Open Stack

# Keystone Team Update - Week of 26 March 2018

## News

### JSON Web Tokens

Lance found an interesting article denouncing JWT[1][2] which, in an ironic twist, also advocated fernet as an alternative. We're still plowing forward on the JWT spec[3], but we need to be very precise in our design and mindful not just of the RFCs but of our chosen library's implementation details. The spec is being expanded to more precisely define the payload (and some advantages the new payload format will give us[4]), and how and whether to encrypt or just sign is still an open question[5].

[1] https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid
[2] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-28.log.html#t2018-03-28T17:53:06
[3] https://review.openstack.org//541903
[4] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-28.log.html#t2018-03-28T15:04:01
[5] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-29.log.html#t2018-03-29T16:16:06

### PostgreSQL support

We have an open bug for a problem in one of the SQL migrations on PostgreSQL[6] which brought to mind a TC resolution about the current status of PostgreSQL in OpenStack[7]. We do test migrations on PostgreSQL, but not at scale and not in a rolling upgrade scenario. No one has proposed to drop support for PostgreSQL since it more or less works most of the time, but we do need to document within keystone that it is not a first class citizen and resolving some of these weirder bugs is only best effort[8].

[6] https://bugs.launchpad.net/keystone/+bug/1755906
[7] https://governance.openstack.org/tc/reference/help-most-needed.html
[8] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-03-27.log.html#t2018-03-27T18:12:15

### Help wanted lists

Like other projects, keystone gets a lot of drive-by patches for typo fixes, URL updates, and lately PTI updates. In the last meeting, I suggested that perhaps we could steer these types of contributions toward something that would be more beneficial to keystone specifically. Low-investment tasks like resolving deprecation warnings, for example, would provide a bigger value to us than typo fixes. I started a list of the types of things we could direct these contributors toward[9], please feel free to add to it. I'll add it to our contributor guide.

In discussing this "help wanted list", we also circled back to the possibiliy of requesting to add keystone to the TC's "help most needed" list[10]. This would not be about focusing drive-by patches constructively, but on gaining long-term maintainers who can help us with some of keystone's fundamental issues and feature backlog. We haven't yet been moved to action on this.

[9] https://etherpad.openstack.org/p/keystone-help-wanted-list
[10] https://governance.openstack.org/tc/reference/help-most-needed.html

## Open Specs

Search query:  https://goo.gl/hdD9Kw

We merged our first spec for Rocky, which was for MFA improvements[11]. We also converged on some terminology decisions for the application credential improvement spec[12] and expect to merge it soon.

[11] https://review.openstack.org/553670
[12] https://review.openstack.org/396331

## Recently Merged Changes

Search query: https://goo.gl/FLwpEf

We merged 18 changes in the last week, including some significant bug fixes.

## Changes that need Attention

Search query: https://goo.gl/tW5PiH

There are 38 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.

Among these are a couple of changes to python-keystoneclient[13][14] to add the ability to return a request ID to the caller, which have been making steady progress for a while and are now in good shape.

[13] https://review.openstack.org/329913
[14] https://review.openstack.org/267456

## Milestone Outlook

https://releases.openstack.org/rocky/schedule.html

We're about three weeks out from spec proposal freeze. If you have a feature you would like to work on in keystone, please propose it now.

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter