[openstack-announce] [new][keystone] keystone 10.0.0 release (newton)
no-reply at openstack.org
no-reply at openstack.org
Thu Oct 6 13:17:58 UTC 2016
We are enthusiastic to announce the release of:
keystone 10.0.0: OpenStack Identity
This release is part of the newton release series.
For more details, please see below.
10.0.0
^^^^^^
Add "keystone-manage mapping_populate" command, which should be used
when domain-specific LDAP backend is used.
Tokens can now be cached when issued.
New Features
************
* [blueprint domain-config-as-stable
(https://blueprints.launchpad.net/keystone/+spec/domain-config-as-
stable)] The domain config via API is now marked as stable.
* [blueprint manage-migration
(https://blueprints.launchpad.net/keystone/+spec/manage-migration)]
Upgrading keystone to a new version can now be undertaken as a
rolling upgrade using the *--expand*, *--migrate* and *--contract*
options of the *keystone-manage db_sync* command.
* OSprofiler support was added. This cross-project profiling library
allows to trace various requests through all OpenStack services that
support it. To initiate OpenStack request tracing *--profile
<HMAC_KEY>* option needs to be added to the CLI command.
Configuration and usage details can be foung in [OSProfiler
documentation
(http://docs.openstack.org/developer/osprofiler/api.html)]
* Add "keystone-manage mapping_populate" command. This command will
pre-populate a mapping table with all users from LDAP, in order to
improve future query performance. It should be used when an LDAP is
first configured, or after calling "keystone-manage mapping_purge",
before any queries related to the domain are made. For more
information see "keystone-manage mapping_populate --help"
* Add "cache_on_issue" flag to "[token]" section that enables
placing issued tokens to validation cache thus reducing the first
validation time as if token is already validated and token data
cached.
Upgrade Notes
*************
* We have added the "password_expires_at" attribute to the user
response object.
* The identity backend driver interface has changed. We've added a
new "change_password()" method for self service password changes. If
you have a custom implementation for the identity driver, you will
need to implement this new method.
* OSprofiler support was introduced. To allow its usage the
keystone- paste.ini file needs to be modified to contain osprofiler
middleware.
* Fixes a bug related to the password create date. If you deployed
master during Newton development, the password create date may be
reset. This would only be apparent if you have security compliance
features enabled.
* In the policy.json file, we changed
*identity:list_projects_for_groups* to
*identity:list_projects_for_user*. Likewise, we changed
*identity:list_domains_for_groups* to
*identity:list_domains_for_user*. If you have customized the
policy.json file, you will need to make these changes. This was done
to better support new features around federation.
* Keystone now supports encrypted credentials at rest. In order to
upgrade successfully to Newton, deployers must encrypt all
credentials currently stored before contracting the database.
Deployers must run *keystone-manage credential_setup* in order to
use the credential API within Newton, or finish the upgrade from
Mitaka to Newton. This will result in a service outage for the
credential API where credentials will be read-only for the duration
of the upgrade process. Once the database is contracted credentials
will be writeable again. Database contraction phases only apply to
rolling upgrades.
* Keystone now relies on pyldap instead of python-ldap. The pyldap
library is a fork of python-ldap and is a drop-in replacement with
modifications to be py3 compatible.
Deprecation Notes
*****************
* [blueprint domain-config-as-stable
(https://blueprints.launchpad.net/keystone/+spec/domain-config-as-
stable)] Deprecated "keystone-manage domain_config_upload". The
keystone team recommends setting domain config options via the API
instead. The "domain_config_upload" command line option may be
removed in the 'P' release.
* [blueprint deprecated-as-of-newton
(https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-
newton)] As of the Newton release, the class plugin
*keystone.common.kvs.core.KeyValueStore* has been deprecated. It is
recommended to use alternative backends instead. The "KeyValueStore"
class will be removed in the 'P' release.
Bug Fixes
*********
* [bug 1590587 (https://bugs.launchpad.net/keystone/+bug/1590587)]
When assigning Domain Specific Roles, the domain of the role and the
domain of the project must match. This is now validated and the REST
call will return a 403 Forbidden.
* [bug 1594482 (https://bugs.launchpad.net/keystone/+bug/1594482)]
When using list_limit config option, the GET
/services?name={service_name} API was first truncating the list and
afterwards filtering by name. The API was fixed to first filter by
name and only afterwards truncate the result list to the desired
limit.
* [bug 1613466 (https://bugs.launchpad.net/keystone/+bug/1613466)]
Credentials update to ec2 type originally accepted credentials with
no project ID set, this would lead to an error when trying to use
such credential. This behavior has been blocked, so creating a non-
ec2 credential with no project ID and updating it to ec2 without
providing a project ID will fail with a *400 Bad Request* error.
Other Notes
***********
* The response's content type for creating request token or access
token is changed to *application/x-www-form-urlencoded*, the old
value *application/x-www-urlformencoded* is invalid and will no
longer be used.
* Keystone now supports being run under Python 3. The Python 3 and
Python 3.4 classifiers have been added.
Changes in keystone 9.0.0.0rc1..10.0.0
--------------------------------------
724ac7f Make returning is_domain conditional
4a60452 Validate password history for self-service password changes
6520523 Imported Translations from Zanata
b3fae77 Fixes password created_at errors due to the server_default
6eeb354 Update UPPER_CONSTRAINTS_FILE for stable/newton
af1c62e Update .gitreview for stable/newton
9640f50 Add unit tests for isotime()
6e2738c Remove unused _convert_to_integers() method
294c5a1 Remove unused read_cached_file method from utils
9bbb0ce Allow compatibility with keystonemiddleware 4.0.0
c2fd1f6 Fix links on configure_federation documentation
acde6ff Add edge case tests for disabling a trustee
36d7be0 Fix prameters name and response codes in Keystone API v2
4d4faab Tweak api-ref doc for services/endpoints
6e18511 Use issued_at in fernet token provider
3c5af9a Remove unused method from keystone.common.utils
408820c Use ConfigParser instead of SafeConfigParser
301b6a7 Consistently round down timestamps
d907ad3 Remove the APIs from doc that is not supported yet
63b37b5 TrivialFix: Merge imports in code
17224c4 Fix the nit on how to deploy keystone with `mod_proxy_uwsgi`
830b01f Tweak api-ref doc for projects
bf5711e Remove the dead link in schema migration doc
e56dbe8 Updated from global requirements
fe12aaf Fix order of arguments in assertIs
9418f26 New notes on advanced upgrade/fallback for cluster
06b050c standardize release note page ordering
77a002b [api-ref] Correct response code status
e7b845c Replace six iteration methods with standard ones
3332edf Fixes a nit in a comment
85b2faa Updates configuration doc with latest changes
9059f2e Use freezegun for change password tests
9a559c7 Update sample keystone.conf for Newton
73bdbe1 Project domain must match role domain for assignment
407f08e Add docs for the null key
59f117f Log warning if null key is used for encryption
e9b6437 Introduce null key for credential encryption
3c3df90 More nit doc fixes
2cf1b1e Keep the order of passwords in tests
fb7be8c [api-ref] Stop supporting os-api-ref 1.0.0
a984bff Fix up some doc nits
83e3c00 Only cache callables in the base manager
5c9fa41 [api-ref] Correcting parameter's type
602cc57 Correct link type
fbe462f Fix problems in service api doc
5a49379 Raise NotImplementedError instead of NotImplemented
c7a5f41 Add the deprecated_since to deprecated options
33008ce Add doctor checks for credential fernet keys
32af31f Few new commands missing from docs
1de7224 Emit log message for fernet tokens only
0edf1fe Implement encryption of credentials at rest
409211d Typo: key_manger_factory to key_mangler_factory
ffee044 Fixes spelling mistakes
2b70175 Fixes migration where password created_at is nullable
305cb8a Block global roles implying domain specific roles
05c5f0c Correct typo in mapping_populate command's help
7ba5370 Relax the requirement for mappings to result in group memberships
0e7ab57 Document credential encryption
cc3e797 Update sample uwsgi config for lazy-apps
ba98048 Add documentation on how to set a user's tenant.
7260b55 Pre-cache new tokens
2b6d04b Config logABug feature for Keystone api-ref
97da3a7 Fix nits in db migration dev docs
0ae6d09 Disallow new migrations in the legacy migration repository
7dd1ae4 Updated from global requirements
4f40cc3 Update developer docs for new rolling upgrade repos
2aee65c Add man page info for credential setup command
11848b2 Remove unnecessary try/except from token provider
3272623 Fixes small grammar mistake in docstring
428a6e0 Add a feature support matrix for identity sources
c81b337 Fix wrong response codes in 'groups' APIs.
94b08af Make token_id a required parameter in v3_to_v2_token
42eda48 Distributed cache namespace to invalidate regions
618d9ca Fix formatting strings when using multiple variables
ceec009 Add credential setup command
a8dbe9b Add Response Example for 'Create credential' API
e332a3a Add Response Example for 'Passwd auth with unscoped authorization'
c613dd3 Remove mapping schema from the doc
5346dfa Impose a min and a max on time values in CONF.token
7678c40 Repair link in Keystone documentation
67cf54d Fix some typos in comments
3281e8f Cleaning imports in code
372c1bd Updated from global requirements
c30fd01 TrivialFix: Remove logging import unused
0845df2 Removes old, unused code
6bde3f3 Reduce log level of Fernet key count message
a9a2665 Updated from global requirements
3fad275 Adds password regular expression checks to doctor
f66077f Let upgrade tests control all 4 repositories at once
64fabd7 Adds check that minimum password age is less than password expires days
3976e58 Remove unused global variable from unit tests
743e110 Modify sql banned operations for each of the new repos
3e29913 Use egg form of osprofiler in paste pipeline
17f96bb api-ref: Splitting status lines in API v3-ext.
43df612 api-ref: Splitting status lines in API v3.
4bf04ff Remove mox from test-requirements
80c56ba TrivialFix: Remove logging import unused
6ecc426 [api-ref]: Outdated link reference
020776b Remove unnecessary __init__
b1fdad9 Add mapping_populate command
5ae761e Doc fix: license rendered in published doc
52b2503 Doc fix: "keystone-manage upgrade" is not a thing
8144e28 Fix credential update to ec2 type
25d3591 Add key repository uniqueness check to doctor
dd63146 Update `href` for keystone extensions
8114a07 Updated from global requirements
1531b3c Fix the wrong URI for the OAuth1 extension in api-ref.
