15:04:29 #startmeeting keystone 15:04:29 Meeting started Wed Aug 28 15:04:29 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:29 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:04:29 The meeting name has been set to 'keystone' 15:05:15 there we go, the bot was slow 15:05:32 o/ 15:05:32 #topic roll call 15:05:33 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:05:35 o/ 15:05:36 o/ 15:05:40 o/ 15:06:23 🙋‍♂️ 15:07:12 #topic review past meeting work items 15:07:44 #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-21-15.00.html 15:07:58 just one: dmendiza please review the updates to https://review.opendev.org/c/openstack/keystone/+/924132 15:08:11 I workflowed that about 5 minutes ago 15:08:30 lgtm 15:08:47 thank you, mhen 15:08:57 thanks dmendiza[m] for the review and the suggestions regarding simplifications due to role inheritance! 15:09:10 thats awesome, thanks guys. We are right in time for the feature freeze 15:10:39 Indeed, it's great that we got that merged, thank you all! 15:10:55 well, almost merged 🤞 15:11:04 next up 15:11:11 #topic liaison updates 15:11:16 nothing from VMT 15:11:38 as mentioned we're coming up on feature freeze on Friday so any last things, now is the time :) 15:11:55 that's it from Release Management 15:12:09 #topic specification OAuth 2.0 (hiromu) 15:13:18 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:13:26 t 15:13:26 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:13:42 External OAuth 2.0 Specification 15:13:49 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:13:57 OAuth 2.0 Implementation 15:14:04 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:14:08 OAuth 2.0 Documentation 15:14:14 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:14:20 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:14:33 no updates 15:14:35 next up 15:14:51 #topic specification Secure RBAC (dmendiza[m]) 15:14:55 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:14:58 2024.1 Release Timeline 15:15:03 Update oslo.policy in keystone to enforce_new_defaults=True 15:15:08 Update oslo.policy in keystone to enforce_scope=True 15:15:11 #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) 15:15:15 #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged) 15:15:20 #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged) 15:16:34 is anything open on srbac at all? 15:16:42 feels like everything is completed 15:17:33 Not sure if we've tested with the new srbac defaults in oslo.policy? 15:19:04 not sure either, sorry, my element timeline is really confused so I got lost 15:19:16 aren't all the tempest tests everywhere doing that already since the change in oslo.policy merged? 15:20:12 Possibly? ... Depends on whether Keystone is overriding the oslo defaults or not (e.g. using set_default(...)) 15:20:32 hmm, ok 15:22:03 Are we done with Phase 3 from the Governance doc? 15:23:14 we even went further and implemented another persona ;-) 15:24:00 btw, I think there is no much for project-manager in keystone. It is more for other services 15:25:10 Yeah, I was just wondering because I didn't see anything about keystone in the tracking etherpad 15:25:27 brb, I hate element 15:26:34 back 15:27:18 and everything is still here ;-) I think it is not the element with a problem but a oftc bridge 15:27:38 It could be the bridge 15:27:57 but element has some UX things that bother me, but in this case I do think it's the bridge 15:28:09 indeed 15:28:56 Ok, we should clean up the SRBAC speci section of the weekly etherpad then 15:29:08 +1 15:29:14 and perhaps remove it entirely 15:29:26 dmendiza: can you take a stab at that? 15:30:16 ack 15:30:59 #action dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad 15:31:02 thanks! 15:31:04 next up 15:31:26 #topic specification OpenAPI support (gtema) 15:31:30 #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 (merged) 15:31:34 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:31:39 gtema: changes awaiting review 15:32:00 I will review these today 15:32:09 great, appreciate 15:36:01 no problem 15:36:05 next up 15:36:21 #topic specification domain manager (mhen) 15:36:26 #link https://review.opendev.org/q/topic:%22domain-manager%22 15:36:30 keystone patchset adjusted according to Douglas' review, keystone-tempest-plugin aligned accordingly 15:37:11 hopefully Zuul will not complain 15:37:54 yeah, thanks again Grzegorz Grasza, dmendiza and mhen for getting this in before the deadline 15:38:06 seconded, much appreciated! 15:39:39 cool, there are some tests to merge but those should be easier to get in 15:39:55 that does it for specifications 15:39:58 next up 15:40:02 #topic open discussion 15:40:10 codebase renovation (gtema) 15:40:15 #link https://review.opendev.org/q/topic:%22renovate%22+is:open 15:40:23 I think these are all merged 15:40:36 I see everything landed. Thanks a lot guys 15:41:17 in the next cycle I will start working on getting rid of passkey 15:41:30 passlib 15:41:53 oh sweet, I was just looking at some replies on that 15:43:01 it's not looking good upstream, the maintainer has disappeared again 15:43:27 looking at growing amount of issues and deprecation in next py I am pretty convinced there is no way around dropping it 15:45:19 someone on the thread mentioned #link https://github.com/frankie567/pwdlib 15:45:28 yes, looking currently 15:46:23 I just that if it doesn't offer compatibility with passlib we certanly should avoid exchanging apples with peaches 15:46:25 I haven't looked into it much 15:46:38 exactly 15:46:54 it's not worth of introducing new dependency when native python core libs already do everything we need 15:50:05 yeah, that's a goal for next cycle, and I'll add it to the PTG agenda 15:50:57 good 15:51:17 anything else for open discussion before we move on? 15:51:29 not from me 15:52:02 cool, moving on 15:52:11 #topic bug review 15:52:17 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:52:22 no new bugs for keystone 15:53:02 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:53:10 nothing new for python-keystoneclient 15:53:16 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:53:30 keystoneauth is good 15:53:38 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:53:55 keystonemiddleware is also good 15:54:02 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:54:27 pycadf is looking good 15:54:33 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:54:37 so it ldappool 15:54:42 #topic conclusion 15:55:08 Thanks again for the fantastic effort in reviewing and merging things before the freeze 15:55:17 It's very much appreciated!! 15:56:44 The PTG is coming up, please start thinking about topics and we'll get them on the agenda. 15:57:36 I've resubmitted my candidacy for PTL for Keystone, and am looking forward to another successful cycle 15:58:13 :) it is a funny election cycle. All the typical PTLs submit patch in the last 1-2 days 15:59:51 I know :) I think fungi nailed it 16:00:24 anyways, that's all from me for this week, thanks again!! 16:00:30 #endmeeting