- OpenStack-announce - lists.openstack.org

[new][keystone] keystone 10.0.0 release (newton)
by no-reply＠openstack.org 06 Oct '16

06 Oct '16

We are enthusiastic to announce the release of: keystone 10.0.0: OpenStack Identity This release is part of the newton release series. For more details, please see below. 10.0.0 ^^^^^^ Add "keystone-manage mapping_populate" command, which should be used when domain-specific LDAP backend is used. Tokens can now be cached when issued. New Features ************ * [blueprint domain-config-as-stable (https://blueprints.launchpad.net/keystone/+spec/domain-config-as- stable)] The domain config via API is now marked as stable. * [blueprint manage-migration (https://blueprints.launchpad.net/keystone/+spec/manage-migration) Upgrading keystone to a new version can now be undertaken as a rolling upgrade using the *--expand*, *--migrate* and *--contract* options of the *keystone-manage db_sync* command. * OSprofiler support was added. This cross-project profiling library allows to trace various requests through all OpenStack services that support it. To initiate OpenStack request tracing *--profile <HMAC_KEY>* option needs to be added to the CLI command. Configuration and usage details can be foung in [OSProfiler documentation (http://docs.openstack.org/developer/osprofiler/api.html) * Add "keystone-manage mapping_populate" command. This command will pre-populate a mapping table with all users from LDAP, in order to improve future query performance. It should be used when an LDAP is first configured, or after calling "keystone-manage mapping_purge", before any queries related to the domain are made. For more information see "keystone-manage mapping_populate --help" * Add "cache_on_issue" flag to "[token]" section that enables placing issued tokens to validation cache thus reducing the first validation time as if token is already validated and token data cached. Upgrade Notes ************* * We have added the "password_expires_at" attribute to the user response object. * The identity backend driver interface has changed. We've added a new "change_password()" method for self service password changes. If you have a custom implementation for the identity driver, you will need to implement this new method. * OSprofiler support was introduced. To allow its usage the keystone- paste.ini file needs to be modified to contain osprofiler middleware. * Fixes a bug related to the password create date. If you deployed master during Newton development, the password create date may be reset. This would only be apparent if you have security compliance features enabled. * In the policy.json file, we changed *identity:list_projects_for_groups* to *identity:list_projects_for_user*. Likewise, we changed *identity:list_domains_for_groups* to *identity:list_domains_for_user*. If you have customized the policy.json file, you will need to make these changes. This was done to better support new features around federation. * Keystone now supports encrypted credentials at rest. In order to upgrade successfully to Newton, deployers must encrypt all credentials currently stored before contracting the database. Deployers must run *keystone-manage credential_setup* in order to use the credential API within Newton, or finish the upgrade from Mitaka to Newton. This will result in a service outage for the credential API where credentials will be read-only for the duration of the upgrade process. Once the database is contracted credentials will be writeable again. Database contraction phases only apply to rolling upgrades. * Keystone now relies on pyldap instead of python-ldap. The pyldap library is a fork of python-ldap and is a drop-in replacement with modifications to be py3 compatible. Deprecation Notes ***************** * [blueprint domain-config-as-stable (https://blueprints.launchpad.net/keystone/+spec/domain-config-as- stable)] Deprecated "keystone-manage domain_config_upload". The keystone team recommends setting domain config options via the API instead. The "domain_config_upload" command line option may be removed in the 'P' release. * [blueprint deprecated-as-of-newton (https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of- newton)] As of the Newton release, the class plugin *keystone.common.kvs.core.KeyValueStore* has been deprecated. It is recommended to use alternative backends instead. The "KeyValueStore" class will be removed in the 'P' release. Bug Fixes ********* * [bug 1590587 (https://bugs.launchpad.net/keystone/+bug/1590587) When assigning Domain Specific Roles, the domain of the role and the domain of the project must match. This is now validated and the REST call will return a 403 Forbidden. * [bug 1594482 (https://bugs.launchpad.net/keystone/+bug/1594482) When using list_limit config option, the GET /services?name={service_name} API was first truncating the list and afterwards filtering by name. The API was fixed to first filter by name and only afterwards truncate the result list to the desired limit. * [bug 1613466 (https://bugs.launchpad.net/keystone/+bug/1613466) Credentials update to ec2 type originally accepted credentials with no project ID set, this would lead to an error when trying to use such credential. This behavior has been blocked, so creating a non- ec2 credential with no project ID and updating it to ec2 without providing a project ID will fail with a *400 Bad Request* error. Other Notes *********** * The response's content type for creating request token or access token is changed to *application/x-www-form-urlencoded*, the old value *application/x-www-urlformencoded* is invalid and will no longer be used. * Keystone now supports being run under Python 3. The Python 3 and Python 3.4 classifiers have been added. Changes in keystone 9.0.0.0rc1..10.0.0 -------------------------------------- 724ac7f Make returning is_domain conditional 4a60452 Validate password history for self-service password changes 6520523 Imported Translations from Zanata b3fae77 Fixes password created_at errors due to the server_default 6eeb354 Update UPPER_CONSTRAINTS_FILE for stable/newton af1c62e Update .gitreview for stable/newton 9640f50 Add unit tests for isotime() 6e2738c Remove unused _convert_to_integers() method 294c5a1 Remove unused read_cached_file method from utils 9bbb0ce Allow compatibility with keystonemiddleware 4.0.0 c2fd1f6 Fix links on configure_federation documentation acde6ff Add edge case tests for disabling a trustee 36d7be0 Fix prameters name and response codes in Keystone API v2 4d4faab Tweak api-ref doc for services/endpoints 6e18511 Use issued_at in fernet token provider 3c5af9a Remove unused method from keystone.common.utils 408820c Use ConfigParser instead of SafeConfigParser 301b6a7 Consistently round down timestamps d907ad3 Remove the APIs from doc that is not supported yet 63b37b5 TrivialFix: Merge imports in code 17224c4 Fix the nit on how to deploy keystone with `mod_proxy_uwsgi` 830b01f Tweak api-ref doc for projects bf5711e Remove the dead link in schema migration doc e56dbe8 Updated from global requirements fe12aaf Fix order of arguments in assertIs 9418f26 New notes on advanced upgrade/fallback for cluster 06b050c standardize release note page ordering 77a002b [api-ref] Correct response code status e7b845c Replace six iteration methods with standard ones 3332edf Fixes a nit in a comment 85b2faa Updates configuration doc with latest changes 9059f2e Use freezegun for change password tests 9a559c7 Update sample keystone.conf for Newton 73bdbe1 Project domain must match role domain for assignment 407f08e Add docs for the null key 59f117f Log warning if null key is used for encryption e9b6437 Introduce null key for credential encryption 3c3df90 More nit doc fixes 2cf1b1e Keep the order of passwords in tests fb7be8c [api-ref] Stop supporting os-api-ref 1.0.0 a984bff Fix up some doc nits 83e3c00 Only cache callables in the base manager 5c9fa41 [api-ref] Correcting parameter's type 602cc57 Correct link type fbe462f Fix problems in service api doc 5a49379 Raise NotImplementedError instead of NotImplemented c7a5f41 Add the deprecated_since to deprecated options 33008ce Add doctor checks for credential fernet keys 32af31f Few new commands missing from docs 1de7224 Emit log message for fernet tokens only 0edf1fe Implement encryption of credentials at rest 409211d Typo: key_manger_factory to key_mangler_factory ffee044 Fixes spelling mistakes 2b70175 Fixes migration where password created_at is nullable 305cb8a Block global roles implying domain specific roles 05c5f0c Correct typo in mapping_populate command's help 7ba5370 Relax the requirement for mappings to result in group memberships 0e7ab57 Document credential encryption cc3e797 Update sample uwsgi config for lazy-apps ba98048 Add documentation on how to set a user's tenant. 7260b55 Pre-cache new tokens 2b6d04b Config logABug feature for Keystone api-ref 97da3a7 Fix nits in db migration dev docs 0ae6d09 Disallow new migrations in the legacy migration repository 7dd1ae4 Updated from global requirements 4f40cc3 Update developer docs for new rolling upgrade repos 2aee65c Add man page info for credential setup command 11848b2 Remove unnecessary try/except from token provider 3272623 Fixes small grammar mistake in docstring 428a6e0 Add a feature support matrix for identity sources c81b337 Fix wrong response codes in 'groups' APIs. 94b08af Make token_id a required parameter in v3_to_v2_token 42eda48 Distributed cache namespace to invalidate regions 618d9ca Fix formatting strings when using multiple variables ceec009 Add credential setup command a8dbe9b Add Response Example for 'Create credential' API e332a3a Add Response Example for 'Passwd auth with unscoped authorization' c613dd3 Remove mapping schema from the doc 5346dfa Impose a min and a max on time values in CONF.token 7678c40 Repair link in Keystone documentation 67cf54d Fix some typos in comments 3281e8f Cleaning imports in code 372c1bd Updated from global requirements c30fd01 TrivialFix: Remove logging import unused 0845df2 Removes old, unused code 6bde3f3 Reduce log level of Fernet key count message a9a2665 Updated from global requirements 3fad275 Adds password regular expression checks to doctor f66077f Let upgrade tests control all 4 repositories at once 64fabd7 Adds check that minimum password age is less than password expires days 3976e58 Remove unused global variable from unit tests 743e110 Modify sql banned operations for each of the new repos 3e29913 Use egg form of osprofiler in paste pipeline 17f96bb api-ref: Splitting status lines in API v3-ext. 43df612 api-ref: Splitting status lines in API v3. 4bf04ff Remove mox from test-requirements 80c56ba TrivialFix: Remove logging import unused 6ecc426 [api-ref]: Outdated link reference 020776b Remove unnecessary __init__ b1fdad9 Add mapping_populate command 5ae761e Doc fix: license rendered in published doc 52b2503 Doc fix: "keystone-manage upgrade" is not a thing 8144e28 Fix credential update to ec2 type 25d3591 Add key repository uniqueness check to doctor dd63146 Update `href` for keystone extensions 8114a07 Updated from global requirements 1531b3c Fix the wrong URI for the OAuth1 extension in api-ref. 70e6d58 Shadowing a nonlocal_user incorrectly creates a local_user fd2a4fa Add entrypoint for mapped auth method 80888cf Get ready for os-api-ref sphinx theme change a5e2906 Add rolling upgrade documentation a6d4512 Add create and update methods to credential Manager e10811c Create a fernet credential provider fab5f82 Make KeyRepository shareable bd80bb7 Add conf to support credential encryption e6a0fd0 Password expires ignore user list 96ec431 Add expand, data migration and contract logic to keystone-manage cb51cb4 [api] add relationship links to v3-ext ecbeae5 Removes use of freezegun in test_auth tests 25d2f8e Removes a redundant test from FernetAuthWithTrust b6744a6 api-ref: Fix parameters attributes 6749008 Set default value for [saml]/idp_contact_surname 850eace Tidy up for late-breaking review comments on keystone-manage b4ff783 PCI-DSS Minimum password age requirements 251cf10 api-ref: Document domain specific roles 32cf428 Revert "Add debug logging to revocation event checking" 72b274d Replace the content type with correct one 59a2351 Add credential encryption exception c2d8451 Pass key_repository and max_active_keys to FernetUtils bc95434 Make a FernetUtils class 4dafc37 Move fernet utils into keystone/common/ 4569d41 Add support for rolling upgrades to keystone-manage 3b86db4 api-ref: Document implied roles API 51cccd2 Support new osprofiler API 729c989 api-ref: Correcting V3 OS-INHERIT APIs 8363ab2 Fix typo in the file d2ee07b Add debug logging to revocation event checking 963c23c Detail Federation Service Provider APIs in api-ref 5d2fd07 Detail Fed Projects and Domains APIs in api-ref 46b71ef add a header for the federation APIs 30ded50 Detail Federation Mapping APIs in api-ref docs b62acaa Detail Federation Auth APIs in api-ref docs ec5b0cb Detail Federation Assertion APIs in api-ref docs 9030e6e Move other-requirements.txt to bindep.txt 960967e Detail IdP APIs in api-ref docs 5289eef api-ref: Add default domain config documentation 85ae245 Constraints are ready to be used for tox.ini 0c78293 Updated from global requirements d36e555 [api] add relationship links to v3 e9b0f2f Refactor revoke matcher b9c6717 Document get auth/catalog,projects,domains e4a82b3 api-ref: Renaming parameters of V3-ext APIs 9241aeb api-ref: Correcting V3 Credentials APIs ceaa09d api-ref: Correcting V3 Policies APIs b3c8381 api-ref: Correcting V3 Authentication APIs 8d5926a api-ref: Correcting V3 Domain config APIs 8a069c0 Use international logging message 7f3ec14 Updates Development Environment Docs 5740a32 api-ref: Add query options to GET /projects API documentation 2398e5b Updated from global requirements 6db31c8 api-ref: Add missing parameter tables to tenant e1e7c7d Create unit tests for the policy drivers 6919253 api-ref: Correcting V3 Endpoints APIs 9a520bc api-ref: Correcting V3 Services APIs 82bf342 api-ref: Add "nocatalog" option to GET /v3/auth/tokens 6b52756 Fix warning when running tox -e api-ref ff00d33 Add basic upgrade documentation 8026a95 Document query option (is_domain) for projects 6c408a0 remove test utilities related to adding extensions b33512f Update etc/keystone.conf.sample 3de3d71 Make hash_algorithms order deterministic 041f53f PCI-DSS Password expires validation aa9fdfc Report v2.0 as deprecated in version discovery 50ff858 Update the api-ref to mark the v2 API as deprecated a5264d7 Add schema validation to create user v2 935530f Fix the spelling of a test name 141970f Remove mention of db_sync per backend 9838e54 Trust controller refactoring ffd2fea Use more specific asserts in tests 64e97a8 Updated from global requirements 4c351c5 Add debug logging for RevokeEvent deserialize problem 3efd271 Make all token provider behave the same with trusts bfa13b7 Clean up the introductory text in the docs e8022f3 Retry revocation on MySQL deadlock 5eedeaa Add schema validation to update user v2 0e2cc05 PCI-DSS Lockout requirements ebe1e83 Improve domain configuration API docs e420b16 Skip middleware request processing for admin token 8eb67a9 Move Assertion API to its own file 5a0987d Bump API version number and date 62d0175 Move Federation Auth