[release-announce] puppet-keystone 16.4.0 (ussuri)

no-reply at openstack.org no-reply at openstack.org
Mon Nov 29 11:24:02 UTC 2021 

We are tickled pink to announce the release of:

puppet-keystone 16.4.0: Puppet module for OpenStack Keystone

This release is part of the ussuri stable release series.

The source is available from:

    https://opendev.org/openstack/puppet-keystone

Download the package from:

    https://tarballs.openstack.org/puppet-keystone/

Please report issues through:

    https://bugs.launchpad.net/puppet-keystone/+bugs

For more details, please see below.

16.4.0
^^^^^^


New Features
************

* Adding the following configurable items for OpenID:

  * "keystone::federation::openidc::openidc_pass_userinfo_as" to set
    "OIDCPassUserInfoAs"

  * "keystone::federation::openidc::openidc_pass_claim_as" to set
    "OIDCPassClaimsAs"

* Add TLS options to oslo.cache

* Allow to specify drivername for postgres db

* The new "keystone::cron::trust_flush" class was added to configure
  a cron job to purge expired or soft-deleted trusts.

* The "keystone::federation::ipenidc" class now supports the new
  "openidc_response_mode" parameter, to customize mod_auth_openidc
  response mode.


Upgrade Notes
*************

* Since Ussuri release, identity service record is created by
  bootstrap instead of API call. Since current bootstrap doesn't
  support service the value has been changed to "" from the previous
  value, "OpenStack Identity Service", which was implemented in
  puppet-keystone.


Bug Fixes
*********

* Fixed a bug where the keystone::resource::authtoken resource would
  not install the proper python memcache bindings when using python3.

* The "default/public_endpiint" parameter is no longer set by
  default because of known issue with different hosts/protocol used
  for each endpoints (especially for admin endpoint and public
  endpoint)

Changes in puppet-keystone 16.3.0..16.4.0
-----------------------------------------

0c5c446 Prepare the final stable/ussuri release
f6cb44a OIDC: Add support for setting OIDCResponseMode
f0d4f19 Add oidc options
1dd6ad7 Unset memcached_servers by default
7cd34da TripleO: Reduce tempest test scope
509aecf Set fixture paths for unit tests
4861101 Add TLS options to oslo.cache
abb78e8 Add missing dependencies about keystone_puppet_config
c8b5bda Build containers for single consumer job
d838c86 Add service_description parameter to keep interface compatibility
2917cc9 Fix python package names (ldappool and pysaml2)
79083ed Convert more to rspec-puppet-facts
1639894 Fix missing usage of openstack_integration::apache
af7e03b Add CentOS8 to nodesets
13fcea1 Use common class to manage apache service in beaker job
58e6659 Add support for trust_flush cron job
f25a4cc allow to specify drivername for postgres db
5f19d18 Unset public_endpoint by default
d33843d Always pass --name when flushing keystone_service
975806c Install the correct memcache bindings for py3
e3ce449 Update doc to reflect code
a9b40a2 Switch to Ussuri
2adf1b8 Fix broken unit tests because of list in notification drivers
f925b41 Update TOX_CONSTRAINTS_FILE for stable/ussuri
e2296a3 Update .gitreview for stable/ussuri


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |   1 +
.zuul.yaml                                         |   4 +-
Gemfile                                            |   1 +
lib/puppet/provider/keystone_service/openstack.rb  |   3 +
manifests/cache.pp                                 |  43 +++
manifests/cron/trust_flush.pp                      |  91 +++++
manifests/db.pp                                    |   2 +-
manifests/deps.pp                                  |   6 +
manifests/endpoint.pp                              |  21 +-
manifests/federation/identity_provider.pp          |  15 +-
manifests/federation/openidc.pp                    |  39 +-
manifests/init.pp                                  |  46 +--
manifests/ldap.pp                                  |   9 +-
manifests/ldap_backend.pp                          |   6 +-
manifests/params.pp                                |   6 +-
metadata.json                                      |   6 +-
.../notes/add-oidc-params-0bddcca8d49ccfdb.yaml    |  11 +
.../notes/add_tls_options-8ed38a82af2f378f.yaml    |   4 +
...drivername-for-postgresql-daa276a598844884.yaml |   3 +
...strap-service_description-af9b4f786fa181e5.yaml |   7 +
.../notes/cron-trust_flush-9a85af706076f55d.yaml   |   5 +
.../memcache-package-pyvers-a3db976c1a881dcf.yaml  |   5 +
.../openidc_response_mode-f5a2ddf95bd4b752.yaml    |   6 +
.../unset-public_endpoint-1f28429335f3d0d7.yaml    |   6 +
spec/acceptance/default_domain_spec.rb             |   2 +
.../keystone_federation_identity_provider_spec.rb  |   1 +
.../keystone_federation_shibboleth_spec.rb         |   1 +
spec/acceptance/keystone_wsgi_apache_spec.rb       |   2 +
spec/acceptance/nodesets/nodepool-centos8.yml      |  10 +
spec/classes/keystone_cache_spec.rb                |  15 +
spec/classes/keystone_cron_trust_flush_spec.rb     |  67 ++++
.../keystone_federation_identity_provider_spec.rb  | 189 ++++++----
spec/classes/keystone_federation_openidc_spec.rb   |  39 ++
spec/classes/keystone_init_spec.rb                 |  46 +--
spec/classes/keystone_ldap_spec.rb                 | 225 +++++++-----
spec/defines/keystone_ldap_backend_spec.rb         | 392 +++++++++++----------
spec/defines/keystone_resource_authtoken_spec.rb   |  10 +-
spec/spec_helper.rb                                |   7 +-
templates/openidc.conf.erb                         |  11 +-
tox.ini                                            |   2 +-
40 files changed, 904 insertions(+), 461 deletions(-)

More information about the Release-announce mailing list