[keystone] Keystone Team Update - Week of 12 August 2019
Colleen Murphy
colleen at gazlene.net
Fri Aug 16 23:34:09 UTC 2019
# Keystone Team Update - Week of 12 August 2019
## News
### Feature Proposal Freeze
This week is our scheduled feature proposal freeze[1], see status summary post[2].
[1] https://releases.openstack.org/train/schedule.html
[2] http://lists.openstack.org/pipermail/openstack-discuss/2019-August/008549.html
### Trusts API
While implementing system scope and default roles for the trusts API we discovered an inconsistency in the error handling for the GET trust details request: most of our APIs do RBAC enforcement first thing, and return a 403 if the resource is missing so as not to divulge whether there's a record in the database for the requested resource. The GET trust details request does the database lookup first and exposes a 404 to the user if the record is missing. We discussed in the bug report[3] whether this is desireable, intended, acceptable, or dangerous behavior, and so far have converged on not fixing the issue in the interest of not breaking the API contract. If you have feelings to the contrary, please speak up in the bug report.
[3] https://bugs.launchpad.net/bugs/1840288
## Action Items
* knikolla to finish initial implementation proposal of renewable group membership next week
* kmalloc to finish initial implementation proposal of resource options migration next week
## Office Hours
When there are topics to cover, the keystone team holds office hours on Tuesdays at 17:00 UTC.
The topic for next week's office hour will be: feature proposal review - we'll walk through code implementations (if available) and answer any questions, or discuss design details if code is not available yet
The location for next week's office hour will be: https://meet.jit.si/keystone-office-hours
Add topics you would like to see covered during office hours to the etherpad: https://etherpad.openstack.org/p/keystone-office-hours-topics
## Open Specs
Ongoing specs: https://bit.ly/2OyDLTh
## Recently Merged Changes
Search query: https://bit.ly/2pquOwT
We merged 15 changes this week, which included support for auth receipts in keystoneauth[4], the IPv6 community goal work[5], and some more changes to implement access rules in application credentials[6].
[4] https://review.opendev.org/675049
[5] https://review.opendev.org/671903
[6] https://review.opendev.org/#/q/status:merged+topic:bp/whitelist-extension-for-app-creds+-age:1week
## Changes that need Attention
Search query: https://bit.ly/2tymTje
There are 47 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.
### Priority Reviews
* Train Roadmap Stories
- System scope/default roles (https://trello.com/c/ERo50T7r , https://trello.com/c/RlYyb4DU)
+ https://review.opendev.org/#/q/status:open+topic:implement-default-roles+label:verified%253D%252B1
+ https://review.opendev.org/#/q/status:open+topic:trust-policies
+ https://review.opendev.org/#/q/topic:bug/1805409
- Federated attributes for users (https://trello.com/c/dEmSumDQ)
+ https://review.opendev.org/#/q/status:open+topic:bp/support-federated-attr
- Application credential access rules (https://trello.com/c/dJsWMI4W)
+ https://review.opendev.org/#/q/status:open+topic:bp/whitelist-extension-for-app-creds
* Closes bugs
- Honor group_members_are_ids for user_enabled_emulation https://review.opendev.org/674782
- Cleanup session on delete https://review.opendev.org/674139
- token: consistently decode binary types https://review.opendev.org/665617
* Oldest
- OpenID Connect improved support https://review.opendev.org/373983
## Bugs
This week we opened 6 new bugs and closed 3.
Bugs opened (6)
Bug #1840288 (keystone:High) opened by Colleen Murphy https://bugs.launchpad.net/keystone/+bug/1840288
Bug #1840291 (keystone:Medium) opened by Rabi Mishra https://bugs.launchpad.net/keystone/+bug/1840291
Bug #1840090 (keystone:Undecided) opened by Adrian Turjak https://bugs.launchpad.net/keystone/+bug/1840090
Bug #1840403 (keystone:Undecided) opened by Ariya Jantaravises https://bugs.launchpad.net/keystone/+bug/1840403
Bug #1839748 (keystoneauth:High) opened by Adrian Turjak https://bugs.launchpad.net/keystoneauth/+bug/1839748
Bug #1840235 (keystoneauth:Undecided) opened by Rabi Mishra https://bugs.launchpad.net/keystoneauth/+bug/1840235
Bugs closed (1)
Bug #1840288 (keystone:High) https://bugs.launchpad.net/keystone/+bug/1840288
Bugs fixed (2)
Bug #1839577 (keystone:Medium) fixed by Adrian Turjak https://bugs.launchpad.net/keystone/+bug/1839577
Bug #1839748 (keystoneauth:High) fixed by Adrian Turjak https://bugs.launchpad.net/keystoneauth/+bug/1839748
## Milestone Outlook
https://releases.openstack.org/train/schedule.html
This week is feature proposal freeze week for the keystone team, which as mentioned previously is being extended for some initiatives.
Oslo feature freeze is in two weeks: anything we need to complete for oslo.policy needs to be merged before then. Oslo.limit is still pre-1.0 so feature freeze won't apply to it.
The PTL nomination period is also in two weeks: while I intend to run again I'm also happy to answer questions about the role if anyone wants to also put their name in.
Final release for non-client libraries (keystonemiddleware, keystoneauth) is in three weeks.
Feature freeze and client library freeze is in four weeks. This is also the soft string freeze and the requirements freeze and the community goals deadline.
## Shout-outs
Keystoneauth now supports multi-factor authentication and auth receipts[7]. Thanks to Adrian for tackling this ahead of the library freeze deadline!
[7] https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html#multi-factor-with-v3-identity-plugins
## Help with this newsletter
Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter
More information about the openstack-discuss
mailing list