Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Cloud:OpenStack:Pike
openstack-keystone-doc
openstack-keystone.changes
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openstack-keystone.changes of Package openstack-keystone-doc
------------------------------------------------------------------- Tue Feb 15 21:55:41 UTC 2022 - Guang Yee <gyee@suse.com> - Add patch (0001-Hide-AccountLocked-exception-from-end-users.patch) to fix the problem where AccountLocked exception discloses sensitive information. bsc#1189390,CVE-2021-38155 ------------------------------------------------------------------- Fri Jun 5 04:48:53 UTC 2020 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev11: * Fix security issues with EC2 credentials ------------------------------------------------------------------- Wed Jun 3 04:49:49 UTC 2020 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev10: * Check timestamp of signed EC2 token request * Ensure OAuth1 authorized roles are respected ------------------------------------------------------------------- Wed May 27 04:56:20 UTC 2020 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev6: * Remove neutron-grenade job ------------------------------------------------------------------- Sat Oct 19 03:54:47 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev5: * Import LDAP job into project ------------------------------------------------------------------- Fri Aug 23 07:49:57 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev4: * Remove experimental openSUSE 42.3 job * Cap bandit ------------------------------------------------------------------- Mon Jun 3 18:47:43 UTC 2019 - Boris Bobrov <bbobrov@suse.com> - 0001-Allow-domain-admin-to-list-projest-assignments.patch * bsc#1118159 * forward-port from SOC 7 ------------------------------------------------------------------- Tue May 14 06:37:09 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.4.dev2: * Blacklist bandit 1.6.0 * OpenDev Migration Patch 12.0.3 ------------------------------------------------------------------- Tue Apr 16 02:52:07 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.3.dev4: * Delete shadow users when domain is deleted ------------------------------------------------------------------- Wed Apr 10 03:09:22 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.3.dev2: * Replace openstack.org git:// URLs with https:// ------------------------------------------------------------------- Mon Mar 25 20:48:59 UTC 2019 - Dirk Mueller <dmueller@suse.com> - create proper tmpdir for locking ------------------------------------------------------------------- Wed Mar 13 04:03:15 UTC 2019 - cloud-devel@suse.de - Update to version keystone-12.0.3.dev1: * Remove publish-loci post job 12.0.2 ------------------------------------------------------------------- Sat Oct 20 01:52:31 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.2.dev4: * Mapped Groups don't exist breaks WebSSO ------------------------------------------------------------------- Fri Oct 5 06:17:40 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.2.dev2: * LDAP attribute names non-case-sensitive ------------------------------------------------------------------- Tue Sep 11 06:53:23 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.2.dev1: * import zuul job settings from project-config 12.0.1 ------------------------------------------------------------------- Fri Jul 27 07:00:46 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev19: * Reduce duplication in federated auth APIs (bsc#1102151, CVE-2018-14432) ------------------------------------------------------------------- Sat Apr 21 03:58:36 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev18: * Fix json schema nullable to add None to ENUM ------------------------------------------------------------------- Thu Feb 22 15:31:40 UTC 2018 - tbechtold@suse.com - Install sso_callback_template.html into /usr/share/keystone ------------------------------------------------------------------- Wed Feb 21 03:32:02 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev17: * Remove deprecation of domain\_config\_upload ------------------------------------------------------------------- Thu Feb 15 04:53:08 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev16: * Expose a get\_enforcer method for oslo.policy scripts * Add New in Pike note to using db\_sync check * Update the release name in install tutorial * Remove admin\_token\_auth steps from install guide ------------------------------------------------------------------- Tue Feb 13 04:39:27 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev8: * Delete SQL users before deleting domain ------------------------------------------------------------------- Wed Jan 24 10:47:11 UTC 2018 - dmueller@suse.com - make user directory not world readable ------------------------------------------------------------------- Sun Jan 14 04:51:09 UTC 2018 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev7: * Create doc/requirements.txt ------------------------------------------------------------------- Fri Nov 17 04:53:45 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev6: * Filter users/groups in ldap with whitespaces ------------------------------------------------------------------- Wed Nov 1 05:39:30 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev5: * Handle ldap size limit exeeded exception ------------------------------------------------------------------- Thu Oct 12 03:58:59 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.1.dev4: * Copy specific distro pages for install guide 12.0.0 ------------------------------------------------------------------- Wed Sep 6 12:55:04 UTC 2017 - comurphy@suse.com - Remove deprecated cert_subject option and signing preconfig * The signing keypair is only required for PKI token format and can be recreated if desired for an HTTPS deployment. ------------------------------------------------------------------- Mon Aug 28 05:36:35 UTC 2017 - tbechtold@suse.com - switch to stable/pike tarball ------------------------------------------------------------------- Fri Aug 25 09:32:08 UTC 2017 - tbechtold@suse.com - Cleanup Requires ------------------------------------------------------------------- Thu Aug 24 13:57:49 UTC 2017 - tbechtold@suse.com - Remove python-mox from BuildRequires ------------------------------------------------------------------- Thu Aug 24 03:17:12 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev24: * Ignore release notes for pike and master ------------------------------------------------------------------- Wed Aug 23 14:24:59 UTC 2017 - tbechtold@suse.com - Cleanup Requires and BuildRequires ------------------------------------------------------------------- Wed Aug 23 04:55:01 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev23: * Revert "Fix wrong links" * Remove missing release note from previous revert * Include a link in release note for bug 1698900 ------------------------------------------------------------------- Thu Aug 17 03:15:04 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev18: * Remove duplicate roles from federated auth * Add the step to create a domain * Add int storage of datetime for password created/expires * Resource backend is SQL only now ------------------------------------------------------------------- Wed Aug 16 03:13:24 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev10: * Remove deprecation of domain\_config\_upload ------------------------------------------------------------------- Tue Aug 15 03:11:33 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev8: * Fix wrong links * Imported Translations from Zanata ------------------------------------------------------------------- Sat Aug 12 03:13:13 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0rc2.dev5: * Update reno for stable/pike 12.0.0.0rc1 * Update docs: fernet is the default provider * Updated URLs in docs * Fix typo in index documentation ------------------------------------------------------------------- Fri Aug 11 03:17:33 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev65: * Unset project ids for all identity backends * Add description for relationship links in api-ref * Cache list projects and domains for user * Remove unused hints from assignment APIs * Make an error state message more explicit * Fill in content in CLI Documentation * Except forbidden when clearing default project IDs * Update URL in README.rst * Document required \`type\` mapping attribute * Consolidate certificate docs to admin-guide ------------------------------------------------------------------- Tue Aug 8 03:33:13 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev46: * Imported Translations from Zanata * Fix man page builds * Fill in content in User Documentation * Clarify SELinux note in LDAP documentation * Move credential encryption docs to admin-guide * Removed unnecessary setUp() calls from unit tests * Move url safe naming docs to admin guide ------------------------------------------------------------------- Sat Aug 5 03:31:16 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev32: * Remove duplicate sample files * Remove policy for self-service password changes * Add role\_domain\_id\_request\_body in parameters ------------------------------------------------------------------- Fri Aug 4 08:28:46 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev27: * use the show-policy directive to show policy settings * Add missing comma to json sample * Make federation documentation consistent ------------------------------------------------------------------- Thu Aug 3 03:32:56 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev24: * Consolidate LDAP documentation into admin-guide * Imported Translations from Zanata * Add cli/ directory for documentation * Add user/ directory for documentation * Add contributor/ directory for docs * Filter users and groups in ldap * Handle auto-generated domains when creating IdPs * Clarify documentation on whitelists and blacklists * Remove duplicate configuration sections ------------------------------------------------------------------- Wed Aug 2 03:33:18 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev8: * Fix ec2tokens validation in v2 after regression in metadata\_ref removal * Fix the documentation sample for OS-EP-FILTER ------------------------------------------------------------------- Tue Aug 1 03:28:38 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev4: * Add the step to install apache2 libapache2-mod-wsgi * A simple fix about explicit unscoped string ------------------------------------------------------------------- Mon Jul 31 03:29:10 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b4.dev1: * Updated from global requirements 12.0.0.0b3 ------------------------------------------------------------------- Thu Jul 27 03:31:02 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev162: * In the devstack plugin, restart keystone after modifying conf * Move performance documentation to admin-guide * Added new subsections to developer docs * Make the devstack plugin more configurable for federation ------------------------------------------------------------------- Wed Jul 26 03:31:34 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev154: * Move auth plugin development doc to contrib guide ------------------------------------------------------------------- Tue Jul 25 03:31:16 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev152: * Fix wording of configuration help text * Added index.rst in each sub-directory * Optional request parameters should be not required * Add a hacking rule for string interpolation at logging * Enable sphinx todo extension ------------------------------------------------------------------- Mon Jul 24 03:30:24 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev142: * Move development environment setup to contributor docs * remove default rule ------------------------------------------------------------------- Sat Jul 22 03:30:16 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev138: * fix assert\_admin ------------------------------------------------------------------- Thu Jul 20 03:31:15 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev136: * Updated from global requirements ------------------------------------------------------------------- Wed Jul 19 03:30:56 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev135: * Reorganised developer documentation * Expanded the best practices subsection in devdocs * Reorganised api-ref index page * Merged the caching subsections in admin docs ------------------------------------------------------------------- Tue Jul 18 03:26:59 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev127: * Added new docs to admin section * Update info about logging in admin guide ------------------------------------------------------------------- Mon Jul 17 03:29:21 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev123: * Move bootstrapping documentation to admin-guide ------------------------------------------------------------------- Sun Jul 16 03:31:38 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev121: * Updated from global requirements * [install] Clarify the paths of the rc files ------------------------------------------------------------------- Sat Jul 15 03:29:31 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev118: * Add a release note for bug 1687593 * Stop using deprecated 'message' attribute in Exception ------------------------------------------------------------------- Fri Jul 14 03:31:39 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev115: * Move trust to DocumentedRuleDefault * Replaced policy.json with policy.yaml * Move import down to correct group ------------------------------------------------------------------- Thu Jul 13 03:30:35 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev109: * Improved the keystone federation image * fix identity:get\_identity\_providers typo * Validate rolling upgrade is run in order ------------------------------------------------------------------- Wed Jul 12 03:18:08 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev104: * Fixing flushing tokens workflow * Added configuration options using oslo.config * Added configuration references to documentation * Move upgrade documentation to admin-guide * Move caching docs into admin-guide ------------------------------------------------------------------- Sat Jul 8 03:19:28 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev94: * Add history behind why keystone has two ports * Gear documentation towards a wider audience * Update security compliance documentation * Switch from oslosphinx to openstackdocstheme ------------------------------------------------------------------- Fri Jul 7 03:19:43 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev87: * Removed apache-httpd guide from docs * Added a note for API curl examples * Migrated docs from devdocs to user docs ------------------------------------------------------------------- Thu Jul 6 03:20:11 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev82: * Remove duplicate token docs ------------------------------------------------------------------- Tue Jul 4 03:21:40 UTC 2017 - cloud-devel@suse.de - Update to version keystone-12.0.0.0b3.dev80: * Clarify LDAP invalid credentials exception * Ensure there isn't duplication in federated auth ------------------------------------------------------------------- Mon Jul 3 09:08:16 UTC 2017 - tbechtold@suse.com - Update to version keystone-12.0.0.0b3.dev76: * Remove keystone\_tempest\_plugin from setup.cfg * Move implied role policies to DocumentedRuleDefault * Remove duplicated list conversion * Remove duplicated hacking rule * Document and add release note for HEAD APIs * Remove duplicate logging documentation * Updated from global requirements * Remove note about kvs from admin-guide * Move token flush documentation to admin-guide * Remove the revocation api config section * Rename Developer docs to Contributor docs * Removed unnecessary line breaks from install-guides * Added keystone installation guides * Implement HEAD for assignment API * Added keystone admin guides to documentation * Add annotation about token authenticate * Split test\_get\_head\_catalog\_no\_token * Move related project information into main doc * Move ec2 credential policies to DocumentedRuleDefault * Return 400 when trying to create trust with ambiguous role name * Reorganised keystone documentation structure * Updated the keystone docs to follow the docs theme * Fix PCI DSS docs on change\_password\_after\_first\_use * Add HEAD API to auth * Add HEAD APIs to federated API * Ensure the trust API supports HEAD requests * Ensure oauth API supports HEAD * Ensure the endpoint policy API supports HEAD * Improve handling of database migration checks * Updated from global requirements * Check log output rather than emitting in tests * Ensure HEAD is supported with simple cert * Ensure the ec2 API supports HEAD * Ensure the endpoint filter API supports HEAD * Move domain config to DocumentedRuleDefault * Add HEAD API to domain config * Updated from global requirements * Move grant policies to DocumentedRuleDefault * Move role policies to DocumentedRuleDefault 12.0.0.0b2 * Use DocumentedRuleDefault for token operations * Remove the local tempest plugin * Add response example in authenticate-v3.inc * Addition of "type" optional attribute to list credentials * Remove keystone.conf if not used * Updated from global requirements * Remove assertRaisesRegexp testing function * Update DirectMappingError in keystone.exception * Remove dependency requires if not used * Add role test to test\_consume\_trust\_once in test\_v3\_auth.py * Writing API & Scenario Tests docs * Handle group NotFound in effective assignment list * Updated from global requirements * Update doctor warning about caching * Basic overview of tempest and devstack plugins * Updated from global requirements * Updated from global requirements * Don't need to contruct data if not need persistence * Fix response body of getting role inference rule * Quotation marks should be included in http url using curl * Updated from global requirements * Replace test.attr with decorators.attr * Update test case for federation * Support new hashing algorithms for securely storing password hashes * Remove loading drivers outside of their expected namespaces * Change LDAPServerConnectionError * Error api about grant collections in policy\_mapping.rst * Updated from global requirements * Handle NotFound when listing role assignments for deleted users * Update sample configuration file for Pike * Change url scheme passed to oauth signature verifier * Updated from global requirements * Role name is unique within the owning domain * Remove LDAP delete logic and associated tests * Revert change 438035 is\_admin\_project default * Trivial fix typo in doc * Fix misnamed variable in config * Change url passed to oauth signature verifier to request url * Expose a bug in domain creation from idps * Role name is unique within the owning domain * Refactor is\_admin * Update fail message to test\_database\_conflicts * Fix keystone.tests.unit.test\_v3\_oauth1.MaliciousOAuth1Tests * Test config option 'user\_enabled\_default' with string type value * Stop using oslotest.mockpatch * Remove X-Auth-Token from response parameters * Fix test\_minimum\_password\_age\_and\_password\_expires\_days\_deactivated * Refactor Authorization: * Cleanup policy generation * Fix test keystone.tests.unit.test\_token\_bind.BindTest * Fix keystone.tests.unit.test\_backend\_ldap.LDAPIdentity * Remove test\_metadata\_invalid\_contact\_type * Update dead API spec links * override config option notification\_opt\_out with list * Add filter explain in api ref about parents\_as\_list and subtree\_as\_list * use '&' instead of '?' to connect parameters in url * Remove usage of enforce\_type * Revise doc about python 3.4 * Update Devstack plugin for uwsgi and mod\_proxy\_uwsgi * Add notes in inherit.inc * Do not fetch group assignments without groups (bsc#1032856, CVE-2017-2673) * Readability enhancements to architecture doc * Add response examples to OS-OAUTH1 api documentation * Correct oauth create\_request\_token documentation * Remove unused CONF * Remove unused LOG * Move policy generator config to config-generator/ * Include sample policy file in documentation * Trivial Fix: fix typo in test comments * Move user policies to DocumentedRuleDefault * Explicitly set 'builders' option * Make flushing tokens more robust * Minor corrections in OS-OAUTH1 api documentation * Fix-test-of-assertValidRole * Small refactoring in tests development docs * Move endpoint group to DocumentedRuleDefault * Fix doc generation for python 3 12.0.0.0b1 * Updated from global requirements * Imported Translations from Zanata * Updated scope parameter description in v3 API-ref * Add Apache License Content in index.rst * Address comments from Policy in Code 5 * Remove unused revocation check in revoke\_models * Updated from global requirements * Remove unused code in test\_revoke * Move group policies to DocumentedRuleDefault * Move consumer to DocumentedRuleDefault * Move access token to DocumentedRuleDefault * Move mapping to DocumentedRuleDefault * Move role assignment to DocumentedRuleDefault * Move region policies to DocumentedRuleDefault * Move project endpoint to DocumentedRuleDefault * Remove unnecessary processing when deleting grant * Add sem-ver flag so pbr generates correct version * Move protocol to DocumentedRuleDefault * Move credential policies to DocumentedRuleDefault * Move policy association to DocumentedRuleDefault * Move and refactor test\_revoke\_by\_audit\_chain\_id * Move policy policies to DocumentedRuleDefault * Move and refactor project\_and\_user\_and\_role * Updated from global requirements * Move and refactor test\_by\_domain\_domain * Move and refactor test\_by\_domain\_project * Move and refactor test\_by\_domain\_user * Remove unused method \_sample\_data in test\_revoke * Refactor test\_revoke to call check\_token directly * Differentiate between dpkg and rpm for libssl-dev * Move auth to DocumentedRuleDefault * Move service policies to DocumentedRuleDefault * Remove unnecessary setUp function in testcase * Remove policy file from source and refactor tests * Remove revocation API dependency from identity API * Remove revocation API dependency from resource API * Move project policies to DocumentedRuleDefault * Replace wip with skip * Removed domain conflict guard in load\_fixtures * Updated from global requirements * Remove create\_container\_group from tests * Move identity provider to DocumentedRuleDefault * Move endpoint policies to DocumentedRuleDefault * Move domain policies to DocumentedRuleDefault * Move service provider to DocumentedRuleDefault * Add policy sample generation * Removed the deprecated pki\_setup command * Reduce fixture setup in test\_backend\_ldap * Consolidate and cleanup test\_backend\_ldap setup * Remove conflict guards in load\_fixtures * Remove orphaned \_create\_context test helper * Remove orphaned AuthTestMixin from test\_v3 * Move revoke events to DocumentedRuleDefault * Doc db\_sync --expand incurring downtime in upgrades to Newton * Fix some reST field lists in docstrings * Add a note to db\_sync configuration section * Remove unused revoke\_by\_domain\_role\_assignment * Remove unused revoke\_by\_project\_role\_assignment * Speed up check\_user\_in\_group for LDAP users * Add group\_members\_are\_ids to whitelisted options * Change is\_admin\_project to False by default * Remove password\_expires\_ignore\_user\_ids * Exclusively use restore\_padding method in unpacking fernet tokens * Address db\_sync check against new install * Add --check to keystone-manage db\_sync command * Use ostestr instead of the custom pretty\_tox.sh * Add unit test for db\_sync run out of order * Make use of Dict-base including extras explicit * Update endpoint api for optional region\_id * No need to enable infer\_roles setting * Create user option \`ignore\_lockout\_failure\_attempts\` * Deprecate [security\_compliance]\password\_expires\_ignore\_user\_ids * Add domain\_id to the user table * Do not call \`to\_dict\` outside of a session context * Fixed unraised exception in \_disallow\_write for LDAP * Add queries for federated attributes in list\_users ------------------------------------------------------------------- Mon Apr 10 06:45:24 UTC 2017 - comurphy@suse.com - Stop copying policy.json, it was removed ------------------------------------------------------------------- Thu Mar 30 03:17:26 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev176: * Add charset to webob.Response * Reduce fixture setup in test_backend_ldap * Consolidate and cleanup test_backend_ldap setup * Remove conflict guards in load_fixtures * Remove orphaned _create_context test helper * Remove decorator for asserting validation errors * Remove unnecessary revocation events revoke grant * Remove unnecessary revocation events * Remove unnecessary revocation events ------------------------------------------------------------------- Wed Mar 29 03:25:21 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev159: * Remove orphaned AuthTestMixin from test_v3 * Move release note from /keystone/releasenotes to /releasenotes * Add a note to db_sync configuration section ------------------------------------------------------------------- Tue Mar 28 05:54:10 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev154: * Remove log translations in keystone ------------------------------------------------------------------- Sat Mar 25 16:49:17 UTC 2017 - tbechtold@suse.com - Update to version keystone-11.0.1.dev152: * Small fixes for WebOb 1.7 compatibiltity * Error messages are not translating with locale * Policy in code (part 5) * Policy in code (part 4) * Set the correct in-code policy for ec2 operations * Don't persist revocation events when deleting a role * Policy in code (part 3) * Policy in code (part 2) * Policy in code * Speed up check_user_in_group for LDAP users * Don't persist rev event when deleting access token * Include the requested URL in authentication errors * Use HostAddressOpt for opts that accept IP and hostnames * Remove x-subject-token in api-ref for v3/auth/catalog * Fix keystone.o.o URL ------------------------------------------------------------------- Wed Mar 22 03:20:29 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev125: * Remove extra duplicate 'be' in description * Fix description for 204 response ------------------------------------------------------------------- Thu Mar 16 03:23:45 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev122: * Add reno conventions to developer documentation * Updated from global requirements ------------------------------------------------------------------- Tue Mar 14 03:24:08 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev118: * Updated from global requirements ------------------------------------------------------------------- Sat Mar 11 03:27:03 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev117: * Remove keystone.common.ldap ------------------------------------------------------------------- Fri Mar 10 03:26:42 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev116: * Fix the typo * Add in-code comment to clarify pattern in tests * Test for fernet rotation recovery after disk full * API-ref return code fix * Updated from global requirements * Imported Translations from Zanata * Fix api-ref building with sphinx 1.5 * Change is_admin_project to False by default * Remove pbr warnerrors in favor of sphinx check * Move driver loading inside of dict * Remove unused variable * Revise conf param in releasenotes * Modify examples to use v3 URLs * Fix the s3tokens endpoint ------------------------------------------------------------------- Mon Mar 6 03:22:20 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev88: * Minor cleanup from patch 429047 * Remove password_expires_ignore_user_ids * Typos in the LoadAuthPlugins note ------------------------------------------------------------------- Sat Mar 4 03:28:19 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev82: * Fix duplicate handling for user-specified IDs * Give a prospective removal date for all v2 APIs * Stop reading local config dirs for domain-specific file config driver ------------------------------------------------------------------- Fri Mar 3 12:48:24 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev76: * Removing group role assignments results in overly broad revocation events * Add instruction to restart apache * Exchange cURL examples for openstackclient * Remove x-subject-token in api-ref for v3/auth/{projects,domains} * Remove EndpointFilterCatalog * Fix some typo in releasenotes ------------------------------------------------------------------- Wed Mar 1 03:24:35 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev64: * Ensure migration file names are unique to avoid caching errors ------------------------------------------------------------------- Tue Feb 28 03:23:40 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev62: * Updated from global requirements * Exclusively use restore_padding method in unpacking fernet tokens * Correct and enhance OpenId Connect docs * Correct and enhance Mellon federation docs * Include 'token' in the method list for federated scoped tokens ------------------------------------------------------------------- Mon Feb 27 03:24:21 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev53: * Imported Translations from Zanata ------------------------------------------------------------------- Sun Feb 26 03:21:43 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev52: * Fix v2 role create schema validation ------------------------------------------------------------------- Sat Feb 25 03:27:23 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev50: * Clear the project ID from user information * Fix MFA rule checks for LDAP auth * Address db_sync check against new install * Deprecate (and slate for removal) UUID tokens ------------------------------------------------------------------- Fri Feb 24 03:44:35 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.1.dev43: * Update reno for stable/ocata 11.0.0 ------------------------------------------------------------------- Tue Feb 21 04:19:40 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev42: * Fix typo in config doc * Updated from global requirements * Rename protocol cascade delete migration file ------------------------------------------------------------------- Sat Feb 18 04:17:19 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev37: * Fix example response formatting * Remove logging import unused * Fix multiple uuid warnings with pycadf ------------------------------------------------------------------- Thu Feb 16 12:54:44 UTC 2017 - tbechtold@suse.com - Update to version keystone-11.0.0.0rc2.dev31: * Remove the file encoding which is unnecessary ------------------------------------------------------------------- Sat Feb 11 05:24:06 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev29: * Correct some typo errors * Federated mapping doc improvements * Deprecate (and emit message) AdminTokenAuthMiddleware * Use ostestr instead of the custom pretty_tox.sh ------------------------------------------------------------------- Fri Feb 10 05:07:45 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev21: * Add --check to keystone-manage db_sync command * Add unit test for db_sync run out of order * use the correct bp link for shadow-mapping rel note ------------------------------------------------------------------- Thu Feb 9 05:18:21 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev16: * Fixed warning when building keystone docs * Readability/Typo Fixes in Release Notes * Remove unused api parameters ------------------------------------------------------------------- Tue Feb 7 05:14:24 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev11: * Remove KVS code ------------------------------------------------------------------- Mon Feb 6 05:07:14 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev9: * Use httplib constants for http status codes ------------------------------------------------------------------- Sun Feb 5 05:22:49 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev7: * Add placeholder migrations for Ocata * Update hacking version ------------------------------------------------------------------- Sat Feb 4 05:33:40 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev3: * Renaming of api parameters * Update endpoint api for optional region_id ------------------------------------------------------------------- Fri Feb 3 05:25:16 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0rc2.dev1: 11.0.0.0rc1 * Modify the spelling mistakes * Stop reading local config dirs for domain-specific SQL config driver * Prepare for using standard python tests ------------------------------------------------------------------- Thu Feb 2 02:15:10 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b4.dev58: * update keystone.conf.sample for ocata-rc * Add MFA Rules Release Note * Remove de-dupe for MFA Rule parsing * Add comment to clarify resource-options jsonschema * Cleanup TODO, AuthContext and AuthInfo to auth.core * Cleanup TODO about auth.controller code moved to core * Add validation that token method isn't needed in MFARules * Add validation for mfa rule validator (storage) * Process and validate auth methods against MFA rules * No need to enable infer_roles setting * Fix bad error message from FernetUtils * Use https for docs.openstack.org references * Update PCI documenation ------------------------------------------------------------------- Wed Feb 1 02:16:07 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b4.dev32: * Auth Plugins pass data back via AuthHandlerResponse * Auth Method Handlers now return a response object always * Add MFA Rules and Enabled User options * cleanup release notes from PCI options * Create user option `ignore_lockout_failure_attempts` * Implement better validation for resource options * Test cross domain authentication via implied roles ------------------------------------------------------------------- Sun Jan 29 02:14:45 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b4.dev20: * Deprecate [security_compliance]\password_expires_ignore_user_ids * Fixes deprecations caused by latest oslo.context * PCI-DSS Force users to change password upon first use * Reuse already existing groups from upstream tempest config * add additional deprecation warnings for KVS options ------------------------------------------------------------------- Sat Jan 28 02:15:31 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b4.dev10: * clean up release notes for ocata * Address follow-up comments from previous patchset * Cleanup for resource-specific options * Adds tests showing how mapping locals are handled 11.0.0.0b3 * Add 'options' as an explicit user schema validation * Code-Defined Resource-specific Options ------------------------------------------------------------------- Fri Jan 27 02:14:31 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev167: * Set the domain for federated users * Refactor shadow users tests * Add domain_id to the user table * Do not call `to_dict` outside of a session context * Change unit test class to a less generic name * Verbose breakup of method into seperate methods * update entry points related to paste middleware * Add warning about using `external` with federation * Catch potential SyntaxError in federation mapping * Add DB operations tracing ------------------------------------------------------------------- Wed Jan 25 02:53:52 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev147: * Remove code supporting moving resources between domains * Remove dogpile.core dependencies * Fixed unraised exception in _disallow_write for LDAP * Add password expiration queries for PCI-DSS * Add missing parentheses * Add queries for federated attributes in list_users * Remove LDAP write support * Remove releated role_tree_dn test * Allow user to change own expired password * Fix warnings generated by os-api-ref 1.2.0 * Improvements to external auth documentation page * Updates to project mapping documentation ------------------------------------------------------------------- Fri Jan 20 02:31:04 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev126: * Add documentation for auto-provisioning * Implement federated auto-provisioning * Fix typo in main docs page * switch @hybrid_property to @property ------------------------------------------------------------------- Thu Jan 19 02:35:13 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev118: * Fix typo in shibboleth federation docs ------------------------------------------------------------------- Wed Jan 18 02:37:36 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev117: * Handling of 'region' parameter as None * Exclude 'keystone_tempest_plugin' in doc build * Drop type in filters ------------------------------------------------------------------- Sun Jan 15 02:34:51 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev111: * Corrected punctuation on multiple exceptions * Force use of AuthContext object in .authentcate() ------------------------------------------------------------------- Sat Jan 14 02:37:56 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev108: * Cascade delete federated_user fk * update sample config for ocata release * fix broken links * Changed 'Driver' reference to 'TokenDriverBase' * Adds projects mapping to the mapping engine ------------------------------------------------------------------- Fri Jan 13 02:37:27 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev99: * Fix keystone-manage mapping_engine tester * Add anonymous bind to get_connection method * Set connection timeout for LDAP configuration ------------------------------------------------------------------- Thu Jan 12 02:39:51 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev95: * Invalid parameter name on interface * Bump API version and date * listing revoke events should be admin only * [api-ref] Clean up OS-EP-FILTER association docs ------------------------------------------------------------------- Tue Jan 10 04:06:43 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev87: * Updated docstring for test_sql_upgrade.py * Use public interfaces of pep8 for hacking * Remove comment from previous migration ------------------------------------------------------------------- Mon Jan 9 04:30:38 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev82: * [api-ref] Clean up OS-EP-FILTER documentation * Fixed not in toctree warnings when