We are pleased to announce the release of: keystone 18.0.0: OpenStack Identity This release is part of the victoria release series. The source is available from: https://opendev.org/openstack/keystone Download the package from: https://tarballs.openstack.org/keystone/ Please report issues through: https://bugs.launchpad.net/keystone/+bugs For more details, please see below. Changes in keystone 17.0.0.0rc1..18.0.0 --------------------------------------- db25e505a [goal] Migrate testing to ubuntu focal 0ba9e3a12 Fix gate by running l-c job on Bionic bb0393623 Write a symptom for checking memcache connections c0d63cecd Bump pysaml2 requeriment to avoid CVE-2020-5390 b54839f38 Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal) 1b75e56a0 Improve the update description for limits in api-ref 88197d217 Follow-up for bug-1891244 7d6c71ba2 Support format for msgpack < 1.0 in token formatter 56da348b4 Skip tests to update u-c for PyMySql to 0.10.0 f6df4e324 Spelling Fix 4ef7a2379 NIT: Spelling Fix 8bf222ac5 Properly handle octet (byte) strings when converting LDAP responses 963392643 Fix invalid assertTrue which should be assertEqual 311184c39 Fix api-ref for list endpoints 3de085b1e Fix lower-constraint for PyMySQL 6b37a0abb Fix doc for package mod_wsgi on Centos8/RHEL8 5b552d878 requirements: Drop os-testr 270749847 Fix "allow expired" feature for JWT c9c655a1e Add ignore_user_inactivity user option 12020a0b8 Adding note for create a project without domain info ee9be2e92 Add "explicit_domain_id" to api-ref fb86048d0 Run federation jobs on Ubuntu Focal 63e118129 Add an enhanced debug configuration technique to caching guide 28faa24e6 Remove an assignment from domain and project a0346effc Imported Translations from Zanata a49ee620f New config option 'user_limit' in credentials f51c06eb0 ldap: fix config option docs for *_tree_dn 3be8d40fc Port the grenade multinode job to Zuul v3 2844a38f7 Stop to use the __future__ module. 69ad01b2d NIT: Fix Spelling in auth_context.py 28512ca56 Update caching-layer.rst 4d86f37aa Cap jsonschema 3.2.0 as the minimal version feaf03443 Support regexes in whitelists/blacklists 7820cafff Switch to newer openstackdocstheme and reno versions a483f1c2c Update keystone Making an API Change doc db57d74fe Update filtering-responsibilities and truncation f8317375a Update doc id-manage.rst 2248882cb Update keystone architecture doc 252c23b1b Disable EC2 credentials access_id update e74a61f09 Add service name filter to service list api-ref c0b7825ec Bump hacking min version to 3.0.1 2d26a8722 Fix UserNotFound exception for expiring groups 2b4e53792 Switch to new grenade job name 37e9907a1 Fix security issues with EC2 credentials 6c73690f7 Ensure OAuth1 authorized roles are respected ab89ea749 Check timestamp of signed EC2 token request 51ecd5e95 Removes info about deleted function should_cache_fn ccd32f858 Correct help for unified_limits 77c230609 Imported Translations from Zanata a20542af3 Add Python3 victoria unit tests 0b26e64f4 Update master for stable/ussuri 5a4dcb7bd Enable groups testing for K2K scenarios f36111954 Update hacking for Python3 Diffstat (except docs and test files) ------------------------------------- .zuul.yaml | 52 ++- api-ref/source/conf.py | 8 +- api-ref/source/v3/domains.inc | 1 + api-ref/source/v3/parameters.yaml | 21 +- api-ref/source/v3/projects.inc | 3 + api-ref/source/v3/service-catalog.inc | 2 + api-ref/source/v3/unified_limits.inc | 4 +- devstack/lib/federation.sh | 3 +- .../admin/cli-manage-projects-users-and-roles.rst | 4 + .../admin/federation/mapping_combinations.rst | 61 ++- .../contributor/filtering-responsibilities.rst | 29 +- keystone/api/_shared/EC2_S3_Resource.py | 76 +++- keystone/api/credentials.py | 72 +++- keystone/api/role_inferences.py | 1 + keystone/api/users.py | 22 +- keystone/application_credential/schema.py | 4 +- keystone/assignment/backends/sql.py | 9 +- keystone/cmd/cli.py | 3 - keystone/cmd/doctor/caching.py | 25 ++ keystone/cmd/doctor/ldap.py | 4 +- keystone/common/sql/core.py | 1 + keystone/common/validation/parameter_types.py | 4 +- keystone/conf/credential.py | 21 +- keystone/conf/ldap.py | 6 +- keystone/conf/security_compliance.py | 4 +- keystone/conf/unified_limit.py | 6 +- keystone/conf/wsgi.py | 4 +- keystone/credential/core.py | 10 + keystone/exception.py | 5 + keystone/federation/utils.py | 74 ++-- keystone/identity/backends/ldap/common.py | 13 +- keystone/identity/backends/ldap/core.py | 1 - keystone/identity/backends/resource_options.py | 7 + keystone/identity/backends/sql_model.py | 7 +- keystone/identity/core.py | 36 +- keystone/identity/schema.py | 2 +- keystone/identity/shadow_backends/sql.py | 2 +- keystone/locale/de/LC_MESSAGES/keystone.po | 59 ++- keystone/locale/en_GB/LC_MESSAGES/keystone.po | 24 +- keystone/models/token_model.py | 18 + keystone/notifications.py | 1 + keystone/oauth1/core.py | 2 - keystone/resource/schema.py | 2 +- keystone/server/flask/application.py | 2 - .../request_processing/middleware/auth_context.py | 2 +- .../unit/identity/backends/test_ldap_common.py | 14 + keystone/token/providers/jws/core.py | 8 +- keystone/token/token_formatters.py | 10 +- lower-constraints.txt | 22 +- .../keystone-dsvm-grenade-multinode/post.yaml | 15 - .../keystone-dsvm-grenade-multinode/run.yaml | 48 --- .../notes/bug-1332058-f25e2de40411b711.yaml | 6 + .../notes/bug-1754677-13ee75ed1b473f26.yaml | 8 + .../notes/bug-1827431-2f078c13dfc9a02a.yaml | 9 + .../notes/bug-1872732-7261816d0b170008.yaml | 6 + .../notes/bug-1872733-2377f456a57ad32c.yaml | 16 + .../notes/bug-1872735-0989e51d2248ce1e.yaml | 31 ++ .../notes/bug-1872737-f8e1ad3b6705b766.yaml | 28 ++ .../notes/bug-1872753-e2a934eac919ccde.yaml | 8 + .../notes/bug-1872755-2c81d3267b89f124.yaml | 19 + .../notes/bug-1873290-ff7f8e4cee15b75a.yaml | 19 + .../notes/bug-1880252-51036d5353125e15.yaml | 10 + .../notes/bug-1886017-bc2ad648d57101a2.yaml | 5 + .../notes/bug-1889936-78d6853b5212b8f1.yaml | 5 + releasenotes/source/conf.py | 9 +- releasenotes/source/index.rst | 1 + .../source/locale/fr/LC_MESSAGES/releasenotes.po | 120 ------ .../locale/ko_KR/LC_MESSAGES/releasenotes.po | 202 --------- releasenotes/source/ussuri.rst | 6 + requirements.txt | 14 +- test-requirements.txt | 9 +- tools/test-setup.sh | 4 +- tox.ini | 12 +- 106 files changed, 1892 insertions(+), 843 deletions(-) Requirements updates -------------------- diff --git a/requirements.txt b/requirements.txt index 2fa9509f8..33a2c423e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -9,3 +9,3 @@ Flask-RESTful>=0.3.5 # BSD -cryptography>=2.1 # BSD/Apache-2.0 -SQLAlchemy>=1.1.0 # MIT -sqlalchemy-migrate>=0.11.0 # Apache-2.0 +cryptography>=2.7 # BSD/Apache-2.0 +SQLAlchemy>=1.3.0 # MIT +sqlalchemy-migrate>=0.13.0 # Apache-2.0 @@ -22 +22 @@ oslo.messaging>=5.29.0 # Apache-2.0 -oslo.db>=4.27.0 # Apache-2.0 +oslo.db>=6.0.0 # Apache-2.0 @@ -31 +31 @@ oauthlib>=0.6.2 # BSD -pysaml2>=4.5.0 +pysaml2>=5.0.0 @@ -33,2 +33,2 @@ PyJWT>=1.6.1 # MIT -dogpile.cache>=0.6.2 # BSD -jsonschema>=2.6.0 # MIT +dogpile.cache>=1.0.2 # BSD +jsonschema>=3.2.0 # MIT diff --git a/test-requirements.txt b/test-requirements.txt index 3e53e2553..0213085b8 100644 --- a/test-requirements.txt +++ b/test-requirements.txt @@ -5 +5 @@ -hacking>=1.1.0,<1.2.0 # Apache-2.0 +hacking>=3.0.1,<3.1.0 # Apache-2.0 @@ -9 +9 @@ bashate>=0.5.1 # Apache-2.0 -os-testr>=1.0.0 # Apache-2.0 +stestr>=1.0.0 # Apache-2.0 @@ -14 +14 @@ pytz>=2013.6 # MIT -oslo.db[fixtures,mysql,postgresql]>=4.27.0 # Apache-2.0 +oslo.db[fixtures,mysql,postgresql]>=6.0.0 # Apache-2.0 @@ -21 +21 @@ fixtures>=3.0.0 # Apache-2.0/BSD -lxml!=3.7.0,>=3.4.1 # BSD +lxml>=4.5.0 # BSD @@ -26 +25,0 @@ WebTest>=2.0.27 # MIT -stestr>=1.0.0 # Apache-2.0