keystone 16.0.0 (train)
We are jazzed to announce the release of:
keystone 16.0.0: OpenStack Identity
This release is part of the train release series.
The source is available from:
https://opendev.org/openstack/keystone
Download the package from:
https://tarballs.openstack.org/keystone/
Please report issues through:
https://bugs.launchpad.net/keystone/+bugs
For more details, please see below.
16.0.0 ^^^^^^
Upgrade Notes *************
* [bug 1806762 (https://bugs.launchpad.net/keystone/+bug/1806762)] [bug 1630434 (https://bugs.launchpad.net/keystone/+bug/1630434)] The entire "policy.v3cloudsample.json" file has been removed. If you were using this policy file to supply overrides in your deployment, you should consider using the defaults in code and setting "keystone.conf [oslo_policy] enforce_scope=True". The new policy defaults are more flexible, they're tested extensively, and they solve all the problems the "policy.v3cloudsample.json" file was trying to solve.
Bug Fixes *********
* [bug 1806762 (https://bugs.launchpad.net/keystone/+bug/1806762)] [bug 1630434 (https://bugs.launchpad.net/keystone/+bug/1630434)] The entire "policy.v3cloudsample.json" file has been removed. If you were using this policy file to supply overrides in your deployment, you should consider using the defaults in code and setting "keystone.conf [oslo_policy] enforce_scope=True". The new policy defaults are more flexible, they're tested extensively, and they solve all the problems the "policy.v3cloudsample.json" file was trying to solve.
Changes in keystone 15.0.0.0rc1..16.0.0 ---------------------------------------
dc9e9e32d Add schema placeholders for Train d9217f07b Remove policy.v3cloudsample.json 5b995cc8f Remove limit policies from policy.v3cloudsample.json e938c4962 Add tests for project users interacting with limits f249c9e2b Allow domain users to access the limit API 8457df4f6 Use immutable roles in tests 05d9fa0f2 Add missing ws between words in log messages 05ea390c6 Allow system/domain scope for assignment tree list 0526718fe Make policy deprecation reasons less verbose 013c18d32 Readjust job timeouts c9148db37 Implement scope type checking for Project Endpoints b33abb4b0 Federation mapping debug should show direct_maps values 15b416c34 Consolidate policy deprecation warnings 8e67249d5 Add default roles and scope checking to project tags eaf08941e DRY up credential policies 063a8ac27 Move remaining protection tests ce34bbb17 Fix test case in policy associations a4be0cb9e Fix PostgreSQL specifc issue with credentials encoding 12bda9fc3 Fix validation of role assignment subtree list 7fc7ef2a0 Specify keystone is OS user for fernet and credential setup e224082ec Add remote_id definition in _perform_auth 6bb14c0ff Use correct repo for initial version check 5e35efd55 Split protection unit tests into its own job 6435017c2 Remove system EC2 credentials from policy.v3cloudsample.json 566f8e734 Remove system Domain Config from policy.v3cloudsample.json 131f7ddd4 Update API version for access rules 049d9bcbe Add access rules to token validation 67682dcd0 Expose access rules as its own API cf22f8004 Remove obsolete grant policies from policy.v3cloudsample.json d7c424d22 Alphabetize removed policies in tests 4f0c7394e Implement system admin for OAUTH1 consumers 9b694fcd0 Implement system scope for domain role management 8f43b9cab Make system tokens work with domain-specific drivers d009384c9 Implement scope type checking for EC2 credentials db5286937 Increase tox job timeouts