building docs ------------------------------------------------------------------- Sat Jan 7 04:32:12 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev78: * Remove stevedore warning when building docs * Update docs to require domain_id when registering Identity Providers * Retry on deadlock Transactions in backend * Fix region_id responses and requests to be consistent * Remove endpoint_id parameter from EP-FILTER docs * [api] fix ep filter example * Require domain_id when registering Identity Providers * Fix minor typo * Remove references to Python 3.4 * Improve assertion in test * Fixed 7 tests running twice in v3 identity * Wrap invalidation region to context-local cache ------------------------------------------------------------------- Fri Jan 6 04:28:48 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev56: * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y) * Correct invalid rst in api docs * Fix issues with keystone-dsvm-py35-functional-v3-only on py35 * Fix the usage of tempest.client.Manager class * Correct timestamp format in token responses * Remove unused exceptions from CADF notifications * Minor improvement in test_user_id_persistence ------------------------------------------------------------------- Wed Jan 4 03:26:00 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev44: * Remove CONF.domain_id_immutable * Fix test function name with two underscores to have only one ------------------------------------------------------------------- Tue Jan 3 03:27:21 UTC 2017 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev41: * Updated from global requirements * Fix import ordering in tempest plugins * Federated authentication via ECP functional tests * Fix cloud_admin rule and ensure only project tokens can be cloud admin ------------------------------------------------------------------- Sat Dec 31 03:24:01 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev34: * [api] Inconsistency between v3 API and keystone token timestamps ------------------------------------------------------------------- Fri Dec 30 03:30:37 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev32: * Handle disk write failure when doing Fernet key rotation ------------------------------------------------------------------- Thu Dec 29 03:23:12 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev30: * Removes unnecessary utf-8 encoding ------------------------------------------------------------------- Mon Dec 26 03:24:00 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev29: * Remove unused variables from unit test method ------------------------------------------------------------------- Sat Dec 24 03:21:53 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev27: * Updated from global requirements * Remove duplicate role assignment in federated setup * Remove unused variables from federation tests ------------------------------------------------------------------- Fri Dec 23 03:13:54 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev22: * move common sql test helpers to base class ------------------------------------------------------------------- Thu Dec 22 03:29:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev20: * Add reason to CADF notifications in docs * [doc] point release note docs to project team guide * [api] set `is_admin_project` on tokens for admin project * Add reason to notifications for PCI-DSS ------------------------------------------------------------------- Wed Dec 21 07:44:41 UTC 2016 - tbechtold@suse.com - Create /etc/keystone/credential-keys ------------------------------------------------------------------- Wed Dec 21 03:23:38 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev13: * Settings for test cases * Invalidate token cache after token delete ------------------------------------------------------------------- Tue Dec 20 03:22:13 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev11: * Fix typo in doc * fix one typo ------------------------------------------------------------------- Sun Dec 18 03:19:31 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev8: * Updated from global requirements ------------------------------------------------------------------- Sat Dec 17 03:22:09 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b3.dev7: * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y) * replace assertTrue with assertIs 11.0.0.0b2 * Replace logging with oslo_log * Make user to nonlocal_user a 1:1 relationship ------------------------------------------------------------------- Fri Dec 16 07:37:33 UTC 2016 - tbechtold@suse.com - Update to version keystone-11.0.0.0b2.dev167: * expose v3policy failure with is_admin_token * Add doctor checks for ldap symptoms ------------------------------------------------------------------- Fri Dec 16 03:14:01 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev163: * Implement password requirements API * Fix a typo in comment * Add unit tests for doctor token_fernet symptoms * Remove impossible case from _option_dict method * Make _option_dict() a method for domain_config_api * Add unit tests for doctor tokens symptoms * Add checks for doctor credential symptoms ------------------------------------------------------------------- Thu Dec 15 06:33:40 UTC 2016 - tbechtold@suse.com - Fix tmpfile creation - Document new configuration handling - Cleanup ------------------------------------------------------------------- Thu Dec 15 03:17:27 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev150: * Add id to conflict error if caused by duplicate id * Refactors _get_names_from_role_assignments * Add doctor tests on security_compliance and rename ------------------------------------------------------------------- Wed Dec 14 03:22:55 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev144: * Do not manually remove /etc/shibboleth folder * API Documentation for user password expires * Revert "API Documentation for user password expires" ------------------------------------------------------------------- Tue Dec 13 03:23:56 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev139: * Move V2TokenDataHelper to the v2.0 controller * Remove exception from v2 validation path ------------------------------------------------------------------- Mon Dec 12 03:20:46 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev135: * API Documentation for user password expires * Clean up keystone doc landing page ------------------------------------------------------------------- Sat Dec 10 03:18:46 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev132: * Fix typo in api-ref doc * Make bootstrap idempotent when it needs to be ------------------------------------------------------------------- Fri Dec 9 11:52:58 UTC 2016 - tbechtold@suse.com - package conf.d dir ------------------------------------------------------------------- Fri Dec 9 04:38:56 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev129: * Add unit tests for doctor's database symptoms * Print name with duplicate error on user creation * Expose idempotency issue with bootstrap * Print domain name in mapping_populate error message * Correct missspellings of secret * Trivial indentation corrections in mappings doc * Add doctor check for debug mode enabled * Fixed multiple warnings in tox -edocs * Get assignments with names honors inheritance flag * Add test to expose bug 1625230 * Revert "Rename doctor symptom in security_compliance" * Include mapped in the default auth methods * Upload service provider metadata to testshib ------------------------------------------------------------------- Thu Dec 8 02:04:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev104: * Updated from global requirements * Domain included for role in list_role_assignment * Corrects sample-data incorrect credential call ------------------------------------------------------------------- Wed Dec 7 02:07:05 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev99: * api-ref update for roles assignments with names * Rename doctor symptom in security_compliance * Correct minor issues in test schema * Add unit tests for doctor federation file * Remove CONF.os_inherit.enabled ------------------------------------------------------------------- Sun Dec 4 02:02:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev90: * Add unit tests for doctor's caching symptoms ------------------------------------------------------------------- Sat Dec 3 02:00:14 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev88: * Updated from global requirements * Updated from global requirements * More info in schema validation error * Minor fix in role_assignments api-ref * Validate token issue input ------------------------------------------------------------------- Thu Dec 1 02:04:18 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev80: * Removes unused exceptions * Removes unused method from assignment core ------------------------------------------------------------------- Wed Nov 30 02:05:27 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev76: * Removes unused default_assignment_driver method * Removed unused EXTENSION_TO_ADD test declarations * Use sha512.hash() instead of .encrypt() * Don't invalidate all user tokens of roleless group * Updated from global requirements * SAML federation docs refer to old WSGIScriptAlias * cache_on_issue default to true ------------------------------------------------------------------- Tue Nov 29 02:02:43 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev63: * Make try/except work for passlib 1.6 and 1.7 * Document token header in federation auth response * Refactor Keystone admin-tokens and admin-users v2 * ignore deprecation warning for .encrypt() * Send the identity.deleted.role_assignment after the deletion * Allow fetching an expired token * Remove unused statements in matches ------------------------------------------------------------------- Mon Nov 28 02:06:04 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev50: * Remove eventlet-related call to sleep ------------------------------------------------------------------- Sun Nov 27 02:03:21 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev48: * Show team and repo badges on README ------------------------------------------------------------------- Sat Nov 26 02:04:53 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev46: * Add a comment about not using assertTrue ------------------------------------------------------------------- Thu Nov 24 02:05:07 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev45: * clean up developer docs * Improvements in error messages * Remove trailing "d" from -days param of OpenSSL command * Swap the notification formats in the docs * Normalizes use of ForbiddenAction in trusts * Enable CADF notification format by default * Fix doc example * Remove extension and auth_token middleware docs * Move docs from key_terms to architecture * move content from configuringservices to configuration * Update configuration.rst documentation * Verbose 401/403 debug responses * Fix the misspelling in `keystone/tests/unit/test_cli.py` * refactor notification test to work with either format * Clarify the v2.0 validation path * Remove metadata from token provider * Lockout ignore user list * Add developer docs for keystone-manage doctor * [api] add changelog from 3.0 -> 3.7 * Devstack plugin to federate with testshib.org * Remove format_token method * Remove issue_v3_token in favor of issue_token * Remove issue_v2_token * refactor the token controller * Use issue_v3_token instead of issue_v2_token ------------------------------------------------------------------- Fri Nov 18 02:04:51 UTC 2016 - cloud-devel@suse.de - Update to version keystone-11.0.0.0b2.dev4: * Remove entry_points to non-existent drivers 11.0.0.0b1 ------------------------------------------------------------------- Thu Nov 17 02:06:30 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev299: * Fix typo in doc * remove release note about LDAP write removal * Change "Change User Password" request example ------------------------------------------------------------------- Wed Nov 16 01:51:27 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev293: * Fixes remaining nits in endpoint_policy tests * Remove reference to future removal of saml * Limits config fixture usage to where it's needed ------------------------------------------------------------------- Tue Nov 15 02:06:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev289: * Updated from global requirements * Replace tenant with project for keystone catalog * Deprecate `endpoint_filter.sql` backend ------------------------------------------------------------------- Sat Nov 12 02:04:37 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev284: * Updates to the architecture doc ------------------------------------------------------------------- Fri Nov 11 02:04:30 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev283: * Request cache should not update context * Create unit tests for endpoint policy drivers ------------------------------------------------------------------- Thu Nov 10 02:06:29 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev280: * Support nested groups in Active Directory * Add healthcheck middleware to pipelines * Change cfg.set_defaults into cors.set_defaults * Updated from global requirements * Updated from global requirements * Switch fernet to be the default token provider * Doctor ldap check fix for config files * Document OS-SIMPLE-CERT Routes * [api-ref] Fix couple of issues on OS-INHERIT API * Using assertIsNone(...) instead of assertIs(None, ...) ------------------------------------------------------------------- Wed Nov 9 02:03:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev262: * Doc warning for keystone db migration ------------------------------------------------------------------- Tue Nov 8 02:02:08 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev260: * Wording error in upgrading documentation ------------------------------------------------------------------- Mon Nov 7 02:02:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev259: * Updated from global requirements ------------------------------------------------------------------- Sat Nov 5 02:03:02 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev258: * fix credentials backend tests ------------------------------------------------------------------- Fri Nov 4 02:05:11 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev257: * Allow running expand & migrate at the same time * Add test cases for passing "None" as a hint ------------------------------------------------------------------- Thu Nov 3 02:03:53 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev253: * Fix test_revoke to run all tests after pki removal * Updated from global requirements ------------------------------------------------------------------- Wed Nov 2 02:02:33 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev250: * Remove support for PKI and PKIz tokens * Doc the difference between memcache and cache * Additional logging when authenticating * Document v2 Revoked Token Route * Fix broken links in the docs * Add bindep environment to tox * log.error use _ of i18n * Adds warning when no domain configs were uploaded * Add release note for fernet tokens ------------------------------------------------------------------- Tue Nov 1 02:14:22 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev232: * Add api-ref /auth/tokens/OS-PKI/revoked (v3) * Add structure for Devstack plugin * Pass a request to controllers instead of a context * Create default role as a part of bootstrap * Updated from global requirements * Don't deprecate the LDAP property which is still needed * Clarifying on the remove of `build_auth_context` middleware * Doctor check for LDAP domain specific configs * Faster id mapping lookup ------------------------------------------------------------------- Fri Oct 28 01:12:25 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev218: * Updated from global requirements ------------------------------------------------------------------- Tue Oct 25 01:56:27 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev217: * Updated from global requirements ------------------------------------------------------------------- Sat Oct 22 01:58:52 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev216: * Updated from global requirements * Validate mapping exists when creating/updating a protocol ------------------------------------------------------------------- Fri Oct 21 02:01:20 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev213: * Remove new_id() in test_revoke ------------------------------------------------------------------- Thu Oct 20 02:03:40 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev212: * Tweak api-ref doc for v3 roles * Tweak api-ref doc for v3 roles status codes * Reorder APIs in api-ref for v3 groups * Follow-on of memcache token persistence removal ------------------------------------------------------------------- Wed Oct 19 04:34:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev207: * [api-ref] Remove the duplicated sample * changed domain id to name in JSON request * Remove backend dependencies from token provider * Tweak api-ref for v3 groups status codes ------------------------------------------------------------------- Tue Oct 18 04:33:23 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev200: * More configuration doc edits * Updated from global requirements * Code cleanup * Drop MANIFEST.in - it's not needed by pbr * Optimize remove unused variable * Enable release notes translation * Fix a docstring typo in test_v3_resource.py ------------------------------------------------------------------- Sun Oct 16 04:39:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev187: * Imported Translations from Zanata * Update, correct, and enhance federation docs * Remove unused arg(project and initiator) ------------------------------------------------------------------- Sat Oct 15 04:31:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev181: * Invalidate trust when the related project is deleted * Ignore unknown arguments to fetch_token * Return password_expires_at during auth * Move the token abstract base class out of core * Add is_admin_project to policy dict * Fix a typo in token_formatters.py * Invalidate trust when the trustor or trustee is deleted ------------------------------------------------------------------- Fri Oct 14 04:39:35 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev167: * Improve check_token validation performance * Add revocation event indexes * Add docs for PCI-DSS * [api] add a note about project name restrictions * One validate method to rule them all.. ------------------------------------------------------------------- Thu Oct 13 04:32:03 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev157: * Updated from global requirements * Simplify the KeystoneToken model * Remove validate_v2_token() method * [api] remove `user_id` and `project_id` from policy * Remove the decorator where it's not applied * Use validate_v3_token instead of validate_token * Ensure all v2.0 tokens are validated the same way * Make sure all v3 tokens are validated the same way * Updating the document regarding LDAP options ------------------------------------------------------------------- Tue Oct 11 04:31:08 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev142: * Remove those redundant variable declaration * [doc] Correct mapping JSON example * Remove no use variable (domain_id) ------------------------------------------------------------------- Mon Oct 10 04:35:03 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev136: * Remove redundant variable declaration ------------------------------------------------------------------- Sun Oct 9 04:35:10 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev135: * Pass initiator to Manager as a kwarg ------------------------------------------------------------------- Sat Oct 8 04:51:58 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev133: * remove deprecated `[endpoint_policy] enable` option * create release notes for removed functionality * Remove driver version specifiers from tests * Remove driver version from identity backend test names * Remove driver version from docs * remove legacy driver tox target * Move audit initiator creation to request * Don't validate token expiry in the persistence backend * Remove the check for admin token in build_auth_context middleware * remove deprecated items from contrib * Undeprecate options used for signing * remove keystone/service.py ------------------------------------------------------------------- Fri Oct 7 04:57:05 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev109: * Updated from global requirements * Default the assignment backend to SQL * Default the resource backend to SQL * Remove password history validation from admin password resets * Fix formatting strings in LOG.warning ------------------------------------------------------------------- Thu Oct 6 04:56:22 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev100: * re-add valid comment about None domain ID * Make returning is_domain conditional * Add tests for validating expired tokens * Remove stable driver interfaces ------------------------------------------------------------------- Wed Oct 5 04:47:42 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev93: * Fix a typo in _init_.py ------------------------------------------------------------------- Tue Oct 4 02:52:51 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev92: * Remove the unused sdx doc files * Update man page for Ocata release version and date ------------------------------------------------------------------- Sat Oct 1 02:31:57 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev88: * Updated from global requirements * Updated from global requirements * Remove the no use arg (auth=None) ------------------------------------------------------------------- Fri Sep 30 09:19:09 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev84: * Fix typo in docstring * Updated from global requirements * Add Apache 2.0 license to source file * Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml * Validate password history for self-service password changes * Make test_v3_auth exercise the whole API ------------------------------------------------------------------- Wed Sep 28 23:37:01 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev74: * Reorder APIs in api-ref doc for v3 users * Updated from global requirements ------------------------------------------------------------------- Tue Sep 27 23:36:57 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev71: * Updated from global requirements * Remove unused path in the v2 token controller * Remove useless method override ------------------------------------------------------------------- Tue Sep 27 00:24:45 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev66: * Using assertIsNone() instead of assertIs(None) * Remove default=None when set value in config * Add domain check in domain-specific role implication ------------------------------------------------------------------- Sat Sep 24 23:49:32 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev60: * Fix the belongsTo query parameter * Fix 'API Specification for Endpoint Filtering' broken link ------------------------------------------------------------------- Fri Sep 23 23:50:18 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev57: * Override credential key repository for null key tests ------------------------------------------------------------------- Fri Sep 23 22:50:15 UTC 2016 - dmueller@suse.com - fix tmpfiles dir config ------------------------------------------------------------------- Thu Sep 22 23:50:17 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev56: * remove memcache token persistence backends * remove saml2 auth plugin * remove httpd/keystone.py * remove cache backends * Revert "Allow compatibility with keystonemiddleware 4.0.0" * Tweak status code in api-ref doc for v3 users ------------------------------------------------------------------- Wed Sep 21 23:50:21 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev44: * Consolidate the common code into one method * Handle the exception from creating request token properly * Fix formatting strings in LOG.debug * Handle the exception from creating access token properly * Updated from global requirements * Give domain admin rights to domain specific implied roles ------------------------------------------------------------------- Tue Sep 20 23:49:50 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev32: * Fix prameters names in Keystone API v2-ext * Refactor Keystone admin-tenant API v2 * Refactor Keystone admin-endpoint API * Fix for unindent warning in doc build * add placeholder migrations for newton * Remove default=None for config options * Ensure the sqla-migrate scripts cache is cleared * Move test_sql_upgrade.MigrationRepository into keystone.common * Rename sql.migration_helpers to sql.upgrades * Update reno for stable/newton * Refactor find_migrate_repo(): require caller to specify repo * Fixes password created_at errors due to the server_default * Adds tests for verify_length_and_trunc_password() ------------------------------------------------------------------- Thu Sep 15 23:49:38 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0rc2.dev9: * Move the responsibility for stdout to the CLI module * Use a read-only DB session to retrieve schema version * Move rolling upgrade repo names into constants 10.0.0.0rc1 * Removal of imports within functions * Trivial fixes in the ldap common functions * Test that rolling upgrade repos are in lockstep * Tweak api-ref doc for services/endpoints * EndpointPolicy driver doesn't inherit interface * Use URIOpt for endpoint URL options ------------------------------------------------------------------- Wed Sep 14 23:49:56 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev85: * Add unit tests for isotime() * Remove unused _convert_to_integers() method * Remove unused read_cached_file method from utils * Allow compatibility with keystonemiddleware 4.0.0 * Fix links on configure_federation documentation * Add edge case tests for disabling a trustee * Remove unused method from keystone.common.utils * Consistently round down timestamps ------------------------------------------------------------------- Tue Sep 13 23:49:45 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev71: * Fix prameters name and response codes in Keystone API v2 ------------------------------------------------------------------- Mon Sep 12 23:50:00 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev69: * Use issued_at in fernet token provider * Use ConfigParser instead of SafeConfigParser * Remove the APIs from doc that is not supported yet * TrivialFix: Merge imports in code * Fix the nit on how to deploy keystone with `mod_proxy_uwsgi` * Tweak api-ref doc for projects * Fix order of arguments in assertIs ------------------------------------------------------------------- Sat Sep 10 23:49:57 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev56: * Remove the dead link in schema migration doc ------------------------------------------------------------------- Fri Sep 9 23:48:57 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev55: * Updated from global requirements * Use freezegun for change password tests ------------------------------------------------------------------- Thu Sep 8 23:48:36 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev52: * New notes on advanced upgrade/fallback for cluster * standardize release note page ordering * [api-ref] Correct response code status * Replace six iteration methods with standard ones * Fixes a nit in a comment * Updates configuration doc with latest changes * Update sample keystone.conf for Newton * Project domain must match role domain for assignment * Add docs for the null key * Log warning if null key is used for encryption * Introduce null key for credential encryption ------------------------------------------------------------------- Thu Sep 8 14:09:07 UTC 2016 - tbechtold@suse.com - Remove openstack-keystone init script. Upstream requires to run keystone under a webserver (apache/ngninx) so the init script is no longer needed. ------------------------------------------------------------------- Wed Sep 7 23:49:10 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev30: * More nit doc fixes * Keep the order of passwords in tests * [api-ref] Stop supporting os-api-ref 1.0.0 * Fix up some doc nits * [api-ref] Correcting parameter's type * Correct link type * Emit log message for fernet tokens only * Set default value for [saml]/idp_contact_surname ------------------------------------------------------------------- Tue Sep 6 23:52:08 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev15: * Only cache callables in the base manager ------------------------------------------------------------------- Mon Sep 5 23:48:46 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev13: * Fix problems in service api doc * Raise NotImplementedError instead of NotImplemented * Add the deprecated_since to deprecated options * Add doctor checks for credential fernet keys * Block global roles implying domain specific roles ------------------------------------------------------------------- Fri Sep 2 23:48:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b4.dev4: * Few new commands missing from docs * Implement encryption of credentials at rest * Typo: key_manger_factory to key_mangler_factory 10.0.0.0b3 ------------------------------------------------------------------- Fri Sep 2 03:59:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev466: * Fixes spelling mistakes * Fixes migration where password created_at is nullable * Correct typo in mapping_populate command's help * Relax the requirement for mappings to result in group memberships * Document credential encryption * Update sample uwsgi config for lazy-apps * Add documentation on how to set a user's tenant * Pre-cache new tokens * Config logABug feature for Keystone api-ref * Fix nits in db migration dev docs * Disallow new migrations in the legacy migration repository * Updated from global requirements * Update developer docs for new rolling upgrade repos * Add man page info for credential setup command * Remove unnecessary try/except from token provider * Fixes small grammar mistake in docstring * Add a feature support matrix for identity sources * Fix wrong response codes in 'groups' APIs * Make token_id a required parameter in v3_to_v2_token * Distributed cache namespace to invalidate regions * Fix formatting strings when using multiple variables * Add credential setup command * Add Response Example for 'Create credential' API * Add Response Example for 'Passwd auth with unscoped authorization' * Remove mapping schema from the doc * Impose a min and a max on time values in CONF.token * Adds password regular expression checks to doctor * Let upgrade tests control all 4 repositories at once * Adds check that minimum password age is less than password expires days * Modify sql banned operations for each of the new repos * api-ref: Splitting status lines in API v3-ext * api-ref: Splitting status lines in API v3 * [api] add relationship links to v3-ext ------------------------------------------------------------------- Mon Aug 29 03:37:19 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev403: * Repair link in Keystone documentation ------------------------------------------------------------------- Sat Aug 27 03:40:32 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev401: * Fix some typos in comments * Cleaning imports in code * Updated from global requirements * TrivialFix: Remove logging import unused * Remove unused global variable from unit tests ------------------------------------------------------------------- Mon Aug 26 17:10:05 UTC 2016 - aplanas@suse.com - Revert generate PID file for systemd (bsc#991985) ------------------------------------------------------------------- Fri Aug 26 03:41:34 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev391: * Removes old, unused code * Reduce log level of Fernet key count message * Updated from global requirements * Use egg form of osprofiler in paste pipeline * [api-ref]: Outdated link reference * Support new osprofiler API ------------------------------------------------------------------- Thu Aug 25 06:22:48 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev380: * Remove mox from test-requirements * TrivialFix: Remove logging import unused * Remove unnecessary __init__ * Add mapping_populate command * Doc fix: "keystone-manage upgrade" is not a thing ------------------------------------------------------------------- Thu Aug 25 03:54:09 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev370: * Doc fix: license rendered in published doc * Fix credential update to ec2 type * Add key repository uniqueness check to doctor * Update `href` for keystone extensions * Get ready for os-api-ref sphinx theme change ------------------------------------------------------------------- Mon Aug 24 15:10:05 UTC 2016 - aplanas@suse.com - Generate PID file for systemd (bsc#991985) ------------------------------------------------------------------- Wed Aug 24 03:48:16 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev360: * Shadowing a nonlocal_user incorrectly creates a local_user ------------------------------------------------------------------- Tue Aug 23 03:51:53 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev358: * Updated from global requirements * Add entrypoint for mapped auth method * Create unit tests for the policy drivers ------------------------------------------------------------------- Mon Aug 22 07:05:09 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev353: * Add create and update methods to credential Manager ------------------------------------------------------------------- Mon Aug 22 03:45:50 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev351: * Fix the wrong URI for the OAuth1 extension in api-ref * Add rolling upgrade documentation * Create a fernet credential provider ------------------------------------------------------------------- Sun Aug 21 06:53:25 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev345: * Make KeyRepository shareable * Add conf to support credential encryption ------------------------------------------------------------------- Sat Aug 20 03:47:51 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev341: * Add expand, data migration and contract logic to keystone-manage * Replace the content type with correct one ------------------------------------------------------------------- Fri Aug 19 03:51:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev337: * Password expires ignore user list * Removes use of freezegun in test_auth tests * Removes a redundant test from FernetAuthWithTrust * Tidy up for late-breaking review comments on keystone-manage * PCI-DSS Minimum password age requirements * api-ref: Document domain specific roles * Make all token provider behave the same with trusts * Add dummy domain_id column to cached role * Removes duplicate ldap test setup * Extracted common ldap setup and use in the filter tests ------------------------------------------------------------------- Thu Aug 18 03:50:10 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev319: * api-ref: Fix parameters attributes ------------------------------------------------------------------- Wed Aug 17 03:45:26 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev318: * Revert "Add debug logging to revocation event checking" * Add credential encryption exception * Pass key_repository and max_active_keys to FernetUtils * Make a FernetUtils class * Add support for rolling upgrades to keystone-manage * api-ref: Document implied roles API * Trust controller refactoring ------------------------------------------------------------------- Tue Aug 16 03:47:25 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev305: * Move fernet utils into keystone/common/ * api-ref: Correcting V3 OS-INHERIT APIs * Constraints are ready to be used for tox.ini * Skip middleware request processing for admin token * Remove the redundant verification in OAuth1 authorization ------------------------------------------------------------------- Sun Aug 14 03:48:49 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev295: * Fix typo in the file ------------------------------------------------------------------- Sat Aug 13 04:20:50 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev294: * Add debug logging to revocation event checking * Detail Federation Service Provider APIs in api-ref * Detail Fed Projects and Domains APIs in api-ref * add a header for the federation APIs * Detail Federation Mapping APIs in api-ref docs * Detail Federation Auth APIs in api-ref docs * Detail Federation Assertion APIs in api-ref docs * Move other-requirements.txt to bindep.txt * Detail IdP APIs in api-ref docs * api-ref: Add default domain config documentation * Updated from global requirements * [api] add relationship links to v3 * api-ref: Renaming parameters of V3-ext APIs * Add basic upgrade documentation ------------------------------------------------------------------- Fri Aug 12 03:56:43 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev267: * Refactor revoke matcher * Document get auth/catalog,projects,domains * api-ref: Correcting V3 Credentials APIs * api-ref: Correcting V3 Policies APIs * api-ref: Correcting V3 Authentication APIs * api-ref: Correcting V3 Domain config APIs * Use international logging message * Updates Development Environment Docs ------------------------------------------------------------------- Thu Aug 11 03:59:28 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev252: * api-ref: Add query options to GET /projects API documentation * Updated from global requirements * api-ref: Add missing parameter tables to tenant * api-ref: Correcting V3 Endpoints APIs * api-ref: Correcting V3 Services APIs * api-ref: Add "nocatalog" option to GET /v3/auth/tokens * Fix warning when running tox -e api-ref ------------------------------------------------------------------- Wed Aug 10 03:45:10 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev239: * remove test utilities related to adding extensions * PCI-DSS Password expires validation ------------------------------------------------------------------- Tue Aug 9 03:56:31 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev235: * Document query option (is_domain) for projects * Update etc/keystone.conf.sample * Make hash_algorithms order deterministic * Report v2.0 as deprecated