/q/topic:%22renovate%22+is:open
15:40:23 <d34dh0r53> I think these are all merged
15:40:36 <gtema> I see everything landed. Thanks a lot guys
15:41:17 <gtema> in the next cycle I will start working on getting rid of passkey
15:41:30 <gtema> passlib
15:41:53 <d34dh0r53> oh sweet, I was just looking at some replies on that
15:43:01 <d34dh0r53> it's not looking good upstream, the maintainer has disappeared again
15:43:27 <gtema> looking at growing amount of issues and deprecation in next py I am pretty convinced there is no way around dropping it
15:45:19 <d34dh0r53> someone on the thread mentioned #link https://github.com/frankie567/pwdlib
15:45:28 <gtema> yes, looking currently
15:46:23 <gtema> I just that if it doesn't offer compatibility with passlib we certanly should avoid exchanging apples with peaches
15:46:25 <d34dh0r53> I haven't looked into it much
15:46:38 <d34dh0r53> exactly
15:46:54 <gtema> it's not worth of introducing new dependency when native python core libs already do everything we need
15:50:05 <d34dh0r53> yeah, that's a goal for next cycle, and I'll add it to the PTG agenda
15:50:57 <gtema> good
15:51:17 <d34dh0r53> anything else for open discussion before we move on?
15:51:29 <gtema> not from me
15:52:02 <d34dh0r53> cool, moving on
15:52:11 <d34dh0r53> #topic bug review
15:52:17 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:52:22 <d34dh0r53> no new bugs for keystone
15:53:02 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:53:10 <d34dh0r53> nothing new for python-keystoneclient
15:53:16 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:53:30 <d34dh0r53> keystoneauth is good
15:53:38 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:53:55 <d34dh0r53> keystonemiddleware is also good
15:54:02 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:54:27 <d34dh0r53> pycadf is looking good
15:54:33 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:54:37 <d34dh0r53> so it ldappool
15:54:42 <d34dh0r53> #topic conclusion
15:55:08 <d34dh0r53> Thanks again for the fantastic effort in reviewing and merging things before the freeze
15:55:17 <d34dh0r53> It's very much appreciated!!
15:56:44 <d34dh0r53> The PTG is coming up, please start thinking about topics and we'll get them on the agenda.
15:57:36 <d34dh0r53> I've resubmitted my candidacy for PTL for Keystone, and am looking forward to another successful cycle
15:58:13 <gtema> :) it is a funny election cycle. All the typical PTLs submit patch in the last 1-2 days
15:59:51 <d34dh0r53> I know :) I think fungi nailed it
16:00:24 <d34dh0r53> anyways, that's all from me for this week, thanks again!!
16:00:30 <d34dh0r53> #endmeeting