#openstack-keystone log

15:01:41 <gtema> #startmeeting keystone
15:01:41 <opendevmeet> Meeting started Wed Jul  2 15:01:41 2025 UTC and is due to finish in 60 minutes.  The chair is gtema. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:01:41 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:01:41 <opendevmeet> The meeting name has been set to 'keystone'
15:01:51 <gtema> Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct
15:02:09 <gtema> #link https://openinfra.dev/legal/code-of-conduct
15:02:27 <gtema> #topic roll call
15:02:38 <gtema> admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra
15:02:45 <gtema> o/
15:03:09 <mharley[m]> o/
15:04:26 <gtema> a special ping for dmendiza
15:04:49 <gtema> quite lonely today
15:06:05 <gtema> with nobody else from the cores it makes no sense to proceed with the meeting.
15:06:16 <dmendiza[m]> 🙋‍♂️
15:06:29 <gtema> oh, you are here, great
15:06:39 <gtema> than let's go on
15:06:51 <gtema> #topic review past meeting work items
15:07:07 <gtema> #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-06-25-15.00.html
15:08:07 <gtema> we still have not done any decision on Forum and/or project update. Since lot of folks not traveling most likely we are not going to have anything
15:08:25 <gtema> #topic liaison updates
15:08:34 <gtema> there is nothing from me
15:09:30 <gtema> ok, next
15:09:33 <gtema> #topic specification
15:09:47 <gtema> #topic OAuth 2.0
15:10:25 <gtema> still not sure why we keep this. There is nothing really open on that
15:10:52 <gtema> #topic Secure RBAC (dmendiza)
15:11:45 <gtema> I spotted some changes in the area, am I right dmendiza ?
15:12:10 <dmendiza[m]> Well, I still need to clean up the doc itself
15:12:17 <dmendiza[m]> I did talk to Dave Wilde (d34dh0r53) a bit about this the other day
15:12:36 <dmendiza[m]> I think what we want to do is ensure that we're running with SRBAC turned on in all our gate jobs
15:13:12 <gtema> isn't it already the case? The defaults are now as we expect in oslo.policy
15:13:43 <dmendiza[m]> Maybe?  ...  I want to review the job definitions to double make sure. 😅
15:14:19 <gtema> my grep across repo hasn't revealed any overrides to the values
15:15:03 <dmendiza[m]> Cool cool.  We should probably consider removing the old policies at some point
15:15:27 <gtema> definitely
15:15:52 <gtema> ok, next
15:16:00 <gtema> #topic OpenAPI support (gtema)
15:16:30 <gtema> there are few changes that I myself still need to review. Nothing blocking and nothing urgent this week
15:17:24 <gtema> #topic open discussion
15:17:50 <gtema> I spent a little bit time last friday looking at the ldap job
15:18:25 <gtema> after proposing a "workaround" to devstack I was able to bypass the slapd bug
15:18:49 <gtema> but now tests fail on jsonschema validation
15:19:12 <gtema> "enabled" attribute is missing in the response for ldap users
15:19:39 <gtema> I was not able to find a potential problem quickly
15:20:04 <gtema> and this week have no time to look into that issue
15:20:45 <gtema> if anybody with more ldap deployment experience could throw some hints I would be glad to take those
15:21:12 <gtema> #link https://review.opendev.org/c/openstack/keystone/+/953571
15:21:49 <gtema> the change is passing because the job is non-voting, so do not be confused with that
15:22:35 <gtema> anything else for open discussion?
15:23:41 <mharley[m]> Yes, how is it going the writing of Keystone to Rust?
15:23:53 <mharley[m]> The "rewriting", I mean.
15:25:23 <gtema> Good. I started writing policies. Now we not only have "allowed", "rejected", but we also have explanations like "only admin can list identity providers from other domain ..."
15:26:03 <gtema> federated login (oidc) works also. Next is to implement exchange of jwt to fernet
15:26:33 <mharley[m]> Great.  Are you doing that all by yourself only (no other contributors)?
15:26:47 <gtema> So far alone alone
15:27:27 <gtema> I hoped to have a talk on that during Summit, but it was not accepted
15:27:43 <gtema> to make an advertisement
15:28:34 <mharley[m]> Are you organizing this on some public repository, including the planning?
15:29:03 <gtema> yes, https://github.com/gtema/keystone
15:29:37 <gtema> I made some org issues, but as long as I work on that myself it is a time waste
15:31:37 <gtema> anything else folks?
15:32:25 <gtema> ok, moving on
15:32:27 <gtema> #topic bug review
15:33:03 <mharley[m]> Understood.  Will have a look.  Thanks, gtema.
15:33:16 <gtema> I am not going to re-paste all the links, but there are no new bug reports for any of our projects, so we are good.
15:33:27 <gtema> #topic conclusion
15:33:47 <gtema> with that, thanks guys
15:33:49 <gtema> and
15:33:56 <gtema> have a nice day
15:34:10 <gtema> #endmeeting