A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | Ocata priorities for Keystone, leave a comment to sign up for something | ||||||||||||||||||||||||
2 | New Features that are approved | Status | Bug or Spec reference | Patch / Topic / Gerrit link | Owner | Comments | |||||||||||||||||||
3 | PCI-DSS Query Password Expired Users | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-expired-password.html | https://review.openstack.org/#/q/topic:bp/pci-dss-query-password-expired-users | spilla | ||||||||||||||||||||
4 | Shadow mapping | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/shadow-mapping.html | https://review.openstack.org/#/q/topic:bp/shadow-mapping | lbragstad | groups, projects, roles should all be auto-provisioned, make mappings managed by domain admins, should mapping change invalidate the assignments, what about expiring assignments (based on token) | |||||||||||||||||||
5 | PCI-DSS Notifications | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-notification.html | https://review.openstack.org/#/q/topic:bp/pci-dss-notifications | gagehugo | ||||||||||||||||||||
6 | Allow retrieving an expired token | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/allow-expired.html | https://review.openstack.org/#/q/topic:bp/allow-expired | jamielennox | ||||||||||||||||||||
7 | PCI-DSS Password Requirements API | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/pci-dss-password-requirements-api.html | https://review.openstack.org/#/q/topic:bp/pci-dss-password-requirements-api | lbragstad | ||||||||||||||||||||
8 | Drop Support for Driver Versioning | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/drop-driver-version.html | https://review.openstack.org/#/q/topic:bp/removed-as-of-ocata | rderose | ||||||||||||||||||||
9 | Per-User Auth Plugin Requirements | Complete | http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/per-user-auth-plugin-requirements.html | https://review.openstack.org/#/q/topic:bp/per-user-auth-plugin-reqs | morgan | Old spec: http://specs.openstack.org/openstack/keystone-specs/specs/keystone/ocata/password-totp-plugin.html | |||||||||||||||||||
10 | |||||||||||||||||||||||||
11 | Bugs that should be addressed in Ocata | Status | Bug or Spec reference | Patch / Topic / Gerrit link | Owner | Comments | |||||||||||||||||||
12 | Federation: Missing domains for federated users | Complete | https://bugs.launchpad.net/keystone/+bug/1642687 | https://review.openstack.org/#/q/topic:bug/1642687 | rderose | ||||||||||||||||||||
13 | PCI: user must change password upon first use | Complete | https://bugs.launchpad.net/keystone/+bug/1645487 | https://review.openstack.org/#/c/403916/ | rderose | ||||||||||||||||||||
14 | KSA/KSC: Hash the Service Token | Complete | https://bugs.launchpad.net/python-keystoneclient/+bug/1654847 | https://review.openstack.org/#/q/topic:bug/1654847 | lamt | ||||||||||||||||||||
15 | KSC/KSA: exceptions raise when uploading large objects | Complete | https://bugs.launchpad.net/python-keystoneclient/+bug/1616105 | https://review.openstack.org/#/q/topic:bug/1616105 | samuel | will need fixes in ksa and ksc | |||||||||||||||||||
16 | KSC: implied roles bugs | Complete | https://bugs.launchpad.net/python-keystoneclient/+bug/1647934 | https://review.openstack.org/#/c/412236/ | stevemar | ||||||||||||||||||||
17 | Federation: Include `mapped` by default | Complete | https://bugs.launchpad.net/keystone/+bug/1645391 | https://review.openstack.org/#/c/403816/ | rodrigods | ||||||||||||||||||||
18 | Federation: mapping engine tester issues | Complete | https://bugs.launchpad.net/keystone/+bug/1655182 | https://review.openstack.org/#/c/418165/ | jdennis | ||||||||||||||||||||
19 | Federation: cannot delete protocol if user has auth'ed | Complete | https://bugs.launchpad.net/keystone/+bug/1642692 | https://review.openstack.org/#/c/415906/9 | rodrigods | ||||||||||||||||||||
20 | Fernet: rotate doesn't work when disk is full | Complete | https://bugs.launchpad.net/keystone/+bug/1642457 | https://review.openstack.org/#/c/413495/ | johnlinp | ||||||||||||||||||||
21 | Roles: Include domain role when listing role assignments | Complete | https://bugs.launchpad.net/keystone/+bug/1607114 | https://review.openstack.org/#/c/373516/ | spilla | ||||||||||||||||||||