to 90 minutes 5e06ec816 Add immutable roles status check afb312529 Remove implied roles policies from v3cloudsample ee60db6f3 Implement system admin for implied roles bbd77d0bf Implement domain admin support for grants f0ef5741c Implement domain reader support for grants f3e6bba5d Add Project User coverage for domain config API 5cefb91c4 Add Domain User for security compliance domain config API d278ad38a Implement system admin for domain config API cc40014ec Implement system reader & member for domain config API a73e057e2 Fix timeout Zuul changes ce4d065f2 Generate PDF documentation a80d83e76 Add --immutable-roles flag to bootstrap command a38d4a650 Add immutable option for roles and projects a766085ab Bump timeout for lower-constraints job b31ff3f99 Implement resource options for roles and projects 7a6c020a5 Implement system reader for OAUTH1 consumers 00c2ecdf3 Implement system reader for implied roles 704cb2590 Remove system policy and its association from policy.v3cloudsample.json ba0dbdf43 Override tox job timeouts d02a01541 Fix federation CI 48fad4954 Fix oauthlib update errors c453bf16b Use raw formatting for mapping_engine help text 296ea0f6d Add tests for project users for policy association 2af630f06 Add tests for domain users for policy association 2d185a5a9 Implement system admin for policy association b831856af Implement system reader & member for policy association 0e5275389 Add tests for project users interacting with policies 0bb980e9e Add notifications for deleting app creds by user f45a6f99d Add tests for domain users interacting with policies 1f5620dee Clean up UserGroups target enforcement callback 4ed39d530 Fix relative links cf572f9e8 Add tests for project users interacting with endpoint_groups 901122017 Add tests for domain users interacting with endpoint_groups 7d223bec9 Implement system_admin for endpoint_groups e4fb1e1fd Implement system reader and member for endpoint_groups e989bd063 Add retry for DBDeadlock in credential delete 6abd44500 Fix translated response 9be1caff9 Implement system admin for trusts API 686ec6dda Add tests for domain users for trusts 6aebf179b Add tests for system member for trusts ea7acd803 Implement system reader role for trusts API 09e699bab Move get_role_for_trust enforcement to policies b100825a0 Move list_roles_for_trust enforcement to policies b5617eee4 Move get_trust enforcement to default policies a09163a32 Move delete_trust enforcement to default policies 0df8d0e2e Move list_trusts enforcement to default policies 5086709ae Add protection tests for trusts API 182aa6079 Update broken link 14d256add Update cli docs fd15bcd66 Implement system admin for policies 8f68b72e8 Implement system reader and member for policies 5572d0130 Add support for previous TOTP windows c7fae97d8 Honor group_members_are_ids for user_enabled_emulation af7800454 Update api-ref for revocation list OS-PKI f10f95b45 Docs: Make robust with using real links 2df534efc Clean up irrelevant comment 3c665395c Fix list_mappings deprecation warning message 14b25bc5d Allows to use application credentials through group membership 5d4bf308c Fix missing print format and missing ws between words e8151070c Suppress policy deprecation warnings in unit tests 14c4b177e Add API changes for app cred access rules ee7315971 Add manager support for app cred access rules 2203e8172 Add user_id, external_id to access rules table d8f3ba042 Fix websso auth loop 4b747fa08 Deprecate keystone.conf.memcache socket_timeout fcff2aed6 Fix typo: RBACKEnforcer -> RBACEnforcer 54a5dd8e6 Run 'tempest-ipv6-only' job in gate 73b263de5 Followup for remove signing[config]. 