[release-announce] keystone 14.1.0 (rocky)

no-reply at openstack.org no-reply at openstack.org
Thu Apr 4 14:32:13 UTC 2019 

We contentedly announce the release of:

keystone 14.1.0: OpenStack Identity

This release is part of the rocky stable release series.

The source is available from:

    https://git.openstack.org/cgit/openstack/keystone

Download the package from:

    https://tarballs.openstack.org/keystone/

Please report issues through:

    https://bugs.launchpad.net/keystone/+bugs

For more details, please see below.

14.1.0
^^^^^^

Bug Fixes

* [bug 1780503 (https://bugs.launchpad.net/keystone/+bug/1780503)]
  The notification wrapper now sets the initiator's id to the given
  user id. This fixes an issue where identity.authentication event
  would result in the initiator id being a random default UUID, rather
  than the user's id when said user would authenticate against
  keystone.

* [bug 1810393 (https://bugs.launchpad.net/keystone/+bug/1810393)]
  Now when an identity provider protocol is deleted, the cache info
  for the related federated users will be invalidated as well.

* [bug 1798184 (https://bugs.launchpad.net/keystone/+bug/1798184)]
  [bug 1820333 (https://bugs.launchpad.net/keystone/+bug/1820333)] In
  Python 3, python-ldap no longer allows bytes for some fields (DNs,
  RDNs, attribute names, queries). Instead, text values are
  represented as str, the Unicode text type. Compatibility support is
  provided for Python 2 by setting bytes_mode=False [1].

  The keystone LDAP backend is updated to adhere to this behavior by
  using bytes_mode=False for Python 2 and dropping UTF-8 encoding and
  decoding fields that are now represented as text in python-ldap.

  [1] More details about byte/str usage in python-ldap can be found
  at: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode

  Note that at a minimum python-ldappool 2.3.1 is required.

* [bug 1810983 (https://bugs.launchpad.net/keystone/+bug/1810983)]
  With the removal of KeystoneToken from the token model, we longer
  have the ability to use the token data syntax in the policy rules.
  This change broke backward compatibility for anyone deploying
  customized Keystone policies. Unfortunately, we can't go back to
  KeystoneToken model as the change was tightly coupled with the other
  refactored authorization functionalities.

  Since the scope information is now available in the credential
  dictionary, we can just make use of it instead. Those who have
  custom policies must update their policy files accordingly.

Changes in keystone 14.0.1..14.1.0
----------------------------------

6a3888b05 PY3: Ensure LDAP searches use unicode attributes
a2e7ccb4b PY3: switch to using unicode text values
182ff97dc Set initiator id as user_id for auth events
64c6c481e Update the minimimum required version of oslo.log
79594bb4e Invalidate shadow_federated_user cache when deleting protocol
a922d541c Switch devstack plugin to samltest.id
6b902d877 Run Rocky cover jobs on Xenial
0f5cd1f88 Fix the incorrect release name of project guide
8ad99784c Remove publish-loci post job
4420b78c0 fix self-service credential APIs
a2e307ed4 correct the admin_or_target_domain rule
b2491d45a Imported Translations from Zanata
84b795f88 Make OSA rolling upgrade test experimental
a9ca37cde Fix developer config dir flask aftermath
abad630f3 Clarify deprecation message
adcd05cf5 Fix example for getting system scoped token


Diffstat (except docs and test files)
-------------------------------------

.zuul.yaml                                         |   12 +-
devstack/files/federation/attribute-map.xml        |    3 +
devstack/lib/federation.sh                         |   25 +-
etc/policy.v3cloudsample.json                      |    2 +-
keystone/api/credentials.py                        |   30 +-
keystone/cmd/cli.py                                |   12 +-
keystone/common/policies/base.py                   |    2 +-
keystone/federation/core.py                        |   15 +
keystone/identity/backends/ldap/common.py          |  116 +-
keystone/locale/de/LC_MESSAGES/keystone.po         |   23 +-
keystone/locale/en_GB/LC_MESSAGES/keystone.po      |   47 +-
keystone/locale/es/LC_MESSAGES/keystone.po         |   25 +-
keystone/locale/fr/LC_MESSAGES/keystone.po         |   22 +-
keystone/locale/it/LC_MESSAGES/keystone.po         |   22 +-
keystone/locale/ja/LC_MESSAGES/keystone.po         |   22 +-
keystone/locale/ko_KR/LC_MESSAGES/keystone.po      |   88 +-
keystone/locale/pt_BR/LC_MESSAGES/keystone.po      |   21 +-
keystone/locale/ru/LC_MESSAGES/keystone.po         |   22 +-
keystone/locale/tr_TR/LC_MESSAGES/keystone.po      |   17 +-
keystone/locale/zh_CN/LC_MESSAGES/keystone.po      |   20 +-
keystone/locale/zh_TW/LC_MESSAGES/keystone.po      |   20 +-
keystone/notifications.py                          |    9 +-
keystone/server/flask/core.py                      |    1 +
.../unit/identity/backends/test_ldap_common.py     |    9 +-
lower-constraints.txt                              |    4 +-
.../notes/bug-1780503-70ca1ba3f428dd41.yaml        |    8 +
.../notes/bug-1810393-5a7d379842c51d9b.yaml        |    6 +
.../notes/bug-1820333-356dcc8bf9f73fed.yaml        |   18 +
...policy-for-get-domain-api-c48f4a23adc044cd.yaml |   14 +
.../locale/en_GB/LC_MESSAGES/releasenotes.po       | 1529 ---------
.../source/locale/ja/LC_MESSAGES/releasenotes.po   | 3423 --------------------
requirements.txt                                   |    2 +-
setup.cfg                                          |    2 +-
45 files changed, 446 insertions(+), 5387 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index 355f4c256..e06572e6d 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -31 +31 @@ oslo.i18n>=3.15.3 # Apache-2.0
-oslo.log>=3.36.0 # Apache-2.0
+oslo.log>=3.38.0 # Apache-2.0

More information about the Release-announce mailing list