API to its own file edd5827 Move List Projects and Domains API to its own file 34dd18c Move Service Provider API to its own file fc9cfb7 Move Mapping API to its own file 6f36a20 Use %()d for integer substitution 97a6341 Don't include openstack/common in flake8 exclude list 44ccc92 Added postgresql libs to developer docs f250fe4 Add schema validation to create service in v2 b26200b Remove the redundant verification in OAuth1 authorization dbf101f Add schema validation to v2 update tenant 85570dc refactor idp to its own file 629b2d0 Updated from global requirements 6bc3a74 PCI-DSS Password history requirements 0f6fa0e Move Identity Provider API to its own file bc99dc7 Add dummy domain_id column to cached role 6a94b28 Allow attributes other than `enabled` in schema 345d2a0 Remove the extensions repos 8cef848 Document the domain config API as stable fc924f8 Remove configuration references to eventlet a14add1 Adds a custom deepcopy handler 927b08b Add token feature support matrix to documentation 8246fc2 Test number of queries on list_users 295cfde No need the redundant validation in manager level f26b31a Add the missing testcases for `name` and `enabled` fd861dc Adds test for SecurityError's translation behavior b2cb4c4 TOTP auth not functional in python3 6ab4444 Invalid tls_req_cert constant as default 05f8578 Add schema validation to v2 create tenant 9c99641 Use quotes consistently in token controller 9d01162 Add performance tuning documentation 0b600ce Allow V2TestCase to be tested against fernet and uuid b77c5b7 Make AuthWithTrust testable against uuid and fernet ab7a745 Improve os-federation docs 62fb97f Fix v2-ext API enabled documentation dfd5d25 PCI-DSS Adds password_expires_at to API docs 5bbc78a Make it so federated tokens are validated on v2.0 cd26ae9 Use freezegun in AssignmentInheritanceTestCase f324506 Only run KvsTokenCacheInvalidation against uuid 3246732 Use freezegun in OSRevokeTests d6ac15c refactor: make TestFetchRevocationList test uuid 05ec032 refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz 66f7b09 refactor: make TestAuthKerberos test pki/pkiz/uuid 80b4ffa Add schema validation to create role d0328e3 Replace OpenStack LLC with OpenStack Foundation e9fc581 refactor: inherit AuthWithRemoteUser for other providers 241d33d Run AuthWithToken against all token providers e8cd48f Don't run TokenCacheInvalidation with Fernet 12966b8 Refactor TestAuthExternalDomain to not inherit tests 6bcc03f Use freezegun to increment clock in test_v3_assignment 4adf01b Add schema for enabling a user 0b49d43 Fix up the api-ref request/response parameters for projects 0f13aed `password` is not required for updating a user 002de1b Clarify V2 API for enabling or disabling user 0e6752b Removed duplicate parameter in v2-admin api-ref e183c14 Fix the errors in params in api-ref for V3 region 14018e9 Fix the errors in params in api-ref for V3 user 53bb53a Added cache for id mapping manager b679f2b Updated from global requirements 3223360 Add Python 3.5 classifier 05b5dfe Handle Py35 fix of ast.node.col_offset bug 2293342 deprecate a few more LDAP config options e8eeb43 Clean up api-ref for domains 059f353 keystone-manage doctor 7f7cfe7 v2 api: add APIs for setting a user's password 74a8e5b Update os-inherit API reference b61b1c5 Updated from global requirements 72e6196 Run AuthTokenTests against fernet and uuid 7646e21 Use freezegun to increment the clock in test_v3_filters 29624d4 Prevent error when duplicate mapping is created 9df02bf Fix the wrong check condition e4c30cb Clean up the api-ref for groups 809a39a Updated from global requirements 20259d1 Improve introdcution to api-ref projects 53b5b99 Migrate OS-FEDERATION from specs repo 96852a0 v2 api: remove APIs for global roles e6da0ba v2 api: group and order the v2-ext APIs 05fb9cc v2 api: remove duplicated delete user API eb27807 v2 api: add missing /roles in role CRUD APIs 139dc8d v2 api: list user roles is defined twice b135c27 v2 api: add OS-KSADM to service API routes e00c89e v2 api: add tenant APIs 50c64f9 v2 api: delete user is defined twice 1963093 v2 api: change update user cab514d v2 api: correct user list 9c4ac4e Update Identity endpoint in v2 samples 0223d9a Fix up numerous errors in params in api-ref for roles 4979fbc Fix up the api-ref for role query paramaters 2042c95 Fix the username value in federated tokens 22ab8a8 Improve readability of the api-ref roles section a6c7763 Use constraints for coverage job 64fbbed clean up OAUTH API 534f57d Add relationship links to OAUTH APIs caa3a91 Remove `name` property from `endpoint` create/update API 5d42b3e Add v2.0 /endpoints/ api-ref 3c47ba4 Update identity endpoint in v3 and v3-ext samples 4a0970d Pass request to v2 token authenticate e39486a Remove unused context from AuthInfo 6ac478c Correct normal response codes for v2.0 extensions 21d8686 Improve user experience involving token flush 8517caa Add "v2 overview" docs to APIs 5fbb377 add OS-OAUTH1/authorize/{request_token_id} API ab252d5 Move OS-INHERIT api-ref from extensions to core db6a738 re-order the oauth APIs d8606ee Copy the preamble / summary of OAuth1 from the specs repo 985bcf0 Correct normal response codes in trust documentation caa7faf Add OS-EP-FILTER to api-ref 5d90bfa PCI-DSS Password strength requirements f8231b8 Variables in URL path should be required d23bfc0 Remove get_trust_id_for_request function b75562c Pass request to normalize_domain_id d1d72c3 Remove a validate_token_bind call b3e065e Remove get_user_id in trust controller 813536b Cleanup trusts controller c92f2d5 Trivial spacing and comma corrections 8a56b19 Add OS-KSCRUD api-ref 36394a6 Disable warnerrors in setup.cfg temporarily cd9fb2a Add is_domain to project example responses 003c68b Add is_domain to scope token response examples f48ab4f Improve keystone.conf [security_compliance] documentation 84aec99 Improve keystone.conf [signing] documentation 2f99a0b Correct normal response codes in OS-INHERIT docs db25452 Fix python{3,}-all-dev depends in deb based 0b15eea Correct normal status codes for v2.0 admin docs e5e8c55 Improve keystone.conf [shadow_users] documentation 7f869c2 Correct normal response codes for region docs 179f0fd Correct normal response codes for auth docs cab0b50 Correct normal response codes for credential docs f808dfa Correct normal response codes for project docs 08c6847 Correct normal response codes for policy docs f51b06a Correct normal response codes for v2.0 versions doc edc2cc1 Correct normal response codes in v2.0 versions doc b87b8f7 Correct normal response codes in v2.0 tenant docs a216ee3 Use URIOpt instead of StrOpt for SAML config ac3f9da Correct normal response codes for role docs c36fa2c Correct normal response codes in v2.0 token docs efcbc62 Correct normal response codes in service catalog doc 3c1cfac Correct normal response codes in oauth docs 7acd8d0 Correct normal response codes in v2.0 admin user docs b6c24de Improve keystone.conf [token] documentation 80df383 Correct normal response codes in endpoint policy docs 459dd8b Validate SAML keyfile & certfile options 88e26fd Improve keystone.conf [tokenless_auth] documentation 4876106 Complete OS-TRUST API documentation 5137b7e Fixes response codes in endpoint policy api-ref 1c3d1e9 List 20X status codes as Normal in domain docs f2911cb Improve the API documentation for groups 863b9da Create APIs for OS-REVOKE d90281e Clean up token binding validation code f20e6eb Reorder request params in endpoint policy api-ref 88b9b13 Adds missing parameter to endpoint policy api-ref 2e3e241 Adds missing docs to endpoint policy api-ref c29d65b Reorders API calls to match precedence rules dfac754 Improve keystone.conf [saml] documentation 9dc21e8 Handle more auth information via context 1d7c96d Require auth_context middleware in the pipeline 8a5a414 Updated from global requirements acf907b Improve keystone.conf [trust] documentation a288d5c5 Improve keystone.conf [role] documentation a88ee4f Improve keystone.conf [ldap] documentation 694ab49 Improve keystone.conf [os_inherit] documentation 70532b2 Improve keystone.conf [revoke] documentation 5cbb909 Improve keystone.conf [resource] documentation 511a860 Move logic for catalog driver differences to manager db7de89 Minor docstring cleanup for domain_id mapping 28688d1 Remove unnecessary stable attribute value for status 633532d Updated from global requirements a5c5f5b Mark the domain config via API as stable 172e8c5 Remove validated decorator 8ff6b0e Move request validation inline 81c9ddc Invalidate token cache on domain disablement abdc723 Isolate token caching into its own region 82c7b8b Doc update on enabled external auth and federation b278f03 keystone recommend deprecated memcache backend 187490f Use request object in policy enforcement e4ed9a4 Use the context's is_admin property 2ceeb92 Add the oslo_context to the environment and request af0b966 Use http_client constants instead of hardcoding b577af9 Increase test coverage for token APIs 88de82e Ensure status code is always passed as int d53db18 Fix fernet token validate for disabled domains/trusts 9f5ed12 Doc update for moving abstract base classes out of core e504e8a Fix _populate_token_dates method signature 5f1eae1 Move the trust abstract base class out of core 093f2c2 Move the credential abstract base class out of core 5d707d5 Move the auth plugins abstract base class out of core a7f059f Expose bug with Fernet tokens and trusts 8645d57 Remove last parts of query_string from context 3a19aa5 Remove get_auth_context 5f7377f Correct reraising of exception 3dd1750 Pass request to build_driver_hints b958a5f Remove headers from context f5b3296 Use request.environ through auth and federation a624c9f Remove accept_header from context 08096a3 Fixed a Typo 6ad13d1 Docs: Fix the query params in role_assignments example e37db54 [doc/api]Remove space within word 6e6230f Remove unused LOG b66693e Make assert_admin work with a request ebccd23 Add missing preamble for v3 and v3-ext e55dfe4 move OAUTH1 API to extensions 4f18372 generate separate index files for each api-ref 11d6b32 Migrate identity /v2-admin docs from api-ref repo e7fc093 Use request instead of context in v2 auth 8232f4f Handle catalog backends that don't support all functions. b425379 Refactoring: remove the duplicate method 25e5227 Return `revoked_at` for list revoke events 4bbb151 Use skip_test_overrides everywhere we feature skip d122e9b Improve keystone.conf [fernet_tokens] documentation 85be70c Improve keystone.conf [catalog] documentation c987d4d Refactor: [ldap] suffix should not be an instance attribute f4e9489 Grammar fix: will -> can cd343ef Fixes hacking's handling of log hints fc4e3f5 Improve keystone.conf [paste_deploy] documentation f93dc19 Improve keystone.conf [kvs] documentation a6c6271 Improve keystone.conf [identity] documentation bcbc43e Improve keystone.conf [endpoint_filter] documentation e5347b6 Improve keystone.conf [oauth1] documentation 7df92f7 Verify domain_id when get_domain is being called 960ef1e Updated from global requirements 67a50b5 Include doc directory in pep8 checks 81a1cd7 Do not register options on import 70a06c8 Improve keystone.conf [policy] documentation ddd21de Improve keystone.conf [memcache] documentation a59aa8b Use min to avoid checking < 1 max fernet keys 2917c4d Improve keystone.conf [identity_mapping] documentation cc05f80 Improve keystone.conf [federation] documentation 97e15b7 Updated tests that claimed to be blocked by bugs 4d87d58 Use skip_test_overrides in test_backend_ldap 6c6484f Adds a skip method to identify useless skips d18bb02 Update the nosetests test regex for legacy tests 1b0a553 update a config option deprecation message 70f275c Improve keystone.conf [eventlet_server] documentation 32ab235 Improve keystone.conf [endpoint_policy] documentation dbbf061 Improve keystone.conf [credential] documentation 34736ec Improve keystone.conf [domain_config] documentation e104838 Rename [DEFAULT] keystone.conf module to keystone.conf.default 4eb93c0 Improve keystone.conf [DEFAULT] documentation 61d896f Remove test_backend_ldap skips for missing tests 40bb21b Removes duplicate ldap test setup 56dd227 Extracted common ldap setup and use in the filter tests 40c67ae Reduce domain specific config setup duplication 4db7651 API Change Tutorial doc code modify 54328aa Update other-requirements for Xenial eed233c Concrete role assignments for federated users e3a5b61 PCI-DSS Disable inactive users requirements 038c0e3 Migrate identity /v3-ext docs from api-ref repo 1ee8252 Migrate identity /v2-ext docs from api-ref repo 3bfb08e Migrate identity /v2 docs from api-ref repo ef70f52 Use request.params instead of context['query_string'] 9c460e2 Config: no need to set default=None ba1a07f Do not spam the log with uncritical stacktraces 71be9f5 Improve keystone.conf [auth] documentation 4187ae1 Improve keystone.conf [assignment] documentation 0651a23 Group test_backend_ldap skips for readability e03cfcd Adds a backend test fixture c524254 Remove unused test code 4ab4265 Moves auth plugin test setup closer to its use 2641a40 Add security_compliance group back to config 7b809fb Fix nits related to the new keystone.conf package e04c561 Fixes failure when password is null 5dfa16a Allow auth plugins to be setup more than once dc81d28 Removes outdate comment from a test d9c6b50 Replace keystone.common.config with keystone.conf package 113b00d Updated from global requirements 3f78996 Fix a few spelling mistakes c990ec5 Allow user to get themself and their domain 498ea91 PCI-DSS Password SQL model changes 2410ff0 Fix argument order for assertEqual to (expected, observed) d0de3f5 Use the ldap fixture to simplify tests cc4de19 Change the remaining conf setup to use the fixture 6872f85 Reduce setup overhead in auth_plugin tests 6a9a9f0 /services?name=<name> API fails when using list_limit 2787e2f Updated from global requirements 48ccf75 Make sure to use InnoDB as the DB engine e8d980d Remove TestAuth 3d51061 Move last few TestAuth tests to TokenAPITests 4d0a7f1 Move external auth and bind test to TokenAPITests 38fc7f4 Refactor test_validate_v2_scoped_token_with_v3_api 29557cb Remove test_validate_v2_unscoped_token_with_v3_api 005f887 Move more project scoped token behavior to TokenAPITests 89d5135 Validate impersonation in trust redelegation 8c2412a Correct domain_id and name constraint dropping 76e9209 Integration tests cleanup 8b5c095 Use http_proxy_to_wsgi from oslo.middleware 23936d3 Use request object in auth plugins 9c395cf Move cross domain/group/project auth tests ca0b99a Move negative token tests to TokenAPITests 7b2b21f Move unscoped token test to TokenAPITests 3814111 Move negative domain scope test to TokenAPITests d941ccd Consolidate domain token tests into TokenAPITests 46efe4b Move more project scoped behavior tests to TokenAPITests 694b930 Move project scoped catalog tests to TokenAPITests e8a3d9c Update driver versioning documentation b04da90 Move project scoped tests to TokenAPITests 129ad39 Move TestAuth unscoped token tests to TokenAPITests a00d703 Add cache invalidation for service providers dae2e92 Updated from global requirements 248f027 Add 'links' to implied roles response 3ff204a Updated from global requirements 907ee2d fix ldap delete_user group member cleanup c3baa83 exception sensitive cache/audit changes 380514b Fix TOTP