[release-announce] [keystone] keystone 13.0.0 (queens)
no-reply at openstack.org
no-reply at openstack.org
Wed Feb 28 11:35:28 UTC 2018
We are amped to announce the release of:
keystone 13.0.0: OpenStack Identity
This release is part of the queens release series.
Download the package from:
https://tarballs.openstack.org/keystone/
For more details, please see below.
13.0.0
^^^^^^
Bug Fixes
* [bug 1748970 (https://bugs.launchpad.net/keystone/+bug/1748970)] A
bug was introduced in Queens that resulted in system role
assignments being returned when querying the role assignments API
for a specific role. The issue is fixed and the list of roles
returned from "GET /v3/role_assignments?role.id={role_id}" respects
system role assignments.
* [bug 1749264 (https://bugs.launchpad.net/keystone/+bug/1749264)] A
user's system role assignment will be removed when the user is
deleted.
* [bug 1749267 (https://bugs.launchpad.net/keystone/+bug/1749267)] A
group's system role assignments are removed when the group is
deleted.
* [bug 1750415 (https://bugs.launchpad.net/keystone/+bug/1750415)]
Fixes an implementation fault in application credentials where the
application credential reference was not populated in the token
data, causing problems with the token validation when caching was
disabled.
Changes in keystone 12.0.0.0rc1..13.0.0
---------------------------------------
8476768 Update 3.10 versioning to limits and system scope
afca5cc Populate application credential data in token
ae0edae Imported Translations from Zanata
7aec54a Add docs for application credentials
8646f40 Delete system role assignments when deleting groups
ddd7ff3 Grant admin a role on the system during bootstrap
a1ea04d Fix querying role_assignment with system roles
8242fc7 Imported Translations from Zanata
89152d7 Expose bug in system assignment when deleting groups
445837f Delete system role assignments when deleting users
298f445 Expose bug in system assignment when deleting users
752d299 Expose bug in /role_assignments API with system-scope
1365916 Imported Translations from Zanata
e46148e Update UPPER_CONSTRAINTS_FILE for stable/queens
a196509 Update .gitreview for stable/queens
620d80e Add placeholder migrations for Queens
62ee18b Delete SQL users before deleting domain
b2308f8 Reorganize api-ref: v3-ext federation mapping.inc
5a174a5 Reorganize api-ref: v3-ext federation service-provider
572fac9 Reorganize api-ref: v3-ext oauth.inc
6e5c7e8 Replace port 35357 with 5000 for ubuntu guide
06ab0c9 Reorganize api-ref: v3 os-pki
a45e99f Reorganize api-ref: v3-ext federation identity-provider
1121ccf Reorganize api-ref: v3-ext trust.inc
f6b6691 Remove v2.0 from documentation guides
1dec4d5 Remove v2.0 extension documentation
4b172f0 Update curl request documentation to remove v2.0
3a6b1bb Remove v2 and v2-admin API documentation
d5e9c0b Remove all v2.0 APIs except the ec2tokens API
ae7c7a0 Update sample configuration file for Queens
6075dcd Imported Translations from Zanata
8761066 Finish refactoring self.*_api out of tests
c6cfaad Add cache invalidation when delete application credential
0af4391 Expose a bug that application credential cache is not invalidated
63fde3e Fix cache invalidation for application credential
10e8e69 Expose a bug that cache invalidation doesn't work for application credential
e740d72 Update the base class for application credential
e7a4d43 Fix list users by name
bbe2d7e Refactor self.*_api out of tests
aff66d6 Use keystone.common.provider_api for auth APIs
fe19875 Fix the wrong description
6b49de6 Remove the redundant word
f463bdc Validate identity providers during token validation
1c6d049 Update historical context about the removal of v2.0
51d22a8 Document flat limit enforcement model
92db247 add 'tags' in request body of projects
45e8b6e Increase MySQL max_connections for unit tests
d1e751b Add scope_types for user policies
21af4fe Use native Zuul v3 tox job
f5322a8 Update documentation to reflect system-scope
9da1929 Add a release note for application credentials
d827e6e Impose limits on application credentials
5e97f2d Enable application_credential auth by default
0462ff8 Add api-ref for application credentials
29280b1 Add application credential auth plugin
166eced Add Application Credentials controller
2832f1a Zuul: Remove project name
c22b9e9 Refresh the admin_token doc
544f079 Remove pki_setup step in doc
005f462 Add documentation describing unified limits
ace2e10 Handle TZ change in iso8601 >=0.1.12
60d0283 Remove PKI/PKIZ token in doc
a616462 Add api-ref for unified limits
4606183 Expose unified limit APIs
9ba24b9 Implement policies for limits
0b241dc Add limit provider
0cde8da Improve limit sql backend
fc46c02 Replace Chinese punctuation with English punctuation
d5e5467 Add release note for system-scope
a50fafd Implement GET /v3/auth/system
7070215 Updated from global requirements
5d6f4bb Implement system-scoped tokens
6d2bf2e Document scope_types for project policies
42fc6bf Add scope_types to trust policies
7dbf84c Add scope_types to grant policies
de7e79f Add scope_types to role assignment policies
59b1aac Fix column rename migration for mariadb 10.2
2176eb4 Remove foreign key for registered limit
19a2ccb Introduce assertions for system-scoped token testing
0a9867f Implement system-scope in the token provider API
265076a Teach TokenFormatter how to handle system scope
a7d2b62 Remove the deprecated "giturl" option
