We are tickled pink to announce the release of: puppet-keystone 15.5.0: Puppet module for OpenStack Keystone This release is part of the train stable release series. The source is available from: https://opendev.org/openstack/puppet-keystone Download the package from: https://tarballs.openstack.org/puppet-keystone/ Please report issues through: https://bugs.launchpad.net/puppet-keystone/+bugs For more details, please see below. 15.5.0 ^^^^^^ New Features ************ * Add TLS options to oslo.cache * Allow to specify drivername for postgres db * Adds interface parameter to keystone::resource::authtoken allow services to configure the interface to use for the Identity API endpoint. Valid values are "public", "internal" or "admin". * The keystone::endpoint::service_description parameter has been added with the default value of 'OpenStack Identity Service' (moved from hardcoded value to a parameter). This is used when setting the description on the identity service managed by the keystone::endpoint class. Bug Fixes ********* * Workers are raised to 2 x os_workers, so that we have as many workers as the one we had before we merged 2 keystone services(public and admin). * Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3. * The "default/public_endpiint" parameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint) * In case public_endpoint can't be used and keystone providers are required, the deprecated "keystone::public_bind_host" and "keystone::public_port" can still be used so that all provider implementations can detect endpoint url from these parameters. These parameters are added to keystone.conf if non-default value is set. Changes in puppet-keystone 15.4.0..15.5.0 ----------------------------------------- 1dc5b6e Prepare the final stable/train release 37fd0cd Check length of unique array in roles::admin 247cade Add TLS options to oslo.cache 8ab3db3 Build containers for single consumer job 175b51f Make service desc in keystone::endpoint configurable 1660e2c Fix python package names (ldappool and pysaml2) a34e31d Convert more to rspec-puppet-facts 6d337fc allow to specify drivername for postgres db fe869f2 Revert "Do not set public_bind_host and public_port in eventlet section" 09b61ff Always pass --name when flushing keystone_service 60532ba Update doc to reflect code a58ef36 Install the correct memcache bindings for py3 e59b906 Update ldap-backend options 378efee OIDC : Add support for setting OIDCClaimDelimiter a110c96 Add support for JWKS based OAuth Token validation. 8a3172e Fix performance regression due to reduced number of keystone workers e57542a New keystone::resource::authtoken::interface parameter 124f64d Switch to Train 3181006 Update TOX/UPPER_CONSTRAINTS_FILE for stable/train 18ef734 Update .gitreview for stable/train Diffstat (except docs and test files) ------------------------------------- .gitreview | 1 + .zuul.yaml | 1 + Gemfile | 3 +- lib/puppet/provider/keystone.rb | 35 +- lib/puppet/provider/keystone_service/openstack.rb | 3 + manifests/db.pp | 2 +- manifests/endpoint.pp | 23 +- manifests/federation/identity_provider.pp | 15 +- manifests/federation/openidc.pp | 41 +- manifests/init.pp | 97 ++-- manifests/ldap.pp | 9 +- manifests/ldap_backend.pp | 42 +- manifests/params.pp | 6 +- manifests/resource/authtoken.pp | 7 + manifests/roles/admin.pp | 8 +- manifests/wsgi/apache.pp | 4 +- metadata.json | 6 +- .../notes/add_tls_options-8ed38a82af2f378f.yaml | 4 + ...drivername-for-postgresql-daa276a598844884.yaml | 3 + .../authtoken_interface-2e8ccbd3e961e0fb.yaml | 6 + .../notes/double-workers-b9e340a18a5e9823.yaml | 5 + ...service-desc-configurable-823573c250eaef96.yaml | 7 + .../memcache-package-pyvers-a3db976c1a881dcf.yaml | 5 + .../unset-public_endpoint-be0e6c20416e9762.yaml | 12 + spec/acceptance/keystone_wsgi_apache_spec.rb | 18 - spec/classes/keystone_db_postgresql_spec.rb | 4 +- .../keystone_federation_identity_provider_spec.rb | 191 ++++---- spec/classes/keystone_federation_openidc_spec.rb | 33 +- spec/classes/keystone_init_spec.rb | 74 +-- spec/classes/keystone_ldap_spec.rb | 225 +++++---- spec/classes/keystone_wsgi_apache_spec.rb | 8 +- spec/defines/keystone_ldap_backend_spec.rb | 506 +++++++++++---------- spec/defines/keystone_resource_authtoken_spec.rb | 13 +- spec/unit/provider/keystone_spec.rb | 89 +++- templates/openidc.conf.erb | 7 + tox.ini | 2 +- 36 files changed, 924 insertions(+), 591 deletions(-)