[dev][keystone] Keystone Team Update - Week of 18 February 2019

Colleen Murphy colleen at gazlene.net
Fri Feb 22 18:37:22 UTC 2019


# Keystone Team Update - Week of 18 February 2019

## News

### Scope 101

Melanie started a nova thread [0] that highlighted an API in nova that would benefit from leveraging different scopes in keystone and scope_types in oslo.policy. This thread ultimately kicked up a long discussion in IRC [1] about the concept of authorization scope and how it's actually useful to other OpenStack developers. While we document various token scopes in our admin guide [2], contributor guide [3], and explain how to get them in our API reference [4], we don't do a great job of breaking it down for other developers. Specifically, we don't help connect the dots for developers working on other parts of OpenStack that would benefit from the work we've done in keystone, keystonemiddleware, oslo.policy, and oslo.context to protect APIs they write. This is apparent in discussions we have with experienced OpenStack developers. What we need is a concise and digestable document that clearly explains how other developers in OpenStack can use these tools to provide more of the work they do to end users in a secure way. Lance has a WIP patch [5] up to our contributor guide that attempts to outline the questions people have about authorization scopes and how to consume them. If you have unanswered questions about authorization scopes or just want to learn more about it, please add your perspective to the review and we'll work on smoothing out the wrinkles.

[0] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002740.html
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-02-20.log.html#t2019-02-20T18:35:06
[2] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes
[3] https://docs.openstack.org/keystone/latest/contributor/services.html#authorization-scopes
[4] https://developer.openstack.org/api-ref/identity/v3/index.html?expanded=password-authentication-with-scoped-authorization-detail#system-scoped-example
[5] https://review.openstack.org/#/c/638563/

### Forum, PTG and Summit Sessions

Lance posted a call for forum topics for the Denver summit[6]. As the PTG will be in the same place immediately following it, we also need to start thinking about PTG topics too.

The presentation schedule has been finalized and posted[7], so make sure to check out all the keystone breakout sessions!

[6] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003021.html
[7] https://www.openstack.org/summit/denver-2019/summit-schedule

### App Creds Update

I posted an update on our progress on the fine-grained-access-control feature for application credentials[8] and we had a brief discussion about it on IRC[9]. Please respond on that thread if you have opinions about. I am expecting we will not meet the feature freeze deadline, which means it's perfectly okay to have a naming bikeshed.

[8] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003031.html
[9] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-02-21.log.html#t2019-02-21T21:13:50

### Outreachy Applications Open

You may have noticed some activity from Outreachy applicants on the mailing list. The next round is open for both project and intern applications until March 26[10]. As you can tell, interns are already searching for and applying for projects, so best to submit project ideas ASAP. If you have an idea for an Outreachy project and would like to be a mentor, feel free to ask me about it: I can give you an idea of what the process is like, what the time commitment is, and other things you should know.

[10] https://www.outreachy.org/communities/cfp/openstack/

## Recently Merged Changes

Search query: https://bit.ly/2pquOwT

We merged 37 changes this week.

## Changes that need Attention

Search query: https://bit.ly/2tymTje

There are 44 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.

## Bugs

Just after I sent my report last week, we converted several old blueprints to RFE bug reports, so I altered my filter this week to include those:

Bugs opened (23) 
Bug #1816833 (keystone:High) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816833 
Bug #1817313 (keystone:High) opened by Colleen Murphy https://bugs.launchpad.net/keystone/+bug/1817313 
Bug #1816927 (keystone:Low) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816927 
Bug #1817047 (keystone:Low) opened by André Luis Penteado https://bugs.launchpad.net/keystone/+bug/1817047 
Bug #1816054 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816054 
Bug #1816059 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816059 
Bug #1816066 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816066 
Bug #1816076 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816076 
Bug #1816097 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816097 
Bug #1816099 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816099 
Bug #1816105 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816105 
Bug #1816107 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816107 
Bug #1816109 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816109 
Bug #1816112 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816112 
Bug #1816115 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816115 
Bug #1816120 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816120 
Bug #1816158 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816158 
Bug #1816160 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816160 
Bug #1816163 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816163 
Bug #1816164 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816164 
Bug #1816165 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816165 
Bug #1816166 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816166 
Bug #1816167 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816167 

Bugs fixed (8) 
Bug #1811605 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1811605 
Bug #1814589 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1814589 
Bug #1815539 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1815539 
Bug #1757000 (keystone:Medium) fixed by erus https://bugs.launchpad.net/keystone/+bug/1757000 
Bug #1804292 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804292 
Bug #1804516 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804516 
Bug #1804519 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804519 
Bug #1804521 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804521

## Milestone Outlook

https://releases.openstack.org/stein/schedule.html

The final release of non-client libraries is next week. As bnemec pointed out, this doesn't include the oslo libraries, for which the freeze is this week. Luckily it doesn't look like we have anything major in flight for oslo.policy and oslo.limit currently. Feature freeze for keystone and final release of client libraries is in two weeks.

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter



More information about the openstack-discuss mailing list