transient test failure 4b9384d Change LocalUser sql model to eager loading a272c8b Shadow LDAP and custom driver users d7849bd Refactor shadow users 7a4cbc4 Fix ValidationError exception name in docstring e66ea23 Add docstring to delete_project 03091c8 Updated from global requirements 9c89e07 Revert to caching fernet tokens the same way we do UUID 1c0e59d Honor ldap_filter on filtered group list da6ea7e Pass a request to controllers instead of a context 6bc084d Update the keystone-manage man page options 05f35bf clean up test_resource_uuid fde57f6 Return 404 instead of 401 for tokens w/o roles 4bba482 Updating sample configuration file 4db2047 Revert "Install necessary files in etc/" d03ed96 Keystone uwsgi performance tuning fc7666f Add caching config for federation d205900 Updated from global requirements 346e7f2 Updating sample configuration file 1ed56a3 Updating sample configuration file d6b016d Bootstrap: enable and reset password for existing users 81e5d8e PEP257: Ignore D203 because it was deprecated 54da44b Cache service providers on token validation 510f00f Refactor revoke_model to remove circular dependency b2ee4a2 Update man page for Newton release 671cb9c Move stray notification options into config module 5c87422 Adding role assignment lists unit tests b7b4aaa Add protocols integration tests 28f7788 Add mapping rules integration tests 23c23fc Add service providers integration tests 1548fcf Imported Translations from Zanata a0bd19a Updated from global requirements 7f3725f Simplify & fix configuration file copy in setup.cfg f99552a Config settings to support PCI-DSS b4bfc54 Fix credentials_factory method call 9e7f24c Allow domain admins to list users in groups with v3 policy 9f4943c Updating sample configuration file ae8cdbf Updated from global requirements 322a744 Honor ldap_filter on filtered user list 5486f0a Install necessary files in etc/ 75abc21 Replace revoke tree with linear search 9a5395f Migrate identity /v3 docs from api-ref repo 991979e Updated from global requirements e386e84 Add new functionality to @wip 3965fbe remove deprecated revoke_by_expiration function d5cca09 Isolate common ldap code to the identity backend cbe0a1e Updated from global requirements 94391a3 Remove helper script for py34 e26b806 Include project_id in the validation error on default project is domain 4025cb6 Add python 3 release note. a0dc2f2 Add comment to test case helper function a12c254 Add Python 3 classification. ee0a294 Py3 oauth tests 68473b2 Enable py3 tests for test_v3_auth 8a7133f make sure default_project_id is not domain on user creation and update 16d0cdb Let setup.py compile_catalog process all language files 293c891 Fix broken link of federation docs ba3dd94 Add new line in keystone/common/request.py fb3bc6c Move identity.backends.sql model code to sql_model.py d87a098 Add .mo files to MANIFEST.in fcd6644 Replace context building with a request object e8f6584 Enable py3 testing for Fernet token provider e518535 Enable py3 for credential tests 363920b reorganize mitaka release notes 465c3e4 enable ldap tests for py3 7463a0c Updated from global requirements fe3b4c0 Add the validation rules when create token f6fdda6 Use PyLDAP instead of python-ldap 80d7bee Fix config path for running wsgi in developer mode 47529d0 Move the revoke abstract base class out of core d6dd7e1 Updated from global requirements 97eec19 Port test_v2 unit test to Python 3 a9d2daa Move the oauth1 abstract base class out of core 978faba Drop the (unused) domain table e61e4da Don't set None for ldap.OPT_X_TLS_CACERTFILE de2f2b0 Add API Change Tutorial 108310b Deprecate keystone.common.kvs d84195b Updating sample configuration file c1d0959 Add is_domain in token response d03aeff Switch to use `new_domain_ref` for testcases bdeee9c Move the assignment abstract base class out of core 8d90866 Add identity providers integration tests f6ac066 Update documentation to remove keystone-all 7c3497c Updating sample configuration file cb4c2b1 Updated from global requirements 7539942 replace logging with oslo.log 86d037f Move the federation abstract base class out of core 88713cc Separate protocol schema b85e2a2 Updated from global requirements 2963dc1 Move the catalog abstract base class and common code out of core a9d79e0 Enhance federation group mapping validation 09d13cf Add mapping validation tests 70b7986 Fixes example in the mapping combinations docs 2183b47 do not search file on real environment 7567c5e Allow 'domain' property for local.group bfcbb3c Add conflict validation for idp update ed634e8 Always add is_admin_project if admin project defined 971ba5f Make keystone exit when fernet keys don't exist 0d37602 Fix fernet audit ids for v2.0 7be1ede Revert "Revert "Unit test for checking cross-version migrations compatibility"" 36da34f Make all fixture project_ids into uuids ce574c3 Fixing D105, D203, and D205 PEP257 8eb7960 Remove test_invalid_policy_raises_error ade1308 switch to tempest instead of deprecated tempest-lib d1591b5 Move the resource abstract base class out of core cafbe1b Correct RST syntax for a code block 92ece11 Restructure policy abstract driver f2b71ab Updated from global requirements 37afc8e Add test for authentication when project and domain name clash 5cd8356 Fix doc build if git is absent a4a2ab6 Restructure endpoint policy abstract driver cfb983a Clean up test_receive_identityId 47e7acf Fix typos 61ae6d7 Fixes incorrect deprecation warning for IdentityDriverV8 6d8c504 Add other-requirements.txt 2c4f948 Fix D400 PEP257 5962c2c Imported Translations from Zanata 3c4fe62 Updating sample configuration file c7cb72b Customize config file location when run as wsgi app. 40ed477 Updated from global requirements b6cab8b Updating sample configuration file a607ccc Updated from global requirements a596865 Bump the required tox version to 2.3.1 8e2e80c Add set_config_defaults() call to tests 8851966 update deprecation warning for falling back to default domain 08dc3ce Tests clean up global ldap settings 3956163 Define identity interface - easy cases ee2da37 add missing deprecation reason for eventlet option 3588402 Remove comments mentioning eventlet 20b851b Remove support for generating ssl certs e380a3c Updating sample configuration file ac03941 Remove eventlet support cec8bbb Default caching to on for request-local caching. e641f79 Typo in sysctl command example Edit c08884d Typo fix in tests 32203d4 Add logging to cli if keystone.conf is not found 2535f22 Fix post jobs 4e0fdfa Refactor domain config upload db7bdf9 Keystone jobs should honor upper-constraints.txt e23ef5b Fix confusing naming in ldap EnableEmuMixin. c382857 Updating sample configuration file d8084e3 Deprecation reason for domain_id_immutable a1cb55b Test list project hierarchy is correct for a large tree aabc213 Fix D401 PEP8 violation. 3306dc2 OSprofiler release notes 99e74ad Updating sample configuration file f309a7a Updated from global requirements 3ff7f13 Add keystone service ID to observer audit e082c72 group federated identity docs together abce49b Change Role/Region to role/region in keystone-manage bootstrap f7c4e96 Use mockpatch fixtures from fixtures 9b9bc77 Set the values for the request_local_cache 324f4b5 Add missing backslash to keystone-manage bootstrap command in documentation cd3ef89 fix typo c1be688 Fix KeyError when rename to a name is already in use ff9e257 Improve project name conflict message 2995748 Imported Translations from Zanata 14e1ae2 Updating sample configuration file b316b14 Dev doc update for moving abstract base classes out of core 4872f9a Simplify chained comparison 840a714 Update the description of the role driver option 639e36a Integrate OSprofiler in Keystone f0000bf Update the Administrator guide link 744aed7 Clean up test case for shadow users 562b81d Fixes bug where the updated federated display_name is not returned be55871 Make AuthContext depend on auth_token middleware 3eaea2f Fix totp test fails randomly 3e5fca0 Update federated user display name with shadow_users_api 7ad4f87 Update federated user display name with shadow_users_api 4a8023a Remove comment from D202 rule 5107da7 Remove backend interface and common code out of identity.core 8b7bfb4 Use messaging notifications transport instead of default 6dd8e61 Run federation tests under Python 3 8ab2a19 Bandit test results 7f42e1d create a new `advanced topics` section in the docs dba04cd Correct `role_name` constraint dropping 9e81843 Correct `role_name` constraint dropping 088393d Base for keystone tempest plugin 96c9da2 Random project should return positive numbers cf1fd9d Imported Translations from Zanata 815a924 Improve error message for schema validation c4b08ed Imported Translations from Zanata f5a0e2f The name can be just white character except project and user d5bbc6e Fix typos in Keystone files 9a92c47 Add `patch_cover` to keystone dd38543 Fix keystone-manage config file path 93aff6e Cleanup LDAP models 685116d Correct test to support changing N release name 4625557 Correct _populate_default_domain in tests aa53ad9 Imported Translations from Zanata c78e8f4 Removing redundant words ae068b1 Imported Translations from Zanata 8556437 Correct test to support changing N release name 139f892 Fix keystone-manage config file path 5f45541 Opportunistic testing with different DBs 3bf13c1 Correct test_implied_roles_fk_on_delete_cascade 379e369 Fix table row counting SQL for MySQL and Postgresql 92749e4 Switch migration tests to oslo.db DbTestCase 1f675cf Correct test_migrate_data_to_local_user_and_password_tables dadf12a Fix test_add_int_pkey_to_revocation_event_table for MySQL 8177acd Imported Translations from Zanata 1d087af Implement HEAD method for all v3 GET actions 771eeb3 Avoid name repetition in equality comparisons d14fba6 Simplify repetitive unequal checks e4c8600 Imported Translations from Zanata 1ed8d3a Add test for domains list filtering and limiting 02817c5 Imported Translations from Zanata 00bfbb9 remove endpoint_policy from contrib 6088320 Moved name formatting (clean) out of the driver 6bd2da1 Add py3 debugging ff01c0e Add release note for list_limit support 1041d33 Add release note for list_limit support be0aeed Cleanup migration tests f7197c7 Imported Translations from Zanata 9e9dc6a Imported Translations from Zanata f7983d4 Update dev docs and sample script for v3/bootstrap b4e8584 add placeholder migrations for mitaka 85590e6 Enables the notification tests in py3 50ffcbf Update reno for stable/mitaka 9692d40 Update .gitreview for stable/mitaka 691d497 Move region configuration to a critical section 8ce8c99 Make modifications to domain config atomic 6a3c21c Expose not clearing of user default project on project delete Diffstat (except docs and test files) ------------------------------------- .gitignore | 1 + .gitreview | 1 + MANIFEST.in | 2 +- api-ref/source/conf.py | 220 + api-ref/source/index.rst | 27 + api-ref/source/v2-admin/admin-endpoints.inc | 78 + .../v2-admin/admin-endpoints_parameters.yaml | 71 + api-ref/source/v2-admin/admin-tenants.inc | 268 + api-ref/source/v2-admin/admin-tokens.inc | 167 + api-ref/source/v2-admin/admin-users.inc | 229 + api-ref/source/v2-admin/admin-versions.inc | 29 + api-ref/source/v2-admin/index.rst | 13 + api-ref/source/v2-admin/parameters.yaml | 287 + .../samples/admin/endpoint-create-request.json | 9 + .../samples/admin/endpoint-create-response.json | 9 + .../samples/admin/endpoint-list-response.json | 18 + .../samples/admin/roles-list-response.json | 10 + .../samples/admin/tenant-show-response.json | 8 + .../samples/admin/tenant-update-request.json | 8 + .../admin/tenantwithoutid-create-request.json | 7 + .../admin/token-endpoints-list-response.json | 122 + .../samples/admin/token-validate-response.json | 28 + .../samples/admin/user-create-request.json | 9 + .../v2-admin/samples/admin/user-show-response.json | 9 + .../samples/admin/user-update-request.json | 6 + .../samples/admin/user-update-response.json | 10 + .../samples/admin/users-list-response.json | 19 + api-ref/source/v2-ext/index.rst | 11 + api-ref/source/v2-ext/ksadm-admin.inc | 441 ++ api-ref/source/v2-ext/kscrud.inc | 26 + api-ref/source/v2-ext/ksec2-admin.inc | 122 + api-ref/source/v2-ext/parameters.yaml | 195 + .../OS-KSADM/credentials-show-response.json | 11 + .../samples/OS-KSADM/role-create-request.json | 7 + .../samples/OS-KSADM/role-show-response.json | 7 + .../samples/OS-KSADM/roles-list-response.json | 10 + .../samples/OS-KSADM/service-create-request.json | 8 + .../samples/OS-KSADM/service-show-response.json | 8 + .../samples/OS-KSADM/services-list-response.json | 17 + .../samples/OS-KSADM/user-set-enabled-request.json | 5 + .../OS-KSADM/user-set-password-request.json | 5 + .../samples/OS-KSADM/user-show-response.json | 10 + .../OS-KSADM/user-update-tenant-request.json | 5 + .../OS-KSEC2/credentialswithec2-list-response.json | 18 + .../OS-KSEC2/ec2Credentials-create-request.json | 7 + .../OS-KSEC2/ec2Credentials-show-response.json | 7 + api-ref/source/v2/identity-api-extensions.inc | 70 + api-ref/source/v2/identity-auth.inc | 122 + api-ref/source/v2/index.rst | 12 + api-ref/source/v2/overview.inc | 272 + api-ref/source/v2/parameters.yaml | 256 + .../samples/admin/UserUpdatePasswordRequest.json | 6 + .../admin/authenticate-credentials-request.json | 9 + .../v2/samples/admin/authenticate-response.json | 184 + .../samples/admin/authenticate-token-request.json | 8 + .../v2/samples/admin/extension-show-response.json | 16 + .../v2/samples/admin/extensions-list-response.json | 118 + .../v2/samples/admin/tenants-list-request-JSON.txt | 5 + .../v2/samples/admin/tenants-list-response.json | 17 + .../v2/samples/admin/user-create-response.json | 10 + .../v2/samples/admin/user-update-response.json | 9 + .../v2/samples/admin/users-list-response.json | 88 + .../v2/samples/admin/version-show-response.json | 24 + .../v2/samples/admin/versions-list-response.json | 45 + .../client/authenticate-credentials-request.json | 9 + .../v2/samples/client/authenticate-response.json | 184 + api-ref/source/v2/versions.inc | 39 + api-ref/source/v3-ext/endpoint-policy.inc | 348 ++ api-ref/source/v3-ext/ep-filter.inc | 524 ++ api-ref/source/v3-ext/federation.inc | 309 + .../v3-ext/federation/assertion/assertion.inc | 134 + .../v3-ext/federation/assertion/parameters.yaml | 35 + .../samples/ecp-saml-assertion-request.json | 17 + .../samples/ecp-saml-assertion-response.xml | 82 + .../assertion/samples/metadata-response.xml | 29 + .../assertion/samples/saml-assertion-request.json | 17 + .../assertion/samples/saml-assertion-response.xml | 69 + api-ref/source/v3-ext/federation/auth/auth.inc | 127 + .../source/v3-ext/federation/auth/parameters.yaml | 43 + .../auth/samples/scoped-token-request.json | 17 + .../auth/samples/scoped-token-response.json | 71 + .../auth/samples/unscoped-token-response.json | 22 + .../v3-ext/federation/identity-provider/idp.inc | 331 ++ .../federation/identity-provider/parameters.yaml | 97 + .../samples/add-protocol-request.json | 5 + .../samples/add-protocol-response.json | 10 + .../samples/get-protocol-response.json | 10 + .../identity-provider/samples/get-response.json | 12 + .../samples/list-protocol-response.json | 17 + .../identity-provider/samples/list-response.json | 29 + .../samples/register-request.json | 7 + .../samples/register-response.json | 12 + .../samples/update-protocol-request.json | 5 + .../samples/update-protocol-response.json | 10 + .../identity-provider/samples/update-request.json | 6 + .../identity-provider/samples/update-response.json | 12 + .../source/v3-ext/federation/mapping/mapping.inc | 151 + .../v3-ext/federation/mapping/parameters.yaml | 49 + .../federation/mapping/samples/create-request.json | 32 + .../mapping/samples/create-response.json | 36 + .../federation/mapping/samples/get-response.json | 36 + .../federation/mapping/samples/list-response.json | 43 + .../federation/mapping/samples/update-request.json | 32 + .../mapping/samples/update-response.json | 36 + .../federation/projects-domains/parameters.yaml | 35 + .../projects-domains/projects-domains.inc | 67 + .../samples/domain-list-response.json | 18 + .../samples/project-list-response.json | 27 + .../federation/service-provider/parameters.yaml | 77 + .../service-provider/samples/get-response.json | 13 + .../service-provider/samples/list-response.json | 31 + .../service-provider/samples/register-request.json | 8 + .../samples/register-response.json | 13 + .../service-provider/samples/update-request.json | 8 + .../service-provider/samples/update-response.json | 13 + .../v3-ext/federation/service-provider/sp.inc | 173 + api-ref/source/v3-ext/index.rst | 23 + api-ref/source/v3-ext/oauth.inc | 468 ++ api-ref/source/v3-ext/parameters.yaml | 550 ++ api-ref/source/v3-ext/revoke.inc | 75 + ...policy-endpoint-associations-list-response.json | 29 + .../OS-ENDPOINT-POLICY/policy-show-response.json | 14 + .../create-endpoint-group-request.json | 10 + .../OS-EP-FILTER/endpoint-group-response.json | 14 + .../OS-EP-FILTER/endpoint-groups-response.json | 36 + .../OS-EP-FILTER/endpoint-project-response.json | 12 + .../OS-EP-FILTER/get-projects-response.json | 29 + .../OS-EP-FILTER/list-endpoints-response.json | 29 + .../OS-EP-FILTER/list-service-endpoints.json | 45 + .../OS-OAUTH1/access-token-create-response.txt | 1 + .../OS-OAUTH1/access-token-show-response.json | 13 + .../OS-OAUTH1/access-tokens-list-response.json | 20 + .../OS-OAUTH1/authorize-request-token-request.json | 10 + .../authorize-request-token-response.json | 5 + .../samples/OS-OAUTH1/consumer-create-request.json | 5 + .../OS-OAUTH1/consumer-create-response.json | 10 + .../samples/OS-OAUTH1/consumer-show-response.json | 9 + .../samples/OS-OAUTH1/consumer-update-request.json | 5 + .../OS-OAUTH1/consumer-update-response.json | 9 + .../samples/OS-OAUTH1/consumers-list-response.json | 22 + .../OS-OAUTH1/request-token-create-response.txt | 1 + .../samples/OS-REVOKE/list-revoke-response.json | 22 + .../OS-TRUST/trust-auth-redelegated-response.json | 45 + .../samples/OS-TRUST/trust-auth-request.json | 17 + .../OS-TRUST/trust-auth-trust-response.json | 43 + .../samples/OS-TRUST/trust-create-request.json | 15 + .../samples/OS-TRUST/trust-create-response.json | 29 + .../samples/OS-TRUST/trust-get-response.json | 27 + .../trust-get-role-delegated-response.json | 9 + .../samples/OS-TRUST/trust-list-response.json | 25 + .../trust-list-roles-delegated-response.json | 18 + api-ref/source/v3-ext/trust.inc | 382 ++ api-ref/source/v3/authenticate-v3.inc | 603 ++ api-ref/source/v3/credentials.inc | 225 + api-ref/source/v3/domains-config-v3.inc | 559 ++ api-ref/source/v3/domains.inc | 224 + api-ref/source/v3/groups.inc | 313 + api-ref/source/v3/index.rst | 54 + api-ref/source/v3/inherit.inc | 508 ++ api-ref/source/v3/parameters.yaml | 1698 ++++++ api-ref/source/v3/policies.inc | 218 + api-ref/source/v3/projects.inc | 311 + api-ref/source/v3/regions-v3.inc | 227 + api-ref/source/v3/roles.inc | 922 +++ .../auth-password-explicit-unscoped-request.json | 16 + .../auth-password-explicit-unscoped-response.json | 21 + .../auth-password-project-scoped-request.json | 20 + .../auth-password-project-scoped-response.json | 402 ++ ...auth-password-unscoped-request-with-domain.json | 18 + .../admin/auth-password-unscoped-request.json | 15 + .../admin/auth-password-unscoped-response.json | 21 + .../auth-password-user-name-unscoped-request.json | 18 + ...h-password-user-name-unscoped-response-HTTP.txt | 8 + .../samples/admin/auth-token-scoped-request.json | 17 + .../samples/admin/auth-token-scoped-response.json | 402 ++ .../samples/admin/auth-token-unscoped-request.json | 12 + .../admin/auth-token-unscoped-response.json | 21 + .../admin/create-role-inferences-response.json | 21 + .../samples/admin/credential-create-request.json | 8 + .../samples/admin/credential-create-response.json | 12 + .../v3/samples/admin/credential-show-response.json | 12 + .../samples/admin/credential-update-request.json | 8 + .../samples/admin/credential-update-response.json | 12 + .../samples/admin/credentials-list-response.json | 109 + .../admin/domain-config-create-request.json | 11 + .../admin/domain-config-create-response.json | 11 + .../admin/domain-config-default-response.json | 13 + .../domain-config-group-default-response.json | 8 + ...omain-config-group-option-default-response.json | 3 + .../domain-config-group-option-show-response.json | 3 + .../domain-config-group-option-update-request.json | 3 + ...domain-config-group-option-update-response.json | 11 + .../admin/domain-config-group-show-response.json | 6 + .../admin/domain-config-group-update-request.json | 8 + .../admin/domain-config-group-update-response.json | 11 + .../samples/admin/domain-config-show-response.json | 11 + .../admin/domain-config-update-request.json | 8 + .../admin/domain-config-update-response.json | 11 + .../v3/samples/admin/domain-create-request.json | 7 + .../v3/samples/admin/domain-create-response.json | 11 + .../admin/domain-group-roles-list-response.json | 23 + .../samples/admin/domain-group-update-request.json | 8 + .../v3/samples/admin/domain-show-response.json | 11 + .../admin/domain-specific-role-create-request.json | 6 + .../v3/samples/admin/domain-update-request.json | 5 + .../v3/samples/admin/domain-update-response.json | 11 + .../admin/domain-user-roles-list-response.json | 23 + .../v3/samples/admin/domains-list-response.json | 27 + .../v3/samples/admin/endpoint-create-request.json | 8 + .../v3/samples/admin/endpoint-create-response.json | 15 + .../v3/samples/admin/endpoint-show-response.json | 14 + .../v3/samples/admin/endpoint-update-request.json | 9 + .../v3/samples/admin/endpoint-update-response.json | 12 + .../v3/samples/admin/endpoints-list-response.json | 333 ++ .../get-available-domain-scopes-response.json | 27 + .../get-available-project-scopes-response.json | 27 + .../admin/get-role-inferences-response.json | 21 + .../admin/get-service-catalog-response.json | 34 + .../v3/samples/admin/group-create-request.json | 7 + .../v3/samples/admin/group-create-response.json | 11 + .../admin/group-roles-domain-list-response.json | 23 + .../samples/admin/group-roles-list-response.json | 23 + .../v3/samples/admin/group-show-response.json | 11 + .../v3/samples/admin/group-update-request.json | 6 + .../v3/samples/admin/group-update-response.json | 11 + .../samples/admin/group-users-list-response.json | 30 + .../v3/samples/admin/groups-list-response.json | 27 + .../samples/admin/identity-version-response.json | 19 + .../samples/admin/identity-versions-response.json | 45 + .../list-implied-roles-for-role-response.json | 30 + .../v3/samples/admin/policies-list-response.json | 37 + .../v3/samples/admin/policy-create-request.json | 8 + .../v3/samples/admin/policy-create-response.json | 12 + .../v3/samples/admin/policy-show-response.json | 16 + .../v3/samples/admin/policy-update-request.json | 12 + .../v3/samples/admin/policy-update-response.json | 16 + .../admin/project-create-domain-request.json | 8 + .../v3/samples/admin/project-create-request.json | 9 + .../v3/samples/admin/project-create-response.json | 14 + .../v3/samples/admin/project-enable-request.json | 5 + .../admin/project-group-roles-list-response.json | 23 + .../admin/project-show-parents-response.json | 26 + .../v3/samples/admin/project-show-response.json | 14 + .../admin/project-show-subtree-response.json | 50 + .../v3/samples/admin/project-update-request.json | 6 + .../v3/samples/admin/project-update-response.json | 14 + .../admin/project-user-roles-list-response.json | 16 + .../v3/samples/admin/projects-list-response.json | 105 + .../v3/samples/admin/region-create-request.json | 7 + .../v3/samples/admin/region-create-response.json | 10 + .../v3/samples/admin/region-show-response.json | 10 + .../v3/samples/admin/region-update-request.json | 5 + .../v3/samples/admin/region-update-response.json | 10 + .../v3/samples/admin/regions-list-response.json | 17 + ...ents-effective-list-include-names-response.json | 60 + .../role-assignments-effective-list-response.json | 42 + .../role-assignments-effective-list-response.txt | 1 + ...-assignments-list-include-subtree-response.json | 42 + .../admin/role-assignments-list-response.json | 41 + .../admin/role-assignments-list-response.txt | 1 + .../v3/samples/admin/role-create-request.json | 5 + .../v3/samples/admin/role-create-response.json | 9 + .../v3/samples/admin/role-inferences-response.json | 57 + .../v3/samples/admin/role-show-response.json | 10 + .../v3/samples/admin/role-update-request.json | 5 + .../v3/samples/admin/role-update-response.json | 10 + .../v3/samples/admin/roles-list-response.json | 51 + .../v3/samples/admin/service-create-request.json | 7 + .../v3/samples/admin/service-create-response.json | 12 + .../v3/samples/admin/service-show-response.json | 12 + .../v3/samples/admin/service-update-request.json | 5 + .../v3/samples/admin/service-update-response.json | 12 + .../v3/samples/admin/services-list-response.json | 99 + .../v3/samples/admin/token-validate-request.txt | 3 + .../v3/samples/admin/user-create-request.json | 9 + .../v3/samples/admin/user-create-response.json | 15 + .../samples/admin/user-groups-list-response.json | 27 + .../admin/user-password-update-request.json | 6 + .../samples/admin/user-projects-list-response.json | 31 + .../admin/user-roles-domain-list-response.json | 23 + .../v3/samples/admin/user-roles-list-response.json | 23 + .../v3/samples/admin/user-show-response.json | 13 + .../v3/samples/admin/user-update-request.json | 6 + .../v3/samples/admin/user-update-response.json | 13 + .../v3/samples/admin/users-list-response.json | 139 + api-ref/source/v3/service-catalog.inc | 521 ++ api-ref/source/v3/status.yaml | 60 + api-ref/source/v3/users.inc | 304 + bindep.txt | 32 + config-generator/keystone.conf | 2 +- etc/keystone-paste.ini | 16 +- etc/keystone.conf.sample | 1954 ++++--- etc/policy.json | 8 +- etc/policy.v3cloudsample.json | 10 +- httpd/keystone-uwsgi-admin.ini | 5 +- httpd/keystone-uwsgi-public.ini | 5 +- keystone/assignment/V8_backends/sql.py | 10 +- keystone/assignment/V8_role_backends/sql.py | 4 +- keystone/assignment/backends/base.py | 400 ++ keystone/assignment/backends/sql.py | 6 +- keystone/assignment/controllers.py | 254 +- keystone/assignment/core.py | 742 +-- keystone/assignment/role_backends/base.py | 267 + keystone/assignment/role_backends/sql.py | 4 +- keystone/assignment/routers.py | 17 +- keystone/assignment/schema.py | 16 + keystone/auth/__init__.py | 1 - keystone/auth/controllers.py | 100 +- keystone/auth/core.py | 86 +- keystone/auth/plugins/base.py | 94 + keystone/auth/plugins/core.py | 8 +- keystone/auth/plugins/external.py | 66 +- keystone/auth/plugins/mapped.py | 53 +- keystone/auth/plugins/oauth1.py | 16 +- keystone/auth/plugins/password.py | 8 +- keystone/auth/plugins/token.py | 18 +- keystone/auth/plugins/totp.py | 14 +- keystone/catalog/backends/base.py | 531 ++ keystone/catalog/backends/sql.py | 18 +- keystone/catalog/backends/templated.py | 22 +- keystone/catalog/controllers.py | 226 +- keystone/catalog/core.py | 615 +- keystone/catalog/schema.py | 33 +- keystone/cmd/all.py | 39 - keystone/cmd/cli.py | 478 +- keystone/cmd/doctor/__init__.py | 77 + keystone/cmd/doctor/caching.py | 35 + keystone/cmd/doctor/credential.py | 73 + keystone/cmd/doctor/database.py | 30 + keystone/cmd/doctor/federation.py | 36 + keystone/cmd/doctor/ldap.py | 52 + keystone/cmd/doctor/security_compliance.py | 64 + keystone/cmd/doctor/tokens.py | 46 + keystone/cmd/doctor/tokens_fernet.py | 51 + keystone/cmd/manage.py | 5 +- keystone/common/authorization.py | 1 + keystone/common/cache/_context_cache.py | 35 +- keystone/common/cache/core.py | 202 +- keystone/common/config.py | 1259 ----- keystone/common/context.py | 54 + keystone/common/controller.py | 205 +- keystone/common/dependency.py | 2 +- keystone/common/driver_hints.py | 4 +- keystone/common/environment/__init__.py | 102 - keystone/common/environment/eventlet_server.py | 212 - keystone/common/fernet_utils.py | 277 + keystone/common/kvs/backends/memcached.py | 4 +- keystone/common/kvs/core.py | 17 +- keystone/common/ldap/__init__.py | 13 +- keystone/common/ldap/core.py | 1947 +------ keystone/common/ldap/models.py | 26 + keystone/common/manager.py | 5 +- keystone/common/models.py | 196 - keystone/common/openssl.py | 56 +- keystone/common/profiler.py | 47 + keystone/common/request.py | 95 + keystone/common/router.py | 4 +- keystone/common/sql/contract_repo/README | 4 + keystone/common/sql/contract_repo/__init__.py | 0 keystone/common/sql/contract_repo/manage.py | 5 + keystone/common/sql/contract_repo/migrate.cfg | 25 + .../001_contract_initial_null_migration.py | 18 + .../002_password_created_at_not_nullable.py | 39 + ...move_unencrypted_blob_column_from_credential.py | 60 + .../versions/004_reset_password_created_at.py | 37 + .../common/sql/contract_repo/versions/__init__.py | 0 keystone/common/sql/core.py | 54 +- keystone/common/sql/data_migration_repo/README | 4 + .../common/sql/data_migration_repo/__init__.py | 0 keystone/common/sql/data_migration_repo/manage.py | 5 + .../common/sql/data_migration_repo/migrate.cfg | 25 + .../versions/001_data_initial_null_migration.py | 18 + .../002_password_created_at_not_nullable.py | 18 + .../003_migrate_unencrypted_credentials.py | 39 + .../versions/004_reset_password_created_at.py | 15 + .../sql/data_migration_repo/versions/__init__.py | 0 keystone/common/sql/expand_repo/README | 4 + keystone/common/sql/expand_repo/__init__.py | 15 + keystone/common/sql/expand_repo/manage.py | 5 + keystone/common/sql/expand_repo/migrate.cfg | 25 + .../versions/001_expand_initial_null_migration.py | 18 + .../002_password_created_at_not_nullable.py | 18 + ...dd_key_hash_and_encrypted_blob_to_credential.py | 129 + .../versions/004_reset_password_created_at.py | 15 + .../common/sql/expand_repo/versions/__init__.py | 15 + .../common/sql/migrate_repo/versions/067_kilo.py | 3 +- .../versions/073_insert_assignment_inherited_pk.py | 2 +- .../versions/082_add_federation_tables.py | 4 +- .../versions/088_domain_specific_roles.py | 31 +- ...grate_data_to_local_user_and_password_tables.py | 22 +- .../versions/094_add_federated_user_table.py | 4 +- .../versions/096_drop_role_name_constraint.py | 50 + .../097_drop_user_name_domainid_constraint.py | 67 + .../sql/migrate_repo/versions/098_placeholder.py | 18 + .../sql/migrate_repo/versions/099_placeholder.py | 18 + .../sql/migrate_repo/versions/100_placeholder.py | 18 + .../versions/101_drop_role_name_constraint.py | 53 + .../migrate_repo/versions/102_drop_domain_table.py | 21 + .../versions/103_add_nonlocal_user_table.py | 32 + .../104_drop_user_name_domainid_constraint.py | 71 + .../versions/105_add_password_date_columns.py | 30 + .../106_allow_password_column_to_be_nullable.py | 21 + .../versions/107_add_user_date_columns.py | 30 + .../versions/108_add_failed_auth_columns.py | 26 + .../109_add_password_self_service_column.py | 24 + keystone/common/sql/migration_helpers.py | 159 +- keystone/common/tokenless_auth.py | 12 +- keystone/common/utils.py | 160 +- keystone/common/validation/__init__.py | 50 +- keystone/common/validation/parameter_types.py | 3 +- keystone/common/validation/validators.py | 40 +- keystone/common/wsgi.py | 217 +- keystone/conf/__init__.py | 186 + keystone/conf/assignment.py | 50 + keystone/conf/auth.py | 99 + keystone/conf/catalog.py | 78 + keystone/conf/constants.py | 30 + keystone/conf/credential.py | 63 + keystone/conf/default.py | 258 + keystone/conf/domain_config.py | 59 + keystone/conf/endpoint_filter.py | 51 + keystone/conf/endpoint_policy.py | 56 + keystone/conf/eventlet_server.py | 95 + keystone/conf/federation.py | 103 + keystone/conf/fernet_tokens.py | 69 + keystone/conf/identity.py | 131 + keystone/conf/identity_mapping.py | 74 + keystone/conf/kvs.py | 76 + keystone/conf/ldap.py | 638 +++ keystone/conf/memcache.py | 96 + keystone/conf/oauth1.py | 62 + keystone/conf/opts.py | 97 + keystone/conf/os_inherit.py | 49 + keystone/conf/paste_deploy.py | 40 + keystone/conf/policy.py | 47 + keystone/conf/resource.py | 114 + keystone/conf/revoke.py | 69 + keystone/conf/role.py | 66 + keystone/conf/saml.py | 193 + keystone/conf/security_compliance.py | 147 + keystone/conf/shadow_users.py | 41 + keystone/conf/signing.py | 134 + keystone/conf/token.py | 192 + keystone/conf/tokenless_auth.py | 68 + keystone/conf/trust.py | 67 + keystone/conf/utils.py | 26 + keystone/contrib/ec2/controllers.py | 74 +- .../endpoint_filter/backends/catalog_sql.py | 8 +- .../endpoint_filter/migrate_repo/__init__.py | 0 .../endpoint_filter/migrate_repo/migrate.cfg | 25 - .../versions/001_add_endpoint_filtering_table.py | 19 - .../versions/002_add_endpoint_groups.py | 19 - .../migrate_repo/versions/__init__.py | 0 keystone/contrib/endpoint_policy/__init__.py | 0 .../contrib/endpoint_policy/backends/__init__.py | 0 keystone/contrib/endpoint_policy/backends/sql.py | 28 - .../endpoint_policy/migrate_repo/__init__.py | 0 .../endpoint_policy/migrate_repo/migrate.cfg | 25 - .../versions/001_add_endpoint_policy_table.py | 19 - .../migrate_repo/versions/__init__.py | 0 keystone/contrib/endpoint_policy/routers.py | 28 - .../contrib/federation/migrate_repo/__init__.py | 0 .../contrib/federation/migrate_repo/migrate.cfg | 25 - .../versions/001_add_identity_provider_table.py | 17 - .../versions/002_add_mapping_tables.py | 17 - .../versions/003_mapping_id_nullable_false.py | 20 - .../versions/004_add_remote_id_column.py | 17 - .../versions/005_add_service_provider_table.py | 17 - .../006_fixup_service_provider_attributes.py | 17 - .../versions/007_add_remote_id_table.py | 17 - .../versions/008_add_relay_state_to_sp.py | 17 - .../federation/migrate_repo/versions/__init__.py | 0 keystone/contrib/oauth1/migrate_repo/__init__.py | 0 keystone/contrib/oauth1/migrate_repo/migrate.cfg | 25 - .../migrate_repo/versions/001_add_oauth_tables.py | 19 - .../versions/002_fix_oauth_tables_fk.py | 19 - .../versions/003_consumer_description_nullalbe.py | 19 - .../versions/004_request_token_roles_nullable.py | 19 - .../migrate_repo/versions/005_consumer_id_index.py | 20 - .../oauth1/migrate_repo/versions/__init__.py | 0 keystone/contrib/revoke/migrate_repo/__init__.py | 0 keystone/contrib/revoke/migrate_repo/migrate.cfg | 25 - .../migrate_repo/versions/001_revoke_table.py | 17 - .../002_add_audit_id_and_chain_to_revoke_table.py | 17 - .../revoke/migrate_repo/versions/__init__.py | 0 keystone/contrib/s3/core.py | 4 +- keystone/credential/__init__.py | 1 + keystone/credential/backends/base.py | 119 + keystone/credential/backends/sql.py | 11 +- keystone/credential/controllers.py | 30 +- keystone/credential/core.py | 207 +- keystone/credential/provider.py | 27 + keystone/credential/providers/__init__.py | 0 keystone/credential/providers/core.py | 38 + keystone/credential/providers/fernet/__init__.py | 13 + keystone/credential/providers/fernet/core.py | 107 + keystone/endpoint_policy/backends/base.py | 186 + keystone/endpoint_policy/backends/sql.py | 2 +- keystone/endpoint_policy/controllers.py | 27 +- keystone/endpoint_policy/core.py | 187 +- keystone/exception.py | 82 +- keystone/federation/V8_backends/sql.py | 39 +- keystone/federation/backends/base.py | 529 ++ keystone/federation/backends/sql.py | 46 +- keystone/federation/controllers.py | 213 +- keystone/federation/core.py | 570 +- keystone/federation/idp.py | 38 +- keystone/federation/routers.py | 4 +- keystone/federation/schema.py | 18 +- keystone/federation/utils.py | 107 +- keystone/identity/backends/base.py | 449 ++ keystone/identity/backends/ldap.py | 425 -- keystone/identity/backends/ldap/__init__.py | 13 + keystone/identity/backends/ldap/common.py | 1951 +++++++ keystone/identity/backends/ldap/core.py | 434 ++ keystone/identity/backends/ldap/models.py | 70 + keystone/identity/backends/sql.py | 340 +- keystone/identity/backends/sql_model.py | 297 + keystone/identity/controllers.py | 188 +- keystone/identity/core.py | 504 +- keystone/identity/generator.py | 4 +- keystone/identity/id_generators/sha256.py | 4 +- keystone/identity/mapping_backends/base.py | 81 + keystone/identity/mapping_backends/sql.py | 21 +- keystone/identity/routers.py | 4 +- keystone/identity/schema.py | 50 +- keystone/identity/shadow_backends/base.py | 115 + keystone/identity/shadow_backends/sql.py | 60 +- .../locale/de/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/de/LC_MESSAGES/keystone.po | 116 +- .../locale/el/LC_MESSAGES/keystone-log-critical.po | 8 +- .../en_AU/LC_MESSAGES/keystone-log-critical.po | 8 +- .../locale/es/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/es/LC_MESSAGES/keystone.po | 420 +- .../locale/fr/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/fr/LC_MESSAGES/keystone.po | 103 +- .../locale/hu/LC_MESSAGES/keystone-log-critical.po | 8 +- .../locale/it/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/it/LC_MESSAGES/keystone.po | 414 +- .../locale/ja/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/ja/LC_MESSAGES/keystone.po | 545 +- keystone/locale/keystone-log-critical.pot | 24 - keystone/locale/keystone-log-error.pot | 177 - keystone/locale/keystone-log-info.pot | 238 - keystone/locale/keystone-log-warning.pot | 315 -- keystone/locale/keystone.pot | 1705 ------ .../ko_KR/LC_MESSAGES/keystone-log-critical.po | 8 +- .../locale/ko_KR/LC_MESSAGES/keystone-log-error.po | 140 + .../locale/ko_KR/LC_MESSAGES/keystone-log-info.po | 177 + .../ko_KR/LC_MESSAGES/keystone-log-warning.po | 290 + keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 389 +- .../pl_PL/LC_MESSAGES/keystone-log-critical.po | 8 +- .../pt_BR/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/pt_BR/LC_MESSAGES/keystone.po | 418 +- .../locale/ru/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/ru/LC_MESSAGES/keystone.po | 113 +- .../tr_TR/LC_MESSAGES/keystone-log-critical.po | 8 +- .../locale/tr_TR/LC_MESSAGES/keystone-log-error.po | 29 +- .../tr_TR/LC_MESSAGES/keystone-log-warning.po | 32 +- keystone/locale/tr_TR/LC_MESSAGES/keystone.po | 55 +- .../zh_CN/LC_MESSAGES/keystone-log-critical.po | 8 +- .../locale/zh_CN/LC_MESSAGES/keystone-log-error.po | 32 +- keystone/locale/zh_CN/LC_MESSAGES/keystone.po | 164 +- .../zh_TW/LC_MESSAGES/keystone-log-critical.po | 8 +- keystone/locale/zh_TW/LC_MESSAGES/keystone.po | 90 +- keystone/middleware/auth.py | 225 +- keystone/middleware/core.py | 6 +- keystone/models/revoke_model.py | 242 +- keystone/models/token_model.py | 12 +- keystone/notifications.py | 66 +- keystone/oauth1/backends/base.py | 220 + keystone/oauth1/backends/sql.py | 17 +- keystone/oauth1/controllers.py | 133 +- keystone/oauth1/core.py | 218 +- keystone/oauth1/validator.py | 3 +- keystone/policy/backends/base.py | 77 + keystone/policy/backends/rules.py | 14 +- keystone/policy/backends/sql.py | 2 +- keystone/policy/controllers.py | 31 +- keystone/policy/core.py | 73 +- keystone/resource/V8_backends/sql.py | 4 +- keystone/resource/backends/base.py | 632 +++ keystone/resource/backends/sql.py | 31 +- keystone/resource/config_backends/base.py | 155 + keystone/resource/config_backends/sql.py | 60 +- keystone/resource/controllers.py | 158 +- keystone/resource/core.py | 991 +--- keystone/resource/routers.py | 8 +- keystone/resource/schema.py | 49 +- keystone/revoke/backends/base.py | 60 + keystone/revoke/backends/sql.py | 9 +- keystone/revoke/controllers.py | 8 +- keystone/revoke/core.py | 98 +- keystone/server/backends.py | 11 +- keystone/server/common.py | 11 +- keystone/server/eventlet.py | 156 - keystone/server/wsgi.py | 101 +- .../backend/legacy_drivers/federation/V8/api_v3.py | 2 +- .../unit/config_files/backend_postgresql.conf | 4 - .../unit/identity/backends/test_ldap_common.py | 571 ++ .../test_associate_project_endpoint_extension.py | 60 +- keystone/token/_simple_cert.py | 4 +- keystone/token/controllers.py | 76 +- keystone/token/persistence/backends/kvs.py | 30 +- keystone/token/persistence/backends/memcache.py | 4 +- .../token/persistence/backends/memcache_pool.py | 4 +- keystone/token/persistence/backends/sql.py | 12 +- keystone/token/persistence/core.py | 12 +- keystone/token/provider.py | 146 +- keystone/token/providers/common.py | 165 +- keystone/token/providers/fernet/core.py | 41 +- .../token/providers/fernet/token_formatters.py | 31 +- keystone/token/providers/fernet/utils.py | 270 - keystone/token/providers/pki.py | 11 +- keystone/token/providers/pkiz.py | 11 +- keystone/token/providers/uuid.py | 4 +- keystone/token/utils.py | 8 +- keystone/trust/backends/base.py | 72 + keystone/trust/backends/sql.py | 4 +- keystone/trust/controllers.py | 221 +- keystone/trust/core.py | 77 +- keystone/v2_crud/user_crud.py | 16 +- keystone/version/__init__.py | 15 + keystone/version/controllers.py | 61 +- keystone/version/service.py | 6 +- keystone_tempest_plugin/README.rst | 6 + keystone_tempest_plugin/__init__.py | 0 keystone_tempest_plugin/clients.py | 38 + keystone_tempest_plugin/config.py | 27 + keystone_tempest_plugin/plugin.py | 39 + keystone_tempest_plugin/services/__init__.py | 0 .../services/identity/__init__.py | 0 .../services/identity/clients.py | 77 + .../services/identity/v3/__init__.py | 0 .../identity/v3/identity_providers_client.py | 101 + .../services/identity/v3/mapping_rules_client.py | 44 + .../identity/v3/service_providers_client.py | 73 + .../api/identity/v3/test_identity_providers.py | 238 + .../api/identity/v3/test_service_providers.py | 207 + ...pires_at_to_user_response-22f14ab629c48bc2.yaml | 4 + ...p-domain-config-as-stable-716ca5ab33c0cc42.yaml | 12 + .../bp-manage-migration-c398963a943a89fe.yaml | 7 + ...-specific-role-assignment-8f120604a6625852.yaml | 7 + .../notes/bug-1594482-52a5dd1d8477b694.yaml | 8 + ...redential-update-ec2-type-8fb51ff3ad3a449c.yaml | 8 + .../notes/deprecate-v2-apis-894284c17be881d2.yaml | 3 + .../deprecated-as-of-mitaka-8534e43fa40c1d09.yaml | 2 + .../deprecated-as-of-newton-be1d8dbcc6bdc68f.yaml | 7 + ...ew_change_password_method-e8c0e06795bca2d8.yaml | 6 + .../integrate-osprofiler-ad0e16a542b12899.yaml | 12 + .../list_limit-ldap-support-5d31d51466fc49a6.yaml | 6 + .../notes/mapping_populate-521d92445505b8a3.yaml | 13 + ...uth1-headers-content-type-9a9245d9bbec8f8e.yaml | 6 + ...sword-created_at-nullable-b3c284be50d93ef5.yaml | 5 + ...derated_projects_for_user-dcd7bd148efef049.yaml | 7 + .../notes/pre-cache-tokens-73450934918af26b.yaml | 7 + .../notes/python3-support-e4189e0a1a6e2e4f.yaml | 4 + .../removed-as-of-newton-721c06b5dcb1b34a.yaml | 22 + ...ypted_credentials_at_rest-93dcb67b3508e91a.yaml | 14 + .../notes/use-pyldap-6e811c28bf350d6d.yaml | 6 + releasenotes/source/index.rst | 3 +- releasenotes/source/mitaka.rst | 6 + requirements.txt | 36 +- setup.cfg | 34 +- test-requirements.txt | 23 +- tools/cover.sh | 72 + tools/pretty_tox_py3.sh | 12 - tools/sample_data.sh | 115 +- tox.ini | 53 +- 820 files changed, 57086 insertions(+), 24340 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 8ebcc71..fd007ac 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,0 +5,4 @@ +# Temporarily add Babel reference to avoid problem +# in keystone-coverage-db CI job +Babel>=2.3.4 # BSD + @@ -7,2 +10,0 @@ WebOb>=1.2.3 # MIT -eventlet!=0.18.3,>=0.18.2 # MIT -greenlet>=0.3.2 # MIT @@ -11,3 +13,3 @@ Paste # MIT -Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7' # MIT -Routes!=2.0,>=1.12.3;python_version!='2.7' # MIT -cryptography>=1.0 # BSD/Apache-2.0 +Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT +Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT +cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0 @@ -17 +19 @@ sqlalchemy-migrate>=0.9.6 # Apache-2.0 -stevedore>=1.5.0 # Apache-2.0 +stevedore>=1.16.0 # Apache-2.0 @@ -19,2 +21,2 @@ passlib>=1.6 # BSD -python-keystoneclient!=1.8.0,!=2.1.0,>=1.6.0 # Apache-2.0 -keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0 +python-keystoneclient!=2.1.0,>=2.0.0 # Apache-2.0 +keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0 @@ -22,5 +24,5 @@ oslo.cache>=1.5.0 # Apache-2.0 -oslo.concurrency>=3.5.0 # Apache-2.0 -oslo.config>=3.7.0 # Apache-2.0 -oslo.context>=0.2.0 # Apache-2.0 -oslo.messaging>=4.0.0 # Apache-2.0 -oslo.db>=4.1.0 # Apache-2.0 +oslo.concurrency>=3.8.0 # Apache-2.0 +oslo.config>=3.14.0 # Apache-2.0 +oslo.context>=2.9.0 # Apache-2.0 +oslo.messaging>=5.2.0 # Apache-2.0 +oslo.db!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0 @@ -30 +32 @@ oslo.middleware>=3.0.0 # Apache-2.0 -oslo.policy>=0.5.0 # Apache-2.0 +oslo.policy>=1.9.0 # Apache-2.0 @@ -32,2 +34 @@ oslo.serialization>=1.10.0 # Apache-2.0 -oslo.service>=1.0.0 # Apache-2.0 -oslo.utils>=3.5.0 # Apache-2.0 +oslo.utils>=3.16.0 # Apache-2.0 @@ -36 +37 @@ pysaml2<4.0.3,>=2.4.0 # Apache-2.0 -dogpile.cache>=0.5.7 # BSD +dogpile.cache>=0.6.2 # BSD @@ -39,0 +41 @@ msgpack-python>=0.4.0 # Apache-2.0 +osprofiler>=1.4.0 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index b79b26a..41e60a7 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -9 +9,5 @@ bashate>=0.2 # Apache-2.0 -os-testr>=0.4.1 # Apache-2.0 +os-testr>=0.7.0 # Apache-2.0 +freezegun # Apache-2.0 + +# Include drivers for opportunistic testing. +oslo.db[fixtures,mysql,postgresql]!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0 @@ -14 +18 @@ coverage>=3.6 # Apache-2.0 -fixtures>=1.3.1 # Apache-2.0/BSD +fixtures>=3.0.0 # Apache-2.0/BSD @@ -18 +22 @@ lxml>=2.3 # BSD -mock>=1.2 # BSD +mock>=2.0 # BSD @@ -21 +25,2 @@ oslotest>=1.10.0 # Apache-2.0 -sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD +sphinx!=1.3b1,<1.3,>=1.2.1 # BSD +os-api-ref>=1.0.0 # Apache-2.0 @@ -25,4 +29,0 @@ WebTest>=2.0 # MIT -# mox was removed in favor of mock. We should not re-enable this module. See -# discussion: http://lists.openstack.org/pipermail/openstack-dev/2013-July/012484.html -#mox>=0.5.3 - @@ -35 +36 @@ oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 -reno>=0.1.1 # Apache2 +reno>=1.8.0 # Apache2 @@ -37 +38 @@ reno>=0.1.1 # Apache2 -tempest-lib>=0.14.0 # Apache-2.0 +tempest>=12.1.0 # Apache-2.0 @@ -40 +41 @@ tempest-lib>=0.14.0 # Apache-2.0 -requests!=2.9.0,>=2.8.1 # Apache-2.0 +requests>=2.10.0 # Apache-2.0

