We are excited to announce the release of: keystone 28.0.0 This release is part of the flamingo release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. Changes in keystone 27.0.0..28.0.0 ---------------------------------- f8338be43 Fix AD nested groups issues cf6a83f9e Imported Translations from Zanata 9c8f3a410 Stop installing removed "memcache" extra fa7fd43e8 alembic: Explicitly set path_separator f263a3b55 sqlalchemy: Use built-in declarative 84a30d560 trust schema: don't require user_id to be in uuid format 48407c6d7 Remove Python 3.9 support 398e05c21 Fix json schema of user groups a2e54ac55 trust schema: don't require project_id to be in uuid format 8ab4ecd1b Remove OSA test job ee4aef7dd Separate user response and request schema 1d67a0ae7 Split role assignment request/response schemas 26408ecd9 Revert "docs: identity service now use https" b834722f1 Prevent MFA bypass 2323c474f Fix getting token from application credentials token 403394524 zuul: Remove keystone-tox-patch_cover job 9bde660ae zuul: Rename, reorder tempest jobs b6f955b8e api: Add log when creating unscoped token 7830e89df api: Remove constraints on user IDs 3c72ffb36 docs: identity service now use https b02ed6c9f Updated the doc for MySQL > 5.7 1be3fa9f3 Update pre-commit hook versions 89a157427 Remove sample mod_wsgi config file 606e46098 Allow additional properties in endpoint schema 3c17d3a1c Fix limit.model response schema d57db0fb3 Replace deprecated usage of pkg_resources in tests 0cd66f5f8 Remove openSUSE/SLES from install guide d5fc2c0f6 Use real service type in catalog multi-region test 0d2cc1a3a setup: Remove pbr's wsgi_scripts 037bf7c4d wsgi: Don't create, use lock in same line ee437c72c Add pyproject.toml to support pip 23.1 d688c3c95 Start building openapi doc 5125d9fee Fix DB migrations after alembic integration 9407be8d2 Remove tags from README 615e0f181 Fix an error in the document 3ce6d6db4 Add a new index on project_endpoint_group 46ba4f455 api: Don't restrict unknown querystring parameters yet (redux) feca9be8e Document example when report_invalid_password_hash=event 747198efa Imported Translations from Zanata 187c1af50 api: Correct query string schema for access rules API 05cc3d190 api: Don't restrict unknown querystring parameters yet b4b2f29c8 Add JSON schema and validation for `region` 1e4165950 Update master for stable/2025.1 7db8d5fe5 Support emitting partial hash of invalid password 3915fd3d1 docs: Add usage guide for trusts 08065b255 Direct link to keystone docs 2e3ba3910 reno: Update master for unmaintained/2023.1 23b670978 Add explicit dependency on Werkzeug bc698b3b6 Remove pointer for keystone-tempest-plugin b934212e5 Remove remaining reference to volume v2 API 11681e229 Skip functional tests on pre-commit config update d4713cacd Remove leftovers for SQLAlchemy < 2 9f35c9b29 Fix inconsistency in CADF initiator name field 6d97d94be Remove the password element from the generated dict in update_user Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 + .pre-commit-config.yaml | 8 +- .zuul.yaml | 131 +++++---- README.rst | 3 +- api-ref/requirements.txt | 4 + api-ref/source/conf.py | 2 +- api-ref/source/index.rst | 5 + api-ref/source/openapi.rst | 5 + .../admin/federation/configure_federation.rst | 10 +- httpd/wsgi-keystone.conf | 35 --- keystone/api/_shared/authentication.py | 23 +- keystone/api/os_oauth1.py | 6 +- keystone/api/os_oauth2.py | 11 +- keystone/api/regions.py | 60 ++-- keystone/api/users.py | 23 +- keystone/api/validation/parameter_types.py | 11 + keystone/application_credential/schema.py | 51 +++- keystone/assignment/schema.py | 166 ++++++----- keystone/auth/core.py | 32 ++- keystone/auth/plugins/token.py | 19 +- keystone/catalog/backends/sql.py | 3 +- keystone/catalog/schema.py | 122 ++++++-- keystone/cmd/bootstrap.py | 3 +- keystone/cmd/cli.py | 10 +- keystone/common/password_hashing.py | 34 +++ keystone/common/policies/base.py | 4 +- keystone/common/policies/policy_association.py | 3 +- keystone/common/policies/protocol.py | 3 +- keystone/common/policies/service_provider.py | 15 +- keystone/common/rbac_enforcer/enforcer.py | 3 +- keystone/common/resource_options/core.py | 2 +- keystone/common/sql/alembic.ini | 1 + keystone/common/sql/core.py | 4 +- keystone/common/sql/migrations/manage.py | 2 +- ...8725d6fa226_add_project_id_index_to_project_.py | 31 +++ keystone/common/sql/upgrades.py | 19 +- keystone/common/utils.py | 8 +- keystone/conf/security_compliance.py | 77 ++++++ keystone/credential/schema.py | 5 +- keystone/exception.py | 15 +- keystone/federation/idp.py | 6 +- keystone/federation/schema.py | 8 +- keystone/identity/backends/ldap/common.py | 24 +- keystone/identity/backends/ldap/core.py | 13 +- keystone/identity/backends/sql.py | 6 +- keystone/identity/core.py | 3 +- keystone/identity/schema.py | 307 ++++++++++++++------- keystone/limit/schema.py | 14 +- keystone/locale/es/LC_MESSAGES/keystone.po | 6 +- keystone/locale/ru/LC_MESSAGES/keystone.po | 8 +- keystone/models/token_model.py | 3 +- keystone/notifications.py | 58 +++- keystone/resource/core.py | 5 +- keystone/resource/schema.py | 27 +- keystone/server/flask/application.py | 10 +- keystone/server/flask/common.py | 3 +- keystone/server/flask/core.py | 8 +- .../request_processing/middleware/auth_context.py | 5 +- .../test_associate_project_endpoint_extension.py | 6 +- keystone/trust/schema.py | 10 +- keystone/wsgi/api.py | 3 +- keystone_tempest_plugin/README.rst | 5 - pyproject.toml | 3 + ...nvalid-password-reporting-975955d2d79c21b3.yaml | 10 + .../notes/remove-py39-6d0746192cebd384.yaml | 5 + .../remove-wsgi-scripts-615b97ee4d6e0de2.yaml | 8 + releasenotes/source/2023.1.rst | 2 +- releasenotes/source/2025.1.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 15 +- .../source/locale/fr/LC_MESSAGES/releasenotes.po | 120 ++++++++ .../source/locale/ja/LC_MESSAGES/releasenotes.po | 22 +- .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 202 ++++++++++++++ requirements.txt | 1 + setup.cfg | 7 +- tools/sample_data.sh | 18 +- tox.ini | 20 +- 111 files changed, 2034 insertions(+), 1013 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 3b03fc21d..aa980f262 100644 --- a/requirements.txt +++ b/requirements.txt @@ -39,0 +40 @@ osprofiler>=1.4.0 # Apache-2.0 +Werkzeug>=0.15.0 # BSD License