66cf87743 Remove broken api-ref link 76f9be778 doc: Fix broken links 03531a569 Fix python3 compatibility on LDAP search DN from id 0bf2d6852 Deprecate identity:revocation_list policy for removal b836aa221 Remove [signing] config 23b001153 Update api-ref location 52da4d0e1 implement system scope for application credential a1dc21f3d Fixing dn_to_id function for cases were id is not in the DN bf67b3c88 Add new attribute to the federation protocol API 6cdb3a837 Allow to filter endpoint groups by name 4fb4d8b8a update documentation for X.509 tokenless auth d78ac7839 Deprecate [federation] federated_domain_name 10eab4824 Allow JsonBlob to accommodate SQL NULL result sets 8a03cd855 Add exercises for intern applicants e9ee189b4 Fix keystone document 19cd84b84 nit: remove some useless code f43954be9 Drop limit columns ffa0918f5 token: consistently decode binary types 72af26168 Incorrect behavior of validate_password method fae1323a6 Update test cases for os-pki revoke API fb4306c35 Blacklist sphinx 2.1.0 (autodoc bug) 6fef498ff Bump openstackdocstheme to 1.20.0 9b0e5c115 Remove redundant parameter passed to assertTrue 956bcd735 Add Python 3 Train unit tests 374f56580 Switch order of precedence for unit test deps 48594edde Don't call .c from select() objects 8817a26ee Update misleading comment about fernet credential encryption 1925aa9c2 Fix E731 flake8 a38dcfe99 [api-ref] Fix nocatalog description for unscoped token ce614bf00 Drop use opendev.org for tox deps 0a9d7cbec Fix contributor doc of keystone 0f7a1c47c Add link to describe Principle of Least Privilege dd30a88eb Update the meaning of low-hanging-fruit 092570fc5 Implement system scope and default roles for token API c49a64dd9 Update unified limit documentation 579cc1985 Add cadf auditing to credentials 192cde56e Remove deprecated admin_endpoint 10b7708ff Revert "Exclude constants from autodoc" f828bb872 Revert "Ignore boilerplate constants in autodoc" 698c20577 Ignore boilerplate constants in autodoc 485a6b217 Exclude constants from autodoc c2be944fb Report correct domain in federated user token 231f6ae18 Add flake8 ignore list to fast8 script 2cb0ba53c Add application_credential as a CADF type 21387e0a6 add raw format link to keystone config sample. 6f6f78c21 Update mission statement and vision reflection 81c3202b4 Add note about application credential ownership 7c42f1a7a Revert "Add JSON driver for access rules config" 78d30c933 Revert "Add manager for access rules config" 135a5a03e Revert "Add a permissive mode for access rules config" 25b2f151a Revert "Add manager support for app cred access rules" d7a2dd48e Revert "Add API for /v3/access_rules_config" 295b07cc7 Don't throw valueerror on bootstrap be36a939c Remove [token]/ infer_roles e054b368d Pep8 environment to run on delta code only bceab5871 Add clarification for context in install guides 479a2a0af Adds caching of credentials c04d0f5f5 Cap sphinx for py2 to match global requirements dc3175afb Revert "Blacklist bandit 1.6.0" 5c5d71cce Fix documentation typo ebac8330d Blacklist bandit 1.6.0 96f35410b Update Python 3 test runtimes for Train 0f2b36b2a [docs] remove deprecated ubuntu package from installation 3d31723b3 Fix for werkzeug > 0.15 5f90447b4 Replace git.openstack.org URLs with opendev.org URLs 4038fa460 OpenDev Migration Patch df89c7eef Pass kwargs to exception to get better format of error message 9575937e5 Replace