#openstack-keystone log

15:05:34 <d34dh0r53> #startmeeting keystone
15:05:34 <opendevmeet> Meeting started Wed Oct 30 15:05:34 2024 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:05:34 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:05:34 <opendevmeet> The meeting name has been set to 'keystone'
15:06:26 <d34dh0r53> o/
15:06:39 <xek> o/
15:06:45 <d34dh0r53> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:06:46 <d34dh0r53> #link https://openinfra.dev/legal/code-of-conduct
15:07:01 <d34dh0r53> v
15:07:09 <d34dh0r53> #topic roll call
15:07:27 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe
15:08:13 <cardoe> o/
15:08:53 <gtema> O/ but on travel
15:09:12 <d34dh0r53> #topic review past meeting work items
15:09:52 <d34dh0r53> no action items from our previous meeting, last week was PTG so we didn't have a weekly meeting
15:10:22 <d34dh0r53> Thanks everyone who attended and participated in the PTG, I felt like we had some very good sessions
15:10:50 <d34dh0r53> #topic liaison updates
15:11:05 <d34dh0r53> nothing from release or VMT at the moment
15:13:06 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:13:10 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:13:12 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:13:15 <d34dh0r53> External OAuth 2.0 Specification
15:13:18 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:13:21 <d34dh0r53> OAuth 2.0 Implementation
15:13:24 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls
15:13:27 <d34dh0r53> OAuth 2.0 Documentation
15:13:32 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:13:33 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:14:12 <d34dh0r53> no updates from me, I think I can allocate some time to rebase and resubmit the last remaining work for this one this week
15:14:19 <d34dh0r53> 'v
15:14:21 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:14:25 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:14:29 <d34dh0r53> 2024.1 Release Timeline
15:14:32 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:14:35 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:14:48 <d34dh0r53> we need to clean up this section of the etherpad dmendiza
15:17:18 <d34dh0r53> ok, moving on
15:17:22 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:17:24 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:17:28 <d34dh0r53> https://review.opendev.org/c/openstack/keystone/+/925020 could now also land to ease api-ref work
15:17:30 <d34dh0r53> gtema: api-ref work started
15:18:14 <gtema> Not many updates, but we need to decide whether OpenAPI or ruff should land first
15:18:37 <gtema> Because also I started wip work on pagination which conflicts lot with ruff reformat
15:20:13 <d34dh0r53> hmm, openapi then ruff is my thinking, but that's not based on much
15:21:27 <gtema> There are conflicts
15:22:52 <gtema> OpenAPI itself is huge amount of changes and not all are ready
15:22:52 <gtema> I would prefer landing ruff first
15:23:31 <d34dh0r53> ok, if ruff is actually easier to land first I'm all for it, I thought that since openapi was already well in progress it would be easier to land
15:24:35 <gtema> I can't check patches now, am walking to the train
15:25:29 <d34dh0r53> ok, no problem
15:25:50 <d34dh0r53> we can look at the ruff stuff during the reviewathon
15:26:10 <d34dh0r53> moving on
15:26:17 <d34dh0r53> #topic specification domain manager (mhen)
15:26:20 <d34dh0r53> still unmerged are:
15:26:24 <d34dh0r53> documentation: https://review.opendev.org/c/openstack/keystone/+/928135
15:26:26 <d34dh0r53> tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222
15:29:43 <d34dh0r53> no update from mhen_
15:29:46 <d34dh0r53> next up
15:29:52 <d34dh0r53> #topic specification Type annotations (stephenfin)
15:29:56 <d34dh0r53> #link https://review.opendev.org/q/project:openstack/keystoneauth+topic:typing
15:29:57 <d34dh0r53> This is just pending reviews now. I will push the remaining patches as soon as a sufficient quantity of the current ones land.
15:30:01 * d34dh0r53 needs to review these
15:31:07 <gtema> I'll try to review remaining from the train
15:32:06 <d34dh0r53> thank you gtema (Artem Goncharov)
15:32:10 <d34dh0r53> next up
15:32:31 <d34dh0r53> #topic specification Include bad password details in audit messages (stanislav-z)
15:32:33 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/915482
15:32:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/932423
15:32:38 <d34dh0r53> 30-Oct update: significant spec update including feedback during PTG. WIP implementation test are WIP.
15:33:00 <d34dh0r53> Thanks for the update Stanislav Zaprudskiy , I haven't yet had a chance to look it over but will
15:36:54 <d34dh0r53> moving on
15:36:54 <d34dh0r53> #topic open discussion
15:37:41 <gtema> You've seen first wip for pagination. Do we want spec first or just do it?
15:38:07 <gtema> Or not at all (but that would be rather bad ux)
15:38:34 <d34dh0r53> I think we should just do it, it shouldn't need a spec
15:38:43 <d34dh0r53> Not having it is really bad UX
15:39:27 <gtema> Ok, there I fix failing tests (because of changed functionality
15:39:57 <gtema> S/there/then
15:40:04 <d34dh0r53> ack, thank you!
15:41:23 <d34dh0r53> #topic bug review
15:41:26 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:41:31 <d34dh0r53> no new bugs for keystone
15:41:37 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:41:42 <d34dh0r53> python-keystoneclient is good
15:41:47 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:42:02 <d34dh0r53> nothing new in keystoneauth either
15:42:07 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:42:42 <d34dh0r53> keystonemiddleware is good, there is some low-hanging-fruit in this repo if anyone would like to contribute
15:42:49 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:42:57 <d34dh0r53> pycadf has no new bugs
15:43:01 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?ordterby=-id&start=0
15:43:07 <d34dh0r53> nor does ldappool
15:43:13 <d34dh0r53> #topic conclusion
15:43:36 <d34dh0r53> I don't have anything specific, thanks again for the PTG participation!
15:43:58 <d34dh0r53> #endmeeting