70e6d58 Shadowing a nonlocal_user incorrectly creates a local_user
fd2a4fa Add entrypoint for mapped auth method
80888cf Get ready for os-api-ref sphinx theme change
a5e2906 Add rolling upgrade documentation
a6d4512 Add create and update methods to credential Manager
e10811c Create a fernet credential provider
fab5f82 Make KeyRepository shareable
bd80bb7 Add conf to support credential encryption
e6a0fd0 Password expires ignore user list
96ec431 Add expand, data migration and contract logic to keystone-manage
cb51cb4 [api] add relationship links to v3-ext
ecbeae5 Removes use of freezegun in test_auth tests
25d2f8e Removes a redundant test from FernetAuthWithTrust
b6744a6 api-ref: Fix parameters attributes
6749008 Set default value for [saml]/idp_contact_surname
850eace Tidy up for late-breaking review comments on keystone-manage
b4ff783 PCI-DSS Minimum password age requirements
251cf10 api-ref: Document domain specific roles
32cf428 Revert "Add debug logging to revocation event checking"
72b274d Replace the content type with correct one
59a2351 Add credential encryption exception
c2d8451 Pass key_repository and max_active_keys to FernetUtils
bc95434 Make a FernetUtils class
4dafc37 Move fernet utils into keystone/common/
4569d41 Add support for rolling upgrades to keystone-manage
3b86db4 api-ref: Document implied roles API
51cccd2 Support new osprofiler API
729c989 api-ref: Correcting V3 OS-INHERIT APIs
8363ab2 Fix typo in the file
d2ee07b Add debug logging to revocation event checking
963c23c Detail Federation Service Provider APIs in api-ref
5d2fd07 Detail Fed Projects and Domains APIs in api-ref
46b71ef add a header for the federation APIs
30ded50 Detail Federation Mapping APIs in api-ref docs
b62acaa Detail Federation Auth APIs in api-ref docs
ec5b0cb Detail Federation Assertion APIs in api-ref docs
9030e6e Move other-requirements.txt to bindep.txt
960967e Detail IdP APIs in api-ref docs
5289eef api-ref: Add default domain config documentation
85ae245 Constraints are ready to be used for tox.ini
0c78293 Updated from global requirements
d36e555 [api] add relationship links to v3
e9b0f2f Refactor revoke matcher
b9c6717 Document get auth/catalog,projects,domains
e4a82b3 api-ref: Renaming parameters of V3-ext APIs
9241aeb api-ref: Correcting V3 Credentials APIs
ceaa09d api-ref: Correcting V3 Policies APIs
b3c8381 api-ref: Correcting V3 Authentication APIs
8d5926a api-ref: Correcting V3 Domain config APIs
8a069c0 Use international logging message
7f3ec14 Updates Development Environment Docs
5740a32 api-ref: Add query options to GET /projects API documentation
2398e5b Updated from global requirements
6db31c8 api-ref: Add missing parameter tables to tenant
e1e7c7d Create unit tests for the policy drivers
6919253 api-ref: Correcting V3 Endpoints APIs
9a520bc api-ref: Correcting V3 Services APIs
82bf342 api-ref: Add "nocatalog" option to GET /v3/auth/tokens
6b52756 Fix warning when running tox -e api-ref
ff00d33 Add basic upgrade documentation
8026a95 Document query option (is_domain) for projects
6c408a0 remove test utilities related to adding extensions
b33512f Update etc/keystone.conf.sample
3de3d71 Make hash_algorithms order deterministic
041f53f PCI-DSS Password expires validation
aa9fdfc Report v2.0 as deprecated in version discovery
50ff858 Update the api-ref to mark the v2 API as deprecated
a5264d7 Add schema validation to create user v2
935530f Fix the spelling of a test name
141970f Remove mention of db_sync per backend
9838e54 Trust controller refactoring
ffd2fea Use more specific asserts in tests
64e97a8 Updated from global requirements
4c351c5 Add debug logging for RevokeEvent deserialize problem
3efd271 Make all token provider behave the same with trusts
bfa13b7 Clean up the introductory text in the docs
e8022f3 Retry revocation on MySQL deadlock
5eedeaa Add schema validation to update user v2
0e2cc05 PCI-DSS Lockout requirements
ebe1e83 Improve domain configuration API docs
e420b16 Skip middleware request processing for admin token
8eb67a9 Move Assertion API to its own file
5a0987d Bump API version number and date
62d0175 Move Federation Auth API to its own file
edd5827 Move List Projects and Domains API to its own file
34dd18c Move Service Provider API to its own file
fc9cfb7 Move Mapping API to its own file
6f36a20 Use %()d for integer substitution
97a6341 Don't include openstack/common in flake8 exclude list
44ccc92 Added postgresql libs to developer docs
f250fe4 Add schema validation to create service in v2
b26200b Remove the redundant verification in OAuth1 authorization
dbf101f Add schema validation to v2 update tenant
85570dc refactor idp to its own file
629b2d0 Updated from global requirements
6bc3a74 PCI-DSS Password history requirements
0f6fa0e Move Identity Provider API to its own file
bc99dc7 Add dummy domain_id column to cached role
6a94b28 Allow attributes other than `enabled` in schema
345d2a0 Remove the extensions repos
8cef848 Document the domain config API as stable
fc924f8 Remove configuration references to eventlet
a14add1 Adds a custom deepcopy handler
927b08b Add token feature support matrix to documentation
8246fc2 Test number of queries on list_users
295cfde No need the redundant validation in manager level
f26b31a Add the missing testcases for `name` and `enabled`
fd861dc Adds test for SecurityError's translation behavior
b2cb4c4 TOTP auth not functional in python3
6ab4444 Invalid tls_req_cert constant as default
05f8578 Add schema validation to v2 create tenant
9c99641 Use quotes consistently in token controller
9d01162 Add performance tuning documentation
0b600ce Allow V2TestCase to be tested against fernet and uuid
b77c5b7 Make AuthWithTrust testable against uuid and fernet
ab7a745 Improve os-federation docs
62fb97f Fix v2-ext API enabled documentation
dfd5d25 PCI-DSS Adds password_expires_at to API docs
5bbc78a Make it so federated tokens are validated on v2.0
cd26ae9 Use freezegun in AssignmentInheritanceTestCase
f324506 Only run KvsTokenCacheInvalidation against uuid
3246732 Use freezegun in OSRevokeTests
d6ac15c refactor: make TestFetchRevocationList test uuid
05ec032 refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz
66f7b09 refactor: make TestAuthKerberos test pki/pkiz/uuid
80b4ffa Add schema validation to create role
d0328e3 Replace OpenStack LLC with OpenStack Foundation
e9fc581 refactor: inherit AuthWithRemoteUser for other providers
241d33d Run AuthWithToken against all token providers
e8cd48f Don't run TokenCacheInvalidation with Fernet
12966b8 Refactor TestAuthExternalDomain to not inherit tests
6bcc03f Use freezegun to increment clock in test_v3_assignment
4adf01b Add schema for enabling a user
0b49d43 Fix up the api-ref request/response parameters for projects
0f13aed `password` is not required for updating a user
002de1b Clarify V2 API for enabling or disabling user
0e6752b Removed duplicate parameter in v2-admin api-ref
e183c14 Fix the errors in params in api-ref for V3 region
14018e9 Fix the errors in params in api-ref for V3 user
53bb53a Added cache for id mapping manager
b679f2b Updated from global requirements
3223360 Add Python 3.5 classifier
05b5dfe Handle Py35 fix of ast.node.col_offset bug
2293342 deprecate a few more LDAP config options
e8eeb43 Clean up api-ref for domains
059f353 keystone-manage doctor
7f7cfe7 v2 api: add APIs for setting a user's password
74a8e5b Update os-inherit API reference
b61b1c5 Updated from global requirements
72e6196 Run AuthTokenTests against fernet and uuid
7646e21 Use freezegun to increment the clock in test_v3_filters
29624d4 Prevent error when duplicate mapping is created
9df02bf Fix the wrong check condition
e4c30cb Clean up the api-ref for groups
809a39a Updated from global requirements
20259d1 Improve introdcution to api-ref projects
53b5b99 Migrate OS-FEDERATION from specs repo
96852a0 v2 api: remove APIs for global roles
e6da0ba v2 api: group and order the v2-ext APIs
05fb9cc v2 api: remove duplicated delete user API
eb27807 v2 api: add missing /roles in role CRUD APIs
139dc8d v2 api: list user roles is defined twice
b135c27 v2 api: add OS-KSADM to service API routes
e00c89e v2 api: add tenant APIs
50c64f9 v2 api: delete user is defined twice
1963093 v2 api: change update user
cab514d v2 api: correct user list
9c4ac4e Update Identity endpoint in v2 samples
0223d9a Fix up numerous errors in params in api-ref for roles
4979fbc Fix up the api-ref for role query paramaters
2042c95 Fix the username value in federated tokens
22ab8a8 Improve readability of the api-ref roles section
a6c7763 Use constraints for coverage job
64fbbed clean up OAUTH API
534f57d Add relationship links to OAUTH APIs
caa3a91 Remove `name` property from `endpoint` create/update API
5d42b3e Add v2.0 /endpoints/ api-ref
3c47ba4 Update identity endpoint in v3 and v3-ext samples
4a0970d Pass request to v2 token authenticate
e39486a Remove unused context from AuthInfo
6ac478c Correct normal response codes for v2.0 extensions
21d8686 Improve user experience involving token flush
8517caa Add "v2 overview" docs to APIs
5fbb377 add OS-OAUTH1/authorize/{request_token_id} API
ab252d5 Move OS-INHERIT api-ref from extensions to core
db6a738 re-order the oauth APIs
d8606ee Copy the preamble / summary of OAuth1 from the specs repo
985bcf0 Correct normal response codes in trust documentation
caa7faf Add OS-EP-FILTER to api-ref
5d90bfa PCI-DSS Password strength requirements
f8231b8 Variables in URL path should be required
d23bfc0 Remove get_trust_id_for_request function
b75562c Pass request to normalize_domain_id
d1d72c3 Remove a validate_token_bind call
b3e065e Remove get_user_id in trust controller
813536b Cleanup trusts controller
c92f2d5 Trivial spacing and comma corrections
8a56b19 Add OS-KSCRUD api-ref
36394a6 Disable warnerrors in setup.cfg temporarily
cd9fb2a Add is_domain to project example responses
003c68b Add is_domain to scope token response examples
f48ab4f Improve keystone.conf [security_compliance] documentation
84aec99 Improve keystone.conf [signing] documentation
2f99a0b Correct normal response codes in OS-INHERIT docs
db25452 Fix python{3,}-all-dev depends in deb based
0b15eea Correct normal status codes for v2.0 admin docs
e5e8c55 Improve keystone.conf [shadow_users] documentation
7f869c2 Correct normal response codes for region docs
179f0fd Correct normal response codes for auth docs
cab0b50 Correct normal response codes for credential docs
f808dfa Correct normal response codes for project docs
08c6847 Correct normal response codes for policy docs
f51b06a Correct normal response codes for v2.0 versions doc
edc2cc1 Correct normal response codes in v2.0 versions doc
b87b8f7 Correct normal response codes in v2.0 tenant docs
a216ee3 Use URIOpt instead of StrOpt for SAML config
ac3f9da Correct normal response codes for role docs
c36fa2c Correct normal response codes in v2.0 token docs
efcbc62 Correct normal response codes in service catalog doc
