15:02:12 #startmeeting keystone 15:02:12 Meeting started Wed Sep 4 15:02:12 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:02:12 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:02:12 The meeting name has been set to 'keystone' 15:02:36 o/ 15:02:43 #topic roll call 15:02:52 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:02:54 o/ 15:03:39 o/ 15:03:56 o/ 15:04:23 #topic review past meeting work items 15:05:02 #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-08-28-15.04.html 15:05:09 just one, for dmendiza 15:05:16 dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad 15:06:02 I did not do that 😅 15:06:37 Sorry, I am on a business trip, so not really here 15:08:47 no worries dmendiza or gtema (Artem Goncharov) 15:08:54 I'll re-add the action item 15:09:01 #action dmendiza clean up the SRBAC Specification section of the weekly meeting etherpad 15:09:09 #topic liaison updates 15:09:20 nothing from VMT 15:09:48 we're in feature freeze for dalmatian so bug fixes only 15:09:55 that's it for liaison updates 15:11:26 #topic specification OAuth 2.0 (hiromu) 15:11:29 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:11:34 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:11:37 External OAuth 2.0 Specification 15:11:45 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:11:47 OAuth 2.0 Implementation 15:11:55 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:11:56 OAuth 2.0 Documentation 15:12:02 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:12:06 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:12:22 next up 15:12:22 no updates 15:12:25 #topic specification Secure RBAC (dmendiza[m]) 15:12:34 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:12:40 2024.1 Release Timeline 15:12:44 Update oslo.policy in keystone to enforce_new_defaults=True 15:12:46 Update oslo.policy in keystone to enforce_scope=True 15:12:49 #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) 15:12:55 #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged) 15:13:02 #link https://review.opendev.org/c/openstack/tempest/+/912489 (Merged) 15:15:58 next up 15:16:04 #topic specification OpenAPI support (gtema) 15:16:07 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:16:12 gtema: changes awaiting review 15:16:47 I'll try to review these, had a couple of fires to put out last week 15:17:02 👍 15:18:25 next up 15:18:31 #topic specification domain manager (mhen) 15:18:35 #link https://review.opendev.org/q/topic:%22domain-manager%22 15:18:39 keystone patchset adjusted according to Douglas' review, keystone-tempest-plugin aligned accordingly 15:18:49 that is an old note 15:19:00 I replaced it but was too late ig 15:19:11 oops 15:19:24 tempest and keystone-tempest-plugin patchsets not merged yet 15:19:56 I've been wondering: how do the tempest tests relate to the release? 15:20:06 were you able to get anyone from the QE team to review? 15:20:09 do we have a deadline here as well? 15:21:15 No, tests for a feature that has already merged don't need to be held up by the FFE 15:21:21 *Feature Freeze (no E) 15:21:41 okay good 15:22:56 I haven't been able to reach out yet because I was busy with other stuff and haven't really figured out yet how or where to reach to exactly 15:24:03 I would do a ping in #openstack-qa asking for help with reviews on your tempest patch, once that is merged we can get the keystone-tempest-plugin one merged 15:24:37 d34dh0r53: alright, will do that, thanks for the hint about the IRC channel 15:26:22 👍️ and you're welcome 15:26:34 #topic open discussion 15:26:39 I don't have anything 15:28:32 small thing maybe 15:28:40 #topic bug review 15:28:44 #undo 15:28:44 Removing item from minutes: #topic bug review 15:28:50 go ahead mhen 15:30:05 would it be beneficial to have a guide on how to use the domain manager persona? e.g. how to create domain managers as an admin and as a domain manager how to manage resources in a domain? 15:30:13 if so, where would be the best place for this? 15:31:31 I think it would be very helpful, as for the best place I'm not sure, dmendiza might know for sure 15:32:07 maybe in the user guide 15:32:10 #link https://docs.openstack.org/keystone/2024.1/user/ 15:33:13 or here #link https://docs.openstack.org/operations-guide/ops-projects-users.html 15:33:35 That's probably a better place for it, it's more operational than user facing 15:34:42 or here #link https://docs.openstack.org/keystone/2024.1/admin/service-api-protection.html#domain-personas 15:35:37 I think the last one would not be intuitive if I were to put myself into a users/operators shoes and looking for documentation 15:35:39 managers are users though, 15:36:09 so the user guide makes the most sense to me 15:36:30 The last one is more like an overview of the very basics of main roles; plus it is already updated by the domain manager patchset 15:37:37 option 2 would also make sense 15:39:03 Yeah, I'm really not sure, so I'm fine with any of the three 15:39:38 strictly speaking, I think appointing domain managers as an admin would be part of 2 and usage of the domain manager persona by appointed users would be part of 1 15:40:28 Yeah, and the documentation of what they are in 3? 15:40:41 we already have 3 at home :) 15:40:49 it was part of the keystone patchset that we merged 15:40:54 if I'm not mistaken 15:41:26 https://review.opendev.org/c/openstack/keystone/+/924132/11/doc/source/admin/service-api-protection.rst 15:42:55 I'm looking at the old release :/ 15:43:49 Sorry for the confusion, yeah it's there 15:44:13 no worries :) 15:46:01 cool 15:46:07 ok, moving on 15:46:13 #topic bug review 15:46:23 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:46:27 no new bugs for keystone 15:46:36 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:46:42 python-keystoneclient is good 15:46:50 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:47:00 keystoneauth has a new bug that is in progress 15:47:16 #link https://bugs.launchpad.net/keystoneauth/+bug/2078437 15:48:02 There's a patch up here #link https://review.opendev.org/c/openstack/keystoneauth/+/927581 15:48:23 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:48:31 no new bugs for keystonemiddleware 15:48:36 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:48:46 pycadf is good 15:48:56 #link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=0 15:49:15 ldappool is also good 15:49:31 #topic conclusion 15:49:36 Nothing else from me, thanks all! 15:50:10 #endmeeting