705ff13 Relay system information in RoleAssignmentNotFound
5fe9e37 Rename application credential restriction column
fcf616e Update token doc
62c912b Update keystone v2/tokenauth example
f063cb0 Reorganize api-ref: v3-ext revoke.inc
7d4c366 Reorganize api-ref: v3-ext ep-filter.inc
7430f11 Reorganize api-ref: v3-ext simple-cert.inc
51d725c Reorganize api-ref: v3-ext federation projects-domains.inc
757a8b0 Document scope_types for credential policies
93b8b59 Document scope_types for ec2 policies
de1007a Move token_formatter to token
aba66ad Document fixes needed for token scope_types
693928d Add scope_types to service provider policies
80556da Add scope_types to group policies
a2b9301 Add scope_types to domain config policies
d94d9c5 Add system column to app cred table
103aef5 Fix outdated links
0bc28e8 Add ability to list all system role assignments
eefc69e Add system role assignment documentation
716abfc Add Application Credentials manager
37877a1 Handle TODO notes for using new_user_ref
ad6a2bc Updated from global requirements
52a32aa Add application credentials driver
086dddd Make entries in policy_mapping.rst consistent
476d73a Add application credentials db migration
e176e0f Fix indentation in docs
76bcc16 remove _append_null_domain_id decorator
076ae3e Fix wrong url in domains-config-v3.inc
aa482b3 msgpack-python has been renamed to msgpack
5a74f85 adjust response code order in 'regions-v3.inc'
99724db Fix wrong url in config-options.rst
b9adc77 adjust response code order in 'authenticate-v3.inc'
57b8918 Reorganize api-ref: v3-ext endpoint-policy.inc
08b570b Imported Translations from Zanata
30e1cae Extract expiration validation to utils
086dd27 Implement controller logic for system group assignments
96f46b3 adjust response code order in ''policies.inc''
d23856a adjust response code order in ''domains-config-v3.inc''
c8d1c2e put response code in table of ''domains.inc''
17e242e adjust response code in order of credentials.inc
07bc97f fix wrong url link of User trusts
3992a97 Reorganize api-ref: v3-ext federation assertion.inc
410a8f6 Implement controller logic for system user assignments
1f0473a Add schema check for authorize request token
3bcaec3 Remove whitespace from policy sample file
9875135 Use keystone.common.provider_api for trust APIs
7229381 Add db operation for unified limit
6d0ca2f Add new tables for unified limits
d69fdd9 Fix federation unit test
e7b1163 add response example and 'extra' info of create user
c3e3b6b Add scope_types to domain policies
d7ccb81 Add scope_types for policy policies
f89154c Add scope_types to oauth policies
bcc3a4e Add scope_types to token revocation policies
d38343a Add scope_types to endpoint group policies
5ed86b2 Migrate jobs to zuulV3
7867efb Add scope_types to role policies
cfb0d59 Add scope_types to implied role policies
07b07d5 Add expired_at_int column to trusts
93fa014 Add scope_types for revoke event policies
6104b62 Add scope_types to protocol policies
b342cbd Add scope_types to project endpoint policies
0615067 Add scope_types to policy association policies
5fa9a9f Add scope_types to mapping policies
a21d3dc Add scope_types to identity provider policies
cef8293 Add scope_types to service policies
113f37d Handle InvalidScope exception from oslo.policy
c063264 Use keystone.common.provider_api directly in assignment
a1af30e Add scope_types to region policies
8623611 Add scope_types to endpoint policies
85c957c Expose a get_enforcer method for oslo.policy scripts
1825e65 Reorganize api-ref: v3 project-tags
338e855 Reorganize api-ref: v3 authenticate-v3
c973c8f Deprecate [trust]/enabled option
bf548cb Use keystone.common.provider_api for resource APIs
3c7a0f3 Re-organize api-ref: v3 inherit.inc
e6fb231 Implement get_unique_role_by_name
b05d997 Reorganize api-ref: v3-ext federation projects-domains
f80b8dd Reorganize api-ref: v3 regions-v3
6d2b2c5 Reorganize api-ref: v3 policies
05c96d0 Remove duplicated release note
eb35d45 Reorganize api-ref: v3 credentials
1e16ee1 Reorganize api-ref: v3 domains-config-v3
ba6c5af Reorganize api-ref: v3 service-catalog
0540954 Reorganize api-ref: v3 projects
31accd1 Reorganize api-ref: v3 roles
26b8fb0 Use keystone.common.provider_api for identity APIs
2f9b444 Use keystone.common.provider_api for revoke APIs
822aff1 Use keystone.common.provider_api for policy APIs
e679ec1 Use keystone.common.provider_api for oauth APIs
3ae0cb8 Use keystone.common.provider_api for federation APIs
88d840e Use keystone.common.provider_api for endpoint_policy APIs
224dfff Use keystone.common.provider_api for credential APIs
2e778f8 Use keystone.common.provider_api for catalog APIs
114edb4 Use keystone.common.provider_api for token APIs
050ee62 modify LOG.error tip message
06fe070 Performance: improve get_role
cd9064d Add group system grant policies
7e10251 Replace parse_strtime with datetime.strptime
9ca1c23 Remove private methods for v2.0 and v3 tokens
c4874dd Ensure building scope is mutually exclusive
616542a Add user system grant policies
420f50e Implement manager logic for group+system roles
05e3ddb Implement manager logic for user+system roles
f86db08 Implement backend logic for system roles
bd72962 Add a new table for system role assignments
db12357 Refactor project tags encoding
af15155 Expose a bug when authorize request token
ba61e84 Bump API version and date to 3.9
07bba32 Create doc/requirements.txt
9a0443b remove some misleading info in Update user API doc.
4e70a5d Updated from global requirements
4fc045f remove "admin_token_auth" related content"
4783d1f Remove rolling_upgrade_password_hash_compat
23d14f5 Deprecate member_role_id and member_role_name
3b209ed Migrate functional tests to stestr
81f9fe6 Remove Dependency Injection
03ba867 Rename fernet_utils to token_utils
3cc3986 Remove extra parameter for token auth
0982791 Refresh sample_data.sh
2be384b Improve exception logging with 500 response
e9332a2 Remove dead code for auth_context
cfbc2aa Updated from global requirements
82a53de Reorganize api-ref:v3 groups
b84927a Handle deprecation of inspect.getargspec
f71a78d Enforce policy on oslo-context
4af3a43 Correct error message for request token
8f99c8a Refresh the Controller list
ccbad41 Updated from global requirements
227d38e Update keystone testing documentation
f97df5c Fix role schema in trust object
8eb29c3 Validate disabled domains and projects online
756d281 Add New in Pike note to using db_sync check
f8e79ab Fix 500 error when create trust with invalid role key
62f9e57 Expose a bug when create trust with roles
55ef19d Remove member role assignment
29af9bf Fix wrong links in keystone documentation
4c824c8 Add schema check for OS-TRUST:trust authentication
cf43e3a Expose a bug when authenticating for a trust-scoped token
49d75d6 Update the help message for unique_last_password_count
10f4686 Remove apache-httpd related link
43bac9a Populate user, project and domain names from token into context
c0968ed Remove setting of version/release from releasenotes
dd0f787 Updated from global requirements
f3c5c9c Update cache doc
d2da034 Updated from global requirements
503882c Fix 500 error when authenticate with "mapped"
82a7617 Updated from global requirements
789573a Filter users/groups in ldap with whitespaces
621ea65 Deprecate policies API
aaccc5b Change url in middleware test to v3
e2295ed Remove ensure_default_domain_exists
59a3ea3 Ensure listing projects always returns tags
0d3e20a Consolidate V2Controller functionality
64fdb17 Remove v2 token value model
f03927f Add non-voting rolling upgrade test
dd473ce Remove "no auth token" debug log
cbdc84a Partially clarify federation auth plugins
f776fc1 Handle ldap size limit exeeded exception
ef4f836 policy.v3cloudsample.json: remove redundant blank space
1956f6a Remove expired password v2 test
e619551 Remove v2 token test models
ef4e7d1 Remove/update v2 catalog endpoint tests
350f09d Remove unnecessary dependency injection
aeeac73 Remove identity v2 to v3 test case
0ff3534 Reorganize api-ref: v3 domains
8e84a4c Correct parameter to follow convention
665cca0 Remove v2 schema and validation tests
de78845 Implement project tags API controller and router
ee90002 Implement project tags logic into manager
6d320f7 Implement backend logic for project tags
3758143 Remove v2.0 assignment schema
0579dec Add project tags api-ref documentation and reno
8f2273a Deleting an identity provider doesn't invalidate tokens
bd452fb Add policy for project tags
5329071 Add JSON schema validation for project tags
11d1894 Fix initial mapping example
e1d680e Fix list in caching documentation
47dbd25 Updated from global requirements
de9546b Refactor test_backend_ldap tests
67967c8 Emit deprecation warning for federated domain/project APIs
d0adf7d Reorganize api-ref: v3-ext federation auth
ad1b677 Update the release name in install tutorial
06cefd9 Reorganize api-ref: v3 users
682dc05 Add explain of mapping group attribute
0286c3a Remove v2.0 identity API documentation
99ad40e Add database migration for project tags
e58d630 Remove the v2_deprecated decorator
09b828d Remove the v3 to v2 resource test case
5194a36 Remove admin_token_auth steps from install guide
087b07b Remove the v2.0 validate path from validate_token
9bf97e1 Remove v2.0 test plumbing
8e85cb1 Remove v2.0 auth APIs
139aa01 Remove v2.0 token APIs
f5bd968 Move auth header definitions into authorization
75f24c6 Remove v2.0 identity APIs
c5f5c2c Use stestr directly instead of ostestr
a98fca3 Remove middleware reference to PARAMS_ENV and CONTEXT_ENV
71e5431 Migrate to stestr
fdb6adf Updated from global requirements
0502d74 Add default configuration files to data_files
d03f35e Add unit tests to mapping_purge
bf2c54f Replace assertRegexpMatches with assertregex
36d4e62 Update API reference link in README
3ef8214 Refactor removal of duplicate projects/domains
cdfcac6 Update links in keystone
cc63cb9 Fix role assignment api-ref docs
6883e76 Update invalid url in admin docs
4e912c2 Remove keystone-all doc
b5f8142 Fix typos in bootstrap doc
0f3909b Properly normalize protocol in Fedrations update_protocol
35468f2 Two different API achieve listing role assignments
8829e5e Add backport migrations for Pike
76bd54d Adds Bandit #nosec flag to instances of SHA1
bdf47dd Policy exception
a3c2eb1 Remove duplicate code
a41d761 Fix a typo
8dff328 Increase multi region endpoints test coverage
40653ea Replace DbMigrationError with DBMigrationError
7fda51d Confusing notes of ephemeral user's domain
b5c3dec Confusing log messages in project hierarchy checking
ebed5dd Remove vestigate HUDSON_PUBLISH_DOCS reference