3c1cfac Correct normal response codes in oauth docs
7acd8d0 Correct normal response codes in v2.0 admin user docs
b6c24de Improve keystone.conf [token] documentation
80df383 Correct normal response codes in endpoint policy docs
459dd8b Validate SAML keyfile & certfile options
88e26fd Improve keystone.conf [tokenless_auth] documentation
4876106 Complete OS-TRUST API documentation
5137b7e Fixes response codes in endpoint policy api-ref
1c3d1e9 List 20X status codes as Normal in domain docs
f2911cb Improve the API documentation for groups
863b9da Create APIs for OS-REVOKE
d90281e Clean up token binding validation code
f20e6eb Reorder request params in endpoint policy api-ref
88b9b13 Adds missing parameter to endpoint policy api-ref
2e3e241 Adds missing docs to endpoint policy api-ref
c29d65b Reorders API calls to match precedence rules
dfac754 Improve keystone.conf [saml] documentation
9dc21e8 Handle more auth information via context
1d7c96d Require auth_context middleware in the pipeline
8a5a414 Updated from global requirements
acf907b Improve keystone.conf [trust] documentation
a288d5c5 Improve keystone.conf [role] documentation
a88ee4f Improve keystone.conf [ldap] documentation
694ab49 Improve keystone.conf [os_inherit] documentation
70532b2 Improve keystone.conf [revoke] documentation
5cbb909 Improve keystone.conf [resource] documentation
511a860 Move logic for catalog driver differences to manager
db7de89 Minor docstring cleanup for domain_id mapping
28688d1 Remove unnecessary stable attribute value for status
633532d Updated from global requirements
a5c5f5b Mark the domain config via API as stable
172e8c5 Remove validated decorator
8ff6b0e Move request validation inline
81c9ddc Invalidate token cache on domain disablement
abdc723 Isolate token caching into its own region
82c7b8b Doc update on enabled external auth and federation
b278f03 keystone recommend deprecated memcache backend
187490f Use request object in policy enforcement
e4ed9a4 Use the context's is_admin property
2ceeb92 Add the oslo_context to the environment and request
af0b966 Use http_client constants instead of hardcoding
b577af9 Increase test coverage for token APIs
88de82e Ensure status code is always passed as int
d53db18 Fix fernet token validate for disabled domains/trusts
9f5ed12 Doc update for moving abstract base classes out of core
e504e8a Fix _populate_token_dates method signature
5f1eae1 Move the trust abstract base class out of core
093f2c2 Move the credential abstract base class out of core
5d707d5 Move the auth plugins abstract base class out of core
a7f059f Expose bug with Fernet tokens and trusts
8645d57 Remove last parts of query_string from context
3a19aa5 Remove get_auth_context
5f7377f Correct reraising of exception
3dd1750 Pass request to build_driver_hints
b958a5f Remove headers from context
f5b3296 Use request.environ through auth and federation
a624c9f Remove accept_header from context
08096a3 Fixed a Typo
6ad13d1 Docs: Fix the query params in role_assignments example
e37db54 [doc/api]Remove space within word
6e6230f Remove unused LOG
b66693e Make assert_admin work with a request
ebccd23 Add missing preamble for v3 and v3-ext
e55dfe4 move OAUTH1 API to extensions
4f18372 generate separate index files for each api-ref
11d6b32 Migrate identity /v2-admin docs from api-ref repo
e7fc093 Use request instead of context in v2 auth
8232f4f Handle catalog backends that don't support all functions.
b425379 Refactoring: remove the duplicate method
25e5227 Return `revoked_at` for list revoke events
4bbb151 Use skip_test_overrides everywhere we feature skip
d122e9b Improve keystone.conf [fernet_tokens] documentation
85be70c Improve keystone.conf [catalog] documentation
c987d4d Refactor: [ldap] suffix should not be an instance attribute
f4e9489 Grammar fix: will -> can
cd343ef Fixes hacking's handling of log hints
fc4e3f5 Improve keystone.conf [paste_deploy] documentation
f93dc19 Improve keystone.conf [kvs] documentation
a6c6271 Improve keystone.conf [identity] documentation
bcbc43e Improve keystone.conf [endpoint_filter] documentation
e5347b6 Improve keystone.conf [oauth1] documentation
7df92f7 Verify domain_id when get_domain is being called
960ef1e Updated from global requirements
67a50b5 Include doc directory in pep8 checks
81a1cd7 Do not register options on import
70a06c8 Improve keystone.conf [policy] documentation
ddd21de Improve keystone.conf [memcache] documentation
a59aa8b Use min to avoid checking < 1 max fernet keys
2917c4d Improve keystone.conf [identity_mapping] documentation
cc05f80 Improve keystone.conf [federation] documentation
97e15b7 Updated tests that claimed to be blocked by bugs
4d87d58 Use skip_test_overrides in test_backend_ldap
6c6484f Adds a skip method to identify useless skips
d18bb02 Update the nosetests test regex for legacy tests
1b0a553 update a config option deprecation message
70f275c Improve keystone.conf [eventlet_server] documentation
32ab235 Improve keystone.conf [endpoint_policy] documentation
dbbf061 Improve keystone.conf [credential] documentation
34736ec Improve keystone.conf [domain_config] documentation
e104838 Rename [DEFAULT] keystone.conf module to keystone.conf.default
4eb93c0 Improve keystone.conf [DEFAULT] documentation
61d896f Remove test_backend_ldap skips for missing tests
40bb21b Removes duplicate ldap test setup
56dd227 Extracted common ldap setup and use in the filter tests
40c67ae Reduce domain specific config setup duplication
4db7651 API Change Tutorial doc code modify
54328aa Update other-requirements for Xenial
eed233c Concrete role assignments for federated users
e3a5b61 PCI-DSS Disable inactive users requirements
038c0e3 Migrate identity /v3-ext docs from api-ref repo
1ee8252 Migrate identity /v2-ext docs from api-ref repo
3bfb08e Migrate identity /v2 docs from api-ref repo
ef70f52 Use request.params instead of context['query_string']
9c460e2 Config: no need to set default=None
ba1a07f Do not spam the log with uncritical stacktraces
71be9f5 Improve keystone.conf [auth] documentation
4187ae1 Improve keystone.conf [assignment] documentation
0651a23 Group test_backend_ldap skips for readability
e03cfcd Adds a backend test fixture
c524254 Remove unused test code
4ab4265 Moves auth plugin test setup closer to its use
2641a40 Add security_compliance group back to config
7b809fb Fix nits related to the new keystone.conf package
e04c561 Fixes failure when password is null
5dfa16a Allow auth plugins to be setup more than once
dc81d28 Removes outdate comment from a test
d9c6b50 Replace keystone.common.config with keystone.conf package
113b00d Updated from global requirements
3f78996 Fix a few spelling mistakes
c990ec5 Allow user to get themself and their domain
498ea91 PCI-DSS Password SQL model changes
2410ff0 Fix argument order for assertEqual to (expected, observed)
d0de3f5 Use the ldap fixture to simplify tests
cc4de19 Change the remaining conf setup to use the fixture
6872f85 Reduce setup overhead in auth_plugin tests
6a9a9f0 /services?name=<name> API fails when using list_limit
2787e2f Updated from global requirements
48ccf75 Make sure to use InnoDB as the DB engine
e8d980d Remove TestAuth
3d51061 Move last few TestAuth tests to TokenAPITests
4d0a7f1 Move external auth and bind test to TokenAPITests
38fc7f4 Refactor test_validate_v2_scoped_token_with_v3_api
29557cb Remove test_validate_v2_unscoped_token_with_v3_api
005f887 Move more project scoped token behavior to TokenAPITests
89d5135 Validate impersonation in trust redelegation
8c2412a Correct domain_id and name constraint dropping
76e9209 Integration tests cleanup
8b5c095 Use http_proxy_to_wsgi from oslo.middleware
23936d3 Use request object in auth plugins
9c395cf Move cross domain/group/project auth tests
ca0b99a Move negative token tests to TokenAPITests
7b2b21f Move unscoped token test to TokenAPITests
3814111 Move negative domain scope test to TokenAPITests
d941ccd Consolidate domain token tests into TokenAPITests
46efe4b Move more project scoped behavior tests to TokenAPITests
694b930 Move project scoped catalog tests to TokenAPITests
e8a3d9c Update driver versioning documentation
b04da90 Move project scoped tests to TokenAPITests
129ad39 Move TestAuth unscoped token tests to TokenAPITests
a00d703 Add cache invalidation for service providers
dae2e92 Updated from global requirements
248f027 Add 'links' to implied roles response
3ff204a Updated from global requirements
907ee2d fix ldap delete_user group member cleanup
c3baa83 exception sensitive cache/audit changes
380514b Fix TOTP transient test failure
4b9384d Change LocalUser sql model to eager loading
a272c8b Shadow LDAP and custom driver users
d7849bd Refactor shadow users
7a4cbc4 Fix ValidationError exception name in docstring
e66ea23 Add docstring to delete_project
03091c8 Updated from global requirements
9c89e07 Revert to caching fernet tokens the same way we do UUID
1c0e59d Honor ldap_filter on filtered group list
da6ea7e Pass a request to controllers instead of a context
6bc084d Update the keystone-manage man page options
05f35bf clean up test_resource_uuid
fde57f6 Return 404 instead of 401 for tokens w/o roles
4bba482 Updating sample configuration file
4db2047 Revert "Install necessary files in etc/"
d03ed96 Keystone uwsgi performance tuning
fc7666f Add caching config for federation
d205900 Updated from global requirements
346e7f2 Updating sample configuration file
1ed56a3 Updating sample configuration file
d6b016d Bootstrap: enable and reset password for existing users
81e5d8e PEP257: Ignore D203 because it was deprecated
54da44b Cache service providers on token validation
510f00f Refactor revoke_model to remove circular dependency
b2ee4a2 Update man page for Newton release
671cb9c Move stray notification options into config module
5c87422 Adding role assignment lists unit tests
b7b4aaa Add protocols integration tests
28f7788 Add mapping rules integration tests
23c23fc Add service providers integration tests
1548fcf Imported Translations from Zanata
a0bd19a Updated from global requirements
7f3725f Simplify & fix configuration file copy in setup.cfg
f99552a Config settings to support PCI-DSS
b4bfc54 Fix credentials_factory method call
9e7f24c Allow domain admins to list users in groups with v3 policy
9f4943c Updating sample configuration file
ae8cdbf Updated from global requirements
322a744 Honor ldap_filter on filtered user list
5486f0a Install necessary files in etc/
75abc21 Replace revoke tree with linear search
9a5395f Migrate identity /v3 docs from api-ref repo
991979e Updated from global requirements
e386e84 Add new functionality to @wip
3965fbe remove deprecated revoke_by_expiration function
d5cca09 Isolate common ldap code to the identity backend
cbe0a1e Updated from global requirements
94391a3 Remove helper script for py34
e26b806 Include project_id in the validation error on default project is domain
4025cb6 Add python 3 release note.
