[release-announce] keystone 16.0.0 (train)

no-reply at openstack.org no-reply at openstack.org
Wed Oct 16 12:52:18 UTC 2019


We are jazzed to announce the release of:

keystone 16.0.0: OpenStack Identity

This release is part of the train release series.

The source is available from:

    https://opendev.org/openstack/keystone

Download the package from:

    https://tarballs.openstack.org/keystone/

Please report issues through:

    https://bugs.launchpad.net/keystone/+bugs

For more details, please see below.

16.0.0
^^^^^^


Upgrade Notes
*************

* [bug 1806762 (https://bugs.launchpad.net/keystone/+bug/1806762)]
  [bug 1630434 (https://bugs.launchpad.net/keystone/+bug/1630434)] The
  entire "policy.v3cloudsample.json" file has been removed. If you
  were using this policy file to supply overrides in your deployment,
  you should consider using the defaults in code and setting
  "keystone.conf [oslo_policy] enforce_scope=True". The new policy
  defaults are more flexible, they're tested extensively, and they
  solve all the problems the "policy.v3cloudsample.json" file was
  trying to solve.


Bug Fixes
*********

* [bug 1806762 (https://bugs.launchpad.net/keystone/+bug/1806762)]
  [bug 1630434 (https://bugs.launchpad.net/keystone/+bug/1630434)] The
  entire "policy.v3cloudsample.json" file has been removed. If you
  were using this policy file to supply overrides in your deployment,
  you should consider using the defaults in code and setting
  "keystone.conf [oslo_policy] enforce_scope=True". The new policy
  defaults are more flexible, they're tested extensively, and they
  solve all the problems the "policy.v3cloudsample.json" file was
  trying to solve.

