From b3fd17348114da353c43ab479b020f92fe42ebf4 Mon Sep 17 00:00:00 2001
From: Rita Zhang <rita.z.zhang@gmail.com>
Date: Thu, 22 Apr 2021 22:05:10 -0700
Subject: [PATCH 1/4] SIG Auth 2021 Annual Report

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
---
 sig-auth/annual-report-2021.md | 109 +++++++++++++++++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 sig-auth/annual-report-2021.md

diff --git a/sig-auth/annual-report-2021.md b/sig-auth/annual-report-2021.md
new file mode 100644
index 00000000000..2eeff8eae12
--- /dev/null
+++ b/sig-auth/annual-report-2021.md
@@ -0,0 +1,109 @@
+# Kubernetes SIG Auth 2021 Annual Report
+
+## Operational
+
+**How are you doing with operational tasks in sig-governance.md?**
+
+**Is your README accurate? have a CONTRIBUTING.md file?**
+
+ - Yes, our README is accurate. As of this report, we do not have a CONTRIBUTING.md file. We will be creating one shortly.
+
+**All subprojects correctly mapped and listed in sigs.yaml?**
+
+ - Yes.
+
+**What’s your meeting culture? Large/small, active/quiet, learnings? Meeting notes up to date? Are you keeping recordings up to date/trends in community members watching recordings?**
+
+ - Our bi-weekly meetings are usually pretty active with medium size attendance consists of mostly the same people. Some meetings may get more people depending on the topic.
+
+ - Subproject meetings are smaller.
+
+ - We take [meeting notes](https://docs.google.com/document/d/1woLGRoONE3EBVx-wTb4pvp4CI7tmLZ6lS26VTbosLKM/edit#) during the meeting. Unfortunately we do not do a great job of keeping good meeting notes. We are discussing various ways to improve. 
+
+ - The recordings serve as a historical record for bi-weekly SIG meeting and special topics meetings. They are uploaded to YouTube automatically. Then SIG chairs add the video to the [SIG Auth playlist](https://www.youtube.com/playlist?list=PL69nYSiGNLP0VMOZ-V7-5AchXTHAQFzJw).
+
+**How does the group get updates, reports, or feedback from subprojects? Are there any springing up or being retired? Are OWNERS files up to date in these areas?**
+
+ - We do not do much here today. We will ask subproject owners to give updates in the main SIG meeting on some cadence. 
+ 
+ - Our OWNERS files are up-to-date.
+
+**How does the group get updates, reports, or feedback from working groups? Are there any springing up or being retired? Are OWNERS files up to date in these areas?**
+
+ - We do not do much here today. We will ask working group owners to give updates in the main SIG meeting on some cadence. 
+ 
+ - Our OWNERS files are up-to-date.
+
+**When was your last monthly community-wide update? (provide link to deck and/or recording)**
+
+ - [February, 2020 Slides](https://docs.google.com/presentation/d/1HBMqr5V79S8BSrSMAxPdQiyyCL9byBBWj2D4WrR3hPY).
+
+## Membership
+
+**Are all listed SIG leaders (chairs, tech leads, and subproject owners) active?**
+
+- Yes, all SIG chairs and leads are active.
+
+- Need to review subproject owners to confirm.
+
+**How do you measure membership? By mailing list members, OWNERs, or something else?**
+
+- We do not currently measure membership. We could start with Slack, mailing list members, and meeting attendance. As of this report, there are 2,136 members of the main SIG Auth Slack channel and 447 members of the mailing list. 
+
+**How does the group measure reviewer and approver bandwidth? Do you need help in any area now? What are you doing about it?**
+
+- We do not currently measure this. Need to look at how other SIGs do this today.
+
+**Is there a healthy onboarding and growth path for contributors in your SIG? What are some activities that the group does to encourage this? What programs are you participating in to grow contributors throughout the contributor ladder?**
+
+- Currently there is no onboarding or growth path. This is something we are working on and learning from other SIGs. We will start by creating a CONTRIBUTING.md file.
+
+**What programs do you participate in for new contributors?**
+
+- We have intro sessions at KubeCon to help new contributors get started.
+
+- We now have weekly issues and PRs triage meetings. New contributors can join to help with new issues and PRs. 
+
+**Does the group have contributors from multiple companies/affiliations? Can end users/companies contribute in some way that they currently are not?**
+
+- Yes. Our chairs, leads, contributors, participants, and subproject owners are from various companies.
+
+## Current initiatives and project health
+
+- Please include links to KEPs and other supporting information that will be beneficial to multiple types of community members. 
+
+**What are initiatives that should be highlighted, lauded, shout out, that your group is proud of? Currently underway? What are some of the longer tail projects that your group is working on?**
+
+- [CSR v1](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1513-certificate-signing-request)
+- [Token Request / bound SA token admission](https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/1205-bound-service-account-tokens)
+- [client-go auth plugins](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/541-external-credential-providers)
+- [external kubelet credential providers](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2133-kubelet-credential-providers)
+- [New features in Secrets Store CSI driver](https://secrets-store-csi-driver.sigs.k8s.io/introduction.html#features)
+- [PSP v2](https://github.com/kubernetes/enhancements/issues/2579)
+
+**Year to date KEP work review: What’s now stable? Beta? Alpha? Road to alpha?**
+
+- Stable
+    - Certificates API
+    - TokenRequest
+    - TokenRequestProjection
+    - ServiceAccountIssuerDiscovery
+- Beta
+    - CSIServiceAccountToken
+    - RootCAConfigMap
+    - BoundServiceAccountToken
+- Alpha
+    - Hierarchical Namespace Controller
+
+**What areas and/or subprojects does the group need the most help with?**
+
+- PSP v2
+- Audit Logging
+- Audit ID
+- Testing
+- KMS
+    - [KMS-Plugin: Areas for improvement](https://docs.google.com/document/d/1-WHXX_Dh_MNcJb2QJxF0gOAvLjh0fAnc3QrylWdMZJA/edit)
+
+**What's the average open days of a PR and Issue in your group? / what metrics does your group care about and/or measure?**
+
+- We do not currently have this data and will need to get metrics.

