We contentedly announce the release of: keystone 14.1.0: OpenStack Identity This release is part of the rocky stable release series. The source is available from: https://git.openstack.org/cgit/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. 14.1.0 ^^^^^^ Bug Fixes * [bug 1780503 (https://bugs.launchpad.net/keystone/+bug/1780503)] The notification wrapper now sets the initiator's id to the given user id. This fixes an issue where identity.authentication event would result in the initiator id being a random default UUID, rather than the user's id when said user would authenticate against keystone. * [bug 1810393 (https://bugs.launchpad.net/keystone/+bug/1810393)] Now when an identity provider protocol is deleted, the cache info for the related federated users will be invalidated as well. * [bug 1798184 (https://bugs.launchpad.net/keystone/+bug/1798184)] [bug 1820333 (https://bugs.launchpad.net/keystone/+bug/1820333)] In Python 3, python-ldap no longer allows bytes for some fields (DNs, RDNs, attribute names, queries). Instead, text values are represented as str, the Unicode text type. Compatibility support is provided for Python 2 by setting bytes_mode=False [1]. The keystone LDAP backend is updated to adhere to this behavior by using bytes_mode=False for Python 2 and dropping UTF-8 encoding and decoding fields that are now represented as text in python-ldap. [1] More details about byte/str usage in python-ldap can be found at: http://www.python-ldap.org/en/latest/bytes_mode.html#bytes-mode Note that at a minimum python-ldappool 2.3.1 is required. * [bug 1810983 (https://bugs.launchpad.net/keystone/+bug/1810983)] With the removal of KeystoneToken from the token model, we longer have the ability to use the token data syntax in the policy rules. This change broke backward compatibility for anyone deploying customized Keystone policies. Unfortunately, we can't go back to KeystoneToken model as the change was tightly coupled with the other refactored authorization functionalities. Since the scope information is now available in the credential dictionary, we can just make use of it instead. Those who have custom policies must update their policy files accordingly. Changes in keystone 14.0.1..14.1.0 ---------------------------------- 6a3888b05 PY3: Ensure LDAP searches use unicode attributes a2e7ccb4b PY3: switch to using unicode text values 182ff97dc Set initiator id as user_id for auth events 64c6c481e Update the minimimum required version of oslo.log 79594bb4e Invalidate shadow_federated_user cache when deleting protocol a922d541c Switch devstack plugin to samltest.id 6b902d877 Run Rocky cover jobs on Xenial 0f5cd1f88 Fix the incorrect release name of project guide 8ad99784c Remove publish-loci post job 4420b78c0 fix self-service credential APIs a2e307ed4 correct the admin_or_target_domain rule b2491d45a Imported Translations from Zanata 84b795f88 Make OSA rolling upgrade test experimental a9ca37cde Fix developer config dir flask aftermath abad630f3 Clarify deprecation message adcd05cf5 Fix example for getting system scoped token Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 12 +- devstack/files/federation/attribute-map.xml | 3 + devstack/lib/federation.sh | 25 +- etc/policy.v3cloudsample.json | 2 +- keystone/api/credentials.py | 30 +- keystone/cmd/cli.py | 12 +- keystone/common/policies/base.py | 2 +- keystone/federation/core.py | 15 + keystone/identity/backends/ldap/common.py | 116 +- keystone/locale/de/LC_MESSAGES/keystone.po | 23 +- keystone/locale/en_GB/LC_MESSAGES/keystone.po | 47 +- keystone/locale/es/LC_MESSAGES/keystone.po | 25 +- keystone/locale/fr/LC_MESSAGES/keystone.po | 22 +- keystone/locale/it/LC_MESSAGES/keystone.po | 22 +- keystone/locale/ja/LC_MESSAGES/keystone.po | 22 +- keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 88 +- keystone/locale/pt_BR/LC_MESSAGES/keystone.po | 21 +- keystone/locale/ru/LC_MESSAGES/keystone.po | 22 +- keystone/locale/tr_TR/LC_MESSAGES/keystone.po | 17 +- keystone/locale/zh_CN/LC_MESSAGES/keystone.po | 20 +- keystone/locale/zh_TW/LC_MESSAGES/keystone.po | 20 +- keystone/notifications.py | 9 +- keystone/server/flask/core.py | 1 + .../unit/identity/backends/test_ldap_common.py | 9 +- lower-constraints.txt | 4 +- .../notes/bug-1780503-70ca1ba3f428dd41.yaml | 8 + .../notes/bug-1810393-5a7d379842c51d9b.yaml | 6 + .../notes/bug-1820333-356dcc8bf9f73fed.yaml | 18 + ...policy-for-get-domain-api-c48f4a23adc044cd.yaml | 14 + .../locale/en_GB/LC_MESSAGES/releasenotes.po | 1529 --------- .../source/locale/ja/LC_MESSAGES/releasenotes.po | 3423 -------------------- requirements.txt | 2 +- setup.cfg | 2 +- 45 files changed, 446 insertions(+), 5387 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 355f4c256..e06572e6d 100644 --- a/requirements.txt +++ b/requirements.txt @@ -31 +31 @@ oslo.i18n>=3.15.3 # Apache-2.0 -oslo.log>=3.36.0 # Apache-2.0 +oslo.log>=3.38.0 # Apache-2.0