We exuberantly announce the release of:
keystone 10.0.3: OpenStack Identity
This release is part of the newton stable release series.
Download the package from:
https://tarballs.openstack.org/keystone/
For more details, please see below.
10.0.3 ^^^^^^
Security Issues ***************
* [bug 1703369 (https://bugs.launchpad.net/keystone/+bug/1703369)] There was a typo for the identity:get_identity_provider rule in the default "policy.json" file in previous releases. The default value for that rule was the same as the default value for the default rule (restricted to admin) so this typo was not readily apparent. Anyone customizing this rule should review their settings and confirm that they did not copy that typo. More context regarding the purpose of this backport can be found in the bug report.
Bug Fixes *********
* [bug 1616424 (https://bugs.launchpad.net/keystone/+bug/1616424)] Python build-in exception was raised if create request token or access token request from client with invalid request parameters, invalid signature for example. The implementation is hardened by showing proper exception and displaying the failure reasons if existent.
* [bug 1689616 (https://bugs.launchpad.net/keystone/+bug/1649616)] Significant improvements have been made when performing a token flush on massive data sets.
* [bug 1687593 (https://bugs.launchpad.net/keystone/+bug/1687593)] Ensure that the URL used to make the request when creating OAUTH1 request tokens is also the URL that verifies the request token.
* [bug 1571878 (https://bugs.launchpad.net/keystone/+bug/1571878)] A valid "mapping_id" is now required when creating or updating a federation protocol. If the "mapping_id" does not exist, a "400 - Bad Request" will be returned.
Changes in keystone 10.0.2..10.0.3 ----------------------------------
bd49c3e fix identity:get_identity_providers typo f20f442 Add a release note for bug 1687593 8d3758f Change url scheme passed to oauth signature verifier 48a5336 Handle token exception and use proper url for verification 058ea42 Fixing flushing tokens workflow 057d585 Validate mapping exists when creating/updating a protocol 8726573 Fix keystone-manage mapping_engine tester
Diffstat (except docs and test files) -------------------------------------
.../v3-ext/federation/identity-provider/idp.inc | 2 + etc/policy.json | 2 +- etc/policy.v3cloudsample.json | 2 +- keystone/cmd/cli.py | 84 ++++++---- keystone/federation/core.py | 16 ++ keystone/oauth1/controllers.py | 82 +++++++--- keystone/oauth1/validator.py | 6 +- keystone/token/persistence/backends/sql.py | 16 +- .../api/identity/v3/test_identity_providers.py | 20 ++- .../notes/bug-1616424-c46ba773f7ac40ae.yaml | 8 + .../notes/bug-1649616-b835d1dac3401e8c.yaml | 6 + .../notes/bug-1687593-95e1568291ecd70b.yaml | 6 + .../notes/bug-1703369-9a901d627a1e0316.yaml | 11 ++ ...s-for-federation-protocol-1bcaea5337905af0.yaml | 7 + 20 files changed, 480 insertions(+), 73 deletions(-)