Changes in keystone 15.0.0.0rc1..16.0.0
---------------------------------------

dc9e9e32d Add schema placeholders for Train
d9217f07b Remove policy.v3cloudsample.json
5b995cc8f Remove limit policies from policy.v3cloudsample.json
e938c4962 Add tests for project users interacting with limits
f249c9e2b Allow domain users to access the limit API
8457df4f6 Use immutable roles in tests
05d9fa0f2 Add missing ws between words in log messages
05ea390c6 Allow system/domain scope for assignment tree list
0526718fe Make policy deprecation reasons less verbose
013c18d32 Readjust job timeouts
c9148db37 Implement scope type checking for Project Endpoints
b33abb4b0 Federation mapping debug should show direct_maps values
15b416c34 Consolidate policy deprecation warnings
8e67249d5 Add default roles and scope checking to project tags
eaf08941e DRY up credential policies
063a8ac27 Move remaining protection tests
ce34bbb17 Fix test case in policy associations
a4be0cb9e Fix PostgreSQL specifc issue with credentials encoding
12bda9fc3 Fix validation of role assignment subtree list
7fc7ef2a0 Specify keystone is OS user for fernet and credential setup
e224082ec Add remote_id definition in _perform_auth
6bb14c0ff Use correct repo for initial version check
5e35efd55 Split protection unit tests into its own job
6435017c2 Remove system EC2 credentials from policy.v3cloudsample.json
566f8e734 Remove system Domain Config from policy.v3cloudsample.json
131f7ddd4 Update API version for access rules
049d9bcbe Add access rules to token validation
67682dcd0 Expose access rules as its own API
cf22f8004 Remove obsolete grant policies from policy.v3cloudsample.json
d7c424d22 Alphabetize removed policies in tests
4f0c7394e Implement system admin for OAUTH1 consumers
9b694fcd0 Implement system scope for domain role management
8f43b9cab Make system tokens work with domain-specific drivers
d009384c9 Implement scope type checking for EC2 credentials
db5286937 Increase tox job timeouts to 90 minutes
5e06ec816 Add immutable roles status check
afb312529 Remove implied roles policies from v3cloudsample
ee60db6f3 Implement system admin for implied roles
bbd77d0bf Implement domain admin support for grants
f0ef5741c Implement domain reader support for grants
f3e6bba5d Add Project User coverage for domain config API
5cefb91c4 Add Domain User for security compliance domain config API
d278ad38a Implement system admin for domain config API
cc40014ec Implement system reader & member for domain config API
a73e057e2 Fix timeout Zuul changes
ce4d065f2 Generate PDF documentation
a80d83e76 Add --immutable-roles flag to bootstrap command
a38d4a650 Add immutable option for roles and projects
a766085ab Bump timeout for lower-constraints job
b31ff3f99 Implement resource options for roles and projects
7a6c020a5 Implement system reader for OAUTH1 consumers
00c2ecdf3 Implement system reader for implied roles
704cb2590 Remove system policy and its association from policy.v3cloudsample.json
ba0dbdf43 Override tox job timeouts
d02a01541 Fix federation CI
48fad4954 Fix oauthlib update errors
c453bf16b Use raw formatting for mapping_engine help text
296ea0f6d Add tests for project users for policy association
2af630f06 Add tests for domain users for policy association
2d185a5a9 Implement system admin for policy association
b831856af Implement system reader & member for policy association
0e5275389 Add tests for project users interacting with policies
0bb980e9e Add notifications for deleting app creds by user
f45a6f99d Add tests for domain users interacting with policies
1f5620dee Clean up UserGroups target enforcement callback
4ed39d530 Fix relative links
cf572f9e8 Add tests for project users interacting with endpoint_groups
901122017 Add tests for domain users interacting with endpoint_groups
7d223bec9 Implement system_admin for endpoint_groups
e4fb1e1fd Implement system reader and member for endpoint_groups
e989bd063 Add retry for DBDeadlock in credential delete
6abd44500 Fix translated response
9be1caff9 Implement system admin for trusts API
686ec6dda Add tests for domain users for trusts