From 8e2efbd536f59d598aba3e501db3fe45ca13c2ee Mon Sep 17 00:00:00 2001
From: Rita Zhang <rita.z.zhang@gmail.com>
Date: Wed, 28 Apr 2021 17:41:46 -0700
Subject: [PATCH 2/4] address review comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
---
 sig-auth/annual-report-2021.md | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

diff --git a/sig-auth/annual-report-2021.md b/sig-auth/annual-report-2021.md
index 2eeff8eae12..a3ed5f4fbac 100644
--- a/sig-auth/annual-report-2021.md
+++ b/sig-auth/annual-report-2021.md
@@ -79,31 +79,36 @@
 - [client-go auth plugins](https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/541-external-credential-providers)
 - [external kubelet credential providers](https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2133-kubelet-credential-providers)
 - [New features in Secrets Store CSI driver](https://secrets-store-csi-driver.sigs.k8s.io/introduction.html#features)
-- [PSP v2](https://github.com/kubernetes/enhancements/issues/2579)
+- [Pod Security Policy Replacement](https://github.com/kubernetes/enhancements/issues/2579)
 
 **Year to date KEP work review: What’s now stable? Beta? Alpha? Road to alpha?**
 
 - Stable
-    - Certificates API
-    - TokenRequest
-    - TokenRequestProjection
-    - ServiceAccountIssuerDiscovery
+    - BoundServiceAccountToken (v1.22)
+    - Certificates API (v1.19)
+    - TokenRequest (v1.20)
+    - TokenRequestProjection (v1.20)
+    - RootCAConfigMap (v1.21)
+    - ServiceAccountIssuerDiscovery (v1.21)
 - Beta
     - CSIServiceAccountToken
-    - RootCAConfigMap
-    - BoundServiceAccountToken
 - Alpha
     - Hierarchical Namespace Controller
+- Road to alpha
+    - Pod Security Policy Replacement
 
 **What areas and/or subprojects does the group need the most help with?**
 
-- PSP v2
 - Audit Logging
 - Audit ID
+    https://github.com/kubernetes/kubernetes/issues/101597
+    https://github.com/kubernetes/kubernetes/issues/84571
 - Testing
 - KMS
     - [KMS-Plugin: Areas for improvement](https://docs.google.com/document/d/1-WHXX_Dh_MNcJb2QJxF0gOAvLjh0fAnc3QrylWdMZJA/edit)
 
 **What's the average open days of a PR and Issue in your group? / what metrics does your group care about and/or measure?**
 
-- We do not currently have this data and will need to get metrics.
+- Based on devstats [Issue Velocity / Issues age by SIG and repository groups](https://k8s.devstats.cncf.io/d/15/issues-age-by-sig-and-repository-groups?orgId=1&var-period=d7&var-repogroup_name=Kubernetes&var-sig_name=auth&var-kind_name=All&var-prio_name=All) at the time of writing this report, median time to close sig auth issues in Kubernetes/Kubernetes created in the last 7 days is roughly 24 hours.  
+- Based on devstats [Issue Velocity / Inactive Issues by SIG for 90 days or more](https://k8s.devstats.cncf.io/d/73/inactive-issues-by-sig?orgId=1&var-sigs=%22auth%22) at the time of writing this report, average is 7.  
+- Based on devstats [PR Velocity / Awaiting PRs by SIG for 90 days or more](https://k8s.devstats.cncf.io/d/70/awaiting-prs-by-sig?orgId=1&var-sigs=%22auth%22) at the time of writing this report, average is 47.  

