We are pumped to announce the release of: keystonemiddleware 7.0.0: Middleware for OpenStack Identity This release is part of the train release series. The source is available from: https://opendev.org/openstack/keystonemiddleware Download the package from: https://pypi.org/project/keystonemiddleware Please report issues through: https://bugs.launchpad.net/keystonemiddleware/+bugs For more details, please see below. 7.0.0 ^^^^^ New Features * [spec (http://specs.openstack.org/openstack/keystone- specs/specs/keystone/train/capabilities-app-creds.html)] The auth_token middleware now has support for accepting or denying incoming requests based on access rules provided by users in their keystone application credentials. Changes in keystonemiddleware 6.1.0..7.0.0 ------------------------------------------ 5f093bf Add validation of app cred access rules 2d3765e Add Python 3 Train unit tests d040cf6 Remove Diablo compatibility tests 0c3b3f5 Fix bandit warning b3e84aa Remove PKI/PKIZ support fe36fa6 print auth version for request strategy in debug Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 3 +- examples/pki/certs/cacert.pem | 23 -- examples/pki/certs/middleware.pem | 50 --- examples/pki/certs/signing_cert.pem | 22 -- examples/pki/certs/ssl_cert.pem | 22 -- examples/pki/cms/auth_token_revoked.json | 85 ---- examples/pki/cms/auth_token_revoked.pem | 75 ---- examples/pki/cms/auth_token_revoked.pkiz | 1 - examples/pki/cms/auth_token_scoped.json | 88 ----- examples/pki/cms/auth_token_scoped.pem | 77 ---- examples/pki/cms/auth_token_scoped.pkiz | 1 - examples/pki/cms/auth_token_scoped_expired.json | 85 ---- examples/pki/cms/auth_token_scoped_expired.pem | 75 ---- examples/pki/cms/auth_token_scoped_expired.pkiz | 1 - examples/pki/cms/auth_token_unscoped.json | 23 -- examples/pki/cms/auth_token_unscoped.pem | 25 -- examples/pki/cms/auth_token_unscoped.pkiz | 1 - examples/pki/cms/auth_v3_token_revoked.json | 88 ----- examples/pki/cms/auth_v3_token_revoked.pem | 76 ---- examples/pki/cms/auth_v3_token_revoked.pkiz | 1 - examples/pki/cms/auth_v3_token_scoped.json | 123 ------ examples/pki/cms/auth_v3_token_scoped.pem | 100 ----- examples/pki/cms/auth_v3_token_scoped.pkiz | 1 - examples/pki/cms/revocation_list.json | 20 - examples/pki/cms/revocation_list.pem | 24 -- examples/pki/cms/revocation_list.pkiz | 1 - examples/pki/gen_cmsz.py | 79 ---- examples/pki/gen_pki.sh | 213 ---------- examples/pki/private/cakey.pem | 28 -- examples/pki/private/signing_key.pem | 28 -- examples/pki/private/ssl_key.pem | 28 -- examples/pki/run_all.sh | 31 -- keystonemiddleware/auth_token/__init__.py | 221 ++++------- keystonemiddleware/auth_token/_identity.py | 57 +-- keystonemiddleware/auth_token/_opts.py | 24 +- keystonemiddleware/auth_token/_request.py | 4 +- keystonemiddleware/auth_token/_signing_dir.py | 90 ----- .../unit/auth_token/test_auth_token_middleware.py | 437 ++++++--------------- lower-constraints.txt | 4 +- ...t-extension-for-app-creds-badf088c8ad584bb.yaml | 7 + .../notes/bug-1649735-3c68f3243e474775.yaml | 16 +- requirements.txt | 4 +- tox.ini | 2 +- 47 files changed, 408 insertions(+), 2436 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 80b26d4..d3f07ce 100644 --- a/requirements.txt +++ b/requirements.txt @@ -5 +5 @@ -keystoneauth1>=3.4.0 # Apache-2.0 +keystoneauth1>=3.12.0 # Apache-2.0 @@ -15 +15 @@ pycadf!=2.0.0,>=1.1.0 # Apache-2.0 -python-keystoneclient>=3.10.0 # Apache-2.0 +python-keystoneclient>=3.20.0 # Apache-2.0