[openstack-dev] [keystone] Keystone Team Update - Week of 17 September 2018

Colleen Murphy colleen at gazlene.net
Fri Sep 21 15:36:27 UTC 2018

# Keystone Team Update - Week of 17 September 2018

## News

### PTG recaps

The PTG was last week! Lance[1] and I[2] posted recaps of the keystone sessions.

[1] https://www.lbragstad.com/blog/openstack-stein-ptg-keystone-summary
[2] http://www.gazlene.net/denver-ptg-2.html

### No-op roles and default policy rules

adriant started a discussion[3][4] about the difficulty with creating limited or no-op roles due to the fact that most OpenStack services have default policy rules of just "" which translates to "any role on any project". This means if you wanted to give a user access only to, for example, Swift, which uses its own ACL model, you have to craft all of your policy files for every other OpenStack service to not use "" since those rules would allow the Swift-only users access to those other services. The default role work that has been ongoing since last cycle and that will eventually turn into a cross-project community effort will help to alleviate this hardship for operators by making default policies use explicit roles like "reader" and "member", but this will require a long transition period.

[3] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134886.html
[4] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-09-19.log.html#t2018-09-19T21:45:30

### Consistent policy names

lbragstad started a thread to come to consensus on standard policy name conventions so that we can come up with guidance when it comes time to start migrating policies to use default roles. Vote for your favorite bikeshed color on the thread[5].

[5] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134597.html

## Open Specs

Search query: https://bit.ly/2Pi6dGj

knikolla started working on a refreshable app creds proposal which will be useful for federation and Edge use cases[6]. wxy is working on the next iteration of hierarchical limit models by adding domains to the mix[7]. lbragstad reproposed the JWT spec with additional details that we discussed at the PTG[8].

[6] https://review.openstack.org/604201
[7] https://review.openstack.org/599491
[8] https://review.openstack.org/541903

## Recently Merged Changes

Search query: https://bit.ly/2pquOwT (link updated to include oslo.limit)

We merged 15 changes this week.

## Changes that need Attention

Search query: https://bit.ly/2PUk84S (link updated to include oslo.limit)

There are 50 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.

## Bugs

This week we opened 6 new bugs and closed 3.

Bugs opened (5) 
Bug #1793027 (keystone:Critical) opened by Morgan Fainberg https://bugs.launchpad.net/keystone/+bug/1793027 
Bug #1793374 (keystone:Low) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1793374 
Bug #1793421 (keystone:Low) opened by fupingxie https://bugs.launchpad.net/keystone/+bug/1793421 
Bug #1792868 (keystone:Undecided) opened by Tao Li https://bugs.launchpad.net/keystone/+bug/1792868 
Bug #1793347 (keystone:Undecided) opened by Tobias Urdin https://bugs.launchpad.net/keystone/+bug/1793347 

Bugs fixed (3) 
Bug #1793027 (keystone:Critical) fixed by Morgan Fainberg https://bugs.launchpad.net/keystone/+bug/1793027 
Bug #1754677 (keystone:High) fixed by Raildo Mascena de Sousa Filho https://bugs.launchpad.net/keystone/+bug/1754677 
Bug #1431987 (keystone:Wishlist) fixed by no one https://bugs.launchpad.net/keystone/+bug/1431987

## Milestone Outlook


Welcome to the Stein cycle! This cycle is a longer one so we have a bit of extra time between the spec freeze and feature freeze. lbragstad just updated the schedule so if you have issues with it we can probably still make adjustments.

## Shout-outs

Vishakha Agarwal has been doing a lot of work tackling our bug backlog, thanks a lot for your hard work!

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter
Dashboard generated using gerrit-dash-creator and https://gist.github.com/lbragstad/9b0477289177743d1ebfc276d1697b67

More information about the OpenStack-dev mailing list