a0dc2f2 Add comment to test case helper function
a12c254 Add Python 3 classification.
ee0a294 Py3 oauth tests
68473b2 Enable py3 tests for test_v3_auth
8a7133f make sure default_project_id is not domain on user creation and update
16d0cdb Let setup.py compile_catalog process all language files
293c891 Fix broken link of federation docs
ba3dd94 Add new line in keystone/common/request.py
fb3bc6c Move identity.backends.sql model code to sql_model.py
d87a098 Add .mo files to MANIFEST.in
fcd6644 Replace context building with a request object
e8f6584 Enable py3 testing for Fernet token provider
e518535 Enable py3 for credential tests
363920b reorganize mitaka release notes
465c3e4 enable ldap tests for py3
7463a0c Updated from global requirements
fe3b4c0 Add the validation rules when create token
f6fdda6 Use PyLDAP instead of python-ldap
80d7bee Fix config path for running wsgi in developer mode
47529d0 Move the revoke abstract base class out of core
d6dd7e1 Updated from global requirements
97eec19 Port test_v2 unit test to Python 3
a9d2daa Move the oauth1 abstract base class out of core
978faba Drop the (unused) domain table
e61e4da Don't set None for ldap.OPT_X_TLS_CACERTFILE
de2f2b0 Add API Change Tutorial
108310b Deprecate keystone.common.kvs
d84195b Updating sample configuration file
c1d0959 Add is_domain in token response
d03aeff Switch to use `new_domain_ref` for testcases
bdeee9c Move the assignment abstract base class out of core
8d90866 Add identity providers integration tests
f6ac066 Update documentation to remove keystone-all
7c3497c Updating sample configuration file
cb4c2b1 Updated from global requirements
7539942 replace logging with oslo.log
86d037f Move the federation abstract base class out of core
88713cc Separate protocol schema
b85e2a2 Updated from global requirements
2963dc1 Move the catalog abstract base class and common code out of core
a9d79e0 Enhance federation group mapping validation
09d13cf Add mapping validation tests
70b7986 Fixes example in the mapping combinations docs
2183b47 do not search file on real environment
7567c5e Allow 'domain' property for local.group
bfcbb3c Add conflict validation for idp update
ed634e8 Always add is_admin_project if admin project defined
971ba5f Make keystone exit when fernet keys don't exist
0d37602 Fix fernet audit ids for v2.0
7be1ede Revert "Revert "Unit test for checking cross-version migrations compatibility""
36da34f Make all fixture project_ids into uuids
ce574c3 Fixing D105, D203, and D205 PEP257
8eb7960 Remove test_invalid_policy_raises_error
ade1308 switch to tempest instead of deprecated tempest-lib
d1591b5 Move the resource abstract base class out of core
cafbe1b Correct RST syntax for a code block
92ece11 Restructure policy abstract driver
f2b71ab Updated from global requirements
37afc8e Add test for authentication when project and domain name clash
5cd8356 Fix doc build if git is absent
a4a2ab6 Restructure endpoint policy abstract driver
cfb983a Clean up test_receive_identityId
47e7acf Fix typos
61ae6d7 Fixes incorrect deprecation warning for IdentityDriverV8
6d8c504 Add other-requirements.txt
2c4f948 Fix D400 PEP257
5962c2c Imported Translations from Zanata
3c4fe62 Updating sample configuration file
c7cb72b Customize config file location when run as wsgi app.
40ed477 Updated from global requirements
b6cab8b Updating sample configuration file
a607ccc Updated from global requirements
a596865 Bump the required tox version to 2.3.1
8e2e80c Add set_config_defaults() call to tests
8851966 update deprecation warning for falling back to default domain
08dc3ce Tests clean up global ldap settings
3956163 Define identity interface - easy cases
ee2da37 add missing deprecation reason for eventlet option
3588402 Remove comments mentioning eventlet
20b851b Remove support for generating ssl certs
e380a3c Updating sample configuration file
ac03941 Remove eventlet support
cec8bbb Default caching to on for request-local caching.
e641f79 Typo in sysctl command example Edit
c08884d Typo fix in tests
32203d4 Add logging to cli if keystone.conf is not found
2535f22 Fix post jobs
4e0fdfa Refactor domain config upload
db7bdf9 Keystone jobs should honor upper-constraints.txt
e23ef5b Fix confusing naming in ldap EnableEmuMixin.
c382857 Updating sample configuration file
d8084e3 Deprecation reason for domain_id_immutable
a1cb55b Test list project hierarchy is correct for a large tree
aabc213 Fix D401 PEP8 violation.
3306dc2 OSprofiler release notes
99e74ad Updating sample configuration file
f309a7a Updated from global requirements
3ff7f13 Add keystone service ID to observer audit
e082c72 group federated identity docs together
abce49b Change Role/Region to role/region in keystone-manage bootstrap
f7c4e96 Use mockpatch fixtures from fixtures
9b9bc77 Set the values for the request_local_cache
324f4b5 Add missing backslash to keystone-manage bootstrap command in documentation
cd3ef89 fix typo
c1be688 Fix KeyError when rename to a name is already in use
ff9e257 Improve project name conflict message
2995748 Imported Translations from Zanata
14e1ae2 Updating sample configuration file
b316b14 Dev doc update for moving abstract base classes out of core
4872f9a Simplify chained comparison
840a714 Update the description of the role driver option
639e36a Integrate OSprofiler in Keystone
f0000bf Update the Administrator guide link
744aed7 Clean up test case for shadow users
562b81d Fixes bug where the updated federated display_name is not returned
be55871 Make AuthContext depend on auth_token middleware
3eaea2f Fix totp test fails randomly
3e5fca0 Update federated user display name with shadow_users_api
7ad4f87 Update federated user display name with shadow_users_api
4a8023a Remove comment from D202 rule
5107da7 Remove backend interface and common code out of identity.core
8b7bfb4 Use messaging notifications transport instead of default
6dd8e61 Run federation tests under Python 3
8ab2a19 Bandit test results
7f42e1d create a new `advanced topics` section in the docs
dba04cd Correct `role_name` constraint dropping
9e81843 Correct `role_name` constraint dropping
088393d Base for keystone tempest plugin
96c9da2 Random project should return positive numbers
cf1fd9d Imported Translations from Zanata
815a924 Improve error message for schema validation
c4b08ed Imported Translations from Zanata
f5a0e2f The name can be just white character except project and user
d5bbc6e Fix typos in Keystone files
9a92c47 Add `patch_cover` to keystone
dd38543 Fix keystone-manage config file path
93aff6e Cleanup LDAP models
685116d Correct test to support changing N release name
4625557 Correct _populate_default_domain in tests
aa53ad9 Imported Translations from Zanata
c78e8f4 Removing redundant words
ae068b1 Imported Translations from Zanata
8556437 Correct test to support changing N release name
139f892 Fix keystone-manage config file path
5f45541 Opportunistic testing with different DBs
3bf13c1 Correct test_implied_roles_fk_on_delete_cascade
379e369 Fix table row counting SQL for MySQL and Postgresql
92749e4 Switch migration tests to oslo.db DbTestCase
1f675cf Correct test_migrate_data_to_local_user_and_password_tables
dadf12a Fix test_add_int_pkey_to_revocation_event_table for MySQL
8177acd Imported Translations from Zanata
1d087af Implement HEAD method for all v3 GET actions
771eeb3 Avoid name repetition in equality comparisons
d14fba6 Simplify repetitive unequal checks
e4c8600 Imported Translations from Zanata
1ed8d3a Add test for domains list filtering and limiting
02817c5 Imported Translations from Zanata
00bfbb9 remove endpoint_policy from contrib
6088320 Moved name formatting (clean) out of the driver
6bd2da1 Add py3 debugging
ff01c0e Add release note for list_limit support
1041d33 Add release note for list_limit support
be0aeed Cleanup migration tests
f7197c7 Imported Translations from Zanata
9e9dc6a Imported Translations from Zanata
f7983d4 Update dev docs and sample script for v3/bootstrap
b4e8584 add placeholder migrations for mitaka
85590e6 Enables the notification tests in py3
50ffcbf Update reno for stable/mitaka
9692d40 Update .gitreview for stable/mitaka
691d497 Move region configuration to a critical section
8ce8c99 Make modifications to domain config atomic
6a3c21c Expose not clearing of user default project on project delete
Diffstat (except docs and test files)
-------------------------------------
.gitignore | 1 +
.gitreview | 1 +
MANIFEST.in | 2 +-
api-ref/source/conf.py | 220 +
api-ref/source/index.rst | 27 +
api-ref/source/v2-admin/admin-endpoints.inc | 78 +
.../v2-admin/admin-endpoints_parameters.yaml | 71 +
api-ref/source/v2-admin/admin-tenants.inc | 268 +
api-ref/source/v2-admin/admin-tokens.inc | 167 +
api-ref/source/v2-admin/admin-users.inc | 229 +
