We eagerly announce the release of: puppet-keystone 24.0.0: Puppet module for OpenStack Keystone This release is part of the caracal release series. The source is available from: https://opendev.org/openstack/puppet-keystone Download the package from: https://tarballs.openstack.org/puppet-keystone/ Please report issues through: https://bugs.launchpad.net/puppet-keystone/+bugs For more details, please see below. Changes in puppet-keystone 23.0.0..24.0.0 ----------------------------------------- 1cb55e2 Prepare 2024.1 release 2c0537d boostrap: Validate interface c492a82 reno: Update master for unmaintained/xena 32e2470 reno: Update master for unmaintained/wallaby cc34e82 Bump upper version of puppetlabs-apache de56715 Set show_diff to false when configuring Federation f233ad9 validate maxdelay for cron job 8780840 Use native interface to inject vhost configuration 274ecb9 Allow omitting admin/internal endpoint 29a32c7 Deprecate support for [DEFAULT] catalog_template_file 5e79239 Deprecate amqp messaging driver support da2bc86 Expose rabbit_transient_quorum_queue 3e8788c cache: Support new redis options 7f611fe identity provider: Drop reference to removed parameters 6469c22 openidc: Support more redis cache options 30f50ce Fix broken rendering of OIDC Options 63696be cache: Make parameter description order consistent 9fb48f7 Refactor resource dependencies e15a169 Fix wrong OIDCRedirectURI 76422b5 cache: Support options for SASL mechanism in memcached 2cc5912 service_identity: Allow omitting internal/admin endpoints 5886b4f healthcheck: Expose ignore_proxied_requests parameter cdef36e reno: Update master for unmaintained/yoga 96cb8d7 keystone_endpoint: Fix id generate with only partial types 2cc0bfd federation: Ensure keyston::wsgi::apache is loaded 4261de3 Drop redundant default of send_service_user_token b370f83 healthcheck: Expose allowed_source_ranges 3a2ba9a service_identity: Fix parameter descriptions 30e759b Support [cache] memcache_pool_flush_on_reconnect b634ad3 Debian: Allow keystone without httpd 0d26abb Use new openstackclient tag b712889 Bump supported Debian version to 12 (Bookworm) 3a2e4d7 Drop unused import of initfile f7f12f6 Stop calling 'reset' function in test cleanup 01ffd0e Add resource to manage implied roles 1b51c39 Remove logic for Puppet < 4 bc205a0 keystone_user_role: Remove unused name property c4ce6a3 Debian: Fix missing authn_core when using shibboleth 80a1953 Use openstack cli to resolve project/user id 0dfa98e keystone_user: Fill domain in property hash 6d2d254 Bump upper version of puppetlabs-apache 58f5d04 Update master for stable/2023.2 Diffstat (except docs and test files) ------------------------------------- lib/puppet/provider/keystone.rb | 24 ----- lib/puppet/provider/keystone_endpoint/openstack.rb | 7 +- .../provider/keystone_implied_role/openstack.rb | 77 +++++++++++++++ lib/puppet/provider/keystone_role/openstack.rb | 3 +- lib/puppet/provider/keystone_user/openstack.rb | 1 + .../provider/keystone_user_role/openstack.rb | 21 +---- lib/puppet/type/keystone_implied_role.rb | 44 +++++++++ lib/puppet/type/keystone_user_role.rb | 2 - lib/puppet_x/keystone/composite_namevar.rb | 26 ----- manifests/bootstrap.pp | 71 +++++++++----- manifests/cache.pp | 74 ++++++++++++++- manifests/cron/fernet_rotate.pp | 2 +- manifests/cron/trust_flush.pp | 4 +- manifests/db.pp | 3 + manifests/deps.pp | 18 +--- manifests/federation/identity_provider.pp | 24 ++--- manifests/federation/mellon.pp | 16 +++- manifests/federation/openidc.pp | 39 +++++++- manifests/federation/shibboleth.pp | 33 +++++-- manifests/healthcheck.pp | 29 ++++-- manifests/init.pp | 33 +++++-- manifests/messaging/amqp.pp | 3 + manifests/policy.pp | 6 +- manifests/resource/service_identity.pp | 105 ++++++++++----------- manifests/resource/service_user.pp | 4 +- metadata.json | 10 +- .../cache-memcache-sasl-310108b013310508.yaml | 5 + .../notes/cache-redis-opts-328160577c0fd658.yaml | 12 +++ .../notes/deprecate-amqp-aab4cba109b620c8.yaml | 5 + ...ate-catalog_template_file-5f8202e78af74aa3.yaml | 5 + ...eck-allowed_source_ranges-fbca04a65eebc1bf.yaml | 5 + ...k-ignore_proxied_requests-101b6da3021366cc.yaml | 5 + .../notes/implied-role-894ec2595b94aed7.yaml | 4 + ...e_pool_flush_on_reconnect-abb762986f6bbf3f.yaml | 5 + .../notes/oidc-redis-opts-5e1bc4cf2f6c4869.yaml | 10 ++ ...dmin-or-internal-endpoint-97a26387552c4060.yaml | 10 ++ ...it_transient_quorum_queue-955216ef08ed9ec7.yaml | 5 + releasenotes/source/2023.2.rst | 6 ++ releasenotes/source/index.rst | 1 + releasenotes/source/wallaby.rst | 2 +- releasenotes/source/xena.rst | 2 +- releasenotes/source/yoga.rst | 2 +- spec/acceptance/10_basic_keystone_spec.rb | 24 +++++ spec/classes/keystone_bootstrap_spec.rb | 92 +++++++++++++++++- spec/classes/keystone_cache_spec.rb | 30 ++++++ spec/classes/keystone_federation_mellon_spec.rb | 19 ++-- spec/classes/keystone_federation_openidc_spec.rb | 71 +++++++++++--- .../classes/keystone_federation_shibboleth_spec.rb | 32 ++++--- spec/classes/keystone_healthcheck_spec.rb | 30 +++--- spec/classes/keystone_init_spec.rb | 1 + spec/classes/keystone_policy_spec.rb | 2 - .../keystone_resource_service_identity_spec.rb | 2 +- .../defines/keystone_resource_service_user_spec.rb | 2 +- spec/type_aliases/endpointurl_spec.rb | 31 ++++++ spec/type_aliases/keystoneendpointurl_spec.rb | 31 ++++++ spec/type_aliases/publicendpointurl_spec.rb | 31 ++++++ .../provider/keystone_endpoint/openstack_spec.rb | 31 +++--- .../keystone_implied_role/openstack_spec.rb | 89 +++++++++++++++++ spec/unit/provider/keystone_spec.rb | 32 ------- spec/unit/provider/keystone_user/openstack_spec.rb | 1 - .../provider/keystone_user_role/openstack_spec.rb | 94 +++++++----------- spec/unit/type/keystone_implied_role_spec.rb | 36 +++++++ templates/openidc.conf.erb | 24 +++-- types/endpointurl.pp | 4 + types/keystoneendpointurl.pp | 4 + types/keystonepublicendpointurl.pp | 1 + types/omittedendpointurl.pp | 1 + types/publicendpointurl.pp | 5 + 68 files changed, 1085 insertions(+), 398 deletions(-)