We are satisfied to announce the release of: keystoneauth1 5.2.0: Authentication Library for OpenStack Identity This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/keystoneauth1 Download the package from: https://pypi.org/project/keystoneauth1 For more details, please see below. 5.2.0 ^^^^^ New Features ************ * [blueprint support-oauth2-mtls (https://blueprints.launchpad.net/keystone/+spec/support- oauth2-mtls)] Added a new OAuth2mTlsClientCredential plugin, accessible via the 'v3oauth2mtlsclientcredential' entry point, making possible to authenticate using an OAuth 2.0 Mutual-TLS client credentials. Keystoneauth can now be used to access the OpenStack APIs that use the keystone middleware to support OAuth2.0 mutual-TLS client authentication through the keystone identity server. Bug Fixes ********* * [bug 1998366 (https://bugs.launchpad.net/keystoneauth/+bug/1998366)] Federated auth plugins now can work with unversioned auth url (e.g. "http://keystone"). Changes in keystoneauth1 5.1.2..5.2.0 ------------------------------------- 2e40bbf Update master for stable/2023.1 44e5b2d New auth plugin v3oidcdeviceauthz ca28df8 OAuth 2.0 Mutual-TLS Support 192a27a Remove six bef3dfb setup.cfg: Restore python_requires after a typo 737790f Allow federation to work with unversioned auth_url 19db34e Switch to 2023.1 Python3 unit tests and generic template name aaca2b3 Update master for stable/zed be2223c Replace abc.abstractproperty with property and abc.abstractmethod Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 2 +- keystoneauth1/_fair_semaphore.py | 4 +- keystoneauth1/_utils.py | 5 +- keystoneauth1/access/access.py | 8 + keystoneauth1/access/service_catalog.py | 5 +- keystoneauth1/discover.py | 7 +- keystoneauth1/exceptions/oidc.py | 9 + keystoneauth1/extras/_saml2/v3/adfs.py | 3 +- keystoneauth1/fixture/serializer.py | 5 +- keystoneauth1/fixture/v3.py | 18 +- keystoneauth1/identity/__init__.py | 10 +- keystoneauth1/identity/base.py | 9 +- keystoneauth1/identity/generic/base.py | 9 +- keystoneauth1/identity/v2.py | 5 +- keystoneauth1/identity/v3/__init__.py | 6 +- keystoneauth1/identity/v3/base.py | 11 +- keystoneauth1/identity/v3/federation.py | 10 +- keystoneauth1/identity/v3/k2k.py | 4 +- .../identity/v3/oauth2_mtls_client_credential.py | 125 +++++++++++ keystoneauth1/identity/v3/oidc.py | 148 ++++++++++++- keystoneauth1/identity/v3/tokenless_auth.py | 5 +- keystoneauth1/loading/_plugins/identity/v3.py | 54 +++++ keystoneauth1/loading/base.py | 4 +- keystoneauth1/session.py | 28 +-- .../unit/identity/test_identity_v3_federation.py | 18 +- .../bp-support-oauth2-mtls-177cda05265ae65c.yaml | 10 + .../notes/bug-1998366-27cd486b46fb56b0.yaml | 6 + releasenotes/source/2023.1.rst | 6 + releasenotes/source/index.rst | 2 + releasenotes/source/zed.rst | 6 + requirements.txt | 5 - setup.cfg | 4 +- 44 files changed, 829 insertions(+), 137 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 4f06ae0..30d3d7f 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5,4 +4,0 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. - @@ -21 +16,0 @@ requests>=2.14.2 # Apache-2.0 -six>=1.10.0 # MIT