6aebf179b Add tests for system member for trusts
ea7acd803 Implement system reader role for trusts API
09e699bab Move get_role_for_trust enforcement to policies
b100825a0 Move list_roles_for_trust enforcement to policies
b5617eee4 Move get_trust enforcement to default policies
a09163a32 Move delete_trust enforcement to default policies
0df8d0e2e Move list_trusts enforcement to default policies
5086709ae Add protection tests for trusts API
182aa6079 Update broken link
14d256add Update cli docs
fd15bcd66 Implement system admin for policies
8f68b72e8 Implement system reader and member for policies
5572d0130 Add support for previous TOTP windows
c7fae97d8 Honor group_members_are_ids for user_enabled_emulation
af7800454 Update api-ref for revocation list OS-PKI
f10f95b45 Docs: Make robust with using real links
2df534efc Clean up irrelevant comment
3c665395c Fix list_mappings deprecation warning message
14b25bc5d Allows to use application credentials through group membership
5d4bf308c Fix missing print format and missing ws between words
e8151070c Suppress policy deprecation warnings in unit tests
14c4b177e Add API changes for app cred access rules
ee7315971 Add manager support for app cred access rules
2203e8172 Add user_id, external_id to access rules table
d8f3ba042 Fix websso auth loop
4b747fa08 Deprecate keystone.conf.memcache socket_timeout
fcff2aed6 Fix typo: RBACKEnforcer -> RBACEnforcer
54a5dd8e6 Run 'tempest-ipv6-only' job in gate
73b263de5 Followup for remove signing[config].
66cf87743 Remove broken api-ref link
76f9be778 doc: Fix broken links
03531a569 Fix python3 compatibility on LDAP search DN from id
0bf2d6852 Deprecate identity:revocation_list policy for removal
b836aa221 Remove [signing] config
23b001153 Update api-ref location
52da4d0e1 implement system scope for application credential
a1dc21f3d Fixing dn_to_id function for cases were id is not in the DN
bf67b3c88 Add new attribute to the federation protocol API
6cdb3a837 Allow to filter endpoint groups by name
4fb4d8b8a update documentation for X.509 tokenless auth
d78ac7839 Deprecate [federation] federated_domain_name
10eab4824 Allow JsonBlob to accommodate SQL NULL result sets
8a03cd855 Add exercises for intern applicants
e9ee189b4 Fix keystone document
19cd84b84 nit: remove some useless code
f43954be9 Drop limit columns
ffa0918f5 token: consistently decode binary types
72af26168 Incorrect behavior of validate_password method
fae1323a6 Update test cases for os-pki revoke API
fb4306c35 Blacklist sphinx 2.1.0 (autodoc bug)
6fef498ff Bump openstackdocstheme to 1.20.0
9b0e5c115 Remove redundant parameter passed to assertTrue
956bcd735 Add Python 3 Train unit tests
374f56580 Switch order of precedence for unit test deps
48594edde Don't call .c from select() objects
8817a26ee Update misleading comment about fernet credential encryption
1925aa9c2 Fix E731 flake8
a38dcfe99 [api-ref] Fix nocatalog description for unscoped token
ce614bf00 Drop use opendev.org for tox deps
0a9d7cbec Fix contributor doc of keystone
0f7a1c47c Add link to describe Principle of Least Privilege
dd30a88eb Update the meaning of low-hanging-fruit
092570fc5 Implement system scope and default roles for token API
c49a64dd9 Update unified limit documentation
579cc1985 Add cadf auditing to credentials
192cde56e Remove deprecated admin_endpoint
10b7708ff Revert "Exclude constants from autodoc"
f828bb872 Revert "Ignore boilerplate constants in autodoc"
698c20577 Ignore boilerplate constants in autodoc
485a6b217 Exclude constants from autodoc
c2be944fb Report correct domain in federated user token
231f6ae18 Add flake8 ignore list to fast8 script
2cb0ba53c Add application_credential as a CADF type
21387e0a6 add raw format link to keystone config sample.
6f6f78c21 Update mission statement and vision reflection
81c3202b4 Add note about application credential ownership
7c42f1a7a Revert "Add JSON driver for access rules config"
78d30c933 Revert "Add manager for access rules config"
135a5a03e Revert "Add a permissive mode for access rules config"
25b2f151a Revert "Add manager support for app cred access rules"
