15:02:50 #startmeeting keystone 15:02:50 Meeting started Tue Sep 13 15:02:50 2022 UTC and is due to finish in 60 minutes. The chair is dmendiza[m]. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:02:50 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:02:50 The meeting name has been set to 'keystone' 15:02:59 #topic Roll Call 15:03:35 Courtesy ping for admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla, lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek 15:03:42 o/ 15:03:44 o/ 15:03:45 As usual the agenda is over here: 15:03:51 #link https://etherpad.opendev.org/p/keystone-weekly-meeting 15:08:23 OK, let's get started 15:08:32 #topic Review Past Meeting Action Items 15:08:48 #link https://meetings.opendev.org/meetings/keystone/2022/keystone.2022-09-06-15.00.html 15:09:15 > dmendiza[m] to look into making a new keystoneauth release 15:09:38 I have not made a new release yet 15:09:41 s/made/requested 15:09:58 #action dmendiza[m] to request a new keystoneauth release 15:10:33 which is a good segue into 15:10:40 #topic Liaison Updates 15:11:01 It's RC1 week 15:11:24 #link https://review.opendev.org/c/openstack/releases/+/857116 15:11:36 That's the RC1 release patch for keystone 15:11:47 at 1ea9f7557dc442c56805f70b3f0c9393b427a770 15:12:18 #link https://opendev.org/openstack/keystone/commit/1ea9f7557dc442c56805f70b3f0c9393b427a770 15:12:32 which is currently the master branch 15:13:00 are there any patches we should try to merge before we approve the release? 15:13:48 OAuth2.0 documatations are remaining. is that okey to leave them? 15:14:45 i haven't had the time to review them, but we can definitely backport docs patches 15:15:19 thanks. that a relief. 15:16:50 Yeah, I would not hold back RC1 for docs 15:17:11 Cool, sounds like we're good to +1 the release patch 15:19:17 That's all I have for liaison updates 15:19:27 #topic Antelope PTL 15:20:07 We're technically "leaderless" for the Antelope cycle 15:21:13 but d34dh0r53 did submit his candidacy 15:21:17 #link https://review.opendev.org/c/openstack/election/+/856297 15:22:53 With my TC hat on: The TC will likely appoint d34dh0r53 as PTL given his candidacy. 15:25:24 That's good to hear. 15:26:24 Not sure I mentioned it in the channel before, but I'll be taking a lot of time off work during the Antelope cycle 15:26:34 otherwise I'd be happy to keep helping out as PTL. 15:27:01 So, thanks to d34dh0r53 for volunteering. 15:27:12 OK, moving on ... 15:27:33 #topic Core Team updats 15:27:35 #undo 15:27:35 Removing item from minutes: #topic Core Team updats 15:27:42 #topic Core Team updates 15:28:51 knikolla suggested we should consider growing the core team 15:29:09 and nominate xek for core 15:29:28 which I know he'll be very much interested in 15:29:42 unfortunately he's out on vacation and won't be back for a couple of weeks. 15:30:10 So we'll check with xek to make sure he's still on board and get that process started when he gets back 15:33:47 Ok, moving on ... 15:34:07 #topic OAuth 2.0 15:35:15 At this point we should go ahead and re-target this spec to antelope 15:35:17 #link https://review.opendev.org/c/openstack/keystone-specs/+/843765 15:35:37 agree 15:36:08 we've started the implementation, so we can show the codes immediately after the spec is merged. 15:37:08 we should be on track to get mTLS merged early in the antelope cycle, which is awesome 15:38:20 anything other updates on this topic h_asahina ? 15:38:39 I'd like to confirm that :knikolla do you think it better to show our codes to you or writing rest of parts after seeing your demo? 15:39:11 h_asahina: is the code based on federation and mappings? 15:39:49 i'm almost done with the demo, just having issues with Apache not passing the SSL environment variables to Keystone 15:40:00 yes. technically we are using mapping API of Federation API. 15:40:56 Good :) 15:41:08 It's okay to push code for review even if the spec hasn't merged yet. 15:41:40 For early feedback. We just will make sure not to merge it until after the spec does. 15:42:06 ok, good. it depends on how to share your codes, but if you can show your draft codes, we'd like to see it. 15:42:36 maybe we can modify our codes based on your codes. 15:44:38 My code is just some bash setting up keystone with tls, generating client certs, and making the route to the authentication endpoint for the mapped plugin protected by ssl client verify, and trying to fetch the environment variables from the succesful ssl verification in apache and use them in a mapping. :) 15:45:12 I'm simply trying to demonstrate using client tls as an authentication mechanism using the mapped plugin 15:46:04 does that make sense to you? 15:46:15 i see. so far, it looks similar with our understanding. 15:47:52 will push the codes as you said. after you demo becomes ready, we'll update our code based on both your comments and demo. 15:48:46 is that okey? 15:49:15 yes 15:52:16 sounds like we've got a plan 15:52:38 OK, let's move on ... 15:53:24 #topic Open Discussion 15:53:31 Any last minute topics y'all want to discuss? 15:57:37 Sounds like we're done for today. 15:57:39 it's not discussion, but as it's almost the end of Zed cycle, I'd like to sincerely appreciate all keystone cores support for OAuth2.0 patches. 15:58:15 h_asahina: thank you guys for your contributions and patience. 👍️ 15:58:31 See y'all online! 15:58:32 yes, thank you for you contribution and patience over the numerous iterations. 15:58:46 #endmeeting