22 | Roles: Assignment not showing inheritance when using --names | Complete | https://bugs.launchpad.net/keystone/+bug/1625230 | https://review.openstack.org/#/c/380973/ | kanika | ||||||||||||||||||||
23 | keystone-doctor: Add tests | Complete | https://bugs.launchpad.net/keystone/+bug/1641621 | https://review.openstack.org/#/q/topic:bug/1641621 | ravelar | ||||||||||||||||||||
24 | keystone-doctor: add developer docs | Complete | https://bugs.launchpad.net/keystone/+bug/1641623 | https://review.openstack.org/#/c/399163/ | lbragstad | ||||||||||||||||||||
25 | Notifications: switch to cadf by default | Complete | https://bugs.launchpad.net/keystone/+bug/1641660 | https://review.openstack.org/397339 | lamt | ||||||||||||||||||||
26 | Performance: Fix a slight regression when caching was fixed | Complete | https://bugs.launchpad.net/keystone/+bug/1641652 | https://review.openstack.org/#/c/380376/ | breton | ||||||||||||||||||||
27 | Performance: Enable ``cache_on_issue`` by default | Complete | https://bugs.launchpad.net/keystone/+bug/1641816 | https://review.openstack.org/#/c/383333/ | mfisch | ||||||||||||||||||||
28 | Policy: Update revoke API to be admin required | Complete | https://bugs.launchpad.net/keystone/+bug/1649446 | https://review.openstack.org/#/c/416841/ | stevemar | low hanging fruit | |||||||||||||||||||
29 | Upgrade: Make bootstrap idempotent | Complete | https://bugs.launchpad.net/keystone/+bug/1647800 | https://review.openstack.org/#/q/topic:bug/1647800 | lbragstad | ||||||||||||||||||||
30 | Upgrade: add note about triggers needed SUPER priv | Complete | https://bugs.launchpad.net/keystone/+bug/1638368 | https://review.openstack.org/#/c/394603/ | ravelar | ||||||||||||||||||||
31 | LDAP: mapping_populate unhandled exception | Complete | https://bugs.launchpad.net/keystone/+bug/1645571 | https://review.openstack.org/#/c/404197/ | breton | ||||||||||||||||||||
32 | LDAP: Nested groups for AD | Complete | https://bugs.launchpad.net/keystone/+bug/1638603 | https://review.openstack.org/389316 | ayoung | ||||||||||||||||||||
33 | LDAP: add new timeout config option | Complete | https://bugs.launchpad.net/keystone/+bug/1636950 | https://review.openstack.org/390948 | knasim | ||||||||||||||||||||
34 | PCI: When the user is locked they can’t change their password | Complete | https://bugs.launchpad.net/keystone/+bug/1641645 | https://review.openstack.org/#/c/404022/ | gagehugo | ||||||||||||||||||||
35 | PCI: malicious user can DoS a cloud | Complete | https://bugs.launchpad.net/keystone/+bug/1642348 | https://review.openstack.org/#/c/398571/ | rderose | overlaps with https://bugs.launchpad.net/keystone/+bug/1641642 | |||||||||||||||||||
36 | Include healthcheck middleware | Complete | https://bugs.launchpad.net/keystone/+bug/1641654 | https://review.openstack.org/#/c/387731/ | jlk | ||||||||||||||||||||
37 | Verbose 401/403 debug responses | Complete | https://bugs.launchpad.net/keystone/+bug/1625120 | https://review.openstack.org/#/c/372433/ | amakarov | ||||||||||||||||||||
38 | Remove deprecated config option | Complete | https://bugs.launchpad.net/keystone/+bug/1653472 | https://review.openstack.org/#/c/416267/ | lbragstad | ||||||||||||||||||||
39 | SQL: add retry on deadlock for delete user | Complete | https://bugs.launchpad.net/keystone/+bug/1648542 | https://review.openstack.org/#/c/416872/ | shanguo | low hanging fruit | |||||||||||||||||||
40 | Tests: No need to use pep8 internals | Complete | https://bugs.launchpad.net/keystone/+bug/1652458 | https://review.openstack.org/#/q/topic:bug/1652458 | stevemar | ||||||||||||||||||||
41 | Force use of AuthContext object in .authentcate() | Complete | https://bugs.launchpad.net/keystone/+bug/1656076 | https://review.openstack.org/#/c/419693/ | morgan | ||||||||||||||||||||
42 | V2: Endpoint with missing "region" causes 500 error | Complete | https://bugs.launchpad.net/keystone/+bug/1557166 | https://review.openstack.org/#/c/304489/ | breton | ||||||||||||||||||||
43 | |||||||||||||||||||||||||
44 | Docs | Status | Bug or Spec reference | Patch / Topic / Gerrit link | Owner | Comments | |||||||||||||||||||
