| *** mhen_ is now known as mhen | 02:20 | |
| *** blarnath is now known as d34dh0r53 | 12:49 | |
| d34dh0r53 | #startmeeting keystone | 15:00 |
|---|---|---|
| opendevmeet | Meeting started Wed Mar 20 15:00:32 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. | 15:00 |
| opendevmeet | Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. | 15:00 |
| opendevmeet | The meeting name has been set to 'keystone' | 15:00 |
| d34dh0r53 | #topic roll call | 15:00 |
| d34dh0r53 | admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema | 15:00 |
| d34dh0r53 | o/ | 15:00 |
| dmendiza[m] | 🙋 | 15:01 |
| Luzi | o/ | 15:01 |
| gtema | sorry, I am not available, skip my topics pls | 15:03 |
| d34dh0r53 | will do, thanks gtema | 15:03 |
| d34dh0r53 | #topic review past meeting work items | 15:03 |
| d34dh0r53 | #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-03-13-15.01.html | 15:04 |
| d34dh0r53 | no updates from me this week | 15:04 |
| d34dh0r53 | #action d34dh0r53 Look into adding/restoring a known issues section to our documentation | 15:04 |
| d34dh0r53 | #action d34dh0r53 add https://bugs.launchpad.net/keystone/+bug/1305950 to the known issues section of our documentation | 15:04 |
| d34dh0r53 | #topic liaison updates | 15:04 |
| d34dh0r53 | nothing from me | 15:04 |
| d34dh0r53 | #topic specification OAuth 2.0 (hiromu) | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability | 15:05 |
| d34dh0r53 | External OAuth 2.0 Specification | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 | 15:05 |
| d34dh0r53 | OAuth 2.0 Implementation | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls | 15:05 |
| d34dh0r53 | OAuth 2.0 Documentation | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/838108 | 15:05 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 | 15:05 |
| d34dh0r53 | ok, moving on | 15:08 |
| d34dh0r53 | #topic specification Secure RBAC (dmendiza[m]) | 15:09 |
| d34dh0r53 | #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ | 15:09 |
| d34dh0r53 | 2024.1 Release Timeline | 15:09 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_new_defaults=True | 15:09 |
| d34dh0r53 | Update oslo.policy in keystone to enforce_scope=True | 15:09 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) | 15:09 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged) | 15:09 |
| d34dh0r53 | #link ttps://review.opendev.org/c/openstack/tempest/+/912489 | 15:09 |
| dmendiza[m] | Still working on improving the SRBAC testing | 15:09 |
| d34dh0r53 | ack | 15:09 |
| dmendiza[m] | We have a test in keystone, but it only runs tests in keystone-tempest-plugin | 15:09 |
| dmendiza[m] | And there's a few failures in the keystone tests in tempest proper | 15:10 |
| dmendiza[m] | so, working on a patch for those. | 15:10 |
| dmendiza[m] | It's looking like we missed some policies for Phase 1, so I should have a patch up soon that we'll need to backport | 15:10 |
| dmendiza[m] | Also looking into adding Keystone to the tempest SRBAC tests | 15:10 |
| dmendiza[m] | for some reason the SRBAC job in Tempest is only turning on SRBAC in like 2 projects | 15:11 |
| dmendiza[m] | and Keystone is not one of them | 15:11 |
| dmendiza[m] | I should have some patches to get all that working hopefully later this week | 15:11 |
| d34dh0r53 | awesome, thank you dmendiza[m] | 15:12 |
| d34dh0r53 | moving on, gtema isn't able to update so I'll just put these here for the minutes | 15:14 |
| d34dh0r53 | #topic specification Improve federated users management (gtema) | 15:14 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/748748 - waiting for reviews | 15:14 |
| d34dh0r53 | this is being reviewed and iterated on | 15:14 |
| d34dh0r53 | next up | 15:14 |
| d34dh0r53 | #topic specification OpenAPI support (gtema) | 15:14 |
| d34dh0r53 | #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 | 15:14 |
| d34dh0r53 | #topic open discussion | 15:15 |
| d34dh0r53 | passlib update | 15:15 |
| d34dh0r53 | The maintainer responded to the bug, and one of the top priorities is to fix the bcrypt version bug | 15:15 |
| d34dh0r53 | #link https://foss.heptapod.net/python-libs/passlib/-/issues/190 | 15:15 |
| d34dh0r53 | Targeted to 1.7.5 | 15:15 |
| d34dh0r53 | 1.7.5 should be released this week | 15:16 |
| d34dh0r53 | at which point I'll update our dependencies | 15:16 |
| d34dh0r53 | anything else for open discussion? | 15:16 |
| Luzi | i added the spec for the domain-manager to the rbac ptg session list: https://review.opendev.org/c/openstack/keystone-specs/+/903172 | 15:18 |
| d34dh0r53 | ack, thanks Luzi | 15:19 |
| d34dh0r53 | Speaking of, I've scheduled 4 sessions, 2 on Wednesday and 2 on Thursday. I doubt we'll need all 4 but we have flexibility if there are conflicts | 15:20 |
| d34dh0r53 | moving on | 15:21 |
| d34dh0r53 | #topic bug review | 15:22 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/?orderby=-id&start=0 | 15:22 |
| d34dh0r53 | looks like there is one new bug for keystone | 15:22 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystone/+bug/2026345 | 15:22 |
| d34dh0r53 | it's a Sphinx bug and is low-hanging-fruit if someone would like to grab it | 15:23 |
| d34dh0r53 | next up | 15:24 |
| d34dh0r53 | #link https://bugs.launchpad.net/python-keystoneclient/?orderby=-id&start=0 | 15:24 |
| d34dh0r53 | no new bugs there | 15:24 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystoneauth/+bugs?orderby=-id&start=0 | 15:24 |
| d34dh0r53 | no new bugs in keystoneauth | 15:25 |
| d34dh0r53 | #link https://bugs.launchpad.net/keystonemiddleware/+bugs?orderby=-id&start=0 | 15:25 |
| d34dh0r53 | keystonemiddleware is good | 15:25 |
| d34dh0r53 | #link https://bugs.launchpad.net/pycadf/+bugs?orderby=-id&start=0 | 15:25 |
| d34dh0r53 | pycadf is also good | 15:25 |
| d34dh0r53 | #link https://bugs.launchpad.net/ldappool/+bugs?orderby=-id&start=0 | 15:26 |
| d34dh0r53 | as it ldappool | 15:26 |
| d34dh0r53 | #topic conclusion | 15:26 |
| d34dh0r53 | As I said, I've booked Keystone sessions for the PTG | 15:26 |
| d34dh0r53 | I've lost the link for the etherpad :/, switched to a new browser | 15:30 |
| d34dh0r53 | #link https://etherpad.opendev.org/p/dalmation-ptg-keystone | 15:31 |
| d34dh0r53 | please add any topics you'd like to discuss | 15:31 |
| d34dh0r53 | that does it for me, thanks all! | 15:31 |
| d34dh0r53 | #endmeeting | 15:31 |
| opendevmeet | Meeting ended Wed Mar 20 15:31:57 2024 UTC. Information about MeetBot at http://wiki.debian.org/MeetBot . (v 0.1.4) | 15:31 |
| opendevmeet | Minutes: https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-03-20-15.00.html | 15:31 |
| opendevmeet | Minutes (text): https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-03-20-15.00.txt | 15:31 |
| opendevmeet | Log: https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-03-20-15.00.log.html | 15:31 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!