15:05:41 #startmeeting keystone 15:05:41 Meeting started Wed Jun 4 15:05:41 2025 UTC and is due to finish in 60 minutes. The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:05:41 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:05:41 The meeting name has been set to 'keystone' 15:05:57 Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct 15:06:04 #link https://openinfra.dev/legal/code-of-conduct 15:06:19 #topic roll call 15:06:36 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra 15:06:54 🙋‍♂️ 15:07:12 o/ 15:07:36 also here pretty lonely today 15:07:55 o/ sorry, I was heads down and lost track of time 15:08:13 #topic review past meeting work items 15:08:25 I can take over if needed 15:08:39 #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-05-28-15.02.html 15:08:52 no AIs 15:09:02 #topic liaison updates 15:09:18 nothing known to me 15:09:35 o/ 15:10:31 Dave Wilde (d34dh0r53): please try to continue - I experience pretty significant lag with the bridge 15:10:56 ack 15:11:45 any liaison updates? 15:11:50 not from me 15:12:04 gtema: you should send a "#chair d34dh0r53" 15:12:16 #chair d34dh0r53 15:12:16 Current chairs: d34dh0r53 gtema 15:12:46 good call dmendiza , thanks 15:12:55 #topic specification OAuth 2.0 (hiromu) 15:13:09 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:13:14 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:13:17 #External OAuth 2.0 Specification 15:13:33 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 (merged) 15:13:45 OAuth 2.0 Implementation 15:13:59 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls (merged) 15:14:05 OAuth 2.0 Documentation 15:14:12 #link https://review.opendev.org/c/openstack/keystone/+/838108 (merged) 15:14:21 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 (merged) 15:14:30 no updates from me on this one 15:14:42 #topic specification Secure RBAC (dmendiza[m]) 15:14:46 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:14:46 2024.1 Release Timeline 15:14:47 Update oslo.policy in keystone to enforce_new_defaults=True 15:14:48 Update oslo.policy in keystone to enforce_scope=True 15:15:23 Yeah... I should get back to this or remove it from the recurring agenda 15:15:37 I think we still need to beef up tests for "manager" 15:15:55 okay 15:16:49 #action dmendiza update S-RBAC topic in meeting etherpad 15:17:17 next up 15:17:31 #topic specification OpenAPI support (gtema) 15:17:36 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:18:03 there are 2 changes that I would appreciate a review: 15:18:13 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone+is:open 15:18:31 those are splitting request/response schemas and preparing further addressing of similar issues 15:19:10 ack, I can take a look later today 15:19:28 thanks a lot 15:19:45 nothing else on the topic 15:20:08 cool 15:20:29 #topic open discussion 15:21:26 nothing from my side today 15:22:03 CFP for Summit closes June 13th 15:22:20 #link https://summit2025.openinfra.org/cfp/ 15:22:37 I filled a talk for federation and passkey rework 15:22:42 Get yer talks in :) 15:23:42 are you interested in me filling a rust rework talk separately? I did that talk as webinar 2 times already, but maybe the summit will worth that again 15:24:13 in addition to that yesterday on TC meeting Amy was mentioning that eventually we would have again a Project status updates, but there is no info so far 15:26:29 I think it would be an interesting talk, probably with quite a few attendees 15:27:06 Amy also mentioned project status updates with no updates again today :) 15:30:38 cool, moving on to bug review 15:30:44 #topic bug review 15:30:55 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:31:03 we have a couple of new bugs 15:31:04 #link https://bugs.launchpad.net/keystone/+bug/2112477 15:31:57 That could definitely be a bug, but it needs to be reproduced 15:33:31 well, reproducing anything with AD is not a thing that most likely anybody is very willing to do 15:35:05 This will likely come up on our roadmap in the next month or so 15:35:53 We're going to be doing some AD testing with LDAP 15:36:13 ok, sounds good 15:38:00 next bug up 15:38:05 #link https://bugs.launchpad.net/keystone/+bug/2112112 15:38:10 looks like stephenfin is working on this and has a fix proposed 15:39:02 actually the alternative to that is the one I referred in the openapi 15:39:50 my fix makes stephefins's fixsuperfluous 15:41:17 I'll let you two discuss 15:41:44 The second one, sure. The first one is significantly simpler and IMO should go in since it'll be much easier/less risky to backport 15:41:53 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:42:07 #undo 15:42:07 Removing item from minutes: #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:45:45 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:46:11 no new bugs in python-keystoneclient 15:46:26 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:46:45 no new bugs in keystoneauth 15:47:03 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:47:19 keystonemiddleware is good 15:47:38 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:47:46 nothing new in pycadf 15:47:48 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:48:00 ldappool is good 15:48:10 #topic conclusion 15:48:14 thanks folks, nothing else from me 15:50:33 #endmeeting