3dc5933 Add test GET for member url in the Assignment API
f2d2bcb Remove v2.0 resource APIs
9eef179 Remove v2.0 assignment APIs
70ad022 Remove v2.0 service and endpoint APIs
428828d Fix endpoint examples in api-ref
0451533 Copy specific distro pages for install guide
785d8fe Imported Translations from Zanata
296429f Log format error
a1f19c7 Updated from global requirements
2373cfb Ignore release notes for pike and master
428cec4 Clarify documentation for release notes
6a20aa8 Revert "Fix wrong links"
94e3e98 Remove missing release note from previous revert
d1562fb Include a link in release note for bug 1698900
faec97f Delete redundant code
c025cb3 Call methods with kwargs instead of positionals
058a23c Remove duplicate roles from federated auth
df03cb2 Add the step to create a domain
38974af Add int storage of datetime for password created/expires
3d46c8a Resource backend is SQL only now
00c4448 Assert default project id is not domain
77500b3 Fix wrong links
5fbe540 Imported Translations from Zanata
ad094a6 Remove deprecation of domain_config_upload
f57a318 Update reno for stable/pike
455a21e Update docs: fernet is the default provider
8278555 Updated URLs in docs
0505765 Add description of domain_id in creating user/group
1cf1cd4 Fix typo in index documentation
3fbdada Use log debug instead of warning
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 2 +-
.gitreview | 1 +
.stestr.conf | 4 +
.testr.conf | 16 -
.zuul.yaml | 139 +
HACKING.rst | 11 +-
README.rst | 6 +-
api-ref/source/conf.py | 5 -
api-ref/source/index.rst | 2 -
api-ref/source/v2-admin/admin-certificates.inc | 41 -
api-ref/source/v2-admin/admin-endpoints.inc | 78 -
api-ref/source/v2-admin/admin-tenants.inc | 267 --
api-ref/source/v2-admin/admin-tokens.inc | 173 --
api-ref/source/v2-admin/admin-users.inc | 231 --
api-ref/source/v2-admin/admin-versions.inc | 29 -
api-ref/source/v2-admin/index.rst | 14 -
api-ref/source/v2-admin/parameters.yaml | 360 ---
.../samples/admin/endpoint-create-request.json | 9 -
.../samples/admin/endpoint-create-response.json | 9 -
.../samples/admin/endpoint-list-response.json | 18 -
.../samples/admin/roles-list-response.json | 10 -
.../admin/show-ca-certificate-v2-response.txt | 19 -
.../admin/show-signing-certificate-v2-response.txt | 19 -
.../samples/admin/tenant-show-response.json | 8 -
.../samples/admin/tenant-update-request.json | 8 -
.../admin/tenantwithoutid-create-request.json | 7 -
.../admin/token-endpoints-list-response.json | 122 -
.../samples/admin/token-validate-response.json | 28 -
.../samples/admin/user-create-request.json | 9 -
.../v2-admin/samples/admin/user-show-response.json | 9 -
.../samples/admin/user-update-request.json | 6 -
.../samples/admin/user-update-response.json | 10 -
.../samples/admin/users-list-response.json | 19 -
api-ref/source/v2-ext/index.rst | 2 -
api-ref/source/v2-ext/ksadm-admin.inc | 449 ---
api-ref/source/v2-ext/kscrud.inc | 26 -
api-ref/source/v2-ext/ksec2-admin.inc | 188 +-
api-ref/source/v2-ext/parameters.yaml | 64 +-
.../OS-KSADM/credentials-show-response.json | 11 -
.../samples/OS-KSADM/role-create-request.json | 7 -
.../samples/OS-KSADM/role-show-response.json | 7 -
.../samples/OS-KSADM/roles-list-response.json | 10 -
.../samples/OS-KSADM/service-create-request.json | 8 -
.../samples/OS-KSADM/service-show-response.json | 8 -
.../samples/OS-KSADM/services-list-response.json | 17 -
.../samples/OS-KSADM/user-set-enabled-request.json | 5 -
.../OS-KSADM/user-set-password-request.json | 5 -
.../samples/OS-KSADM/user-show-response.json | 10 -
.../OS-KSADM/user-update-tenant-request.json | 5 -
.../samples/OS-KSEC2/authenticate-request.json | 16 +
.../samples/OS-KSEC2/authenticate-response.json | 31 +
.../OS-KSEC2/credentials-show-response.json | 11 +
api-ref/source/v2/identity-api-extensions.inc | 70 -
api-ref/source/v2/identity-auth.inc | 122 -
api-ref/source/v2/index.rst | 13 -
api-ref/source/v2/overview.inc | 272 --
api-ref/source/v2/parameters.yaml | 257 --
api-ref/source/v2/revocations.inc | 32 -
.../samples/admin/UserUpdatePasswordRequest.json | 6 -
.../admin/authenticate-credentials-request.json | 9 -
.../v2/samples/admin/authenticate-response.json | 184 --
.../samples/admin/authenticate-token-request.json | 8 -
.../v2/samples/admin/extension-show-response.json | 16 -
.../v2/samples/admin/extensions-list-response.json | 118 -
.../v2/samples/admin/revoked-tokens-response.json | 3 -
.../v2/samples/admin/tenants-list-request-JSON.txt | 5 -
.../v2/samples/admin/tenants-list-response.json | 17 -
.../v2/samples/admin/user-create-response.json | 10 -
.../v2/samples/admin/user-update-response.json | 9 -
.../v2/samples/admin/users-list-response.json | 88 -
.../v2/samples/admin/version-show-response.json | 24 -
.../v2/samples/admin/versions-list-response.json | 45 -
.../client/authenticate-credentials-request.json | 9 -
.../v2/samples/client/authenticate-response.json | 184 --
api-ref/source/v2/versions.inc | 39 -
api-ref/source/v3-ext/endpoint-policy.inc | 209 +-
api-ref/source/v3-ext/ep-filter.inc | 381 ++-
api-ref/source/v3-ext/federation.inc | 6 +-
.../v3-ext/federation/assertion/assertion.inc | 49 +-
