We are overjoyed to announce the release of: keystone 14.0.0: OpenStack Identity This release is part of the rocky release series. Download the package from: https://tarballs.openstack.org/keystone/ For more details, please see below. Changes in keystone 13.0.0.0rc1..14.0.0 --------------------------------------- c767e25 Add placeholder migrations for Rocky 9208430 Update .gitreview for stable/rocky 2541001 Allow for more robust config checking with keystone-manage 3bad4cd Convert limits and registered limits to flask dispatching 7eace83 Add a release note for bug 1785164 c163ee3 Error location of parameters in api-ref:project tags 954bd1a Code optimization of create application credential bf3a8c0 Do not allow create limits for domain 4988bca Fix json indentation of notification sample 6f07b4c Convert OS-AUTH1 paths to flask dispatching 203787c Clean up token extra code 140a34b Remove KeystoneToken object a4d9a4f Convert OS-REVOKE to flask dispatching d42e955 Address FIXMEs for listing revoked tokens da4eb43 Move unenforced_api decorator to module function 6dbd005 Remove direct calls to auth.controllers in some tests f5c9b09 Move validate_issue_token_auth from controllers 68dfd78 Api-ref: Correct response code a272b66 Adding missing comma in docs fe5cdc6 Expose random uuid bug in cadf notifications 1c5affb Boostrap CLI tests no longer call auth controller 6e74c6e Implement "no-update" test for trusts 3e948cf Move trusts to flask native dispatching c782262 Address nits in strict-two-level implementation d1aef16 Remove get_catalog usage from contrib b874977 Deprecate [token] infer_roles=False df5d755 Reduce duplication in federated auth APIs f60c661 Fix RBACEnforcer Comment 142b224 Mirror self-link trust check from tempest 68aa33a Trusts do not implement patch. d35a5ed Allow for 'extension' rel in json home 1e7f3a1 Add pycadf initiator for flask resource ed5e88c Use oslo_serialization.jsonutils 5ea59f5 Correctly pull input data for enforcement 022217e Delete project limits when deleting project 8e44aa3 Add project hierarchical tree check when Keystone start a7d4a9b Update project depth check 8038c70 Add include_limits filter 56b8578 Bump lower constraint for pysaml2 to 4.5.0 c008cbc Allow class-level definition of API URL Prefix cb130ff Move Credentials API to Flask Native dca9a05 Add project_id filter for listing limit 4b4835a Strict two level limit model 0fa6f97 Switch to python-ldap ba854a5 Add correct self-link dbc6899 Properly remove content-type on HTTP 204 3f8cd50 Increase test coverage of entity_type id mapping query 3dbf4be Cleanup keystone.token.providers.common 7ba3be5 Remove remnants of token bind b47e84d Simplify the token provider API 693a86f Add serialization for TokenModel object 04a5496 Introduce new TokenModel object 0d6b427 Don't allow legacy and native flask to share paths f8e0534 Remove uuid token size check from doctor dbc2ac0 Do not use flask.g imported as g 0f4fd2e Fix keystone.common.rbac_enforcer.__init__.py exporting 9387dfd Make keystone.server.flask more interesting for importing 16be22b Flesh out and add testing for flask_RESTful scaffolding b039ad3 Update pypi url to new url 83e72d7 Invalidate 'computed assignments' cache when creating a project. 