# Keystone Team Update - Week of 17 September 2018 ## News ### PTG recaps The PTG was last week! Lance[1] and I[2] posted recaps of the keystone sessions. [1] https://www.lbragstad.com/blog/openstack-stein-ptg-keystone-summary [2] http://www.gazlene.net/denver-ptg-2.html ### No-op roles and default policy rules adriant started a discussion[3][4] about the difficulty with creating limited or no-op roles due to the fact that most OpenStack services have default policy rules of just "" which translates to "any role on any project". This means if you wanted to give a user access only to, for example, Swift, which uses its own ACL model, you have to craft all of your policy files for every other OpenStack service to not use "" since those rules would allow the Swift-only users access to those other services. The default role work that has been ongoing since last cycle and that will eventually turn into a cross-project community effort will help to alleviate this hardship for operators by making default policies use explicit roles like "reader" and "member", but this will require a long transition period. [3] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134886.html [4] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-09-19.log.html#t2018-09-19T21:45:30 ### Consistent policy names lbragstad started a thread to come to consensus on standard policy name conventions so that we can come up with guidance when it comes time to start migrating policies to use default roles. Vote for your favorite bikeshed color on the thread[5]. [5] http://lists.openstack.org/pipermail/openstack-dev/2018-September/134597.html ## Open Specs Search query: https://bit.ly/2Pi6dGj knikolla started working on a refreshable app creds proposal which will be useful for federation and Edge use cases[6]. wxy is working on the next iteration of hierarchical limit models by adding domains to the mix[7]. lbragstad reproposed the JWT spec with additional details that we discussed at the PTG[8]. [6] https://review.openstack.org/604201 [7] https://review.openstack.org/599491 [8] https://review.openstack.org/541903 ## Recently Merged Changes Search query: https://bit.ly/2pquOwT (link updated to include oslo.limit) We merged 15 changes this week. ## Changes that need Attention Search query: https://bit.ly/2PUk84S (link updated to include oslo.limit) There are 50 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots. ## Bugs This week we opened 6 new bugs and closed 3. Bugs opened (5) Bug #1793027 (keystone:Critical) opened by Morgan Fainberg https://bugs.launchpad.net/keystone/+bug/1793027 Bug #1793374 (keystone:Low) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1793374 Bug #1793421 (keystone:Low) opened by fupingxie https://bugs.launchpad.net/keystone/+bug/1793421 Bug #1792868 (keystone:Undecided) opened by Tao Li https://bugs.launchpad.net/keystone/+bug/1792868 Bug #1793347 (keystone:Undecided) opened by Tobias Urdin https://bugs.launchpad.net/keystone/+bug/1793347 Bugs fixed (3) Bug #1793027 (keystone:Critical) fixed by Morgan Fainberg https://bugs.launchpad.net/keystone/+bug/1793027 Bug #1754677 (keystone:High) fixed by Raildo Mascena de Sousa Filho https://bugs.launchpad.net/keystone/+bug/1754677 Bug #1431987 (keystone:Wishlist) fixed by no one https://bugs.launchpad.net/keystone/+bug/1431987 ## Milestone Outlook https://releases.openstack.org/stein/schedule.html Welcome to the Stein cycle! This cycle is a longer one so we have a bit of extra time between the spec freeze and feature freeze. lbragstad just updated the schedule so if you have issues with it we can probably still make adjustments. ## Shout-outs Vishakha Agarwal has been doing a lot of work tackling our bug backlog, thanks a lot for your hard work! ## Help with this newsletter Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter Dashboard generated using gerrit-dash-creator and https://gist.github.com/lbragstad/9b0477289177743d1ebfc276d1697b67