api-ref/source/v3-ext/federation/auth/auth.inc | 59 +-
.../source/v3-ext/federation/auth/parameters.yaml | 4 +-
.../v3-ext/federation/identity-provider/idp.inc | 239 +-
.../source/v3-ext/federation/mapping/mapping.inc | 103 +-
.../federation/projects-domains/parameters.yaml | 4 +-
.../projects-domains/projects-domains.inc | 42 +-
.../v3-ext/federation/service-provider/sp.inc | 110 +-
api-ref/source/v3-ext/oauth.inc | 443 ++-
api-ref/source/v3-ext/parameters.yaml | 27 +-
api-ref/source/v3-ext/revoke.inc | 31 +-
api-ref/source/v3-ext/simple-cert.inc | 40 +-
api-ref/source/v3-ext/trust.inc | 285 +-
api-ref/source/v3/application-credentials.inc | 304 ++
api-ref/source/v3/authenticate-v3.inc | 558 +++-
api-ref/source/v3/credentials.inc | 191 +-
api-ref/source/v3/domains-config-v3.inc | 469 ++-
api-ref/source/v3/domains.inc | 188 +-
api-ref/source/v3/groups.inc | 336 ++-
api-ref/source/v3/index.rst | 29 +-
api-ref/source/v3/inherit.inc | 315 +-
api-ref/source/v3/os-pki.inc | 38 +-
api-ref/source/v3/parameters.yaml | 361 ++-
api-ref/source/v3/policies.inc | 191 +-
api-ref/source/v3/project-tags.inc | 375 +++
api-ref/source/v3/projects.inc | 230 +-
api-ref/source/v3/regions-v3.inc | 186 +-
api-ref/source/v3/roles.inc | 1025 ++++---
.../application-credential-create-request.json | 12 +
.../application-credential-create-response.json | 21 +
.../admin/application-credential-get-response.json | 20 +
.../application-credential-list-response.json | 45 +
.../auth-application-credential-id-request.json | 13 +
.../auth-application-credential-name-request.json | 16 +
.../auth-application-credential-response.json | 60 +
.../auth-password-explicit-unscoped-response.json | 1 -
.../auth-password-project-scoped-response.json | 1 -
...password-system-scoped-request-with-domain.json | 23 +
.../admin/auth-password-unscoped-response.json | 1 -
.../samples/admin/auth-token-scoped-response.json | 1 -
.../admin/auth-token-unscoped-response.json | 1 -
.../v3/samples/admin/endpoint-create-response.json | 3 +-
.../v3/samples/admin/endpoint-update-request.json | 1 -
.../get-available-system-scopes-response.json | 10 +
.../v3/samples/admin/limit-show-response.json | 13 +
.../v3/samples/admin/limits-create-request.json | 17 +
.../v3/samples/admin/limits-create-response.json | 26 +
.../v3/samples/admin/limits-list-response.json | 31 +
.../v3/samples/admin/limits-update-request.json | 12 +
.../v3/samples/admin/limits-update-response.json | 26 +
.../list-system-roles-for-group-response.json | 18 +
.../admin/list-system-roles-for-user-response.json | 17 +
.../v3/samples/admin/project-create-response.json | 3 +-
.../samples/admin/project-tags-list-response.json | 3 +
.../samples/admin/project-tags-update-request.json | 3 +
.../admin/project-tags-update-response.json | 20 +
.../v3/samples/admin/project-update-response.json | 3 +-
.../v3/samples/admin/projects-list-response.json | 24 +-
.../admin/registered-limit-show-response.json | 12 +
.../admin/registered-limits-create-request.json | 15 +
.../admin/registered-limits-create-response.json | 24 +
.../admin/registered-limits-list-response.json | 29 +
.../admin/registered-limits-update-request.json | 17 +
.../admin/registered-limits-update-response.json | 24 +
.../v3/samples/admin/user-create-request.json | 4 +-
api-ref/source/v3/service-catalog.inc | 431 +--
api-ref/source/v3/system-roles.inc | 417 +++
api-ref/source/v3/unified_limits.inc | 589 ++++
api-ref/source/v3/users.inc | 329 +-
devstack/plugin.sh | 2 +-
.../admin/identity-auth-token-middleware.rst | 4 +-
.../admin/identity-keystone-usage-and-features.rst | 43 +-
.../advanced-topics/configure_tokenless_x509.rst | 5 +-
.../federation/configure_federation.rst | 20 +-
.../advanced-topics/federation/shibboleth.rst | 11 +-
etc/keystone.conf.sample | 203 +-
etc/policy.v3cloudsample.json | 46 +-
httpd/README | 2 +-
keystone/application_credential/__init__.py | 14 +
.../application_credential/backends/__init__.py | 0
keystone/application_credential/backends/base.py | 97 +
keystone/application_credential/backends/sql.py | 156 +
keystone/application_credential/controllers.py | 155 +
keystone/application_credential/core.py | 222 ++
keystone/application_credential/routers.py | 54 +
keystone/application_credential/schema.py | 50 +
keystone/assignment/backends/base.py | 62 +
keystone/assignment/backends/sql.py | 86 +
keystone/assignment/controllers.py | 482 ++-
keystone/assignment/core.py | 499 +++-
keystone/assignment/routers.py | 52 +-
keystone/assignment/schema.py | 15 -
keystone/auth/controllers.py | 133 +-
keystone/auth/core.py | 138 +-
keystone/auth/plugins/application_credential.py | 42 +
keystone/auth/plugins/base.py | 3 +-
keystone/auth/plugins/core.py | 53 +-
keystone/auth/plugins/external.py | 15 +-
keystone/auth/plugins/mapped.py | 33 +-
keystone/auth/plugins/oauth1.py | 8 +-
keystone/auth/plugins/password.py | 6 +-
keystone/auth/plugins/token.py | 26 +-
keystone/auth/plugins/totp.py | 12 +-
keystone/auth/routers.py | 6 +
keystone/auth/schema.py | 15 +
keystone/catalog/backends/base.py | 3 +-
keystone/catalog/backends/sql.py | 2 -
keystone/catalog/controllers.py | 298 +-