4cdb4a0 Filter project_id for list limits 5a52e5a Expose endpoint to return enforcement model 22af20b Add docs for case-insensitivity in keystone 8c188d4 Clarifications to API & Scenario Tests 59e1d21 Remove enable config option of trust feature 83dc62a Fix keystone-manage saml_idp_metadata under python3 4155e61 Only upload SP metadata to testshib.org if IDP id is testshib 91fe8a9 Ignore .eggs dir as well fd4b737 Implement enforcement model logic in Manager a558eb0 Add registered_limit_id column for limit 209462c Add auto increase primary key for unified limit 6d14560 Address minor comments from initial impl RBACEnforcer 2715cd0 Refactor _handle_shadow_and_local_users 825c4b0 Refactor _set_domain_id_and_mapping functions 1caba2a Move keystone.server.common to keystone.server fb0299f Add support for enforce_call to set value on flask.g 4b26ea7 Refactor - remove extra for loop eaa5435 Remove token bind capabilities b77b584 Address minor comments to 404 error detection 9cefb4d Exposing ambiguity bug when querying role assignments 9cece82 pycrypto is not used by keystone e2e561f Add new "How Can I Help?" contributor guide f472979 Added check to avoid keyerror "user['name']" bb3b15b Implement base for new RBAC Enforcer 114e0fb Refactor trust roles check 1bcc8a1 Make it easy to identify a 404 from Flask 1e870ab Don't replace the whole app just the wsgi_app backing 3330c22 Add support for before and after request functions 3e3ba18 Convert json_home and version discovery to Flask ecf721a Keystone adheres to public_endpoint opt only 925cded Implement scaffolding for Flask-RESTful use 8dd2235 Add Flask-RESTful and update flask minimum(s) 74684cf Fix keystone-manage mapping_purge with --type option 589152d Override oauthlib docstrings that fail with Sphinx 1.7.5 d054c9a Simple usage docs for implied roles 50fd693 Fix duplicate role names in trusts bug 89a5783 Expose duplicate role names bug in trusts d9cdc10 Remove unclear wording in parameters 4abd992 Filter by entity_type in get_domain_mapping_list 6663ea9 Migrate all password hashes to the new location if needed 0022adb Add policy for limit model protection 805d1c7 Api-ref: Refresh the Update APIs for limits 7bf02f3 Imported Translations from Zanata 5a3e70e Remove a useless function 4ff650f Clarify complicated sentence in docs b385864 Unified limit update APIs Refactor f18d54f Store JSON Home Resources off the composing router d44ed7f Ensure default roles created during bootstrap f2beb6e Add release notes link to README 4bc762f Remove duplicated test ddd841e Expand on debug_middleware option 75da4da Clarify scope responses in authentication api ref f5017d9 fix tox python3 overrides 68c813b Add Flaskification release-note 8bf335b Remove pastedeploy a11d6ca Flaskification cleanup 0211cdd Remove the rest of v2.0 legacy 81caf3e Add in ability to load DEBUG middleware 45d724f Revert "Rename fernet_utils to token_utils" 4ec6bc5 Convert Keystone to use Flask dc354e1 Correct test_v3_oauth1.test_deleting_project_also_invalidates_tokens a9b415c Correct test_v3_oauth1.test_change_user_password_also_deletes_tokens 40f9086 Correct test_v3_oauth1.test_bad_authorizing_roles_id 90fa275 Correct test_v3_oauth1.test_bad_authorizing_roles_name 488ecef Fix warnings in documentation 7a005d1 fix rally docs url dd4b5e7 Decouple bootstrap from cli module f2a210e Handle empty token key files f45f922 Remove some unused functions f37895d Update tests to work with WebOb 1.8.1 6bac0a1 Consolidate oauth1.rst b39132d Remove the TokenAuth middleware 0ebe420 Remove token driver configuration a7437ca Fix the test for unique IdP 641694c Consolidate health-check-middleware.rst 9d7ffbc Limit description support 403917c The migration script to add description for limit b6da8a1 Update IdP sql model 41ca2d7 Remove dead dependency injection code b0cc66e Remove unused assertions from test_v3.py 256e763 Remove dead code in token provider 92f4220 Remove unused exception 6ec45b1 Do not return all the limits for POST request. b8e8a8b