in version discovery * Update the api-ref to mark the v2 API as deprecated * Add schema validation to create user v2 * Fix the spelling of a test name * Remove mention of db_sync per backend * Use more specific asserts in tests * Updated from global requirements * Add debug logging for RevokeEvent deserialize problem * Clean up the introductory text in the docs * Retry revocation on MySQL deadlock * Add schema validation to update user v2 * PCI-DSS Lockout requirements * Improve domain configuration API docs * Move Assertion API to its own file * Bump API version number and date * Move Federation Auth API to its own file * Move List Projects and Domains API to its own file * Move Service Provider API to its own file * Move Mapping API to its own file * Use %()d for integer substitution * Don't include openstack/common in flake8 exclude list * Added postgresql libs to developer docs * Add schema validation to create service in v2 * refactor idp to its own file * PCI-DSS Password history requirements * Remove configuration references to eventlet * Adds a custom deepcopy handler * Add token feature support matrix to documentation * Test number of queries on list_users * Adds test for SecurityError's translation behavior * Fix python{3,}-all-dev depends in deb based * Use URIOpt instead of StrOpt for SAML config ------------------------------------------------------------------- Tue Aug 2 03:45:11 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev172: * Add schema validation to v2 update tenant * Updated from global requirements * Move Identity Provider API to its own file * Allow attributes other than `enabled` in schema * Remove the extensions repos * Document the domain config API as stable * No need the redundant validation in manager level * Add the missing testcases for `name` and `enabled` * TOTP auth not functional in python3 * Invalid tls_req_cert constant as default * Allow V2TestCase to be tested against fernet and uuid * Make AuthWithTrust testable against uuid and fernet * Add schema for enabling a user ------------------------------------------------------------------- Fri Jul 29 04:07:28 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev149: * Add schema validation to v2 create tenant ------------------------------------------------------------------- Wed Jul 27 03:39:57 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev147: * Use quotes consistently in token controller * Add performance tuning documentation * Improve os-federation docs * Fix v2-ext API enabled documentation * Make it so federated tokens are validated on v2.0 * Use freezegun in AssignmentInheritanceTestCase * Only run KvsTokenCacheInvalidation against uuid * Use freezegun in OSRevokeTests * refactor: make TestFetchRevocationList test uuid * refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz * refactor: make TestAuthKerberos test pki/pkiz/uuid * Add schema validation to create role * Replace OpenStack LLC with OpenStack Foundation * refactor: inherit AuthWithRemoteUser for other providers * Run AuthWithToken against all token providers * Don't run TokenCacheInvalidation with Fernet * Refactor TestAuthExternalDomain to not inherit tests * Use freezegun to increment clock in test_v3_assignment * Added cache for id mapping manager ------------------------------------------------------------------- Sun Jul 24 03:36:09 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev110: * PCI-DSS Password strength requirements ------------------------------------------------------------------- Sat Jul 23 03:46:02 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev109: * PCI-DSS Adds password_expires_at to API docs * Migrate OS-FEDERATION from specs repo ------------------------------------------------------------------- Fri Jul 22 08:32:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev105: * Fix up the api-ref request/response parameters for projects * `password` is not required for updating a user * Clarify V2 API for enabling or disabling user * Removed duplicate parameter in v2-admin api-ref * Fix the errors in params in api-ref for V3 region * Fix the errors in params in api-ref for V3 user * Updated from global requirements * Add Python 3.5 classifier * Handle Py35 fix of ast.node.col_offset bug * deprecate a few more LDAP config options * Clean up api-ref for domains * keystone-manage doctor * v2 api: add APIs for setting a user's password * Update os-inherit API reference * Updated from global requirements * Run AuthTokenTests against fernet and uuid * Use freezegun to increment the clock in test_v3_filters * Prevent error when duplicate mapping is created * Fix the wrong check condition * Clean up the api-ref for groups * Updated from global requirements * Improve introdcution to api-ref projects * Update Identity endpoint in v2 samples * Fix the username value in federated tokens * Use constraints for coverage job * Pass request to v2 token authenticate * Remove get_user_id in trust controller * Cleanup trusts controller ------------------------------------------------------------------- Sun Jul 17 03:51:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev54: * v2 api: remove APIs for global roles * v2 api: group and order the v2-ext APIs * v2 api: remove duplicated delete user API * v2 api: add missing /roles in role CRUD APIs * v2 api: list user roles is defined twice * v2 api: add OS-KSADM to service API routes * v2 api: add tenant APIs * v2 api: delete user is defined twice * v2 api: change update user * v2 api: correct user list * Fix up numerous errors in params in api-ref for roles * Fix up the api-ref for role query paramaters ------------------------------------------------------------------- Sat Jul 16 03:44:52 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev32: * Improve readability of the api-ref roles section * clean up OAUTH API * Add relationship links to OAUTH APIs * Remove `name` property from `endpoint` create/update API * Add v2.0 /endpoints/ api-ref * Update identity endpoint in v3 and v3-ext samples * Remove unused context from AuthInfo * add OS-OAUTH1/authorize/{request_token_id} API * re-order the oauth APIs * Copy the preamble / summary of OAuth1 from the specs repo * Remove get_trust_id_for_request function ------------------------------------------------------------------- Fri Jul 15 03:37:24 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b3.dev15: * Correct normal response codes for v2.0 extensions * Improve user experience involving token flush * Add "v2 overview" docs to APIs * Move OS-INHERIT api-ref from extensions to core * Correct normal response codes in trust documentation * Add OS-EP-FILTER to api-ref 10.0.0.0b2 * Variables in URL path should be required * Pass request to normalize_domain_id * Remove a validate_token_bind call * Trivial spacing and comma corrections * Add OS-KSCRUD api-ref * Disable warnerrors in setup.cfg temporarily * Add is_domain to project example responses * Add is_domain to scope token response examples * Improve keystone.conf [security_compliance] documentation * Improve keystone.conf [signing] documentation * Correct normal response codes in OS-INHERIT docs * Correct normal status codes for v2.0 admin docs * Improve keystone.conf [shadow_users] documentation * Correct normal response codes for region docs * Correct normal response codes for auth docs * Correct normal response codes for credential docs * Correct normal response codes for project docs * Correct normal response codes for policy docs * Correct normal response codes for v2.0 versions doc * Correct normal response codes in v2.0 versions doc * Correct normal response codes in v2.0 tenant docs * Correct normal response codes for role docs * Correct normal response codes in service catalog doc * Correct normal response codes in v2.0 admin user docs * Improve keystone.conf [token] documentation * Correct normal response codes in endpoint policy docs * Improve keystone.conf [tokenless_auth] documentation * Clean up token binding validation code * Improve keystone.conf [saml] documentation * Handle more auth information via context * Require auth_context middleware in the pipeline ------------------------------------------------------------------- Thu Jul 14 17:36:47 CEST 2016 - jsuchome@suse.com - Add systemd service macros (bnc#986415) systemd v228 has a separate generator for generating the service files from the init scripts, and daemon-reload is needed during package installation ------------------------------------------------------------------- Thu Jul 14 03:40:34 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev354: * Correct normal response codes in v2.0 token docs * Correct normal response codes in oauth docs * Validate SAML keyfile & certfile options * Complete OS-TRUST API documentation * Fixes response codes in endpoint policy api-ref * List 20X status codes as Normal in domain docs * Improve the API documentation for groups * Create APIs for OS-REVOKE * Reorder request params in endpoint policy api-ref * Adds missing parameter to endpoint policy api-ref * Adds missing docs to endpoint policy api-ref * Reorders API calls to match precedence rules * Improve keystone.conf [role] documentation * Improve keystone.conf [resource] documentation * Move logic for catalog driver differences to manager ------------------------------------------------------------------- Wed Jul 13 02:26:15 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev324: * Updated from global requirements * Use request object in policy enforcement * PCI-DSS Disable inactive users requirements ------------------------------------------------------------------- Tue Jul 12 02:25:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev319: * Improve keystone.conf [trust] documentation * Improve keystone.conf [ldap] documentation * Improve keystone.conf [os_inherit] documentation * Improve keystone.conf [revoke] documentation * Use the context's is_admin property * Add the oslo_context to the environment and request ------------------------------------------------------------------- Mon Jul 11 02:25:01 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev307: * Minor docstring cleanup for domain_id mapping * Remove unnecessary stable attribute value for status ------------------------------------------------------------------- Sun Jul 10 02:23:55 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev304: * Updated from global requirements * Mark the domain config via API as stable * Remove validated decorator * Move request validation inline * Invalidate token cache on domain disablement * Isolate token caching into its own region * Doc update on enabled external auth and federation * keystone recommend deprecated memcache backend * Increase test coverage for token APIs * Fix fernet token validate for disabled domains/trusts * Move the trust abstract base class out of core * Move the credential abstract base class out of core ------------------------------------------------------------------- Sat Jul 9 02:24:15 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev280: * Use http_client constants instead of hardcoding * Ensure status code is always passed as int * Doc update for moving abstract base classes out of core * Fix _populate_token_dates method signature * Move the auth plugins abstract base class out of core * Expose bug with Fernet tokens and trusts * Remove last parts of query_string from context * Refactor: [ldap] suffix should not be an instance attribute ------------------------------------------------------------------- Fri Jul 8 02:13:15 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev264: * Remove get_auth_context * Correct reraising of exception * Pass request to build_driver_hints ------------------------------------------------------------------- Thu Jul 7 12:43:14 UTC 2016 - cloud-devel@suse.de - Update to version keystone-10.0.0.0b2.dev259: * Remove headers from context * Use request.environ through auth and federation * Remove accept_header from context * Fixed a Typo * Docs: Fix the query params in role_assignments example * [doc/api]Remove space within word * Remove unused LOG * Make assert_admin work with a request * Add missing preamble for v3 and v3-ext * move OAUTH1 API to extensions * generate separate index files for each api-ref * Migrate identity /v2-admin docs from api-ref repo * Use request instead of context in v2 auth * Handle catalog backends that don't support all functions * Refactoring: remove the duplicate method * Return `revoked_at` for list revoke events * Use skip_test_overrides everywhere we feature skip * Improve keystone.conf [fernet_tokens] documentation * Improve keystone.conf [catalog] documentation * Grammar fix: will -> can * Fixes hacking's handling of log hints * Improve keystone.conf [paste_deploy] documentation * Improve keystone.conf [kvs] documentation * Improve keystone.conf [identity] documentation * Improve keystone.conf [endpoint_filter] documentation * Improve keystone.conf [oauth1] documentation * Verify domain_id when get_domain is being called * Updated from global requirements * Include doc directory in pep8 checks * Do not register options on import * Improve keystone.conf [policy] documentation * Improve keystone.conf [memcache] documentation * Use min to avoid checking < 1 max fernet keys * Improve keystone.conf [identity_mapping] documentation * Improve keystone.conf [federation] documentation * Updated tests that claimed to be blocked by bugs * Use skip_test_overrides in test_backend_ldap * Adds a skip method to identify useless skips * Update the nosetests test regex for legacy tests * update a config option deprecation message * Improve keystone.conf [eventlet_server] documentation * Improve keystone.conf [endpoint_policy] documentation * Improve keystone.conf [credential] documentation * Improve keystone.conf [domain_config] documentation * Rename [DEFAULT] keystone.conf module to keystone.conf.default * Improve keystone.conf [DEFAULT] documentation * Remove test_backend_ldap skips for missing tests * Reduce domain specific config setup duplication * API Change Tutorial doc code modify * Update other-requirements for Xenial * Concrete role assignments for federated users * Migrate identity /v3-ext docs from api-ref repo * Migrate identity /v2-ext docs from api-ref repo * Migrate identity /v2 docs from api-ref repo * Use request.params instead of context['query_string'] * Config: no need to set default=None * Do not spam the log with uncritical stacktraces * Improve keystone.conf [auth] documentation * Improve keystone.conf [assignment] documentation * Group test_backend_ldap skips for readability * Adds a backend test fixture * Remove unused test code * Moves auth plugin test setup closer to its use * Add security_compliance group back to config * Fix nits related to the new keystone.conf package * Fixes failure when password is null * Allow auth plugins to be setup more than once * Removes outdate comment from a test * Replace keystone.common.config with keystone.conf package * Updated from global requirements * Fix a few spelling mistakes * Allow user to get themself and their domain * PCI-DSS Password SQL model changes * Fix argument order for assertEqual to (expected, observed) * Use the ldap fixture to simplify tests * Change the remaining conf setup to use the fixture * Reduce setup overhead in auth_plugin tests * /services?name=<name> API fails when using list_limit * Updated from global requirements * Make sure to use InnoDB as the DB engine * Remove TestAuth * Move last few TestAuth tests to TokenAPITests * Move external auth and bind test to TokenAPITests * Refactor test_validate_v2_scoped_token_with_v3_api * Remove test_validate_v2_unscoped_token_with_v3_api * Move more project scoped token behavior to TokenAPITests * Validate impersonation in trust redelegation * Correct domain_id and name constraint dropping * Integration tests cleanup * Use http_proxy_to_wsgi from oslo.middleware * Use request object in auth plugins * Move cross domain/group/project auth tests * Move negative token tests to TokenAPITests * Move unscoped token test to TokenAPITests * Move negative domain scope test to TokenAPITests * Consolidate domain token tests into TokenAPITests * Move more project scoped behavior tests to TokenAPITests * Move project scoped catalog tests to TokenAPITests * Update driver versioning documentation * Move project scoped tests to TokenAPITests * Move TestAuth unscoped token tests to TokenAPITests * Add cache invalidation for service providers * Updated from global requirements * Add 'links' to implied roles response * Updated from global requirements * fix ldap delete_user group member cleanup * exception sensitive cache/audit changes * Fix TOTP transient test failure * Change LocalUser sql model to eager loading * Shadow LDAP and custom driver users * Refactor shadow users * Fix ValidationError exception name in docstring * Add docstring to delete_project * Updated from global requirements * Revert to caching fernet tokens the same way we do UUID * Honor ldap_filter on filtered group list * Pass a request to controllers instead of a context * Update the keystone-manage man page options * clean up test_resource_uuid * Return 404 instead of 401 for tokens w/o roles * Updating sample configuration file * Revert "Install necessary files in etc/" * Keystone uwsgi performance tuning * Add caching config for federation * Updated from global requirements * Updating sample configuration file * Updating sample configuration file * Bootstrap: enable and reset password for existing users * PEP257: Ignore D203 because it was deprecated * Cache service providers on token validation * Refactor revoke_model to remove circular dependency * Update man page for Newton release * Move stray notification options into config module * Adding role assignment lists unit tests * Add protocols integration tests * Add mapping rules integration tests * Add service providers integration tests * Imported Translations from Zanata * Updated from global requirements 10.0.0.0b1 * Simplify & fix configuration file copy in setup.cfg * Config settings to support PCI-DSS * Fix credentials_factory method call * Allow domain admins to list users in groups with v3 policy * Updating sample configuration file * Updated from global requirements * Honor ldap_filter on filtered user list * Install necessary files in etc/ * Replace revoke tree with linear search * Migrate identity /v3 docs from api-ref repo * Updated from global requirements * Add new functionality to @wip * remove deprecated revoke_by_expiration function * Isolate common ldap code to the identity backend * Updated from global requirements * Remove helper script for py34 * Include project_id in the validation error on default project is domain * Add python 3 release note * Add comment to test case helper function * Add Python 3 classification * Py3 oauth tests * Enable py3 tests for test_v3_auth * make sure default_project_id is not domain on user creation and update * Let setup.py compile_catalog process all language files * Fix broken link of federation docs * Add new line in keystone/common/request.py * Move identity.backends.sql model code to sql_model.py * Add .mo files to MANIFEST.in * Replace context building with a request object * Enable py3 testing for Fernet token provider * Enable py3 for credential tests * reorganize mitaka release notes * enable ldap tests for py3 * Updated from global requirements * Add the validation rules when create token * Use PyLDAP instead of python-ldap * Fix config path for running wsgi in developer mode * Move the revoke abstract base class out of core * Updated from global requirements * Port test_v2 unit test to Python 3 * Move the oauth1 abstract base class out of core * Drop the (unused) domain table * Don't set None for ldap.OPT_X_TLS_CACERTFILE * Add API Change Tutorial * Deprecate keystone.common.kvs * Updating sample configuration file * Add is_domain in token response * Switch to use `new_domain_ref` for testcases * Move the assignment abstract base class out of core * Add identity providers integration tests * Update documentation to remove keystone-all * Updating sample configuration file * Updated from global requirements * replace logging with oslo.log * Move the federation abstract base class out of core * Separate protocol schema * Updated from global requirements ------------------------------------------------------------------- Thu Jul 7 12:42:44 UTC 2016 - dmueller@suse.com - switch to python-pyldap ------------------------------------------------------------------- Mon May 9 04:56:19 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev103: * Updated from global requirements * Add test for authentication when project and domain name clash ------------------------------------------------------------------- Mon May 9 04:56:19 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev101: * Fix doc build if git is absent ------------------------------------------------------------------- Mon May 9 04:56:19 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev100: * Fix typos ------------------------------------------------------------------- Fri Apr 22 13:47:08 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev99: * Add other-requirements.txt * Fix D400 PEP257 * Imported Translations from Zanata * Updating sample configuration file * Customize config file location when run as wsgi app * Updated from global requirements * Updating sample configuration file * Updated from global requirements * Bump the required tox version to 2.3.1 * update deprecation warning for falling back to default domain * add missing deprecation reason for eventlet option * Remove comments mentioning eventlet * Remove support for generating ssl certs * Updating sample configuration file * Remove eventlet support * Default caching to on for request-local caching * Typo in sysctl command example Edit * Fix confusing naming in ldap EnableEmuMixin * Test list project hierarchy is correct for a large tree * Remove comment from D202 rule * Use messaging notifications transport instead of default * Avoid name repetition in equality comparisons * Moved name formatting (clean) out of the driver * Expose not clearing of user default project on project delete ------------------------------------------------------------------- Fri Apr 22 08:58:39 UTC 2016 - rhafer@suse.com - Removed obsolete patch keystone_max_url_length.diff. Eventlet support is being removed from keystone. ------------------------------------------------------------------- Tue Apr 19 06:38:00 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev60: * Typo fix in tests * Add logging to cli if keystone.conf is not found * Fix post jobs * Refactor domain config upload * Keystone jobs should honor upper-constraints.txt * Updating sample configuration file * Deprecation reason for domain_id_immutable * Fix D401 PEP8 violation * OSprofiler release notes * Updating sample configuration file * Dev doc update for moving abstract base classes out of core * Integrate OSprofiler in Keystone * Fix totp test fails randomly ------------------------------------------------------------------- Wed Apr 13 15:40:33 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev39: * Updated from global requirements * Add keystone service ID to observer audit * group federated identity docs together * Change Role/Region to role/region in keystone-manage bootstrap * Use mockpatch fixtures from fixtures * Set the values for the request_local_cache * fix typo * Fix KeyError when rename to a name is already in use * Improve project name conflict message * test REMOTE_USER does not authenticate * Doc - Detailing objects' attributes available for policy.json * Sync oslo-incubator rpc module * Rename requires files to standard names * Fix test coverage for v2 scoped auth xml response (bug 1160504) * add --config-dir=DIR for keystone-all option * Add --config-dir=DIR in OPTIONS * Files for Apache-HTTPD * Bug #907521. Changes to support get roles by service * Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here: https://github.com/ziadsawalha/keystone/commits/tests * Fixed bug 905422. Swift caching should work again. Also fixed a few other minor syntactical stuff * Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file * Bug #854104 - Changes to allow admin url to be shown only for admin users. - Additional test asserts to verify * X.509 client authentication with Keystone. Implements blueprint 2-way-ssl * Fixing bug 859937. Removing incorrect atom feed references from roles.xsd * Updating legacy auth translation to 2.0 (bug #863661) * Fix invocations of TemplateError. This exception takes precisely three parameters, so I've added a fake location (0, 0) to keep it happy * Dev guide rebuild and minor fixes * Port of glance-control to keystone. This will make writing certain keystone integration functional tests a little easier to do * Committer: Joe Savak <joe3963@joe3963-VirtualBox.(none)> * Added automatic test discovery to unit tests and removed all dead tests * #16 Changes to remove unused group clls * (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/ * Name changes BaseURLRefs to EndPoints and BaseURLs to EndpointTemplates * Name changes BaseURLRefs to EndPoints and BaseURLs to EndpointTemplates * Mae Pylintrc, reordered imports made pep8 of the files * Added as per HACKING Files * Modified server.py tenant group URL to fix failing test cases * Added missing tests, mad e enable and disable password work * Renamed to server.py and added top dir in config * Added the keystone top dir in configuration ------------------------------------------------------------------- Wed Apr 13 01:37:36 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev21: * Simplify chained comparison * Clean up test case for shadow users * Fixes bug where the updated federated display_name is not returned * create a new `advanced topics` section in the docs ------------------------------------------------------------------- Tue Apr 12 01:01:07 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev14: * Add missing backslash to keystone-manage bootstrap command in documentation ------------------------------------------------------------------- Sat Apr 9 02:50:02 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev13: * Imported Translations from Zanata ------------------------------------------------------------------- Fri Apr 8 02:56:49 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.1.dev12: 9.0.0 * Update federated user display name with shadow_users_api * Bandit test results 9.0.0.0rc2 * Correct `role_name` constraint dropping * Imported Translations from Zanata * Imported Translations from Zanata * Fix keystone-manage config file path * Correct test to support changing N release name * Imported Translations from Zanata * Imported Translations from Zanata * Imported Translations from Zanata * Imported Translations from Zanata * Imported Translations from Zanata * Add release note for list_limit support * Imported Translations from Zanata * Update .gitreview for stable/mitaka ------------------------------------------------------------------- Thu Apr 7 02:58:23 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev67: * Updating sample configuration file * Update the description of the role driver option * Update the Administrator guide link * Remove backend interface and common code out of identity.core * Run federation tests under Python 3 * Add py3 debugging ------------------------------------------------------------------- Wed Apr 6 02:27:31 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev55: * Update federated user display name with shadow_users_api * remove endpoint_policy from contrib ------------------------------------------------------------------- Sat Apr 2 02:03:15 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev52: * Correct `role_name` constraint dropping * Base for keystone tempest plugin ------------------------------------------------------------------- Fri Apr 1 02:29:34 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev49: * Random project should return positive numbers ------------------------------------------------------------------- Thu Mar 31 02:21:01 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev47: * Improve error message for schema validation * Opportunistic testing with different DBs ------------------------------------------------------------------- Wed Mar 30 02:25:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev43: * The name can be just white character except project and user * Fix typos in Keystone files * Add `patch_cover` to keystone * Cleanup LDAP models * Correct test_implied_roles_fk_on_delete_cascade * Fix table row counting SQL for MySQL and Postgresql * Switch migration tests to oslo.db DbTestCase * Correct test_migrate_data_to_local_user_and_password_tables * Make modifications to domain config atomic ------------------------------------------------------------------- Tue Mar 29 02:20:14 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev27: * Fix keystone-manage config file path * Update dev docs and sample script for v3/bootstrap ------------------------------------------------------------------- Sun Mar 27 03:27:22 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev23: * Correct _populate_default_domain in tests ------------------------------------------------------------------- Sat Mar 26 03:20:26 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev22: * Removing redundant words * Simplify repetitive unequal checks ------------------------------------------------------------------- Fri Mar 25 03:18:22 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev19: * Move region configuration to a critical section ------------------------------------------------------------------- Thu Mar 24 02:36:54 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev18: * Correct test to support changing N release name * Fix test_add_int_pkey_to_revocation_event_table for MySQL * Implement HEAD method for all v3 GET actions ------------------------------------------------------------------- Tue Mar 22 02:35:04 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev12: * Add test for domains list filtering and limiting ------------------------------------------------------------------- Sat Mar 19 02:37:49 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev10: * Add release note for list_limit support * Cleanup migration tests * Imported Translations from Zanata * add placeholder migrations for mitaka ------------------------------------------------------------------- Fri Mar 18 02:41:17 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev3: * Enables the notification tests in py3 ------------------------------------------------------------------- Thu Mar 17 13:07:56 UTC 2016 - tbechtold@suse.com - Adjust Requires ------------------------------------------------------------------- Thu Mar 17 03:07:08 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0rc2.dev1: * Update reno for stable/mitaka 9.0.0.0rc1 * Support `id` and `enabled` attributes when listing service providers * Check for already present user without inserting in Bootstrap * Mapping which yield no identities should result in ValidationError * Make backend filter testing more comprehensive * Change xrange to range for python3 compatibility * Remove reference to keystoneclient CLI * Document running in uwsgi proxied by apache * Imported Translations from Zanata * Fixed user in group participance ------------------------------------------------------------------- Wed Mar 16 03:04:33 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b4.dev121: * Updating sample configuration file * Correct Hints class filter documentation * Release note cleanup * Remove unused notification method and class * Consolidate @notifications.internal into Audit * Remove some translations * Add auto-increment int primary key to revoke.backends.sql ------------------------------------------------------------------- Tue Mar 15 03:03:23 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b4.dev107: * Update reported version for Mitaka * Add docs for additional bootstrap endpoint parameters * Remove TestFernetTokenProvider ------------------------------------------------------------------- Mon Mar 14 10:30:27 UTC 2016 - tbechtold@suse.com - Update to version keystone-9.0.0.0b4.dev102: * Imported Translations from Zanata * Imported Translations from Zanata * register the config generator default hook with the right name * Imported Translations from Zanata * Rename v2 token schema used for validation * Migrate_repo init version helper * Refactor TestFernetTokenProvider trust-scoped tests * Refactor TestFernetTokenProvider project-scoped tests * Refactor TestFernetTokenProvider domain-scoped tests * Refactor TestFernetTokenProvider unscoped token tests * Fixing mapping schema to allow local user * Fix keystone-manage example command path * Add PKIZ coverage to trust tests * Consolidate TestTrustRedelegation and TestTrustAuth tests * Split out domain config driver and manager tests * Add notifications to user/group membership * Add ability to send notifications for actors * Updated from global requirements * Remove foreign assignments when deleting a domain * Correct create_project driver versioning * Explicitly exclude tests from bandit scan * Move role backend tests * v2 tokens validated on the v3 API are missing timezones * Move domain config backend tests * Validate v2 fernet token returns extra attributes * Clarify virtualenv setup in developer docs * Fixes a few LDAP tests to actually run * Imported Translations from Zanata * Un-wrap function * Fix warning when running tox * Race condition in keystone domain config * Adding 'domain_id' filter to list_user_projects() * Add identity endpoint creation to bootstrap * Updated from global requirements * Remove _disable_domain from the resource API * Remove _disable_project from the resource API * Remove the notification.disabled decorator * Remove unused notification decorators * Cleanup from from split of token backend tests * Split identity backend tests * Split policy backend tests * Split catalog backend tests * Split trust backend tests * Split token backend tests * Split resource backend tests * Split assignment backend tests * Updated from global requirements * Consolidate configuration default overrides * Updating sample configuration file * IPV6 test unblacklist * Fix trust chain tests 9.0.0.0b3 * Minor edits to the developing doc * Add release notes for projects acting as domains * Fix keystone.common.wsgi to explicitly use bytes * fix sample config link that 404s * add hints to list_services for templated backend * Fixes hacking for Py3 tests * Fixes to get cert tests running in Py3 * Fixes the templated backend tests for Python3 * remove pyc files before running tests * Stop using oslotest.BaseTestCase * Return 404 instead of 401 for tokens w/o roles * Remove unused domain driver method in legacy wrapper * Deprecate domain driver interface methods * Fix the migration issue for the user doesn't have a password * Add driver details in architecture doc * Shadow users - Shadow federated users * Projects acting as domains * Update developer docs for ubuntu 15.10 * Moved CORS middleware configuration into oslo-config-generator * V2 operations create default domain on demand * Make keystone tests work on leap years * Updating sample configuration file * Fix doc build warnings * Enable LDAP connection pooling by default * Delay using threading.local() to fix check job failure * Minor edits to the installation doc * Minor edits to the configuration doc * Minor community doc edits * Updated from global requirements * Followup for LDAP removal * Remove get_session and get_engine * No more legacy engine facade in tests * Use requst local in-process cache per request * Move admin_token_auth before build_auth_context in sample paste.ini * Update default domain's description * Reference config values at runtime * Use the new enginefacade from oslo.db * Updated from global requirements * Fix incorrect assumption when deleting assignments * Remove migration_helpers.get_default_domain * db_sync doesn't create default domain * Implied roles index with cascading delete * Fix project-related forbidden response messages * Fixes a bug when setting a user's password to null * Renamed TOTP passcode generation function * Updates TOTP release note * Simplify use of secure_proxy_ssl_header * Shadow users - Separate user identities * Switch to configless bandit * Parameter to return audit ids only in revocation list * Add tests for fetching the revocation list * Updating sample configuration file * Deprecate logger.WritableLogger * Removing H405 violations from keystone * Updated from global requirements * Updated from global requirements * Updating sample configuration file * Remove useless {} from __table_args__ * Time-based One-time Password * Fix inconsistencies between Oauth1DriverV8 interface and driver * Oauth1 manager sets consumer secret * Remove setting class variable * Allow user list without specifying domain * Adds user_description_attribute mapping support to the LDAP backend * encode user id for notifications * Add back a bandit tox job * Enable support for posixGroups in LDAP * Add is_domain filter to v3 list_projects * Add tests in preparation of projects acting as a domain * Avoid using `len(x)` to check if x is empty * Use the driver to get limits * Fallback to list_limit from default config * Add list_limit to the white list for configs in db * Updating sample configuration file * handle unicode names for federated users * Verify project unique constraints for projects acting as domains * wsgi: fix base_url finding * Disable Admin tokens set to None * Modify rules for domain specific role assignments * Modify implied roles to honor domain specific roles * Modify rules in the v3 policy sample for domain specifc roles * Re-enable and undeprecate admin_token_auth * Don't describe trusts as an extension in configuration doc * Tidy up configuration documentation for inherited assignments * Clean up configuration documentataion on v2 user CRUD * Allow project domain_id to be nullable at the manager level * Trivial: Cleanup unused conf variables * Updating sample configuration file * Updating sample configuration file * Fixes parameter in duplicate project name creation * Fix terms from patch 275706 * sensible default for secure_proxy_ssl_header * Restricting domain_id update * Allow project_id in catalog substitutions * Avoid `None` as a redundant argument to dict.get() * Avoid "non-Pythonic" method names * Manager support for project cascade update * Updating sample configuration