Open Stack

We are glad to announce the release of:

keystone 23.0.0: OpenStack Identity

This release is part of the antelope release series.

The source is available from:

    https://opendev.org/openstack/keystone

Download the package from:

    https://tarballs.openstack.org/keystone/

Please report issues through:

    https://bugs.launchpad.net/keystone/+bugs

For more details, please see below.

Changes in keystone 22.0.0..23.0.0
----------------------------------

f6a0cce44 OAuth 2.0 Mutual-TLS Support
3288af579 Force algo specific maximum length
d293315ee Add oidc federation test setup
420f4ff46 Fix passenv syntax in tox and update python jobs
ff632a81f [PooledLDAPHandler] Ensure result3() invokes message.clean()
6dfde5b48 requirements: Bump linter requirements
8f999d1c1 Limit token expiration to application credential expiration
1ac882165 Update master for stable/zed
eae6adf00 remove unicode prefix from code
4edad6b58 Use TOX_CONSTRAINTS_FILE


Diffstat (except docs and test files)
-------------------------------------

.zuul.yaml                                         |   19 +-
devstack/files/oidc/apache_oidc.conf               |   47 +
devstack/lib/oidc.sh                               |  160 ++
devstack/plugin.sh                                 |   29 +-
devstack/tools/oidc/__init__.py                    |    0
devstack/tools/oidc/docker-compose.yaml            |   33 +
devstack/tools/oidc/setup_keycloak_client.py       |   61 +
keystone/api/os_ep_filter.py                       |    2 +-
keystone/api/os_oauth2.py                          |  292 +++-
keystone/cmd/doctor/database.py                    |    2 +-
keystone/common/password_hashing.py                |   22 +-
keystone/common/render_token.py                    |    4 +
.../versions/27e647c0fad4_initial_version.py       |    2 +-
keystone/common/sql/upgrades.py                    |    4 +-
keystone/common/utils.py                           |   66 +-
keystone/conf/__init__.py                          |    2 +
keystone/conf/identity.py                          |    6 +-
keystone/conf/oauth2.py                            |   52 +
keystone/federation/utils.py                       |    2 +-
keystone/identity/backends/ldap/common.py          |   21 +-
keystone/models/token_model.py                     |    6 +
keystone/revoke/backends/base.py                   |    4 +-
keystone/token/provider.py                         |   25 +-
keystone/token/providers/base.py                   |    1 +
keystone/token/providers/fernet/core.py            |    5 +-
keystone/token/providers/jws/core.py               |   12 +-
keystone/token/token_formatters.py                 |  106 +-
.../bp-support-oauth2-mtls-8552892a8e0c72d2.yaml   |   13 +
...th-truncation-and-warning-bd69090315ec18a7.yaml |    9 +
...ch_application_credential-56d058355a9f240d.yaml |   10 +
releasenotes/source/conf.py                        |   16 +-
releasenotes/source/index.rst                      |    1 +
releasenotes/source/zed.rst                        |    6 +
test-requirements.txt                              |   11 +-
tox.ini                                            |   53 +-
44 files changed, 3060 insertions(+), 211 deletions(-)


Requirements updates
--------------------

diff --git a/test-requirements.txt b/test-requirements.txt
index 0213085b8..1fca35803 100644
--- a/test-requirements.txt
+++ b/test-requirements.txt
@@ -1,8 +1,3 @@
-# The order of packages is significant, because pip processes them in the order
-# of appearance. Changing the order has an impact on the overall integration
-# process, which may cause wedges in the gate later.
-
-hacking>=3.0.1,<3.1.0 # Apache-2.0
-pep257==0.7.0 # MIT License
-flake8-docstrings==0.2.1.post1 # MIT
-bashate>=0.5.1 # Apache-2.0
+hacking~=4.1.0 # Apache-2.0
+flake8-docstrings~=1.6.0 # MIT
+bashate~=2.1.0 # Apache-2.0