15:03:32 #startmeeting keystone 15:03:32 Meeting started Wed Mar 12 15:03:32 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:03:32 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:03:32 The meeting name has been set to 'keystone' 15:03:35 Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct 15:03:38 #link https://openinfra.dev/legal/code-of-conduct 15:03:40 #topic roll call 15:03:49 o/ 15:03:50 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra 15:03:52 o/ 15:04:25 superflous dmendiza ping 15:04:50 much appreciated 15:04:52 🙋‍♂️ 15:05:30 you have now DST in force, right? 15:05:38 😉 15:05:47 gtema: correct 15:06:07 this meeting is an hour later for those of us in NA 15:06:17 o/ 15:07:08 #topic review past meeting work items 15:07:18 #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-03-05-15.01.html 15:07:31 no action items from last week 15:07:46 #topic liaison updates 15:08:23 we're in feature freeze for Epoxy 15:09:07 Actually this week is RC1 15:10:21 #topic specification OAuth 2.0 (hiromu) 15:10:24 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:10:25 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:10:27 External OAuth 2.0 Specification 15:10:30 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:10:32 OAuth 2.0 Implementation 15:10:34 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged) 15:10:36 OAuth 2.0 Documentation 15:10:38 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:10:41 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:10:49 no updates from me this week 15:10:53 'v 15:10:54 #topic specification Secure RBAC (dmendiza[m]) 15:10:58 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:11:00 2024.1 Release Timeline 15:11:05 Update oslo.policy in keystone to enforce_new_defaults=True 15:11:11 Update oslo.policy in keystone to enforce_scope=True 15:11:35 Still no progress on this. But definitely want to get this done in the new cycle. 15:13:35 ack 15:13:38 #topic specification OpenAPI support (gtema) 15:13:40 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:14:08 due to FF waiting for openstackdocstheme to be released after the branching completes 15:14:24 ack 15:14:28 students continue working on jsonschemas 15:14:47 nothing else 15:14:53 thanks gtema 15:15:00 #topic specification Include bad password details in audit messages (stanislav-z) 15:15:02 #link https://review.opendev.org/q/topic:%22pci-dss-invalid-password-reporting%22 15:15:05 #link https://review.opendev.org/c/openstack/keystone-specs/+/915482 (merged) 15:15:09 #link https://review.opendev.org/c/openstack/keystone/+/932423 (to be reviewed) 15:15:12 11-Mar update: the implementation has been updated to incorporate the review feedback 15:16:03 thanks for the reviews! I've updated the implementation to address them 15:16:18 (hope it's visible ;) ) 15:16:27 thanks Stanislav Zaprudskiy will check this Friday during reviewaton 15:18:24 Thanks Stanislav Zaprudskiy ! 15:18:28 #topic open discussion 15:18:34 nothing from me 15:18:53 I am playing around with implementing passkeys in rust keystone 15:19:11 so far nothing to present, but conceptually I have lots of things covered, looks promising 15:19:25 would require new endpoints and new db tables 15:19:56 testing it however pretty interesting (every platform is having dedicated libs) 15:20:33 not really sure it is testable reasonably at all. It is anyway something close to the mess we have in the federation (oidc) testing 15:21:14 That's really interesting 15:22:06 it would be also possible to implement it in python keystone, but heavy work also on the cli is required to support this as well, not sure whether I will ever even look into tha 15:22:09 that 15:22:55 yeah 15:23:21 I wouldn't do it in python without a very good reason to do so 15:23:52 correct :) - force everybody to jump at the Rust train by implementing new cool features only there ;-) 15:24:19 exactly :) 15:25:50 #topic bug review 15:25:51 'v 15:25:52 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:26:05 no new bugs for keystone 15:26:13 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:26:39 python-keystoneclient is good 15:26:52 maybe there will be a rust-keystoneclient section in here soon ;) 15:27:03 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:27:05 :) 15:27:19 keystoneauth is good 15:27:28 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:27:47 no new bugs in keystonemiddleware 15:27:50 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:28:13 pycadf is good 15:28:15 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:28:19 so is ldappool 15:28:24 #topic conclusion 15:28:55 Thanks everyone! Rooms are booked for the PTG 15:29:15 #link https://ptg.opendev.org/ptg.html 15:29:21 And the etherpad is here: 15:29:28 #link https://etherpad.opendev.org/p/apr2025-ptg-keystone 15:29:49 great, I will start adding few rusty things soon 15:29:51 awesome! 15:30:41 #endmeeting