support matrix ext with common library 6828a01ea Uncap jsonschema 79f468bad Fix unscoped federated token formatter de4d72c5f Use openstackdocstheme according to guide eb79ebdaf Make fetching all foreign keys in a join a3a66b9b8 Support endpoint updates in bootstrap 82a86a8a8 Add missing ws separator between words 2b9d409f0 Move redelegation fields out of extras c702aa361 Replace dict.iteritems() with dict.items() in keystone e6ff5613f Add release note for service token documentation de07ad37f Fix werkzeug imports for version 0.15.x 4cd99e719 Allow an explicit_domain_id parameter when creating a domain 068e1f51c Update the min version of tox 44c1b3d28 Convert user_id back to string 8d3170580 Add API for /v3/access_rules_config ada4bc799 Ignore Stein-specific release notes a4543d0c6 Be more verbose in logging role grant on bootstrap cbcccb9ec Replace UUID with id_generator for Federated users bb141b1fb DRY: Remove redundant policies from policy.v3cloudsample.json 9717f0c12 Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD 8877e9f01 Remove redundant policies from v3cloudsample be452fee8 Add domain scope support for group policies 3b0b39297 Update broken links to dogpile.cache docs ff5459569 Add keystone's technical vision reflection 60e0f0032 Add release prelude about changing policies d2cc4c83c Consolidate user protection tests 285ad1370 Replace URL name to the correct one in Keystone Docs 1b16725d0 Delete shadow users when domain is deleted ef838a3a3 Make system admin policies consistent for grants 64a455ef9 Remove assignment policies from policy.v3cloudsample.json 954b97666 Add role assignment testing for project users 4e523ce42 Replace openstack.org git:// URLs with https:// d1cfa3ab3 Implement system reader functionality for grants 727aea34c Remove external-dev and consolidate to contributor 0dbc8a88e Remove system assignment policies from policy.v3cloudsample.json 6e118bad3 Test domain and project users against group system assignment API 25f86d4e2 Add role assignment test coverage for domain admins 269a2890a Add role assignment test coverage for domain members 425d48ec0 Implement domain reader for role_assignments f9e07a940 Add explicit testing for project users and the user API ba09e89ba Update group system grant policies for admins 593e67e6c Update system group assignment policies for reader and member 45c514e90 Fix typo in docs section header 5dd7a769f Update master for stable/stein fac844c4a Test project users against system assignment API 8450d4a9c Test domain users against system assignment API 8f4e179c6 Update system grant policies for system admin bb4192e88 Update system grant policies for system member 465a8bb59 Update system grant policies for system reader 32c96feec trivial: correct spelling in test names 546b7f1bb Remove project policies from policy.v3cloudsample.json 09663a01a Implement domain admin functionality for projects 112fa29a7 Only validate tokens once per request cf1ce4eb3 Implement domain admin functionality for user API 9ca599e50 Implement domain member functionality for user API bc217b316 Implement domain reader functionality for user API f471879b8 Add documentation for service tokens 1e0a96849 Added keystone identity provider installation to Devstack plugin 37fc2b912 Add manager support for app cred access rules
Diffstat (except docs and test files) -------------------------------------
