We are happy to announce the release of: puppet-keystone 9.1.0: Puppet module for OpenStack Keystone This release is part of the newton release series. For more details, please see below. 9.1.0 ^^^^^ New Features ************ * Implement bug 1589933 so now one associate the admin to admin_role for an entire domain if it uses the target_admin_domain parameter in the auth.pp class. Upgrade Notes ************* * update undef parameters in authtoken.pp to use $::os_service_default * Add all missing parameters and remove deprecated ones to configure keystone_authtoken section. Bug Fixes ********* * Fixes bug 1559013 so update of a keystone_endpoint does not recreate all endpoints when one or two network endpoint are missing. * Fixes bug 1597357 exits? was not using any retry as it expects an error to determine if the user exist. This fix it and enable classic retry mechanism for other errors. Other Notes *********** * If you use Ubuntu Cloud Archives (Canonical) packages and you set manage_policyrcd to true, you won't be able to deloy OpenStack Mitaka. Changes in puppet-keystone 9.0.0..9.1.0 --------------------------------------- 633c1a4 Prepare 9.1.0 (newton-2) 9fd52ae Added federation support for OpenID Connect with mod_auth_openidc 4bab7ac Add misssing parameters to keystone_authtoken c1d0abe Remove 12.04 and add 16.04 to metadata 07cee48 Add retry to keystone_user.exists? 84e6682 Allow virtual package for python-pysaml2 14f754a Remove mitaka release prelude note 51c68fb Support member_role_id and member_role_name config options fe0edef Fix endpoint update when one endpoint is missing. beab6ce Add association of the admin user to a domain. ba622e4 Fix idempotency of keystone_tenant description a02d2ae roles/admin: make sure role is created after admin user / tenant 33e051c Switch openstacklib::policyrcd class to policy_rcd provider 4b4402a Fix up client_package_name param e5754d9 Move Authtoken to $::os_service_default 50cdfe9 manage_policyrcd: stop eventlet support from Newton 3fb66aa Add nodepool-xenial.yml file 09a2d03 beaker: remove multi domain config resources output test 41ded11 ubuntu: do not attempt to start apache during keystone setup 067b75b Fix facts for policy test b111078 Test multiple operating systems for policy 7e0cc49 Fix incorrect parameter c212003 Fix wrong handling of disabled users because of typo Diffstat (except docs and test files) ------------------------------------- lib/puppet/provider/keystone.rb | 16 +- lib/puppet/provider/keystone_endpoint/openstack.rb | 101 +++-- lib/puppet/provider/keystone_user/openstack.rb | 10 +- lib/puppet/type/keystone_tenant.rb | 1 - manifests/federation/identity_provider.pp | 5 +- manifests/federation/openidc.pp | 128 ++++++ .../federation/openidc_httpd_configuration.pp | 25 ++ manifests/init.pp | 48 ++- manifests/params.pp | 4 +- manifests/resource/authtoken.pp | 428 ++++++++++++--------- manifests/roles/admin.pp | 19 +- metadata.json | 8 +- .../add_target_admin_domain-272f97b06e476495.yaml | 6 + ...htoken-os_service_default-eb8809222b21e05a.yaml | 4 + ...point_update_when_missing-4cd73e06a8ac30f7.yaml | 6 + ..._for_keystone_user_exists-53987cf3bfac4f6e.yaml | 7 + releasenotes/notes/mitaka-dece9d43a565e6cb.yaml | 3 - .../notes/uca_newton-434b3f07a06be290.yaml | 4 + .../notes/update_authtoken-c3b672875f4c5b50.yaml | 4 + releasenotes/source/conf.py | 4 +- spec/acceptance/keystone_wsgi_apache_spec.rb | 32 +- spec/acceptance/nodesets/nodepool-xenial.yml | 10 + spec/classes/keystone_federation_openidc.rb | 106 +++++ spec/classes/keystone_policy_spec.rb | 21 +- spec/classes/keystone_roles_admin_spec.rb | 24 +- spec/classes/keystone_spec.rb | 13 +- spec/classes/keystone_wsgi_apache_spec.rb | 2 +- spec/defines/keystone_resource_authtoken_spec.rb | 303 +++++++-------- .../provider/keystone_endpoint/openstack_spec.rb | 62 +++ spec/unit/provider/keystone_spec.rb | 4 +- spec/unit/provider/keystone_user/openstack_spec.rb | 2 +- templates/openidc.conf.erb | 15 + 32 files changed, 963 insertions(+), 462 deletions(-)