keystone/catalog/core.py | 8 +-
keystone/catalog/schema.py | 18 -
keystone/cmd/cli.py | 72 +-
keystone/cmd/doctor/credential.py | 10 +-
keystone/cmd/doctor/tokens_fernet.py | 10 +-
keystone/common/authorization.py | 97 +-
keystone/common/context.py | 1 +
keystone/common/controller.py | 129 +-
keystone/common/dependency.py | 170 +-
keystone/common/fernet_utils.py | 314 --
keystone/common/json_home.py | 3 +
keystone/common/manager.py | 33 +-
keystone/common/policies/__init__.py | 6 +
keystone/common/policies/access_token.py | 9 +
keystone/common/policies/application_credential.py | 65 +
keystone/common/policies/auth.py | 15 +
keystone/common/policies/consumer.py | 5 +
keystone/common/policies/credential.py | 15 +
keystone/common/policies/domain.py | 5 +
keystone/common/policies/domain_config.py | 16 +
keystone/common/policies/ec2_credential.py | 19 +
keystone/common/policies/endpoint.py | 5 +
keystone/common/policies/endpoint_group.py | 11 +
keystone/common/policies/grant.py | 114 +-
keystone/common/policies/group.py | 16 +
keystone/common/policies/identity_provider.py | 11 +
keystone/common/policies/implied_role.py | 10 +
keystone/common/policies/limit.py | 67 +
keystone/common/policies/mapping.py | 11 +
keystone/common/policies/policy.py | 7 +
keystone/common/policies/policy_association.py | 15 +
keystone/common/policies/project.py | 107 +
keystone/common/policies/project_endpoint.py | 9 +
keystone/common/policies/protocol.py | 8 +
keystone/common/policies/region.py | 11 +
keystone/common/policies/registered_limit.py | 67 +
keystone/common/policies/revoke_event.py | 5 +
keystone/common/policies/role.py | 20 +
keystone/common/policies/role_assignment.py | 17 +
keystone/common/policies/service.py | 5 +
keystone/common/policies/service_provider.py | 11 +
keystone/common/policies/token.py | 28 +
keystone/common/policies/token_revocation.py | 5 +
keystone/common/policies/trust.py | 9 +
keystone/common/policies/user.py | 43 +
keystone/common/policy.py | 16 +-
keystone/common/provider_api.py | 87 +
.../024_contract_create_created_at_int_columns.py | 61 +
.../sql/contract_repo/versions/025_placeholder.py | 18 +
.../sql/contract_repo/versions/026_placeholder.py | 18 +
.../sql/contract_repo/versions/027_placeholder.py | 18 +
.../sql/contract_repo/versions/028_placeholder.py | 18 +
.../sql/contract_repo/versions/029_placeholder.py | 18 +
.../030_contract_add_project_tags_table.py | 15 +
.../031_contract_system_assignment_table.py | 16 +
.../032_contract_add_expired_at_int_to_trust.py | 51 +
.../versions/033_contract_add_limits_tables.py | 15 +
...4_contract_add_application_credentials_table.py | 15 +
...ystem_column_to_application_credential_table.py | 23 +
...me_application_credential_restriction_column.py | 40 +
...e_service_and_region_fk_for_registered_limit.py | 36 +
.../sql/contract_repo/versions/038_placeholder.py | 18 +
.../sql/contract_repo/versions/039_placeholder.py | 18 +
.../sql/contract_repo/versions/040_placeholder.py | 18 +
.../sql/contract_repo/versions/041_placeholder.py | 18 +
.../sql/contract_repo/versions/042_placeholder.py | 18 +
.../sql/contract_repo/versions/043_placeholder.py | 18 +
.../sql/contract_repo/versions/044_placeholder.py | 18 +
keystone/common/sql/core.py | 51 +
.../024_migrate_create_created_at_int_columns.py | 22 +
.../versions/025_placeholder.py | 18 +
.../versions/026_placeholder.py | 18 +
.../versions/027_placeholder.py | 18 +
.../versions/028_placeholder.py | 18 +
.../versions/029_placeholder.py | 18 +
.../versions/030_migrate_add_project_tags_table.py | 15 +
.../031_migrate_system_assignment_table.py | 17 +
.../032_migrate_add_expired_at_int_to_trust.py | 22 +
.../versions/033_migrate_add_limits_tables.py | 15 +
...34_migrate_add_application_credentials_table.py | 15 +
...ystem_column_to_application_credential_table.py | 15 +
...me_application_credential_restriction_column.py | 15 +
...e_service_and_region_fk_for_registered_limit.py | 15 +
.../versions/038_placeholder.py | 18 +
.../versions/039_placeholder.py | 18 +
.../versions/040_placeholder.py | 18 +
.../versions/041_placeholder.py | 18 +
.../versions/042_placeholder.py | 18 +
.../versions/043_placeholder.py | 18 +
.../versions/044_placeholder.py | 18 +
.../024_expand_create_created_at_int_columns.py | 33 +
.../sql/expand_repo/versions/025_placeholder.py | 18 +
.../sql/expand_repo/versions/026_placeholder.py | 18 +
.../sql/expand_repo/versions/027_placeholder.py | 18 +
.../sql/expand_repo/versions/028_placeholder.py | 18 +
.../sql/expand_repo/versions/029_placeholder.py | 18 +
.../versions/030_expand_add_project_tags_table.py | 44 +
.../versions/031_expand_system_assignment_table.py | 33 +
.../032_expand_add_expired_at_int_to_trust.py | 35 +
.../versions/033_expand_add_limits_tables.py | 68 +
.../034_expand_add_application_credential_table.py | 52 +
...ystem_column_to_application_credential_table.py | 25 +
...me_application_credential_restriction_column.py | 44 +
...e_service_and_region_fk_for_registered_limit.py | 15 +
.../sql/expand_repo/versions/038_placeholder.py | 18 +
.../sql/expand_repo/versions/039_placeholder.py | 18 +
.../sql/expand_repo/versions/040_placeholder.py | 18 +