api-ref/source/v2-admin/admin-versions.inc | 29 +
api-ref/source/v2-admin/index.rst | 13 +
api-ref/source/v2-admin/parameters.yaml | 287 +
.../samples/admin/endpoint-create-request.json | 9 +
.../samples/admin/endpoint-create-response.json | 9 +
.../samples/admin/endpoint-list-response.json | 18 +
.../samples/admin/roles-list-response.json | 10 +
.../samples/admin/tenant-show-response.json | 8 +
.../samples/admin/tenant-update-request.json | 8 +
.../admin/tenantwithoutid-create-request.json | 7 +
.../admin/token-endpoints-list-response.json | 122 +
.../samples/admin/token-validate-response.json | 28 +
.../samples/admin/user-create-request.json | 9 +
.../v2-admin/samples/admin/user-show-response.json | 9 +
.../samples/admin/user-update-request.json | 6 +
.../samples/admin/user-update-response.json | 10 +
.../samples/admin/users-list-response.json | 19 +
api-ref/source/v2-ext/index.rst | 11 +
api-ref/source/v2-ext/ksadm-admin.inc | 441 ++
api-ref/source/v2-ext/kscrud.inc | 26 +
api-ref/source/v2-ext/ksec2-admin.inc | 122 +
api-ref/source/v2-ext/parameters.yaml | 195 +
.../OS-KSADM/credentials-show-response.json | 11 +
.../samples/OS-KSADM/role-create-request.json | 7 +
.../samples/OS-KSADM/role-show-response.json | 7 +
.../samples/OS-KSADM/roles-list-response.json | 10 +
.../samples/OS-KSADM/service-create-request.json | 8 +
.../samples/OS-KSADM/service-show-response.json | 8 +
.../samples/OS-KSADM/services-list-response.json | 17 +
.../samples/OS-KSADM/user-set-enabled-request.json | 5 +
.../OS-KSADM/user-set-password-request.json | 5 +
.../samples/OS-KSADM/user-show-response.json | 10 +
.../OS-KSADM/user-update-tenant-request.json | 5 +
.../OS-KSEC2/credentialswithec2-list-response.json | 18 +
.../OS-KSEC2/ec2Credentials-create-request.json | 7 +
.../OS-KSEC2/ec2Credentials-show-response.json | 7 +
api-ref/source/v2/identity-api-extensions.inc | 70 +
api-ref/source/v2/identity-auth.inc | 122 +
api-ref/source/v2/index.rst | 12 +
api-ref/source/v2/overview.inc | 272 +
api-ref/source/v2/parameters.yaml | 256 +
.../samples/admin/UserUpdatePasswordRequest.json | 6 +
.../admin/authenticate-credentials-request.json | 9 +
.../v2/samples/admin/authenticate-response.json | 184 +
.../samples/admin/authenticate-token-request.json | 8 +
.../v2/samples/admin/extension-show-response.json | 16 +
.../v2/samples/admin/extensions-list-response.json | 118 +
.../v2/samples/admin/tenants-list-request-JSON.txt | 5 +
.../v2/samples/admin/tenants-list-response.json | 17 +
.../v2/samples/admin/user-create-response.json | 10 +
.../v2/samples/admin/user-update-response.json | 9 +
.../v2/samples/admin/users-list-response.json | 88 +
.../v2/samples/admin/version-show-response.json | 24 +
.../v2/samples/admin/versions-list-response.json | 45 +
.../client/authenticate-credentials-request.json | 9 +
.../v2/samples/client/authenticate-response.json | 184 +
api-ref/source/v2/versions.inc | 39 +
api-ref/source/v3-ext/endpoint-policy.inc | 348 ++
api-ref/source/v3-ext/ep-filter.inc | 524 ++
api-ref/source/v3-ext/federation.inc | 309 +
.../v3-ext/federation/assertion/assertion.inc | 134 +
.../v3-ext/federation/assertion/parameters.yaml | 35 +
.../samples/ecp-saml-assertion-request.json | 17 +
.../samples/ecp-saml-assertion-response.xml | 82 +
.../assertion/samples/metadata-response.xml | 29 +
.../assertion/samples/saml-assertion-request.json | 17 +
.../assertion/samples/saml-assertion-response.xml | 69 +
api-ref/source/v3-ext/federation/auth/auth.inc | 127 +
.../source/v3-ext/federation/auth/parameters.yaml | 43 +
.../auth/samples/scoped-token-request.json | 17 +
.../auth/samples/scoped-token-response.json | 71 +
.../auth/samples/unscoped-token-response.json | 22 +
.../v3-ext/federation/identity-provider/idp.inc | 331 ++
.../federation/identity-provider/parameters.yaml | 97 +
.../samples/add-protocol-request.json | 5 +
.../samples/add-protocol-response.json | 10 +
.../samples/get-protocol-response.json | 10 +
.../identity-provider/samples/get-response.json | 12 +
.../samples/list-protocol-response.json | 17 +
.../identity-provider/samples/list-response.json | 29 +
.../samples/register-request.json | 7 +
.../samples/register-response.json | 12 +
.../samples/update-protocol-request.json | 5 +
.../samples/update-protocol-response.json | 10 +
.../identity-provider/samples/update-request.json | 6 +
.../identity-provider/samples/update-response.json | 12 +
.../source/v3-ext/federation/mapping/mapping.inc | 151 +
.../v3-ext/federation/mapping/parameters.yaml | 49 +
.../federation/mapping/samples/create-request.json | 32 +
.../mapping/samples/create-response.json | 36 +
.../federation/mapping/samples/get-response.json | 36 +
.../federation/mapping/samples/list-response.json | 43 +
.../federation/mapping/samples/update-request.json | 32 +
.../mapping/samples/update-response.json | 36 +
.../federation/projects-domains/parameters.yaml | 35 +
.../projects-domains/projects-domains.inc | 67 +
.../samples/domain-list-response.json | 18 +
.../samples/project-list-response.json | 27 +
.../federation/service-provider/parameters.yaml | 77 +
.../service-provider/samples/get-response.json | 13 +
.../service-provider/samples/list-response.json | 31 +
.../service-provider/samples/register-request.json | 8 +
.../samples/register-response.json | 13 +
.../service-provider/samples/update-request.json | 8 +
.../service-provider/samples/update-response.json | 13 +
.../v3-ext/federation/service-provider/sp.inc | 173 +
api-ref/source/v3-ext/index.rst | 23 +
api-ref/source/v3-ext/oauth.inc | 468 ++
api-ref/source/v3-ext/parameters.yaml | 550 ++
api-ref/source/v3-ext/revoke.inc | 75 +
...policy-endpoint-associations-list-response.json | 29 +
.../OS-ENDPOINT-POLICY/policy-show-response.json | 14 +
.../create-endpoint-group-request.json | 10 +
.../OS-EP-FILTER/endpoint-group-response.json | 14 +
.../OS-EP-FILTER/endpoint-groups-response.json | 36 +
.../OS-EP-FILTER/endpoint-project-response.json | 12 +
.../OS-EP-FILTER/get-projects-response.json | 29 +
.../OS-EP-FILTER/list-endpoints-response.json | 29 +
.../OS-EP-FILTER/list-service-endpoints.json | 45 +
.../OS-OAUTH1/access-token-create-response.txt | 1 +
.../OS-OAUTH1/access-token-show-response.json | 13 +
.../OS-OAUTH1/access-tokens-list-response.json | 20 +
.../OS-OAUTH1/authorize-request-token-request.json | 10 +
.../authorize-request-token-response.json | 5 +
.../samples/OS-OAUTH1/consumer-create-request.json | 5 +
.../OS-OAUTH1/consumer-create-response.json | 10 +
.../samples/OS-OAUTH1/consumer-show-response.json | 9 +
.../samples/OS-OAUTH1/consumer-update-request.json | 5 +
.../OS-OAUTH1/consumer-update-response.json | 9 +
.../samples/OS-OAUTH1/consumers-list-response.json | 22 +
.../OS-OAUTH1/request-token-create-response.txt | 1 +
.../samples/OS-REVOKE/list-revoke-response.json | 22 +
.../OS-TRUST/trust-auth-redelegated-response.json | 45 +
.../samples/OS-TRUST/trust-auth-request.json | 17 +
.../OS-TRUST/trust-auth-trust-response.json | 43 +
.../samples/OS-TRUST/trust-create-request.json | 15 +
.../samples/OS-TRUST/trust-create-response.json | 29 +
.../samples/OS-TRUST/trust-get-response.json | 27 +
.../trust-get-role-delegated-response.json | 9 +
.../samples/OS-TRUST/trust-list-response.json | 25 +
.../trust-list-roles-delegated-response.json | 18 +
api-ref/source/v3-ext/trust.inc | 382 ++
api-ref/source/v3/authenticate-v3.inc | 603 ++
api-ref/source/v3/credentials.inc | 225 +
api-ref/source/v3/domains-config-v3.inc | 559 ++
api-ref/source/v3/domains.inc | 224 +
api-ref/source/v3/groups.inc | 313 +
api-ref/source/v3/index.rst | 54 +
api-ref/source/v3/inherit.inc | 508 ++
api-ref/source/v3/parameters.yaml | 1698 ++++++
api-ref/source/v3/policies.inc | 218 +
api-ref/source/v3/projects.inc | 311 +
api-ref/source/v3/regions-v3.inc | 227 +
api-ref/source/v3/roles.inc | 922 +++
.../auth-password-explicit-unscoped-request.json | 16 +
.../auth-password-explicit-unscoped-response.json | 21 +
.../auth-password-project-scoped-request.json | 20 +
.../auth-password-project-scoped-response.json | 402 ++
...auth-password-unscoped-request-with-domain.json | 18 +
.../admin/auth-password-unscoped-request.json | 15 +
.../admin/auth-password-unscoped-response.json | 21 +
.../auth-password-user-name-unscoped-request.json | 18 +
...h-password-user-name-unscoped-response-HTTP.txt | 8 +
.../samples/admin/auth-token-scoped-request.json | 17 +
.../samples/admin/auth-token-scoped-response.json | 402 ++
.../samples/admin/auth-token-unscoped-request.json | 12 +
.../admin/auth-token-unscoped-response.json | 21 +
.../admin/create-role-inferences-response.json | 21 +
.../samples/admin/credential-create-request.json | 8 +
.../samples/admin/credential-create-response.json | 12 +
.../v3/samples/admin/credential-show-response.json | 12 +
