Open Stack

Thanks for the summary, Colleen.

On Sun, May 5, 2019 at 8:59 AM Colleen Murphy <colleen at gazlene.net> wrote:

> Hi everyone,
>
> I will write an in-depth summary of the Forum and PTG some time in the
> coming week, but I wanted to quickly capture all the action items that came
> out of the last six days so that we don't lose too much focus:
>
> Colleen
> * move "Expand endpoint filters to Service Providers" spec[1] to attic
> * review "Policy Goals"[2] and "Policy Security Roadmap"[3] specs with
> Lance, refresh and possibly combine them
> * move "Unified model for assignments, OAuth, and trusts" spec[4] from
> ongoing to backlog, and circle up with Adam about refreshing it
> * update app creds spec[5] to defer access_rules_config
> * review app cred documentation with regard to proactive rotation
> * follow up with nova/other service teams on need for microversion support
> in access rules
> * circle up with Guang on fixing autoprovisioning for tokenless auth
> * keep up to date with IEEE/NIST efforts on standardizing federation
> * investigate undoing the foreign key constraint that breaks the pluggable
> resource driver
> * propose governance change to add caching as a base service
> * clean out deprecated cruft from keystonemiddleware
> * write up Outreachy/other internship application tasks
>
> [1]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/service-providers-filters.html
> [2]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/policy-goals.html
> [3]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/policy-security-roadmap.html
> [4]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/unified-delegation.html
> [5]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/train/capabilities-app-creds.html
>
> Lance
> * write up plan for tempest testing of system scope
> * break up unified limits testing plan into separate items, one for CRUD
> in keystone and one for quota and limit validation in oslo.limit[6]
> * write up spec for assigning roles on root domain
> * (with Morgan) check for and add interface in oslo.policy to see if
> policy has been overridden
>
> [6] https://trello.com/c/kbKvhYBz/20-test-unified-limits-in-tempest
>
> Kristi
> * finish mutable config patch
> * propose "model-timestamps" spec for Train[7]
> * move "Add Multi-Version Support to Federation Mappings" spec[8] to attic
> * review and possibly complete "Devstack Plugin for Keystone" spec[9]
> * look into "RFE: Improved OpenID Connect Support" spec[10]
> * update refreshable app creds spec[11] to make federated users expire
> rather then app creds
> * deprecate federated_domain_name
>
> [7]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/model-timestamps.html
> [8]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/versioned-mappings.html
> [9]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/devstack-plugin.html
> [10] https://bugs.launchpad.net/keystone/+bug/1815971
> [11] https://review.opendev.org/604201
>
> Vishakha
> * investigate effort needed for Alembic migrations spec[12] (with help
> from Morgan)
> * merge "RFE: Retrofit keystone-manage db_* commands to work with
> Alembic"[13] into "Use Alembic for database migrations" spec
> * remove deprecated [signing] config
> * remove deprecated [DEFAULT]/admin_endpoint config
> * remove deprecated [token]/infer_roles config
>
> [12]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/alembic.html
> [13] https://bugs.launchpad.net/keystone/+bug/1816158
>
> Morgan
> * review "Materialize Project Hierarchy" spec[14] and make sure it
> reflects the current state of the world, keep it in the backlog
> * move "Functional Testing" spec[15] to attic
> * move "Object Dependency Lifecycle" spec[16] to complete
> * move "Add Endpoint Filter Enforcement to Keystonemiddleware" spec[17] to
> attic
> * move "Request Helpers" spec[18] to attic
> * create PoC of external IdP proxy component
> * (with Lance) check for and add interface in oslo.policy to see if policy
> has been overridden
> * investigate removing [eventlet_server] config section
> * remove remaining PasteDeploy things
> * remove PKI(Z) cruft from keystonemiddleware
> * refactor keystonemiddleware to have functional components instead of
> needing keystone to instantiate keystonemiddleware objects for auth
>
> [14]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/backlog/materialize-project-hierarchy.html
> [15]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/functional-testing.html
> [16]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ongoing/object-dependency-lifecycle.html
> [17]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystonemiddleware/backlog/endpoint-enforcement-middleware.html
> [18]
> http://specs.openstack.org/openstack/keystone-specs/specs/keystonemiddleware/backlog/request-helpers.html
>
> Gage
> * investigate with operators about specific use case behind "RFE:
> Whitelisting (opt-in) users/projects/domains for PCI compliance"[19] request
> * follow up on "RFE: Token returns Project's tag properties"[20]
> * remove use of keystoneclient from keystonemiddleware
>
> [19] https://bugs.launchpad.net/keystone/+bug/1637146
> [20] https://bugs.launchpad.net/keystone/+bug/1807697
>
> Rodrigo
> * Propose finishing "RFE: Project Tree Deletion/Disabling"[21] as an
> Outreachy project
>
> [21] https://bugs.launchpad.net/keystone/+bug/1816105
>
> Adam
> * write up super-spec on explicit project IDs plus predictable IDs
>
>
> Thanks everyone for a productive week and for all your hard work!
>
> Colleen
>
>

-- 
Rodrigo
http://rodrigods.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack-discuss/attachments/20190507/96416574/attachment.html>