d7a2dd48e Revert "Add API for /v3/access_rules_config"
295b07cc7 Don't throw valueerror on bootstrap
be36a939c Remove [token]/ infer_roles
e054b368d Pep8 environment to run on delta code only
bceab5871 Add clarification for context in install guides
479a2a0af Adds caching of credentials
c04d0f5f5 Cap sphinx for py2 to match global requirements
dc3175afb Revert "Blacklist bandit 1.6.0"
5c5d71cce Fix documentation typo
ebac8330d Blacklist bandit 1.6.0
96f35410b Update Python 3 test runtimes for Train
0f2b36b2a [docs] remove deprecated ubuntu package from installation
3d31723b3 Fix for werkzeug > 0.15
5f90447b4 Replace git.openstack.org URLs with opendev.org URLs
4038fa460 OpenDev Migration Patch
df89c7eef Pass kwargs to exception to get better format of error message
9575937e5 Replace support matrix ext with common library
6828a01ea Uncap jsonschema
79f468bad Fix unscoped federated token formatter
de4d72c5f Use openstackdocstheme according to guide
eb79ebdaf Make fetching all foreign keys in a join
a3a66b9b8 Support endpoint updates in bootstrap
82a86a8a8 Add missing ws separator between words
2b9d409f0 Move redelegation fields out of extras
c702aa361 Replace dict.iteritems() with dict.items() in keystone
e6ff5613f Add release note for service token documentation
de07ad37f Fix werkzeug imports for version 0.15.x
4cd99e719 Allow an explicit_domain_id parameter when creating a domain
068e1f51c Update the min version of tox
44c1b3d28 Convert user_id back to string
8d3170580 Add API for /v3/access_rules_config
ada4bc799 Ignore Stein-specific release notes
a4543d0c6 Be more verbose in logging role grant on bootstrap
cbcccb9ec Replace UUID with id_generator for Federated users
bb141b1fb DRY: Remove redundant policies from policy.v3cloudsample.json
9717f0c12 Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD
8877e9f01 Remove redundant policies from v3cloudsample
be452fee8 Add domain scope support for group policies
3b0b39297 Update broken links to dogpile.cache docs
ff5459569 Add keystone's technical vision reflection
60e0f0032 Add release prelude about changing policies
d2cc4c83c Consolidate user protection tests
285ad1370 Replace URL name to the correct one in Keystone Docs
1b16725d0 Delete shadow users when domain is deleted
ef838a3a3 Make system admin policies consistent for grants
64a455ef9 Remove assignment policies from policy.v3cloudsample.json
954b97666 Add role assignment testing for project users
4e523ce42 Replace openstack.org git:// URLs with https://
d1cfa3ab3 Implement system reader functionality for grants
727aea34c Remove external-dev and consolidate to contributor
0dbc8a88e Remove system assignment policies from policy.v3cloudsample.json
6e118bad3 Test domain and project users against group system assignment API
25f86d4e2 Add role assignment test coverage for domain admins
269a2890a Add role assignment test coverage for domain members
425d48ec0 Implement domain reader for role_assignments
f9e07a940 Add explicit testing for project users and the user API
ba09e89ba Update group system grant policies for admins
593e67e6c Update system group assignment policies for reader and member
45c514e90 Fix typo in docs section header
5dd7a769f Update master for stable/stein
fac844c4a Test project users against system assignment API
8450d4a9c Test domain users against system assignment API
8f4e179c6 Update system grant policies for system admin
bb4192e88 Update system grant policies for system member
465a8bb59 Update system grant policies for system reader
32c96feec trivial: correct spelling in test names
546b7f1bb Remove project policies from policy.v3cloudsample.json
09663a01a Implement domain admin functionality for projects
112fa29a7 Only validate tokens once per request
cf1ce4eb3 Implement domain admin functionality for user API
9ca599e50 Implement domain member functionality for user API
bc217b316 Implement domain reader functionality for user API
f471879b8 Add documentation for service tokens
1e0a96849 Added keystone identity provider installation to Devstack plugin
37fc2b912 Add manager support for app cred access rules


