# Keystone Team Update - Week of 7 May 2018 ## News ### Patrole in CI With all the work that has been happening around fixing policy, it would be good to have better policy validation in CI[1]. However, there are some concerns that using Patrole in a voting gate job will lock us in to unwanted behavior. We agreed to start setting up the framework but to keep the jobs nonvoting until 968696[2] is fully fixed. [1] http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-05-08-16.00.log.html#l-51 [2] https://bugs.launchpad.net/keystone/+bug/968696 ### Multi-Site Keystone Keystone has never been able to provide straightforward guidance on implementing multi-region/multi-site clouds. We discussed an implementation proposal to "stretch" over existing clouds[3] with a combination of Galera syncing and orchestration around keystone-manage commands. A proof of concept already exists[4] and a spec will be forthcoming. We had also discussed[5] tying this into the default roles spec[6] by perhaps assigning static, non-UUID IDs to the new default roles in order to gain uniformity across distinct sites, but migrating existing clouds would be a challenge and we would need to come up with a solution for domain-specific roles. [3] http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-05-08-16.00.log.html#l-156 [4] https://github.com/zzzeek/stretch_cluster/tree/standard_tripleo_version [5] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-05-07.log.html#t2018-05-07T17:23:29 [6] https://review.openstack.org/566377 ## Open Specs Search query: https://bit.ly/2G8Ai5q As discussed last week, the default roles spec has been reproposed to keystone-specs[7]. We also need to prioritize reviews of the unified limits specs[8][9]. The remaining specs are likely to be deferred until next cycle. [7] https://review.openstack.org/566377 [8] https://review.openstack.org/540803 [9] https://review.openstack.org/565412 ## Recently Merged Changes Search query: https://bit.ly/2IACk3F We merged 19 changes this week. Among these were patches to enhance service discovery in keystoneauth using service-types-authority. ## Changes that need Attention Search query: https://bit.ly/2wv7QLK There are 43 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots. ## Bugs Launchpad report generator: https://github.com/lbragstad/launchpad-toolkit These week we opened 5 new bugs and closed 4. ## Milestone Outlook https://releases.openstack.org/rocky/schedule.html We have about four weeks to get our current spec proposals in shape to be merged, and six weeks to start seeing implementation proposals for those specs. ## Help with this newsletter Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter Dashboard generated using gerrit-dash-creator and https://gist.github.com/lbragstad/9b0477289177743d1ebfc276d1697b67