From 2dc042fba60726eb72314d619692e72521d05967 Mon Sep 17 00:00:00 2001
From: Rita Zhang <rita.z.zhang@gmail.com>
Date: Tue, 4 May 2021 15:48:25 -0700
Subject: [PATCH 3/4] address review comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
---
 sig-auth/annual-report-2021.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

diff --git a/sig-auth/annual-report-2021.md b/sig-auth/annual-report-2021.md
index a3ed5f4fbac..f295134105a 100644
--- a/sig-auth/annual-report-2021.md
+++ b/sig-auth/annual-report-2021.md
@@ -6,7 +6,7 @@
 
 **Is your README accurate? have a CONTRIBUTING.md file?**
 
- - Yes, our README is accurate. As of this report, we do not have a CONTRIBUTING.md file. We will be creating one shortly.
+ - Yes, our README is accurate. As of this report, we do not have a CONTRIBUTING.md file. We will be [creating one](https://github.com/kubernetes/community/issues/5760) shortly.
 
 **All subprojects correctly mapped and listed in sigs.yaml?**
 
@@ -90,8 +90,9 @@
     - TokenRequestProjection (v1.20)
     - RootCAConfigMap (v1.21)
     - ServiceAccountIssuerDiscovery (v1.21)
+    - client-go auth plugins (v1.22)
 - Beta
-    - CSIServiceAccountToken
+    - CSIServiceAccountToken (v1.21)
 - Alpha
     - Hierarchical Namespace Controller
 - Road to alpha
@@ -100,10 +101,12 @@
 **What areas and/or subprojects does the group need the most help with?**
 
 - Audit Logging
-- Audit ID
-    https://github.com/kubernetes/kubernetes/issues/101597
-    https://github.com/kubernetes/kubernetes/issues/84571
+    - https://github.com/kubernetes/kubernetes/issues/101597
+    - https://github.com/kubernetes/kubernetes/issues/84571
+    - https://github.com/kubernetes/kubernetes/issues/82295
+    - https://github.com/kubernetes/kubernetes/issues?q=is%3Aopen+is%3Aissue+label%3Aarea%2Faudit+
 - Testing
+    - https://github.com/kubernetes/enhancements/issues/541#issuecomment-799372909
 - KMS
     - [KMS-Plugin: Areas for improvement](https://docs.google.com/document/d/1-WHXX_Dh_MNcJb2QJxF0gOAvLjh0fAnc3QrylWdMZJA/edit)
 

From 770af02bdbbaf189a7cddc55f25952c9f6a1cf4e Mon Sep 17 00:00:00 2001
From: Rita Zhang <rita.z.zhang@gmail.com>
Date: Tue, 4 May 2021 17:19:12 -0700
Subject: [PATCH 4/4] address review comments

Signed-off-by: Rita Zhang <rita.z.zhang@gmail.com>
---
 sig-auth/annual-report-2021.md | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sig-auth/annual-report-2021.md b/sig-auth/annual-report-2021.md
index f295134105a..71c0e404af4 100644
--- a/sig-auth/annual-report-2021.md
+++ b/sig-auth/annual-report-2021.md
@@ -112,6 +112,5 @@
 
 **What's the average open days of a PR and Issue in your group? / what metrics does your group care about and/or measure?**
 
-- Based on devstats [Issue Velocity / Issues age by SIG and repository groups](https://k8s.devstats.cncf.io/d/15/issues-age-by-sig-and-repository-groups?orgId=1&var-period=d7&var-repogroup_name=Kubernetes&var-sig_name=auth&var-kind_name=All&var-prio_name=All) at the time of writing this report, median time to close sig auth issues in Kubernetes/Kubernetes created in the last 7 days is roughly 24 hours.  
 - Based on devstats [Issue Velocity / Inactive Issues by SIG for 90 days or more](https://k8s.devstats.cncf.io/d/73/inactive-issues-by-sig?orgId=1&var-sigs=%22auth%22) at the time of writing this report, average is 7.  
 - Based on devstats [PR Velocity / Awaiting PRs by SIG for 90 days or more](https://k8s.devstats.cncf.io/d/70/awaiting-prs-by-sig?orgId=1&var-sigs=%22auth%22) at the time of writing this report, average is 47.