15:04:20 #startmeeting keystone 15:04:20 Meeting started Wed Aug 27 15:04:20 2025 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:04:20 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:04:20 The meeting name has been set to 'keystone' 15:04:24 Reminder: This meeting takes place under the OpenInfra Foundation Code of Conduct 15:04:27 #link https://openinfra.dev/legal/code-of-conduct 15:04:32 #topic roll call 15:04:36 o/ 15:04:45 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], dmendiza, mharley, jph, gtema, cardoe, deydra 15:04:48 dmendiza: o/ 15:05:08 o/ 15:05:15 🙋‍♂️ 15:06:04 hi all 15:06:30 #topic review past meeting work items 15:06:34 #link https://meetings.opendev.org/meetings/keystone/2025/keystone.2025-08-20-15.02.html 15:06:44 we have one, which I haven't got to yet 15:06:55 dwilde/gtema add PTG topic about service account 15:07:15 and I found i my personal notes that we already talked about that last PTG 15:07:19 :) 15:07:34 ahh, I do recall that 15:08:08 but we should do this again and agree. I will definitely implement some poc in the Rust side 15:08:34 yeah, agreed 15:09:16 #action dwilde/gtema add PTG topic about service account 15:09:30 #topic liaison updates 15:09:40 nothing from me 15:09:43 nor me 15:10:25 #topic specification OAuth 2.0 (hiromu) 15:10:29 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:10:34 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:10:45 no updates from me on this one 15:10:49 #topic specification Secure RBAC (dmendiza) 15:10:53 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:11:01 2025.2 Release Timeline 15:11:09 Update oslo.policy in keystone to enforce_new_defaults=True 15:11:11 Update oslo.policy in keystone to enforce_scope=True 15:12:04 No updates this week, still haven't had a chance to look into the failures in the devstack patch 15:12:17 ack, thanks dmendiza 15:12:23 #topic specification OpenAPI support (gtema) 15:12:25 #link https://review.opendev.org/q/topic:%22openapi%22+project:openstack/keystone 15:13:04 maybe only a fix that was mentioned last week 15:13:14 https://review.opendev.org/c/openstack/keystone/+/957547 15:13:27 one +2 and +W remaining 15:14:18 I can take a look today 15:14:28 cool, thks 15:14:41 nothing else this week, busy also on other fronts 15:14:49 thanks gtema 15:15:03 #topic open discussion 15:15:09 drencrom 15:15:14 Patch proposal: https://review.opendev.org/c/openstack/keystone/+/951792 15:15:18 Dependent bugs have been merged, needs a workflow vote 15:15:32 done 15:15:44 beat me to it :) 15:15:50 thanks drencrom 15:16:17 #topic bug review 15:16:21 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:17:19 looks like on new bug in keystone that is already being worked 15:17:20 #link https://bugs.launchpad.net/keystone/+bug/2121152 15:17:21 🙋‍♂️ 15:17:24 I need to add the regex thing to the agenda 15:18:03 okay, go ahead dmendiza 15:18:10 #topic password regex testing 15:18:29 I added a second patch as an alternative to the first one: 15:18:32 #link https://review.opendev.org/c/openstack/devstack/+/957969 15:18:57 The main point of this patch is to change KEYSTONE_SECURITY_COMPLIANCE_ENABLED=False by default 15:19:20 it makes things much easier, since we don't have to worry about every single devstack job out there having it turned on. 15:19:53 It seems Sean Mooney is on board, but gmaan may need some convincing. 15:20:36 It also adds a job to set it to True to test it, and we can override passwords just in that new job 15:20:53 I will iterate on this to move the job into the Keystone repo instead of having it in devstack. 15:22:07 Seems like a good compromise to me 15:23:21 Yeah, if folks really want that enabled they can then opt-in and override passwords as necessary 15:23:28 and we can still use a complex regex for testing 15:24:07 That's it for this week on this topic 15:24:15 I'll get it added to the agenda for next week. 15:24:17 Thanks dmendiza 15:24:36 back to bug review 15:25:02 #topic bug review 15:25:13 #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 15:25:31 like I said there is one bug that's already being worked 15:25:42 #link https://bugs.launchpad.net/keystone/+bug/2121152 15:27:18 I'll review the patch today 15:27:23 that's it for keystone 15:27:31 #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 15:28:02 no new bugs in python-keystoneclient 15:28:15 #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 15:28:39 keystoneauth is good 15:28:45 #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 15:29:06 all clear or keystonemiddleware 15:29:14 #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 15:29:18 pycadf has no new bugs 15:29:27 #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 15:29:36 nor does ldappool 15:29:41 #topic conclusion 15:29:48 nothing else from me 15:30:01 https://review.opendev.org/c/openstack/keystone/+/958665 is gate unblocker for 2025.1 15:30:10 oneliner 15:30:38 thanks gtema , +2 from me 15:30:45 thks 15:31:37 dmendiza, Grzegorz Grasza mind reviewing as well? 15:32:04 Ack 15:32:08 thanks! 15:32:23 #endmeeting