.gitreview | 2 +- .zuul.yaml | 32 +- README.rst | 6 +- api-ref/source/conf.py | 32 +- api-ref/source/v3-ext/ep-filter.inc | 12 +- api-ref/source/v3-ext/federation.inc | 17 + api-ref/source/v3-ext/federation/auth/auth.inc | 3 - api-ref/source/v3-ext/parameters.yaml | 7 + api-ref/source/v3-ext/trust.inc | 1 - api-ref/source/v3/application-credentials.inc | 220 ++ api-ref/source/v3/authenticate-v3.inc | 8 +- api-ref/source/v3/index.rst | 9 +- api-ref/source/v3/os-pki.inc | 33 +- api-ref/source/v3/parameters.yaml | 74 +- api-ref/source/v3/project-tags.inc | 10 + .../v3/samples/admin/access-rule-get-response.json | 11 + .../samples/admin/access-rules-list-response.json | 18 + .../application-credential-create-request.json | 7 + .../application-credential-create-response.json | 8 + .../admin/application-credential-get-response.json | 8 + .../application-credential-list-response.json | 10 + .../v3/samples/admin/get-pki-revoked-response.json | 3 - api-ref/source/v3/status.yaml | 3 + devstack/files/federation/shib_apache_handler.txt | 12 + devstack/files/federation/shibboleth2.xml | 11 +- devstack/lib/federation.sh | 63 +- .../admin/{caching-layer.rst => caching-layer.inc} | 10 +- .../admin/cli-manage-projects-users-and-roles.rst | 118 +- ...cific-config.rst => domain-specific-config.inc} | 4 + ...dpoint-filtering.rst => endpoint-filtering.inc} | 4 +- .../{endpoint-policy.rst => endpoint-policy.inc} | 6 +- .../admin/federation/configure_federation.rst | 76 +- .../admin/federation/{mellon.rst => mellon.inc} | 8 +- .../admin/federation/{openidc.rst => openidc.inc} | 12 +- .../federation/{shibboleth.rst => shibboleth.inc} | 8 +- ...grate-with-ldap.rst => integrate-with-ldap.inc} | 4 + .../{limit-list-size.rst => limit-list-size.inc} | 2 + .../admin/{performance.rst => performance.inc} | 2 + ...rity-compliance.rst => security-compliance.inc} | 8 +- .../admin/{troubleshoot.rst => troubleshoot.inc} | 2 + .../{url-safe-naming.rst => url-safe-naming.inc} | 2 + etc/policy.v3cloudsample.json | 195 -- keystone/access_rules_config/backends/json.py | 162 -- keystone/access_rules_config/core.py | 80 - keystone/api/auth.py | 24 +- keystone/api/credentials.py | 6 +- keystone/api/discovery.py | 4 +- keystone/api/domains.py | 12 +- keystone/api/groups.py | 36 +- keystone/api/limits.py | 65 +- keystone/api/os_ep_filter.py | 9 +- keystone/api/os_federation.py | 60 +- keystone/api/os_oauth1.py | 2 +- keystone/api/os_simple_cert.py | 22 +- keystone/api/projects.py | 35 +- keystone/api/role_assignments.py | 32 +- keystone/api/trusts.py | 222 +- keystone/api/users.py | 142 +- keystone/application_credential/backends/base.py | 37 + keystone/application_credential/backends/sql.py | 77 +- keystone/application_credential/core.py | 59 +- keystone/application_credential/schema.py | 25 +- keystone/assignment/core.py | 25 +- keystone/assignment/role_backends/base.py | 8 + .../role_backends/resource_options.py} | 26 +- keystone/assignment/role_backends/sql.py | 113 +- keystone/assignment/role_backends/sql_model.py | 114 + keystone/assignment/schema.py | 4 +- keystone/auth/plugins/oauth1.py | 2 +- keystone/auth/plugins/totp.py | 29 +- keystone/catalog/backends/base.py | 2 +- keystone/catalog/backends/sql.py | 5 +- keystone/catalog/backends/templated.py | 2 +- keystone/cmd/bootstrap.py | 33 +- keystone/cmd/cli.py | 40 +- keystone/cmd/status.py | 64 +- keystone/common/authorization.py | 8 +- keystone/common/cache/core.py | 19 - keystone/common/json_home.py | 2 + keystone/common/password_hashing.py | 6 - keystone/common/policies/__init__.py | 4 +- keystone/common/policies/access_rule.py | 62 + keystone/common/policies/application_credential.py | 58 +- keystone/common/policies/base.py | 20 +- keystone/common/policies/consumer.py | 61 +- keystone/common/policies/credential.py | 26 +- keystone/common/policies/domain.py | 10 +- keystone/common/policies/domain_config.py | 69 +- keystone/common/policies/ec2_credential.py | 77 +- keystone/common/policies/endpoint.py | 10 +- keystone/common/policies/endpoint_group.py | 139 +- keystone/common/policies/grant.py | 194 +- keystone/common/policies/group.py | 85 +- keystone/common/policies/identity_provider.py | 10 +- keystone/common/policies/implied_role.py | 73 +- keystone/common/policies/limit.py | 22 +- keystone/common/policies/mapping.py | 12 +- keystone/common/policies/policy.py | 68 +- keystone/common/policies/policy_association.py | 137 +- keystone/common/policies/project.py | 138 +- keystone/common/policies/project_endpoint.py | 70 +- keystone/common/policies/protocol.py | 11 +- keystone/common/policies/region.py | 7 +- keystone/common/policies/role.py | 65 +- keystone/common/policies/role_assignment.py | 53 +- keystone/common/policies/service.py | 10 +- keystone/common/policies/service_provider.py | 10 +- keystone/common/policies/token.py | 79 +- keystone/common/policies/token_revocation.py | 14 +- keystone/common/policies/trust.py | 96 +- keystone/common/policies/user.py | 66 +- keystone/common/rbac_enforcer/enforcer.py | 60 +- keystone/common/render_token.py | 7 +- keystone/common/resource_options/__init__.py | 13 + .../core.py} | 7 + .../common/resource_options/options/__init__.py | 31 + .../common/resource_options/options/immutable.py | 73 + keystone/common/sql/contract_repo/README | 2 +- ...tract_extract_redelegation_data_from_extras.py} | 6 +- .../versions/063_contract_drop_limit_columns.py | 23 + ...te_id_attribute_to_federation_protocol_table.py | 15 + ...contract_add_user_external_id_to_access_rule.py | 15 + .../066_contract_add_resource_options_table.py | 18 + .../sql/contract_repo/versions/067_placeholder.py | 18 + .../sql/contract_repo/versions/068_placeholder.py | 18 + .../sql/contract_repo/versions/069_placeholder.py | 18 + .../sql/contract_repo/versions/070_placeholder.py | 18 + .../sql/contract_repo/versions/071_placeholder.py | 18 + keystone/common/sql/core.py | 4 +- keystone/common/sql/data_migration_repo/README | 2 +- ...igrate_extract_redelegation_data_from_extras.py | 43 + .../versions/063_migrate_drop_limit_columns.py | 15 + ...te_id_attribute_to_federation_protocol_table.py | 15 + ..._migrate_add_user_external_id_to_access_rule.py | 15 + .../066_migrate_add_resource_options_table.py | 18 + .../versions/067_placeholder.py | 18 + .../versions/068_placeholder.py | 18 + .../versions/069_placeholder.py | 18 + .../versions/070_placeholder.py | 18 + .../versions/071_placeholder.py | 18 + keystone/common/sql/expand_repo/README | 2 +- ...expand_extract_redelegation_data_from_extras.py | 31 + .../versions/063_expand_drop_limit_columns.py | 15 + ...te_id_attribute_to_federation_protocol_table.py | 22 + ...5_expand_add_user_external_id_to_access_rule.py | 39 + ...66_expand_add_role_and_project_option_tables.py | 51 + .../sql/expand_repo/versions/067_placeholder.py | 18 + .../sql/expand_repo/versions/068_placeholder.py | 18 + .../sql/expand_repo/versions/069_placeholder.py | 18 + .../sql/expand_repo/versions/070_placeholder.py | 18 + .../sql/expand_repo/versions/071_placeholder.py | 18 + keystone/common/sql/migrate_repo/README | 2 +- .../097_drop_user_name_domainid_constraint.py | 2 +- .../104_drop_user_name_domainid_constraint.py | 2 +- keystone/common/sql/upgrades.py | 26 +- keystone/common/utils.py | 2 +- keystone/common/validation/__init__.py | 11 - keystone/common/validation/validators.py | 2 +- keystone/conf/__init__.py | 6 +- keystone/conf/access_rules_config.py | 78 - keystone/conf/credential.py | 19 +- keystone/conf/default.py | 20 - keystone/conf/federation.py | 19 +- keystone/conf/jwt_tokens.py | 4 +- keystone/conf/memcache.py | 6 + keystone/conf/signing.py | 135 -- keystone/conf/token.py | 18 - keystone/conf/totp.py | 38 + keystone/credential/backends/sql.py | 20 +- keystone/credential/core.py | 88 +- keystone/credential/providers/fernet/core.py | 8 +- keystone/exception.py | 28 +- keystone/federation/backends/sql.py | 5 +- keystone/federation/schema.py | 8 +- keystone/federation/utils.py | 48 +- keystone/i18n.py | 2 + keystone/identity/backends/ldap/common.py | 59 +- keystone/identity/backends/ldap/core.py | 7 +- keystone/identity/backends/sql_model.py | 10 +- keystone/identity/core.py | 15 +- keystone/identity/shadow_backends/sql.py | 24 +- keystone/limit/backends/sql.py | 120 +- keystone/models/token_model.py | 19 +- keystone/notifications.py | 3 +- keystone/oauth1/core.py | 4 +- keystone/resource/backends/resource_options.py | 29 + keystone/resource/backends/sql.py | 146 +- keystone/resource/backends/sql_model.py | 136 ++ keystone/resource/core.py | 53 +- keystone/resource/schema.py | 4 +- keystone/server/backends.py | 4 +- keystone/server/flask/application.py | 10 +- keystone/server/flask/common.py | 10 +- keystone/server/flask/core.py | 12 +- .../server/flask/request_processing/json_body.py | 2 +- .../request_processing/middleware/auth_context.py | 25 +- .../v3}/__init__.py | 0 .../protection/v3/test_application_credential.py | 665 ++++++ .../{unit => }/protection/v3/test_credentials.py | 12 +- .../{unit => }/protection/v3/test_endpoints.py | 0 .../protection/v3/test_identity_providers.py | 0 .../{unit => }/protection/v3/test_mappings.py | 0 .../{unit => }/protection/v3/test_projects.py | 180 +- .../{unit => }/protection/v3/test_protocols.py | 0 .../protection/v3/test_registered_limits.py | 0 .../protection/v3/test_service_providers.py | 0 .../{unit => }/protection/v3/test_services.py | 0 .../unit/access_rules_config/backends/__init__.py | 0 .../unit/access_rules_config/backends/test_json.py | 84 - .../unit/access_rules_config/test_backends.py | 69 - .../application_credential/backends/test_sql.py | 2 + .../unit/application_credential/test_backends.py | 76 + .../unit/assignment/role_backends/test_sql.py | 2 +- .../test_associate_project_endpoint_extension.py | 23 + keystone/token/provider.py | 23 +- keystone/token/token_formatters.py | 104 +- keystone/trust/backends/sql.py | 5 +- keystone/version.py | 2 +- keystone_tempest_plugin/README.rst | 2 +- lower-constraints.txt | 6 +- .../keystone-dsvm-grenade-multinode/run.yaml | 10 +- ...bootstrap-update-endpoint-7a63a2329822b6e7.yaml | 14 + ...t-extension-for-app-creds-90e5bcd7b2b78b02.yaml | 18 + .../notes/bug-1641639-b9accc163e61ca15.yaml | 11 + .../notes/bug-1705485-7a1ad17b9cc99b9d.yaml | 2 +- .../notes/bug-1724645-a94659dfd0f45b9a.yaml | 16 + .../notes/bug-1748027-decc2e11154b97cf.yaml | 39 + .../notes/bug-1750660-e2a360ddd6790fc4.yaml | 39 + .../notes/bug-1750669-dfce859550126f03.yaml | 52 + .../notes/bug-1750673-b53f74944d767ae9.yaml | 30 + .../notes/bug-1750676-cf70c1a27b2c8de3.yaml | 35 + .../notes/bug-1750678-88a38851ca80fc64.yaml | 36 + ...