We are tickled pink to announce the release of: puppet-keystone 16.4.0: Puppet module for OpenStack Keystone This release is part of the ussuri stable release series. The source is available from: https://opendev.org/openstack/puppet-keystone Download the package from: https://tarballs.openstack.org/puppet-keystone/ Please report issues through: https://bugs.launchpad.net/puppet-keystone/+bugs For more details, please see below. 16.4.0 ^^^^^^ New Features ************ * Adding the following configurable items for OpenID: * "keystone::federation::openidc::openidc_pass_userinfo_as" to set "OIDCPassUserInfoAs" * "keystone::federation::openidc::openidc_pass_claim_as" to set "OIDCPassClaimsAs" * Add TLS options to oslo.cache * Allow to specify drivername for postgres db * The new "keystone::cron::trust_flush" class was added to configure a cron job to purge expired or soft-deleted trusts. * The "keystone::federation::ipenidc" class now supports the new "openidc_response_mode" parameter, to customize mod_auth_openidc response mode. Upgrade Notes ************* * Since Ussuri release, identity service record is created by bootstrap instead of API call. Since current bootstrap doesn't support service the value has been changed to "" from the previous value, "OpenStack Identity Service", which was implemented in puppet-keystone. Bug Fixes ********* * Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3. * The "default/public_endpiint" parameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint) Changes in puppet-keystone 16.3.0..16.4.0 ----------------------------------------- 0c5c446 Prepare the final stable/ussuri release f6cb44a OIDC: Add support for setting OIDCResponseMode f0d4f19 Add oidc options 1dd6ad7 Unset memcached_servers by default 7cd34da TripleO: Reduce tempest test scope 509aecf Set fixture paths for unit tests 4861101 Add TLS options to oslo.cache abb78e8 Add missing dependencies about keystone_puppet_config c8b5bda Build containers for single consumer job d838c86 Add service_description parameter to keep interface compatibility 2917cc9 Fix python package names (ldappool and pysaml2) 79083ed Convert more to rspec-puppet-facts 1639894 Fix missing usage of openstack_integration::apache af7e03b Add CentOS8 to nodesets 13fcea1 Use common class to manage apache service in beaker job 58e6659 Add support for trust_flush cron job f25a4cc allow to specify drivername for postgres db 5f19d18 Unset public_endpoint by default d33843d Always pass --name when flushing keystone_service 975806c Install the correct memcache bindings for py3 e3ce449 Update doc to reflect code a9b40a2 Switch to Ussuri 2adf1b8 Fix broken unit tests because of list in notification drivers f925b41 Update TOX_CONSTRAINTS_FILE for stable/ussuri e2296a3 Update .gitreview for stable/ussuri Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 4 +- Gemfile | 1 + lib/puppet/provider/keystone_service/openstack.rb | 3 + manifests/cache.pp | 43 +++ manifests/cron/trust_flush.pp | 91 +++++ manifests/db.pp | 2 +- manifests/deps.pp | 6 + manifests/endpoint.pp | 21 +- manifests/federation/identity_provider.pp | 15 +- manifests/federation/openidc.pp | 39 +- manifests/init.pp | 46 +-- manifests/ldap.pp | 9 +- manifests/ldap_backend.pp | 6 +- manifests/params.pp | 6 +- metadata.json | 6 +- .../notes/add-oidc-params-0bddcca8d49ccfdb.yaml | 11 + .../notes/add_tls_options-8ed38a82af2f378f.yaml | 4 + ...drivername-for-postgresql-daa276a598844884.yaml | 3 + ...strap-service_description-af9b4f786fa181e5.yaml | 7 + .../notes/cron-trust_flush-9a85af706076f55d.yaml | 5 + .../memcache-package-pyvers-a3db976c1a881dcf.yaml | 5 + .../openidc_response_mode-f5a2ddf95bd4b752.yaml | 6 + .../unset-public_endpoint-1f28429335f3d0d7.yaml | 6 + spec/acceptance/default_domain_spec.rb | 2 + .../keystone_federation_identity_provider_spec.rb | 1 + .../keystone_federation_shibboleth_spec.rb | 1 + spec/acceptance/keystone_wsgi_apache_spec.rb | 2 + spec/acceptance/nodesets/nodepool-centos8.yml | 10 + spec/classes/keystone_cache_spec.rb | 15 + spec/classes/keystone_cron_trust_flush_spec.rb | 67 ++++ .../keystone_federation_identity_provider_spec.rb | 189 ++++++---- spec/classes/keystone_federation_openidc_spec.rb | 39 ++ spec/classes/keystone_init_spec.rb | 46 +-- spec/classes/keystone_ldap_spec.rb | 225 +++++++----- spec/defines/keystone_ldap_backend_spec.rb | 392 +++++++++++---------- spec/defines/keystone_resource_authtoken_spec.rb | 10 +- spec/spec_helper.rb | 7 +- templates/openidc.conf.erb | 11 +- tox.ini | 2 +- 40 files changed, 904 insertions(+), 461 deletions(-)