On Fri, Aug 10, 2018, 23:47 Colleen Murphy <coll...@gazlene.net> wrote:
> # Keystone Team Update - Week of 6 August 2018 > > ## News > > ### RC1 > > We released RC1 this week[1]. Please try it out and be on the lookout for > critical bugs. As of yet we don't seem to have any showstoppers that would > require another RC. Should we rev the keystone version for the inclusion of the new default roles? > [1] https://releases.openstack.org/rocky/index.html#rocky-keystone > > ### Edge Discussions > > The OpenNFV Edge Cloud group and the Edge Computing Group are ramping up > implementations of proofs of concept for the potential keystone > architectures for edge cloud scenarios. Some of the models under > investigation or that we've suggested[2] are keystone-to-keystone > federation, regular federation with an external identity provider, database > synchronization via database replication[3] and database synchronization > via an agent. One idea to enhance the federation-based models is to make > application credentials refreshable, which Kristi is going to write a spec > for[4]. I encourage the team to join the meeting calls[5][6], to help the > people working on implementations, and volunteer for technical work items. > It would be great to be at a point where we can discuss design details for > the next cycle at the PTG. > > [2] https://wiki.openstack.org/wiki/Keystone_edge_architectures > [3] https://review.openstack.org/566448 > [4] > http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-08-07.log.html#t2018-08-07T15:34:54 > [5] https://wiki.openstack.org/wiki/Edge_Computing_Group#Meetings > [6] https://wiki.opnfv.org/display/PROJ/Edge+cloud > > ### Flask Work > > Morgan has been diligently working on converting our APIs to Flask, please > see the many outstanding reviews[7]. Some of these conversions should be > parallelizeable so if you'd like to help him out I'm sure he would > appreciate it, just coordinate with him[8]. > > [7] https://review.openstack.org/#/q/status:open+topic:bug/1776504 > [8] > http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-08-06.log.html#t2018-08-06T20:31:19 > > ### Self-Service Keystone > > At the weekly meeting Adam suggested we make self-service keystone a focus > point of the PTG[9]. Currently, policy limitations make it difficult for an > unprivileged keystone user to get things done or to get information without > the help of an administrator. There are some other projects that have been > created to act as workflow proxies to mitigate keystone's limitations, such > as Adjutant[10] (now an official OpenStack project) and Ksproj[11] (written > by Kristi). The question is whether the primitives offered by keystone are > sufficient building blocks for these external tools to leverage, or if we > should be doing more of this logic within keystone. Certainly improving our > RBAC model is going to be a major part of improving the self-service user > experience. > > [9] > http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-08-07-16.00.log.html#l-121 > [10] https://adjutant.readthedocs.io/en/latest/ > [11] https://github.com/CCI-MOC/ksproj > > ### Standalone Keystone > > Also at the meeting and during office hours, we revived the discussion of > what it would take to have a standalone keystone be a useful identity > provider for non-OpenStack projects[12][13]. First up we'd need to turn > keystone into a fully-fledged SAML IdP, which it's not at the moment (which > is a point of confusion in our documentation), or even add support for it > to act as an OpenID Connect IdP. This would be relatively easy to do (or at > least not impossible). Then the application would have to use > keystonemiddleware or its own middleware to route requests to keystone to > issue and validate tokens (this is one aspect where we've previously > discussed whether JWT could benefit us). Then the question is what should a > not-OpenStack application do with keystone's "scoped RBAC"? It would all > depend on how the resources of the application are grouped and whether they > care about multitenancy in some form. Likely each application would have > different needs and it would be difficult to find a one-size-fits-all > approach. We're interested to know whether anyone has a burning use case > for something like this. > > [12] > http://eavesdrop.openstack.org/meetings/keystone/2018/keystone.2018-08-07-16.00.log.html#l-192 > [13] > http://eavesdrop.openstack.org/irclogs/%23openstack-keystone/%23openstack-keystone.2018-08-07.log.html#t2018-08-07T17:01:30 > > ### PTG Planning > > We're in the brainstorming phase for the PTG, please add topics to the > etherpad[14]. Lance will organize these into an agenda soonish. > > [14] https://etherpad.openstack.org/p/keystone-stein-ptg > > ## Recently Merged Changes > > Search query: https://bit.ly/2IACk3F > > We merged 16 changes this week. > > ## Changes that need Attention > > Search query: https://bit.ly/2wv7QLK > > There are 54 changes that are passing CI, not in merge conflict, have no > negative reviews and aren't proposed by bots. Special attention should be > given to patches that close bugs, and we should make sure we backport any > critical bugfixes to stable/rocky. > > ## Bugs > > This week we opened 2 new bugs and closed 3. There don't currently seem to > be any showstopper bugs for Rocky. orange_julius has been chasing a fun, > apparently longstanding bug in ldappool[15], our traditionally low-effort > adopted project. > > Bugs opened (2) > Bug #1786383 (keystone:Undecided) opened by Liyingjun > https://bugs.launchpad.net/keystone/+bug/1786383 > Bug #1785898 (ldappool:Undecided) opened by Nick Wilburn > https://bugs.launchpad.net/ldappool/+bug/1785898 > > Bugs fixed (3) > Bug #1782704 (keystone:High) fixed by Lance Bragstad > https://bugs.launchpad.net/keystone/+bug/1782704 > Bug #1780503 (keystone:Medium) fixed by Gage Hugo > https://bugs.launchpad.net/keystone/+bug/1780503 > Bug #1785164 (keystone:Undecided) fixed by wangxiyuan > https://bugs.launchpad.net/keystone/+bug/1785164 > > [15] https://bugs.launchpad.net/ldappool/+bug/1785898 > > ## Milestone Outlook > > https://releases.openstack.org/rocky/schedule.html > > This week was the RC1 deadline as well as the string freeze, so we should > not be merging any changes to strings for Rocky. We have two weeks to > release another RC if we need to. > > ## Help with this newsletter > > Help contribute to this newsletter by editing the etherpad: > https://etherpad.openstack.org/p/keystone-team-newsletter > Dashboard generated using gerrit-dash-creator and > https://gist.github.com/lbragstad/9b0477289177743d1ebfc276d1697b67 > > __________________________________________________________________________ > OpenStack Development Mailing List (not for usage questions) > Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
