We jubilantly announce the release of: keystone 24.0.0: OpenStack Identity This release is part of the bobcat release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. Changes in keystone 23.0.0..24.0.0 ---------------------------------- e21ea0661 Update keystone gates to use jammy bbbbd10e4 Add default manager role support to bootstrap command bc88c28c1 Imported Translations from Zanata 0970481a5 Respect cached tokens issued before upgrade 6730c761d Properly trimm bcrypt hashed passwords 38d9a1ebc Use py3 as the default runtime for tox 04e1b79cd Imported Translations from Zanata 8c789fbe7 doc: Correct typo 845e5b249 sql: Remove service_provider.relay_state_prefix default dabaef7c3 docs: Clarify lack of LDAP assignment back end 2bf70a10a sql: Fix incorrect columns 66d289f03 doc: Add minimal documentation on generating migrations a5544ea33 sql: Delay importing SQL modules b2d638e90 Add job to test with SQLAlchemy master (2.x) f477307bd db: Don't rely on branched connections f64b741dd Imported Translations from Zanata 1195c38b8 Fix typo in openid federation diagram b438bf1ef Add doc of OAuth2.0 Client Credentials Grant Flow 535bc8e22 sql: Remove duplicate constraints c32bedb65 Fix outdated default catalog template d0eacc472 Add default service role support to boostrap command f66a7d11b Print a human readable error if tls certs are not provided 42e2f985b [PooledLDAPHandler] Clean up the fix for result3() 1544c7fc0 Don't forget to check if authorization fails f5db9801c Remove Dependency on Cryptography >=36.0.0 56c47d0a3 sql: Fix incorrect constraints ba953a247 Update master for stable/2023.1 1bcf8cee0 sql: Add support for auto-generation 5e9f32469 tests: Rework BannedDBSchemaOperations fixture cbe2f7f6f Remove unnecessary removal of pyc files 8c9462f6f db: Remove legacy migrations 0bbaf63a5 db: Replace use of reverse cascades 5d2ab6c63 db: Replace use of Query.get() 9165c67c1 db: Don't pass strings to 'Connection.execute' d9b447bac db: Replace use of 'autoload' parameter 0162f50cb db: Replace use of legacy select() calling style 8726c8ea2 db: Remove use of 'bind' arguments 802539ad4 tests: Enable SQLAlchemy 2.0 deprecation warnings f24c77c77 Bump SQLAlchemy minimum version 434dbe1e7 api-ref: Correct app credentials auth response 0b46eab16 Remove authenticate.failed from the notification_opt_out list c70d0c33a fix(federation): allow using numerical group names 36d57d2a8 Add an option to randomize LDAP urls list Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 32 +- api-ref/source/v3-ext/index.rst | 2 + api-ref/source/v3-ext/oauth2.inc | 111 ++ api-ref/source/v3-ext/parameters.yaml | 28 +- .../samples/OS-OAUTH2/token-create-request.txt | 1 + .../samples/OS-OAUTH2/token-create-response.json | 5 + api-ref/source/v3/application-credentials.inc | 20 +- api-ref/source/v3/parameters.yaml | 2 +- .../auth-application-credential-response.json | 52 +- devstack/lib/federation.sh | 2 +- etc/default_catalog.templates | 40 +- keystone/api/os_federation.py | 3 +- keystone/application_credential/backends/sql.py | 9 +- keystone/assignment/role_backends/sql.py | 2 +- keystone/catalog/backends/sql.py | 18 +- keystone/cmd/bootstrap.py | 27 +- keystone/cmd/cli.py | 10 +- keystone/common/password_hashing.py | 15 +- keystone/common/render_token.py | 6 +- .../sql/legacy_migrations/contract_repo/README.rst | 13 - .../legacy_migrations/contract_repo/__init__.py | 0 .../sql/legacy_migrations/contract_repo/manage.py | 18 - .../legacy_migrations/contract_repo/migrate.cfg | 25 - .../versions/073_contract_initial_migration.py | 18 - .../contract_repo/versions/074_placeholder.py | 18 - .../contract_repo/versions/075_placeholder.py | 18 - .../contract_repo/versions/076_placeholder.py | 18 - .../contract_repo/versions/077_placeholder.py | 18 - .../contract_repo/versions/078_placeholder.py | 18 - .../versions/079_contract_update_local_id_limit.py | 18 - .../contract_repo/versions/__init__.py | 0 .../data_migration_repo/README.rst | 13 - .../data_migration_repo/__init__.py | 0 .../data_migration_repo/manage.py | 18 - .../data_migration_repo/migrate.cfg | 25 - .../versions/073_migrate_initial_migration.py | 56 - .../versions/074_placeholder.py | 18 - .../versions/075_placeholder.py | 18 - .../versions/076_placeholder.py | 18 - .../versions/077_placeholder.py | 18 - .../versions/078_placeholder.py | 18 - .../versions/079_migrate_update_local_id_limit.py | 18 - .../data_migration_repo/versions/__init__.py | 0 .../sql/legacy_migrations/expand_repo/README.rst | 13 - .../sql/legacy_migrations/expand_repo/__init__.py | 15 - .../sql/legacy_migrations/expand_repo/manage.py | 18 - .../sql/legacy_migrations/expand_repo/migrate.cfg | 25 - .../versions/073_expand_initial_migration.py | 1183 -------------------- .../expand_repo/versions/074_placeholder.py | 18 - .../expand_repo/versions/075_placeholder.py | 18 - .../expand_repo/versions/076_placeholder.py | 18 - .../expand_repo/versions/077_placeholder.py | 18 - .../expand_repo/versions/078_placeholder.py | 18 - .../versions/079_expand_update_local_id_limit.py | 24 - .../expand_repo/versions/__init__.py | 15 - .../{legacy_migrations => migrations}/__init__.py | 0 keystone/common/sql/migrations/autogen.py | 131 +++ keystone/common/sql/migrations/env.py | 132 ++- keystone/common/sql/migrations/manage.py | 274 +++++ .../versions/27e647c0fad4_initial_version.py | 11 +- .../common/sql/migrations/versions/CONTRACT_HEAD | 2 +- .../common/sql/migrations/versions/EXPAND_HEAD | 2 +- .../99de3849d860_fix_incorrect_constraints.py | 36 + .../c88cdce8f248_remove_duplicate_constraints.py | 80 ++ ..._service_provider_relay_state_server_default.py | 34 + .../b4f8b3f584e0_fix_incorrect_constraints.py | 40 + .../versions/yoga/contract/e25ffa003242_initial.py | 2 + .../versions/yoga/expand/29e87d24a316_initial.py | 2 + keystone/common/sql/upgrades.py | 101 +- keystone/common/utils.py | 10 +- keystone/conf/default.py | 3 +- keystone/conf/identity.py | 2 +- keystone/conf/ldap.py | 13 + keystone/credential/backends/sql.py | 6 +- keystone/federation/backends/sql.py | 9 +- keystone/federation/utils.py | 38 +- keystone/identity/backends/ldap/common.py | 17 +- keystone/identity/backends/sql.py | 10 +- keystone/identity/backends/sql_model.py | 41 +- keystone/identity/mapping_backends/sql.py | 2 +- keystone/identity/shadow_backends/sql.py | 4 +- keystone/locale/en_GB/LC_MESSAGES/keystone.po | 53 +- keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 11 +- keystone/oauth1/backends/sql.py | 6 +- keystone/policy/backends/sql.py | 2 +- keystone/resource/backends/sql.py | 2 +- keystone/resource/backends/sql_model.py | 1 - keystone/resource/config_backends/sql.py | 2 +- .../request_processing/middleware/auth_context.py | 4 +- .../unit/identity/backends/test_ldap_common.py | 27 + .../unit/identity/shadow_users/test_backend.py | 2 +- keystone/trust/backends/sql.py | 2 +- .../bcrypt_truncation_fix-674dc5d7f1e776f2.yaml | 7 + .../notes/bug-1951632-11272e49e2fa439d.yaml | 12 + .../notes/randomize_urls-c0c19f48b2bfa299.yaml | 6 + ...remove-sqlalchemy-migrate-a4fa47685c7e28c6.yaml | 5 + releasenotes/source/2023.1.rst | 6 + releasenotes/source/index.rst | 1 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 173 ++- .../source/locale/fr/LC_MESSAGES/releasenotes.po | 120 ++ .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 202 ++++ requirements.txt | 3 +- tools/generate-schemas | 134 --- tox.ini | 10 +- 127 files changed, 2473 insertions(+), 2436 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 5688af2ff..0c68696cb 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,2 +14 @@ cryptography>=2.7 # BSD/Apache-2.0 -SQLAlchemy>=1.3.0 # MIT -sqlalchemy-migrate>=0.13.0 # Apache-2.0 +SQLAlchemy>=1.4.0 # MIT