15:11:15 #startmeeting keystone 15:11:15 Meeting started Wed Apr 24 15:11:15 2024 UTC and is due to finish in 60 minutes. The chair is d34dh0r53. Information about MeetBot at http://wiki.debian.org/MeetBot. 15:11:15 Useful Commands: #action #agreed #help #info #idea #link #topic #startvote. 15:11:15 The meeting name has been set to 'keystone' 15:11:27 #topic roll call 15:11:32 o/ 15:11:41 admiyo, bbobrov, crisloma, d34dh0r53, dpar, dstanek, hrybacki, knikolla[m], lbragstad, lwanderley, kmalloc, rodrigods, samueldmq, ruan_he, wxy, sonuk, vishakha, Ajay, rafaelwe, xek, gmann, zaitcev, reqa, dmendiza[m], mharley, jph, gtema 15:11:45 o/ 15:11:46 o/ 15:12:11 🙋‍♂️ 15:13:26 #topic review past meeting work items 15:14:04 #link https://meetings.opendev.org/meetings/keystone/2024/keystone.2024-04-17-15.05.html 15:14:50 I've started looking at where to add the known issues to the keystone docs, not sure what the best place for it is now, thinking User 15:17:15 #action d34dh0r53 Look into adding/restoring a known issues section to our documentation 15:17:24 wow, gremlins are real today 15:17:26 Does reno have a space for it? 15:18:55 these are more global than reno known-issues which to me are per-release 15:19:40 Release notes just seems like the natural place to look for known issues 15:19:54 🤷 15:21:16 and then just carry them forward? 15:21:28 Yup, unless they get fixed 15:21:38 Reno does have a "issues" section which maps to known issues https://docs.openstack.org/releasenotes/ironic/2024.1.html#known-issues 15:21:47 at least in the way Ironic has it implemented 15:22:34 ack, maybe I'll do it there then 15:23:05 cool, thanks for the feedback 15:23:13 next up 15:23:23 #topic liaison updates 15:23:32 nothing from VMT or releases 15:25:23 moving on to specifications 15:25:42 #topic specification OAuth 2.0 (hiromu) 15:25:55 #link https://review.opendev.org/q/topic:bp%252Foauth2-client-credentials-ext 15:25:57 #link https://review.opendev.org/q/topic:bp%252Fenhance-oauth2-interoperability 15:25:59 External OAuth 2.0 Specification 15:26:01 #link https://review.opendev.org/c/openstack/keystone-specs/+/861554 15:26:03 OAuth 2.0 Implementation 15:26:05 #link https://review.opendev.org/q/topic:bp%252Fsupport-oauth2-mtls 15:26:07 OAuth 2.0 Documentation 15:26:09 #link https://review.opendev.org/c/openstack/keystone/+/838108 15:26:11 #link https://review.opendev.org/c/openstack/keystoneauth/+/838104 15:26:53 doesn't look like hiromu is around 15:27:01 moving on 15:27:09 #topic specification 15:27:13 #undo 15:27:13 Removing item from minutes: #topic specification 15:27:37 #topic specification Secure RBAC (dmendiza[m]) 15:27:50 #link https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html#z-release-timeline_ 15:27:52 2024.1 Release Timeline 15:27:52 🙋‍♂️ 15:27:54 Update oslo.policy in keystone to enforce_new_defaults=True 15:27:56 Update oslo.policy in keystone to enforce_scope=True 15:27:58 #link https://review.opendev.org/c/openstack/keystone/+/902730 (Merged) 15:28:00 #link https://review.opendev.org/c/openstack/keystone-tempest-plugin/+/903713 (Merged) 15:28:02 #link https://review.opendev.org/c/openstack/tempest/+/912489 15:28:06 o/ 15:28:59 Looks like that last tempest patch merged 15:29:01 🎉 15:29:45 which means that all tempest test for Keystone are being run with SRBAC turned on for new tempest patches 15:31:05 We might be able to change the defaults for oslo.policy this cycle. 👀 15:33:36 d34dh0r53 got disconnected :( 15:33:40 #chair dmendiza[m] 15:34:36 Any questions RE: RBAC? 15:34:50 ... OK, moving on ... 15:35:01 #topic Improve federated users management (gtema) 15:35:16 #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 15:35:49 on friday there was one comment added to the spec, but it does not really help to move forward. Otherwise still waiting for useful reviews in the spec 15:38:47 haven't had a chance to read through it yet. 😅 15:39:00 but in general I am pro-swagger 15:39:11 that was the other spec 15:39:18 oops wrong link 15:39:23 hmm ... 15:39:32 for adding users projects mapping from external IDP 15:39:41 * dmendiza[m] is reading the agenda like a teleprompter 15:39:51 * dmendiza[m] I am dmendiza? 🤔 15:40:10 do we have AI kicked in? 15:40:24 ok, bad copy pasta on my end 15:40:31 🍝 15:40:37 #undo 15:40:41 #link https://review.opendev.org/c/openstack/keystone-specs/+/748748 15:41:37 I think Grzegorz Grasza and d34dh0r53 were looking at this one ... 15:41:57 right 15:42:00 I need to make some time to catch up on specs 15:42:28 and as said one non-review comment has been added (only) 15:44:14 Ack, we'll discuss on video at this Friday's reviewathon. 15:44:39 thks 15:45:08 #action Review https://review.opendev.org/c/openstack/keystone-specs/+/748748 at Reviewathon on 2024-04-26 15:46:01 #topic OpenAPI support (gtema) 15:46:15 #link https://review.opendev.org/c/openstack/keystone-specs/+/910584 15:46:25 OK, I am still pro-swagger 15:46:31 great 15:46:42 and here same - waiting for reviews ;-) 15:49:00 #action Review https://review.opendev.org/c/openstack/keystone-specs/+/910584 at Reviewathon on 2024-04-26 15:49:17 thks 15:49:49 OK, moving on 15:49:56 #topic Open Discussion 15:50:05 nothing from my side 15:59:50 OK, looks like we're done then 15:59:54 since we're almost out of time. 16:00:12 We'll review the bug boards next week. 16:00:15 #endmeeting 16:00:55 I guess the meetbot is not listening to me 😢 16:01:09 See y'all online. Thanks for joining! 16:01:40 dmendiza Thanks! 16:02:31 #endmeeting