.../samples/admin/credential-update-request.json | 8 +
.../samples/admin/credential-update-response.json | 12 +
.../samples/admin/credentials-list-response.json | 109 +
.../admin/domain-config-create-request.json | 11 +
.../admin/domain-config-create-response.json | 11 +
.../admin/domain-config-default-response.json | 13 +
.../domain-config-group-default-response.json | 8 +
...omain-config-group-option-default-response.json | 3 +
.../domain-config-group-option-show-response.json | 3 +
.../domain-config-group-option-update-request.json | 3 +
...domain-config-group-option-update-response.json | 11 +
.../admin/domain-config-group-show-response.json | 6 +
.../admin/domain-config-group-update-request.json | 8 +
.../admin/domain-config-group-update-response.json | 11 +
.../samples/admin/domain-config-show-response.json | 11 +
.../admin/domain-config-update-request.json | 8 +
.../admin/domain-config-update-response.json | 11 +
.../v3/samples/admin/domain-create-request.json | 7 +
.../v3/samples/admin/domain-create-response.json | 11 +
.../admin/domain-group-roles-list-response.json | 23 +
.../samples/admin/domain-group-update-request.json | 8 +
.../v3/samples/admin/domain-show-response.json | 11 +
.../admin/domain-specific-role-create-request.json | 6 +
.../v3/samples/admin/domain-update-request.json | 5 +
.../v3/samples/admin/domain-update-response.json | 11 +
.../admin/domain-user-roles-list-response.json | 23 +
.../v3/samples/admin/domains-list-response.json | 27 +
.../v3/samples/admin/endpoint-create-request.json | 8 +
.../v3/samples/admin/endpoint-create-response.json | 15 +
.../v3/samples/admin/endpoint-show-response.json | 14 +
.../v3/samples/admin/endpoint-update-request.json | 9 +
.../v3/samples/admin/endpoint-update-response.json | 12 +
.../v3/samples/admin/endpoints-list-response.json | 333 ++
.../get-available-domain-scopes-response.json | 27 +
.../get-available-project-scopes-response.json | 27 +
.../admin/get-role-inferences-response.json | 21 +
.../admin/get-service-catalog-response.json | 34 +
.../v3/samples/admin/group-create-request.json | 7 +
.../v3/samples/admin/group-create-response.json | 11 +
.../admin/group-roles-domain-list-response.json | 23 +
.../samples/admin/group-roles-list-response.json | 23 +
.../v3/samples/admin/group-show-response.json | 11 +
.../v3/samples/admin/group-update-request.json | 6 +
.../v3/samples/admin/group-update-response.json | 11 +
.../samples/admin/group-users-list-response.json | 30 +
.../v3/samples/admin/groups-list-response.json | 27 +
.../samples/admin/identity-version-response.json | 19 +
.../samples/admin/identity-versions-response.json | 45 +
.../list-implied-roles-for-role-response.json | 30 +
.../v3/samples/admin/policies-list-response.json | 37 +
.../v3/samples/admin/policy-create-request.json | 8 +
.../v3/samples/admin/policy-create-response.json | 12 +
.../v3/samples/admin/policy-show-response.json | 16 +
.../v3/samples/admin/policy-update-request.json | 12 +
.../v3/samples/admin/policy-update-response.json | 16 +
.../admin/project-create-domain-request.json | 8 +
.../v3/samples/admin/project-create-request.json | 9 +
.../v3/samples/admin/project-create-response.json | 14 +
.../v3/samples/admin/project-enable-request.json | 5 +
.../admin/project-group-roles-list-response.json | 23 +
.../admin/project-show-parents-response.json | 26 +
.../v3/samples/admin/project-show-response.json | 14 +
.../admin/project-show-subtree-response.json | 50 +
.../v3/samples/admin/project-update-request.json | 6 +
.../v3/samples/admin/project-update-response.json | 14 +
.../admin/project-user-roles-list-response.json | 16 +
.../v3/samples/admin/projects-list-response.json | 105 +
.../v3/samples/admin/region-create-request.json | 7 +
.../v3/samples/admin/region-create-response.json | 10 +
.../v3/samples/admin/region-show-response.json | 10 +
.../v3/samples/admin/region-update-request.json | 5 +
.../v3/samples/admin/region-update-response.json | 10 +
.../v3/samples/admin/regions-list-response.json | 17 +
...ents-effective-list-include-names-response.json | 60 +
.../role-assignments-effective-list-response.json | 42 +
.../role-assignments-effective-list-response.txt | 1 +
...-assignments-list-include-subtree-response.json | 42 +
.../admin/role-assignments-list-response.json | 41 +
.../admin/role-assignments-list-response.txt | 1 +
.../v3/samples/admin/role-create-request.json | 5 +
.../v3/samples/admin/role-create-response.json | 9 +
.../v3/samples/admin/role-inferences-response.json | 57 +
.../v3/samples/admin/role-show-response.json | 10 +
.../v3/samples/admin/role-update-request.json | 5 +
.../v3/samples/admin/role-update-response.json | 10 +
.../v3/samples/admin/roles-list-response.json | 51 +
.../v3/samples/admin/service-create-request.json | 7 +
.../v3/samples/admin/service-create-response.json | 12 +
.../v3/samples/admin/service-show-response.json | 12 +
.../v3/samples/admin/service-update-request.json | 5 +
.../v3/samples/admin/service-update-response.json | 12 +
.../v3/samples/admin/services-list-response.json | 99 +
.../v3/samples/admin/token-validate-request.txt | 3 +
.../v3/samples/admin/user-create-request.json | 9 +
.../v3/samples/admin/user-create-response.json | 15 +
.../samples/admin/user-groups-list-response.json | 27 +
.../admin/user-password-update-request.json | 6 +
.../samples/admin/user-projects-list-response.json | 31 +
.../admin/user-roles-domain-list-response.json | 23 +
.../v3/samples/admin/user-roles-list-response.json | 23 +
.../v3/samples/admin/user-show-response.json | 13 +
.../v3/samples/admin/user-update-request.json | 6 +
.../v3/samples/admin/user-update-response.json | 13 +
.../v3/samples/admin/users-list-response.json | 139 +
api-ref/source/v3/service-catalog.inc | 521 ++
api-ref/source/v3/status.yaml | 60 +
api-ref/source/v3/users.inc | 304 +
bindep.txt | 32 +
config-generator/keystone.conf | 2 +-
etc/keystone-paste.ini | 16 +-
etc/keystone.conf.sample | 1954 ++++---
etc/policy.json | 8 +-
etc/policy.v3cloudsample.json | 10 +-
httpd/keystone-uwsgi-admin.ini | 5 +-
httpd/keystone-uwsgi-public.ini | 5 +-
keystone/assignment/V8_backends/sql.py | 10 +-
keystone/assignment/V8_role_backends/sql.py | 4 +-
keystone/assignment/backends/base.py | 400 ++
keystone/assignment/backends/sql.py | 6 +-
keystone/assignment/controllers.py | 254 +-
keystone/assignment/core.py | 742 +--
keystone/assignment/role_backends/base.py | 267 +
keystone/assignment/role_backends/sql.py | 4 +-
keystone/assignment/routers.py | 17 +-
keystone/assignment/schema.py | 16 +
keystone/auth/__init__.py | 1 -
keystone/auth/controllers.py | 100 +-
keystone/auth/core.py | 86 +-
keystone/auth/plugins/base.py | 94 +
keystone/auth/plugins/core.py | 8 +-
keystone/auth/plugins/external.py | 66 +-
keystone/auth/plugins/mapped.py | 53 +-
keystone/auth/plugins/oauth1.py | 16 +-
keystone/auth/plugins/password.py | 8 +-
keystone/auth/plugins/token.py | 18 +-
keystone/auth/plugins/totp.py | 14 +-
keystone/catalog/backends/base.py | 531 ++
keystone/catalog/backends/sql.py | 18 +-
keystone/catalog/backends/templated.py | 22 +-
keystone/catalog/controllers.py | 226 +-
keystone/catalog/core.py | 615 +-
keystone/catalog/schema.py | 33 +-
keystone/cmd/all.py | 39 -
keystone/cmd/cli.py | 478 +-
keystone/cmd/doctor/__init__.py | 77 +
keystone/cmd/doctor/caching.py | 35 +
keystone/cmd/doctor/credential.py | 73 +
keystone/cmd/doctor/database.py | 30 +
keystone/cmd/doctor/federation.py | 36 +
keystone/cmd/doctor/ldap.py | 52 +
keystone/cmd/doctor/security_compliance.py | 64 +
keystone/cmd/doctor/tokens.py | 46 +
keystone/cmd/doctor/tokens_fernet.py | 51 +
keystone/cmd/manage.py | 5 +-
keystone/common/authorization.py | 1 +
keystone/common/cache/_context_cache.py | 35 +-
keystone/common/cache/core.py | 202 +-
keystone/common/config.py | 1259 -----
keystone/common/context.py | 54 +
keystone/common/controller.py | 205 +-
keystone/common/dependency.py | 2 +-
keystone/common/driver_hints.py | 4 +-
keystone/common/environment/__init__.py | 102 -
keystone/common/environment/eventlet_server.py | 212 -
keystone/common/fernet_utils.py | 277 +
keystone/common/kvs/backends/memcached.py | 4 +-
keystone/common/kvs/core.py | 17 +-
keystone/common/ldap/__init__.py | 13 +-
keystone/common/ldap/core.py | 1947 +------
keystone/common/ldap/models.py | 26 +
keystone/common/manager.py | 5 +-
keystone/common/models.py | 196 -
keystone/common/openssl.py | 56 +-
keystone/common/profiler.py | 47 +
keystone/common/request.py | 95 +
keystone/common/router.py | 4 +-
keystone/common/sql/contract_repo/README | 4 +
keystone/common/sql/contract_repo/__init__.py | 0
keystone/common/sql/contract_repo/manage.py | 5 +
keystone/common/sql/contract_repo/migrate.cfg | 25 +
.../001_contract_initial_null_migration.py | 18 +