Diffstat (except docs and test files)
-------------------------------------

.gitreview                                         |    2 +-
.zuul.yaml                                         |   32 +-
README.rst                                         |    6 +-
api-ref/source/conf.py                             |   32 +-
api-ref/source/v3-ext/ep-filter.inc                |   12 +-
api-ref/source/v3-ext/federation.inc               |   17 +
api-ref/source/v3-ext/federation/auth/auth.inc     |    3 -
api-ref/source/v3-ext/parameters.yaml              |    7 +
api-ref/source/v3-ext/trust.inc                    |    1 -
api-ref/source/v3/application-credentials.inc      |  220 ++
api-ref/source/v3/authenticate-v3.inc              |    8 +-
api-ref/source/v3/index.rst                        |    9 +-
api-ref/source/v3/os-pki.inc                       |   33 +-
api-ref/source/v3/parameters.yaml                  |   74 +-
api-ref/source/v3/project-tags.inc                 |   10 +
.../v3/samples/admin/access-rule-get-response.json |   11 +
.../samples/admin/access-rules-list-response.json  |   18 +
.../application-credential-create-request.json     |    7 +
.../application-credential-create-response.json    |    8 +
.../admin/application-credential-get-response.json |    8 +
.../application-credential-list-response.json      |   10 +
.../v3/samples/admin/get-pki-revoked-response.json |    3 -
api-ref/source/v3/status.yaml                      |    3 +
devstack/files/federation/shib_apache_handler.txt  |   12 +
devstack/files/federation/shibboleth2.xml          |   11 +-
devstack/lib/federation.sh                         |   63 +-
.../admin/{caching-layer.rst => caching-layer.inc} |   10 +-
.../admin/cli-manage-projects-users-and-roles.rst  |  118 +-
...cific-config.rst => domain-specific-config.inc} |    4 +
...dpoint-filtering.rst => endpoint-filtering.inc} |    4 +-
.../{endpoint-policy.rst => endpoint-policy.inc}   |    6 +-
.../admin/federation/configure_federation.rst      |   76 +-
.../admin/federation/{mellon.rst => mellon.inc}    |    8 +-
.../admin/federation/{openidc.rst => openidc.inc}  |   12 +-
.../federation/{shibboleth.rst => shibboleth.inc}  |    8 +-
...grate-with-ldap.rst => integrate-with-ldap.inc} |    4 +
.../{limit-list-size.rst => limit-list-size.inc}   |    2 +
.../admin/{performance.rst => performance.inc}     |    2 +
...rity-compliance.rst => security-compliance.inc} |    8 +-
.../admin/{troubleshoot.rst => troubleshoot.inc}   |    2 +
.../{url-safe-naming.rst => url-safe-naming.inc}   |    2 +
etc/policy.v3cloudsample.json                      |  195 --
keystone/access_rules_config/backends/json.py      |  162 --
keystone/access_rules_config/core.py               |   80 -
keystone/api/auth.py                               |   24 +-
keystone/api/credentials.py                        |    6 +-
keystone/api/discovery.py                          |    4 +-
keystone/api/domains.py                            |   12 +-
keystone/api/groups.py                             |   36 +-
keystone/api/limits.py                             |   65 +-
keystone/api/os_ep_filter.py                       |    9 +-
keystone/api/os_federation.py                      |   60 +-
keystone/api/os_oauth1.py                          |    2 +-
keystone/api/os_simple_cert.py                     |   22 +-
keystone/api/projects.py                           |   35 +-
keystone/api/role_assignments.py                   |   32 +-
keystone/api/trusts.py                             |  222 +-
keystone/api/users.py                              |  142 +-
keystone/application_credential/backends/base.py   |   37 +
keystone/application_credential/backends/sql.py    |   77 +-
keystone/application_credential/core.py            |   59 +-
keystone/application_credential/schema.py          |   25 +-
keystone/assignment/core.py                        |   25 +-
keystone/assignment/role_backends/base.py          |    8 +
.../role_backends/resource_options.py}             |   26 +-
keystone/assignment/role_backends/sql.py           |  113 +-
keystone/assignment/role_backends/sql_model.py     |  114 +
keystone/assignment/schema.py                      |    4 +-
keystone/auth/plugins/oauth1.py                    |    2 +-
keystone/auth/plugins/totp.py                      |   29 +-
keystone/catalog/backends/base.py                  |    2 +-
keystone/catalog/backends/sql.py                   |    5 +-
keystone/catalog/backends/templated.py             |    2 +-
keystone/cmd/bootstrap.py                          |   33 +-