-correct-federated-domain-47cb889d88d7770a.yaml | 6 + .../notes/bug-1773967-b59517a09e0e6141.yaml | 9 + .../notes/bug-1779889-12eb5edf4cc93a1d.yaml | 6 + .../notes/bug-1782922-db822fda486ac773.yaml | 10 + .../notes/bug-1794527-866b1caff67977f3.yaml | 21 + .../notes/bug-1801873-0eb9a5ec3e801190.yaml | 6 + .../notes/bug-1805363-0b85d71917ad09d1.yaml | 32 + .../notes/bug-1805366-670867516c6fc4bc.yaml | 41 + .../notes/bug-1805368-ea32c2db2ae57225.yaml | 39 + .../notes/bug-1805369-ed98d3fcfafb5c43.yaml | 33 +- .../notes/bug-1805371-249c8c9b562ab371.yaml | 33 + .../notes/bug-1805400-c192be936d277ade.yaml | 32 + .../notes/bug-1805406-252b45d443af20b3.yaml | 19 +- .../notes/bug-1805409-8bc6cc9f1c5bc672.yaml | 72 + .../notes/bug-1805880-0032024ea6b83563.yaml | 14 + .../notes/bug-1806762-08ff9eecdc03c554.yaml | 21 + .../notes/bug-1806762-09f414995924db23.yaml | 15 + .../notes/bug-1806762-0b7356ace200a5d3.yaml | 13 + .../notes/bug-1806762-2092fee9f6c87dc3.yaml | 15 + .../notes/bug-1806762-c3bfc71cb9bb94f3.yaml | 8 + .../notes/bug-1815771-ae0e4118c552f01e.yaml | 7 + .../notes/bug-1817313-c11481e6eed29ec2.yaml | 8 + .../notes/bug-1818725-96d698e22e648764.yaml | 41 + .../notes/bug-1818734-d753bfae60ffd030.yaml | 57 + .../notes/bug-1818736-98ea186a074056f4.yaml | 17 + .../notes/bug-1818845-05f8c3af5ea9abc7.yaml | 9 + .../notes/bug-1818846-d1a8c77d20659ad6.yaml | 41 + .../notes/bug-1819036-e2d24655c70d0aad.yaml | 9 + .../notes/bug-1823258-9f93dbdc0fa8441d.yaml | 11 + .../notes/bug-1831918-c70cf87ef086d871.yaml | 6 + .../notes/bug-1832265-cb76ccf505c2d9d1.yaml | 7 + .../notes/bug-1833739-f962e8caf3e22068.yaml | 9 + .../notes/bug-1836568-66d853a1f22c5530.yaml | 10 + .../notes/bug-1839133-24570c9fbacb530d.yaml | 5 + .../notes/bug-1839577-1226d86ea0744055.yaml | 7 + .../notes/bug-1840291-35af1ac7ba06e166.yaml | 6 + .../notes/bug-1841486-425f367925f5e03f.yaml | 7 + .../notes/bug-1843609-8498b132222596b7.yaml | 9 + .../notes/bug-1844157-7808af9bcea0429d.yaml | 13 + .../notes/bug-1844194-48ae60db49f91bd4.yaml | 43 + .../notes/bug-1844207-x27a31f3403xfd7y.yaml | 7 + .../notes/bug-1844461-08a8bdc5f613b88d.yaml | 31 + .../notes/bug-1844664-905cf6cad2e032a7.yaml | 36 + .../notes/bug1828565-0790c4c60ba34100.yaml | 6 + .../deprecated-as-of-queens-8ad7f826e4f08f57.yaml | 2 +- .../deprecated-as-of-train-de3fe41ff2251385.yaml | 7 + ...ted-socket_timeout-option-d3358b4f2310706c.yaml | 12 + .../notes/extensions-to-core-a0d270d216d47276.yaml | 4 +- ...ource-options-bug-1807751-acc1e3c689484337.yaml | 9 + .../removed-as-of-train-92b2942a680eb859.yaml | 19 + .../scope-and-default-roles-a733c235731bb558.yaml | 25 + releasenotes/source/index.rst | 1 + releasenotes/source/stein.rst | 6 + releasenotes/source/unreleased.rst | 25 +- requirements.txt | 8 +- setup.cfg | 3 - tools/fast8.sh | 25 + tox.ini | 54 +- 405 files changed, 24990 insertions(+), 6965 deletions(-)
Requirements updates --------------------
diff --git a/requirements.txt b/requirements.txt index e3de1c6df..36a0cdc68 100644 --- a/requirements.txt +++ b/requirements.txt @@ -20 +20 @@ python-keystoneclient>=3.8.0 # Apache-2.0 -keystonemiddleware>=5.1.0 # Apache-2.0 +keystonemiddleware>=7.0.0 # Apache-2.0 @@ -30 +30 @@ oslo.i18n>=3.15.3 # Apache-2.0 -oslo.log>=3.38.0 # Apache-2.0 +oslo.log>=3.44.0 # Apache-2.0 @@ -32 +32 @@ oslo.middleware>=3.31.0 # Apache-2.0 -oslo.policy>=1.43.1 # Apache-2.0 +oslo.policy>=2.3.0 # Apache-2.0 @@ -40 +40 @@ dogpile.cache>=0.6.2 # BSD -jsonschema<3.0.0,>=2.6.0 # MIT +jsonschema>=2.6.0 # MIT
participants (1)
-
no-reply@openstack.org