15:02:12 <d34dh0r53> #startmeeting keystone
15:02:12 <opendevmeet> Meeting started Wed Sep  4 15:02:12 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:12 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:12 <opendevmeet> The meeting name has been set to 'keystone'
15:02:36 <xek> o/
15:02:43 <d34dh0r53> #topic roll call
15:02:52 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema
15:02:54 <mhen> o/
15:03:39 <d34dh0r53> o/
15:03:56 <mharley[m]> o/
15:04:23 <d34dh0r53> #topic review past meeting work items
15:05:02 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-28-15.04.html
15:05:09 <d34dh0r53> just one, for dmendiza
15:05:16 <d34dh0r53> dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad
15:06:02 <dmendiza[m]> I did not do that 😅
15:06:37 <gtema> Sorry, I am on a business trip, so not really here
15:08:47 <d34dh0r53> no worries dmendiza or gtema (Artem Goncharov)
15:08:54 <d34dh0r53> I'll re-add the action item
15:09:01 <d34dh0r53> #action dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad
15:09:09 <d34dh0r53> #topic liaison updates
15:09:20 <d34dh0r53> nothing from VMT
15:09:48 <d34dh0r53> we're in feature freeze for dalmatian so bug fixes only
15:09:55 <d34dh0r53> that's it for liaison updates
15:11:26 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:11:29 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:11:34 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:11:37 <d34dh0r53> External OAuth 2.0 Specification
15:11:45 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:11:47 <d34dh0r53> OAuth 2.0 Implementation
15:11:55 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:11:56 <d34dh0r53> OAuth 2.0 Documentation
15:12:02 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:12:06 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:12:22 <d34dh0r53> next up
15:12:22 <d34dh0r53> no updates
15:12:25 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:12:34 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:12:40 <d34dh0r53> 2024.1 Release Timeline
15:12:44 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:12:46 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:12:49 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged)
15:12:55 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged)
15:13:02 <d34dh0r53> #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged)
15:15:58 <d34dh0r53> next up
15:16:04 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:16:07 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:16:12 <d34dh0r53> gtema: changes awaiting review
15:16:47 <d34dh0r53> I'll try to review these, had a couple of fires to put out last week
15:17:02 <gtema> 👍
15:18:25 <d34dh0r53> next up
15:18:31 <d34dh0r53> #topic specification domain manager (mhen)
15:18:35 <d34dh0r53> #link https://review.opendev.org/q/topic:%22domain-manager%22
15:18:39 <d34dh0r53> keystone patchset adjusted according to Douglas' review, keystone-tempest-plugin aligned accordingly
15:18:49 <mhen> that is an old note
15:19:00 <mhen> I replaced it but was too late ig
15:19:11 <d34dh0r53> oops
15:19:24 <d34dh0r53> tempest and keystone-tempest-plugin patchsets not merged yet
15:19:56 <mhen> I've been wondering: how do the tempest tests relate to the release?
15:20:06 <d34dh0r53> were you able to get anyone from the QE team to review?
15:20:09 <mhen> do we have a deadline here as well?
15:21:15 <dmendiza[m]> No, tests for a feature that has already merged don't need to be held up by the FFE
15:21:21 <dmendiza[m]> *Feature Freeze (no E)
15:21:41 <mhen> okay good
15:22:56 <mhen> I haven't been able to reach out yet because I was busy with other stuff and haven't really figured out yet how or where to reach to exactly
15:24:03 <d34dh0r53> I would do a ping in #openstack-qa asking for help with reviews on your tempest patch, once that is merged we can get the keystone-tempest-plugin one merged
15:24:37 <mhen> d34dh0r53: alright, will do that, thanks for the hint about the IRC channel
15:26:22 <d34dh0r53> 👍️ and you're welcome
15:26:34 <d34dh0r53> #topic open discussion
15:26:39 <d34dh0r53> I don't have anything
15:28:32 <mhen> small thing maybe
15:28:40 <d34dh0r53> #topic bug review
15:28:44 <d34dh0r53> #undo
15:28:44 <opendevmeet> Removing item from minutes: #topic bug review
15:28:50 <d34dh0r53> go ahead mhen
15:30:05 <mhen> would it be beneficial to have a guide on how to use the domain manager persona? e.g. how to create domain managers as an admin and as a domain manager how to manage resources in a domain?
15:30:13 <mhen> if so, where would be the best place for this?
15:31:31 <d34dh0r53> I think it would be very helpful, as for the best place I'm not sure, dmendiza might know for sure
15:32:07 <d34dh0r53> maybe in the user guide
15:32:10 <d34dh0r53> #link https://docs.openstack.org/keystone/2024.1/user/
15:33:13 <d34dh0r53> or here #link https://docs.openstack.org/operations-guide/ops-projects-users.html
15:33:35 <d34dh0r53> That's probably a better place for it, it's more operational than user facing
15:34:42 <d34dh0r53> or here #link https://docs.openstack.org/keystone/2024.1/admin/service-api-protection.html#domain-personas
15:35:37 <mhen> I think the last one would not be intuitive if I were to put myself into a users/operators shoes and looking for documentation
15:35:39 <dmendiza[m]> managers are users though,
15:36:09 <dmendiza[m]> so the user guide makes the most sense to me
15:36:30 <mhen> The last one is more like an overview of the very basics of main roles; plus it is already updated by the domain manager patchset
15:37:37 <dmendiza[m]> option 2 would also make sense
15:39:03 <d34dh0r53> Yeah, I'm really not sure, so I'm fine with any of the three
15:39:38 <mhen> strictly speaking, I think appointing domain managers as an admin would be part of 2 and usage of the domain manager persona by appointed users would be part of 1
15:40:28 <d34dh0r53> Yeah, and the documentation of what they are in 3?
15:40:41 <mhen> we already have 3 at home :)
15:40:49 <mhen> it was part of the keystone patchset that we merged
15:40:54 <mhen> if I'm not mistaken
15:41:26 <mhen> https://review.opendev.org/c/openstack/keystone/+/924132/11/doc/source/admin/service-api-protection.rst
15:42:55 <d34dh0r53> I'm looking at the old release :/
15:43:49 <d34dh0r53> Sorry for the confusion, yeah it's there
15:44:13 <mhen> no worries :)
15:46:01 <d34dh0r53> cool
15:46:07 <d34dh0r53> ok, moving on
15:46:13 <d34dh0r53> #topic bug review
15:46:23 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:46:27 <d34dh0r53> no new bugs for keystone
15:46:36 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:46:42 <d34dh0r53> python-keystoneclient is good
15:46:50 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:47:00 <d34dh0r53> keystoneauth has a new bug that is in progress
15:47:16 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bug/2078437
15:48:02 <d34dh0r53> There's a patch up here #link https://review.opendev.org/c/openstack/keystoneauth/+/927581
15:48:23 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:48:31 <d34dh0r53> no new bugs for keystonemiddleware
15:48:36 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:48:46 <d34dh0r53> pycadf is good
15:48:56 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=0
15:49:15 <d34dh0r53> ldappool is also good
15:49:31 <d34dh0r53> #topic conclusion
15:49:36 <d34dh0r53> Nothing else from me, thanks all!
15:50:10 <d34dh0r53> #endmeeting