.../sql/expand_repo/versions/041_placeholder.py | 18 +
.../sql/expand_repo/versions/042_placeholder.py | 18 +
.../sql/expand_repo/versions/043_placeholder.py | 18 +
.../sql/expand_repo/versions/044_placeholder.py | 18 +
keystone/common/sql/upgrades.py | 10 +-
keystone/common/token_utils.py | 314 ++
keystone/common/tokenless_auth.py | 6 +-
keystone/common/utils.py | 32 +-
keystone/common/wsgi.py | 7 +-
keystone/conf/__init__.py | 5 +-
keystone/conf/application_credential.py | 68 +
keystone/conf/auth.py | 11 +
keystone/conf/constants.py | 3 +-
keystone/conf/default.py | 20 +-
keystone/conf/identity.py | 20 -
keystone/conf/resource.py | 8 +
keystone/conf/security_compliance.py | 9 +-
keystone/conf/trust.py | 7 +
keystone/conf/unified_limit.py | 65 +
keystone/contrib/ec2/controllers.py | 186 +-
keystone/contrib/s3/core.py | 19 -
keystone/credential/controllers.py | 20 +-
keystone/credential/core.py | 22 +-
keystone/credential/provider.py | 3 +-
keystone/credential/providers/fernet/core.py | 16 +-
keystone/endpoint_policy/controllers.py | 86 +-
keystone/endpoint_policy/core.py | 18 +-
keystone/exception.py | 53 +-
keystone/federation/controllers.py | 94 +-
keystone/federation/core.py | 46 +-
keystone/i18n.py | 2 +-
keystone/identity/backends/ldap/common.py | 29 +-
keystone/identity/backends/sql_model.py | 39 +-
keystone/identity/controllers.py | 216 +-
keystone/identity/core.py | 121 +-
keystone/identity/generator.py | 3 +-
keystone/identity/mapping_backends/base.py | 3 +-
keystone/identity/mapping_backends/sql.py | 2 -
keystone/identity/routers.py | 10 -
keystone/identity/schema.py | 45 -
keystone/identity/shadow_backends/sql.py | 13 +-
keystone/limit/__init__.py | 15 +
keystone/limit/backends/__init__.py | 0
keystone/limit/backends/base.py | 167 ++
keystone/limit/backends/sql.py | 252 ++
keystone/limit/controllers.py | 130 +
keystone/limit/core.py | 110 +
keystone/limit/routers.py | 66 +
keystone/limit/schema.py | 116 +
keystone/locale/de/LC_MESSAGES/keystone.po | 36 +-
keystone/locale/en_GB/LC_MESSAGES/keystone.po | 1725 +++++++++++
keystone/locale/es/LC_MESSAGES/keystone.po | 35 +-
keystone/locale/fr/LC_MESSAGES/keystone.po | 35 +-
keystone/locale/it/LC_MESSAGES/keystone.po | 35 +-
keystone/locale/ja/LC_MESSAGES/keystone.po | 36 +-
keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 34 +-
keystone/locale/pt_BR/LC_MESSAGES/keystone.po | 35 +-
keystone/locale/ru/LC_MESSAGES/keystone.po | 35 +-
keystone/locale/tr_TR/LC_MESSAGES/keystone.po | 13 +-
keystone/locale/zh_CN/LC_MESSAGES/keystone.po | 33 +-
keystone/locale/zh_TW/LC_MESSAGES/keystone.po | 33 +-
keystone/middleware/auth.py | 104 +-
keystone/middleware/core.py | 57 +-
keystone/models/revoke_model.py | 50 -
keystone/models/token_model.py | 12 +-
keystone/notifications.py | 7 +-
keystone/oauth1/controllers.py | 68 +-
keystone/oauth1/core.py | 23 +-
keystone/oauth1/schema.py | 14 +
keystone/oauth1/validator.py | 20 +-
keystone/policy/controllers.py | 34 +-
keystone/policy/core.py | 18 +-
keystone/resource/backends/sql.py | 105 +-
keystone/resource/controllers.py | 235 +-
keystone/resource/core.py | 170 +-
keystone/resource/routers.py | 40 +-
keystone/resource/schema.py | 62 +-
keystone/revoke/controllers.py | 8 +-
keystone/revoke/core.py | 32 +-
keystone/server/backends.py | 44 +-
keystone/server/common.py | 2 -
.../application_credential/backends/__init__.py | 0
.../application_credential/backends/test_sql.py | 50 +
.../unit/application_credential/test_backends.py | 292 ++
.../unit/assignment/role_backends/test_sql.py | 43 +-
.../unit/identity/backends/test_ldap_common.py | 36 +-
.../unit/identity/shadow_users/test_backend.py | 40 +-
.../test_associate_project_endpoint_extension.py | 68 +-
keystone/token/__init__.py | 1 -
keystone/token/_simple_cert.py | 20 -
keystone/token/controllers.py | 689 -----
keystone/token/persistence/__init__.py | 2 +-
keystone/token/persistence/core.py | 35 +-
keystone/token/provider.py | 69 +-
keystone/token/providers/common.py | 367 ++-
keystone/token/providers/fernet/core.py | 58 +-
.../token/providers/fernet/token_formatters.py | 701 -----
keystone/token/routers.py | 59 -
keystone/token/token_formatters.py | 823 +++++
keystone/trust/backends/sql.py | 13 +-
keystone/trust/controllers.py | 95 +-
keystone/trust/core.py | 8 +-
keystone/trust/schema.py | 17 +-
keystone/v2_crud/__init__.py | 0
keystone/v2_crud/admin_crud.py | 240 --
keystone/v2_crud/user_crud.py | 119 -
keystone/version/__init__.py | 2 +-
keystone/version/controllers.py | 4 +-
keystone/version/service.py | 33 +-
.../keystone-dsvm-functional-v3-only/post.yaml | 15 +
.../keystone-dsvm-functional-v3-only/run.yaml | 60 +
.../legacy/keystone-dsvm-functional/post.yaml | 15 +
playbooks/legacy/keystone-dsvm-functional/run.yaml | 57 +
.../keystone-dsvm-grenade-multinode/post.yaml | 15 +
.../keystone-dsvm-grenade-multinode/run.yaml | 47 +
.../post.yaml | 15 +
.../keystone-dsvm-py35-functional-v3-only/run.yaml | 68 +
...-expires-at-int-to-trusts-60ae3c5d0c00808a.yaml | 8 +
.../add-unified-limit-apis-c9ebc5116bc2cf93.yaml | 9 +
...p-application-credentials-c699f1f17c7d4e2f.yaml | 24 +
