#openstack-keystone log

15:06:06 <d34dh0r53> #startmeeting keystone
15:06:06 <opendevmeet> Meeting started Wed Feb 12 15:06:06 2025 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:06:06 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:06:06 <opendevmeet> The meeting name has been set to 'keystone'
15:07:00 <d34dh0r53> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:07:11 <d34dh0r53> #link https://openinfra.dev/legal/code-of-conduct
15:07:21 <d34dh0r53> #topic roll call
15:07:26 <gtema> o/
15:07:34 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:07:49 <d34dh0r53> dmendiza
15:07:53 <d34dh0r53> o/
15:10:17 <d34dh0r53> #topic review past meeting work items
15:10:25 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-05-15.01.html
15:10:35 <d34dh0r53> no action items from our last meeting
15:10:44 <d34dh0r53> #topic liaison updates
15:10:54 <d34dh0r53> nothing from VMT or releases
15:11:52 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:12:10 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:12:14 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:12:18 <d34dh0r53> External OAuth 2.0 Specification
15:12:21 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:12:24 <d34dh0r53> OAuth 2.0 Implementation
15:12:26 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged)
15:12:29 <d34dh0r53> OAuth 2.0 Documentation
15:12:32 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:12:36 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:12:45 <d34dh0r53> no updates from me this week
15:13:23 <gtema> not directly related to that in particular, I started writing down ideas around oauth2/oidc/federation in https://gtema.github.io/posts/rethinking-openstack-auth-authz/
15:13:56 <d34dh0r53> oh cool, I'll give it a read
15:14:17 <gtema> I touched that aspect as well. I think generally idea with adding support for oauth2 for external auth is good, but not in that implementation - we need to flip it around and make keystone issue jwt that can be checked by middleware
15:14:33 <gtema> anyway - it is a working draft with many topics around
15:15:20 <d34dh0r53> thanks gtema
15:15:31 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:15:35 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:15:38 <d34dh0r53> 2024.1 Release Timeline
15:15:40 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:15:42 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:15:51 <d34dh0r53> dmendiza: are you around?
15:17:43 <d34dh0r53> guess not
15:17:45 <d34dh0r53> moving on
15:17:52 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:17:54 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:18:29 <gtema> not much from me this week. I finally got permissions on openstackdocstheme so that I can go on making api-ref builds
15:18:54 <gtema> other then that few changes are hanging around (I guess) from our intern. Will look later this week
15:19:12 <dmendiza[m]> 🙋
15:19:42 <d34dh0r53> ohai dmendiza !
15:21:40 <d34dh0r53> any updates on SRBAC dmendiza ?
15:21:57 <dmendiza[m]> Negative.
15:22:21 <dmendiza[m]> I think there's a pop-up meeting scheduled today.  Not sure if it'll actually happen.
15:23:30 <d34dh0r53> ack, thank you
15:23:51 <d34dh0r53> and thanks gtema let us know if/when there are more openapi things to review
15:23:54 <d34dh0r53> moving on
15:24:00 <d34dh0r53> 'v
15:24:02 <d34dh0r53> #topic specification domain manager (mhen)
15:24:05 <d34dh0r53> still unmerged are:
15:24:08 <d34dh0r53> documentation: https://review.opendev.org/c/openstack/keystone/+/928135
15:24:11 <d34dh0r53> tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222
15:24:23 <d34dh0r53> dmendiza: can you take a look at those?
15:24:40 <dmendiza[m]> ack, yeah, sorry, I've been slacking on gerrit reveiws
15:27:16 <d34dh0r53> no worries
15:27:21 <d34dh0r53> #topic specification Include bad password details in audit messages (stanislav-z)
15:27:24 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged)
15:27:27 <d34dh0r53> #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22
15:27:29 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/932423
15:27:32 <d34dh0r53> 5-Feb update: implementation to be updated to reflect merged spec state (WIP by @stanislav-z)
15:28:21 <stanislav-z> hi, no updates so far - didn't find the time yet to bring it to a proper state. will try in the following days/week
15:29:09 <d34dh0r53> ack, thank you Stanislav Zaprudskiy
15:29:14 <d34dh0r53> #topic open discussion
15:29:19 <d34dh0r53> nothing from me
15:29:36 <gtema> i don't have anything either
15:29:49 <d34dh0r53> ack, moving on
15:29:53 <d34dh0r53> #topic bug review
15:29:57 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:30:01 <d34dh0r53> one new bug in keystone
15:30:15 <d34dh0r53> #link https://bugs.launchpad.net/keystone/+bug/2097550
15:32:35 <d34dh0r53> we have quite a bit of flask-restful it looks like
15:33:27 <gtema> jfyi: I am currently working on "reimplementing" keystone in rust. We could actually combine this with addressing flask. I know how it sounds, so just fyi
15:34:19 <d34dh0r53> :) it may be the catalyst we need
15:34:30 <d34dh0r53> thanks gtema
15:34:58 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:35:03 <d34dh0r53> no new bugs in python-keystoneclient
15:35:12 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:35:26 <d34dh0r53> keystoneauth has no new bugs
15:35:31 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:35:47 <d34dh0r53> and keystonemiddleware is clean too
15:35:51 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:36:08 <d34dh0r53> nothing new in pycadf
15:36:10 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:36:15 <d34dh0r53> nor in ldappool
15:36:18 <d34dh0r53> #topic conclusion
15:36:33 <d34dh0r53> nothing from me today, thanks everyone
15:36:56 <gtema> thks Dave
15:38:17 <d34dh0r53> #endmeeting