#openstack-keystone: keystone

Meeting started by d34dh0r53 at 15:03:35 UTC (full logs).

Meeting summary

    1. https://openinfra.dev/legal/code-of-conduct (d34dh0r53, 15:03:51)

  2. roll call (d34dh0r53, 15:04:02)
  3. liaison updates (d34dh0r53, 15:06:46)
  4. specification OAuth 2.0 (hiromu) (d34dh0r53, 15:07:08)
    1. https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext (d34dh0r53, 15:07:17)
    2. https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability (d34dh0r53, 15:07:18)
    3. https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) (d34dh0r53, 15:07:19)
    4. https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (d34dh0r53, 15:07:26)
    5. https://review.opendev.org/c/openstack/keystone/+/838108 (merged) (d34dh0r53, 15:07:34)
    6. https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) (d34dh0r53, 15:07:38)

  5. specification Secure RBAC (dmendiza[m]) (d34dh0r53, 15:07:50)
    1. https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ (d34dh0r53, 15:07:52)

  6. specification OpenAPI support (gtema) (d34dh0r53, 15:09:22)
    1. https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone (d34dh0r53, 15:09:24)

  7. specification domain manager (mhen) (d34dh0r53, 15:13:51)
  8. specification Include bad password details in audit messages (stanislav-z) (d34dh0r53, 15:15:27)
    1. https://review.opendev.org/c/openstack/keystone-specs/+/915482 (d34dh0r53, 15:15:31)
    2. https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22 (d34dh0r53, 15:15:33)

  9. open discussion (d34dh0r53, 15:17:52)
    1. https://github.com/gtema/oslo.policy.opa (gtema, 15:18:09)
    2. https://bugs.launchpad.net/keystone/+bug/1914260 - I wanted to start working on this one. Especially for cases when resources are *deleted* (e.g. project, or user, etc), only their ID and typeURI are reported in audit events (under `target`) - which makes it difficult to handle cases e.g. when a real user comes and wants to know who deleted their resource, but all they have is the resource' name/project/domain - which is at (stanislav-z, 15:34:34)

  10. bug review (d34dh0r53, 15:42:39)
    1. https://bugs.launchpad.net/keystone/?orderby=-id&start=0 (d34dh0r53, 15:42:41)
    2. https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 (d34dh0r53, 15:42:54)
    3. https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 (d34dh0r53, 15:43:05)
    4. https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 (d34dh0r53, 15:43:17)
    5. https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 (d34dh0r53, 15:43:28)
    6. https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 (d34dh0r53, 15:43:37)

  11. conclusion (d34dh0r53, 15:43:45)


Meeting ended at 15:47:51 UTC (full logs).

Action items

  1. (none)


People present (lines said)

  1. d34dh0r53 (70)
  2. gtema (37)
  3. dmendiza[m] (7)
  4. stanislav-z (6)
  5. mharley[m] (5)
  6. opendevmeet (3)
  7. cardoe (3)
  8. xek (2)


Generated by MeetBot 0.1.4.