1 0

[new][designate] designate 3.0.0 release (newton)
by no-reply＠openstack.org 06 Oct '16

06 Oct '16

We are content to announce the release of: designate 3.0.0: DNS as a Service This release is part of the newton release series. With source available at: http://git.openstack.org/cgit/openstack/designate Please report issues through launchpad: http://bugs.launchpad.net/designate For more details, please see below. 3.0.0 ^^^^^ This release has started the migration of our services to a "worker" and "producer" model. This has started by deprecating "designate-zone- manager" and "designate-pool-manager". We have also added support for new DNS Servers, and added scheduling across pools. New Features ************ * designate-mdns, designate-agent and designate-api can now bind to multiple host:port pairs via the new "listen" configuration arguments for eacg service. * Addition of the "attribute" filter for scheduling zones across pools. This can be enabled in the "[service:central]" section of the config by adding "attribute" to the list of values in the "filters" option. * An experimental agent backend to support TinyDNS, the DNS resolver from the djbdns tools. * An experimental agent backend to support Knot DNS 2 * Added "designate-worker" and "designate-producer". This will allow for better scaling across a designate system as we move forward. * A new recordset api "/v2/recordsets" is exposed with GET method allowed only. The api can be used for retrieving recordsets across all the zones under a tenant. Filtering on certain fields is supported as well. * All designate services will now report to designate-central when they are running. This is implmented as a heartbeat reporting system. There is also a new API endpoint in the v2 API - $API_BASE/v2/service_status. This will show the list of services running, and when they last reported as running. Currently the "stats" and "capabilities" values will be blank, but will be updated in the future as services implement them. * This adds the quotas api from /admin to /v2 with some changes. All users can GET /v2/quotas/<project_id> Users with "All-Projects" permission can view other projects (by setting X-Auth-All- Projects:True in the HTTP Headers) Users with "All-Projects" and "set-quotas" can set other projects quotas Moved the API rendering to Designate Object based rendering Upgrade Notes ************* * The default port which the designate-agent service listens on has changed from 53 to 5358. This matches the port we have always used in the sample configuration, and the port used in the agent backend class. * To enable "designate-worker" and "designate-producer" add a section to your "designate.conf" called "[service:worker]" and add an option "enabled = True". Then stop "designate-pool-manager" and "designate- zone-manager", and start "designate-worker" and "designate-producer" Deprecation Notes ***************** * designate-api's api_host and api_port configuration options have been deprecated, please use the new combined "listen" argument in place of these. * designate-mdns's host and port configuration options have been deprecated, please use the new combined "listen" argument in place of these. * designate-agents's host and port configuration options have been deprecated, please use the new combined "listen" argument in place of these. * Both "designate-zone-manager" and "designate-pool-manager" are now deprecated and will be removed in a future release. Bug Fixes ********* * V1 API Users can now query v1/quotas/<project_id> for quotas * Added zone_name in zone trasfer request response. Closed bug#1580014 Changes in designate 2.0.0.0rc1..3.0.0 -------------------------------------- 0c9ffbf Infoblox: Reverse lookup zone creation fails 1e65e21 Fix for the exception on creating secondary zone b9446fc Updated from global requirements 6828716 Update UPPER_CONSTRAINTS_FILE for stable/newton ac6778c Update .gitreview for stable/newton aa23d86 Add PowerDNS 4 driver 0bc50d6 RC1 Relnotes c544126 delete python bytecode including pyo before every test run ae6e848 Resolve description parameter in v2:set floating ip b31098a [api-ref] Remove temporary block in conf.py 65b5694 Fix Grenade Gate 102f1d2 Infoblox backend:Fixed sslverify value from option 75e0794 Change PATCH method to PUT for recordset update in api-ref 19dd6d5 Config logABug feature for Designate api-ref 871522f Add name parameter to recordset create request description dcce755 Replace POST with PATCH in api-ref for set floatingIP's ptr record 49a0182 Remove recordset tests migrated to designate_tempest_plugin b12656f TrivialFix: Remove cfg import unused 06c4bc0 Clean imports in code e384a2d TrivialFix: Remove logging import unused 6ac5804 Fix ZTA API to prevent HTTP 500 upon empty body 4320baf Add api-ref dropdown 81ce132 Worker Model 773a608 Updated from global requirements 0c6babd Remove white space between print and () 176b4a2 Minor cleanup 95f451d Add support for Microsoft DNS Server backend 3d350ab Use upper constraints for all jobs in tox.ini fa9e300 Updated from global requirements f262e68 Get ready for os-api-ref sphinx theme change 4458556 Fix recordset changes so that they preserve object changes fields c5245e6 Updated from global requirements 775246a Replace assertEqual(None, *) with assertIsNone in the tests 6d21200 Cleaned up notification_handler/base.py b32c706 Fix typo 'leve'->'level' 56dc9af Remove unnecessary __init__ from functionaltests 0bf62b9 Use tempest.lib instead of tempest-lib f40681c Improve performance of recordsets API 7cd1f61 Replace assertDictEqual() with assertEqual() 3b9e00d Language fix 'imports' to 'exports' 028c9bf Fix SSHFP validation for ECDSA, ED25519, and SHA256 be39842 Updated from global requirements 87aaecb Fix api-ref methods for getting, updating and deleting recordsets a762cdf Revert 372057bddb27716acd42a88591552a8dee7b519b b31f9ea Fix some typo in the files efa6d23 Change bind -> bind9 in docs, sample configs 372057b Fix recordset changes so that they preserve object changes fields 54cea89 Add DESIGNATE_AGENT_BACKEND_DRIVER to devstack sample conf d7838a7 Fix typo in tempest.rst bb35643 Python 3: dict.itervalues() 9910d76 Typo in mitaka.rst 10bac1a Python 3: dict.iteritems() fe306f8 Documentation fix up 9862084 Remove unused LOG 0568b66 different-format-for-ipv4-and-ipv6 68fe061 Updated from global requirements eef0315 update doc index, add ops FAQ and notifications f374b5f Grenade Plugin 190f47f Docs for working with multiple pools 1687df2 Don't hardcode options we pass to oslo.context 7761394 Correct reraising of exception a72ba0a Consolidate How Tos and add Admin How Tos ac6e95b Added docs for Floatingip ptr records to api ref ffd9873 Update UUID type for py3.5 compat b7ef8cc Add Python 3.5 classifier and venv 4e7c65c Add gdnsd backend 2028d30 Updated from global requirements 2d79558 Updated from global requirements 619b475 Add v2/quotas e00b15b Updated from global requirements 5964608 Fixes log statement typo in coordination.py 53dff34 Fix typo in designate-manage.rst cd9741b Fixing several typos f3b7ac9 Fixing typo availible->available 745d607 Updated from global requirements c906060 Add missing zake lib to t-r 9deeed7 zone_name is null in zone trasfer request response 7c540ab Updated from global requirements 88ada35 Fix Invalid UUID error message to make it consistent with others ea363d5 Add missing parameters to docs of zone_ownership_transfer_accept 424ebf3 Catch duplicate db inserts in powerdns plugin 8ce138d Add docs for SSHFP, SRV, SPF and MX recordsets to api-ref 52ce6d5 Updated from global requirements a6d7ee9 Fix output of datetime objects in API bbe2b2c Add API for listing zone transfer accepts 9cb82bf Fix 'Duplicate explicit target name' error in 'tox -e docs' 0584df3 Remove unneeded renames in v2 Adapters 5c0b0f7 Move APIv2 Docs to api-ref site ad39f0b Remove migrated "unauthed" functional tests 5067eb8 Remove migrated negative tests for pools, tlds, blacklists 3171dd5 Ensure HTTP 204 responses have 0 Content-Length 6bcc95d Add docs for zone ownership transfer_accept API 2a1e347 Updated from global requirements e475d9f Removed erronous extra file e93bd9d Updated from global requirements 660b4e0 Add etc/designate/*.yaml to .gitignore eeeb1da Only load Suds when using Akamai backend 5d0e4da Add centos7, remove Fedora Vagrant VM 3167edf Add Blacklist to api-ref docs 3097446 DOC: Minor grammar and typo fixes 9d3e098 Fix typo in Docs dec0d38 Updated from global requirements 2ac164e Updated from global requirements 129b28a Add "project-id" to rrset API output 6df18b5 Make registering error handlers compliant with Flask 0.11 dd105f4 Fix parameters.yaml order ba10770 Support binding to IPv6 addresses in UDP sockets 7fa4a3b Updated from global requirements 1548138 Fix tsig param names a697157 Docs update to make it consistent with other docs ee0c6a2 remove verbose option in devstack plugin 0e58f4f Updated from global requirements dfca659 DOC: Update Ubuntu developer environment doc d1c6f4f Add Wily and Xenial devstack VMs e3cda62 Support binding to IPv6 addresses in TCP sockets 1877e1f Cleanup rndc backend 77d9f41 Modify assert statement when comparing with None bef53db DevStack: Support setting default quotas ab52862 Updated from global requirements 7b977f6 Enable v2/recordsets API for tempest plugin a8f14f6 Imported Translations from Zanata be7e32d Add djbdns backend 6ae1923 Refactor UDP query handling, add tests f388734 Catch all exceptions in PM's call to get_pool() bc74ee8 Fix typo 96bff5c Improve response codes display in api-ref docs 1eb64bf Support TCP connection pipelining d8c6c22 Updated from global requirements a2fb918 Roll up migrations to start from liberty 08dfd91 Removing cruft from before os-api-ref was a lib d34406f Fix Optional Tag for X-OpenStack-Request-ID c33ebfc Add Tsigkey to api-ref docs 63d1c30 Ensure L to M DB migrations correctly inspect current DB state 9eefe3c Fix a typo. their -> there 9a17bd6 Updated from global requirements 7406212 Remove test cases which are moved to designate_tempest_plugin 49effdd Add Tld to api-ref docs 961d1d8 Fix gate trying to use u-c for api-ref 43954cf Resolve incorrect description and response codes in api-ref docs d5e4c60 Integration/stress test using a simulated network fd6340f DevStack: Set tempest nameservers config option correctly 5d78d12 Add a style guide 5d328f0 Add Knot DNS backend 6965032 Remove zone import and export client methods + tests 9ec2e8d Add explanation of connection string in pdns sample_yaml_snippets e23eb9a Updated from global requirements 9bc1a80 Add "/" to API-Ref Docs 773528d Add Pools to API-Ref Docs 2156989 Add Limits to API-Ref Docs b4cd2c8 Update devstack dashboard+client clone+install method c41555d Add Zone Transfer Request + Accept API-Ref docs 403b6ae Add Zone Tasks, Export and Import API Docs 83d4d03 Add Recordset to api-ref docs e9db59d Start Designate API-Ref style documentation ed51f49 Ensure services shutdown during unit testing 96de5c1 Skip zone import count test, reenable pool tests 7d43570 Type checking in pool manager target sync 2554a9f Docs Update 77d083b Remove tempest plugin from non-tempest gate d4f5303 Remove more tests migrated to tempest plugin 772dc34 Updated from global requirements 76be6e0 Update Designate Architecture document 3c325b0 Expose /v2/recordsets api endpoint 4bc6599 Fix rrset serialization, improve mdns tests b60ac58 Move bandit job to voting 3cf67d6 Trivalfix of option name in designate.conf.sample c23c99a Enable V2 API as default ca7ffba Support both olso.m v4 and v5 e2c5d07 Fix the memory of the VM in VirtualBox 26dc629 Typo fix f804f30 Migrate service_statuses table charset to UTF8 a7799a2 Fix the service_status objects __str__() output fc2b24a Move heartbeat emit log messages to TRACE 6457a91 Remove msdns from the drivers list 281b4f9 Fix parameterized class decorator 40b1ad5 Fix _get_listen_on_addresses to handle port 0 b165ce1 Consolidate default port numbers into utils.py 82fcd54 Support multiple API and mDNS listen address pairs 699468c DevStack: Allow disabling of API versions 35bb49c Return early from _find_recordsets_with_records 3db4bfc Skip Pools APIv2 tests ae85322 Added attribute filter to scheduler be73f3f Fix service_status docs page 619c3cd Remove execute privilege of designate/backend/impl_bind9.py d7e35b2 Updated from global requirements 7a80815 Add descriptions f2f6b5d Minor documentation fix 7a04eea Add setup_ubuntu_devstack b9ce7e5 replace logging with oslo.log 51604e9 Add exception description, minor cleanup 78bce13 Allow api_export_size to be updated f14976d Improve exception handling, add comments 954a08e Remove contrib/tempest, as they have moved to the tempest plugin 8019155 Add Decorator to log RPCAPI Calls 00567f3 Use upper-constraints.txt for tox tests 1b673bd Move DNS OPCODEs/Classes into private_codes.py 5879c90 Fix data filtering with pagination 765d9c2 Added "experimental" status for backends 7fdce54 Updated from global requirements 44b5376 Set default sslverify value to True c9407d1 Ubuntu dev doc updates 5939880 Removed old tooling for ks CLI 0343a7d Changed the spelling of command in sample file edbf4f3 Add missing response codes in V2 API's doc 1ec3b58 Remove tests moved to tempest 620fc6e Add Agent DevStack Backend 4735d23 Fix all doc warnings and enforce clean docs ddf8a03 Moved doc file and releasenote from service_status 5213676 Updated from global requirements 29e90da Update tempest docs re scenario and slow tests ae69b5b Vagrant: Suppport local devstack / tempest clones 7abae80 Add support for getting Service Status 1554666 Update bandit.yaml + fix failing test 3e7ffd6 Updated from global requirements 1b403af Remove workaround for bug #1467907 fc2fe86 Add Tempest Plugin to DevStack Plugin 74aabd8 Refactor central/service and others d0b81a4 Refactor pool and pool_manager attribute update 0d8e048 Add Designate Tempest Docs bdeb08e Resolves metadata field output on rest call to zone import and export ab1639c Give better error messages for zone imports a6c3a55 Define context.roles with base class 5f6f606 Update vagrant local.conf for rally DS plugin debbe73 Give proper ERROR for too large exports ac08119 Move successfull policy checks to trace da8ed88 Add Memcached documentation 5386659 Remove pool config from sample config d77fe67 Make cache_result safer to use 6832fa1 Add Enhanced Logging to APIs d964469 Updated from global requirements 909cc5d Handle async Tooz calls appropriately aba5161 Docs update for zone import and export ffbb2d8 Updated from global requirements 10d8d7b Better organize the tox.ini passenv vars c7b7075 Adding v2 namespaced event to zone manager ab8208d Adding v2 namespaced event to zone manager ed29445 Do not log pool-manager-caches SQL transactions 7b5e1fd Added "view" option to bind9 rndc options 979b67d Partitoner references invalid exception class b172846 Docs update 9f2520d Run the cli functional tests in openstack ci 99a6907 Add placeholders for Mitaka DB Backports 34fe2ec Update config samples to show Identity v3 params c558525 devstack: compile message catalogs during stack.sh a54dade devstack: compile message catalogs during stack.sh 6a21a79 Partitoner references invalid exception class 2c31869 Adds missing metadata section to API docs cdedb2f Added "view" option to bind9 rndc options 8030341 Do not log pool-manager-caches SQL transactions 58800e4 Update reno for stable/mitaka f591b43 Update .gitreview for stable/mitaka e2f83c9 Log zone serial on fetch and update cdeaaf2 Fix devstack/fedora/bind9 support 2b2ffc5 Fix AutoDoc line for non existent modules Diffstat (except docs and test files) ------------------------------------- .gitignore | 2 + .gitreview | 1 + api-ref/source/conf.py | 233 +++++ api-ref/source/dns-api-v2-blacklist.inc | 240 +++++ api-ref/source/dns-api-v2-limits.inc | 54 + api-ref/source/dns-api-v2-pool.inc | 104 ++ api-ref/source/dns-api-v2-quota.inc | 196 ++++ api-ref/source/dns-api-v2-recordset.inc | 624 +++++++++++ api-ref/source/dns-api-v2-reverse-floatingips.inc | 192 ++++ api-ref/source/dns-api-v2-tld.inc | 240 +++++ api-ref/source/dns-api-v2-tsigkey.inc | 260 +++++ api-ref/source/dns-api-v2-version.inc | 37 + api-ref/source/dns-api-v2-zone-export.inc | 194 ++++ api-ref/source/dns-api-v2-zone-import.inc | 178 ++++ .../dns-api-v2-zone-ownership-transfer-accept.inc | 156 +++ .../dns-api-v2-zone-ownership-transfer-request.inc | 254 +++++ api-ref/source/dns-api-v2-zone-tasks.inc | 84 ++ api-ref/source/dns-api-v2-zone.inc | 363 +++++++ api-ref/source/index.rst | 23 + api-ref/source/parameters.yaml | 897 ++++++++++++++++ .../samples/blacklists/blacklist-response.json | 10 + .../blacklists/create-blacklist-request.json | 4 + .../blacklists/list-blacklists-response.json | 27 + .../blacklists/update-blacklist-request.json | 4 + .../blacklists/update-blacklist-response.json | 10 + .../source/samples/limits/get-limits-response.json | 10 + .../source/samples/pools/list-pools-response.json | 46 + .../source/samples/pools/show-pool-response.json | 18 + .../source/samples/quotas/get-quotas-response.json | 7 + .../source/samples/quotas/set-quotas-request.json | 3 + .../source/samples/quotas/set-quotas-response.json | 7 + .../recordsets/create-mx-recordset-request.json | 12 + .../recordsets/create-mx-recordset-response.json | 23 + .../recordsets/create-recordset-request.json | 9 + .../recordsets/create-recordset-response.json | 21 + .../recordsets/create-spf-recordset-request.json | 10 + .../recordsets/create-spf-recordset-response.json | 20 + .../recordsets/create-srv-recordset-request.json | 9 + .../recordsets/create-srv-recordset-response.json | 20 + .../recordsets/create-sshfp-recordset-request.json | 9 + .../create-sshfp-recordset-response.json | 20 + .../recordsets/delete-recordset-response.json | 22 + .../recordsets/list-all-recordset-response.json | 32 + .../list-recordset-in-zone-response.json | 32 + .../recordsets/show-recordset-response.json | 21 + .../recordsets/update-recordset-request.json | 8 + .../recordsets/update-recordset-response.json | 22 + .../list-ptr-record-response.json | 31 + .../reverse_floatingips/ptr-record-response.json | 13 + .../set-ptr-record-request.json | 5 + .../unset-ptr-record-request.json | 3 + .../source/samples/tlds/create-tld-request.json | 4 + .../source/samples/tlds/list-tlds-response.json | 26 + api-ref/source/samples/tlds/tld-response.json | 10 + .../source/samples/tlds/update-tld-request.json | 4 + .../source/samples/tlds/update-tld-response.json | 10 + .../samples/tsigkeys/create-tsigkey-request.json | 7 + .../samples/tsigkeys/list-tsigkeys-response.json | 45 + .../source/samples/tsigkeys/tsigkey-response.json | 13 + .../samples/tsigkeys/update-tsigkey-request.json | 4 + .../samples/tsigkeys/update-tsigkey-response.json | 13 + .../samples/versions/get-versions-response.json | 26 + .../samples/zones/create-zone-export-response.json | 14 + .../samples/zones/create-zone-import-response.json | 13 + .../source/samples/zones/create-zone-request.json | 7 + .../zones/create-zone-transfer-accept-request.json | 4 + .../create-zone-transfer-accept-response.json | 14 + .../create-zone-transfer-request-request.json | 3 + .../create-zone-transfer-request-response.json | 15 + .../source/samples/zones/delete-zone-response.json | 21 + .../samples/zones/list-zone-export-response.json | 26 + .../samples/zones/list-zone-import-response.json | 38 + .../zones/list-zone-transfer-accept-response.json | 37 + .../zones/list-zone-transfer-request-response.json | 32 + .../source/samples/zones/list-zones-response.json | 32 + .../samples/zones/show-zone-export-content.txt | 18 + .../samples/zones/show-zone-export-response.json | 15 + .../samples/zones/show-zone-import-response.json | 14 + .../zones/show-zone-nameservers-response.json | 8 + .../zones/show-zone-transfer-request-response.json | 10 + .../source/samples/zones/update-zone-request.json | 4 + .../source/samples/zones/update-zone-response.json | 21 + .../update-zone-transfer-request-request.json | 4 + .../update-zone-transfer-request-response.json | 11 + api-ref/source/samples/zones/zone-response.json | 21 + bandit.yaml | 248 ----- contrib/djbdns/tinydns.init | 110 ++ contrib/djbdns/tinydns.service | 44 + contrib/dns_dump_hex_to_text.py | 2 +- contrib/ipaextractor.py | 2 +- contrib/tempest/README.rst | 72 -- contrib/tempest/clients.py | 706 ------------- contrib/tempest/config.py | 1076 ------------------- contrib/tempest/dns_clients/__init__.py | 0 contrib/tempest/dns_clients/json/__init__.py | 0 contrib/tempest/dns_clients/json/domains_client.py | 79 -- contrib/tempest/dns_clients/json/records_client.py | 84 -- contrib/tempest/dns_clients/json/server_client.py | 76 -- contrib/tempest/dns_schema/__init__.py | 0 contrib/tempest/dns_schema/domains.py | 123 --- contrib/tempest/dns_schema/parameter_types.py | 23 - contrib/tempest/dns_schema/records.py | 136 --- contrib/tempest/dns_schema/servers.py | 103 -- contrib/tempest/tempest.conf.sample | 1095 -------------------- contrib/vagrant/README.rst | 1 + contrib/vagrant/Vagrantfile | 85 +- contrib/vagrant/local.conf | 9 +- contrib/vagrant/setup_ubuntu_devstack | 61 ++ designate/__init__.py | 3 +- designate/agent/__init__.py | 24 +- designate/agent/handler.py | 49 +- designate/agent/service.py | 13 + designate/api/__init__.py | 15 +- designate/api/admin/app.py | 3 - .../api/admin/controllers/extensions/quotas.py | 3 + designate/api/middleware.py | 7 + designate/api/service.py | 18 + designate/api/v1/__init__.py | 2 +- designate/api/v1/domains.py | 13 +- designate/api/v1/extensions/diagnostics.py | 2 - designate/api/v1/extensions/quotas.py | 2 - designate/api/v1/extensions/reports.py | 2 - designate/api/v1/extensions/sync.py | 2 - designate/api/v1/limits.py | 2 - designate/api/v1/records.py | 17 +- designate/api/v1/servers.py | 14 +- designate/api/v1/tsigkeys.py | 13 +- designate/api/v2/app.py | 3 - designate/api/v2/controllers/blacklists.py | 31 +- designate/api/v2/controllers/common.py | 50 + designate/api/v2/controllers/errors.py | 3 - designate/api/v2/controllers/floatingips.py | 23 +- designate/api/v2/controllers/limits.py | 2 - designate/api/v2/controllers/pools.py | 33 +- designate/api/v2/controllers/quotas.py | 78 ++ designate/api/v2/controllers/recordsets.py | 186 +--- designate/api/v2/controllers/rest.py | 9 - designate/api/v2/controllers/root.py | 9 +- designate/api/v2/controllers/service_status.py | 58 ++ designate/api/v2/controllers/tlds.py | 33 +- designate/api/v2/controllers/tsigkeys.py | 32 +- designate/api/v2/controllers/zones/__init__.py | 32 +- designate/api/v2/controllers/zones/nameservers.py | 11 +- designate/api/v2/controllers/zones/recordsets.py | 158 +++ .../api/v2/controllers/zones/tasks/__init__.py | 2 - .../api/v2/controllers/zones/tasks/abandon.py | 11 +- .../api/v2/controllers/zones/tasks/exports.py | 44 +- .../api/v2/controllers/zones/tasks/imports.py | 42 +- .../v2/controllers/zones/tasks/transfer_accepts.py | 39 +- .../controllers/zones/tasks/transfer_requests.py | 40 +- designate/api/v2/controllers/zones/tasks/xfr.py | 9 + designate/api/v2/patches.py | 10 +- designate/backend/agent.py | 52 +- designate/backend/agent_backend/base.py | 5 - .../backend/agent_backend/impl_denominator.py | 2 +- designate/backend/agent_backend/impl_djbdns.py | 350 +++++++ designate/backend/agent_backend/impl_gdnsd.py | 245 +++++ designate/backend/agent_backend/impl_knot2.py | 216 ++++ designate/backend/agent_backend/impl_msdns.py | 113 ++ designate/backend/base.py | 2 + designate/backend/impl_akamai.py | 20 +- designate/backend/impl_bind9.py | 81 +- designate/backend/impl_designate.py | 2 - designate/backend/impl_dynect.py | 2 +- designate/backend/impl_infoblox/config.py | 71 +- designate/backend/impl_infoblox/connector.py | 17 +- .../backend/impl_infoblox/object_manipulator.py | 13 +- designate/backend/impl_pdns4.py | 82 ++ designate/backend/impl_powerdns/__init__.py | 69 +- designate/backend/private_codes.py | 35 + designate/central/rpcapi.py | 165 +-- designate/central/service.py | 374 +++---- designate/cmd/pool_manager.py | 16 + designate/cmd/producer.py | 53 + designate/cmd/worker.py | 53 + designate/cmd/zone_manager.py | 24 +- designate/common/config.py | 3 +- designate/context.py | 52 +- designate/coordination.py | 39 +- designate/dnsutils.py | 8 +- designate/exceptions.py | 8 + designate/hookpoints.py | 19 +- .../en_GB/LC_MESSAGES/designate-log-warning.po | 233 +++++ designate/loggingutils.py | 43 + designate/manage/database.py | 2 +- designate/manage/pool.py | 10 +- designate/manage/pool_manager_cache.py | 3 - designate/manage/powerdns.py | 2 - designate/mdns/__init__.py | 13 +- designate/mdns/base.py | 2 - designate/mdns/handler.py | 81 +- designate/mdns/notify.py | 18 +- designate/mdns/rpcapi.py | 13 +- designate/mdns/service.py | 2 + designate/mdns/xfr.py | 3 +- designate/network_api/__init__.py | 4 +- designate/notification_handler/__init__.py | 5 +- designate/notification_handler/base.py | 30 +- designate/notification_handler/neutron.py | 8 +- designate/notification_handler/nova.py | 8 +- designate/objects/__init__.py | 1 + designate/objects/adapters/__init__.py | 1 + designate/objects/adapters/api_v1/base.py | 3 - designate/objects/adapters/api_v2/base.py | 10 +- designate/objects/adapters/api_v2/blacklist.py | 2 - designate/objects/adapters/api_v2/floating_ip.py | 2 - designate/objects/adapters/api_v2/pool.py | 2 - .../objects/adapters/api_v2/pool_attribute.py | 2 - .../objects/adapters/api_v2/pool_ns_record.py | 2 - designate/objects/adapters/api_v2/quota.py | 43 +- designate/objects/adapters/api_v2/record.py | 2 - designate/objects/adapters/api_v2/recordset.py | 51 +- .../objects/adapters/api_v2/service_status.py | 63 ++ designate/objects/adapters/api_v2/tld.py | 2 - designate/objects/adapters/api_v2/tsigkey.py | 2 - .../objects/adapters/api_v2/validation_error.py | 3 - designate/objects/adapters/api_v2/zone.py | 3 - .../objects/adapters/api_v2/zone_attribute.py | 2 - designate/objects/adapters/api_v2/zone_export.py | 8 +- designate/objects/adapters/api_v2/zone_import.py | 6 +- designate/objects/adapters/api_v2/zone_master.py | 2 - .../adapters/api_v2/zone_transfer_accept.py | 6 +- .../adapters/api_v2/zone_transfer_request.py | 5 +- designate/objects/adapters/base.py | 22 +- .../objects/adapters/yaml/pool_also_notify.py | 2 - designate/objects/adapters/yaml/pool_attribute.py | 2 - designate/objects/adapters/yaml/pool_nameserver.py | 2 - designate/objects/adapters/yaml/pool_ns_record.py | 2 - designate/objects/adapters/yaml/pool_target.py | 2 - .../objects/adapters/yaml/pool_target_master.py | 2 - .../objects/adapters/yaml/pool_target_option.py | 2 - designate/objects/base.py | 6 + designate/objects/pool_target.py | 1 + designate/objects/quota.py | 24 +- designate/objects/recordset.py | 15 +- designate/objects/rrdata_sshfp.py | 4 +- designate/objects/service_status.py | 61 ++ designate/policy.py | 6 +- designate/pool_manager/__init__.py | 20 +- .../pool_manager/cache/impl_memcache/__init__.py | 8 + designate/pool_manager/rpcapi.py | 28 +- designate/pool_manager/service.py | 30 +- designate/producer/__init__.py | 69 ++ designate/producer/service.py | 97 ++ designate/producer/tasks.py | 346 +++++++ designate/quota/impl_storage.py | 6 +- designate/resources/schemas/admin/quota.json | 9 +- designate/rpc.py | 30 +- designate/scheduler/__init__.py | 4 +- designate/scheduler/filters/attribute_filter.py | 70 +- designate/scheduler/filters/default_pool_filter.py | 12 +- designate/scheduler/filters/fallback_filter.py | 14 +- .../scheduler/filters/pool_id_attribute_filter.py | 4 +- designate/scheduler/filters/random_filter.py | 4 +- designate/schema/format.py | 5 +- designate/schema/validators.py | 3 - designate/service.py | 255 +++-- designate/service_status.py | 114 ++ designate/sqlalchemy/base.py | 198 ++-- designate/sqlalchemy/types.py | 4 +- designate/sqlalchemy/utils.py | 24 +- designate/storage/__init__.py | 91 +- designate/storage/base.py | 38 +- designate/storage/impl_sqlalchemy/__init__.py | 530 ++++------ .../migrate_repo/versions/038_icehouse.py | 231 ----- .../versions/039_support_soa_records.py | 168 --- .../migrate_repo/versions/040_fix_record_data.py | 37 - .../versions/041_server_pools_storage.py | 93 -- .../migrate_repo/versions/042_priority_to_data.py | 117 --- .../versions/043_modify_domains_and_records.py | 98 -- .../versions/044_add_pool_id_to_domains.py | 59 -- .../045_add_uniqueconstraint_to_pool_attributes.py | 57 - .../migrate_repo/versions/046_add_indices.py | 76 -- .../migrate_repo/versions/047_add_reverse_name.py | 110 -- .../048_add_zone_ownership_transfers_tables.py | 78 -- .../migrate_repo/versions/049_migrate_servers.py | 73 -- .../migrate_repo/versions/050_drop_servers.py | 37 - .../migrate_repo/versions/051_scoped_tsig.py | 79 -- .../migrate_repo/versions/052_secondary_zones.py | 115 -- .../migrate_repo/versions/053_pool_nameservers.py | 120 --- .../versions/054_allow_duplicate_domains.py | 56 - .../versions/055_add_created_indices.py | 48 - .../migrate_repo/versions/056_placeholder.py | 30 - .../migrate_repo/versions/057_placeholder.py | 30 - .../migrate_repo/versions/058_placeholder.py | 30 - .../migrate_repo/versions/059_placeholder.py | 30 - .../migrate_repo/versions/060_placeholder.py | 30 - .../migrate_repo/versions/061_placeholder.py | 30 - .../migrate_repo/versions/062_placeholder.py | 30 - .../migrate_repo/versions/063_placeholder.py | 30 - .../migrate_repo/versions/064_placeholder.py | 30 - .../migrate_repo/versions/065_placeholder.py | 30 - .../versions/066_add_update_status_index.py | 49 - .../migrate_repo/versions/067_zone_tasks.py | 60 -- .../migrate_repo/versions/068_add_shard_column.py | 101 -- .../versions/069_zone_tasks_location.py | 44 - .../migrate_repo/versions/070_liberty.py | 395 +++++++ .../migrate_repo/versions/070_placeholder.py | 30 - .../migrate_repo/versions/082_unique_ns_record.py | 7 +- .../migrate_repo/versions/087_placeholder.py | 26 + .../migrate_repo/versions/088_placeholder.py | 26 + .../migrate_repo/versions/089_placeholder.py | 26 + .../migrate_repo/versions/090_placeholder.py | 26 + .../migrate_repo/versions/091_placeholder.py | 26 + .../migrate_repo/versions/092_placeholder.py | 26 + .../migrate_repo/versions/093_placeholder.py | 26 + .../migrate_repo/versions/094_placeholder.py | 26 + .../migrate_repo/versions/095_placeholder.py | 26 + .../migrate_repo/versions/096_placeholder.py | 26 + .../migrate_repo/versions/097_add_services.py | 52 + .../versions/098_fix_service_charset.py | 33 + .../099_add_rrset_indexes_for_filtering_perf.py | 36 + designate/storage/impl_sqlalchemy/tables.py | 23 + .../unit/test_agent/test_backends/__init__.py | 0 .../unit/test_agent/test_backends/test_djbdns.py | 126 +++ .../unit/test_agent/test_backends/test_gdnsd.py | 85 ++ .../unit/test_agent/test_backends/test_knot2.py | 200 ++++ .../unit/test_agent/test_backends/test_msdns.py | 122 +++ designate/utils.py | 78 +- designate/worker/README.md | 206 ++++ designate/worker/__init__.py | 60 ++ designate/worker/processing.py | 79 ++ designate/worker/rpcapi.py | 77 ++ designate/worker/service.py | 172 +++ designate/worker/tasks/__init__.py | 0 designate/worker/tasks/base.py | 127 +++ designate/worker/tasks/zone.py | 609 +++++++++++ designate/worker/utils.py | 82 ++ designate/zone_manager/__init__.py | 37 - designate/zone_manager/rpcapi.py | 72 -- designate/zone_manager/service.py | 154 --- designate/zone_manager/tasks.py | 299 ------ devstack/designate_plugins/backend-agent | 103 ++ devstack/designate_plugins/backend-agent-fake | 55 + devstack/designate_plugins/backend-agent-knot2 | 130 +++ devstack/designate_plugins/backend-agent-msdns | 116 +++ devstack/designate_plugins/backend-bind9 | 6 +- devstack/designate_plugins/backend-pdns4 | 181 ++++ .../designate_plugins/backend-pdns4-mysql-db.sql | 92 ++ devstack/gate/post_test_hook.sh | 15 +- devstack/networking_test.py | 663 ++++++++++++ devstack/networking_test_monitor_tc.sh | 3 + devstack/plugin.sh | 95 +- devstack/settings | 30 +- devstack/upgrade/resources.sh | 166 +++ devstack/upgrade/settings | 11 + devstack/upgrade/shutdown.sh | 28 + devstack/upgrade/upgrade.sh | 96 ++ .../backends/sample_yaml_snippets/agent.yaml | 15 + .../backends/sample_yaml_snippets/pdns4.yaml | 16 + .../backends/sample_yaml_snippets/powerdns.yaml | 16 + etc/designate/designate.conf.sample | 166 ++- etc/designate/policy.json | 5 +- etc/designate/pools.yaml.sample-bind | 4 +- etc/designate/pools.yaml.sample-multiple-pools | 6 +- etc/designate/rootwrap.d/djbdns.filters | 4 + etc/designate/rootwrap.d/knot2.filters | 3 + .../api/v2/clients/zone_export_client.py | 75 -- .../api/v2/clients/zone_import_client.py | 61 -- .../api/v2/test_recordset_validation.py | 2 +- .../api/v2/test_zone_ownership_transfers.py | 60 +- .../notes/agent-port-number-c28462562a74cbf9.yaml | 5 + .../api-mdns-multiple-bind-c78853de46ee587d.yaml | 15 + .../notes/attribute-filter-f06a53b61f5fd111.yaml | 5 + .../djbdns-agent-backend-c84e9eeab48d2e01.yaml | 4 + .../notes/knot-agent-backend-db2893aa97d85a1d.yaml | 3 + .../notes/newton-rc-1-eddc78fac760b98a.yaml | 19 + .../notes/recordset-api-2c82abf569f7623e.yaml | 5 + .../notes/service-status-ab0e696c8f5fdef8.yaml | 11 + .../notes/v2-api-quotas-dd7e189cddcf7b96.yaml | 15 + ...-trasfer-request-response-a2e316872798d1df.yaml | 3 + releasenotes/source/index.rst | 3 +- releasenotes/source/mitaka.rst | 6 + requirements.txt | 47 +- setup.cfg | 26 +- test-requirements.txt | 17 +- tools/designate-keystone-setup | 198 ---- tox.ini | 46 +- 527 files changed, 21809 insertions(+), 15571 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 5ab5d07..1599830 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ -Babel>=1.3 # BSD +Babel>=2.3.4 # BSD @@ -7 +7 @@ eventlet!=0.18.3,>=0.18.2 # MIT -Flask<1.0,>=0.10 # BSD +Flask!=0.11,<1.0,>=0.10 # BSD @@ -11,6 +11,6 @@ jsonschema!=2.5.0,<3.0.0,>=2.0.0 # MIT -keystoneauth1>=2.1.0 # Apache-2.0 -keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0 -netaddr!=0.7.16,>=0.7.12 # BSD -oslo.config>=3.7.0 # Apache-2.0 -oslo.concurrency>=3.5.0 # Apache-2.0 -oslo.messaging>=4.0.0 # Apache-2.0 +keystoneauth1>=2.10.0 # Apache-2.0 +keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0 +netaddr!=0.7.16,>=0.7.13 # BSD +oslo.config>=3.14.0 # Apache-2.0 +oslo.concurrency>=3.8.0 # Apache-2.0 +oslo.messaging>=5.2.0 # Apache-2.0 @@ -20 +20 @@ oslo.reports>=0.6.0 # Apache-2.0 -oslo.rootwrap>=2.0.0 # Apache-2.0 +oslo.rootwrap>=5.0.0 # Apache-2.0 @@ -22,2 +22,2 @@ oslo.serialization>=1.10.0 # Apache-2.0 -oslo.service>=1.0.0 # Apache-2.0 -oslo.utils>=3.5.0 # Apache-2.0 +oslo.service>=1.10.0 # Apache-2.0 +oslo.utils>=3.16.0 # Apache-2.0 @@ -27 +27 @@ pbr>=1.6 # Apache-2.0 -pecan>=1.0.0 # BSD +pecan!=1.0.2,!=1.0.3,!=1.0.4,>=1.0.0 # BSD @@ -29,4 +29,4 @@ python-designateclient>=1.5.0 # Apache-2.0 -python-neutronclient!=4.1.0,>=2.6.0 # Apache-2.0 -Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7' # MIT -Routes!=2.0,>=1.12.3;python_version!='2.7' # MIT -requests!=2.9.0,>=2.8.1 # Apache-2.0 +python-neutronclient>=5.1.0 # Apache-2.0 +Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT +Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT +requests>=2.10.0 # Apache-2.0 @@ -36,3 +36,3 @@ sqlalchemy-migrate>=0.9.6 # Apache-2.0 -stevedore>=1.5.0 # Apache-2.0 -suds-jurko>=0.6 # LGPL -setuptools>=16.0 # PSF/ZPL +stevedore>=1.16.0 # Apache-2.0 +suds-jurko>=0.6 # LGPLv3+ +setuptools!=24.0.0,>=16.0 # PSF/ZPL @@ -40 +40 @@ WebOb>=1.2.3 # MIT -dnspython>=1.12.0;python_version<'3.0' # http://www.dnspython.org/LICENSE +dnspython>=1.14.0 # http://www.dnspython.org/LICENSE @@ -42 +42 @@ dnspython3>=1.12.0;python_version>='3.0' # http://www.dnspython.org/LICENSE -oslo.db>=4.1.0 # Apache-2.0 +oslo.db!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0 @@ -44,2 +44,2 @@ oslo.i18n>=2.1.0 # Apache-2.0 -oslo.context>=0.2.0 # Apache-2.0 -oslo.policy>=0.5.0 # Apache-2.0 +oslo.context>=2.9.0 # Apache-2.0 +oslo.policy>=1.9.0 # Apache-2.0 @@ -49,0 +50 @@ debtcollector>=1.2.0 # Apache-2.0 +os-win>=0.2.3 # Apache-2.0 diff --git a/test-requirements.txt b/test-requirements.txt index ae59057..90caf4c 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -8,2 +8,2 @@ coverage>=3.6 # Apache-2.0 -fixtures>=1.3.1 # Apache-2.0/BSD -mock>=1.2 # BSD +fixtures>=3.0.0 # Apache-2.0/BSD +mock>=2.0 # BSD @@ -13,2 +13,2 @@ python-subunit>=0.0.18 # Apache-2.0/BSD -requests-mock>=0.7.0 # Apache-2.0 -sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD +requests-mock>=1.0 # Apache-2.0 +sphinx!=1.3b1,<1.3,>=1.2.1 # BSD @@ -20,2 +20,2 @@ WebTest>=2.0 # MIT -tempest-lib>=0.14.0 # Apache-2.0 -reno>=0.1.1 # Apache2 +tempest>=12.1.0 # Apache-2.0 +reno>=1.8.0 # Apache2 @@ -23,2 +23,3 @@ reno>=0.1.1 # Apache2 -bandit>=0.17.3 # Apache-2.0 - +bandit>=1.1.0 # Apache-2.0 +os-api-ref>=1.0.0 # Apache-2.0 +zake>=0.1.6 # Apache-2.0

