What’s next for OpenStack Keystone

At the Open Infrastructure Summit in Denver, project team leads (PTLs) and core team members offered updates for the OpenStack projects they manage, what’s new for this release and what to expect for the next one, plus how you can get involved and influence the roadmap.

Superuser features summaries of the videos; you can also catch them on the OpenStack Foundation YouTube channel.

What

Keystone is an OpenStack project that provides identity, token, catalog and policy services. It’s a shared service for authentication and authorization broker between OpenStack and other identity services.

Who

Current PTL Colleen Murphy, who works at SUSE as a cloud developer and Lance Bragstad, Huawei, former PTL.

What’s new

They started by sharing some metrics from the Rocky to Stein release.

“We noticed a pretty significant uptick in the number of commits — 73 percent — these are patches that were proposed, reviewed and landed during the Stein development cycle to any Keystone-related project or repository,” Bragstad says.

The team also noticed a slight uptick in the number of people who landed a patch. More commits equals more reviews, “which is why you’re seeing a 42 percent increase from Rocky,” Bragstad adds. “We did notice our core team was reduced by a third,” Bragstad says. There was also a 60 percent increase in the number of bugs opened against identity-related projects — but community members also managed to double the number of bugs squashed.

The pair outlined what the community delivered in the Stein release:

MFA Receipts
JWS tokens
Domain-level quota limits
System scope APIs
Read-only role

What’s next

There’s an impressive amount of work expected to deliver with the upcoming release, Train:

Access rules for application credentials
Renewable application credentials
Client support for MFA receipts
System scope policy changes were completed
Read-only role implementation polished
Immutable resources

The team also already has in sight features and improvements for upcoming releases, including:

Federation and edge improvements
Identity provider proxy
Hierarchical enforcement models for unified limits
Enhance tokenless authentication

Cross-project initiatives include adoption of unified limits,properly consuming scope types and default roles support.

Get involved

Use Ask OpenStack for general questions
For roadmap or development issues, subscribe to the mailing list openstack-discuss at lists.openstack.org and use the tag [keystone]
Participate in the weekly meeting, Tuesdays at 1600 UTC in #openstack-meeting-alt

Catch the whole 15-minute session below.

Photo // CC BY NC

Tags: Keystone, OpenStack, project updates

Author
Recent Posts

Superuser

Superuser Magazine is the Open Infrastructure Foundation's official online publication. It covers open infrastructure ecosystem news, case studies, event recaps, product updates and announcements, project releases, and more.