[release-announce] keystone 13.0.3 (queens)
no-reply at openstack.org
no-reply at openstack.org
Wed Oct 30 14:38:12 UTC 2019
We jubilantly announce the release of:
keystone 13.0.3: OpenStack Identity
This release is part of the queens stable release series.
The source is available from:
https://opendev.org/openstack/keystone
Download the package from:
https://tarballs.openstack.org/null/
Please report issues through:
https://bugs.launchpad.net/keystone/+bugs
For more details, please see below.
13.0.3
^^^^^^
Bug Fixes
* [bug 1780503 (https://bugs.launchpad.net/keystone/+bug/1780503)]
The notification wrapper now sets the initiator's id to the given
user id. This fixes an issue where identity.authentication event
would result in the initiator id being a random default UUID, rather
than the user's id when said user would authenticate against
keystone.
* [bug 1782922 (https://bugs.launchpad.net/keystone/+bug/1782922)]
Fixed the problem where Keystone indiscriminately return the first
RDN as the user ID, regardless whether it matches the configured
'user_id_attribute' or not. This will break deployments where
'group_members_are_ids' are set to False and 'user_id_attribute' is
not in the DN. This patch will perform a lookup by DN if the first
RND does not match the configured 'user_id_attribute'.
* [bug 1801873 (https://bugs.launchpad.net/keystone/+bug/1801873)]
This fixes an issue where an LDAP-backed domain could not be deleted
due to the existence of shadow users in the SQL database.
* [bug 1840291 (https://bugs.launchpad.net/keystone/+bug/1840291)]
Adds retries for "delete_credential_for_user" method to avoid
DBDeadlocks when deleting large number of credentials concurrently.
* [*bug 1843609 <https://bugs.launchpad.net/keystone/+bug/1843609>*]
Fixed an issue where system-scoped tokens couldn't be used to list
users and groups (e.g., GET /v3/users or GET /v3/groups) if
"keystone.conf [identity] domain_specific_drivers_enabled=True" and
the API would return an "HTTP 401 Unauthorized". These APIs now
recognize system-scoped tokens when using domain-specific drivers.
Changes in keystone 13.0.2..13.0.3
----------------------------------
65cb669e7 Make system tokens work with domain-specific drivers
d57733f4e Add test case for expanding implied roles in system tokens
a6a438c9f Import LDAP job into project
686d52930 Add retry for DBDeadlock in credential delete
79ed42ee6 Fix python3 compatibility on LDAP search DN from id
9d9451e13 Fixing dn_to_id function for cases were id is not in the DN
71f45f12c Remove experimental openSUSE 42.3 job
a3a2d75ea Cap bandit
c2f619b14 Blacklist bandit 1.6.0
e4c01229e OpenDev Migration Patch
86428a6c6 Delete shadow users when domain is deleted
bb1b98b65 Replace openstack.org git:// URLs with https://
0161ffadd Set initiator id as user_id for auth events
a6703dff0 Remove publish-loci post job
34185638d Update the RDO installation guide to use port 5000
Diffstat (except docs and test files)
-------------------------------------
.gitreview | 2 +-
.zuul.yaml | 35 +++++++-------
keystone/common/controller.py | 2 +
keystone/credential/backends/sql.py | 3 ++
keystone/identity/backends/ldap/common.py | 34 +++++++++++--
keystone/identity/backends/ldap/core.py | 7 ++-
keystone/identity/core.py | 13 ++---
keystone/identity/shadow_backends/sql.py | 12 +++++
keystone/notifications.py | 9 ++--
.../keystone-dsvm-functional-v3-only/run.yaml | 8 ++--
playbooks/legacy/keystone-dsvm-functional/run.yaml | 6 +--
.../keystone-dsvm-grenade-multinode/run.yaml | 10 ++--
.../keystone-dsvm-py35-functional-v3-only/run.yaml | 8 ++--
.../notes/bug-1780503-70ca1ba3f428dd41.yaml | 8 ++++
.../notes/bug-1782922-db822fda486ac773.yaml | 10 ++++
.../notes/bug-1801873-0eb9a5ec3e801190.yaml | 6 +++
.../notes/bug-1840291-35af1ac7ba06e166.yaml | 6 +++
.../notes/bug-1843609-8498b132222596b7.yaml | 9 ++++
setup.cfg | 2 +-
26 files changed, 295 insertions(+), 61 deletions(-)
More information about the Release-announce
mailing list