file * Expand implied roles in trust tokens * add a test that uses trusts and implies roles * Updating sample configuration file * Convert assignment.root_role config option to list of strings * Avoid wrong deletion of domain assignments * Manager support for project cascade delete * AuthContextMiddleware admin token handling * Deprecate admin_token_auth * Adds better logging to the domain config finder * Extracts logic for finding domain configs * Fix nits from domain specific roles CRUD support * Change get_project permission * Updated from global requirements * Enables token_data_helper tests for Python3 * Stop using nose as a Python3 test runner * Fix release note of removal of v2.0 trusts support * Remove PostParams middleware * Updated from global requirements * Moves policy setup into a fixture * Make pep8 *the* linting interface * Added tokenless auth headers to CORS middleware * Add backend support for deleting a projects list * Make fernet work with oauth1 authentication * Consolidate the fernet provider validate_v2_token() * Remove support for trusts in v2.0 * Add CRUD support for domain specific roles * Added CORS support to Keystone * Deprecate Saml2 auth plugin * Uses open context manager for templated catalogs * Disable the ipv6 tests in py34 * Missing 'region' in service and 'name' in endpoint for EndpointFilterCatalog * Small typos on the ldap.url config option help * Replace exit() with sys.exit() * include sample config file in docs * Fixes a language issue in a release note * Imported Translations from Zanata * Updated from global requirements * Support multiple URLs for LDAP server * Set deprecated_reason on deprecated config options * Move user and admin crud to core * squash migrations - kilo * Adds validation negative unit tests * Use oslo.log specified method to set log levels * Add RENO update for simple_cert_extension deprecation * Opt-out certain Keystone Notifications * Update the home page * Release notes for implied roles * deprecate pki_setup from keystone-manage * test_credential.py work with python34 * Consolidate `test_contrib_ec2.py` into `test_credential.py` * Reinitialize the policy engine where it is needed * Provide an error message if downgrading schema * Updated from global requirements * Consolidate the fernet provider issue_v2_token() * Consolidate the fernet provider validate_v3_token() * Add tests for role management with v3policy file * Fix some word spellings * Make WebSSO trusted_dashboard hostname case-insensitive * Deprecate simple_cert extension * Do not assign admin to service users * Add in TRACE logging for the manager * Add schema for OAuth1 consumer API * Correct docstrings * Remove un-used test code * Raise more precise exception on keyword mapping errors * Allow '_' character in mapping_id value * Implied Roles API * Revert "Unit test for checking cross-version migrations compatibility" * replace tenant with project in cli.py * Fix schema validation to use JSONSchema for empty entity * Replace tenant for project in resource files * Reuse project scoped token check for trusts * Add checks for project scoped data creep to tests * Add checks for domain scoped data creep * Use the oslo.utils.reflection to extract the class name * Test hyphens instead of underscores in request attributes * Simplify admin_required policy * Add caching to role assignments * Enable bandit tests * Update bandit.yaml * Enhance manager list_role_assignments to support group listing * remove KVS backend for keystone.contrib.revoke * Fix trust redelegation and associated test * use self.skipTest instead of self.skip * Removed deprecated revoke KVS backend * Revert "skip test_get_token_id_error_handling to get gate passing" * Updated from global requirements * Updated from global requirements * skip test_get_token_id_error_handling to get gate passing * Ensure pycadf initiator IDs are UUID * Check for circular references when expanding implied roles * Improves domain name case sensitivity tests * Fixes style issues in a v2 controller tests * Prevents creating is_domain=True projects in v2 * Refactors validation tests to better see the cases * Remove keystone/common/cache/_memcache_pool.py * Update mod_wsgi + cache config docs * Address comments from Implied Role manager patch * Fix nits in include names patch * Unit test for checking cross-version migrations compatibility * Online schema migration documentation * Updated from global requirements * Remove additional references to ldap role attribs * Remove duplicate LDAP test class * Remove more ldap project references 9.0.0.0b2 * Add testcases to check cache invalidation * Fix typo abstact in comments * deprecate write support for identity LDAP * Deprecate `hash_algorithm` config option * Mark memcache and memcache_pool token deprecated * List assignments with names * Remove LDAP Role Backend * Remove LDAP Resource and LDAP Assignment backends * Removes KVS catalog backend * Fix docstring * Strengthen Mapping Validation in Federation Mappings * Add checks for token data creep using jsonschema * Deprecating API v2.0 * Implied roles driver and manager * Add support for strict url safe option on new projects and domains * Remove bandit tox environment * Add linters environment, keep pep8 as alias * Make sure the assignment creation use the right arguments * Fix indentation for oauth context * Imported Translations from Zanata * document the bootstrapping process * Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10 * Updated from global requirements * Enable `id`, `enabled` attributes filtering for list IdP API * Improve Conflict error message in IdP creation * Fedora link is too old and so updated with newer version * Support the reading of default values of domain configuration options * Correct docstrings for federation driver interface * Update v3policysample tests to use admin_project not special domain_id * Enable limiting in ldap for groups * Enable limiting in ldap for users * Doc FIX * Store config in drivers and use it to get list_limit * Add asserts for service providers * Fix incorrect signature in federation legacy V8 wrapper * Tidy up release notes for V9 drivers * Adds an explicit utils import in test_v3_protection.py * Refactor test auth_plugin config into fixture * Create V9 version of resource driver interface * Updated from global requirements * Separate trust crud tests from trust auth tests * Delete checks for default domain delete * correct help text for bootstrap command * Replace unicode with six.text_type * Escape DN in enabled query * Test enabled emulation with special user_tree_dn * SQL migrations for implied roles * Revert "Validate domain ownership for v2 tokens" * Use assertIn to check if collection contains value * Updated from global requirements * Perform middleware tests with webtest * De-duplicate fernet payload tests * Reference driver methods through the Manager * Fix users in group and groups for user exact filters * Expose defect in users_in_group, groups_for_user exact filters * Replace deprecated library function os.popen() with subprocess * OAuth1 driver doesnt inherit its interface * Update man pages with Mitaka version and dates * Fixes hacking logger test cases to use same base * Adds a hacking check looking for Logger.warn usage * Change LOG.warn to LOG.warning * Remove redundant check after enforcing schema validation * Create V9 version of federation driver interface * Expose method list inconsistency in federation api * Correct DN/encoding in test * Add audit IDs to revocation events * Adds a base class for functional tests * Create neutron service in sample_data.sh * refactor: Remove unused test method * Fix test_crud_user_project_role_grants * Update sample catalog templates * Wrong usage of "an" - Adjust Requires and BuildRequires - Fix demo certificate creation ------------------------------------------------------------------- Fri Jan 8 00:56:37 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev188: * remove irrelevant parenthesis * Cleanup tox.ini py34 test list * Some small improvements on fernet uuid handling * Deprecated tox -downloadcache option removed * Add `type' filter for list_credentials_for_user * Remove comments on enforcing endpoints for trust ------------------------------------------------------------------- Thu Jan 7 00:56:26 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev176: * Updating sample configuration file * Do not use __builtin__ in python3 * Define paste entrypoints * Add return value * Wrong usage of "an" * Make `bootstrap` idempotent * fix reuse of variables * Verify that attribute `enabled` equals True * Correct SecurityError with unicode args * Reject user creation using admin token without domain * Config option for insecure responses * Use oslo_config PortOpt support ------------------------------------------------------------------- Wed Jan 6 00:56:40 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev156: * Add schema for federation protocol * Test: make enforce_type=True in CONF.set_override * Add schema for identity provider * Fix the incompatible issue in response header ------------------------------------------------------------------- Tue Jan 5 00:55:46 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev148: * Fix some inconsistency in docstrings ------------------------------------------------------------------- Sat Jan 2 00:56:47 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev146: * Updated from global requirements * Use [] where a field is required ------------------------------------------------------------------- Fri Jan 1 01:35:59 UTC 2016 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev143: * Updating sample configuration file * Use six.moves.reload_module instead of builtin reload * Support url safe restriction on new projects and domains ------------------------------------------------------------------- Thu Dec 31 01:36:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev138: * Correct fernet provider reference ------------------------------------------------------------------- Wed Dec 30 01:37:04 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev136: * fix up release notes, file deprecations under right title ------------------------------------------------------------------- Tue Dec 29 01:36:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev134: * Correct the class name of the V9 LDAP role driver ------------------------------------------------------------------- Sun Dec 27 07:33:11 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev133: * Wrong usage of "a/an" * Trival: Remove unused logging import ------------------------------------------------------------------- Fri Dec 25 01:35:55 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev130: * Updating sample configuration file * Fix pep8 job ------------------------------------------------------------------- Thu Dec 24 01:37:55 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev127: * Fix 500 error when no fernet token is passed * Fix multiline strings with missing spaces * eventlet: handle system that misses TCP_KEEPIDLE ------------------------------------------------------------------- Wed Dec 23 01:37:12 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev122: * Fixes kvs cache key mangling issue for Py3 * Updated from global requirements * Update `developing.rst` to remove extensions stuff * Add `keystone-manage bootstrap` command ------------------------------------------------------------------- Tue Dec 22 01:36:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev115: * Updating sample configuration file * Enable os_inherit of Keystone v3 API * Normalize fernet payload disassembly * Common arguments for fernet payloads assembly * Fix use of TokenNotFound ------------------------------------------------------------------- Sat Dec 19 01:42:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev109: * Fix key_repository_signature method for python3 * Fix defect in list_user_ids that only lists direct user assignments * Show defect in list_user_ids that only lists direct user assignments * Use list_role_assignments to get projects/domains for user * Limiting for fake LDAP * Handle fernet payload timestamp differences * Fix fernet padding for python 3 ------------------------------------------------------------------- Fri Dec 18 01:44:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev97: * Use pip (and DevStack) instead of setuptools in docs ------------------------------------------------------------------- Thu Dec 17 01:43:19 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev95: * Correct developer documentation on venv creation * Updating sample configuration file * Updated from global requirements ------------------------------------------------------------------- Wed Dec 16 01:43:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev90: * Validate domain for DB-based domain config. CRUD * Updated Cloudsample * Verify that user is trustee only on issuing token * Changed the key repo validation to allow read only * Add API route for list role assignments for tree * Add Trusts unique constraint to remove duplicates ------------------------------------------------------------------- Sat Dec 12 01:46:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev79: * Clean up new_credential_ref usage and surrounding code ------------------------------------------------------------------- Fri Dec 11 01:46:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev78: * Updating sample configuration file * Updated from global requirements * Make @truncated common for all backends * Fix exposition of bug about limiting with ldap * Use assertDictEqual instead of assertEqualPolicies * refactor: move the common code to manager layer * Remove keystoneclient tests * Ensure endpoints returned is filtered correctly ------------------------------------------------------------------- Thu Dec 10 01:46:16 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev63: * Remove unfixable FIXME * Use new_policy_ref consistently * Create V9 Role Driver * Create new version of assignment driver interface * Remove invalid comment about LDAP domain support * Pass dict into update() rather than **kwargs * Refactor test use of new_*_ref * Remove invalid TODO related to bug 1265071 * Deprecate the pki and pkiz token providers * Refactor: Use Federation constants where possible * Remove exposure of routers at package level * Update docs for legacy keystone extensions ------------------------------------------------------------------- Wed Dec 9 02:02:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev40: * Cleans up code for `is_admin` in tokens * Deprecate ldap Role * Update extensions links * Improve comments in test_catalog * Fix for GET project by project admin * Updating sample configuration file * Remove invalid TODO in extensions * Refactor: Remove use of self where not needed * Refactor: Move uncommon entities from setUp * Split resource tests from assignment tests * More useful message when using direct driver import ------------------------------------------------------------------- Mon Dec 7 02:57:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev19: * Updated from global requirements ------------------------------------------------------------------- Sun Dec 6 03:27:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev18: * Use subprocess.check_output instead of Popen * Cleanup use of service refs * Remove core module from the legacy endpoint_filter extension ------------------------------------------------------------------- Sat Dec 5 03:26:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev15: * Remove invalid FIXME note * Put py34 first in the env order of tox * set `is_admin` on tokens for admin project * Use unit.new_project_ref consistently * Cleanup region refs * Use new_trust_ref consistently ------------------------------------------------------------------- Fri Dec 4 03:21:57 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.0b2.dev7: * Update API version info for Liberty * remove version from setup.cfg 9.0.0.0b1 * Simplify LimitTests ------------------------------------------------------------------- Thu Dec 3 03:24:35 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev309: * Add release notes for mitaka-1 * refactor: move variable to where it's needed * Fix a typo in notifications function doc * Optimize "open" method with context manager ------------------------------------------------------------------- Wed Dec 2 03:25:01 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev302: * Reference environment close to use * Remove RequestBodySizeLimiter from middleware * force releasenotes warnings to be treated as errors * Remove deprecated notification event_type * Remove check_role_for_trust ------------------------------------------------------------------- Tue Dec 1 03:24:22 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev292: * Needn't care about the sequence for cache validation ------------------------------------------------------------------- Mon Nov 30 01:31:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev290: * Updated from global requirements ------------------------------------------------------------------- Fri Nov 27 01:35:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev289: * Remove `extras` from token data * Accepts Group IDs from the IdP without domain ------------------------------------------------------------------- Thu Nov 26 01:37:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev285: * Correct docstring warnings ------------------------------------------------------------------- Wed Nov 25 10:14:33 UTC 2015 - vuntz@suse.com - Set [catalog] driver to sql instead of keystone.catalog.backends.sql.Catalog, as this old value is deprecated. ------------------------------------------------------------------- Wed Nov 25 01:31:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev283: * Correct RoleNotFound usage * Remove example extension * Updating sample configuration file * Using the right format to render the docstring correctly * Add release notes for mitaka thus far * deprecate `enabled` option for endpoint-policy extension * Rationalize list role assignment routing * Fix string conversion in s3 handler for python 2 ------------------------------------------------------------------- Tue Nov 24 01:32:37 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev269: * Use idp_id and protocol_id in jsonhome * Use standard credential_id parameter in jsonhome ------------------------------------------------------------------- Sun Nov 22 01:32:19 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev265: * Updated from global requirements ------------------------------------------------------------------- Sat Nov 21 01:34:37 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev264: * Minor cleanups for usage of group refs ------------------------------------------------------------------- Fri Nov 20 12:24:41 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev262: * Manager support for projects acting as domains ------------------------------------------------------------------- Fri Nov 20 01:12:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev260: * remove useless config option in endpoint filter * Add missing colon separators to inline comments * Enable listing of role assignments in a project hierarchy * Capital letters * remove use of magic numbers in sql migrate extension tests ------------------------------------------------------------------- Thu Nov 19 15:07:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev249: * Updating sample configuration file * Move endpoint_filter migrations into keystone core * Move endpoint filter into keystone core * Move revoke sql migrations to common * Move revoke extension into core * Move oauth1 sql migrations to common * Move oauth1 extension into core * Move federation sql migrations to common * Move federation extension into keystone core ------------------------------------------------------------------- Thu Nov 19 01:18:45 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev232: * Fix inaccurate debug mode response * Use unit.new_user_ref consistently * Add testcases to check cache invalidation in endpoint filter extension * Fix the wrong method name ------------------------------------------------------------------- Wed Nov 18 01:15:12 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev224: * Imported Translations from Zanata * Updated from global requirements * Exclude old Shibboleth options from docs * Add S3 signature v4 checking ------------------------------------------------------------------- Tue Nov 17 10:25:17 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev216: * Document release notes process * Use new_service_ref instead of manually created dict * Make K2K Mapping Attribute Examples more visible ------------------------------------------------------------------- Sun Nov 15 01:15:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev210: * Updating sample configuration file * change some punctuation marks * Updated from global requirements ------------------------------------------------------------------- Sat Nov 14 01:15:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev205: * Remove hardcoded LDAP group schema from emulated enabled mix-in * Updated from global requirements * Use new_domain_ref instead of manually created ref * Use new_region_ref instead of manually created dict * Use unit.new_group_ref consistently * Use unit.new_role_ref consistently * Move AuthContext middleware into its own file * Fix some nits inside validation/config.py ------------------------------------------------------------------- Fri Nov 13 01:17:47 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev189: * Use unit.new_domain_ref consistently * Use unit.new_region_ref() consistently * Use unit.new_service_ref() consistently ------------------------------------------------------------------- Thu Nov 12 03:46:02 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev186: * Use unit.new_endpoint_ref consistently * Use list_role_assignments to get assignments by role_id * Pass kwargs when using revoke_api.list_events() * Add reno for release notes management * Add test for security error with no message * Add exception unit tests with different message types * Create tests for set_default_is_domain in LDAP ------------------------------------------------------------------- Tue Nov 10 03:43:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev172: * Cleanup message handling in test_exception ------------------------------------------------------------------- Mon Nov 9 03:42:59 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev170: 8.0.0 * Ensure token validation works irrespective of padding * Show v3 endpoints in v2 endpoint list * Imported Translations from Zanata * Skip rows with empty remote_ids ------------------------------------------------------------------- Sun Nov 8 03:42:51 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev232: * Add Mapping Combinations for Keystone to Keystone Federation * Remove manager-driver assignment metadata construct * [rally] remove deprecated arg ------------------------------------------------------------------- Sat Nov 7 03:43:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev226: * Keystone Spelling Errors in docstrings and comments * Enable try_except_pass Bandit test ------------------------------------------------------------------- Fri Nov 6 03:45:30 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev222: * Correct description in Keystone key_terms * Imported Translations from Zanata * Get user role without project id is not implemented * Add caching to get_catalog ------------------------------------------------------------------- Thu Nov 5 03:43:28 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev216: * Capitalize a Few Words ------------------------------------------------------------------- Wed Nov 4 03:44:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev214: * update mailmap with gyee's new email * Revert "Added CORS support to Keystone" * Updated from global requirements * Use assertTrue/False instead of assertEqual(T/F) * I18n safe exceptions ------------------------------------------------------------------- Tue Nov 3 03:49:59 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev208: * test_backend_sql work with python34 * Use assertTrue/False instead of assertEqual(T/F ------------------------------------------------------------------- Sat Oct 31 03:44:16 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev205: * Fix the issues found with local conf * Promote an arbitrary string to be a docstring * Update Configuring Keystone doc for consistency ------------------------------------------------------------------- Fri Oct 30 03:44:51 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev199: * Move endpoint_policy migrations into keystone core * Fix D204: blank line required after class docstring (PEP257) * Fix D202: No blank lines after function docstring (PEP257) * Cleanup fernet validate_v3_token ------------------------------------------------------------------- Wed Oct 28 03:42:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev191: * Fix docstring * Fix D200: 1 line docstrings should fit with quotes (PEP257) * Includes server_default option in is_domain column ------------------------------------------------------------------- Mon Oct 26 03:36:41 UTC 2015 - bwiedemann@suse.com - require python-oslo.cache - Update to version keystone-9.0.0.dev185: * Comment spelling error in assignment.core file * Fix exceptions to use correct titles * Fix UnexpectedError exceptions to use debug_message_format * Fix punctuation in doc strings * Updating sample configuration file * Explain default domain in docs for other services * Correct bashate issues in gen_pki.sh * Fix incorrect federated mapping example * change stackforge url to openstack url * Updated from global requirements * Adds already passing tests to py34 run * Allow the PBR_VERSION env to pass through tox * Fix D210: No whitespaces allowed surrounding docstring text (PEP257) * Fix D300: Use """triple double quotes""" (PEP257) * Fix D402: First line should not be the function's "signature" (PEP257) * Fix D208: Docstring over indented. (PEP257) * Add docstring validation * Fix fernet key writing for python 3 * Update test modules passing on py34 * Updated from global requirements * Forbid non-stripped endpoint urls * fix deprecation warnings in cache backends * Enable subprocess_without_shell_equals_true Bandit test * Correct typo in copyright * switch to oslo.cache * Correct the filename * Fix some nits in `configure_federation.rst` * Remove unused code in domain config checking ------------------------------------------------------------------- Fri Oct 16 02:20:39 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev133: * Updated from global requirements * More info in RequestContext ------------------------------------------------------------------- Thu Oct 15 21:15:13 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev129: * Updating sample configuration file * Updated from global requirements * keystone-paste.ini docs for deployers are out of date * add placeholder migrations for liberty * Remove bas64utils and tests * Create a version package * Refactor: Don't hard code 409 Conflict error codes * add initiator to v2 calls for additional auditing * Handle 16-char non-uuid user IDs in payload * Fix the referred [app:app_v3] into [pipeline:api_v3] ------------------------------------------------------------------- Thu Oct 15 01:49:43 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev111: * Remove oslo.policy implementation tests from keystone ------------------------------------------------------------------- Tue Oct 13 01:49:43 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev110: * Refactor: change 403 status codes in test names * Refactor: change 410 status codes in test names * Refactor: change 400 status codes in test names * Refactor: change 404 status codes in test names ------------------------------------------------------------------- Sun Oct 11 00:13:51 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev102: * Expose 1501698 bug ------------------------------------------------------------------- Sat Oct 10 00:13:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev100: * Updated from global requirements * Imported Translations from Zanata * Fixed missed translatable string inside exception * Enable password_config_option_not_marked_secret Bandit test ------------------------------------------------------------------- Fri Oct 9 00:14:14 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev93: * Additional documentation for services * Rename fernet methods to match expiration timestamp * Enable hardcoded_bind_all_interfaces Bandit test * Reclassify get_project_by_name() controller method * Deprecate httpd/keystone.py * functional tests for keystone on subpaths * Document httpd for accept on /identity, /identity_admin ------------------------------------------------------------------- Thu Oct 8 00:14:32 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev81: * Updated from global requirements * Documentation for other services * Trivial fix of some typos found * Filters is_domain=True in v2 get_project_by_name * Add test case passing is_domain flag as False * Ensure token validation works irrespective of padding * Rename RestfulTestCase.v3_authenticate_token() to v3_create_token() * Improving domain_id update tests * Use deepcopy of mapping fixtures in tests * Cleanup _build_federated_info * Add LimitRequestBody to sample httpd config * Remove unused get_user_projects() * Add unit test for creating RequestContext * Add user_domain_id, project_domain_id to auth context * Add user domain info to federated fernet tokens * Unit tests for fernet validate_v3_token * Correct docstrings ------------------------------------------------------------------- Mon Oct 5 00:41:34 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev49: * Imported Translations from Zanata ------------------------------------------------------------------- Sun Oct 4 00:30:40 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev48: * Rename RestfulTestCase.v3_authenticate_token( ------------------------------------------------------------------- Sat Oct 3 00:30:23 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev47: * Enable Bandit 0.13.2 tests * Update bandit blacklist_imports config ------------------------------------------------------------------- Fri Oct 2 00:33:32 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev43: * Replace sqlalchemy-migrate occurences from code.google to github * Fix unreachable code in test_v3 module * Show v3 endpoints in v2 endpoint list * Make __all__ immutable * Move development environment setup instructions to standard location ------------------------------------------------------------------- Thu Oct 1 00:17:22 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev33: * Skip rows with empty remote_ids * Fix order of arguments in assertDictEqual * Update bandit blacklist_calls config ------------------------------------------------------------------- Tue Sep 29 00:16:47 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev27: * Fix order of arguments in assertEqual * Adds interface tests for timeutils * Add unit tests for token_to_auth_context ------------------------------------------------------------------- Sun Sep 27 00:16:22 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev21: * Updating sample configuration file * Cleanup of Translations * Imported Translations from Zanata * Uses constants for 5XX http status codes in tests * Fixes v3_authenticate_token calls - no default * Fixes the way v3_admin is called to match its def * Declares expected_status in method signatures * Refactor: Don't hard code the error code * Correct comment to not be driver-specific * Fix typo in config help ------------------------------------------------------------------- Thu Sep 24 00:31:08 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev4: * Use the correct import for range ------------------------------------------------------------------- Wed Sep 23 00:33:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-9.0.0.dev3: * Updating sample configuration file 8.0.0.0rc1 * Open Mitaka development * Bring bandit config up-to-date * Update the examples used for the trusted_dashboard option * Log message when debug is enabled * Clean up bandit profiles * federation.idp use correct subprocess * Imported Translations from Zanata * Relax newly imposed sql driver restriction for domain config * Add documentation for configuring IdP WebSSO ------------------------------------------------------------------- Tue Sep 22 00:33:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev57: * Change ignore-errors to ignore_errors ------------------------------------------------------------------- Mon Sep 21 00:29:43 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev56: * Updated from global requirements * check if tokenless auth is configured before validating * Updated from global requirements * Issue deprecation warning if domain_id not specified in create call * Reject rule if assertion type unset ------------------------------------------------------------------- Thu Sep 17 00:53:08 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev48: * Removed the extra http:// from JSON schema link * Support project hierarchies in data driver tests * Fix logging in federation/idp.py ------------------------------------------------------------------- Wed Sep 16 00:52:31 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev44: * Updated from global requirements * Update federation router with missing call * Update man pages with liberty version and dates ------------------------------------------------------------------- Tue Sep 15 00:52:35 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev40: * Refactor: Don't hard code the error code * Move TestClient to test_versions * Get method's class name in a python3-compatible way * Use /auth/projects in tests ------------------------------------------------------------------- Sat Sep 12 00:55:24 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev34: * Use oslo.log fixture * Remove keystone/openstack/* from coveragerc * Do not revoke all of a user's tokens when a role assignment is deleted * Handle tokens created and quickly revoked with insufficient timestamp precision * Show that unscoped tokens are revoked when deleting role assignments * Remove unnecessary load_backends from TestKeystoneTokenModel ------------------------------------------------------------------- Wed Sep 9 23:38:32 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev27: * Update apache-httpd.rst * Updated from global requirements * Remove padding from Fernet tokens * Fixed typos in 'developing_drivers' doc * Build oslo.context RequestContext ------------------------------------------------------------------- Tue Sep 8 23:38:21 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev18: * Imported Translations from Transifex * Updated from global requirements * Correct docstring for common.authorization ------------------------------------------------------------------- Mon Sep 7 23:38:23 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev15: * Change tests to use common name for keystone.tests.unit * Removes py3 test import hacks ------------------------------------------------------------------- Sun Sep 6 23:38:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev11: * Test list_role_assignment in standard inheritance tests ------------------------------------------------------------------- Sat Sep 5 23:38:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev10: * Stop using deprecated keystoneclient function ------------------------------------------------------------------- Fri Sep 4 23:38:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev9: * Updating sample configuration file * Fixes confusing deprecation message * Add methods for checking scoped tokens * Deprecate LDAP Resource Backend * List credentials by type * Fixes a typo in a comment * Fix grammar in doc string ------------------------------------------------------------------- Thu Sep 3 23:38:33 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b4.dev1: 8.0.0.0b3 * Added CORS support to Keystone * Tokenless authz with X.509 SSL client certificate * Stable Keystone Driver Interfaces * Initial support for versioned driver classes * Add federated auth for idp specific websso * Broaden domain-group testing of list_role_assignments * Add support for group membership to data driven assignment tests * Add support for effective & inherited mode in data driven tests * Change JSON Home for OS-FEDERATION to use /auth/projects|domains * Provide new_xyz_ref functions in tests.core * Correct docstrings in resource/core.py * Stop reading local config for domain-specific SQL config driver ------------------------------------------------------------------- Wed Sep 2 23:38:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev232: * Adds caching to paste deploy's egg lookup * Validate Mapped User object ------------------------------------------------------------------- Wed Sep 2 13:02:14 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev228: * Add support for data-driven backend assignment testing ------------------------------------------------------------------- Tue Sep 1 23:38:25 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev226: * Updated from global requirements * Unit tests for is_domain field in project's table * Group tox optional dependencies ------------------------------------------------------------------- Mon Aug 31 11:17:08 UTC 2015 - tbechtold@suse.com - Update to version keystone-8.0.0.0b3.dev220: * Refactor mapping rule engine tests to not create servers * Updating sample configuration file * Set max on max_password_length to passlib max * Simplify federated_domain_name processing * Enforce .config_overrides is called exactly once * Rationalize unfiltered list role assignment test * Change mongodb extras to lowercase * Refactor: Provider._rebuild_federated_info() * Refactor: rename Fernet's unscoped federated payload * Fernet payloads for federated scoped tokens * Prevent exception due to missing id of LDAP entity * Expose exception due to missing id of LDAP entity * Remove references to keystone.openstack.common * Use entrypoints for paste middleware and apps * update links in http-api to point to specs repo * Prevent exception for invalidly encoded parameters * Use wsgi_scripts to create admin and