[openstack-dev] Keystone Team Update - Week of 18 December 2017

Colleen Murphy colleen at gazlene.net
Fri Dec 22 15:42:34 UTC 2017

# Keystone Team Update - Week of 18 December 2017

## News

### Unified Limits

We accepted the Limits API spec[1] last week, for which we had made a
spec freeze exception.

### Allowing control over project ID generation

At our weekly meeting, we had a productive conversation[2] about a
recurring feature request[3] by telecom operators to allow operators
direct control over the ID of a project and thereby enable users to
use a token to authenticate and scope to the "same" project in
distinct, non-replicated clouds. The team is very concerned with
exposing an API like this and also unwilling to make it an optional
feature as this causes interoperability issues. We agreed that a
reasonable way forward is for the telecom folks to write their own
out-of-tree resource driver which could synchronize project IDs across
clouds, which would give them the control they need over their
keystone projects but not require a change in an upstream keystone API
nor require buy-in from the keystone team or be constrained by our
release schedule.

Something that came up during this discussion was that the telecom
operators had tried using Keystone to Keystone federation to allow
resource sharing between clouds, but reported it was not performant.
Unfortunately this was a long time ago and they did not have details
on what was slow. We'd like to investigate how we can improve Keystone
to Keystone performance since this is intended to solve the
inter-cloud use case described, but it's unfortunately hard to tell
who is using it or has tried to use it[4].

### Next week

Next week will be a short week and probably a slow one so I won't
bother to post an update.

[1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/limits-api.html
[2] http://eavesdrop.openstack.org/meetings/keystone/2017/keystone.2017-12-19-18.00.log.html#l-69
[3] https://review.openstack.org/#/c/323499/
[4] http://lists.openstack.org/pipermail/openstack-dev/2017-December/125744.html

## Open Specs

Search query: https://goo.gl/pc8cCf

We've merged all of our proposed Queens specs.

## Recently Merged Changes

Search query: https://goo.gl/hdD9Kw

We merged 24 changes this week (two are in the gate as I write this),
including the client support for project tags and some of Lance's
system-scope changes.

## Changes that need Attention

Search query:  https://goo.gl/h9knRA (query updated to not include
already approved not-yet-merged changes)

There are 47 changes that are passing CI, not in merge conflict, have
no negative reviews and aren't proposed by bots.

The major changes that need feedback are the system-scope changes[5].
There is also this client change for capturing request IDs[6] that has
been in progress for a while and is in pretty good shape now.

[5] https://review.openstack.org/#/q/topic:bp/system-scope+is:open
[6] https://review.openstack.org/#/c/329913/

## Milestone Outlook


Today is feature proposal freeze, which no accepted specs are in
danger of missing. The next deadline is the feature freeze at R-5, the
week of 22 January.

## Shout-outs

Thanks to Qinglin Cheng and Andreas Jaeger for helping us fix our docs
jobs (after they were so rudely broken ;))!

Also, welcome to our Outreachy intern Suramya Shah who is going to be
helping us out with our docs!

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad:

More information about the OpenStack-dev mailing list