keystone/cmd/cli.py                                |   40 +-
keystone/cmd/status.py                             |   64 +-
keystone/common/authorization.py                   |    8 +-
keystone/common/cache/core.py                      |   19 -
keystone/common/json_home.py                       |    2 +
keystone/common/password_hashing.py                |    6 -
keystone/common/policies/__init__.py               |    4 +-
keystone/common/policies/access_rule.py            |   62 +
keystone/common/policies/application_credential.py |   58 +-
keystone/common/policies/base.py                   |   20 +-
keystone/common/policies/consumer.py               |   61 +-
keystone/common/policies/credential.py             |   26 +-
keystone/common/policies/domain.py                 |   10 +-
keystone/common/policies/domain_config.py          |   69 +-
keystone/common/policies/ec2_credential.py         |   77 +-
keystone/common/policies/endpoint.py               |   10 +-
keystone/common/policies/endpoint_group.py         |  139 +-
keystone/common/policies/grant.py                  |  194 +-
keystone/common/policies/group.py                  |   85 +-
keystone/common/policies/identity_provider.py      |   10 +-
keystone/common/policies/implied_role.py           |   73 +-
keystone/common/policies/limit.py                  |   22 +-
keystone/common/policies/mapping.py                |   12 +-
keystone/common/policies/policy.py                 |   68 +-
keystone/common/policies/policy_association.py     |  137 +-
keystone/common/policies/project.py                |  138 +-
keystone/common/policies/project_endpoint.py       |   70 +-
keystone/common/policies/protocol.py               |   11 +-
keystone/common/policies/region.py                 |    7 +-
keystone/common/policies/role.py                   |   65 +-
keystone/common/policies/role_assignment.py        |   53 +-
keystone/common/policies/service.py                |   10 +-
keystone/common/policies/service_provider.py       |   10 +-
keystone/common/policies/token.py                  |   79 +-
keystone/common/policies/token_revocation.py       |   14 +-
keystone/common/policies/trust.py                  |   96 +-
keystone/common/policies/user.py                   |   66 +-
keystone/common/rbac_enforcer/enforcer.py          |   60 +-
keystone/common/render_token.py                    |    7 +-
keystone/common/resource_options/__init__.py       |   13 +
.../core.py}                                       |    7 +
.../common/resource_options/options/__init__.py    |   31 +
.../common/resource_options/options/immutable.py   |   73 +
keystone/common/sql/contract_repo/README           |    2 +-
...tract_extract_redelegation_data_from_extras.py} |    6 +-
.../versions/063_contract_drop_limit_columns.py    |   23 +
...te_id_attribute_to_federation_protocol_table.py |   15 +
...contract_add_user_external_id_to_access_rule.py |   15 +
.../066_contract_add_resource_options_table.py     |   18 +
.../sql/contract_repo/versions/067_placeholder.py  |   18 +
.../sql/contract_repo/versions/068_placeholder.py  |   18 +
.../sql/contract_repo/versions/069_placeholder.py  |   18 +
.../sql/contract_repo/versions/070_placeholder.py  |   18 +
.../sql/contract_repo/versions/071_placeholder.py  |   18 +
keystone/common/sql/core.py                        |    4 +-
keystone/common/sql/data_migration_repo/README     |    2 +-
...igrate_extract_redelegation_data_from_extras.py |   43 +
.../versions/063_migrate_drop_limit_columns.py     |   15 +
...te_id_attribute_to_federation_protocol_table.py |   15 +
..._migrate_add_user_external_id_to_access_rule.py |   15 +
.../066_migrate_add_resource_options_table.py      |   18 +
.../versions/067_placeholder.py                    |   18 +
.../versions/068_placeholder.py                    |   18 +
.../versions/069_placeholder.py                    |   18 +
.../versions/070_placeholder.py                    |   18 +
.../versions/071_placeholder.py                    |   18 +
keystone/common/sql/expand_repo/README             |    2 +-
...expand_extract_redelegation_data_from_extras.py |   31 +
.../versions/063_expand_drop_limit_columns.py      |   15 +
...te_id_attribute_to_federation_protocol_table.py |   22 +
...5_expand_add_user_external_id_to_access_rule.py |   39 +
...66_expand_add_role_and_project_option_tables.py |   51 +
.../sql/expand_repo/versions/067_placeholder.py    |   18 +
.../sql/expand_repo/versions/068_placeholder.py    |   18 +
.../sql/expand_repo/versions/069_placeholder.py    |   18 +
.../sql/expand_repo/versions/070_placeholder.py    |   18 +