Add configuration option for enforcement models 000c071 Use the provider_api module in limit controller 1a4a8db Fix the outdated URL 03c06a8 Remove policy service from architecture.rst 3b701cd Invalidate the shadow user cache when deleting a user 856b240 Add conceptual overview of the service catalog 1a5877f Trivial: Update pypi url to new url 38d25b7 Update the RDO installation guide to use port 5000 42e45c2 Update keystone functional tests 3ffee23 Remove the sample .conf file f17fa57 Allow blocking users from self-service password change f01edae Add prerequisite package note to Keystone install guide 22fa4e8 Update auth_uri option to www_authenticate_uri 78adf4b Fix json schema nullable to add None to ENUM 96a883a Use consistent role schema in token response validation a5edf02 Corrects spelling of MacOS 42cf675 Fix 500 error when deleting domain 1ab693c Allow cleaning up non-existant group assignments a04a1dc Follow the new PTI for document build 7c4c6a5 Use the new pysaml2 constraints 0c5242b Fix incompatible requirement in lower-constraints 4d313b7 Update install guides 69f0e55 Fix mispelling of accommodate in install docs 245a0c7 Fix list_limit doesn't work correctly for domain c522fc3 Expose a bug that list_limit doesn't work correctly 9ca3740 Log warning when using token_flush 8fb4b79 Removal of deprecated direct driver loading 4b572e5 Make tags filter match subset rather than exact 7d8f525 Updated from global requirements 27762c8 Update RDO install guide for v3 dc825c9 Remove admin interface in sample Apache file 6cb71c3 add lower-constraints job 9383857 Fix integer -> method conversion for python3 475ea45 Fix user email in federated shadow users 9bc92c5 Remove references to v2.0 from external developer doc c402691 Remove references to UUID from token documentation ccdf2d9 Add logging for xmlsec1 installation ac4baf9 Updated from global requirements 07a66b9 Mark the implied role API as stable 1b01ebc Add note to keystone-manage bootstrap doc 4a1df08 Fix assert test error under py3.6 d10bafe Fix api-ref for project tag create c16ed74 Updated from global requirements 1483e05 Fixing multi-region support in templated v3 catalog cd9b8b7 Update links in README c625aef Use different labels for user and project names 7bf2573 Imported Translations from Zanata 3bde244 Add user documentation for JSON Home 852bd45 Fix formatting of ImportError 8b4be05 Imported Translations from Zanata e05e2b5 Updated from global requirements c4cac49 Imported Translations from Zanata 94ef945 Remove @expression from tags ac02477 Work around deprecations for opportunistic tests f0c0634 Api-ref: fix resource_limit format 615ee81 Correct typo in identity API reference 1497533 Imported Translations from Zanata c7ef448 Consolidate identity-token-binding.rst d5d6621 Consolidate identity-service-api-protection.rst deb91e2 Add new setup commands for token keys 7abb53f Consolidate endpoint-filtering.rst a10b6ae Remove unnecessary config overrides from fernet tests 70dea44 Make assertValidFernetKey assertion more robust 1175a35 Update 3.10 versioning to limits and system scope 8948050 Remove v2.0 policies 796198f Populate application credential data in token 3bc1de8 Imported Translations from Zanata dd91f41 Simplify federation and oauth token callbacks c7658ab Simplify token persistence callbacks db91bfc Refactor token cache invalidation callbacks 1b8d058 Remove needs_persistence property from token providers 1cf11fa Imported Translations from Zanata 532452f Use OSC in application credential documentation 25996a8 Add docs for application credentials ed2b65a Force SQLite to