#openstack-keystone log

15:00:51 <d34dh0r53> #startmeeting keystone
15:00:51 <opendevmeet> Meeting started Wed Jun 25 15:00:51 2025 UTC and is due to finish in 60 minutes.  The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:00:51 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:00:51 <opendevmeet> The meeting name has been set to 'keystone'
15:00:53 <d34dh0r53> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:00:59 <d34dh0r53> #link https://openinfra.dev/legal/code-of-conduct
15:01:05 <d34dh0r53> #topic roll call
15:01:10 <d34dh0r53> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:01:15 <gtema> o/
15:01:16 <d34dh0r53> super special dmendiza ping
15:01:48 <dmendiza[m]> I am special! 🎉 😄
15:02:37 <xek> o/
15:03:09 <d34dh0r53> 🎉
15:03:26 <d34dh0r53> #topic review past meeting work items
15:03:29 <d34dh0r53> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-06-18-15.00.html
15:03:58 <d34dh0r53> We had a couple of action items from last week
15:04:01 <d34dh0r53> https://review.opendev.org/c/openstack/keystone/+/951792
15:04:37 <d34dh0r53> That's the AD nested groups patch
15:04:47 <d34dh0r53> Any progress on the LDAP job gtema ?
15:05:05 <gtema> not really - no clue why slapd crashes
15:05:22 <gtema> had not enough time to try reproducing it "locally"
15:05:44 <d34dh0r53> according to AI the trace shows a null pointer dereference
15:05:44 <drencrom> Hi, I can help with that if you need but I don't know how to run them locally
15:06:21 <gtema> drencom - our problem now is that slapd in the default devstack installation crashes immediately
15:06:41 <drencrom> is this test right? keystone-tempest-ldap-domain-specific-driver
15:06:57 <gtema> is is not about the patch itself. But we need to first fix the job to be able to verify it does not break other stuff
15:06:59 <gtema> yes, right
15:07:14 <drencrom> Yes, I understand the problem
15:07:47 <d34dh0r53> Yeah, it's strange, are we using an old version of slapd or just what the distro provides?
15:08:04 <gtema> the distro one
15:08:31 <gtema> it maybe that some of the options we set causes it to crash
15:08:55 <gtema> but I have seen quite a few bug reports like that - sadly all terribly old
15:09:23 <gtema> haven't found any "fresh" reports and do not have time myself to go into the slapd debugging
15:12:20 <gtema> technically it is not the keystone job is broken, but devstack ldap setup
15:12:35 <gtema> it crashes before any keystone specifics is applied
15:13:13 <d34dh0r53> ack
15:13:46 <d34dh0r53> It has to be the options or something, slapd is widely used
15:14:37 <gtema> sure, it just worked before, so maybe this is something new with 24.04 that we never noticed - bad thing in non-voting jobs
15:15:56 <d34dh0r53> yeah
15:16:02 <d34dh0r53> ok, next up
15:16:37 <d34dh0r53> discuss with missing folks on Friday during reviewaton abount CFP for forum and Project Update
15:16:55 <d34dh0r53> gtema and I talked about this on Friday
15:17:05 <d34dh0r53> not sure that we came to any conclusion though
15:17:46 <gtema> not really. From trustful sources I know my federation talk will land during Summit, but not the Keystone-Rust
15:18:10 <gtema> so we could propose project update session mentioning Rust work
15:18:39 <gtema> however I have then too many talks myself, so not sure how to organize that
15:20:49 <d34dh0r53> hmm
15:21:16 <d34dh0r53> Let's talk more on Friday
15:21:20 <gtema> sure
15:21:28 <d34dh0r53> cool, moving on
15:21:48 <d34dh0r53> #action discuss on Friday during reviewaton abount CFP for forum and Project Update
15:21:57 <d34dh0r53> #topic liaison updates
15:21:59 <d34dh0r53> nothing from me
15:22:32 <gtema> I do not have anything either
15:22:37 <d34dh0r53> cool
15:22:41 <d34dh0r53> #topic specification OAuth 2.0 (hiromu)
15:22:55 <d34dh0r53> not going to paste everything, we're. in a holding pattern until the other projects merge
15:23:07 <d34dh0r53> #topic specification Secure RBAC (dmendiza)
15:23:10 <d34dh0r53> #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_
15:23:13 <d34dh0r53> 2025.2 Release Timeline
15:23:18 <d34dh0r53> Update oslo.policy in keystone to enforce_new_defaults=True
15:23:22 <d34dh0r53> Update oslo.policy in keystone to enforce_scope=True
15:23:50 <gtema> I had a look last week. Is there anything to do at all? Reason why I ask is that those are defaults set in oslo.policy already
15:23:57 <gtema> and we do not override them
15:24:33 <gtema> but maybe I am wrong - just a quick grep didn't show me anything useful
15:24:51 <d34dh0r53> I'm not sure what the next SRBAC steps are, dmendiza ?
15:28:59 <opendevreview> Takashi Kajinami proposed openstack/oslo.policy master: Remove support for JSON format policy file  https://review.opendev.org/c/openstack/oslo.policy/+/929715
15:30:52 <d34dh0r53> I guess dmendiza had to run
15:31:06 <d34dh0r53> #topic specification OpenAPI support (gtema)
15:31:06 <d34dh0r53> #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone
15:31:26 <d34dh0r53> looks like everything is merged
15:31:31 <d34dh0r53> for now
15:32:04 <gtema> yeah, nothing new this week
15:35:52 <d34dh0r53> cool
15:35:56 <d34dh0r53> #topic open discussion
15:35:58 <d34dh0r53> drencrom
15:36:02 <d34dh0r53> Review patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792
15:36:15 <d34dh0r53> We talked about this already, anything more to add?
15:36:57 <gtema> I think he left (was a notice from irc)
15:37:54 <d34dh0r53> ack
15:38:09 <d34dh0r53> I don't have anything else for open discussion
15:38:36 <gtema> I would keep my point to Friday - to much to write, so nothing from me either
15:38:47 <d34dh0r53> cool
15:38:49 <d34dh0r53> #topic bug review
15:38:53 <d34dh0r53> #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0
15:38:58 <d34dh0r53> no new bugs in keystone
15:39:03 <d34dh0r53> #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0
15:39:20 <d34dh0r53> python-keystoneclient is good to go
15:39:27 <d34dh0r53> #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0
15:39:56 <d34dh0r53> keystoneauth looks fine
15:40:00 <d34dh0r53> #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0
15:40:07 <d34dh0r53> so does keystonemiddleware
15:40:09 <d34dh0r53> #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0
15:40:26 <d34dh0r53> pycadf is clear
15:40:39 <d34dh0r53> #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0
15:40:43 <d34dh0r53> ldappool is also good
15:40:47 <d34dh0r53> #topic conclusion
15:41:08 <d34dh0r53> Thanks folks, reviewathon on Friday, let me know if you want the link or a calendar invite
15:41:27 <gtema> thanks Dave, have a nice day
15:43:34 <d34dh0r53> you as well Artem :)
15:43:38 <d34dh0r53> #endmeeting