.../notes/bp-system-scope-7d236ee5992d4e20.yaml | 21 +
.../notes/bug-1291157-00b5c714a097e84c.yaml | 7 +
.../notes/bug-1524030-0814724d5c2b7c8d.yaml | 10 +
.../notes/bug-1652012-b3aea7c0d5affdb6.yaml | 7 -
.../notes/bug-1701324-739a31f38037f77b.yaml | 5 +
.../notes/bug-1702211-abb59adda73fd78e.yaml | 9 +
.../notes/bug-1718747-50d39fa87bdbb12b.yaml | 17 +
.../notes/bug-1727099-1af277b35db34372.yaml | 9 +
.../notes/bug-1727726-0b47608811a2cd16.yaml | 9 +
.../notes/bug-1733754-4d9d3042b8501ec6.yaml | 7 +
.../notes/bug-1734244-1b4ea83baa72566d.yaml | 6 +
.../notes/bug-1736875-c790f568c5f4d671.yaml | 11 +
.../notes/bug-1738895-342864cd0285bc42.yaml | 7 +
.../notes/bug-1740951-82b7e4bd608742ab.yaml | 8 +
.../notes/bug-1747694-48c8caa4871300e3.yaml | 7 +
.../notes/bug-1748970-eb63ad2030e296f3.yaml | 9 +
.../notes/bug-1749264-676ca02902bcd169.yaml | 6 +
.../notes/bug-1749267-96153d2fa6868f67.yaml | 5 +
.../notes/bug-1750415-95ede3a9685b6e0c.yaml | 7 +
.../notes/bug_1698900-f195125bf341d887.yaml | 1 +
.../deprecate-policies-api-b104fbd1d2367b1b.yaml | 5 +
.../deprecated-as-of-queens-8ad7f826e4f08f57.yaml | 20 +
.../notes/project-tags-1e72a6779d9d02c5.yaml | 18 +
.../removed-as-of-queens-94c04e88c08f89aa.yaml | 15 +
...resource-backend-sql-only-03154d8712b36bd0.yaml | 12 +
.../notes/token-formatter-ec58aba00fa83706.yaml | 8 +
releasenotes/source/conf.py | 14 +-
releasenotes/source/index.rst | 1 +
.../source/locale/ja/LC_MESSAGES/releasenotes.po | 3150 --------------------
releasenotes/source/pike.rst | 19 +
releasenotes/source/unreleased.rst | 13 +
requirements.txt | 41 +-
setup.cfg | 22 +-
test-requirements.txt | 31 +-
tools/sample_data.sh | 104 +-
tools/test-setup.sh | 4 +
tox.ini | 17 +-
596 files changed, 30873 insertions(+), 26340 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index fa2f24d..1059e35 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -12 +12 @@ PasteDeploy>=1.5.0 # MIT
-Paste # MIT
+Paste>=2.0.2 # MIT
@@ -14,2 +14,2 @@ Routes>=2.3.1 # MIT
-cryptography!=2.0,>=1.6 # BSD/Apache-2.0
-six>=1.9.0 # MIT
+cryptography!=2.0,>=1.9 # BSD/Apache-2.0
+six>=1.10.0 # MIT
@@ -21 +21 @@ python-keystoneclient>=3.8.0 # Apache-2.0
-keystonemiddleware>=4.12.0 # Apache-2.0
+keystonemiddleware>=4.17.0 # Apache-2.0
@@ -24,14 +24,14 @@ scrypt>=0.8.0 # BSD
-oslo.cache>=1.5.0 # Apache-2.0
-oslo.concurrency>=3.8.0 # Apache-2.0
-oslo.config!=4.3.0,!=4.4.0,>=4.0.0 # Apache-2.0
-oslo.context>=2.14.0 # Apache-2.0
-oslo.messaging!=5.25.0,>=5.24.2 # Apache-2.0
-oslo.db>=4.24.0 # Apache-2.0
-oslo.i18n!=3.15.2,>=2.1.0 # Apache-2.0
-oslo.log>=3.22.0 # Apache-2.0
-oslo.middleware>=3.27.0 # Apache-2.0
-oslo.policy>=1.23.0 # Apache-2.0
-oslo.serialization!=2.19.1,>=1.10.0 # Apache-2.0
-oslo.utils>=3.20.0 # Apache-2.0
-oauthlib>=0.6 # BSD
-pysaml2<4.0.3,>=2.4.0 # Apache-2.0
+oslo.cache>=1.26.0 # Apache-2.0
+oslo.concurrency>=3.25.0 # Apache-2.0
+oslo.config>=5.1.0 # Apache-2.0
+oslo.context>=2.19.2 # Apache-2.0
+oslo.messaging>=5.29.0 # Apache-2.0
+oslo.db>=4.27.0 # Apache-2.0
+oslo.i18n>=3.15.3 # Apache-2.0
+oslo.log>=3.36.0 # Apache-2.0
+oslo.middleware>=3.31.0 # Apache-2.0
+oslo.policy>=1.30.0 # Apache-2.0
+oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
+oslo.utils>=3.33.0 # Apache-2.0
+oauthlib>=0.6.0 # BSD
+pysaml2<4.0.3,>=4.0.2 # Apache-2.0
@@ -39 +39 @@ dogpile.cache>=0.6.2 # BSD
-jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT
+jsonschema<3.0.0,>=2.6.0 # MIT
@@ -41 +41 @@ pycadf!=2.0.0,>=1.1.0 # Apache-2.0
-msgpack-python>=0.4.0 # Apache-2.0
+msgpack>=0.4.0 # Apache-2.0
@@ -42,0 +43 @@ osprofiler>=1.4.0 # Apache-2.0
+pytz>=2013.6 # MIT
diff --git a/test-requirements.txt b/test-requirements.txt
index 88f0c44..c13260b 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -8,2 +8,2 @@ flake8-docstrings==0.2.1.post1 # MIT
-bashate>=0.2 # Apache-2.0
-os-testr>=0.8.0 # Apache-2.0
+bashate>=0.5.1 # Apache-2.0
+os-testr>=1.0.0 # Apache-2.0
@@ -10,0 +11 @@ freezegun>=0.3.6 # Apache-2.0
+pytz>=2013.6 # MIT
@@ -13 +14 @@ freezegun>=0.3.6 # Apache-2.0
-oslo.db[fixtures,mysql,postgresql]>=4.24.0 # Apache-2.0
+oslo.db[fixtures,mysql,postgresql]>=4.27.0 # Apache-2.0
@@ -20 +21 @@ fixtures>=3.0.0 # Apache-2.0/BSD
-lxml!=3.7.0,>=2.3 # BSD
+lxml!=3.7.0,>=3.4.1 # BSD
@@ -22,7 +23,2 @@ lxml!=3.7.0,>=2.3 # BSD
-mock>=2.0 # BSD
-oslotest>=1.10.0 # Apache-2.0
-# required to build documentation
-sphinx>=1.6.2 # BSD
-os-api-ref>=1.0.0 # Apache-2.0
-# test wsgi apps without starting an http server
-WebTest>=2.0 # MIT
+mock>=2.0.0 # BSD
+oslotest>=3.2.0 # Apache-2.0
@@ -30,3 +26,3 @@ WebTest>=2.0 # MIT
-python-subunit>=0.0.18 # Apache-2.0/BSD
-testrepository>=0.0.18 # Apache-2.0/BSD
-testtools>=1.4.0 # MIT
+os-api-ref>=1.4.0 # Apache-2.0
+# test wsgi apps without starting an http server
+WebTest>=2.0.27 # MIT
@@ -34,3 +30,2 @@ testtools>=1.4.0 # MIT
-# For documentation
-openstackdocstheme>=1.16.0 # Apache-2.0
-reno!=2.3.1,>=1.8.0 # Apache-2.0
+stestr>=1.0.0 # Apache-2.0
+testtools>=2.2.0 # MIT
@@ -38 +33 @@ reno!=2.3.1,>=1.8.0 # Apache-2.0
-tempest>=16.1.0 # Apache-2.0
+tempest>=17.1.0 # Apache-2.0
More information about the Release-announce
mailing list