.../002_password_created_at_not_nullable.py | 39 +
...move_unencrypted_blob_column_from_credential.py | 60 +
.../versions/004_reset_password_created_at.py | 37 +
.../common/sql/contract_repo/versions/__init__.py | 0
keystone/common/sql/core.py | 54 +-
keystone/common/sql/data_migration_repo/README | 4 +
.../common/sql/data_migration_repo/__init__.py | 0
keystone/common/sql/data_migration_repo/manage.py | 5 +
.../common/sql/data_migration_repo/migrate.cfg | 25 +
.../versions/001_data_initial_null_migration.py | 18 +
.../002_password_created_at_not_nullable.py | 18 +
.../003_migrate_unencrypted_credentials.py | 39 +
.../versions/004_reset_password_created_at.py | 15 +
.../sql/data_migration_repo/versions/__init__.py | 0
keystone/common/sql/expand_repo/README | 4 +
keystone/common/sql/expand_repo/__init__.py | 15 +
keystone/common/sql/expand_repo/manage.py | 5 +
keystone/common/sql/expand_repo/migrate.cfg | 25 +
.../versions/001_expand_initial_null_migration.py | 18 +
.../002_password_created_at_not_nullable.py | 18 +
...dd_key_hash_and_encrypted_blob_to_credential.py | 129 +
.../versions/004_reset_password_created_at.py | 15 +
.../common/sql/expand_repo/versions/__init__.py | 15 +
.../common/sql/migrate_repo/versions/067_kilo.py | 3 +-
.../versions/073_insert_assignment_inherited_pk.py | 2 +-
.../versions/082_add_federation_tables.py | 4 +-
.../versions/088_domain_specific_roles.py | 31 +-
...grate_data_to_local_user_and_password_tables.py | 22 +-
.../versions/094_add_federated_user_table.py | 4 +-
.../versions/096_drop_role_name_constraint.py | 50 +
.../097_drop_user_name_domainid_constraint.py | 67 +
.../sql/migrate_repo/versions/098_placeholder.py | 18 +
.../sql/migrate_repo/versions/099_placeholder.py | 18 +
.../sql/migrate_repo/versions/100_placeholder.py | 18 +
.../versions/101_drop_role_name_constraint.py | 53 +
.../migrate_repo/versions/102_drop_domain_table.py | 21 +
.../versions/103_add_nonlocal_user_table.py | 32 +
.../104_drop_user_name_domainid_constraint.py | 71 +
.../versions/105_add_password_date_columns.py | 30 +
.../106_allow_password_column_to_be_nullable.py | 21 +
.../versions/107_add_user_date_columns.py | 30 +
.../versions/108_add_failed_auth_columns.py | 26 +
.../109_add_password_self_service_column.py | 24 +
keystone/common/sql/migration_helpers.py | 159 +-
keystone/common/tokenless_auth.py | 12 +-
keystone/common/utils.py | 160 +-
keystone/common/validation/__init__.py | 50 +-
keystone/common/validation/parameter_types.py | 3 +-
keystone/common/validation/validators.py | 40 +-
keystone/common/wsgi.py | 217 +-
keystone/conf/__init__.py | 186 +
keystone/conf/assignment.py | 50 +
keystone/conf/auth.py | 99 +
keystone/conf/catalog.py | 78 +
keystone/conf/constants.py | 30 +
keystone/conf/credential.py | 63 +
keystone/conf/default.py | 258 +
keystone/conf/domain_config.py | 59 +
keystone/conf/endpoint_filter.py | 51 +
keystone/conf/endpoint_policy.py | 56 +
keystone/conf/eventlet_server.py | 95 +
keystone/conf/federation.py | 103 +
keystone/conf/fernet_tokens.py | 69 +
keystone/conf/identity.py | 131 +
keystone/conf/identity_mapping.py | 74 +
keystone/conf/kvs.py | 76 +
keystone/conf/ldap.py | 638 +++
keystone/conf/memcache.py | 96 +
keystone/conf/oauth1.py | 62 +
keystone/conf/opts.py | 97 +
keystone/conf/os_inherit.py | 49 +
keystone/conf/paste_deploy.py | 40 +
keystone/conf/policy.py | 47 +
keystone/conf/resource.py | 114 +
keystone/conf/revoke.py | 69 +
keystone/conf/role.py | 66 +
keystone/conf/saml.py | 193 +
keystone/conf/security_compliance.py | 147 +
keystone/conf/shadow_users.py | 41 +
keystone/conf/signing.py | 134 +
keystone/conf/token.py | 192 +
keystone/conf/tokenless_auth.py | 68 +
keystone/conf/trust.py | 67 +
keystone/conf/utils.py | 26 +
keystone/contrib/ec2/controllers.py | 74 +-
.../endpoint_filter/backends/catalog_sql.py | 8 +-
.../endpoint_filter/migrate_repo/__init__.py | 0
.../endpoint_filter/migrate_repo/migrate.cfg | 25 -
.../versions/001_add_endpoint_filtering_table.py | 19 -
.../versions/002_add_endpoint_groups.py | 19 -
.../migrate_repo/versions/__init__.py | 0
keystone/contrib/endpoint_policy/__init__.py | 0
.../contrib/endpoint_policy/backends/__init__.py | 0
keystone/contrib/endpoint_policy/backends/sql.py | 28 -
.../endpoint_policy/migrate_repo/__init__.py | 0
.../endpoint_policy/migrate_repo/migrate.cfg | 25 -
.../versions/001_add_endpoint_policy_table.py | 19 -
.../migrate_repo/versions/__init__.py | 0
keystone/contrib/endpoint_policy/routers.py | 28 -
.../contrib/federation/migrate_repo/__init__.py | 0
.../contrib/federation/migrate_repo/migrate.cfg | 25 -
.../versions/001_add_identity_provider_table.py | 17 -
.../versions/002_add_mapping_tables.py | 17 -
.../versions/003_mapping_id_nullable_false.py | 20 -
.../versions/004_add_remote_id_column.py | 17 -
.../versions/005_add_service_provider_table.py | 17 -
.../006_fixup_service_provider_attributes.py | 17 -
.../versions/007_add_remote_id_table.py | 17 -
.../versions/008_add_relay_state_to_sp.py | 17 -
.../federation/migrate_repo/versions/__init__.py | 0
keystone/contrib/oauth1/migrate_repo/__init__.py | 0
keystone/contrib/oauth1/migrate_repo/migrate.cfg | 25 -
.../migrate_repo/versions/001_add_oauth_tables.py | 19 -
.../versions/002_fix_oauth_tables_fk.py | 19 -
.../versions/003_consumer_description_nullalbe.py | 19 -
.../versions/004_request_token_roles_nullable.py | 19 -
.../migrate_repo/versions/005_consumer_id_index.py | 20 -
.../oauth1/migrate_repo/versions/__init__.py | 0
keystone/contrib/revoke/migrate_repo/__init__.py | 0
keystone/contrib/revoke/migrate_repo/migrate.cfg | 25 -
.../migrate_repo/versions/001_revoke_table.py | 17 -
.../002_add_audit_id_and_chain_to_revoke_table.py | 17 -
.../revoke/migrate_repo/versions/__init__.py | 0
keystone/contrib/s3/core.py | 4 +-
keystone/credential/__init__.py | 1 +
keystone/credential/backends/base.py | 119 +
keystone/credential/backends/sql.py | 11 +-
keystone/credential/controllers.py | 30 +-
keystone/credential/core.py | 207 +-
keystone/credential/provider.py | 27 +
keystone/credential/providers/__init__.py | 0
keystone/credential/providers/core.py | 38 +
keystone/credential/providers/fernet/__init__.py | 13 +
keystone/credential/providers/fernet/core.py | 107 +
keystone/endpoint_policy/backends/base.py | 186 +
keystone/endpoint_policy/backends/sql.py | 2 +-
keystone/endpoint_policy/controllers.py | 27 +-
keystone/endpoint_policy/core.py | 187 +-
keystone/exception.py | 82 +-
keystone/federation/V8_backends/sql.py | 39 +-
keystone/federation/backends/base.py | 529 ++
keystone/federation/backends/sql.py | 46 +-
keystone/federation/controllers.py | 213 +-
keystone/federation/core.py | 570 +-
keystone/federation/idp.py | 38 +-
keystone/federation/routers.py | 4 +-
keystone/federation/schema.py | 18 +-
keystone/federation/utils.py | 107 +-
keystone/identity/backends/base.py | 449 ++
keystone/identity/backends/ldap.py | 425 --
keystone/identity/backends/ldap/__init__.py | 13 +
keystone/identity/backends/ldap/common.py | 1951 +++++++
keystone/identity/backends/ldap/core.py | 434 ++
keystone/identity/backends/ldap/models.py | 70 +
keystone/identity/backends/sql.py | 340 +-
keystone/identity/backends/sql_model.py | 297 +
keystone/identity/controllers.py | 188 +-
keystone/identity/core.py | 504 +-
keystone/identity/generator.py | 4 +-
keystone/identity/id_generators/sha256.py | 4 +-
keystone/identity/mapping_backends/base.py | 81 +
keystone/identity/mapping_backends/sql.py | 21 +-
keystone/identity/routers.py | 4 +-
keystone/identity/schema.py | 50 +-
keystone/identity/shadow_backends/base.py | 115 +
keystone/identity/shadow_backends/sql.py | 60 +-
.../locale/de/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/de/LC_MESSAGES/keystone.po | 116 +-
.../locale/el/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../en_AU/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../locale/es/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/es/LC_MESSAGES/keystone.po | 420 +-
.../locale/fr/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/fr/LC_MESSAGES/keystone.po | 103 +-
.../locale/hu/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../locale/it/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/it/LC_MESSAGES/keystone.po | 414 +-
.../locale/ja/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/ja/LC_MESSAGES/keystone.po | 545 +-
keystone/locale/keystone-log-critical.pot | 24 -
keystone/locale/keystone-log-error.pot | 177 -
keystone/locale/keystone-log-info.pot | 238 -
keystone/locale/keystone-log-warning.pot | 315 --
keystone/locale/keystone.pot | 1705 ------
.../ko_KR/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../locale/ko_KR/LC_MESSAGES/keystone-log-error.po | 140 +
.../locale/ko_KR/LC_MESSAGES/keystone-log-info.po | 177 +