properly deal with foreign keys 34d6503 Remove unused class variables from token provider e99dfd5 Imported Translations from Zanata 3c524e6 Grant admin a role on the system during bootstrap 8748e72 Fix querying role_assignment with system roles 5a24b96 Delete system role assignments when deleting groups 3fa9975 Expose bug in system assignment when deleting groups 3a3b3c5 Delete system role assignments when deleting users 25596b8 Expose bug in system assignment when deleting users a226a3d Expose bug in /role_assignments API with system-scope 032dd49 Remove the sql token driver and uuid token provider aeb83ed Imported Translations from Zanata 808ca1f Update reno for stable/queens ff42814 Imported Translations from Zanata 4c99563 Update OBS install docs for v2 removal 3ed21eb Remove domains *-log-* from compile_catalog Diffstat (except docs and test files) ------------------------------------- .gitignore | 3 +- .gitreview | 1 + .zuul.yaml | 2 + README.rst | 8 +- api-ref/source/v3-ext/federation.inc | 3 +- api-ref/source/v3/authenticate-v3.inc | 167 +- api-ref/source/v3/groups.inc | 2 +- api-ref/source/v3/index.rst | 2 + api-ref/source/v3/parameters.yaml | 144 +- api-ref/source/v3/project-tags.inc | 21 +- .../auth-password-project-scoped-request.json | 20 - ...domain-config-group-option-update-response.json | 2 +- .../admin/domain-config-group-update-response.json | 2 +- .../samples/admin/domain-config-show-response.json | 2 +- .../admin/domain-config-update-response.json | 2 +- .../samples/admin/limit-flat-model-response.json | 6 + .../v3/samples/admin/limit-show-response.json | 3 +- .../v3/samples/admin/limits-create-request.json | 3 +- .../v3/samples/admin/limits-create-response.json | 6 +- .../v3/samples/admin/limits-list-response.json | 6 +- .../v3/samples/admin/limits-update-request.json | 14 +- .../v3/samples/admin/limits-update-response.json | 34 +- .../admin/registered-limit-show-response.json | 3 +- .../admin/registered-limits-create-request.json | 3 +- .../admin/registered-limits-create-response.json | 6 +- .../admin/registered-limits-list-response.json | 6 +- .../admin/registered-limits-update-request.json | 22 +- .../admin/registered-limits-update-response.json | 31 +- .../samples/auth/requests/domain-id-password.json | 20 + .../v3/samples/auth/requests/domain-id-token.json | 17 + .../auth/requests/domain-name-password.json | 20 + .../samples/auth/requests/domain-name-token.json | 17 + .../samples/auth/requests/project-id-password.json | 20 + .../v3/samples/auth/requests/project-id-token.json | 17 + .../auth/requests/project-name-password.json | 23 + .../samples/auth/requests/project-name-token.json | 20 + .../v3/samples/auth/requests/system-password.json | 20 + .../v3/samples/auth/requests/system-token.json | 17 + .../auth/responses/domain-scoped-password.json | 61 + .../auth/responses/domain-scoped-token.json | 63 + .../auth/responses/project-scoped-password.json | 66 + .../auth/responses/project-scoped-token.json | 68 + .../auth/responses/system-scoped-password.json | 61 + .../auth/responses/system-scoped-token.json | 63 + .../samples/auth/responses/unscoped-password.json | 21 + api-ref/source/v3/unified_limits.inc | 81 +- devstack/lib/federation.sh | 9 +- .../admin/cli-manage-projects-users-and-roles.rst | 63 + .../admin/identity-auth-token-middleware.rst | 4 +- .../federation/configure_federation.rst | 2 +- .../configuration/samples/keystone-paste-ini.rst | 8 - etc/README.txt | 9 + etc/keystone-paste.ini | 14 +- etc/keystone.conf.sample | 2932 -------------------- etc/policy.v3cloudsample.json | 5 +- httpd/wsgi-keystone.conf | 35 - keystone/api/__init__.py | 24 + keystone/api/credentials.py | 134 + keystone/api/discovery.py | 142 + keystone/api/limits.py | 121 + keystone/api/os_oauth1.py | 377 +++ keystone/api/os_revoke.py | 83 + keystone/api/registered_limits.py | 91 + keystone/api/trusts.py | 331 +++ keystone/application_credential/controllers.py | 7 +- keystone/application_credential/core.py | 8 +- keystone/application_credential/routers.py | 1 + keystone/assignment/controllers.py | 14 +- keystone/assignment/core.py | 190 +- keystone/assignment/routers.py | 6 +- keystone/auth/controllers.py | 131 +- keystone/auth/core.py | 29 +- keystone/auth/plugins/base.py | 7 +- keystone/auth/plugins/core.py | 11 +- keystone/auth/plugins/external.py | 5 - keystone/auth/plugins/mapped.py | 27 +- keystone/auth/plugins/token.py | 39 +- keystone/auth/routers.py | 2 + keystone/auth/schema.py | 48 + keystone/catalog/backends/base.py | 35 +- keystone/catalog/backends/templated.py | 50 +- keystone/catalog/routers.py | 2 + keystone/cmd/bootstrap.py | 325 +++ keystone/cmd/cli.py | 403 +-- keystone/cmd/doctor/credential.py | 10 +- keystone/cmd/doctor/tokens.py | 7 +- keystone/cmd/doctor/tokens_fernet.py | 10 +- keystone/cmd/manage.py | 12 +- keystone/common/authorization.py | 20 +- keystone/common/controller.py | 240 +- keystone/common/dependency.py | 23 +- keystone/common/fernet_utils.py | 315 +++ keystone/common/json_home.py | 31 + keystone/common/manager.py | 2 +- keystone/common/policies/limit.py | 15 +- keystone/common/policies/registered_limit.py | 6 +- keystone/common/policies/token.py | 11 - keystone/common/policy.py | 81 - keystone/common/rbac_enforcer/__init__.py | 16 + keystone/common/rbac_enforcer/enforcer.py | 406 +++ keystone/common/rbac_enforcer/policy.py | 47 + keystone/common/request.py | 12 + keystone/common/router.py | 3 + .../045_contract_add_description_to_limit.py | 15 + ...ct_old_password_data_to_password_hash_column.py | 15 + ..._contract_expand_update_pk_for_unified_limit.py | 63 + ...act_add_registered_limit_id_column_for_limit.py | 15 + .../sql/contract_repo/versions/049_placeholder.py | 18 + .../sql/contract_repo/versions/050_placeholder.py | 18 + .../sql/contract_repo/versions/051_placeholder.py | 18 + .../sql/contract_repo/versions/052_placeholder.py | 18 + keystone/common/sql/core.py | 8 + .../045_migrate_add_description_to_limit.py | 15 + ...te_old_password_data_to_password_hash_column.py | 26 + .../047_migrate_update_pk_for_unified_limit.py | 37 + ...ate_add_registered_limit_id_column_for_limit.py | 15 + .../versions/049_placeholder.py | 18 + .../versions/050_placeholder.py | 18 + .../versions/051_placeholder.py | 18 + .../versions/052_placeholder.py | 18 + .../045_expand_add_description_to_limit.py | 29 + ...nd_old_password_data_to_password_hash_column.py | 15 + .../047_expand_update_pk_for_unified_limit.py | 103 + ...and_add_registered_limit_id_column_for_limit.py | 26 + .../sql/expand_repo/versions/049_placeholder.py | 18 + .../sql/expand_repo/versions/050_placeholder.py | 18 + .../sql/expand_repo/versions/051_placeholder.py | 18 + .../sql/expand_repo/versions/052_placeholder.py | 18 + keystone/common/token_utils.py | 314 --- keystone/common/utils.py | 148 +- keystone/common/validation/__init__.py | 8 + keystone/common/wsgi.py | 121 +- keystone/conf/__init__.py | 4 +- keystone/conf/default.py | 6 + keystone/conf/paste_deploy.py | 40 - keystone/conf/token.py | 61 +- keystone/conf/trust.py | 15 - keystone/conf/unified_limit.py | 12 + keystone/conf/wsgi.py | 50 + keystone/contrib/ec2/__init__.py | 4 +- keystone/contrib/ec2/controllers.py | 276 +- keystone/contrib/ec2/routers.py | 37 +- keystone/contrib/s3/core.py | 7 +- keystone/contrib/s3/routers.py | 16 + keystone/credential/__init__.py | 1 - keystone/credential/controllers.py | 112 - keystone/credential/providers/fernet/core.py | 10 +- keystone/credential/routers.py | 28 - keystone/endpoint_policy/routers.py | 2 + keystone/exception.py | 41 +- keystone/federation/backends/sql.py | 3 +- keystone/federation/controllers.py | 39 +- keystone/federation/core.py | 35 +- keystone/federation/idp.py | 39 + keystone/federation/routers.py | 2 + keystone/federation/utils.py | 7 +- keystone/identity/backends/resource_options.py | 7 + keystone/identity/backends/sql.py | 4 + keystone/identity/core.py | 114 +- keystone/identity/mapping_backends/base.py | 5 +- keystone/identity/mapping_backends/sql.py | 7 +- keystone/identity/routers.py | 2 + keystone/identity/shadow_backends/base.py | 16 +- keystone/identity/shadow_backends/sql.py | 11 +- keystone/limit/backends/base.py | 33 +- keystone/limit/backends/sql.py | 320 ++- keystone/limit/controllers.py | 130 - keystone/limit/core.py | 67 +- keystone/limit/models/__init__.py | 0 keystone/limit/models/base.py | 55 + keystone/limit/models/flat.py | 28 + keystone/limit/models/strict_two_level.py | 128 + keystone/limit/routers.py | 66 - keystone/limit/schema.py | 53 +- keystone/locale/de/LC_MESSAGES/keystone.po | 46 +- keystone/locale/en_GB/LC_MESSAGES/keystone.po | 1690 +++++++++++ keystone/locale/es/LC_MESSAGES/keystone.po | 46 +- keystone/locale/fr/LC_MESSAGES/keystone.po | 47 +- keystone/locale/it/LC_MESSAGES/keystone.po | 47 +- keystone/locale/ja/LC_MESSAGES/keystone.po | 45 +- keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 72 +- keystone/locale/pt_BR/LC_MESSAGES/keystone.po | 48 +- keystone/locale/ru/LC_MESSAGES/keystone.po | 47 +- keystone/locale/tr_TR/LC_MESSAGES/keystone.po | 36 +- keystone/locale/zh_CN/LC_MESSAGES/keystone.po | 46 +- keystone/locale/zh_TW/LC_MESSAGES/keystone.po | 46 +- keystone/middleware/auth.py | 66 +- keystone/middleware/core.py | 13 - keystone/models/revoke_model.py | 60 +- keystone/models/token_model.py | 707 +++-- keystone/notifications.py | 33 +- keystone/oauth1/controllers.py | 303 +- keystone/oauth1/routers.py | 57 +- keystone/oauth1/validator.py | 52 + keystone/policy/backends/rules.py | 2 +- keystone/policy/routers.py | 2 + keystone/resource/backends/base.py | 11 + keystone/resource/backends/sql.py | 88 +- keystone/resource/controllers.py | 6 +- keystone/resource/core.py | 64 +- keystone/resource/routers.py | 2 + keystone/revoke/controllers.py | 52 - keystone/revoke/core.py | 2 +- keystone/revoke/routers.py | 29 - keystone/server/__init__.py | 49 + keystone/server/backends.py | 17 +- keystone/server/common.py | 49 - keystone/server/flask/__init__.py | 33 + keystone/server/flask/application.py | 241 ++ keystone/server/flask/common.py | 844 ++++++ keystone/server/flask/core.py | 169 ++ keystone/server/wsgi.py | 129 +- .../unit/default_catalog_multi_region.templates | 27 + .../unit/identity/shadow_users/test_backend.py | 5 + keystone/token/__init__.py | 1 - keystone/token/_simple_cert.py | 2 + keystone/token/persistence/__init__.py | 16 - keystone/token/persistence/backends/__init__.py | 0 keystone/token/persistence/backends/sql.py | 306 -- keystone/token/persistence/core.py | 294 -- keystone/token/provider.py | 317 +-- keystone/token/providers/base.py | 98 +- keystone/token/providers/common.py | 729 ----- keystone/token/providers/fernet/core.py | 177 +- keystone/token/providers/uuid.py | 49 - keystone/token/token_formatters.py | 237 +- keystone/trust/__init__.py | 1 - keystone/trust/controllers.py | 257 -- keystone/trust/routers.py | 67 - keystone/version.py | 15 + keystone/version/__init__.py | 15 - keystone/version/controllers.py | 216 -- keystone/version/routers.py | 80 - keystone/version/service.py | 156 -- lower-constraints.txt | 144 + rally-jobs/README.rst | 4 +- .../add-limit-description-c1f42641d9c6c33d.yaml | 7 + .../bp-basic-default-roles-4ff6502b6ac57d48.yaml | 15 + releasenotes/notes/bp-strict-two-level-model.yaml | 35 + .../notes/bp-system-scope-7d236ee5992d4e20.yaml | 9 +- .../notes/bug-1703666-b8a990f2bf5b62f0.yaml | 8 + .../notes/bug-1728907-bab6769ab46bd8aa.yaml | 10 + .../notes/bug-1746599-848a1163e52ac0a6.yaml | 6 + .../notes/bug-1748970-eb63ad2030e296f3.yaml | 9 + .../notes/bug-1749264-676ca02902bcd169.yaml | 6 + .../notes/bug-1749267-96153d2fa6868f67.yaml | 5 + .../notes/bug-1750415-95ede3a9685b6e0c.yaml | 7 + .../notes/bug-1751045-f950e3fb85e2b573.yaml | 7 + .../notes/bug-1753584-e052bc7805f001b4.yaml | 6 + .../notes/bug-1755874-9951f77c6d18431c.yaml | 9 + .../notes/bug-1756190-0e5d86d334555931.yaml | 9 + .../notes/bug-1757022-664d0b0db1242bf8.yaml | 8 + .../notes/bug-1759289-466cdf4514de3498.yaml | 10 + .../notes/bug-1760205-87dedd6d8812db3f.yaml | 14 + .../notes/bug-1760521-fec5c88af214401f.yaml | 6 + .../notes/bug-1760809-711df870a9d67c0d.yaml | 6 + .../notes/bug-1763824-3d2f5169af9d42f.yaml | 6 + .../notes/bug-1765193-b40318b9fb5d1c7b.yaml | 6 + .../notes/bug-1774229-cb968e95c9d81c4d.yaml | 6 + .../notes/bug-1778109-ea15ce6a8207f857.yaml | 8 + .../notes/bug-1778945-b7f2db3052525ca8.yaml | 18 + .../notes/bug-1779903-f2b22cf23a9e01f9.yaml | 6 + .../notes/bug-1780159-095ffa0e53be2464.yaml | 6 + .../notes/bug-1782704-0b053eaf5d801dee.yaml | 7 + .../notes/bug-1785164-2b7ed29266eb4792.yaml | 9 + ...convert-keystone-to-flask-80d980e239b662b0.yaml | 45 + .../deprecated-as-of-rocky-60b2fa05d07d3a28.yaml | 11 + ...filter-mappings-by-entity-77162a146d375385.yaml | 11 + .../implied-roles-stable-8b293e187c5620ad.yaml | 7 + .../limits-api-refactor-05abf9e6c2e75852.yaml | 12 + ...ove-token-auth-middleware-5ea3b3734ce1d9e6.yaml | 16 + .../removed-as-of-rocky-f44c3ba7c3e73d01.yaml | 20 + .../token-provider-refactor-a3a64146807daf36.yaml | 7 + .../notes/use-python-ldap-0318ff7798bdd98d.yaml | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 440 ++- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 383 ++- releasenotes/source/queens.rst | 6 + requirements.txt | 16 +- setup.cfg | 59 +- test-requirements.txt | 3 - tox.ini | 30 +- 390 files changed, 17260 insertions(+), 13596 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 1059e35..355f4c2 100644 --- a/requirements.txt +++ b/requirements.txt @@ -11,2 +10,0 @@ WebOb>=1.7.1 # MIT -PasteDeploy>=1.5.0 # MIT -Paste>=2.0.2 # MIT @@ -14 +12,3 @@ Routes>=2.3.1 # MIT -cryptography!=2.0,>=1.9 # BSD/Apache-2.0 +Flask!=0.11,>=1.0.2 # BSD +Flask-RESTful>=0.3.5 # BSD +cryptography>=2.1 # BSD/Apache-2.0 @@ -25,3 +25,3 @@ oslo.cache>=1.26.0 # Apache-2.0 -oslo.concurrency>=3.25.0 # Apache-2.0 -oslo.config>=5.1.0 # Apache-2.0 -oslo.context>=2.19.2 # Apache-2.0 +oslo.concurrency>=3.26.0 # Apache-2.0 +oslo.config>=5.2.0 # Apache-2.0 +oslo.context>=2.21.0 # Apache-2.0 @@ -36,2 +36,2 @@ oslo.utils>=3.33.0 # Apache-2.0 -oauthlib>=0.6.0 # BSD -pysaml2<4.0.3,>=4.0.2 # Apache-2.0 +oauthlib>=0.6.2 # BSD +pysaml2>=4.5.0 diff --git a/test-requirements.txt b/test-requirements.txt index c13260b..1e29765 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -26 +25,0 @@ oslotest>=3.2.0 # Apache-2.0 -os-api-ref>=1.4.0 # Apache-2.0 @@ -29 +27,0 @@ WebTest>=2.0.27 # MIT - @@ -32 +29,0 @@ testtools>=2.2.0 # MIT -