[dev][keystone] Keystone Team Update - Week of 18 February 2019
Colleen Murphy
colleen at gazlene.net
Fri Feb 22 18:37:22 UTC 2019
# Keystone Team Update - Week of 18 February 2019
## News
### Scope 101
Melanie started a nova thread [0] that highlighted an API in nova that would benefit from leveraging different scopes in keystone and scope_types in oslo.policy. This thread ultimately kicked up a long discussion in IRC [1] about the concept of authorization scope and how it's actually useful to other OpenStack developers. While we document various token scopes in our admin guide [2], contributor guide [3], and explain how to get them in our API reference [4], we don't do a great job of breaking it down for other developers. Specifically, we don't help connect the dots for developers working on other parts of OpenStack that would benefit from the work we've done in keystone, keystonemiddleware, oslo.policy, and oslo.context to protect APIs they write. This is apparent in discussions we have with experienced OpenStack developers. What we need is a concise and digestable document that clearly explains how other developers in OpenStack can use these tools to provide more of the work they do to end users in a secure way. Lance has a WIP patch [5] up to our contributor guide that attempts to outline the questions people have about authorization scopes and how to consume them. If you have unanswered questions about authorization scopes or just want to learn more about it, please add your perspective to the review and we'll work on smoothing out the wrinkles.
[0] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/002740.html
[1] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-02-20.log.html#t2019-02-20T18:35:06
[2] https://docs.openstack.org/keystone/latest/admin/tokens-overview.html#authorization-scopes
[3] https://docs.openstack.org/keystone/latest/contributor/services.html#authorization-scopes
[4] https://developer.openstack.org/api-ref/identity/v3/index.html?expanded=password-authentication-with-scoped-authorization-detail#system-scoped-example
[5] https://review.openstack.org/#/c/638563/
### Forum, PTG and Summit Sessions
Lance posted a call for forum topics for the Denver summit[6]. As the PTG will be in the same place immediately following it, we also need to start thinking about PTG topics too.
The presentation schedule has been finalized and posted[7], so make sure to check out all the keystone breakout sessions!
[6] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003021.html
[7] https://www.openstack.org/summit/denver-2019/summit-schedule
### App Creds Update
I posted an update on our progress on the fine-grained-access-control feature for application credentials[8] and we had a brief discussion about it on IRC[9]. Please respond on that thread if you have opinions about. I am expecting we will not meet the feature freeze deadline, which means it's perfectly okay to have a naming bikeshed.
[8] http://lists.openstack.org/pipermail/openstack-discuss/2019-February/003031.html
[9] http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2019-02-21.log.html#t2019-02-21T21:13:50
### Outreachy Applications Open
You may have noticed some activity from Outreachy applicants on the mailing list. The next round is open for both project and intern applications until March 26[10]. As you can tell, interns are already searching for and applying for projects, so best to submit project ideas ASAP. If you have an idea for an Outreachy project and would like to be a mentor, feel free to ask me about it: I can give you an idea of what the process is like, what the time commitment is, and other things you should know.
[10] https://www.outreachy.org/communities/cfp/openstack/
## Recently Merged Changes
Search query: https://bit.ly/2pquOwT
We merged 37 changes this week.
## Changes that need Attention
Search query: https://bit.ly/2tymTje
There are 44 changes that are passing CI, not in merge conflict, have no negative reviews and aren't proposed by bots.
## Bugs
Just after I sent my report last week, we converted several old blueprints to RFE bug reports, so I altered my filter this week to include those:
Bugs opened (23)
Bug #1816833 (keystone:High) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816833
Bug #1817313 (keystone:High) opened by Colleen Murphy https://bugs.launchpad.net/keystone/+bug/1817313
Bug #1816927 (keystone:Low) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816927
Bug #1817047 (keystone:Low) opened by André Luis Penteado https://bugs.launchpad.net/keystone/+bug/1817047
Bug #1816054 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816054
Bug #1816059 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816059
Bug #1816066 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816066
Bug #1816076 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816076
Bug #1816097 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816097
Bug #1816099 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816099
Bug #1816105 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816105
Bug #1816107 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816107
Bug #1816109 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816109
Bug #1816112 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816112
Bug #1816115 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816115
Bug #1816120 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816120
Bug #1816158 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816158
Bug #1816160 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816160
Bug #1816163 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816163
Bug #1816164 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816164
Bug #1816165 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816165
Bug #1816166 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816166
Bug #1816167 (keystone:Wishlist) opened by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1816167
Bugs fixed (8)
Bug #1811605 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1811605
Bug #1814589 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1814589
Bug #1815539 (keystone:High) fixed by Guang Yee https://bugs.launchpad.net/keystone/+bug/1815539
Bug #1757000 (keystone:Medium) fixed by erus https://bugs.launchpad.net/keystone/+bug/1757000
Bug #1804292 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804292
Bug #1804516 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804516
Bug #1804519 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804519
Bug #1804521 (keystone:Medium) fixed by Lance Bragstad https://bugs.launchpad.net/keystone/+bug/1804521
## Milestone Outlook
https://releases.openstack.org/stein/schedule.html
The final release of non-client libraries is next week. As bnemec pointed out, this doesn't include the oslo libraries, for which the freeze is this week. Luckily it doesn't look like we have anything major in flight for oslo.policy and oslo.limit currently. Feature freeze for keystone and final release of client libraries is in two weeks.
## Help with this newsletter
Help contribute to this newsletter by editing the etherpad: https://etherpad.openstack.org/p/keystone-team-newsletter
More information about the openstack-discuss
mailing list