.../sql/expand_repo/versions/071_placeholder.py    |   18 +
keystone/common/sql/migrate_repo/README            |    2 +-
.../097_drop_user_name_domainid_constraint.py      |    2 +-
.../104_drop_user_name_domainid_constraint.py      |    2 +-
keystone/common/sql/upgrades.py                    |   26 +-
keystone/common/utils.py                           |    2 +-
keystone/common/validation/__init__.py             |   11 -
keystone/common/validation/validators.py           |    2 +-
keystone/conf/__init__.py                          |    6 +-
keystone/conf/access_rules_config.py               |   78 -
keystone/conf/credential.py                        |   19 +-
keystone/conf/default.py                           |   20 -
keystone/conf/federation.py                        |   19 +-
keystone/conf/jwt_tokens.py                        |    4 +-
keystone/conf/memcache.py                          |    6 +
keystone/conf/signing.py                           |  135 --
keystone/conf/token.py                             |   18 -
keystone/conf/totp.py                              |   38 +
keystone/credential/backends/sql.py                |   20 +-
keystone/credential/core.py                        |   88 +-
keystone/credential/providers/fernet/core.py       |    8 +-
keystone/exception.py                              |   28 +-
keystone/federation/backends/sql.py                |    5 +-
keystone/federation/schema.py                      |    8 +-
keystone/federation/utils.py                       |   48 +-
keystone/i18n.py                                   |    2 +
keystone/identity/backends/ldap/common.py          |   59 +-
keystone/identity/backends/ldap/core.py            |    7 +-
keystone/identity/backends/sql_model.py            |   10 +-
keystone/identity/core.py                          |   15 +-
keystone/identity/shadow_backends/sql.py           |   24 +-
keystone/limit/backends/sql.py                     |  120 +-
keystone/models/token_model.py                     |   19 +-
keystone/notifications.py                          |    3 +-
keystone/oauth1/core.py                            |    4 +-
keystone/resource/backends/resource_options.py     |   29 +
keystone/resource/backends/sql.py                  |  146 +-
keystone/resource/backends/sql_model.py            |  136 ++
keystone/resource/core.py                          |   53 +-
keystone/resource/schema.py                        |    4 +-
keystone/server/backends.py                        |    4 +-
keystone/server/flask/application.py               |   10 +-
keystone/server/flask/common.py                    |   10 +-
keystone/server/flask/core.py                      |   12 +-
.../server/flask/request_processing/json_body.py   |    2 +-
.../request_processing/middleware/auth_context.py  |   25 +-
.../v3}/__init__.py                                |    0
.../protection/v3/test_application_credential.py   |  665 ++++++
.../{unit => }/protection/v3/test_credentials.py   |   12 +-
.../{unit => }/protection/v3/test_endpoints.py     |    0
.../protection/v3/test_identity_providers.py       |    0
.../{unit => }/protection/v3/test_mappings.py      |    0
.../{unit => }/protection/v3/test_projects.py      |  180 +-
.../{unit => }/protection/v3/test_protocols.py     |    0
.../protection/v3/test_registered_limits.py        |    0
.../protection/v3/test_service_providers.py        |    0
.../{unit => }/protection/v3/test_services.py      |    0
.../unit/access_rules_config/backends/__init__.py  |    0
.../unit/access_rules_config/backends/test_json.py |   84 -
.../unit/access_rules_config/test_backends.py      |   69 -
.../application_credential/backends/test_sql.py    |    2 +
.../unit/application_credential/test_backends.py   |   76 +
.../unit/assignment/role_backends/test_sql.py      |    2 +-
.../test_associate_project_endpoint_extension.py   |   23 +
keystone/token/provider.py                         |   23 +-
keystone/token/token_formatters.py                 |  104 +-
keystone/trust/backends/sql.py                     |    5 +-
keystone/version.py                                |    2 +-
keystone_tempest_plugin/README.rst                 |    2 +-
lower-constraints.txt                              |    6 +-
.../keystone-dsvm-grenade-multinode/run.yaml       |   10 +-
...bootstrap-update-endpoint-7a63a2329822b6e7.yaml |   14 +
...t-extension-for-app-creds-90e5bcd7b2b78b02.yaml |   18 +
.../notes/bug-1641639-b9accc163e61ca15.yaml        |   11 +
.../notes/bug-1705485-7a1ad17b9cc99b9d.yaml        |    2 +-
.../notes/bug-1724645-a94659dfd0f45b9a.yaml        |   16 +
