#openstack-keystone log

15:00:24 <gtema> #startmeeting keystone
15:00:24 <opendevmeet> Meeting started Wed Jun 18 15:00:24 2025 UTC and is due to finish in 60 minutes.  The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:24 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:24 <opendevmeet> The meeting name has been set to 'keystone'
15:00:32 <gtema> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:00:39 <gtema> #link https://openinfra.dev/legal/code-of-conduct
15:00:48 <gtema> #topic roll call
15:00:56 <gtema> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:01:01 <xek> o/
15:01:53 <gtema> special ping for dmendiza
15:02:42 <gtema> looks we are alone Greg
15:02:46 <gtema> :)
15:02:54 <gtema> #topic review past meeting work items
15:03:03 <gtema> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-06-11-15.12.html
15:03:19 <gtema> dmendiza: wanted to update S-RBAC topic
15:03:37 <gtema> I see it is not done
15:04:32 <gtema> na well, ...
15:04:35 <gtema> #topic liaison updates
15:04:43 <gtema> there is nothing from me
15:05:01 <xek> no updates from me either
15:05:26 <gtema> ack, then we jump into
15:05:28 <gtema> #topic specification
15:05:37 <gtema> #topic oauth2
15:06:03 <gtema> I do not think there are any changes, so not going to post all the links yet again
15:06:24 <gtema> #topic openapi
15:06:54 <gtema> changes that I posted last week are now merged. Will take a look at going further with split of request/responses
15:07:14 <gtema> #topis secure rbac
15:07:26 <gtema> I have myself just updated 2024.1 to 2025.2
15:07:32 <gtema> I mean in the agenda
15:08:21 <gtema> I see we set enforce_new_defaults in some federation tests
15:09:44 <gtema> and also I see enforce_new_defaults is default to True in oslo.policy
15:10:16 <gtema> with that I am actually wondering - is there anything to do wrt that?
15:12:08 <jayaanand_> i am from NetApp. we have customer who is looking for SAML based authentication between Cinder and Netapp filer through data-plane connection. Are there any existing workflows where Cinder is using keystone for SAML auth with backed storage?
15:12:11 <gtema> ok, without Doug I am not willing to drop the item from agenda, but at the same time I believe there is actually nothing to do since we do not flip the defaults on the Keystone side
15:13:22 <gtema> jayaanand_ - not sure. From Keystone side we have no clue what Cinder is doing and how
15:14:13 <gtema> on the other side Dave Wilde (d34dh0r53) mentined recently that in RH 10 mod_shiboleth is going to be dropped so in general future of SAML is under the axe
15:15:37 <gtema> on the other side I hardly believe Cinder NetApp may have any SAML communication since it requires browser. So it is not usable for the server-side flows from my knowledge
15:16:09 <gtema> anyway,
15:16:12 <gtema> #topic open discussion
15:16:34 <drencrom> Hi, I posted a patch that needs review
15:16:48 <gtema> yes, I have seen that
15:16:53 <gtema> #link https://review.opendev.org/c/openstack/keystone/+/951792
15:17:13 <gtema> problem is that we have no CI and nobody having practical experience with AD so far
15:17:32 <gtema> so reviewing this is not easy
15:17:54 <gtema> well, it is easy, but ensuring it is correct is not
15:18:45 <gtema> #action review https://review.opendev.org/c/openstack/keystone/+/951792 on friday during reviewaton
15:19:40 <gtema> anything else for open discussion?
15:19:46 <drencrom> I see, thanks
15:20:29 <gtema> #topic bug review
15:20:31 <drencrom> Please at least check if the changes are acceptable for you because it kind og goes against the design of the classes there
15:20:58 <gtema> as recorded, we would try to check it on friday in regular review meeting
15:21:37 <gtema> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:21:55 <gtema> no new bugs in Keystone (huray)
15:22:06 <gtema> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:22:16 <gtema> nothing in python-keystoneclient either
15:22:41 <gtema> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:22:49 <gtema> nothing new in keystoneauth
15:23:15 <gtema> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:23:17 <gtema> nothing new
15:23:42 <gtema> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:23:47 <gtema> nothing in pycadf
15:24:02 <gtema> that would be it for bugs
15:24:04 <gtema> #topic conclusion
15:24:19 <gtema> last chance to raise anything
15:24:49 <gtema> #action discuss with missing folks on Friday during reviewaton abount CFP for forum and Project Update
15:25:29 <gtema> Does not look like there is anything else
15:25:36 <gtema> With that - thanks folks
15:25:43 <gtema> #endmeeting