public httpd files * Simplify rule in sample v3 policy file * When validating a V3 token as V2, use the v3_to_v2 conversion * Sample config help for supplied drivers * Update docs for stevedore drivers - Install %{_bindir}/keystone-wsgi-admin and %{_bindir}/keystone-wsgi-public ------------------------------------------------------------------- Mon Aug 31 09:38:57 UTC 2015 - rhafer@suse.com - Added keystone_max_url_length.diff as temporary workaround for bnc#943764 ------------------------------------------------------------------- Wed Aug 26 23:38:30 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev177: * No More .reload_backends() or .reload_backend() * Ensure ephemeral user's user_id is url-safe * Use min and max on IntOpt option types * Adds a notification testcase for unbound methods * Update Httpd configuration docs for sites-available/enabled * Creates a fixture representing as LDAP database ------------------------------------------------------------------- Tue Aug 25 23:38:17 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev165: * Remove all traces of oslo incubator * Refactor: use fixtures.TempDir more * Adds backend check to setup of LDAP tests ------------------------------------------------------------------- Mon Aug 24 23:38:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev159: * Remove deprecated methods from assignment.Manager * Stop using deprecated assignment manager methods ------------------------------------------------------------------- Sat Aug 22 23:38:30 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev155: * Add testcase to test invalid region id in request * Add region_id filter for List Endpoints API ------------------------------------------------------------------- Fri Aug 21 23:38:16 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev151: * Add necessary executable permission * Update 'doc/source/setup.rst' * Enhance tests for saml2 signing exception logging ------------------------------------------------------------------- Thu Aug 20 23:38:33 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev145: * Updating sample configuration file * Test v2 tokens being deleted by v3 * Add is_domain field in Project Table ------------------------------------------------------------------- Wed Aug 19 00:00:32 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev140: * Extras for bandit * Use extras for memcache and MongoDB packages * Remove unnecessary check * Updated from global requirements * Show helpful message when request body is not provided * Do not require the token_id for converting v3 to v2 tokens * Maintain the expiry of v2 fernet tokens ------------------------------------------------------------------- Mon Aug 17 23:59:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev127: * EndpointFilter driver doesnt inherit its interface ------------------------------------------------------------------- Sun Aug 16 23:57:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev125: * Imported Translations from Transifex * Updated from global requirements ------------------------------------------------------------------- Sat Aug 15 23:57:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev122: * Hardens the validated decorator's implementation * Maintain datatypes when loading configs from DB ------------------------------------------------------------------- Fri Aug 14 23:57:47 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev118: * Updating sample configuration file * Improve a few random docstrings * Remove "tenants" from user_attribute_ignore default * Updated from global requirements * Fix the misspelling * Fix typo in doc-string ------------------------------------------------------------------- Thu Aug 13 23:58:40 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev108: * Validate domain ownership for v2 tokens * Fix docstring in mapped plugin * Updated from global requirements * Improve List Role Assignments Filters Performance * Give some message when an invalid token is in use ------------------------------------------------------------------- Tue Aug 11 00:13:38 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev98: * Updated from global requirements * Fixes an incorrect docstring in notifications * Improve a few random docstrings (H405) * Correct enabled emulation query to request no attributes ------------------------------------------------------------------- Mon Aug 10 00:13:50 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev91: * Minor grammar fixes to connection pooling section * Stop calling deprecated assignment manager methods ------------------------------------------------------------------- Sun Aug 9 00:13:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev88: * Updated from global requirements * Updating sample configuration file * Remove reference of old endpoint_policy in paste file ------------------------------------------------------------------- Sat Aug 8 00:14:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev84: * Remove excessive transformation to list * Stop calling deprecated assignment manager methods * Fernet 'expires' value loses 'ms' after validation * NotificationsTestCase running in isolation * Adds/updates notifications test cases * Fix duplicate-key pylint issue * Fix explicit line joining with backslash * Fixes an issue with data ordering in the tests * Imported Translations from Transifex * Allow Domain Admin to get domain details * Assignment driver cleaning * Cleanup tearDown in unit tests * Remove unnecessary check from notifications.py * Remove oslo import hacking check * Use extras for ldap dependencies * Test to ensure fernet key rotation results in new key sets * Document default value for tree_dn options * Register fatal_deprecations before use * Remove unused setUp for RevokeTests * Remove unnecessary code for default suffix ------------------------------------------------------------------- Fri Aug 7 00:13:50 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev50: * Imported Translations from Transifex * Fix unbound error in federation _sign_assertion * Fix typos of RoleAssignmentV3._format_entity doc * Document policy target for operation * Remove unnecessary ldap imports * Disable migration sanity check ------------------------------------------------------------------- Thu Aug 6 00:14:41 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev41: * Updated from global requirements * Use dict.items() rather than six.iteritems() * Better error message when unable to map user ------------------------------------------------------------------- Wed Aug 5 00:14:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev35: * Updating sample configuration file * Cleanup use of iteritems * Missing ADMIN_USER in sample_data.sh * Update exported variables for openstack client * Add better user feedback when bind is not implemented * Refactor _populate_roles_for_groups() * Refactor: clean up TokenAPITests * Fix test_utils for py34 * Clean up code to use .items() * Clean up notifications type checking ------------------------------------------------------------------- Mon Aug 3 00:14:33 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev20: * Add groups in scoped federated tokens ------------------------------------------------------------------- Sun Aug 2 00:14:06 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev18: * Imported Translations from Transifex * Reject create endpoint with invalid urls * Reduce number of Fernet log messages ------------------------------------------------------------------- Sat Aug 1 00:15:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev12: * Adds missing list_endpoints tests * Explain the "or None" on eventlet's client_socket_timeout * Fix test_admin to expect admin endpoint * Fixes a docstring to reflect actual return values * pemutils isn't used anymore * Adds proper isolation to templated catalog tests ------------------------------------------------------------------- Fri Jul 31 12:42:40 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b3.dev2: * Handle non-numeric files in key_repository ------------------------------------------------------------------- Thu Jul 30 19:16:15 UTC 2015 - tbechtold@suse.com - Update to version keystone-8.0.0.0b3.dev1: 8.0.0.0b2 * Updated from global requirements * Ensure database options registered for tests * Document sample config updated automatically - Adjust Requires according to requirements.txt ------------------------------------------------------------------- Thu Jul 30 00:12:36 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev172: * Test function call result, not function object * Test admin app in test_admin_version_v3 * Fix remaining mention of KLWT * Replace 401 to 404 when token is invalid * Assign different values to public and admin ports * Reuse token_ref fetched in AuthContextMiddleware ------------------------------------------------------------------- Wed Jul 29 05:02:56 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev160: * Updating sample configuration file * Updated from global requirements * add federation docs for mod_auth_mellon ------------------------------------------------------------------- Sat Jul 25 10:36:59 UTC 2015 - seife+obs@b1-systems.com - fix spec file conditions for non-suse distributions ------------------------------------------------------------------- Sat Jul 25 00:12:40 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev156: * Fix four typos and Add one space on keystone document * Imported Translations from Transifex * Fix test_exception.py for py34 * Fix s3.core for py34 * test_base64utils works with py34 * Docs link to ACTIONS * Moves keystone.hacking into keystone.tests * Add missing "raise" when throwing exception ------------------------------------------------------------------- Fri Jul 24 00:15:31 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev141: * Updating sample configuration file * Minor fix in the `configuration.rst` * Correct spacing in ``mapping_combinations.rst`` * Adding Documentation for Mapping Combinations * Clean up docs before creating new ones * Fix docs in federation.routers * Refactor websso ``origin`` validation * Move backends.py to keystone.server * move clean.py into keystone/common * Move cli.py into keystone.cmd * Implement backend filtering on membership queries ------------------------------------------------------------------- Wed Jul 22 16:23:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev119: * Avoid the hard coding of admin token ------------------------------------------------------------------- Wed Jul 22 01:06:07 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev118: * Fix docstrings in contrib * Additional Fernet test coverage * Fix for LDAP filter on group search by name ------------------------------------------------------------------- Tue Jul 21 00:42:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev112: * Updated from global requirements * Document use of wip up to developer ------------------------------------------------------------------- Mon Jul 20 00:40:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev108: * Remove unnecessary executable permission ------------------------------------------------------------------- Sun Jul 19 00:38:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev107: * Do not remove expired revocation events on "get" * Federation API provides method to evaluate rules * Move constants out of federation.core * Deprecate LDAP assignment driver options ------------------------------------------------------------------- Sat Jul 18 00:37:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev99: * Log xmlsec1 output if it fails * Fix test method examining scoped federation tokens * Spelling correction * Fixes grammar in setup.rst in doc source * Updated from global requirements * Use oslo.utils instead of home brewed tempfile * Standardize documentation at Service Managers * Switch from MySQL-python to PyMySQL ------------------------------------------------------------------- Wed Jul 15 00:41:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev85: * Updating sample configuration file * Add testcases for list_role_assignments of v3 domains * Centralizing build_role_assignment_* functions ------------------------------------------------------------------- Tue Jul 14 00:41:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev79: * Replace reference of ksc with osc * Mask passwords in debug log on user password operations ------------------------------------------------------------------- Mon Jul 13 00:39:32 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev77: * Updated from global requirements ------------------------------------------------------------------- Sun Jul 12 00:41:03 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev76: * Changing exception type to ValidationError instead of Forbidden * Removed optional dependency support ------------------------------------------------------------------- Sat Jul 11 00:41:04 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev72: * Fixes grammar in the httpd README * Imported Translations from Transifex * Fixes docstring to make it more precise * Decouple notifications from DI * Fix log message in one of the v3 create call methods * Simplify fernet rotation code * Tests for correct key removed * Add test showing password logged * Add more Rally scenarios ------------------------------------------------------------------- Fri Jul 10 00:41:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev57: * Fix the incorrect format for docstring ------------------------------------------------------------------- Thu Jul 9 11:59:50 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev56: * Catch exception.Unauthorized when checking for admin * Remove convert_to_sqlite.sh * Remove fileutils from oslo-incubator * Remove comment for doc building bug 1260495 * Fix code-block in federation documentation * Modified command used to run keystone-all * Delete extra parentheses in assertEqual message * Fix the invalid testcase * Updating sample configuration file * Add unit test for fernet provider * Update federation docstring * Do not specify 'objectClass' twice in LDAP filter string * Fix tox -e py34 * Change mapping model so rules is dict * Add test case for deleting endpoint with space in url * Update requirements by hand * Group role revocation invalidates all user tokens * Adds some debugging statements ------------------------------------------------------------------- Thu Jul 2 00:40:36 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev21: * Consolidate the fernet provider issue_v3_token() * OS-FEDERATION no longer extension in docs ------------------------------------------------------------------- Wed Jul 1 00:40:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev17: * Switch from deprecated oslo_utils.timeutils.strtime * Update MANIFEST.in ------------------------------------------------------------------- Tue Jun 30 00:25:51 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev14: * Use oslo.service ServiceBase when loading from eventlet * Relax the formats of accepted mapping rules for keystone-manage ------------------------------------------------------------------- Sun Jun 28 00:27:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev10: * Update sample config file * Updated from global requirements ------------------------------------------------------------------- Sat Jun 27 00:27:28 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev7: * Switch to oslo.service * Update sample configuration file * Don't try to drop FK constraints for sqlite ------------------------------------------------------------------- Thu Jun 25 00:31:37 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0b2.dev4: * Python 3: Use range instead of xrange for py3 compatibility 8.0.0.0b1 * Document entrypoint namespaces * Short names for auth plugins ------------------------------------------------------------------- Wed Jun 24 00:31:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0a1.dev20: * Use stevedore for auth drivers ------------------------------------------------------------------- Tue Jun 23 00:33:19 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0a1.dev18: * Update sample configuration file * Remove unused requirements * Add missing keystone-manage commands to doc * Refactor extract function load_auth_method * Add unit test to exercise key rotation * Fix Fernet key rotation ------------------------------------------------------------------- Mon Jun 22 00:35:09 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0a1.dev6: * Remove redundant config ------------------------------------------------------------------- Sat Jun 20 00:36:41 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0a1.dev4: * Imported Translations from Transifex ------------------------------------------------------------------- Fri Jun 19 00:34:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-8.0.0.0a1.dev3: * Update version for Liberty 8.0.0a0 * Fix tests failing on slower system ------------------------------------------------------------------- Wed Jun 17 00:55:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev231: * Refactor: move PKI-specific tests into the appropriate class * Needn't load fernet keys twice * Pass environment variables of proxy to tox ------------------------------------------------------------------- Tue Jun 16 00:54:02 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev225: * Mapping Engine CLI ------------------------------------------------------------------- Fri Jun 12 02:12:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev223: * Imported Translations from Transifex * Add validity check of 'expires_at' in trust creation ------------------------------------------------------------------- Thu Jun 11 07:11:46 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev220: * Fix spelling in configuration comment * Switch keystone over to oslo_log versionutils * Updated from global requirements * Use lower default value for sha512_crypt rounds * Updated from global requirements * Remove unnecessary dependencies from KerberosDomain * Remove deprecated external authentication plugins * Avoid using the interactive interpreter for a one-liner * Revocation engine refactoring * Add testcases to test DefaultDomain * Remove identity_api from AuthInfo dependencies * Fix sample policy to allow user to check own token 2015.1.0 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab * Updated from global requirements * Release Import of Translations from Transifex * Make memcache client reusable across threads * Set default branch to stable/kilo * backend_argument should be marked secret (bnc#929628, CVE-2015-3646) * Update man pages for the Kilo release * make sure we properly initialize the backends before using the drivers * WebSSO should use remote_id_attribute by protocol * Work with pymongo 3.0 2014.2 ------------------------------------------------------------------- Mon Jun 8 00:22:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev275: * Rename directory with rally jobs files * Refactor: use __getitem__ when the key will exists * Refactor: create the lookup object once ------------------------------------------------------------------- Sun Jun 7 00:24:10 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev269: * Remove custom assertions for python2.6 * Fix req.environ[SCRIPT_NAME] value ------------------------------------------------------------------- Sat Jun 6 00:23:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev265: * Updated from global requirements * Order routes so most frequent requests are first ------------------------------------------------------------------- Fri Jun 5 00:23:24 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev262: * Don't query db if criteria longer than col length * Run WSGI with group=keystone * Fix the wrong order of parameters when using assertEqual * Remove the deprecated ec2 token middleware * Replace blacklist_functions with blacklist_calls * Rename driver to backend and fix the inaccurate docstring ------------------------------------------------------------------- Thu Jun 4 00:23:08 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev250: * Updated from global requirements * Consolidate test-requirements files * Switch from deprecated isotime * Update access control configuration in httpd config ------------------------------------------------------------------- Wed Jun 3 00:22:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev245: * Improve error message when tenant ID does not exist * Adds inherited column to RoleAssignment PK ------------------------------------------------------------------- Tue Jun 2 00:23:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev241: * updates sample_data script to use the new openstack commands * Log info for Fernet tokens over 255 chars ------------------------------------------------------------------- Mon Jun 1 00:22:42 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev237: * Update functional tox env requirements * Update sample config file * Correct oauth1 driver help text * Add "enabled" to create service provider example * Removes unused database setup code * Sync oslo-incubator cc19617 ------------------------------------------------------------------- Sun May 31 00:22:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev227: * Update testing keystone2keystone doc * `api_curl_examples.rst` is out of date * Don't assume project IDs are UUID format * Don't assume group IDs are UUID format * Remove randomness from test_client_socket_timeout ------------------------------------------------------------------- Fri May 29 00:23:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev219: * Don't fail on converting user ids to bytes ------------------------------------------------------------------- Thu May 28 02:32:43 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev217: * Move endpoint policy into keystone core * Update dev setup requirements for Python 3.4 ------------------------------------------------------------------- Tue May 26 02:34:10 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev213: * Tests don't override default auth methods/plugins * Tests consistently use auth_plugin_config_override * Test use config_overrides for configs * Correct tests setting auth methods to a non-list * Use single connection in get_all function ------------------------------------------------------------------- Sat May 23 02:30:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev203: * Update sample config file * Make sure LDAP filter is constructed correctly ------------------------------------------------------------------- Fri May 22 02:28:39 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev200: * basestring no longer exists in Python3 * Add mocking for memcache for Python3 tests * Fix xmldsig import * Refactor deprecations tests * Remove the deprecated compute_port option * Removes temporary fix for doc generation * Fixes deprecations test for Python3 * Revert "Loosen validation on matching trusted dashboard" * Implement validation on the Identity V3 API ------------------------------------------------------------------- Wed May 20 00:07:57 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev182: * Improve websso documentation * Workflow documentation is now in infra-manual ------------------------------------------------------------------- Sun May 17 00:06:43 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev178: * Remove XML middleware stub * Replace ci.o.o links with docs.o.o/infra ------------------------------------------------------------------- Sat May 16 00:03:31 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev174: * Rename sample_config to genconfig * Imported Translations from Transifex ------------------------------------------------------------------- Thu May 14 23:58:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev171: * Move bandit requirement to test-requirements-bandit.txt ------------------------------------------------------------------- Tue May 12 23:58:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev169: * Updated from global requirements * Add missing part for `token` object * Remove support for loading auth plugin by class ------------------------------------------------------------------- Mon May 11 23:58:33 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev164: * Update sample config file * Use [] where a value is required * De-duplicate auth methods * Remove unnecessary oauth_api check * Use short names for drivers * Add mocking for ldappool for Python3 tests * Fixes a whitespace issue * Handles modules that moved in Python3 * Handles Python3 builtin changes * Use stevedore for backend drivers ------------------------------------------------------------------- Sun May 10 23:58:20 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev144: * Replace github reference by git.openstack.org and change a doc link * Refactor _create_attribute_statement IdP method * Updated from global requirements ------------------------------------------------------------------- Fri May 8 23:58:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev138: * Fixes use of dict methods for Python3 ------------------------------------------------------------------- Thu May 7 02:07:07 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev137: * Updated from global requirements * Use correct LOG translation indicator for errors ------------------------------------------------------------------- Wed May 6 09:38:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev133: * Add openstack_user_domain to assertion ------------------------------------------------------------------- Wed May 6 02:11:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev131: * Fixes test nits from a previous review ------------------------------------------------------------------- Tue May 5 14:11:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev129: * Pass-in domain when testing saml signing ------------------------------------------------------------------- Sat May 2 01:34:24 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.0.dev128: * Fixes tests to use the config fixture ------------------------------------------------------------------- Fri May 1 01:33:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev150: * Fix tiny typo in comment message * Updates the *py3 requirements files * Add openstack_project_domain to assertion * Prohibit invalid ids in subtree and parents list ------------------------------------------------------------------- Thu Apr 30 01:31:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev143: * Fixes mocking of oslo messaging for Python3 * pycadf now supports Python3 * eventlet now supports Python3 * Updated from global requirements * Update sample config * Allow wsgiref to reconstruct URIs per the WSGI spec * Refactor assignment driver internal clean-up method names ------------------------------------------------------------------- Tue Apr 28 01:33:24 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev130: * Updated from global requirements ------------------------------------------------------------------- Mon Apr 27 10:01:22 UTC 2015 - tbechtold@suse.com - Update to version keystone-2015.2.dev128: * Replaced filter with a list comprehension * Ignore multiple imports per line for six.moves * Fixes order of imports for pep8 * pep8 whitespace changes * Fix the misuse of `versionutils.deprecated` * Update openid connect docs to include other distros * Updated from global requirements * Remove pysqlite test-requirement dependency * Isolate injection tests * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab * Fixes cyclic ref detection in project subtree * Remove project association before removing endpoint group * Add domain_id checking in create_project * Refactor common function for loading drivers * Tests don't override default config with default * Entrypoints for commands * Add fernet to test_supported_token_providers * Tests use Database fixture * Correct path in request logging * Correct request logging query parameters separator * Eventlet green threads not released back to pool * Cleanup test keeping unnecessary fixture references * Fixes the SQL model tests - Remove outdated Requires and BuildRequires ------------------------------------------------------------------- Wed Apr 22 01:14:04 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev84: * Updated from global requirements * Imported Translations from Transifex * Loosen validation on matching trusted dashboard * adds a tox target for functional tests * Adds an initial functional test * Update developer doc to reference Ubuntu 14 * Move common checks into base testcase ------------------------------------------------------------------- Mon Apr 20 01:13:31 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev70: * Fix the incorrect comment * Update Get API version Curl example ------------------------------------------------------------------- Sun Apr 19 01:33:38 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev66: * Stops injecting revoke_api into TestCase * Update keystone.sample.conf * Use choices in config.py * remove useless nocatalog tests of endpoint_filter * Refactor: extract and rename unique_id method * Add test to list projects by the parent_id ------------------------------------------------------------------- Sat Apr 18 01:14:23 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev54: * Remove assigned protocol before removing IdP * Expose domain_name in the context for policy.json * Make memcache client reusable across threads * Remove unused policy rule for get_trust ------------------------------------------------------------------- Fri Apr 17 00:13:55 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev46: * Use correct LOG translation indicator for warnings * Don't provide backends from __all__ in persistence * Fix index name the assignment.actor_id table * Refactor sql filter code for clarity ------------------------------------------------------------------- Thu Apr 16 00:14:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev38: * Fix incorrect setting in WebSSO documentation * Exposes bug on role assignments creation * Redundant events on group grant revocation ------------------------------------------------------------------- Wed Apr 15 00:14:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev33: * Checking if Trust exists should be DRY * Add routing for list_endpoint_groups_for_project ------------------------------------------------------------------- Tue Apr 14 00:13:30 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev29: * backend_argument should be marked secret * Fix signed_saml2_assertion.xml tests fixture * Removes discover from test-reqs ------------------------------------------------------------------- Sun Apr 12 00:15:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev23: * Refactor MemcachedBackend to not be a Manager ------------------------------------------------------------------- Sat Apr 11 00:15:28 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev21: * Tests use common base class * Mark some strings for translation ------------------------------------------------------------------- Fri Apr 10 00:15:11 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev17: * make sure we properly initialize the backends before using the drivers * WebSSO should use remote_id_attribute by protocol * Update openstack-common reference in openstack/common/README * Update testing docs ------------------------------------------------------------------- Thu Apr 9 00:12:33 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev9: * Work with pymongo 3.0 * Update man pages for the Kilo release * Add placeholders for reserved migrations * Tox env for Bandit ------------------------------------------------------------------- Wed Apr 8 00:14:46 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.2.dev2: 2015.1.0rc1 * Open Liberty development * Improved policy setting in the 'v3 filter' tests * Handle NULL value for service.extra in migration 066 * Skip SSL tests because some platforms do not enable SSLv3 * Add index to the revocation_event.revoked_at * Fix for notifications for v2 role grant/delete ------------------------------------------------------------------- Tue Apr 7 00:13:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev143: * Fix the typo in `token/providers/fernet/core.py` * Document websso setup * Don't add unformatted project-specific endpoints to catalog ------------------------------------------------------------------- Sun Apr 5 00:14:02 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev138: * Allow identity provider to be created with remote_ids set to None * Fix multiple SQL backend usage validation error * Expose multiple SQL backend usage validation error ------------------------------------------------------------------- Sat Apr 4 00:13:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev133: * Import fernet providers only if used in keystone-manage * Imported Translations from Transifex * Update sample config file * Fix errors in ec2 signature logic checking * Fixes bug in Federation list projects endpoint * Exposes bug in Federation list projects endpoint * Cleanup use of .driver * Fix setting default log levels ------------------------------------------------------------------- Fri Apr 3 00:13:44 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev117: * Reload drivers when their domain config is updated * Correcting the name of directory holding dev docs * Updated from global requirements * Remove unnecessary .driver. references in assignment manager * Rename notification for create/delete grants * Drop sql.transaction() usage in migration * Update configuration documentation for domain config * Fix for migration 062 on MySQL * Bump advertised API version to 3.4 * Deprecate eventlet config options * More content in the guide for core components' migration ------------------------------------------------------------------- Mon Mar 30 10:39:00 UTC 2015 - rsalevsky@suse.com - Update to version keystone-2015.1.dev96: * Extract response headers to private method * Imported Translations from Transifex * Add API to create ecp wrapped saml assertion * Add relay_state_prefix to Service Provider * Change the way values are migrated for 007_add_remote_id_table * Use ORM in upgrade test instead of manual query construction * Remove empty request bodies * Remove unnecessary import that was not checked * IdP ID registration and validation * Imported Translations from Transifex * add test of /v3/auth/catalog for endpoint_filter * Make trust manager raise formatted message exception * Revert "Document mapping of policy action to operation" * Remove SQL Downgrades * Add caching to getting of the fully substituted domain config * Refactor _create_projects_hierarchy in tests * Fixes bug when getting hierarchy on Project API * Exposes bug when getting hierarchy on Project API * use tokens returned by delete_tokens to invalidate cache * Loosen the validation schema used for trustee/trustor ids * region.description is optional and can be null * Document mapping of policy action to operation * Update install.rst for Fedora * Update sample config file * Remove parent_id in v2 tenant response * create _member_ role as specified in CONF * Fix sample policy to allow user to revoke own token * Add unit tests for sample policy token operations * Fix up token provider help text * Remove parent_id in v2 token response ------------------------------------------------------------------- Thu Mar 19 12:55:57 UTC 2015 - rsalevsky@suse.com - Update to version keystone-2015.1.dev497: * Needn't workaround when invoking `app.request()` 2015.1.0b3 * Imported Translations from Transifex * Update sample httpd config file * Cleanup Fernet testcases and add comments * Fix nullable constraints in service provider table * Adds test for federation mapping list order issues * Updated from global requirements * Prefer . to setattr()/getattr() * Support upload domain config files to database * Update Apache httpd config docs for token persistence * Add inline comment and docstrings fixes for Fernet * Move backend LDAP role testing to the new backend testing module * URL quote Fernet tokens * Use existing token test for Fernet tokens * Implement Fernet tokens for v2.0 tokens * remove expected backtrace from logs * Log when no external auth plugin registered * Enable sensitive substitutions into whitelisted domain configs * Imported Translations from Transifex * Create a fixture for key repository * Ignore unknown groups in lists for Federation * Remove RestfulTestCase.admin_request * Remove SSL configuration instructions from HTTPd docs * Wrap apache-httpd.rst * Remove fix for migration 37 * Cleanup for credentials schema test * Build domain scope for Fernet tokens * Mark the domain config API as experimental * Imported Translations from Transifex * Allow methods to be carried in Fernet tokens * Federated token formatter * Refactor: make Fernet token creation/validation API agnostic * Convert audit_ids to bytes * Drop Fernet token prefixes & add domain-scoped Fernet tokens * Add JSON schema validation for service providers * Implements whitelist and blacklist mapping rules * Adding utf8 to federation tables * Abstract the direct map concept into an object ------------------------------------------------------------------- Sat Feb 14 01:20:08 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev102: * Cleanup tests to not set multiple workers * Use subunit-trace from tempest-lib * Log exceptions safely * Imported Translations from Transifex * Refactor _send_audit_notification * Updated from global requirements * Remove excess brackets in exception creation * Update policy doc to use new rule format * remove the unused variables in indentity/core.py * make federation part of keystone core * Small cleanup of cloudsample policy * Fix error message on check on RoleV3 * Improve creation of expected assignments in tests * Add a check to see if a federation token is being used for v2 auth * Adds a fork of python-ldap for Py3 testing * Updates Python3 requirements * Add local rules in the federation mapping tests * Don't try to convert LDAP attributes to boolean * Add schema for endpoint group * Don't coerce port config values * Add new "RoleAssignment" exception * Fix evaluation logic of federation mapping rules * Minor fix in RestfulTestCase * Remove unused testscenarios requirement * Integrate logging with the warnings module ------------------------------------------------------------------- Fri