[keystone] Keystone Team Update - Week of 29 July 2019

Colleen Murphy colleen at gazlene.net
Sat Aug 3 01:03:57 UTC 2019 

# Keystone Team Update - Week of 29 July 2019

## News

### CI instability

The volume of policy deprecation warnings we generate in our unit tests has gotten to such a critical level that it appears to be causing serious instability in our unit test CI, possibly even affecting the CI infrastructure itself[1]. It's been suggested that we use the warnings module's filtering capabilities to suppress these warnings in the unit test output, but it seems that the sheer number of warnings that need to be suppressed makes the filtering so inefficient that the tests are even more likely to time out. We could do what the warnings actually suggest and override the deprecated policies in the tests, but it seems most of our unit tests aren't even ready to handle the new policies. Investigation is ongoing[2].

[1] http://eavesdrop.openstack.org/irclogs/%23openstack-infra/%23openstack-infra.2019-08-01.log.html#t2019-08-01T15:05:40
[2] https://review.opendev.org/673933

### External auth

In this week's meeting we discussed[3] how best to document external auth and agreed it's probably best to deprecate it entirely. We're seeking input from operators on how this may affect them[4].

[3] http://eavesdrop.openstack.org/meetings/keystone/2019/keystone.2019-07-30-16.00.log.html#l-38
[4] http://lists.openstack.org/pipermail/openstack-discuss/2019-July/008127.html

## Action Items

None outstanding

## Office Hours

When there are topics to cover, the keystone team holds office hours on Tuesdays at 17:00 UTC.

We will skip next week's office hours since we don't have a topic planned.

Add topics you would like to see covered during office hours to the etherpad: https://etherpad.openstack.org/p/keystone-office-hours-topics

## Recently Merged Changes

Search query: https://bit.ly/2pquOwT

We merged 7 changes this week.

## Changes that need Attention

Search query: https://bit.ly/2tymTje

There are 37 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.

### Priority Reviews

* Train Roadmap Stories

System scope/default roles (https://trello.com/c/ERo50T7r , https://trello.com/c/RlYyb4DU)

  - https://review.opendev.org/#/q/status:open+topic:implement-default-roles+label:verified%253D%252B1

Application credential access rules (https://trello.com/c/XyBGhKrE)

  - https://review.opendev.org/#/q/status:open+topic:bp/whitelist-extension-for-app-creds+NOT+label:workflow%253D-1
  
Caching Guide (https://trello.com/c/UCFt3mfF)

    - https://review.opendev.org/672120 (Update the caching guide)

Predictable IDs (https://trello.com/c/MVuu6DbU)

    - https://review.opendev.org/651655 (Predictable IDs for Roles)

Oslo.limit (https://trello.com/c/KGGkNijR)

    - https://review.opendev.org/667242 (Add usage example)
    - https://review.opendev.org/666444 (Flush out basic enforcer and model relationship)
    - https://review.opendev.org/666085 (Add ksa connection logic)

YAML Catalog (https://trello.com/c/Qv14G0xp)

    - https://review.opendev.org/483514 (Add yaml-loaded filesystem catalog backend)

* Needs Discussion

    - https://review.opendev.org/669959 (discourage using X.509 with external auth)
    - https://review.opendev.org/655166 (Allows to use application credentials through group membership)

* Oldest

    - https://review.opendev.org/448755 (Add federated support for creating a user)
    
* Closes bugs

  - https://review.opendev.org/674122 (Fix websso auth loop)
  - https://review.opendev.org/672350 (Fixing dn_to_id function for cases were id is not in the DN)
  - https://review.opendev.org/674139 (Cleanup session on delete)

## Bugs

This week we opened 6 new bugs and closed 6.

Bugs opened (6) 
Bug #1838592 (keystone:High) opened by Guang Yee https://bugs.launchpad.net/keystone/+bug/1838592 
Bug #1838554 (keystone:Low) opened by Mihail Milev https://bugs.launchpad.net/keystone/+bug/1838554 
Bug #1836618 (keystone:Undecided) opened by Ghanshyam Mann https://bugs.launchpad.net/keystone/+bug/1836618 
Bug #1838231 (keystone:Undecided) opened by Raviteja Polina https://bugs.launchpad.net/keystone/+bug/1838231 
Bug #1838704 (keystoneauth:Undecided) opened by Alex Schultz https://bugs.launchpad.net/keystoneauth/+bug/1838704 
Bug #1836568 (oslo.policy:Undecided) opened by Colleen Murphy https://bugs.launchpad.net/oslo.policy/+bug/1836568 

Bugs closed (4) 
Bug #1837061 (keystone:Wishlist) https://bugs.launchpad.net/keystone/+bug/1837061 
Bug #1791111 (keystone:Undecided) https://bugs.launchpad.net/keystone/+bug/1791111 
Bug #1836618 (keystone:Undecided) https://bugs.launchpad.net/keystone/+bug/1836618 
Bug #1837010 (keystone:Undecided) https://bugs.launchpad.net/keystone/+bug/1837010 

Bugs fixed (2) 
Bug #1724645 (keystone:Low) fixed by Colleen Murphy https://bugs.launchpad.net/keystone/+bug/1724645 
Bug #1837407 (keystone:Low) fixed by Chason Chan https://bugs.launchpad.net/keystone/+bug/1837407

## Milestone Outlook

https://releases.openstack.org/train/schedule.html

Feature proposal freeze happens in two weeks. Feature freeze follows four weeks after that.

## Help with this newsletter

Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter

More information about the openstack-discuss mailing list