[openstack-dev] [keystone] Keystone Team Update - Week of 12 March 2018

Colleen Murphy colleen at gazlene.net
Fri Mar 16 17:00:23 UTC 2018

# Keystone Team Update - Week of 12 March 2018

## News

### Keystone Admin-ness: the Future

At the Denver PTG, while grappling with the concept of admin-ness, we had a moment of clarity when we realized that there were some classes of admin actions that could be described as "global" across keystone projects, like listing all servers in all projects, and other admin actions that were better classified as "system" actions that operated on no project at all, like creating endpoints. From this came the new system scope[1] for operating on system-level APIs. But we have yet to properly deal with the global-across-projects case. There are conflicting views within the keystone team on how best to support this going forward[2], and whether we should enable system-scoped tokens to work on project-level operations or if we can lean on Hierarchical Multitenancy to enable this. Somewhat intermixed in this issue is how, or whether, to deal with cleaning up resources in other services that are tied to keystone projects when the service has no insight into keystone internals. If you have thoughts on these issues, please discuss on Adam's thread[3].

[1] http://specs.openstack.org/openstack/keystone-specs/specs/keystone/queens/system-scope.html
[2] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-13.log.html#t2018-03-13T22:42:44
[3] http://lists.openstack.org/pipermail/openstack-dev/2018-March/128302.html

### Edge Computing

We've previously gotten requests to support syncing data across different keystone deployments at the application level rather than at the data storage level[4]. As Edge Computing gains stronger footing in our community[5], we need to start thinking about use cases like this and how to support them. We discussed this a bit[6] but we are a ways off from having a concrete plan. If you have thoughts on this, please reach out to us!

[4] https://review.openstack.org/#/c/323499/
[5] http://markvoelker.github.io/blog/dublin-ptg-edge-sessions/
[6] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-13.log.html#t2018-03-13T13:50:03

### JWT

We have a spec proposed[7] to implement JSON Web Tokens as a new token format similar to fernet. We discussed some of the particulars[8] with regard to whether the token needs to be encrypted and token size considerations. Implementing this might make a good Outreachy project since it is interesting and reasonably self-contained, but we will want to nail down these details before dumping it on an intern.

[7] https://review.openstack.org/#/c/541903/
[8] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-13.log.html#t2018-03-13T20:03:56

### Milestone Planning Meeting

We had a conference call meeting to organize our Rocky roadmap[9] and do some sprint-like planning for the first milestone. If you're working on something in the roadmap, please feel free to make updates to the Trello board as needed.

[9] https://trello.com/b/wmyzbFq5/keystone-rocky-roadmap

### Outreachy projects

OpenStack didn't get into GSOC this year, but we still have a chance to submit applications for Outreachy[10]. We have some internship ideas[11] that we should add to and/or finalize ASAP. We need to have mentors assigned up-front who should submit the project idea themselves, but even if there is only one name attached to a project, we found last round that co-mentoring can be pretty successful for both the intern and the mentors.

[10] https://www.outreachy.org/communities/cfp/openstack/
[11] https://etherpad.openstack.org/p/keystone-internship-ideas

## Open Specs

Search query: https://goo.gl/eyTktx

Since last week, a new spec has been proposed to provide proper usable multi-factor auth[12]. In total we have five specs proposed for Rocky that are awaiting feedback.

We've also had a revival of a spec currently proposed to the backlog to improve OpenIDC support[13].

[12] https://review.openstack.org/#/c/553670
[13] https://review.openstack.org/#/c/373983

## Recently Merged Changes

Search query: https://goo.gl/hdD9Kw

We merged 13 changes this week. One of these was a significant bugfix to the template catalog backend[14]. We had postponed merging this with the idea that we might create a whole new, better, file-based catalog backend[15] but work on that had stalled (and is being picked up again).

[14] https://review.openstack.org/#/c/482364/
[15] https://review.openstack.org/#/c/483514/

## Changes that need Attention

Search query: https://goo.gl/tW5PiH

There are 36 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.

## Milestone Outlook


We added our milestone goals to the release schedule[16]. The next deadline is the spec proposal freeze the week of April 16.

[16] https://review.openstack.org/#/c/553502/

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter

More information about the OpenStack-dev mailing list