We are glad to announce the release of: keystone 23.0.0: OpenStack Identity This release is part of the antelope release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. Changes in keystone 22.0.0..23.0.0 ---------------------------------- f6a0cce44 OAuth 2.0 Mutual-TLS Support 3288af579 Force algo specific maximum length d293315ee Add oidc federation test setup 420f4ff46 Fix passenv syntax in tox and update python jobs ff632a81f [PooledLDAPHandler] Ensure result3() invokes message.clean() 6dfde5b48 requirements: Bump linter requirements 8f999d1c1 Limit token expiration to application credential expiration 1ac882165 Update master for stable/zed eae6adf00 remove unicode prefix from code 4edad6b58 Use TOX_CONSTRAINTS_FILE Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 19 +- devstack/files/oidc/apache_oidc.conf | 47 + devstack/lib/oidc.sh | 160 ++ devstack/plugin.sh | 29 +- devstack/tools/oidc/__init__.py | 0 devstack/tools/oidc/docker-compose.yaml | 33 + devstack/tools/oidc/setup_keycloak_client.py | 61 + keystone/api/os_ep_filter.py | 2 +- keystone/api/os_oauth2.py | 292 +++- keystone/cmd/doctor/database.py | 2 +- keystone/common/password_hashing.py | 22 +- keystone/common/render_token.py | 4 + .../versions/27e647c0fad4_initial_version.py | 2 +- keystone/common/sql/upgrades.py | 4 +- keystone/common/utils.py | 66 +- keystone/conf/__init__.py | 2 + keystone/conf/identity.py | 6 +- keystone/conf/oauth2.py | 52 + keystone/federation/utils.py | 2 +- keystone/identity/backends/ldap/common.py | 21 +- keystone/models/token_model.py | 6 + keystone/revoke/backends/base.py | 4 +- keystone/token/provider.py | 25 +- keystone/token/providers/base.py | 1 + keystone/token/providers/fernet/core.py | 5 +- keystone/token/providers/jws/core.py | 12 +- keystone/token/token_formatters.py | 106 +- .../bp-support-oauth2-mtls-8552892a8e0c72d2.yaml | 13 + ...th-truncation-and-warning-bd69090315ec18a7.yaml | 9 + ...ch_application_credential-56d058355a9f240d.yaml | 10 + releasenotes/source/conf.py | 16 +- releasenotes/source/index.rst | 1 + releasenotes/source/zed.rst | 6 + test-requirements.txt | 11 +- tox.ini | 53 +- 44 files changed, 3060 insertions(+), 211 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 0213085b8..1fca35803 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,8 +1,3 @@ -# The order of packages is significant, because pip processes them in the order -# of appearance. Changing the order has an impact on the overall integration -# process, which may cause wedges in the gate later. - -hacking>=3.0.1,<3.1.0 # Apache-2.0 -pep257==0.7.0 # MIT License -flake8-docstrings==0.2.1.post1 # MIT -bashate>=0.5.1 # Apache-2.0 +hacking~=4.1.0 # Apache-2.0 +flake8-docstrings~=1.6.0 # MIT +bashate~=2.1.0 # Apache-2.0