.../ko_KR/LC_MESSAGES/keystone-log-warning.po | 290 +
keystone/locale/ko_KR/LC_MESSAGES/keystone.po | 389 +-
.../pl_PL/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../pt_BR/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/pt_BR/LC_MESSAGES/keystone.po | 418 +-
.../locale/ru/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/ru/LC_MESSAGES/keystone.po | 113 +-
.../tr_TR/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../locale/tr_TR/LC_MESSAGES/keystone-log-error.po | 29 +-
.../tr_TR/LC_MESSAGES/keystone-log-warning.po | 32 +-
keystone/locale/tr_TR/LC_MESSAGES/keystone.po | 55 +-
.../zh_CN/LC_MESSAGES/keystone-log-critical.po | 8 +-
.../locale/zh_CN/LC_MESSAGES/keystone-log-error.po | 32 +-
keystone/locale/zh_CN/LC_MESSAGES/keystone.po | 164 +-
.../zh_TW/LC_MESSAGES/keystone-log-critical.po | 8 +-
keystone/locale/zh_TW/LC_MESSAGES/keystone.po | 90 +-
keystone/middleware/auth.py | 225 +-
keystone/middleware/core.py | 6 +-
keystone/models/revoke_model.py | 242 +-
keystone/models/token_model.py | 12 +-
keystone/notifications.py | 66 +-
keystone/oauth1/backends/base.py | 220 +
keystone/oauth1/backends/sql.py | 17 +-
keystone/oauth1/controllers.py | 133 +-
keystone/oauth1/core.py | 218 +-
keystone/oauth1/validator.py | 3 +-
keystone/policy/backends/base.py | 77 +
keystone/policy/backends/rules.py | 14 +-
keystone/policy/backends/sql.py | 2 +-
keystone/policy/controllers.py | 31 +-
keystone/policy/core.py | 73 +-
keystone/resource/V8_backends/sql.py | 4 +-
keystone/resource/backends/base.py | 632 +++
keystone/resource/backends/sql.py | 31 +-
keystone/resource/config_backends/base.py | 155 +
keystone/resource/config_backends/sql.py | 60 +-
keystone/resource/controllers.py | 158 +-
keystone/resource/core.py | 991 +---
keystone/resource/routers.py | 8 +-
keystone/resource/schema.py | 49 +-
keystone/revoke/backends/base.py | 60 +
keystone/revoke/backends/sql.py | 9 +-
keystone/revoke/controllers.py | 8 +-
keystone/revoke/core.py | 98 +-
keystone/server/backends.py | 11 +-
keystone/server/common.py | 11 +-
keystone/server/eventlet.py | 156 -
keystone/server/wsgi.py | 101 +-
.../backend/legacy_drivers/federation/V8/api_v3.py | 2 +-
.../unit/config_files/backend_postgresql.conf | 4 -
.../unit/identity/backends/test_ldap_common.py | 571 ++
.../test_associate_project_endpoint_extension.py | 60 +-
keystone/token/_simple_cert.py | 4 +-
keystone/token/controllers.py | 76 +-
keystone/token/persistence/backends/kvs.py | 30 +-
keystone/token/persistence/backends/memcache.py | 4 +-
.../token/persistence/backends/memcache_pool.py | 4 +-
keystone/token/persistence/backends/sql.py | 12 +-
keystone/token/persistence/core.py | 12 +-
keystone/token/provider.py | 146 +-
keystone/token/providers/common.py | 165 +-
keystone/token/providers/fernet/core.py | 41 +-
.../token/providers/fernet/token_formatters.py | 31 +-
keystone/token/providers/fernet/utils.py | 270 -
keystone/token/providers/pki.py | 11 +-
keystone/token/providers/pkiz.py | 11 +-
keystone/token/providers/uuid.py | 4 +-
keystone/token/utils.py | 8 +-
keystone/trust/backends/base.py | 72 +
keystone/trust/backends/sql.py | 4 +-
keystone/trust/controllers.py | 221 +-
keystone/trust/core.py | 77 +-
keystone/v2_crud/user_crud.py | 16 +-
keystone/version/__init__.py | 15 +
keystone/version/controllers.py | 61 +-
keystone/version/service.py | 6 +-
keystone_tempest_plugin/README.rst | 6 +
keystone_tempest_plugin/__init__.py | 0
keystone_tempest_plugin/clients.py | 38 +
keystone_tempest_plugin/config.py | 27 +
keystone_tempest_plugin/plugin.py | 39 +
keystone_tempest_plugin/services/__init__.py | 0
.../services/identity/__init__.py | 0
.../services/identity/clients.py | 77 +
.../services/identity/v3/__init__.py | 0
.../identity/v3/identity_providers_client.py | 101 +
.../services/identity/v3/mapping_rules_client.py | 44 +
.../identity/v3/service_providers_client.py | 73 +
.../api/identity/v3/test_identity_providers.py | 238 +
.../api/identity/v3/test_service_providers.py | 207 +
...pires_at_to_user_response-22f14ab629c48bc2.yaml | 4 +
...p-domain-config-as-stable-716ca5ab33c0cc42.yaml | 12 +
.../bp-manage-migration-c398963a943a89fe.yaml | 7 +
...-specific-role-assignment-8f120604a6625852.yaml | 7 +
.../notes/bug-1594482-52a5dd1d8477b694.yaml | 8 +
...redential-update-ec2-type-8fb51ff3ad3a449c.yaml | 8 +
.../notes/deprecate-v2-apis-894284c17be881d2.yaml | 3 +
.../deprecated-as-of-mitaka-8534e43fa40c1d09.yaml | 2 +
.../deprecated-as-of-newton-be1d8dbcc6bdc68f.yaml | 7 +
...ew_change_password_method-e8c0e06795bca2d8.yaml | 6 +
.../integrate-osprofiler-ad0e16a542b12899.yaml | 12 +
.../list_limit-ldap-support-5d31d51466fc49a6.yaml | 6 +
.../notes/mapping_populate-521d92445505b8a3.yaml | 13 +
...uth1-headers-content-type-9a9245d9bbec8f8e.yaml | 6 +
...sword-created_at-nullable-b3c284be50d93ef5.yaml | 5 +
...derated_projects_for_user-dcd7bd148efef049.yaml | 7 +
.../notes/pre-cache-tokens-73450934918af26b.yaml | 7 +
.../notes/python3-support-e4189e0a1a6e2e4f.yaml | 4 +
.../removed-as-of-newton-721c06b5dcb1b34a.yaml | 22 +
...ypted_credentials_at_rest-93dcb67b3508e91a.yaml | 14 +
.../notes/use-pyldap-6e811c28bf350d6d.yaml | 6 +
releasenotes/source/index.rst | 3 +-
releasenotes/source/mitaka.rst | 6 +
requirements.txt | 36 +-
setup.cfg | 34 +-
test-requirements.txt | 23 +-
tools/cover.sh | 72 +
tools/pretty_tox_py3.sh | 12 -
tools/sample_data.sh | 115 +-
tox.ini | 53 +-
820 files changed, 57086 insertions(+), 24340 deletions(-)
Requirements updates
--------------------
diff --git a/requirements.txt b/requirements.txt
index 8ebcc71..fd007ac 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,0 +5,4 @@
+# Temporarily add Babel reference to avoid problem
+# in keystone-coverage-db CI job
+Babel>=2.3.4 # BSD
+
@@ -7,2 +10,0 @@ WebOb>=1.2.3 # MIT
-eventlet!=0.18.3,>=0.18.2 # MIT
-greenlet>=0.3.2 # MIT
@@ -11,3 +13,3 @@ Paste # MIT
-Routes!=2.0,!=2.1,>=1.12.3;python_version=='2.7' # MIT
-Routes!=2.0,>=1.12.3;python_version!='2.7' # MIT
-cryptography>=1.0 # BSD/Apache-2.0
+Routes!=2.0,!=2.1,!=2.3.0,>=1.12.3;python_version=='2.7' # MIT
+Routes!=2.0,!=2.3.0,>=1.12.3;python_version!='2.7' # MIT
+cryptography!=1.3.0,>=1.0 # BSD/Apache-2.0
@@ -17 +19 @@ sqlalchemy-migrate>=0.9.6 # Apache-2.0
-stevedore>=1.5.0 # Apache-2.0
+stevedore>=1.16.0 # Apache-2.0
@@ -19,2 +21,2 @@ passlib>=1.6 # BSD
-python-keystoneclient!=1.8.0,!=2.1.0,>=1.6.0 # Apache-2.0
-keystonemiddleware!=4.1.0,>=4.0.0 # Apache-2.0
+python-keystoneclient!=2.1.0,>=2.0.0 # Apache-2.0
+keystonemiddleware!=4.1.0,!=4.5.0,>=4.0.0 # Apache-2.0
@@ -22,5 +24,5 @@ oslo.cache>=1.5.0 # Apache-2.0
-oslo.concurrency>=3.5.0 # Apache-2.0
-oslo.config>=3.7.0 # Apache-2.0
-oslo.context>=0.2.0 # Apache-2.0
-oslo.messaging>=4.0.0 # Apache-2.0
-oslo.db>=4.1.0 # Apache-2.0
+oslo.concurrency>=3.8.0 # Apache-2.0
+oslo.config>=3.14.0 # Apache-2.0
+oslo.context>=2.9.0 # Apache-2.0
+oslo.messaging>=5.2.0 # Apache-2.0
+oslo.db!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0
@@ -30 +32 @@ oslo.middleware>=3.0.0 # Apache-2.0
-oslo.policy>=0.5.0 # Apache-2.0
+oslo.policy>=1.9.0 # Apache-2.0
@@ -32,2 +34 @@ oslo.serialization>=1.10.0 # Apache-2.0
-oslo.service>=1.0.0 # Apache-2.0
-oslo.utils>=3.5.0 # Apache-2.0
+oslo.utils>=3.16.0 # Apache-2.0
@@ -36 +37 @@ pysaml2<4.0.3,>=2.4.0 # Apache-2.0
-dogpile.cache>=0.5.7 # BSD
+dogpile.cache>=0.6.2 # BSD
@@ -39,0 +41 @@ msgpack-python>=0.4.0 # Apache-2.0
+osprofiler>=1.4.0 # Apache-2.0
diff --git a/test-requirements.txt b/test-requirements.txt
index b79b26a..41e60a7 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -9 +9,5 @@ bashate>=0.2 # Apache-2.0
-os-testr>=0.4.1 # Apache-2.0
+os-testr>=0.7.0 # Apache-2.0
+freezegun # Apache-2.0
+
+# Include drivers for opportunistic testing.
+oslo.db[fixtures,mysql,postgresql]!=4.13.1,!=4.13.2,>=4.10.0 # Apache-2.0
@@ -14 +18 @@ coverage>=3.6 # Apache-2.0
-fixtures>=1.3.1 # Apache-2.0/BSD
+fixtures>=3.0.0 # Apache-2.0/BSD
@@ -18 +22 @@ lxml>=2.3 # BSD
-mock>=1.2 # BSD
+mock>=2.0 # BSD
@@ -21 +25,2 @@ oslotest>=1.10.0 # Apache-2.0
-sphinx!=1.2.0,!=1.3b1,<1.3,>=1.1.2 # BSD
+sphinx!=1.3b1,<1.3,>=1.2.1 # BSD
+os-api-ref>=1.0.0 # Apache-2.0
@@ -25,4 +29,0 @@ WebTest>=2.0 # MIT
-# mox was removed in favor of mock. We should not re-enable this module. See
-# discussion: http://lists.openstack.org/pipermail/openstack-dev/2013-July/012484.html
-#mox>=0.5.3
-
@@ -35 +36 @@ oslosphinx!=3.4.0,>=2.5.0 # Apache-2.0
-reno>=0.1.1 # Apache2
+reno>=1.8.0 # Apache2
@@ -37 +38 @@ reno>=0.1.1 # Apache2
-tempest-lib>=0.14.0 # Apache-2.0
+tempest>=12.1.0 # Apache-2.0
@@ -40 +41 @@ tempest-lib>=0.14.0 # Apache-2.0
-requests!=2.9.0,>=2.8.1 # Apache-2.0
+requests>=2.10.0 # Apache-2.0
More information about the OpenStack-announce
mailing list