Feb 13 11:02:13 UTC 2015 - dmueller@suse.com - update logrotate.conf ------------------------------------------------------------------- Fri Feb 13 01:18:56 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev53: * fix assertTableColumns * Imported Translations from Transifex * Sync with oslo-incubator ------------------------------------------------------------------- Thu Feb 12 01:19:46 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev47: * Split the assignments controller * log wsgi requests at INFO level ------------------------------------------------------------------- Wed Feb 11 01:19:30 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev43: * Use _VersionsEqual for a few more version tests * Remove test PYTHONHASHSEED setting * Correct version tests for result ordering * Correct a v3 auth test for result ordering * Correct catalog response checker for result ordering * Correct test_get_v3_catalog test for result ordering * Correct test_auth_unscoped_token_project for result ordering * Fix the syntax issue on creating table `endpoint_group` * Change hacking check to verify all oslo imports * Change oslo.i18n to oslo_i18n * Change oslo.config to oslo_config * Change oslo.db to oslo_db * Remove XMLEquals from tests * Remove unused test case * Change oslo.messaging to oslo_messaging * Deprecate LDAP Assignment Backend * Fix downgrade test for migration 61 on non-sqlite ------------------------------------------------------------------- Tue Feb 10 01:23:54 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev10: * Make identity id mapping handle unicode * Improve testing of unicode id mapping * Change oslo.serialization to oslo_serialization ------------------------------------------------------------------- Sun Feb 8 01:43:42 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev6: * Imported Translations from Transifex ------------------------------------------------------------------- Sat Feb 7 01:42:58 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev5: * Fix race on default role creation * Imported Translations from Transifex ------------------------------------------------------------------- Fri Feb 6 01:45:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev3: * Unscoped to Scoped only * Refactor federation SQL backend 2015.1.0b2 * Handle SSL termination proxies for version list ------------------------------------------------------------------- Thu Feb 5 01:34:11 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev214: * Set initiators ID to user_id * Updated from global requirements * Adds a wip decorator for tests ------------------------------------------------------------------- Wed Feb 4 01:46:52 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev209: * Imported Translations from Transifex * Update federation config to use Service Providers * Drop URL field from region table * Create K2K SAML assertion from Service Provider * Service Providers API for OS-FEDERATION * Implements subtree_as_ids query param * Refactor role assignment assertions * Remove local conf information from paste-ini * Explicit Unscoped * Remove TODO comment which has been addressed * Refactor keystone-all and http/keystone * Add positive test case for content types * add circular check when updating region * fix the wrong update logic of catalog kvs driver ------------------------------------------------------------------- Tue Feb 3 01:46:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev181: * Fixes 'OS-INHERIT:inherited_to' info in tests * During authentication validate if IdP is enabled * Fix typo in Patch #142743 * Implements parents_as_ids query param * Multiple IDP authentication URL * Change oslo.utils to oslo_utils * Imported Translations from Transifex * Regenerate sample config file * Make unit tests call the new resource manager * Make controllers and managers reference new resource manager * Remove unused pointer to assignment in identity driver * Move projects and domains to their own backend * Make role manager refer to role cache config options * Documentation fix for Keystone Architecture * Imported Translations from Transifex * Fix up _ldap_res_to_model for ldap identity backend * Use RequestBodySizeLimiter from oslo.middleware * Remove list_user_projects method from assignment * Remove unnecessary code block of exception handling * do parameter check before updating endpoint_group ------------------------------------------------------------------- Thu Jan 29 01:01:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev144: * remove invalid note * Move test_utils to keystone/tests/unit/ ------------------------------------------------------------------- Wed Jan 28 01:03:10 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev140: * Add library oslo.concurrency in config-generator config file * Updated from global requirements * fix test_ec2_list_credentials * Assignment sql backend create_grant refactoring * Fix incorrect session usage in tests * Change /POST to /ECP at federation config ------------------------------------------------------------------- Tue Jan 27 01:00:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev129: * Updated from global requirements ------------------------------------------------------------------- Sun Jan 25 01:00:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev128: * Updated from global requirements ------------------------------------------------------------------- Thu Jan 22 01:00:10 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev127: * Correct comment about circular dependency * Refactor assignment manager/driver methods ------------------------------------------------------------------- Wed Jan 21 01:01:47 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev123: * Updated from global requirements ------------------------------------------------------------------- Mon Jan 19 14:52:46 UTC 2015 - rhafer@suse.com - fixed dependencies. The LDAP backend requires python-ldappool ------------------------------------------------------------------- Mon Jan 19 01:01:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev122: * Imported Translations from Transifex * Identify groups by name/domain in mapping rules * correct the help text of os_inherit * invalidate cache when updating catalog objects ------------------------------------------------------------------- Sat Jan 17 01:01:01 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev115: * Updated from global requirements * Move sql specific filter test code into test_backend_sql * Fix migration 42 downgrade ------------------------------------------------------------------- Fri Jan 16 01:01:13 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev110: * Fix incorrect filter test name * Update the keystone sample config * Scope federated token with 'token' identity method * Make unit tests call the new, split out, role manager * Make controllers call the new, split out, role manager * Correct doc string for grant driver methods * Split roles into their own backend within assignments * Fix transaction issue in migration 44 downgrade ------------------------------------------------------------------- Thu Jan 15 01:00:50 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev94: * Update Inherited Role Assignment Extension section * Limit lines length on configuration doc * Fixes spacing in sentences on configuration doc * Fixes several typos on configuration doc * Trust redelegation * add missing parent_id parameter check in project schema * Updated from global requirements * Correct failures for H238 * Move to hacking 0.10 * Always return the service name in the catalog ------------------------------------------------------------------- Wed Jan 14 00:59:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev74: * Additional test coverage for password changes ------------------------------------------------------------------- Mon Jan 12 00:59:26 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev73: * Updated from global requirements ------------------------------------------------------------------- Sat Jan 10 00:59:06 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev72: * Remove unused fields in base TestCase * Keystoneclient tests from venv-installed client * Cleanup test-requirements for keystoneclient * Fix tests using extension drivers ------------------------------------------------------------------- Fri Jan 9 00:59:36 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev65: * Fix downgrade from migration 61 on non-sqlite * explicit namespace prefixes for SAML2 assertion * Remove requirements not needed by oslo-incubator modules anymore * let endpoint_filter sql backend return dict data ------------------------------------------------------------------- Wed Jan 7 00:59:06 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev58: * Ensure manager grant methods throw exception if role_id is invalid * update sample conf using latest oslo.conf * Remove unnecessary oslo incubator bits ------------------------------------------------------------------- Tue Jan 6 01:00:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev52: * switch from sample_config.sh to oslo-config-generator ------------------------------------------------------------------- Mon Jan 5 12:47:37 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev50: * Enable hacking rule H302 ------------------------------------------------------------------- Mon Jan 5 00:59:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev48: * Tests fail only on deprecation warnings from keystone ------------------------------------------------------------------- Sat Jan 3 00:59:27 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev47: * Update the keystone.conf sample * Remove extra V3 version router ------------------------------------------------------------------- Thu Jan 1 01:00:12 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2015.1.dev43: * improve the EP-FILTER catalog length check in test_v3.py * Don't allow deprecations during testing * Fix to not use deprecated Exception.message * Fix to not use empty IN clause * Removes a Py2.6 version of assertSetEqual * Removes a Py2.6 version of inspect.getcallargs * Removes a bit of WSGI code converts unicode to str * Enhance FakeLdap to require base entry for subtree search ------------------------------------------------------------------- Mon Dec 29 16:50:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev27: * fix wrong self link in the response of endpoint_groups API * rename oslo.concurrency to oslo_concurrency ------------------------------------------------------------------- Mon Dec 29 00:59:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev24: * Imported Translations from Transifex * Expanded mutable hacking checks * Make the mutable default arg check very strict * Correct use of noqa ------------------------------------------------------------------- Wed Dec 24 01:00:02 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev17: * Memcache connection pool excess check ------------------------------------------------------------------- Sat Dec 20 01:00:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev15: * Be more precise with flake8 filename matches * Use bashate to run_tests.sh * Update federation docs to point to specs.o.org ------------------------------------------------------------------- Fri Dec 19 01:17:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev9: * sync to oslo commit 1cf2c6 * Update docs to no longer show XML support 2015.1.0b1 * Remove unnecessary ldap import * Change config option examples to v3 ------------------------------------------------------------------- Thu Dec 18 01:15:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev297: * Check and delete for policy_association_for_region_and_service * Remove XML support * Fix modifying a role with same name using LDAP * Add a test for modifying a role to set the name the same * Fix disabling entities when enabled is ignored * Add tests for enabled attribute ignored * Fix update role without name using LDAP ------------------------------------------------------------------- Wed Dec 17 01:18:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev283.g3f42c1a: * Rename `removeEvent` to be more pythonic * Fix the way migration helpers check FK names * Add test for update role without name * Fixes links in Shibboleth configuration docs * fix wrong indentation in contrib/federation/utils.py * default revoke driver should be the non-deprecated driver ------------------------------------------------------------------- Tue Dec 16 01:17:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev272.g9ee165f: * Remove database setup duplication ------------------------------------------------------------------- Sun Dec 14 01:16:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev270.gd5c8a37: * Inherited role assignments to projects ------------------------------------------------------------------- Sat Dec 13 01:17:59 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev268.ged7b033: * Cleanup eventlet use in tests ------------------------------------------------------------------- Fri Dec 12 01:17:14 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev266.gca8a8a6: * Updated from global requirements * Remove endpoint_substitution_whitelist config option * TestAuthPlugin doesn't use test_auth_plugin.conf * Add missing translation marker for dependency ------------------------------------------------------------------- Thu Dec 11 01:14:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev258.g71c9bf5: * Fix inherited user role test docstring ------------------------------------------------------------------- Tue Dec 9 01:15:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev257.g6aaba42: * Adds openSUSE support for developer documentation * User ids that begin with 0 cannot authenticate through ldap * Typo in policy call * Updated from global requirements * Correct max_project_tree_depth config help text * make sample_data.sh account for the default options in keystone.conf * Move notification unit tests to unit test dir * Remove useless field passed into SQLAlchemy "distinct" statement ------------------------------------------------------------------- Sun Dec 7 01:15:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev241.g2355f3a: * Updated from global requirements ------------------------------------------------------------------- Sat Dec 6 01:15:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev240.g39a93ca: * Adds correct checks in LDAP backend tests * Updated from global requirements * Create, update and delete hierarchical projects * Remove irrelative comment * Moves hacking tests to unit directory * Provide useful info when parsing policy file ------------------------------------------------------------------- Fri Dec 5 01:16:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev229.g5513052: * Add an identity backend method to get group by name * remove deprecated access log middleware * sys.exit mock cleanup * Fixes endpoint_filter tests ------------------------------------------------------------------- Thu Dec 4 01:15:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev222.g37c6766: * Base methods to handle hierarchical projects * Add parent_id field to projects * Update the feature/hierarchical-multitenancy branch ------------------------------------------------------------------- Wed Dec 3 10:12:43 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev215.gd82a3ca: * drop developer support for OS X ------------------------------------------------------------------- Wed Dec 3 01:17:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev213.ga8106b1: * Ignore H302 - bug 1398472 ------------------------------------------------------------------- Tue Dec 2 01:16:55 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev212.g1083161: * Multiple IdPs problem * Fixes docstring at eventlet_server * Fix the copy-pasted help info for db_version * Update keystone readme to point to specs.o.org * Use true() rather than variable/singleton * use expected_length parameter to assert expected length ------------------------------------------------------------------- Sat Nov 29 01:25:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev201.gdba82b1: * Updated from global requirements ------------------------------------------------------------------- Thu Nov 27 01:27:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev200.g2f00feb: * Move check_output and git() to test utils ------------------------------------------------------------------- Wed Nov 26 01:25:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev198.g6fb51ed: * Use _ definition from keystone.i18n * Remove Python 2.6 classifier * Speed up memcache lock * Add WSGIPassAuthorization to OAuth docs ------------------------------------------------------------------- Tue Nov 25 01:24:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev190.gea4fcec: * Fixes create_saml_assertion() return * Remove duplicate setup logic in federation tests ------------------------------------------------------------------- Sun Nov 23 00:56:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev186.g527924b: * Add import i18n to federation/controllers.py * Correct use of config fixture * Extends hacking check for logging to verify i18n hints ------------------------------------------------------------------- Sat Nov 22 00:56:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev180.gb55aa76: * Adds missing log hints for level E/I/W * Adds dynamic checking for mapped tokens ------------------------------------------------------------------- Fri Nov 21 00:57:19 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev176.g1ee9468: * Updated from global requirements ------------------------------------------------------------------- Thu Nov 20 14:37:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev175.g2bea749: * Enable cloud_admin to list projects in all domains * Remove string from URL in list_revoke_events() * Configuring Keystone edits * Imported Translations from Transifex * Increase test coverage of test_versions.py * Increase test coverage of test_base64utils.py * Move base64 unit tests to keystone/tests/unit dir * Move injection unit tests to keystone/tests/unit * Doc about specifying domains in domains specific backends * Update references to auth_token middleware ------------------------------------------------------------------- Sat Nov 15 01:02:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev157.g4ec0c61: * Move test_pemutils.py to unit test directory * Don't return ``user_name`` in mapped.Mapped class * Allow for REMOTE_USER name in federation mapping * Exclude domains with inherited roles from user domain list * Improve testing of exclusion of inherited roles * Fix project federation tokens for inherited roles * Improve testing of project federation tokens for inherited roles * Move shib specific documentation ------------------------------------------------------------------- Fri Nov 14 01:02:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev141.g32734df: * Fix domain federation tokens for inherited roles * fix the wrong order of assertEqual args in test_v3 ------------------------------------------------------------------- Thu Nov 13 01:03:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev137.g6d5a093: * Improve testing of domain federation tokens for inherited roles * Additional debug logs for federation flows * Add openid connect support ------------------------------------------------------------------- Wed Nov 12 01:04:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev131.gb05a540: * Enable hacking rule H904 * Prevent infinite loop in token_flush * Tests raise exception if logging problem ------------------------------------------------------------------- Tue Nov 11 01:03:56 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev125.ge333b41: * Change ca to uppercase in keystone.conf * Doc about deleting a domain specific backend domain ------------------------------------------------------------------- Mon Nov 10 01:26:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev121.g2b7fdb1: * Fix misspelling at configuration.rst file ------------------------------------------------------------------- Sat Nov 8 01:26:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev120.g17ec695: * Imported Translations from Transifex ------------------------------------------------------------------- Fri Nov 7 01:27:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev119.gb13db25: * Imported Translations from Transifex * Enable hacking rule H104 File contains nothing but comments * Rename _handle_saml2_tokens() method * Updated from global requirements ------------------------------------------------------------------- Thu Nov 6 01:27:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev114.g2ba7d67: * Rename _handle_saml2_tokens( ------------------------------------------------------------------- Thu Oct 30 07:05:14 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev113.g3d9184b: * Updated from global requirements * Remove token persistence proxy * revise error message for keystone.token.persistence pkg ------------------------------------------------------------------- Thu Oct 30 01:17:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev107.g7fa6e92: * Adds IPv6 url validation support ------------------------------------------------------------------- Wed Oct 29 01:18:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev106.gf45b3e5: * Use oslo.concurrency instead of sync'ed version * Use correct name of oslo debugger script ------------------------------------------------------------------- Tue Oct 28 01:15:03 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev102.g15a01f2: * Remove nonexistant param from docstring * Fixes aggressive use of translation hints ------------------------------------------------------------------- Mon Oct 27 17:40:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev98.g1658095: * Sync modules from oslo-incubator * test_utils use jsonutils from oslo.serialization * Add fileutils module * PKI and PKIZ tokens unnecessary whitespace removed * Move unit tests from test_backend_ldap * Updated from global requirements * Imported Translations from Transifex * Correct the code path of implementation for the abstract method * Use newer python-ldap paging control API * Add xmlsec1 dependency comments * Add max-complexity to pep8 for Keystone * Remove check_password() in identity.backend.ldap * Remove unused ec2 driver option * Extract Assignment tests from IdentityTestCase * Fixes docstrings to be more accurate ------------------------------------------------------------------- Fri Oct 17 00:34:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev73.gfdbad9f: * Restrict certain APIs to cloud admin in domain-aware policy ------------------------------------------------------------------- Thu Oct 16 00:32:00 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev72.g61ccca5: * wrong logic in assertValidRoleAssignmentListResponse method ------------------------------------------------------------------- Tue Oct 14 00:33:57 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev70.gb276f3d: * obsolete deployment docs * Address some late comments for memcache clients * Fix fakeldap search_s documentation ------------------------------------------------------------------- Sun Oct 12 00:38:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev64.gc0285c8: * Add v3 openstackclient CLI examples * Update the CLI examples to also use openstackclient ------------------------------------------------------------------- Sat Oct 11 00:45:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev60.gaf25b2b: * Clean up federated identity audit code ------------------------------------------------------------------- Fri Oct 10 00:46:26 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev58.g9025b64: * Updated from global requirements * revise docs on default _member_ role * Refactor FakeLdap to share delete code * Updates package comment to be more accurate ------------------------------------------------------------------- Thu Oct 9 00:45:24 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev50.g1b2fc1e: * Fixes a spelling error in hacking tests * Remove deprecated KVS trust backend * Imported Translations from Transifex * Replace an instance of keystone/openstack/common/timeutils * Use importutils from oslo.utils * Use jsonutils from oslo.serialization * Update 'Configuring Services' documentation * Use openstackclient examples in configuration documentation * Remove deprecated TemplatedCatalog class * Add an XML code directive to a shibboleth example * Add testcase for coverage of 002_add_endpoint_groups ------------------------------------------------------------------- Tue Oct 7 12:57:10 UTC 2014 - dmueller@suse.com - fix cert creation on hosts with broken hostname ------------------------------------------------------------------- Tue Oct 7 00:25:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev30.g5a615fc: * Ensure sql upgrade tests can run with non-sqlite databases * Remove identity and assignment kvs backends ------------------------------------------------------------------- Mon Oct 6 00:22:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev26.gb27a9b2: * Validates controller methods exist when specified * Switch LdapIdentitySqlAssignment to use oslo.mockpatch ------------------------------------------------------------------- Sun Oct 5 00:23:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev22.g4f9bbb8: * Fixes an error deleting an endpoint group project * Remove images directory from docs * Fix tests comparing tokens ------------------------------------------------------------------- Fri Oct 3 00:25:14 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev17.gaf1f960: * Remove OS-STATS monitoring * Handle default string values when using user_enabled_invert * Remove duplicated assertion * Remove unused cache functions from token.core ------------------------------------------------------------------- Thu Oct 2 00:10:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev10.gc1b8fbc: * Convert unicode to UTF8 when calling ldap.str2dn() * Fix parsing of emulated enabled DN ------------------------------------------------------------------- Wed Oct 1 00:11:00 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev6.ge258917: * Add test for getting a token with inherited role 2014.2.rc1 ------------------------------------------------------------------- Tue Sep 30 00:38:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2015.1.dev201.g82ded4a: * Open Kilo development * Add placeholders for reserved migrations * add --rebuild option for ssl/pki_setup ------------------------------------------------------------------- Mon Sep 29 12:23:11 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev196.g6778df0: * Correct typos in keystone/common/base64utils.py docstrings * improve dependency injection doc strings * Remove trailing space from string * Fixes code comment to be more accurate ------------------------------------------------------------------- Sun Sep 28 00:35:15 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev188.g1f9248e: * Imported Translations from Transifex * Uses session in migration to stop DB locking * Set issuer value to CONF.saml.idp_entity_id * Updated from global requirements * Add version attribute to the SAML2 Assertion object * Fail on empty userId/username before query ------------------------------------------------------------------- Sat Sep 27 00:35:00 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev176.g0200751: * Mark k2k as experimental * Update architecture documentation ------------------------------------------------------------------- Fri Sep 26 09:42:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev172.gd229892: * New section for CLI examples in docs * Fix failure of delete domain group grant when identity is LDAP * Clean up the Configuration documentation * Adding an index on token.user_id and token.trust_id ------------------------------------------------------------------- Fri Sep 26 00:35:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev164.g2fc25ff: * Fix a spelling mistake in keystone/common/utils.py ------------------------------------------------------------------- Thu Sep 25 08:25:52 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev162.gd8d1477: * Prevent infinite recursion on persistence core on init ------------------------------------------------------------------- Wed Sep 24 23:50:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev160.g08416ac: * Imported Translations from Transifex * Read idp_metadata_path value from CONF.saml * Fix Policy backend driver documentation ------------------------------------------------------------------- Tue Sep 23 23:48:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev154.g1af2428: * Fix create and user-role-add in LDAP backend * Fix minor spelling issues in comments * Add a pool of memcached clients * Set LDAP certificate trust options for LDAPS and TLS ------------------------------------------------------------------- Mon Sep 22 23:49:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev146.g641381a: * Update URLs for keystone federation configuration docs * Add info about pysaml2 into federation docs ------------------------------------------------------------------- Sun Sep 21 23:49:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev142.g54054e8: * Do not run git-cloned ksc master tests when local client specified ------------------------------------------------------------------- Sat Sep 20 23:49:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev140.g2f14f3a: * Mock doesn't have assert_called_once() * Imported Translations from Transifex ------------------------------------------------------------------- Sat Sep 20 00:21:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev136.gee4ee3b: * Updated from global requirements * Safer check for enabled in trusts * Set the default number of workers when running under eventlet * Add the processutils from oslo-incubator * Update 'Configure Federation' documentation * Update man pages ------------------------------------------------------------------- Fri Sep 19 00:23:05 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev124.g8e6e6b3: * Ensure identity sql driver supports domain-specific configuration ------------------------------------------------------------------- Thu Sep 18 00:20:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev123.ga56d363: * Allow users to clean up role assignments ------------------------------------------------------------------- Wed Sep 17 00:22:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev121.gae22900: * Adds a whitelist for endpoint catalog substitution (bnc#895847, CVE-2014-3621) * Revoke the tokens of group members when a group role is revoked * Change pysaml2 comment in test-requrements.txt * Document Keystone2Keystone federation ------------------------------------------------------------------- Tue Sep 16 00:20:11 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g9d4e22b: * ldap/core deleteTree not always supported * Reduce unit test log level for notifications * Fix delete group cleans up role assignments with LDAP * Refactor LDAP backend using context manager for connection * Add delete notification to endpoint grouping * Ensure a consistent transactional context is used * Adds hint about filter placement to extension docs * Making KvsInheritanceTests use backend KVS ------------------------------------------------------------------- Sun Sep 14 00:21:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev100.g30c1e8b: * Fix using local ID to clean up user/group assignments * Add characterization test for cleanup role assignments for group * Fix LDAP group role assignment listing * Adds pipeline hints to the example paste config * Use id attribute map for read-only LDAP * Use oslo_debug_helper and remove our own version * trustor_user_id not available in v2 trust token ------------------------------------------------------------------- Sat Sep 13 00:20:56 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev86.g1e20448: * Add V3 JSON Home support to GET / * Make the extension docs a top level entry in the landing page * LDAP: refactor use of "1.1" OID * Enable filtering of services by name * Sync jsonutils from oslo-incubator 32e7f0b5 * Update the docs that list sections in keystone.conf ------------------------------------------------------------------- Fri Sep 12 00:22:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev74.gc4e9556: * Document mod_wsgi doesn't support chunked encoding * Keystone local authenticate has an unnecessary pending audit record * JSON Home data is required ------------------------------------------------------------------- Thu Sep 11 00:19:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev68.g12655bf: * Stop skipping LDAP tests * Update the revocation configuration docs * Fixes formatting error in debug log statement * Update paste pipelines in configuration docs * Fixed typo 'in sane manner' to 'in a sane manner' * correct typos * Prevent domains creation for the default LDAP+SQL * Fix oauth sqlite migration downgrade failure * Imported Translations from Transifex * Avoid conversion of binary LDAP values (bnc#897467) * Remove unused variable TIME_FORMAT * Add characterization test for group role assignment listing * Fix dn_startswith * Fixes a mock cleanup issue caused by oslotest * Add rst code-blocks to a bunch of missing examples * Capitalize all instances of Keystone in the docs 2014.2.b3 * Fixed spelling mistakes in comments * use one indentation style * Fix admin server doesn't report v2 support in Apache httpd * Add test for single app loaded version response * Work toward Python 3.4 support and testing * Update the federation configuration docs for saml2 * Add docs for enabling endpoint policy * warn against sorting requirements * Fix minor nits for token2saml generation * Routes for Keystone-IdP metadata endpoint ------------------------------------------------------------------- Fri Sep 5 00:19:42 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev324.g7d9b8dc: * Lower log level for notification registration * Test cleanup: do not leak FDs during test runs * Cleanup superfluous string comprehension and coersion ------------------------------------------------------------------- Thu Sep 4 00:20:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev318.g8661e94: * Adds region back into the catalog endpoint * Implementation of Endpoint Grouping * Implement validation on Trust V3 API * Remove TODO that was done * Fix follow up review issues with endpoint policy backend patch * Mark the revoke kvs backend deprecated, for removal in Kilo ------------------------------------------------------------------- Tue Sep 2 13:15:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev306.g67b474f: * Transform a Keystone token to a SAML assertion * Fix region schema comment * Remove unused _validate_endpoint * controller for the endpoint policy extension * Implement validation on the Catalog V3 API ------------------------------------------------------------------- Mon Sep 1 00:20:43 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev296.g7b81974: * backend for policy endpoint extension * Implement validation on Credential V3 * Implement validation on Policy V3 API * Fix token flush fails with recursion depth exception * Add index for actor_id in assignments table * Endpoint table is missing reference to region table * add missing log hints for level C/E/I/W * Add string id type validation * Implement validation on Assignment V3 API * Redirect stdout and stderr when using subprocess ------------------------------------------------------------------- Sun Aug 31 00:19:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev276.g9a8e6bd: * Add audit support to keystone federation * Adds tests that show how update with validation works * Mark the trust kvs backend deprecated, for removal in Kilo * Do not load auth plugins by class in tests ------------------------------------------------------------------- Sat Aug 30 00:20:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev269.ge0d8377: * Add commas for ease of maintenance * Comments to docstrings for notification emit methods * Notification cleanup: namespace actions * Add bash code style to some portions of configuration.rst * Update tests to not use token_api * Make persistence manager in token_provider_api private * Add extra guarding to revoke_by_audit_id methods * Mark methods on token_api deprecated * Remove SAML2 plugin dependency on token_api * Remove oauth controller dependency on token_api ------------------------------------------------------------------- Fri Aug 29 00:20:52 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev249.g18efc78: * Mark kvs backends as deprecated, for removal in Kilo * Add libxmlsec1 as external package dependency on OS X * Remove assignment_api dependency on token_api ------------------------------------------------------------------- Thu Aug 28 15:54:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev243.g4bbbf81: * Update sample config ------------------------------------------------------------------- Wed Aug 27 23:48:11 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev241.gf4f0bdf: * Enhance GET /v3 to handle Accept header * Enhance V3 extensions to provide JSON Home data * Enhance V3 extension class to integrate JSON Home data * Change OS-INHERIT extension to provide JSON Home data * Change the sub-routers to provide JSON Home data * Change V3 router classes to provide JSON Home data * Create additional docs for role assignment events * Add __repr__ to KeystoneToken model * Notification Constant Cleanup and internal notify type * Remove wsgi and base controller dependency on token_api * Remove identity_api dependency on token_api * Remove trust dependency on token_api * Update AuthContextMiddleware to not use token_api * Back off initial migration to 34 ------------------------------------------------------------------- Tue Aug 26 23:47:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev213.g0b54321: * Revoke by Audit Id / Audit Id Chain instead of expires * assignment controller error path fix * Make SQL the default backend for Identity & Assignment unit tests * Enhance V3 version controller to provide JSON Home response * Provide the V3 routers to the V3 extension controller * Back off initial migration to 35 * Configurable python-keystoneclient repo ------------------------------------------------------------------- Mon Aug 25 