#openstack-keystone log

15:05:20 <gtema> #startmeeting keystone
15:05:20 <opendevmeet> Meeting started Wed Feb 26 15:05:20 2025 UTC and is due to finish in 60 minutes.  The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:05:20 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:05:20 <opendevmeet> The meeting name has been set to 'keystone'
15:05:31 <gtema> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:05:35 <gtema> #link https://openinfra.dev/legal/code-of-conduct
15:05:40 <gtema> #link https://openinfra.dev/legal/code-of-conduct
15:05:51 <gtema> #topic roll call
15:05:58 <gtema> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:06:07 <d34dh0r53> sorry, VPN outage knocked out my DNS :/
15:06:19 <d34dh0r53> but I'll let you run it gtema ;)
15:06:38 <gtema> no worry, I would also not mind you still doing that ;-)
15:07:03 <xek> o/
15:07:04 <d34dh0r53> ok, I can run it
15:07:06 <gtema> pls, thanks
15:08:08 <d34dh0r53> #topic review past meeting work items
15:08:12 <mhen> o/
15:08:24 <d34dh0r53> #link thttps://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html
15:08:31 <d34dh0r53> #undo
15:08:35 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html
15:08:56 <d34dh0r53> no action items from last week
15:09:03 <d34dh0r53> #topic liaison updates
15:09:10 <d34dh0r53> nothing from VMT or releases
15:10:24 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:10:28 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext
15:10:30 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability
15:10:32 <d34dh0r53> External OAuth 2.0 Specification
15:10:34 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged)
15:10:37 <d34dh0r53> OAuth 2.0 Implementation
15:10:39 <d34dh0r53> #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged)
15:10:41 <d34dh0r53> OAuth 2.0 Documentation
15:10:44 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged)
15:10:48 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged)
15:10:52 <dmendiza[m]> 🙋‍♂️
15:11:47 <d34dh0r53> no updates from me on this one, we're nearing a release so everyone is focusing on downstream right now, I'll have time for more upstream things next week
15:11:54 <d34dh0r53> #topic specification Secure RBAC (dmendiza[m])
15:11:57 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:11:59 <d34dh0r53> 2024.1 Release Timeline
15:12:01 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:12:04 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:12:11 <d34dh0r53> ohai dmendiza
15:12:27 <d34dh0r53> 😊
15:13:07 <gtema> since we are few days before feature freeze we should decide whether 2024.1 timeline for RBAC is done for 2025.1 or not
15:13:20 <d34dh0r53> yeah
15:15:11 <d34dh0r53> dmendiza: thoughts?
15:15:32 <dmendiza[m]> We're way behind the published timeline
15:15:43 <dmendiza[m]> but yeah I can review and ping y'all after I think about it a bit
15:16:15 <gtema> great. afaik FF is this Friday
15:16:58 <d34dh0r53> Yeah, FF is this Friday
15:17:11 <d34dh0r53> next up
15:17:14 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:17:18 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:17:53 <gtema> nothing from me on that. Slightly behind the desired progress, but still we were able to cover majority of the resources already
15:18:26 <d34dh0r53> ack, thanks gtema
15:18:30 <d34dh0r53> #topic specification domain manager (mhen)
15:18:33 <d34dh0r53> documentation was merged
15:18:36 <d34dh0r53> still unmerged are:
15:18:38 <d34dh0r53> tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222
15:18:57 <mhen> thanks for merging the docs!
15:19:16 <gtema> I left a second +2 there, so unless somebody else is able to review we can merge this remaining change
15:19:22 <d34dh0r53> can we +W the tests?
15:20:27 <gtema> i hear no objections, would say - let's go Dave Wilde (d34dh0r53)
15:20:43 <d34dh0r53> done
15:21:05 <d34dh0r53> #topic specification Include bad password details in audit messages (stanislav-z)
15:21:08 <d34dh0r53> #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22
15:21:10 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged)
15:21:13 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed)
15:21:15 <d34dh0r53> #link https://review.opendev.org/c/openstack/keystone-specs/+/942084 (to be reviewed)
15:21:17 <d34dh0r53> 18-Feb update: the implementation has been updated to reflect the merged spec state
15:22:05 <stanislav-z> nothing to add, waiting for reviews :)
15:22:30 <gtema> I was not able to review on Friday. And also here - we are 2 days before FF, need to decide whether we try it or not
15:24:40 <d34dh0r53> I think we're so close to FF we should wait to merge the code, the spec can merge and we'll get the code in after FF
15:24:49 <d34dh0r53> Objections?
15:25:24 <gtema> I also tend for that, sadly no capacity to ensure we get it in
15:25:47 <stanislav-z> np, sounds good
15:25:55 <gtema> which means + half year delay for the feature
15:26:25 <gtema> I mean for the final release. But if you Stanislav Zaprudskiy is ok - let's plan it this way
15:33:31 <d34dh0r53> yeah
15:33:40 <d34dh0r53> #topic open discussion
15:34:06 <d34dh0r53> Congratulations to the new PTL - gtema 🎉
15:34:14 <gtema> lol, thanks
15:34:21 <xek> Congrats!
15:35:08 <opendevreview> Merged openstack/keystone-specs master: Claim `Include invalid password details in audit messages`  https://review.opendev.org/c/openstack/keystone-specs/+/942084
15:35:23 <d34dh0r53> Looking forward to the future
15:35:32 <d34dh0r53> It should be interesting
15:35:45 <d34dh0r53> any other open discussion topicsf/
15:35:48 <d34dh0r53> ?
15:35:56 <gtema> not from me
15:36:11 <gtema> but yeah - the future should be interesting
15:36:55 <gtema> we chatted a bit on Monday with knikolla and concluded there are quite a few things to become better
15:37:25 <d34dh0r53> Yeah, I read through most of the scrollback on that conversation, lots of things to improve on
15:37:40 <d34dh0r53> and good to see knikolla back at least a little bit
15:37:47 <gtema> indeed
15:39:14 <d34dh0r53> #topic bug review
15:39:17 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:39:27 <d34dh0r53> no new bugs for keystone
15:39:31 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:39:42 <d34dh0r53> also no new bugs for python-keystoneclient
15:39:48 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:40:10 <d34dh0r53> looks like we have a new bug for keystoneauth
15:40:16 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bug/2099669
15:40:26 <d34dh0r53> v3oidcdeviceauthz does not work with Microsoft Entra Edit
15:40:46 <d34dh0r53> * v3oidcdeviceauthz does not work with Microsoft Entra
15:41:20 <gtema> one of those things where I say it is all doomed
15:42:03 <gtema> when certain IdP add mandatory fields to the previously established standard it is not going to work
15:43:04 <d34dh0r53> Yeah
15:46:06 <gtema> anyway, I'll try to check at least the last part of the bug "verification_uri_complete"
15:46:21 <gtema> it is indeed optional in the RFC
15:47:00 <d34dh0r53> Yeah, they may have a malformed URL
15:47:07 <d34dh0r53> ok, moving on
15:47:17 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:47:26 <d34dh0r53> nothing new in keystonemiddleware
15:47:34 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:47:52 <d34dh0r53> pycadf is good
15:47:55 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:48:03 <d34dh0r53> no new bugs in ldappool
15:48:07 <d34dh0r53> #topic conclusion
15:48:21 <d34dh0r53> Thanks everyone! Have a great rest of your day!
15:48:44 <d34dh0r53> #endmeeting
15:49:08 <d34dh0r53> gtema: you may have to run #endmeeting as you started it
15:49:39 <gtema> ok
15:49:42 <gtema> #endmeeting