15:00:51 #startmeeting keystone 15:00:51 Meeting started Wed Jun 25 15:00:51 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:00:51 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:00:51 The meeting name has been set to 'keystone' 15:00:53 Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct 15:00:59 #link https://openinfra.dev/legal/code-of-conduct 15:01:05 #topic roll call 15:01:10 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra 15:01:15 o/ 15:01:16 super special dmendiza ping 15:01:48 I am special! 🎉 😄 15:02:37 o/ 15:03:09 🎉 15:03:26 #topic review past meeting work items 15:03:29 #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-06-18-15.00.html 15:03:58 We had a couple of action items from last week 15:04:01 https://review.opendev.org/c/openstack/keystone/+/951792 15:04:37 That's the AD nested groups patch 15:04:47 Any progress on the LDAP job gtema ? 15:05:05 not really - no clue why slapd crashes 15:05:22 had not enough time to try reproducing it "locally" 15:05:44 according to AI the trace shows a null pointer dereference 15:05:44 Hi, I can help with that if you need but I don't know how to run them locally 15:06:21 drencom - our problem now is that slapd in the default devstack installation crashes immediately 15:06:41 is this test right? keystone-tempest-ldap-domain-specific-driver 15:06:57 is is not about the patch itself. But we need to first fix the job to be able to verify it does not break other stuff 15:06:59 yes, right 15:07:14 Yes, I understand the problem 15:07:47 Yeah, it's strange, are we using an old version of slapd or just what the distro provides? 15:08:04 the distro one 15:08:31 it maybe that some of the options we set causes it to crash 15:08:55 but I have seen quite a few bug reports like that - sadly all terribly old 15:09:23 haven't found any "fresh" reports and do not have time myself to go into the slapd debugging 15:12:20 technically it is not the keystone job is broken, but devstack ldap setup 15:12:35 it crashes before any keystone specifics is applied 15:13:13 ack 15:13:46 It has to be the options or something, slapd is widely used 15:14:37 sure, it just worked before, so maybe this is something new with 24.04 that we never noticed - bad thing in non-voting jobs 15:15:56 yeah 15:16:02 ok, next up 15:16:37 discuss with missing folks on Friday during reviewaton abount CFP for forum and Project Update 15:16:55 gtema and I talked about this on Friday 15:17:05 not sure that we came to any conclusion though 15:17:46 not really. From trustful sources I know my federation talk will land during Summit, but not the Keystone-Rust 15:18:10 so we could propose project update session mentioning Rust work 15:18:39 however I have then too many talks myself, so not sure how to organize that 15:20:49 hmm 15:21:16 Let's talk more on Friday 15:21:20 sure 15:21:28 cool, moving on 15:21:48 #action discuss on Friday during reviewaton abount CFP for forum and Project Update 15:21:57 #topic liaison updates 15:21:59 nothing from me 15:22:32 I do not have anything either 15:22:37 cool 15:22:41 #topic specification OAuth 2.0 (hiromu) 15:22:55 not going to paste everything, we're. in a holding pattern until the other projects merge 15:23:07 #topic specification Secure RBAC (dmendiza) 15:23:10 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:23:13 2025.2 Release Timeline 15:23:18 Update oslo.policy in keystone to enforce_new_defaults=True 15:23:22 Update oslo.policy in keystone to enforce_scope=True 15:23:50 I had a look last week. Is there anything to do at all? Reason why I ask is that those are defaults set in oslo.policy already 15:23:57 and we do not override them 15:24:33 but maybe I am wrong - just a quick grep didn't show me anything useful 15:24:51 I'm not sure what the next SRBAC steps are, dmendiza ? 15:28:59 Takashi Kajinami proposed openstack/oslo.policy master: Remove support for JSON format policy file https://review.opendev.org/c/openstack/oslo.policy/+/929715 15:30:52 I guess dmendiza had to run 15:31:06 #topic specification OpenAPI support (gtema) 15:31:06 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:31:26 looks like everything is merged 15:31:31 for now 15:32:04 yeah, nothing new this week 15:35:52 cool 15:35:56 #topic open discussion 15:35:58 drencrom 15:36:02 Review patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792 15:36:15 We talked about this already, anything more to add? 15:36:57 I think he left (was a notice from irc) 15:37:54 ack 15:38:09 I don't have anything else for open discussion 15:38:36 I would keep my point to Friday - to much to write, so nothing from me either 15:38:47 cool 15:38:49 #topic bug review 15:38:53 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:38:58 no new bugs in keystone 15:39:03 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:39:20 python-keystoneclient is good to go 15:39:27 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:39:56 keystoneauth looks fine 15:40:00 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:40:07 so does keystonemiddleware 15:40:09 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:40:26 pycadf is clear 15:40:39 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:40:43 ldappool is also good 15:40:47 #topic conclusion 15:41:08 Thanks folks, reviewathon on Friday, let me know if you want the link or a calendar invite 15:41:27 thanks Dave, have a nice day 15:43:34 you as well Artem :) 15:43:38 #endmeeting