15:05:20 #startmeeting keystone 15:05:20 Meeting started Wed Feb 26 15:05:20 2025 UTC and is due to finish in 60 minutes. The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:20 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:20 The meeting name has been set to 'keystone' 15:05:31 Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct 15:05:35 #link https://openinfra.dev/legal/code-of-conduct 15:05:40 #link https://openinfra.dev/legal/code-of-conduct 15:05:51 #topic roll call 15:05:58 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra 15:06:07 sorry, VPN outage knocked out my DNS :/ 15:06:19 but I'll let you run it gtema ;) 15:06:38 no worry, I would also not mind you still doing that ;-) 15:07:03 o/ 15:07:04 ok, I can run it 15:07:06 pls, thanks 15:08:08 #topic review past meeting work items 15:08:12 o/ 15:08:24 #link thttps://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html 15:08:31 #undo 15:08:35 #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-02-19-15.02.html 15:08:56 no action items from last week 15:09:03 #topic liaison updates 15:09:10 nothing from VMT or releases 15:10:24 #topic specification OAuth 2.0 (hiromu) 15:10:28 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:10:30 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:10:32 External OAuth 2.0 Specification 15:10:34 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:10:37 OAuth 2.0 Implementation 15:10:39 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged) 15:10:41 OAuth 2.0 Documentation 15:10:44 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:10:48 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:10:52 🙋‍♂️ 15:11:47 no updates from me on this one, we're nearing a release so everyone is focusing on downstream right now, I'll have time for more upstream things next week 15:11:54 #topic specification Secure RBAC (dmendiza[m]) 15:11:57 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:11:59 2024.1 Release Timeline 15:12:01 Update oslo.policy in keystone to enforce_new_defaults=True 15:12:04 Update oslo.policy in keystone to enforce_scope=True 15:12:11 ohai dmendiza 15:12:27 😊 15:13:07 since we are few days before feature freeze we should decide whether 2024.1 timeline for RBAC is done for 2025.1 or not 15:13:20 yeah 15:15:11 dmendiza: thoughts? 15:15:32 We're way behind the published timeline 15:15:43 but yeah I can review and ping y'all after I think about it a bit 15:16:15 great. afaik FF is this Friday 15:16:58 Yeah, FF is this Friday 15:17:11 next up 15:17:14 #topic specification OpenAPI support (gtema) 15:17:18 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:17:53 nothing from me on that. Slightly behind the desired progress, but still we were able to cover majority of the resources already 15:18:26 ack, thanks gtema 15:18:30 #topic specification domain manager (mhen) 15:18:33 documentation was merged 15:18:36 still unmerged are: 15:18:38 tempest tests: https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/924222 15:18:57 thanks for merging the docs! 15:19:16 I left a second +2 there, so unless somebody else is able to review we can merge this remaining change 15:19:22 can we +W the tests? 15:20:27 i hear no objections, would say - let's go Dave Wilde (d34dh0r53) 15:20:43 done 15:21:05 #topic specification Include bad password details in audit messages (stanislav-z) 15:21:08 #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22 15:21:10 #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged) 15:21:13 #link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed) 15:21:15 #link https://review.opendev.org/c/openstack/keystone-specs/+/942084 (to be reviewed) 15:21:17 18-Feb update: the implementation has been updated to reflect the merged spec state 15:22:05 nothing to add, waiting for reviews :) 15:22:30 I was not able to review on Friday. And also here - we are 2 days before FF, need to decide whether we try it or not 15:24:40 I think we're so close to FF we should wait to merge the code, the spec can merge and we'll get the code in after FF 15:24:49 Objections? 15:25:24 I also tend for that, sadly no capacity to ensure we get it in 15:25:47 np, sounds good 15:25:55 which means + half year delay for the feature 15:26:25 I mean for the final release. But if you Stanislav Zaprudskiy is ok - let's plan it this way 15:33:31 yeah 15:33:40 #topic open discussion 15:34:06 Congratulations to the new PTL - gtema 🎉 15:34:14 lol, thanks 15:34:21 Congrats! 15:35:08 Merged openstack/keystone-specs master: Claim `Include invalid password details in audit messages` https://review.opendev.org/c/openstack/keystone-specs/+/942084 15:35:23 Looking forward to the future 15:35:32 It should be interesting 15:35:45 any other open discussion topicsf/ 15:35:48 ? 15:35:56 not from me 15:36:11 but yeah - the future should be interesting 15:36:55 we chatted a bit on Monday with knikolla and concluded there are quite a few things to become better 15:37:25 Yeah, I read through most of the scrollback on that conversation, lots of things to improve on 15:37:40 and good to see knikolla back at least a little bit 15:37:47 indeed 15:39:14 #topic bug review 15:39:17 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:39:27 no new bugs for keystone 15:39:31 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:39:42 also no new bugs for python-keystoneclient 15:39:48 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:40:10 looks like we have a new bug for keystoneauth 15:40:16 #link https://bugs.launchpad.net/keystoneauth/+bug/2099669 15:40:26 v3oidcdeviceauthz does not work with Microsoft Entra Edit 15:40:46 * v3oidcdeviceauthz does not work with Microsoft Entra 15:41:20 one of those things where I say it is all doomed 15:42:03 when certain IdP add mandatory fields to the previously established standard it is not going to work 15:43:04 Yeah 15:46:06 anyway, I'll try to check at least the last part of the bug "verification_uri_complete" 15:46:21 it is indeed optional in the RFC 15:47:00 Yeah, they may have a malformed URL 15:47:07 ok, moving on 15:47:17 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:47:26 nothing new in keystonemiddleware 15:47:34 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:47:52 pycadf is good 15:47:55 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:48:03 no new bugs in ldappool 15:48:07 #topic conclusion 15:48:21 Thanks everyone! Have a great rest of your day! 15:48:44 #endmeeting 15:49:08 gtema: you may have to run #endmeeting as you started it 15:49:39 ok 15:49:42 #endmeeting