23:47:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev199.gde2c6e1: * Add CADF notifications for role assignment create and delete * Enhance V3 routers to store basic resource description ------------------------------------------------------------------- Mon Aug 25 13:04:08 UTC 2014 - bwiedemann@suse.com - use %_rundir if available, otherwise /var/run ------------------------------------------------------------------- Sat Aug 23 23:47:24 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev195.ge372aaf: * Sync Py2 and Py3 requirements files * Standardizing the Federation Process ------------------------------------------------------------------- Fri Aug 22 23:47:43 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev191.g463b2ee: * Convert to urlsafe base64 audit ids * Sync with oslo-incubator * Add audit ids to tokens ------------------------------------------------------------------- Thu Aug 21 23:47:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev185.gf6ad8f0: * Add notifications for policy, region, service and endpoint * Correct the signature for some catalog abstract method signatures * Fixing simple type in comment * Create authentication specific routes * Allow LDAP lock attributes to be used as enable attributes ------------------------------------------------------------------- Tue Aug 19 23:46:59 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev177.g498a003: * Enable filtering of credentials by user ID * Expose context to create grant and delete grant * Use python convention for function names in test_notifications * Fixes an issue with the XMLEquals matcher ------------------------------------------------------------------- Mon Aug 18 16:09:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev170.g2e49770: * Use mail for the default LDAP email attribute name ------------------------------------------------------------------- Sat Aug 16 00:25:15 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev168.g45728c5: * Bump hacking to 0.9.x series * Rename bash8 requirement * Support the hints mechanism in list_credentials() * Keystone service throws error on receiving SIGHUP * Issue multiple SQL statements in separate engine.execute() calls ------------------------------------------------------------------- Fri Aug 15 00:24:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev159.ga1da397: * Do not require method attribute on plugins ------------------------------------------------------------------- Thu Aug 14 00:24:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev157.g409c94d: * Remove _BaseFederationExtension * Add a URL field to region table * Remove unnecessary declaration of CONF * Filter List Regions by 'parent_region_id' ------------------------------------------------------------------- Wed Aug 13 04:53:33 UTC 2014 - tbechtold@suse.com - Update to version keystone-2014.2.dev149.g2ea3006: * Updates the sample config * remove unused import * Clean whitespace off token * Remove strutils and timeutils from openstack-common.conf * Use functions in oslo.utils * Add an OS-FEDERATION section to scoped federation tokens * Ensure roles created by unit tests have correct attributes * Update control_exchange value in keystone.conf * swap import order of lxml * add i18n to lxml error * Check for empty string value in REMOTE_USER * Refactor names in catalog backends * Update CADF auditing example to show non-payload information * Remove ec2 contrib dependency on token_api * Expose token revocation list via token_provider_api * Remove assignment controller dependency on token_api * Refactor serializer import to XmlBodyMiddleware * Delete intersphinx mappings * Fix documentation link * Make token_provider_api contain token persistence * Remove S3 middleware tests from tox.ini * Remove unused function * Add oslo.utils requirement * Surround REMOTE_USER variable name with quotes * Remove `with_lockmode` use from Trust SQL backend * Improve instructions about federation * Do not override venvs * Imported Translations from Transifex * Remove debug CADF payload for every authN request * Don't override tox envdir for pep8 and cover jobs - Add python-oslo.utils to requirements and post requirements ------------------------------------------------------------------- Sun Aug 3 23:56:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev60.g1ef2975: * Fix invalid self link in get access token * Details the proper way to call a callable ------------------------------------------------------------------- Fri Aug 1 23:57:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev56.g76f3c55: * Check that region ID is not an empty string ------------------------------------------------------------------- Thu Jul 31 23:57:05 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev54.ga617408: * Do not consume trust uses when create token fails * Refactor set domain-id and mapping code ------------------------------------------------------------------- Wed Jul 30 23:56:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev50.g99bef1f: * Add filters to the collections 'self' link * Use config fixture from oslo.config * Updated from global requirements * KeyError instead of exception.KeyError * Remove duplicated asserts * Check url is in the 'self' link in list responses * Update middleware that was moved to keystonemiddleware ------------------------------------------------------------------- Tue Jul 29 23:56:35 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev36.g5017993: * Update setup docs with Fedora 19+ dependencies * Correct revocation event test for domain_id (bnc#892099, CVE-2014-5253) * Add workaround to support tox 1.7.2 * Fix for V2 token issued_at time changing (bnc#892095, CVE-2014-5252) * Sqlite files excluded from the repo ------------------------------------------------------------------- Mon Jul 28 23:57:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev26.gdf13caf: * Fixes a capitalization issue * Add tests related to V2 token issued_at time changing * Sample config update * auth tests should not require admin token ------------------------------------------------------------------- Fri Jul 25 23:44:11 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev19.g4cbe8ca: * Add the new Keystone TokenModel * Add X-Auth-Token header in federation examples * Clean up EP-Filter after delete project/endpoint * add internal delete notification for endpoint * remove static files from docs * Move token persistence classes to token.persistence module ------------------------------------------------------------------- Thu Jul 24 23:43:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev7.g1c88ead: * cache the catalog * Disable a domain will revoke tokens under the same domain * Adding support for ldap connection pooling 2014.2.b2 * Add the new oslo.i18n as a dependency for Python 3 ------------------------------------------------------------------- Thu Jul 24 08:49:21 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.2.dev225.g686597b: * Fixes test_exceptions.py for Python3 * Fixes test_wsgi for Python3 * Adds several more test modules that pass on Py3 * Reduces the amount of mocked imports for Python 3 * Disables LDAP unit tests * Updated from global requirements * Initial implementation of validator * Mark the 'check_vX_token' methods deprecated * Extracting get group roles for project logic to drivers * implement GET /v3/catalog * Adds coverage report to py33 test runs * Fixed tox cover environment to share venv * Regenerate sample config file * Example JSON files should be human-readable * Consolidate `assert_XXX_enabled` type calls to managers * Move keystone.token.default_expire_time to token.provider * Move token_api.unique_id to token_provider_api * Capitalize a few project names in configuring services doc * Fixes a Python3 syntax error * Introduce pragma no cover to asbtract classes * project disabled/deleted notification recommendations * Use oslo.i18n * Implicitly ignore attributes that are mapped to None in LDAP ------------------------------------------------------------------- Thu Jul 24 08:49:01 UTC 2014 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Thu Jul 17 23:44:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev180.gc1a6639: * Sync with oslo-incubator * render json examples with syntax highlighting * Avoid loading a ref from SQL to delete the ref * Add revocation extension to default pipeline * Update docs to reflect new db_sync behaviour * Migrate default extensions * Update the configuration docs for the revocation extension * LDAP: Added documentation for debug_level option * Fixes the order of assertEqual arguments ------------------------------------------------------------------- Wed Jul 16 23:52:16 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev162.g362216b: * Make sure unit tests set the correct log levels * Clean up the endpoint filtering configuration docs ------------------------------------------------------------------- Sat Jul 12 00:35:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev158.gbbfd58a: * multi-backend support for identity * Add oslo.i18n as dependency * Do not use lazy translation for keystone-manage * Remove deprecated token_api.list_tokens * Imported Translations from Transifex * Add keystonemiddleware to requirements * Do not use keystone's config for nova's port * Adds hacking check for debug logging translations ------------------------------------------------------------------- Fri Jul 11 00:34:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev144.gb3f9a5f: * Add _BaseFederationExtension class * Correct the region table to be InnoDB and UTF8 * HEAD responses should return same status as GET * Make OS-FEDERATION core.Driver methods abstract ------------------------------------------------------------------- Wed Jul 9 00:34:35 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev137.gfac022a: * Fix OAuth1 to not JSON-encode create access token response * Do not support toggling key_manglers in cache layer ------------------------------------------------------------------- Tue Jul 8 00:34:14 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev133.g9d0ecaa: * Updated from global requirements * Sync with oslo-incubator e9bb0b59 * Fix the section name in CONTRIBUTING.rst * Fix docs and scripts for pki_setup and ssl_setup ------------------------------------------------------------------- Sun Jul 6 00:33:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev127.gb4140ae: * Add schema check for OS-FEDERATION mapping table ------------------------------------------------------------------- Sat Jul 5 00:34:17 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev126.g59e01e5: * update example with a status code we actually use * Correct docstring for assertResponseSuccessful * remove default=None for config options ------------------------------------------------------------------- Thu Jul 3 00:31:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev122.g4e45a5f: * Ending periods in exception messages deleted * Ensure that in v2 auth tenant_id matches trust (bnc#885798, CVE-2014-352) * Add identity mapping capability ------------------------------------------------------------------- Wed Jul 2 00:30:11 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev117.gb2f3b5c: * Updated from global requirements * Move bash8 to run under pep8 tox env ------------------------------------------------------------------- Tue Jul 1 00:29:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g7c47629: * Fix test for get_*_by_name invalidation * Remove backend_entities from backend_ldap.conf * Do not leak SQL queries in HTTP 409 (conflict) ------------------------------------------------------------------- Sun Jun 29 00:29:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev108.g50be156: * Remove db, db.sqlalchemy from openstack-common.conf * Consolidate provider calls to token_api.create_token * Updates Python3 requirements to match Python2 * TestAuthInfo class in test_v3_auth made more efficient * Only emit disable notifications for project/domain on disable * Fixes catalog URL formatting to never return None * Updates keystone.catalog.core.format_url tests ------------------------------------------------------------------- Sat Jun 28 00:28:21 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev94.gd96d546: * Regenerate sample config file ------------------------------------------------------------------- Fri Jun 27 06:01:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev92.gbaf4c23: * Adds oslo.db support for Python 3 tests * Imported Translations from Transifex * Do not log 14+ INFO lines on a broken pipe error (eventlet) * Convert explicit session get/begin to transaction context ------------------------------------------------------------------- Thu Jun 26 11:35:52 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.2.dev85.gf82b887: * deprecate LDAP config options for 'tenants' * the user_tenant_membership table was replaced by "assignment" * Corrects minor spelling mistakes * Ignoring order of user list in TenantTestCase * Make gen_pki.sh & debug_helper.sh bash8 compliant * Update docs to reference #openstack-keystone * Don't set sqlite_db default * Migrate ID generation for users/groups from controller to manager * oslo.db implementation * Test `common.sql` initialization * Kerberos as method name * test REMOTE_USER does not authenticate * Document pkiz as provider in config * Fix the typo and reformat the comments for the added option * Updated from global requirements * fix flake8 issues * Update sample keystone.conf file * Fix 500 error if request body is not JSON object * Default to PKIZ tokens * Fix a few typos in the shibboleth doc * Ignore broken endpoints in get_catalog * Properly invalidate cache for get_*_by_name methods * remove unnecessary word in docs: 'an' * remove unneeded definitions of Python Source Code Encoding * update release support warning for domain-specific drivers ------------------------------------------------------------------- Wed Jun 18 00:08:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev36.gd9193ce: * pkiz String conversion * Add instructions for removing pyc files to docs * Add missing docstrings and 1 unittest for LDAP utf-8 fixes * install gettext on OS X for msgfmt ------------------------------------------------------------------- Tue Jun 17 00:07:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev28.gd738598: * Allow for multiple PKI Style Providers * Password trunction makes password insecure ------------------------------------------------------------------- Mon Jun 16 00:06:57 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev24.g7029722: * enable multiple keystone-all worker processes ------------------------------------------------------------------- Sun Jun 15 00:07:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev22.g51a05bd: * Add cloud auditing notification documentation * Fixes typo error in Keystone * Make sure domains are enabled by default * Add v3 curl examples * Sync service module from oslo-incubator * gitignore etc/keystone/ * Enforce ``saml2`` protocol in Apache config * Use translation hints * Fix type error message in format_url ------------------------------------------------------------------- Sat Jun 14 00:07:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev4.ge7baea2: * Block delegation escalation of privilege (bnc#881977, CVE-2014-3476) ------------------------------------------------------------------- Fri Jun 13 00:07:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev2.g4f93ec6: 2014.2.b1 * Use code-block for curl examples ------------------------------------------------------------------- Wed Jun 11 23:42:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev349.gfb0e4c5: * add docs on v2 & v3 support in the service catalog ------------------------------------------------------------------- Tue Jun 10 23:41:49 UTC 2014 - cloud-devel@suse.de - Rebased patches: + 0001-Consistenly-use-jsonutils-instead-of-json.patch dropped (merged upstream) ------------------------------------------------------------------- Tue Jun 10 23:41:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev347.g8de4ffa: * Make sure all the auth plugins agree on the shared identity attributes * Catalog driver generates v3 catalog from v2 catalog * fixed several pep8 issues * Consistenly use jsonutils instead of json ------------------------------------------------------------------- Mon Jun 9 23:41:38 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev339.ga0a3237: * Code which gets and deletes elements of tree was moved to one method * Remove obsolete note from ldap ------------------------------------------------------------------- Fri Jun 6 23:41:35 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev335.g3c07fba: * Add v2 & v3 API documentation * Compressed Token Provider * document keystone-specs instead of LP blueprints in README ------------------------------------------------------------------- Thu Jun 5 23:41:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev329.g983baf4: * remove out of date docs for Fedora 15 ------------------------------------------------------------------- Wed Jun 4 23:41:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev327.g25a7f4a: * Invalid command referenced in federation documentation * Fix curl example refs in docs * pep8: do not test locale files * Updated from global requirements * Refactor driver_hints * Unimplemented get roles by group for project list * Update mailmap entry for Brant ------------------------------------------------------------------- Sat May 31 17:52:22 UTC 2014 - dmueller@suse.com - add 0001-Consistenly-use-jsonutils-instead-of-json.patch ------------------------------------------------------------------- Sat May 31 00:06:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev314.g3556857: * Make sure scoping to the project of a disabled domain result in 401 * Fixed wrong behavior when updating tenant or user with LDAP backends * Cleanup openstack-common.conf and sync from olso * Refactor tests regarding required attributes * Check that the user is dumb moved to the common method ------------------------------------------------------------------- Fri May 30 00:09:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev304.g6ed0549: * document pki_setup and ssl_setup in keystone.conf.sample ------------------------------------------------------------------- Thu May 29 00:09:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev303.g93bc881: * recommend excluding 35357 from ephemeral ports * Fixes duplicated DELETE queries on SQL backends * Suggest users to remove REMOTE_USER from shibd conf * Imported Translations from Transifex * indicate that sensitive messages can be disabled * replaced unicode() with six.text_type() * no one uses macports ------------------------------------------------------------------- Wed May 28 00:08:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev290.g972322d: * Fix spelling mistakes in docs * Replace magic value 'service/security' in CadfNotificationWrapper * Replace assertTrue and assertFalse with more suitable asserts * remove a few backslash line continuations ------------------------------------------------------------------- Tue May 27 00:07:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev282.g97fca80: * sql migration: ensure using innodb utf8 for assignment table ------------------------------------------------------------------- Mon May 26 18:52:32 UTC 2014 - dmueller@suse.com - setup tmpdirs under systemd distributions ------------------------------------------------------------------- Mon May 26 00:08:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev280.g8b83737: * install from source docs never actually install the keystone service ------------------------------------------------------------------- Sun May 25 00:07:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev278.g660d351: * Cleanup of ldap assignment backend ------------------------------------------------------------------- Sat May 24 00:08:38 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev276.g7d09cdc: * LDAP fix for get_roles_for_user_and_project user=group ID (bnc#876902, CVE-2014-0204) * Mapping engine does not handle regex properly * Regenerate sample config * Stronger assertion for test_user_extra_attribute_mapping ------------------------------------------------------------------- Fri May 23 00:08:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev268.g6c9b48f: * Reduce log noise on expired tokens * Fix version links to docs.openstack.org ------------------------------------------------------------------- Wed May 21 23:45:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev264.g72f046f: * Remove all mostly untranslated PO files * SQL fix for get_roles_for_user_and_project user=group ID ------------------------------------------------------------------- Sun May 18 23:44:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev261.g455d50e: * Add note for v3 API clients using auth plugin docs * Refactor test_auth trust related tests * Add mailmap entry ------------------------------------------------------------------- Wed May 14 23:57:19 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev255.g3ca5ce4: * Make the LDAP debug option a configurable setting ------------------------------------------------------------------- Tue May 13 23:57:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev253.g8697b39: * Add detailed federation configuration docs * Escape values in LDAP search filters ------------------------------------------------------------------- Fri May 9 23:57:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev249.g401294d: * Reduce excess LDAP searches ------------------------------------------------------------------- Tue May 6 23:56:09 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev248.g820e4f1: * Refactor create_trust for readability * Adds several more tests to the Python 3 test run ------------------------------------------------------------------- Mon May 5 23:53:02 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev246.g3ec0c5e: * Fixed the policy tests in Python 3 * Fixed the size limit tests in Python 3 * Fix cache configuration checks ------------------------------------------------------------------- Sat May 3 23:52:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev242.g1e6b45f: * setUp must be called on a fixture's parent first * First real Python 3 tests * Make the py33 Jenkins job happy ------------------------------------------------------------------- Fri May 2 23:52:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev236.ga725b67: * fixed typos found by RETF rules in RST files * Remove the configure portion of extension docs * Ensure token is a string * Fixed some typos throughout the codebase * Allow 'description' in V3 Regions to be optional * More random values for oAuth1 verifier * Set proper DB_INIT_VERSION on db_version command * Sync with oslo-incubator 28fba9c * Check that all po/pot files are valid * Refactor service readiness notification ------------------------------------------------------------------- Thu May 1 23:52:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev216.g1dde174: * Add rally performance gate job for keystone ------------------------------------------------------------------- Wed Apr 30 23:52:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev214.g314c032: * Migration DB_INIT_VERSION in common place * Redundant unique constraint * Correct `nullable` values in models and migrations ------------------------------------------------------------------- Tue Apr 29 23:53:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev208.g69ef772: * Move hacking code to a separate fixture * Some methods in ldap were moved to superclass * Use oslo.test mockpatch * Refactor notifications * Ignore broken endpoints in get_v3_catalog ------------------------------------------------------------------- Sun Apr 27 00:42:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev198.gd4c4a96: * No longer allow listing users by email * Fix sql_upgrade tests run by themselves * Refactor test_password_hashed to the backend testers * Fix catalog Driver signatures ------------------------------------------------------------------- Sat Apr 26 00:39:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev190.g64857e3: * Add localized response test * Make test_revoke expiry times distinct * Removed duplication with list_user_ids_for_project * Fix the "search for sql.py" files for db models * Sync with oslo-incubator 74ae271 * Updated from global requirements * Compatible server default value in the models * Explicit foreign key indexes * Added statement for ... if ... else * More notification unit tests * Fix typo of ANS1 to ASN1 ------------------------------------------------------------------- Fri Apr 25 00:38:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev169.gb44ba65: * Imported Translations from Transifex * Fix typo on cache backend module ------------------------------------------------------------------- Thu Apr 24 00:38:42 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev166.g2fea4a9: * Code which gets elements of tree in ldap moved to a common method * Include extra attributes in list results * Configurable token hash algorithm ------------------------------------------------------------------- Wed Apr 23 00:39:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev160.gc267914: * Discourage use of pki_setup * Fixes for in-code documentation ------------------------------------------------------------------- Tue Apr 22 00:42:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev156.gfd5a148: * add dependencies of keystone dev-enviroment ------------------------------------------------------------------- Mon Apr 21 00:42:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev155.g0773c4e: * Remove LDAP password hashing code ------------------------------------------------------------------- Sun Apr 20 00:43:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev153.gaca369f: * More efficient DN list for LDAP role delete * Allow any attributes in mapping ------------------------------------------------------------------- Sat Apr 19 00:43:56 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev150.g4907779: * Don't re-raise instance * Enhance tests for user extra attribute mapping ------------------------------------------------------------------- Fri Apr 18 00:43:45 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev146.ge55216e: * Isolate backend loading * Adding one more check on project_id * Cleanup of test_cert_setup tests ------------------------------------------------------------------- Wed Apr 16 23:37:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev140.g0473e5a: * Add missing import, remove trailing ":" in middleware example * Sync with oslo-incubator 2fd457b * Remove unnecessary dict copy * Removed unused code ------------------------------------------------------------------- Tue Apr 15 23:37:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev133.gde33c22: * Moves test database setup/teardown into a fixture * More debug output for test * Updated from global requirements ------------------------------------------------------------------- Mon Apr 14 23:37:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev127.g4cc6a9c: * Collapse SQL Migrations ------------------------------------------------------------------- Sat Apr 12 23:37:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev125.g58d71b9: * Refactor: moved flatten function to utils * Treat LDAP attribute names as case-insensitive * Adds style checks to ease reviewer burden * Refactor: move federation functions to federation utils * Convert test_backend_ldap to config fixture * Fix assertEqual arguments order(catalog, cert_setup, etc) ------------------------------------------------------------------- Fri Apr 11 00:02:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g9b580d2: * replace word 'by' with 'be' * List all forbidden attributes in the request body ------------------------------------------------------------------- Thu Apr 10 00:03:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev110.gda4d4a1: * Adding more descriptive error message * Fixed wrong behavior in method search_s in BaseLdap class ------------------------------------------------------------------- Wed Apr 9 00:03:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev108.gdc43f94: * Fix response for missing attributes in trust * Add tests for user ID with comma * Cleanup config.py ------------------------------------------------------------------- Tue Apr 8 00:44:55 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev103.g76b396a: * Clean up config help text ------------------------------------------------------------------- Sun Apr 6 00:41:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev101.g284511a: * Remove common.V3Controller.check_required_params() method ------------------------------------------------------------------- Sat Apr 5 00:42:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev99.gdef83cc: * Fix invalid LDAP filter for user ID with comma * Remove assignment proxy methods/controllers * Remove legacy_endpoint_id and enabled from service catalog * Replace all use of mox with mock * Reduce environment logging * Add slowest output to tox runs (testr) ------------------------------------------------------------------- Fri Apr 4 09:14:45 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev87.g8c53f42: * Fix parallel unit tests keystoneclient partial checkout * Sync from oslo db.sqlalchemy.migration * Removes unused db_sync methods * Removes useless wrapper from manager base class * For ldap, API wrongly reports user is in group * Keystone doesn't use pam * remove the unused variable in test_sql_upgrade ------------------------------------------------------------------- Thu Apr 3 00:50:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev73.gd8c0c81: * Sanitizes authentication methods received in requests * Fix create_region_with_id raise 500 Error bug * Make service catalog include service name * Remove unused db_sync from extensions ------------------------------------------------------------------- Wed Apr 2 00:56:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev65.gd33cd47: * support conventional domain name with one or more dot * Remove _delete_tokens function from federation controller ------------------------------------------------------------------- Tue Apr 1 00:53:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev61.gb803fe8: * Fixed small capitalization issue * Removes some duplicate setup from a testcase * Updated from global requirements * Enable concurrent testing by default * Moves database setup/teardown closer to its usage * Fix assertEqual arguments order(auth_plugin, backend, backend_sql, etc) * Fix the order of assertEqual arguments(keystoneclient, kvs, etc) ------------------------------------------------------------------- Sun Mar 30 01:02:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev47.ge8d8306: * Fix Jenkins translation jobs ------------------------------------------------------------------- Sat Mar 29 01:03:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev46.g7882359: * Cleanup ldap tests (mox and reset values) * Check domain_id with equality in assignment kvs * Imported Translations from Transifex * test_v3_token_id correctly hash token * Safer noqa handling * Expand the use of non-ascii values in ldap test * Properly handle unicode & utf-8 in LDAP * Refactor LDAP API * Remove unnecessary test setUps * Use CMS to generate sample tokens * Allows override of stdout/stderr/log capturing * Cleanup revocation query * Use assertIsNone when comparing against None * Removes the use of mutables as default args * Use assertIn in test_v3_catalog * Start using to oslotest * Fix test_provider_token_expiration_validation transient failure ------------------------------------------------------------------- Fri Mar 28 01:03:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev13.ga5382fa: * Remove noqa form import _s * Use in-memory SQLite for sql migration tests * Use in-memory SQLite for testing * Remove extraenous instantiations of managers * Add placeholders for reserved migrations 2014.1.rc1 * code hygiene; use six.text_type, escape regexp's, use key function * Add a space after the hash for block comments ------------------------------------------------------------------- Thu Mar 27 01:02:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev176.g724d056: * Open Juno development * Enable lazy translations in httpd/keystone.py * Avoid using .values() on the indexed columns * Imported Translations from Transifex * revert deprecation of v2 API * Updated from global requirements * Uses generator expressions instead of filter ------------------------------------------------------------------- Wed Mar 26 01:04:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev162.g3056dc5: * exclude disabled services from the catalog * refactor AuthCatalog tests * Rename keystone.tests.fixtures * Change the default version discovery URLs * Remove extra cache layer debugging * Fix doc build errors with SQLAlchemy 0.9 * Sync oslo-incubator db.sqlalchemy b9e2499 * Always include 'enabled' field in service response ------------------------------------------------------------------- Tue Mar 25 01:04:34 UTC 2014 - cloud-devel@suse.de - Rebased patches: + 0001-Create-TMPDIR-for-tests-recursively.patch dropped (merged upstream) + 0001-Create-TMPDIR-for-tests-recursively.patch dropped (merged upstream) ------------------------------------------------------------------- Tue Mar 25 01:04:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev146.ge7b3005: * Create TMPDIR for tests recursively * test tcp_keepidle only if it's available on the current platform * Add dedicated URL for issuing unscoped federation tokens ------------------------------------------------------------------- Mon Mar 24 17:50:48 UTC 2014 - dmueller@suse.com - add 0001-Create-TMPDIR-for-tests-recursively.patch ------------------------------------------------------------------- Mon Mar 24 01:03:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev141.g0fb0dfd: * Filter SAML2 assertion parameters with certain prefix ------------------------------------------------------------------- Sun Mar 23 01:04:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev139.g1e84251: * Use oslo db.sqlalchemy.session.EngineFacade.from_config ------------------------------------------------------------------- Sat Mar 22 01:02:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev137.ga3c7553: * Add support for parallel testr workers in Keystone * is_revoked check all viable subtrees * update sample conf * explicitly import gettext function * expires_at should be in a tuple not turned into one * Comparisons should account for instantaneous test execution * Make domain_id immutable by default * Do not expose internal data on UnexpectedError * Filter LDAP dumb member when listing role assignments ------------------------------------------------------------------- Fri Mar 21 00:57:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev121.gff88763: * Ability to turn off ldap referral chasing * Add user_id when calling populate_roles_for_groups * Store groups ids objects list in the OS-FEDERATION object * Uses explicit imports for _ * Rename scope_to_bad_project() to test_scope_to_bad_project() * Make LIVE Tests configurable with ENV ------------------------------------------------------------------- Wed Mar 19 01:09:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev109.gd4574a7: * Move test .conf files to keystone/tests/config_files * Removal of test .conf files ------------------------------------------------------------------- Tue Mar 18 10:31:52 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev105.gd906f57: * Filter out nonstring environment variables before rules mapping * Provide option to make domain_id immutable * Replace httplib.HTTPSConnection in ec2_token * Don't automatically enable revocation events * Ensure v3policysample correctly limits domain_admin access * Sync db, db.sqlalchemy from oslo-incubator 0a3436f * Do not use keystone.conf.sample in tests * Use class attribute to represent 'user' and 'group' * trust creation allowed with empty roles list ------------------------------------------------------------------- Mon Mar 17 10:05:28 UTC 2014 - rhafer@suse.com - switch over to non-openstack-prefix'ed users ------------------------------------------------------------------- Sat Mar 15 01:12:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev88.gcd3b6f6: * Update sample config * remove hardcoded SQL queries in tests * Fix db_version failed with wrong arguments ------------------------------------------------------------------- Fri Mar 14 00:57:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev82.g358674a: * Updated from global requirements * Remove unnecessary oauth1.Manager constructions * Enforce groups presence for federated authn * Very minor cleanup to default_fixtures * Cleanup keystoneclient tests * Cleanup fixture data added to test instances * Cleans up test data from limit tests * Cleanup of instance attrs in core tests * Cleanup backends after each test * Fix include only enabled endpoints in catalog * Add unit tests for disabled endpoints in catalog * Add OS-OAUTH1 to consumers links section ------------------------------------------------------------------- Thu Mar 13 01:39:53 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev58.gcb742d0: * Fixup region description uniqueness * Add missing documentation for enabling oauth1 auth plugin * Configurable temporary directory for tests ------------------------------------------------------------------- Wed Mar 12 00:55:42 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev52.g989dd71: * Add missing documentation for enabling federation auth plugin * Call an existing method in sync cache for revoke events * Remove unnecessary calls to self.config() * Import order is fixed ------------------------------------------------------------------- Tue Mar 11 01:34:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev45.gfb8209e: * Use config fixture ------------------------------------------------------------------- Mon Mar 10 16:21:23 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev43.g58bb5e9: * Fix docstrings in federation related modules * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd * V3 xml responses should use v3 namespace 2014.1.b3 * Update ADMIN_TOKEN description in docs * Remove unused function from tests * Don't need session.flush in context managed by session * Remove vim