#openstack-keystone log

15:02:50 <dmendiza[m]> #startmeeting keystone
15:02:50 <opendevmeet> Meeting started Tue Sep 13 15:02:50 2022 UTC and is due to finish in 60 minutes.  The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot.
15:02:50 <opendevmeet> Useful Commands: #action #agreed #help #info #idea #link #topic #startvote.
15:02:50 <opendevmeet> The meeting name has been set to 'keystone'
15:02:59 <dmendiza[m]> #topic Roll Call
15:03:35 <dmendiza[m]> Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek
15:03:42 <knikolla> o/
15:03:44 <h_asahina> o/
15:03:45 <dmendiza[m]> As usual the agenda is over here:
15:03:51 <dmendiza[m]> #link https://etherpad.opendev.org/p/keystone-weekly-meeting
15:08:23 <dmendiza[m]> OK, let's get started
15:08:32 <dmendiza[m]> #topic Review Past Meeting Action Items
15:08:48 <dmendiza[m]> #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-09-06-15.00.html
15:09:15 <dmendiza[m]> > dmendiza[m] to look into making a new keystoneauth release
15:09:38 <dmendiza[m]> I have not made a new release yet
15:09:41 <dmendiza[m]> s/made/requested
15:09:58 <dmendiza[m]> #action dmendiza[m] to request a new keystoneauth release
15:10:33 <dmendiza[m]> which is a good segue into
15:10:40 <dmendiza[m]> #topic Liaison Updates
15:11:01 <dmendiza[m]> It's RC1 week
15:11:24 <dmendiza[m]> #link https://review.opendev.org/c/openstack/releases/+/857116
15:11:36 <dmendiza[m]> That's the RC1 release patch for keystone
15:11:47 <dmendiza[m]> at 1ea9f7557dc442c56805f70b3f0c9393b427a770
15:12:18 <dmendiza[m]> #link https://opendev.org/openstack/keystone/commit/1ea9f7557dc442c56805f70b3f0c9393b427a770
15:12:32 <dmendiza[m]> which is currently the master branch
15:13:00 <dmendiza[m]> are there any patches we should try to merge before we approve the release?
15:13:48 <h_asahina> OAuth2.0 documatations are remaining. is that okey to leave them?
15:14:45 <knikolla> i haven't had the time to review them, but we can definitely backport docs patches
15:15:19 <h_asahina> thanks. that a relief.
15:16:50 <dmendiza[m]> Yeah, I would not hold back RC1 for docs
15:17:11 <dmendiza[m]> Cool, sounds like we're good to +1 the release patch
15:19:17 <dmendiza[m]> That's all I have for liaison updates
15:19:27 <dmendiza[m]> #topic Antelope PTL
15:20:07 <dmendiza[m]> We're technically "leaderless" for the Antelope cycle
15:21:13 <dmendiza[m]> but d34dh0r53 did submit his candidacy
15:21:17 <dmendiza[m]> #link https://review.opendev.org/c/openstack/election/+/856297
15:22:53 <knikolla> With my TC hat on: The TC will likely appoint d34dh0r53 as PTL given his candidacy.
15:25:24 <dmendiza[m]> That's good to hear.
15:26:24 <dmendiza[m]> Not sure I mentioned it in the channel before, but I'll be taking a lot of time off work during the Antelope cycle
15:26:34 <dmendiza[m]> otherwise I'd be happy to keep helping out as PTL.
15:27:01 <dmendiza[m]> So, thanks to d34dh0r53 for volunteering.
15:27:12 <dmendiza[m]> OK, moving on ...
15:27:33 <dmendiza[m]> #topic Core Team updats
15:27:35 <dmendiza[m]> #undo
15:27:35 <opendevmeet> Removing item from minutes: #topic Core Team updats
15:27:42 <dmendiza[m]> #topic Core Team updates
15:28:51 <dmendiza[m]> knikolla suggested we should consider growing the core team
15:29:09 <dmendiza[m]> and nominate xek for core
15:29:28 <dmendiza[m]> which I know he'll be very much interested in
15:29:42 <dmendiza[m]> unfortunately he's out on vacation and won't be back for a couple of weeks.
15:30:10 <dmendiza[m]> So we'll check with xek to make sure he's still on board and get that process started when he gets back
15:33:47 <dmendiza[m]> Ok, moving on ...
15:34:07 <dmendiza[m]> #topic OAuth 2.0
15:35:15 <dmendiza[m]> At this point we should go ahead and re-target this spec to antelope
15:35:17 <dmendiza[m]> #link https://review.opendev.org/c/openstack/keystone-specs/+/843765
15:35:37 <h_asahina> agree
15:36:08 <h_asahina> we've started the implementation, so we can show the codes immediately after the spec is merged.
15:37:08 <dmendiza[m]> we should be on track to get mTLS merged early in the antelope cycle, which is awesome
15:38:20 <dmendiza[m]> anything other updates on this topic h_asahina ?
15:38:39 <h_asahina> I'd like to confirm that :knikolla do you think it better to show our codes to you or writing rest of parts after seeing your demo?
15:39:11 <knikolla> h_asahina: is the code based on federation and mappings?
15:39:49 <knikolla> i'm almost done with the demo, just having issues with Apache not passing the SSL environment variables to Keystone
15:40:00 <h_asahina> yes. technically we are using mapping API of Federation API.
15:40:56 <knikolla> Good :)
15:41:08 <knikolla> It's okay to push code for review even if the spec hasn't merged yet.
15:41:40 <knikolla> For early feedback. We just will make sure not to merge it until after the spec does.
15:42:06 <h_asahina> ok, good. it depends on how to share your codes, but if you can show your draft codes, we'd like to see it.
15:42:36 <h_asahina> maybe we can modify our codes based on your codes.
15:44:38 <knikolla> My code is just some bash setting up keystone with tls, generating client certs, and making the route to the authentication endpoint for the mapped plugin protected by ssl client verify, and trying to fetch the environment variables from the succesful ssl verification in apache and use them in a mapping. :)
15:45:12 <knikolla> I'm simply trying to demonstrate using client tls as an authentication mechanism using the mapped plugin
15:46:04 <knikolla> does that make sense to you?
15:46:15 <h_asahina> i see. so far, it looks similar with our understanding.
15:47:52 <h_asahina> will push the codes as you said. after you demo becomes ready, we'll update our code based on both your comments and demo.
15:48:46 <h_asahina> is that okey?
15:49:15 <knikolla> yes
15:52:16 <dmendiza[m]> sounds like we've got a plan
15:52:38 <dmendiza[m]> OK, let's move on ...
15:53:24 <dmendiza[m]> #topic Open Discussion
15:53:31 <dmendiza[m]> Any last minute topics y'all want to discuss?
15:57:37 <dmendiza[m]> Sounds like we're done for today.
15:57:39 <h_asahina> it's not discussion, but as it's almost the end of Zed cycle, I'd like to sincerely appreciate all keystone cores support for OAuth2.0 patches.
15:58:15 <dmendiza[m]> h_asahina: thank you guys for your contributions and patience. 👍️
15:58:31 <dmendiza[m]> See y'all online!
15:58:32 <knikolla> yes, thank you for you contribution and patience over the numerous iterations.
15:58:46 <dmendiza[m]> #endmeeting