We are amped to announce the release of: puppet-keystone 17.3.0: Puppet module for OpenStack Keystone This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/puppet-keystone Download the package from: https://tarballs.openstack.org/puppet-keystone/ Please report issues through: https://bugs.launchpad.net/puppet-keystone/+bugs For more details, please see below. 17.3.0 ^^^^^^ New Features ************ * Added the service_type parameter to keystone::resource::authtoken resource. This value should be set to the name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules. * Add mysql_enable_ndb parameter to select mysql storage engine. * Allow to specify drivername for postgres db Upgrade Notes ************* * The deprecated cache related parameters in the keystone class is removed and the keystone::cache is no longer included by default. Deployments should explicitly include the keystone::cache class. * The deprecated parameters validate, admin_token, admin_endpoint, retries, delay, insecure and cacert in keystone::service is removed. * The deprecated parameters admin_bind_host, public_bind_host, admin_port, public_port, admin_workers and public_workers in the keystone init class is removed. * The deprecated parameters admin_port and main_port in the classes keystone::federation::mellon and keystone::federation::shibboleth is removed. * The deprecated parameter database_min_pool_size is removed in the keystone init class and keystone::db class. * The deprecated validate_service, validate_insecure, validate_auth_url and validate_cacert parameters in the keystone class is removed. * The deprecated parameter token_driver in keystone init class is removed. Deprecation Notes ***************** * The "keystone::resource::service_identity::ignore_default_tenant" parameter has been deprecated and will be removed in a future. Actually this parameter has been ineffective for some releases. Bug Fixes ********* * The "default/public_endpiint" parameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint) Changes in puppet-keystone 17.2.0..17.3.0 ----------------------------------------- e2ceb9d Prepare Victoria M3 187deb2 Do not validate database_connection format 4014d50 Use openstack_spec_helper from zuul checkout f342aad Fix python package names (ldappool and pysaml2) 95b1aca Fix missing usage of openstack_integration::apache 7edf617 Add mysql_enable_ndb option 960c621 Remove deprecated bind, port and workers parameters b8b8dfe Remove deprecated token_driver parameter 35f5e5e Remove deprecated database_min_pool_size parameter ee755ad Remove deprecated validate parameters from init 5ae2172 Remove deprecated keystone cache parameters 5181859 Remove deprecated keystone::service params 093e6f1 Use common class to manage apache service in beaker job aba4a00 Add support for service_type in authtoken config 72796c3 Deprecate ineffective ignore_default_tenant parameter 7e0ea6b allow to specify drivername for postgres db a1a1e62 Unset public_endpoint by default Diffstat (except docs and test files) ------------------------------------- Gemfile | 19 +- examples/apache_with_paths.pp | 19 +- manifests/cache.pp | 62 ++-- manifests/db.pp | 20 +- manifests/federation/identity_provider.pp | 15 +- manifests/federation/mellon.pp | 25 +- manifests/federation/shibboleth.pp | 21 +- manifests/init.pp | 238 +------------ manifests/ldap.pp | 9 +- manifests/ldap_backend.pp | 6 +- manifests/params.pp | 4 + manifests/resource/authtoken.pp | 7 + manifests/resource/service_identity.pp | 17 +- manifests/service.pp | 55 +-- metadata.json | 6 +- ...en-service_type-parameter-cab05db2d977f232.yaml | 7 + ...d_mysql_enable_ndb-option-9619cb984571cde2.yaml | 4 + ...drivername-for-postgresql-daa276a598844884.yaml | 3 + ...ate-ignore_default_tenant-80b0083f34ae00fa.yaml | 6 + ...t-remove-deprecated-cache-4f1b87bef9a3d160.yaml | 6 + ...eprecate-keystone-service-e258f90afe5b1d0f.yaml | 5 + ...ated-bind-and-port-params-35ed404c0a0597f8.yaml | 9 + ...ed-database-min-pool-size-85d9e856d15b6b15.yaml | 5 + ...recated-keystone-validate-c4b1f4d36adeb1d5.yaml | 5 + .../remove-token-driver-d0ddb876b2750236.yaml | 4 + .../unset-public_endpoint-1f28429335f3d0d7.yaml | 6 + spec/acceptance/default_domain_spec.rb | 2 + .../keystone_federation_identity_provider_spec.rb | 1 + .../keystone_federation_shibboleth_spec.rb | 1 + spec/acceptance/keystone_wsgi_apache_spec.rb | 2 + spec/classes/keystone_db_spec.rb | 3 + .../keystone_federation_identity_provider_spec.rb | 16 +- spec/classes/keystone_init_spec.rb | 52 +-- spec/classes/keystone_ldap_spec.rb | 22 +- spec/defines/keystone_ldap_backend_spec.rb | 392 +++++++++++---------- spec/defines/keystone_resource_authtoken_spec.rb | 3 + 36 files changed, 431 insertions(+), 646 deletions(-)