.../notes/bug-1748027-decc2e11154b97cf.yaml        |   39 +
.../notes/bug-1750660-e2a360ddd6790fc4.yaml        |   39 +
.../notes/bug-1750669-dfce859550126f03.yaml        |   52 +
.../notes/bug-1750673-b53f74944d767ae9.yaml        |   30 +
.../notes/bug-1750676-cf70c1a27b2c8de3.yaml        |   35 +
.../notes/bug-1750678-88a38851ca80fc64.yaml        |   36 +
...-correct-federated-domain-47cb889d88d7770a.yaml |    6 +
.../notes/bug-1773967-b59517a09e0e6141.yaml        |    9 +
.../notes/bug-1779889-12eb5edf4cc93a1d.yaml        |    6 +
.../notes/bug-1782922-db822fda486ac773.yaml        |   10 +
.../notes/bug-1794527-866b1caff67977f3.yaml        |   21 +
.../notes/bug-1801873-0eb9a5ec3e801190.yaml        |    6 +
.../notes/bug-1805363-0b85d71917ad09d1.yaml        |   32 +
.../notes/bug-1805366-670867516c6fc4bc.yaml        |   41 +
.../notes/bug-1805368-ea32c2db2ae57225.yaml        |   39 +
.../notes/bug-1805369-ed98d3fcfafb5c43.yaml        |   33 +-
.../notes/bug-1805371-249c8c9b562ab371.yaml        |   33 +
.../notes/bug-1805400-c192be936d277ade.yaml        |   32 +
.../notes/bug-1805406-252b45d443af20b3.yaml        |   19 +-
.../notes/bug-1805409-8bc6cc9f1c5bc672.yaml        |   72 +
.../notes/bug-1805880-0032024ea6b83563.yaml        |   14 +
.../notes/bug-1806762-08ff9eecdc03c554.yaml        |   21 +
.../notes/bug-1806762-09f414995924db23.yaml        |   15 +
.../notes/bug-1806762-0b7356ace200a5d3.yaml        |   13 +
.../notes/bug-1806762-2092fee9f6c87dc3.yaml        |   15 +
.../notes/bug-1806762-c3bfc71cb9bb94f3.yaml        |    8 +
.../notes/bug-1815771-ae0e4118c552f01e.yaml        |    7 +
.../notes/bug-1817313-c11481e6eed29ec2.yaml        |    8 +
.../notes/bug-1818725-96d698e22e648764.yaml        |   41 +
.../notes/bug-1818734-d753bfae60ffd030.yaml        |   57 +
.../notes/bug-1818736-98ea186a074056f4.yaml        |   17 +
.../notes/bug-1818845-05f8c3af5ea9abc7.yaml        |    9 +
.../notes/bug-1818846-d1a8c77d20659ad6.yaml        |   41 +
.../notes/bug-1819036-e2d24655c70d0aad.yaml        |    9 +
.../notes/bug-1823258-9f93dbdc0fa8441d.yaml        |   11 +
.../notes/bug-1831918-c70cf87ef086d871.yaml        |    6 +
.../notes/bug-1832265-cb76ccf505c2d9d1.yaml        |    7 +
.../notes/bug-1833739-f962e8caf3e22068.yaml        |    9 +
.../notes/bug-1836568-66d853a1f22c5530.yaml        |   10 +
.../notes/bug-1839133-24570c9fbacb530d.yaml        |    5 +
.../notes/bug-1839577-1226d86ea0744055.yaml        |    7 +
.../notes/bug-1840291-35af1ac7ba06e166.yaml        |    6 +
.../notes/bug-1841486-425f367925f5e03f.yaml        |    7 +
.../notes/bug-1843609-8498b132222596b7.yaml        |    9 +
.../notes/bug-1844157-7808af9bcea0429d.yaml        |   13 +
.../notes/bug-1844194-48ae60db49f91bd4.yaml        |   43 +
.../notes/bug-1844207-x27a31f3403xfd7y.yaml        |    7 +
.../notes/bug-1844461-08a8bdc5f613b88d.yaml        |   31 +
.../notes/bug-1844664-905cf6cad2e032a7.yaml        |   36 +
.../notes/bug1828565-0790c4c60ba34100.yaml         |    6 +
.../deprecated-as-of-queens-8ad7f826e4f08f57.yaml  |    2 +-
.../deprecated-as-of-train-de3fe41ff2251385.yaml   |    7 +
...ted-socket_timeout-option-d3358b4f2310706c.yaml |   12 +
.../notes/extensions-to-core-a0d270d216d47276.yaml |    4 +-
...ource-options-bug-1807751-acc1e3c689484337.yaml |    9 +
.../removed-as-of-train-92b2942a680eb859.yaml      |   19 +
.../scope-and-default-roles-a733c235731bb558.yaml  |   25 +
releasenotes/source/index.rst                      |    1 +
releasenotes/source/stein.rst                      |    6 +
releasenotes/source/unreleased.rst                 |   25 +-
requirements.txt                                   |    8 +-
setup.cfg                                          |    3 -
tools/fast8.sh                                     |   25 +
tox.ini                                            |   54 +-
405 files changed, 24990 insertions(+), 6965 deletions(-)


Requirements updates
--------------------

diff --git a/requirements.txt b/requirements.txt
index e3de1c6df..36a0cdc68 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -20 +20 @@ python-keystoneclient>=3.8.0 # Apache-2.0
-keystonemiddleware>=5.1.0 # Apache-2.0
+keystonemiddleware>=7.0.0 # Apache-2.0
@@ -30 +30 @@ oslo.i18n>=3.15.3 # Apache-2.0
-oslo.log>=3.38.0 # Apache-2.0
+oslo.log>=3.44.0 # Apache-2.0
@@ -32 +32 @@ oslo.middleware>=3.31.0 # Apache-2.0
-oslo.policy>=1.43.1 # Apache-2.0
+oslo.policy>=2.3.0 # Apache-2.0
@@ -40 +40 @@ dogpile.cache>=0.6.2 # BSD
-jsonschema<3.0.0,>=2.6.0 # MIT
+jsonschema>=2.6.0 # MIT






More information about the Release-announce mailing list