45 | Config Reference: Add PCI options | Complete | https://bugs.launchpad.net/keystone/+bug/1641823 | https://review.openstack.org/#/c/405711/ | shanguo | dupe of https://bugs.launchpad.net/keystone/+bug/1640504 | |||||||||||||||||||
46 | Admin Guide: Cleanup LDAP | Complete | https://bugs.launchpad.net/keystone/+bug/1641821 | https://review.openstack.org/#/q/topic:bug/1641821 | ravelar | http://docs.openstack.org/admin-guide/identity-management.html | |||||||||||||||||||
47 | Admin Guide: Cleanup caching | Complete | https://bugs.launchpad.net/keystone/+bug/1641818 | https://review.openstack.org/382655 | browne | ||||||||||||||||||||
48 | Admin Guide: Add PCI | Complete | https://bugs.launchpad.net/keystone/+bug/1641822 | https://review.openstack.org/#/c/399337/ | stevemar | ||||||||||||||||||||
49 | Dev Docs: clean them all up | Complete | -- | https://review.openstack.org/#/q/topic:keystone_doc_cleanup | stevemar | http://docs.openstack.org/developer/keystone/configuration.html | |||||||||||||||||||
50 | API: Add changelog from 3.0->3.7 | Complete | https://bugs.launchpad.net/keystone/+bug/1637214 | https://review.openstack.org/#/c/399301/ | stevemar | http://developer.openstack.org/api-ref/identity/v3/index.html | |||||||||||||||||||
51 | |||||||||||||||||||||||||
52 | Horizon & Keystone work | Status | Bug or Spec reference | Patch / Topic / Gerrit link | Owner | Comments | |||||||||||||||||||
53 | K2K support | Complete | https://blueprints.launchpad.net/horizon/+spec/k2k-federation | https://review.openstack.org/#/q/topic:bp/k2k-horizon | etubillara | ||||||||||||||||||||
54 | Make users panel a search first panel, so LDAP works | Complete | -- | https://review.openstack.org/#/c/419133/3 | dcastellanos | ||||||||||||||||||||
55 | v3 policy is not parseable using oslo.policy | Complete | https://bugs.launchpad.net/oslo.policy/+bug/1547684 | https://review.openstack.org/#/q/topic:bug/1547684 | stevemar | ||||||||||||||||||||
56 | bring in kerberos code to django_openstack_auth | Complete | https://bugs.launchpad.net/django-openstack-auth/+bug/1584432 | https://review.openstack.org/#/q/topic:bug/1584432 | stevemar | Retiring the repo instead | |||||||||||||||||||
57 | Remove token revocation on logout | Complete | https://bugs.launchpad.net/django-openstack-auth/+bug/1637460 | https://review.openstack.org/#/c/391183/ | _ducttape | ||||||||||||||||||||
58 | Default domain usage consistent | Complete | -- | https://review.openstack.org/#/c/389679/ | crinkle | ||||||||||||||||||||
59 | |||||||||||||||||||||||||
60 | https://etherpad.openstack.org/p/ocata-keystone-horizon | ||||||||||||||||||||||||
61 | |||||||||||||||||||||||||
62 | Long goals | ||||||||||||||||||||||||
63 | DevStack v3 by default | Complete | https://etherpad.openstack.org/p/v3-only-devstack | <no single topic> | dims | ||||||||||||||||||||
64 | Refactor the token provider | Complete | no bug, it's a refactor | https://review.openstack.org/#/q/topic:cleanup-token-provider | lbragstad | ||||||||||||||||||||
65 | Make fernet the default token format | Complete | https://bugs.launchpad.net/keystone/+bug/1561054 | https://review.openstack.org/#/q/topic:make-fernet-default | lbragstad | ||||||||||||||||||||
66 | |||||||||||||||||||||||||
67 | |||||||||||||||||||||||||
68 | |||||||||||||||||||||||||
69 | |||||||||||||||||||||||||
70 | |||||||||||||||||||||||||
71 | |||||||||||||||||||||||||
72 | |||||||||||||||||||||||||
73 | |||||||||||||||||||||||||
74 | |||||||||||||||||||||||||
75 | |||||||||||||||||||||||||
76 | |||||||||||||||||||||||||
77 | |||||||||||||||||||||||||
78 | |||||||||||||||||||||||||
79 | |||||||||||||||||||||||||
80 | |||||||||||||||||||||||||
81 | |||||||||||||||||||||||||
82 | |||||||||||||||||||||||||
83 | |||||||||||||||||||||||||
84 | |||||||||||||||||||||||||
85 | |||||||||||||||||||||||||
86 | |||||||||||||||||||||||||
87 | |||||||||||||||||||||||||
88 | |||||||||||||||||||||||||
89 | |||||||||||||||||||||||||
90 | |||||||||||||||||||||||||
91 | |||||||||||||||||||||||||
92 | |||||||||||||||||||||||||
93 | |||||||||||||||||||||||||
94 | |||||||||||||||||||||||||
95 | |||||||||||||||||||||||||
96 | |||||||||||||||||||||||||
97 | |||||||||||||||||||||||||
98 | |||||||||||||||||||||||||
99 | |||||||||||||||||||||||||
100 |