We are glad to announce the release of: keystone 25.0.0: OpenStack Identity This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. Changes in keystone 24.0.0..25.0.0 ---------------------------------- 307296af5 Deprecate templated catalog driver 29fc86390 Update regex to detect closed branch a8366c482 Add ability to create users and projects from keystone-manage 609ec29ac Remove unused old job templates and experimental jobs 802cc846a api-ref: Fix indentation da1c884b9 Drop keystone-dsvm-functional-federation-opensuse15 jobs 63556be0e Fix operation order in role deletion ae765c33e Fix old arm64 job template 6096457d7 Dont enforce when HTTP GET on s3tokens and ec2tokens 7dc175a41 Normalize policy checks for domain-scoped tokens dd785ee69 Add domain scoping to list_domains 480ba2970 Fix federation mapping role jsonschema 2735a28fc Pass initiator to delete user db0ff1047 reno: Update master for unmaintained/yoga 5afd51e8c Drop unused pymongodb from requirements 034012104 Allow users with "admin" role to get projects 04fc88a56 Allow assignment of domain specific role to federated users 6c7020c51 Drop remaining references to eventlet options df8f8eed1 Fix policies for groups f2f1a5c38 Consistent and Secure RBAC (Phase 1) 14ac08431 Keystone to honor the "domain" attribute mapping rules. 23fbdee5e Update python classifier in setup.cfg 67b5cca03 Improve application credential validation speed 45dde73ba python 3.12: use raw string e3b3df797 Remove babel.cfg effd3f405 Imported Translations from Zanata 1c106f48b Propagate redirect exceptions to the client 2a3c73c49 Clean up deprecated options for eventlet server 1a41ed099 Remove deprecated [memcache] options 6458a8f81 Drop compatibility code for Python 2.y 24b77bb64 Fix bindep.txt for python 3.11 job(Debian Bookworm) 26c8812b4 Check user existence before setting last_active_at 54f55fe82 Remove unnecessary shebang 80c6ecc42 fix(federation): follow-up d2deab385 Stop pinning pep8 related packages 1b1a32a19 Fix typo in cmd/status.py 7c3d8966c Update master for stable/2023.2 9b0b414e3 Add support for bcrypt_sha256 hasher 5ec55ebe2 doc: Update the installtion guide for RHEL8/CentOS8 and RHEL9/CentOS9 6e58f1dbf Add a cache to check_revocation 4df09a8c4 Revoke list_events: Add trust sql filter f6ab28218 Fix presentation of OAuth2.0 user guides Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 103 +-------- api-ref/source/v3-ext/federation.inc | 172 +++++++------- babel.cfg | 1 - bindep.txt | 8 +- .../admin/federation/mapping_combinations.rst | 8 +- etc/default_catalog.templates | 11 +- keystone/api/_shared/EC2_S3_Resource.py | 1 + keystone/api/domains.py | 15 +- keystone/api/os_federation.py | 45 +++- keystone/api/role_assignments.py | 21 +- keystone/api/users.py | 3 +- keystone/assignment/core.py | 9 +- keystone/auth/plugins/mapped.py | 143 +++++++----- keystone/catalog/backends/sql.py | 8 +- keystone/catalog/backends/templated.py | 12 +- keystone/cmd/cli.py | 109 ++++++++- keystone/cmd/idutils.py | 151 +++++++++++++ keystone/cmd/manage.py | 3 +- keystone/cmd/status.py | 2 +- keystone/common/fernet_utils.py | 4 +- keystone/common/manager.py | 7 +- keystone/common/password_hashing.py | 23 +- keystone/common/policies/base.py | 1 + keystone/common/policies/consumer.py | 20 +- keystone/common/policies/domain.py | 25 ++- keystone/common/policies/domain_config.py | 28 +-- keystone/common/policies/endpoint.py | 20 +- keystone/common/policies/endpoint_group.py | 44 ++-- keystone/common/policies/grant.py | 63 +++--- keystone/common/policies/group.py | 55 ++--- keystone/common/policies/identity_provider.py | 20 +- keystone/common/policies/implied_role.py | 24 +- keystone/common/policies/limit.py | 17 +- keystone/common/policies/mapping.py | 26 +-- keystone/common/policies/policy.py | 20 +- keystone/common/policies/policy_association.py | 44 ++-- keystone/common/policies/project.py | 49 ++-- keystone/common/policies/project_endpoint.py | 24 +- keystone/common/policies/protocol.py | 23 +- keystone/common/policies/region.py | 12 +- keystone/common/policies/registered_limit.py | 12 +- keystone/common/policies/revoke_event.py | 6 +- keystone/common/policies/role.py | 50 ++--- keystone/common/policies/role_assignment.py | 11 +- keystone/common/policies/service.py | 20 +- keystone/common/policies/service_provider.py | 26 +-- keystone/common/policies/trust.py | 27 ++- keystone/common/policies/user.py | 30 +-- ..._federation_attribute_mapping_schema_version.py | 35 +++ .../common/sql/migrations/versions/EXPAND_HEAD | 2 +- keystone/common/sql/upgrades.py | 1 + keystone/common/utils.py | 4 +- keystone/conf/__init__.py | 26 --- keystone/conf/eventlet_server.py | 95 -------- keystone/conf/federation.py | 13 ++ keystone/conf/identity.py | 2 +- keystone/conf/memcache.py | 105 --------- keystone/conf/security_compliance.py | 2 +- keystone/exception.py | 17 ++ keystone/federation/backends/sql.py | 7 +- keystone/federation/core.py | 15 +- keystone/federation/utils.py | 181 ++++++++++----- keystone/identity/core.py | 66 ++++-- keystone/identity/shadow_backends/sql.py | 3 +- keystone/models/revoke_model.py | 5 +- keystone/revoke/backends/sql.py | 6 +- keystone/server/flask/application.py | 3 + keystone/server/flask/common.py | 15 +- .../request_processing/middleware/auth_context.py | 15 +- .../unit/default_catalog_multi_region.templates | 14 +- .../unit/identity/shadow_users/test_backend.py | 29 +++ keystone/token/provider.py | 15 +- .../add_bcrypt_sha256_algo-d6b146a59df9373c.yaml | 6 + .../bug-1941020-cleanup-541a2d372a1cf4cd.yaml | 11 + ...-templated-catalog-driver-f811a6040abdc4a8.yaml | 5 + ...ce-get-s3tokens-ec2tokens-62b90b199e8075d8.yaml | 6 + .../notes/eventlet-cleanup-f35fc5f83c16ea1c.yaml | 27 +++ releasenotes/source/2023.2.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 51 ++++- releasenotes/source/yoga.rst | 2 +- reno.yaml | 2 +- setup.cfg | 22 +- test-requirements.txt | 6 +- tools/sample_data.sh | 20 +- tox.ini | 12 +- 118 files changed, 2275 insertions(+), 1382 deletions(-) Requirements updates -------------------- diff --git a/test-requirements.txt b/test-requirements.txt index 1fca35803..dd1d531f6 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -1,2 +1,2 @@ -hacking~=4.1.0 # Apache-2.0 -flake8-docstrings~=1.6.0 # MIT +hacking +flake8-docstrings @@ -25,0 +26,2 @@ requests>=2.14.2 # Apache-2.0 + +bandit>=1.1.0 # Apache-2.0