1 0

[new][puppet] puppet-cinder 9.4.1 release (newton)
by no-reply＠openstack.org 05 Oct '16

05 Oct '16

We are excited to announce the release of: puppet-cinder 9.4.1: Puppet module for OpenStack Cinder This release is part of the newton stable release series. For more details, please see below. Changes in puppet-cinder 9.4.0..9.4.1 ------------------------------------- 5b6c032 Release 9.4.1 179bbe6 fixed typo in ./manifests/backend/{netapp,iscsi,bdd}.pp a91078e Use stable/newton spec helper 3f2d3c3 Update .gitreview for stable/newton Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + Gemfile | 1 + manifests/backend/bdd.pp | 2 +- manifests/backend/iscsi.pp | 2 +- manifests/backend/netapp.pp | 2 +- metadata.json | 2 +- releasenotes/source/conf.py | 4 ++-- 7 files changed, 8 insertions(+), 6 deletions(-)

1 0

[new][puppet] puppet-heat 9.4.1 release (newton)
by no-reply＠openstack.org 05 Oct '16

05 Oct '16

We are glowing to announce the release of: puppet-heat 9.4.1: Puppet module for OpenStack Heat This release is part of the newton stable release series. For more details, please see below. 9.4.1 ^^^^^ New Features * Allows configuration of [yaql] settings to control memory_quota and limit_iterators settings. Changes in puppet-heat 9.4.0..9.4.1 ----------------------------------- f107762 Release 9.4.1 cd04f83 Use stable/newton spec helper 7c2489b Add options to configure yaql settings e1c19de Update .gitreview for stable/newton Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + Gemfile | 1 + manifests/init.pp | 14 ++++++++++++++ metadata.json | 2 +- .../notes/yaql_config_options-d25ae9c0bd25706f.yaml | 4 ++++ releasenotes/source/conf.py | 4 ++-- spec/classes/heat_init_spec.rb | 10 ++++++++++ 7 files changed, 33 insertions(+), 3 deletions(-)

1 0

[new][puppet] puppet-swift 9.4.1 release (newton)
by no-reply＠openstack.org 05 Oct '16

05 Oct '16

We are frolicsome to announce the release of: puppet-swift 9.4.1: Puppet module for OpenStack Swift This release is part of the newton stable release series. For more details, please see below. 9.4.1 ^^^^^ Bug Fixes * Fixed the incorrect inclusion of a requirement for the memcached class to be in the catalog for swift::proxy::cache due to a bad grep of the memcached server list. LP#1628967 Changes in puppet-swift 9.4.0..9.4.1 ------------------------------------ 5860dd4 Release 9.4.1 3ae58f3 Fixed swift::proxy::cache requirement on memcached 4488de8 Use stable/newton spec helper 83d8be4 Update .gitreview for stable/newton Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + Gemfile | 1 + manifests/proxy/cache.pp | 4 +-- metadata.json | 2 +- ...d-require-for-proxy-cache-cbb2726d22b53d80.yaml | 5 +++ releasenotes/source/conf.py | 4 +-- spec/classes/swift_proxy_cache_spec.rb | 38 ++++++++++++++-------- 7 files changed, 36 insertions(+), 19 deletions(-)

1 0

[new][manila] manila-ui 2.5.1 release (newton)
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are joyful to announce the release of: manila-ui 2.5.1: Manila Management Dashboard This release is part of the newton stable release series. With source available at: http://git.openstack.org/cgit/openstack/manila-ui Please report issues through launchpad: http://bugs.launchpad.net/manila-ui For more details, please see below. Changes in manila-ui 2.5.0..2.5.1 --------------------------------- 61c5b00 Fix display of Delete share replica button 832c751 Change Create Replica button availability eed69d6 Fix metadata_to_str function code injection vulnerability 55188e5 Fix broken unit tests fb0ce55 Imported Translations from Zanata Diffstat (except docs and test files) ------------------------------------- manila_ui/api/manila.py | 10 +- .../dashboards/admin/shares/replicas/tables.py | 16 +- manila_ui/dashboards/admin/shares/tabs.py | 8 +- .../dashboards/project/shares/replicas/forms.py | 4 +- .../dashboards/project/shares/replicas/tables.py | 20 +- .../dashboards/project/shares/shares/tables.py | 4 +- manila_ui/dashboards/project/shares/shares/tabs.py | 10 +- manila_ui/dashboards/utils.py | 24 +- manila_ui/locale/zh_CN/LC_MESSAGES/django.po | 271 ++++++++++++++++++++- 19 files changed, 484 insertions(+), 128 deletions(-)

1 0

[new][telemetry] gnocchi 2.2.1 release
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are overjoyed to announce the release of: gnocchi 2.2.1: Metric as a Service For more details, please see below. Changes in gnocchi 2.2.0..2.2.1 ------------------------------- c92e986 ceph: Fix metricd start f102131 ceph: fix setup extra 2e39260 Update .gitreview for stable/2.2 Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + devstack/gate/post_test_hook.sh | 2 +- gnocchi/storage/ceph.py | 8 ++++++-- setup.cfg | 4 ++-- 4 files changed, 10 insertions(+), 5 deletions(-)

1 0

[new][packaging-rpm] pymod2pkg 0.6.0 release
by no-reply＠openstack.org 04 Oct '16

04 Oct '16

We are stoked to announce the release of: pymod2pkg 0.6.0: python module name to package name map For more details, please see below. Changes in pymod2pkg 0.5.4..0.6.0 --------------------------------- 13c1646 Fix cloudkittyclient to cloudkitty 637473d Updated from global requirements af44d9b More exceptions for python-*client naming on SUSE e10889b Updated from global requirements 8e583df Add additional mappings for new clients 58a12b9 Add mapping for OpenStack project names Diffstat (except docs and test files) ------------------------------------- pymod2pkg/__init__.py | 48 ++++++++++++++++++++++++++++++++++++++---------- test-requirements.txt | 4 ++-- 4 files changed, 55 insertions(+), 14 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 143c765..4da89ca 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -9,2 +9,2 @@ testtools>=1.4.0 # MIT -sphinx!=1.3b1,<1.3,>=1.2.1 # BSD -oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0 +sphinx!=1.3b1,<1.4,>=1.2.1 # BSD +oslosphinx>=4.7.0 # Apache-2.0

1 0

[new][cloudkitty] cloudkitty 0.6.1 release (newton)
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are pumped to announce the release of: cloudkitty 0.6.1: Rating as a Service component for OpenStack This release is part of the newton release series. For more details, please see below. Changes in cloudkitty 0.6.0..0.6.1 ---------------------------------- aa5d895 Update outputs in "Hashmap rating module" 5a04789 Fix consistency on gnocchi storage commit d3ee522 Fix typo in the file 015546e ceilometer network.* collector are not JSON serializable b921e7f Update hashmap documentation 1124e4d Fix typos in docstrings b99f97b Add volume_type attribute to volume when gnocchi collector c457f31 Change git url to openstack git in devstack doc f93aa0a Fix the image size unit from 'image' to 'MB' 302bb43 Specifies gabbi version in test-requirements.txt efa5f06 Fix state tracking in gnocchi storage 0296672 modify the home-page info with the developer documentation Diffstat (except docs and test files) ------------------------------------- cloudkitty/collector/ceilometer.py | 5 +- cloudkitty/collector/gnocchi.py | 5 +- cloudkitty/rating/__init__.py | 2 +- .../models/f8c799db4aa0_fix_unnamed_constraints.py | 4 +- cloudkitty/rating/hash/db/sqlalchemy/api.py | 2 +- cloudkitty/rating/hash/db/sqlalchemy/models.py | 4 +- cloudkitty/rating/pyscripts/db/api.py | 2 +- cloudkitty/storage/gnocchi/__init__.py | 188 +++++++++++++-------- cloudkitty/storage/gnocchi_hybrid/models.py | 2 +- cloudkitty/transformer/__init__.py | 1 + cloudkitty/transformer/ceilometer.py | 34 ++++ cloudkitty/transformer/gnocchi.py | 1 + setup.cfg | 2 +- test-requirements.txt | 2 +- 18 files changed, 321 insertions(+), 122 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index b761433..e455d2a 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -7 +7 @@ discover # BSD -gabbi>=1.11.0 # Apache-2.0 +gabbi>=1.11.0,<=1.25.0 # Apache-2.0

1 0

[new][cloudkitty] cloudkitty-dashboard 0.6.1 release (newton)
by no-reply＠openstack.org 29 Sep '16

29 Sep '16

We are jazzed to announce the release of: cloudkitty-dashboard 0.6.1: CloudKitty Horizon dashboard This release is part of the newton release series. With package available at: https://pypi.python.org/pypi/cloudkitty-dashboard For more details, please see below. Changes in cloudkitty-dashboard 0.6.0..0.6.1 -------------------------------------------- 6b2ea6e TrivialFix: Fix typo in README file Diffstat (except docs and test files) ------------------------------------- README.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

1 0