headers * Removes use of timeutils.set_time_override * Removes a redundant test * revocation_list only call isotime on datetime objects * Handle exception messages with six.text_type * Fix webob.exc.HTTPForbidden parameter miss ------------------------------------------------------------------- Fri Mar 7 15:33:31 UTC 2014 - speilicke@suse.com - Use sphinx-build rathern than pbr-infested setup.py build_sphinx ------------------------------------------------------------------- Fri Mar 7 09:46:07 UTC 2014 - speilicke@suse.com - Fix requirements ------------------------------------------------------------------- Thu Mar 6 16:20:19 UTC 2014 - speilicke@suse.com - Update to version keystone-2014.1.dev515.g8c168bc: * v3 endpoint create should require url - Fixed requirements ------------------------------------------------------------------- Thu Mar 6 15:15:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev513.g7913636: * Mark revoke as experimental * Imported Translations from Transifex * allow create credential with the system admin token * Always include 'enabled' field in endpoint response * Add the last of the outstanding helpstrings to config * Update curl api example to specify tenant * Update Oslo wiki link in README * Lazy gettextutils behavior * Update Oslo wiki link in README ------------------------------------------------------------------- Thu Mar 6 00:55:42 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev495.g388155c: * Stop gating on up-to-date sample config file * Token Revocation Extension ------------------------------------------------------------------- Wed Mar 5 01:00:29 UTC 2014 - bwiedemann@suse.com - Update to version keystone-2014.1.dev492.g4bec42e: * drop key distribution from icehouse * Limited use trusts * Remove common.sql.migration ------------------------------------------------------------------- Tue Mar 4 01:31:19 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev487.ge9c5a00: * Properly configure OS-EP-FILTER test backend * Add tests for endpoint enabled * Remove the un-used and non-maintained PAM identity backend * SQLAlchemy Change to support more strict dialect checking * Update oslo-incubator log.py to a01f79c ------------------------------------------------------------------- Mon Mar 3 11:55:21 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev477.gfb19984: * deprecate XML support in favor of JSON * Remove unused variable * Replace assertEqual(None, *) with assertIsNone in tests * Fix assertEqual arguments order(_ldap_tls_livetest, backend_kvs, etc) ------------------------------------------------------------------- Mon Mar 3 01:34:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev469.g0908a0b: * Remove paste_deploy from test_overrides.conf * Remove "test-only" pam config options * Imported Translations from Transifex * Fix assertEqual arguments order(backend_ldap, cache, v3_protection) * add policy entries for /v3/regions ------------------------------------------------------------------- Sun Mar 2 00:46:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev460.g42e2375: * Fix get project users when no user exists * Implement V3 Specific Version of EC2 Contrib * Support authentication via SAML 2.0 assertions * oauth1 extension migration fails with DB2 ------------------------------------------------------------------- Sat Mar 1 01:13:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev453.g716c52c: * Fix table name typo in test_sql_upgrade * Cleanup and add more config help strings * Ensure v2 API only returns projects in the default domain * Fix the order of assertEqual arguments(v3_auth, v3_identity) ------------------------------------------------------------------- Thu Feb 27 01:31:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev445.g9663fa8: * Support for mongo as dogpile cache backend * Fix issue with DB upgrade to assignment table * Remove duplicated cms file ------------------------------------------------------------------- Wed Feb 26 00:38:53 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev440.g8c8f776: * Unimplemented error on V3 get token * Updated from global requirements * Fix keystone-manage db_version * Remove redundant default value None for dict.get * Always hash passwords on their way into the DB * Refactor tests move assertValidErrorResponse ------------------------------------------------------------------- Tue Feb 25 01:33:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev428.gb5a26b3: * Move _BaseController to common/controllers.py * Remove oslo rpc * Uses the venv virtualenv for the pep8 command * Update man pages * Remove auth_token middleware doc ------------------------------------------------------------------- Mon Feb 24 01:10:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev418.g8bc0433: * Sync db.exception from Oslo * Add tests for create grant when no group * Add tests for create grant when no user * Add version routes to KDS * KDS fix documented exception * Remove unused method _get_domain_id_from_auth ------------------------------------------------------------------- Sun Feb 23 00:54:53 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev406.g72b794f: * Remove oslo notifier * Keystone doc has wrong keystone-manage command ------------------------------------------------------------------- Sat Feb 22 00:54:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev402.g932647d: * Correct a docstring in keystone.common.config * Enable pep8 test against auto-generated configuration * Update config options with helpstrings and generate sample * strengthen assertion for unscoped tokens * bad config user_enable_emulation in mask test * Fix test_provider_token_expiration_validation transient failure * Update oslo-incubator fixture to 81c478 * Mark strings for translation in ldap backends ------------------------------------------------------------------- Fri Feb 21 01:35:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev386.g472cc5e: * Fix assertEqual arguments order * Remove sql.Base * Add test for list project users when no user ------------------------------------------------------------------- Thu Feb 20 15:33:49 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.1.dev381.g9fbb60d: * Convert Token Memcache backend to new KeyValueStore Impl * Implement mechanism to provide non-expiring keys in KVS * Rationalize the Assignment Grant Tables * Keystone team uses #openstack-keystone now * Adds model mixin for {to,from}_dict functionality * Adds Cloud Audit (CADF) Support for keystone authentication * Use class attribute to represent 'project' * Switch over to oslosphinx * Replace notifier with oslo.messaging * Clean StatsController unnecesary members * Use global to represent OS-TRUST:trust * Additional notifications for revocations * Use Oslo.db migration * `find_migrate_repo` improvement * Variable 'domain_ref' referenced before assignment * Cleanup Dogpile KVS Memcache backend support * Restructure KDS options to be more like Keystone's options * Setup code for auto-config sample generation * Correct `find_migrate_repo` usage * Make live LDAP user DN match the default from devstack * Set sensible default for keystone's paste * Treat sphinx warnings as errors * Use WebOb directly in ec2_token middleware * Add lockfile and kombu as requirements for keystone * Move filter_limit_query out of sql.Base * List trusts, incorrect self link * LDAP: document enabled_emulation * Provide clearer error when deleting enabled domain * Cleanup oauth tests * Correctly normalize consumer fields on update ------------------------------------------------------------------- Fri Feb 14 15:27:21 UTC 2014 - dmueller@suse.com - added patches: * 0001-Set-sensible-default-for-keystone-s-paste.patch ------------------------------------------------------------------- Fri Feb 14 09:26:01 UTC 2014 - dmueller@suse.com - revert last change - fix keystone-manage.log permissions ------------------------------------------------------------------- Fri Feb 14 08:10:20 UTC 2014 - speilicke@suse.com - Use oauthlib on openSUSE and keep oauth2 for SLE ------------------------------------------------------------------- Fri Feb 14 07:44:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev310.ge8f8c17: * Remove s3_token functional tests * Remove copyright from empty files * Syncing policy engine from oslo-incubator * Rename Openstack to OpenStack * Refactor get role for trust * Adds a fixture for setting up the cache * Fixes bug in exception message generation * reverse my preferred mailmap * Notifications upon disable * Move identity logic from controller to manager * Changing testcase name to match our terminology * explicitly expect hints in the @truncated signature * list limit doc cleanup * Correct error class in find_migrate_repo * Enforce current certificate retrieval behaviour * Use WebOb directly for locale testing * Doc - Keystone configuration - moving RBAC section * Do not use auth_info objects for accessing the API * Update kvs assignment backend docs * Remove vim header * Document priority level on Keystone notifications * Uses six.iteritems for Python3 compat * Use message when creating Unauthorized exception * Use passed filter dict param in core sql filtering * Tests use setUp rather than init * Tests remove useless config list cleanup code * Reference dogpile.cache.memcached backend properly * Safe command handling for openssl ------------------------------------------------------------------- Thu Feb 13 13:37:30 UTC 2014 - dmueller@suse.com - remove log_file option setting - added patches: * 0001-Switch-over-to-oslosphinx.patch ------------------------------------------------------------------- Thu Feb 13 01:25:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev255.g586a3ff: * Allow specifying region ID when creating region * Cleanup KDS doc build errors * Add in functionality to set key_mangler on dogpile backends * Fix indentation issue * Cleanup invalid token exception text * Fixes a misspelling * Doc - Detailing objects' attributes available for policy.json * Remove unused method _get_domain_conf * Remove unused method _store_protocol * Remove tox locale overrides * Remove unused methods from AuthInfo * Remove unused method _create_metadata * revise example extension directory structure * Update db.sqlalchemy.session from oslo-incubator 018138 * Do not call deprecated functions * Fixes a Python3 syntax error using raise * Uses six.text_type instead of unicode * Removes xrange for Python3 compat * Cleanup sample config * Remove unused variable assignment * Remove legacy diablo and essex test cruft * Enhancing tests to check project deletion in Active Directory * Change assertTrue(isinstance()) by optimal assert * sync oslo-incubator log.py * turn off eventlet.wsgi debug ------------------------------------------------------------------- Wed Feb 12 00:55:24 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev205.gfcc1547: * Adds rule processing for mapping * Limit calls to memcache backend as user token index increases in size * Implement list limiting support in driver backends * Update the default_log_levels defaults * Correct sample config default log levels ------------------------------------------------------------------- Tue Feb 11 14:46:00 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev195.g6ed19c2: * Style the code examples in docs as python * Deprecate s3_token middleware * Update requirements to 661e6 * Fix misspellings in keystone * Removes use of fake_notify and fixes notify test * Remove host from per notification options * Remove default_notification_level from conf * Mock sys.exit in testing * Move v3_to_v2_user from manager to controller * Adds tcp_keepalive and tcp_keepidle config options * clean up keystone-manage man page * Fix indentation errors found by Pep8 1.4.6+ * Fix assignment to not require user or group existence * cleaned up extension development docs * Tests initialize database * Improve forbidden checks * rename templated.TemplatedCatalog to templated.Catalog ------------------------------------------------------------------- Wed Feb 9 15:41:47 UTC 2014 - speilicke@suse.com - Update to version keystone-2014.1.dev161.g211bfc3: * Ensure mapping rule has only local and remote properties * fix grammar error in keystone-manage.rst * Add rules to be a required field for mapping schema * Cleanup docstrings * Removes useless string * Removes duplicate key from test fixtures * Add tests to ensure additional remote properties are not validated * Change 'oauth_extension' to 'oauth1_extension' * Modified keystone endpoint-create default region * Load the federation manager * Sync oslo's policy module * Replace urllib/urlparse with six.moves.* * Change Continuous Integration Project link * Refactor Auth plugin configuration options * Use self.opt_in_group overrides * Federation IdentityProvider filter fields on update response * Remove unnecessary test methods * Refactor federation controller class hierarchy * Refactor mutable parameter handling * Make error strings translatable * Add required properties field to rules schema * deprecate access log middleware * remove access log middleware from the default paste pipeline * deprecate v2.0 API in multiple choice response * Add a docstring and rename mapping tests * Remove versionId, versionInfo, versionList from examples * Don't set default for a nullable column * Remove autoincrement from String column - Replace git_tarballs source service with download_files and set_version + Use upstream URL as source (enables verification) ------------------------------------------------------------------- Thu Feb 6 14:46:17 UTC 2014 - dmueller@suse.com - fix typo in logrotate ------------------------------------------------------------------- Sun Feb 2 01:30:57 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev134.ge2f8277: + Make error strings translatable + Sync oslo's policy module ------------------------------------------------------------------- Sat Feb 1 01:37:14 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev130.g14a159b: + Use self.opt_in_group overrides + remove access log middleware from the default paste pipeline + Refactor Auth plugin configuration options + Refactor mutable parameter handling + Refactor federation controller class hierarchy + Remove unnecessary test methods + Federation IdentityProvider filter fields on update response + deprecate access log middleware ------------------------------------------------------------------- Fri Jan 31 08:14:28 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev115.g70b2f2a: + Make boolean query filter "False" argument work + deprecate stats middleware + Policy sample - Identity v3 resources management + Drop unsused "extras" dependency + Introduce database functionality into KDS + Add required properties field to rules schema + Add a docstring and rename mapping tests ------------------------------------------------------------------- Thu Jan 30 17:10:12 UTC 2014 - speilicke@suse.com - Set common name of example certs to FQDN to make then slightly more useful ------------------------------------------------------------------- Thu Jan 30 01:38:01 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev101.g4fc6e97: + Fix list_projects_for_endpoint failed bug + Fix federation documentation reference + Fix docstrings in federation controller. + Remove autoincrement from String column. + Don't set default for a nullable column ------------------------------------------------------------------- Wed Jan 29 15:51:59 UTC 2014 - dmueller@suse.com - move cronjob to hourly ------------------------------------------------------------------- Mon Jan 27 12:53:25 UTC 2014 - dmueller@suse.com - fix dependency ------------------------------------------------------------------- Mon Jan 27 10:15:45 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev91.g51602dc: + correct the document links in man documents + Fix test_auth isolation ------------------------------------------------------------------- Mon Jan 27 01:25:11 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev87.g28f43f8: + Use six.text_type to replace unicode + Remove sql.Base.get_session + Move sql.Base.transaction + Don't mask the filter built-in + description is wrong in endpoint filter rst doc + append extension name to trust notifications + Adds support for username to match the v2 spec + build auth context from middleware + Clean up docstrings in contrib.oauth1.core ------------------------------------------------------------------- Sun Jan 26 00:59:23 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev70.g455219d: + Fix reading cache-time before configured + Don't configure on import + Fix typos in documents and comments + Cleanup eventlet setup + use assertEqual instead of assertIs for string comparison + Use six to make dict work in Python 2 and Python 3 + Implement filter support in driver backends + renamed extensions development doc + Allow event callback registration for arbitrary resource types + Unify StringIO usage with six.StringIO ------------------------------------------------------------------- Sat Jan 25 01:16:52 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev50.gdaa44b8: + Sync several modules from oslo-incubator + Sync with global requirements + remove unused LOG + Use six.string_types instead of basestring + derive custom exceptions directly from Exception + Don't duplicate the existing config file list + initialize environment for tests that call popen + Remove unused variables from common.config ------------------------------------------------------------------- Fri Jan 24 13:34:19 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev34.g627141f: + Document running with pdb + Fix sample config external default doc + Subclasses of TestCase don't need to reset conf + Cleanup test_no_admin_token_auth cleanup code + Refactor context trust_id check to wsgi.Application base class + Store trust_id for v3/credentials ec2 keypairs + Store ec2 credentials blob as json + v3 credentials, ensure blob response is json + Enable lazy translation + Move KDS paths file + Update comments in test_v3_protection.py + Identity Providers CRUD operations + Add mapping function to keystone + Switch from 400 to 403 on ImmutableAttributeError + Simple Certificate Extension + Fixup incorrect comment + Remove kwargs from trust_api.create_trust + Implement notifications for trusts + Merge db.sqlalchemy from oslo-incubator af5f710 + Sync oslo strutils.py + Enhance tests for non-default default_domain_id + Remove unused member from KVS assignment + KVS support domain as namespace for users + Enhance auth tests for non-default default_domain_id + Fix using non-default default_domain_id -------------------------------------------------------------------- Thu Jan 23 18:00:28 UTC 2014 - dmueller@suse.com - install cron job to flush expired tokens, otherwise keystone slows down after a while ------------------------------------------------------------------ Wed Jan 22 00:50:17 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev190.gb7b8134: + Removes deprecation warning from run_tests.sh + Removes option to delete test DB from run_tests.sh + Adds run_tests.sh cli option to stop on failure + LDAP Assignment does not support grant v3 API + Remove unused variables ------------------------------------------------------------------- Tue Jan 21 08:44:31 UTC 2014 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Mon Jan 20 10:32:41 UTC 2014 - speilicke@suse.com - Sync requirements: + Replace oauth2 with oauthlib + Use discover only on SLE ------------------------------------------------------------------- Sun Jan 19 00:38:39 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev180.g5b1fa19: + Reduces memory utilization during test runs + Do not append to messages with + + Sync gettextutils from oslo-incubator 997ab277 + Replacing python-oauth2 by oauthlib + Implementation of internal notification callbacks within Keystone + Restructure developing.rst ------------------------------------------------------------------- Sat Jan 18 01:11:41 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev168.g012618c: + Implements regions resource in 3.2 Catalog API ------------------------------------------------------------------- Fri Jan 17 01:40:17 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev166.ge54a6a3: + Documentation cleanup + reduce default token duration to one hour ------------------------------------------------------------------- Thu Jan 16 11:42:49 UTC 2014 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Tue Jan 14 01:11:35 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev162.g9837137: + Flush tokens in batches with DB2 + Convert Token KVS backend to new KeyValueStore Impl ------------------------------------------------------------------- Mon Jan 13 00:58:51 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev159.g5a1a371: + Remove unnecessary line in test_auth + Make common log import consistent + Cleanup test_associate_project_endpoint_extension + Synchronized with oslo db and db.sqlalchemy + Sync oslo-incubator rpc module + Don't need session.flush in context managed by session ------------------------------------------------------------------- Sun Jan 12 01:09:35 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev147.g4759276: + races cause 404 when removing user from project + Remove unused test function + Remove netifaces requirement + Change ListOpt default value from str or None to list + Tests use cleanUp rather than tearDown + Resolve oauth dependency after paste pipeline is loaded + Fix external auth (REMOTE_USER) plugin support ------------------------------------------------------------------- Sat Jan 11 01:27:04 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev133.g89a99de: + Clean up fakeldap logging + Remove noop code ------------------------------------------------------------------- Fri Jan 10 14:35:38 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev129.g53d5f77: + Remove unused code in contrib/ec2/controllers.py + Remove unused imports + Fix typo in test + Introduce basic Pecan/WSME framework for KDS + Cleanup from business logic refactor ------------------------------------------------------------------- Thu Jan 9 08:23:53 UTC 2014 - speilicke@suse.com - Move to DB-based endpoint catalog. Avoids running out of sync with upstream changes in the default_catalog.template.sample file and allows to manipulate via 'keystone' CLI tool. ------------------------------------------------------------------- Thu Jan 9 01:42:55 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev119.gd7eb925: + initialize eventlet for tests + Enhance list_group_users in GroupApi. + Cleanup of new credential_api delete methods + Do not update password when updating grants in Assignment KVS + Move deletion business logic out of controllers + Break dependency of base V3Controller on V2Controller + Remove 'disable user' logic from _delete_domain_contents ------------------------------------------------------------------- Wed Jan 8 00:49:52 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev105.gf33ec9e: + Updated Keystone development install instructions for Ubuntu + Remove unused token.valid index ------------------------------------------------------------------- Tue Jan 7 11:07:50 UTC 2014 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Tue Jan 7 01:08:21 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev101.g11bb081: + Fixes the v2 GET /extensions curl example in the documentation. ------------------------------------------------------------------- Sat Jan 4 01:30:12 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev99.g8d1072f: + Fix IPv6 check ------------------------------------------------------------------- Thu Jan 2 18:21:25 UTC 2014 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev97.gce5fcb1: + Imported Translations from Transifex + Fix variable passed to driver module + Fix use the fact that empty sequences are false. + Reduced parameters not used in _populate_user() ------------------------------------------------------------------- Tue Dec 24 01:03:20 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev90.ga22520b: + Moves keystoneclient master tests in a new class + Stops file descriptor leaking in tests + Updated from global requirements ------------------------------------------------------------------- Mon Dec 23 15:34:14 UTC 2013 - dmueller@suse.com - remove sqlalchemy-08x.diff: we switched back to sqlalchemy 0.7.x ------------------------------------------------------------------- Sat Dec 21 01:01:06 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev84.gde73544: + Remove Identity and Assignment controller interdependancies + Move Assignment Controllers and Routers to be First Class + Re-write comment for ADMIN_TOKEN + Makes the test git checkout info more declaritive ------------------------------------------------------------------- Fri Dec 20 00:44:48 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev76.g5fe6602: + replace "global" roles var names with "all" roles + Use oslo.db sessions + Switch to oslo-incubator mask_password + Replace xrange in for loop with range + Move endpoint_filter extension documentation ------------------------------------------------------------------- Thu Dec 19 00:55:18 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev66.g0d83e3a: + Cleanup duplication in test_backend + Remove roles from OS-TRUST list responses ------------------------------------------------------------------- Wed Dec 18 00:58:49 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev62.g1a96f96: + Uses oslo's deprecated decorator; removes ours + Policy based domain isolation can't be defined. + trustee unable to perform role based operations on trust ------------------------------------------------------------------- Mon Dec 16 00:52:05 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev56.g576f5d9: + Refactor setup_logging + Cleanup backend loading + Fix typo in identity:list_role_assignments policy ------------------------------------------------------------------- Sun Dec 15 01:33:26 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev50.g61a2ad3: + Fixes documentation building + Create user returns 400 without a password + Remove deprecated code ------------------------------------------------------------------- Sat Dec 14 00:40:31 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev44.gf6aa723: + Fix issues handling trust tokens via ec2tokens API (bnc#855338, CVE-2013-6391) + UUID vs PKI docs + Base Implementation of KVS Dogpile Refactor + Add ABCMeta metaclass to token provider + Add assertSetEqual to base test class ------------------------------------------------------------------- Fri Dec 13 01:01:42 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev34.g35242b0: + Sync db.sqlalchemy from oslo-incubator ------------------------------------------------------------------- Thu Dec 12 01:26:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev32.g52cb8fe: + Fix errors for create_endpoint api in version2 + Debug env for tox ------------------------------------------------------------------- Wed Dec 11 01:33:20 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev29.g6c7f00d: + Sync versionutils from oslo + token provider cleanup + Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2 ------------------------------------------------------------------- Tue Dec 10 01:07:53 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev25.g926755a: + refactor test_catalog + Formalize deprecation of token_api.list_tokens ------------------------------------------------------------------- Mon Dec 9 00:52:40 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev21.gc354a38: + Narrow columns used in list_revoked_tokens sql ------------------------------------------------------------------- Sun Dec 8 00:39:15 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev19.g45b8f13: + Add index to cover revoked token list + Allow caching to be disabled and tests still pass + Sync rpc fix from oslo-incubator ------------------------------------------------------------------- Fri Dec 6 10:58:38 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev13.g5acd26b: + Add pycrypto as a test-requirement + Revert "Return a descriptive error message for controllers" + Adds a resource for changing a user's password + Deprecates V2 controllers + don't rebind stdlib's os.chdir function + Dependency cleanup + Updated from global requirements + Enhance tests for assignment create_grant when no user or group + Fix KVS create_grant to not raise NotFound if no user/group + Utilites for manipulating base64 & PEM + Updates .gitignore + One transaction per call to sql assignment backend + Fix typo in keystone + Try decoding string to UTF-8 on error message fail + Sync From OSLO + Refactor assertEqualXML into a testtools matcher + Added documentation to keystone.common.dependency. + Ensure the sample policy file won't diverge + Don't run non-tests + Easy testing with alternate keystoneclient ------------------------------------------------------------------- Sun Dec 1 00:54:50 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev199.gf72f369: + Return a descriptive error message for controllers ------------------------------------------------------------------- Sat Nov 30 01:05:55 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev197.g789cade: + Imported Translations from Transifex ------------------------------------------------------------------- Fri Nov 29 10:45:13 UTC 2013 - dmueller@suse.com - fix test package requires ------------------------------------------------------------------- Fri Nov 29 00:35:01 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev195.g7172737: + PasteConfigNotFound also raised when keystone.conf not found + Sync the DB2 communication error code change from olso + Style improvements to logging format strings + RST fix for os_inherit example + Make HACKING.rst DRYer + Allow downgrade for extensions ------------------------------------------------------------------- Thu Nov 28 00:59:29 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev183.gdbdb94c: + Import strutils from oslo + Skip test_create_update_delete_unicode_project in _ldap_livetest + Add documentation for Read Only LDAP configuration option. + Remove deprecated auth_token middleware + Sync log_handler module from Oslo + Skip test_arbitrary_attributes_* in _ldap_livetest ------------------------------------------------------------------- Wed Nov 27 14:36:07 UTC 2013 - dmueller@suse.com - add sqlalchemy-08x.diff ------------------------------------------------------------------- Wed Nov 27 01:29:08 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev171.g886befa: + Capture debug logging in tests ------------------------------------------------------------------- Mon Nov 25 11:03:38 UTC 2013 - dmueller@suse.com - fix requires ------------------------------------------------------------------- Sat Nov 23 01:14:28 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev170.g607b850: + Update mailmap for Joe Gordon + Add WWW-Authenticate header in 401 responses. + Detangle v3 RestfulTestCase setup + Fix issue deleting ec2-credentials as non-admin user + fix unparseable JSON + Remove obsolete redhat-eventlet.patch + Add memcache options to sample config + Rewrites the serveapp method into a fixture + Proxy Assignment from Identity Deprecated + Return an error when a non-existing tenant is added to a user + Allow use of rules Policy driver + Role NoneType object has no attribute setdefault ------------------------------------------------------------------- Sat Nov 16 01:01:17 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev146.g2ab2c62: + Sync log module from oslo ------------------------------------------------------------------- Fri Nov 15 18:07:52 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev144.ge5416c4: + Updated from global requirements + Issue unscoped token if user's default project is invalid + Do not name variables as builtins + Duplicate delete the user_project_metadata. + AuthInfo use dependency injection + UserAuthInfo use dependency injection ------------------------------------------------------------------- Thu Nov 14 11:55:01 UTC 2013 - speilicke@suse.com - Update to version 2014.1.dev132.g9307dee: + Moves common RestfulTestCase to it's own module. + Change deprecated CLI arguments + Change sample policy files to use policy language + test attribute update edge cases + use different bind addresses for admin and public + Fix newly discovered H302 + Add WSGI environment to context + Removes unused paste appserver instances from tests + trusts raise validation error if expires_at is invalid - Explicitly require OpenStack's fork of sqlalchemy-migrate for the %post scriptlet ------------------------------------------------------------------- Mon Nov 4 01:09:35 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev115.g6751c7d: + Clean up duplicate exceptions in docs for assignment.Driver ------------------------------------------------------------------- Fri Nov 1 01:11:55 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev113.g8de9861: + Enhance tests for delete_grant no user/group + Allow delete user or group at same time as role + Adds fixture package from oslo + proxy removed from identity and changed to assignment + Uses fixtures for mox and stubs + Remove unused DEFAULT_DOMAIN variable + Update my mailmap + Remove duplicated code on test_v3_auth ------------------------------------------------------------------- Thu Oct 31 01:29:40 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev97.geee9fd5: + Removes NoModule from the base testcase + Use abstract base class for token driver + Catch the socket exception and log it. + Use abstract base class for policy driver + Use abstract base class for oauth driver + Use abstract base class for endpoint_filter driver + Document tox instead of run_tests.sh + Documentation on how-to develop Keystone Extensions + Remove obsolete driver test module ------------------------------------------------------------------- Wed Oct 30 15:34:40 UTC 2013 - rhafer@suse.com - Add %{python_sitelib}/keystone/tests/tmp symlink to the -test subpackage allow the unittests to create/located their database ------------------------------------------------------------------- Tue Oct 29 01:54:33 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.dev79.g402060a: + Remove unused config option auth_admin_prefix + remove 8888 port in sample_data.sh + Fixes tox coverage command ------------------------------------------------------------------- Fri Oct 25 23:32:55 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a73.gf4a441c: + Adds tests for user extra attribute behavior ------------------------------------------------------------------- Fri Oct 25 00:18:19 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a71.g11f589d: + Move fakeldap to tests + Treats OS-KSADM:password as password in v2 APIs + Adds decorator to deprecate functions and methods + Adds identity v2 tests to show extra behavior ------------------------------------------------------------------- Thu Oct 24 10:04:02 UTC 2013 - dmueller@suse.com - fix post requires on python-Routes ------------------------------------------------------------------- Wed Oct 23 16:14:53 UTC 2013 - iartarisi@suse.com - Move default tests TMPDIR location to /var/lib/openstack-keystone-test/tmp ------------------------------------------------------------------- Wed Oct 23 14:39:51 UTC 2013 - dmueller@suse.com - switched to testr now, refresh requirements ------------------------------------------------------------------- Tue Oct 22 23:30:08 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a63.g4a100d4: + Enhance tests for deleting a role not assigned + Fix remove role assignment adds role using LDAP assignment + Add external.Base class to external plugins + Implementation of opt-out from catalog data during token validation. ------------------------------------------------------------------- Sun Oct 20 00:09:47 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a57.g2df1b7c: + Move CA key from certs directory to private directory ------------------------------------------------------------------- Fri Oct 18 08:10:43 UTC 2013 - speilicke@suse.com - Update to version 2014.1.a55.ga0e26c1: + Fixes error messaging + Add notifications for groups and roles + Changes to testr as the test runner - Drop 0001-Make-ROOTDIR-determination-more-robust.patch: Solved diffently upstream ------------------------------------------------------------------- Thu Oct 17 18:53:17 UTC 2013 - dmueller@suse.com - update requires ------------------------------------------------------------------- Thu Oct 17 15:45:13 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a49.g060ced4: + remove the nova dependency in the ec2_token middleware + Use abstract base class for auth handler ------------------------------------------------------------------- Wed Oct 16 23:28:47 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a45.g7ee88a0: + Add python-six to requirements + add IRC channel & wiki link to README + Use abstract base class for catalog driver + Adds more uniformity to identity update_user calls + Fixes broken doc references ------------------------------------------------------------------- Wed Oct 16 00:13:48 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a37.g20d6ffb: + Use abstract base class for assignment driver + Fix v2 token user ref with trust impersonation=True + Use abstract base class for credential driver ------------------------------------------------------------------- Mon Oct 14 23:36:08 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a31.gb426fa5: + Handle unicode at the caching layer more elegantly + Use abstract base class for identity driver + Remove unused member + set user_update policy to admin_required + Use abstract base class for trust driver ------------------------------------------------------------------- Mon Oct 14 12:24:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a22.g8ba9898: + Need to use _() to handle i18n string messages + Don't use default value in LimitingReader ------------------------------------------------------------------- Wed Oct 9 00:52:43 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2014.1.a18.gdf0a963: + Sync db.sqlalchemy + Fix mysql checkout handler AttributeError + Handle DB2 disconnect ------------------------------------------------------------------- Tue Oct 8 12:15:24 UTC 2013 - dmueller@suse.com - run db_sync before starting keystone server ------------------------------------------------------------------- Wed Oct 2 19:09:27 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.rc1: + Update tox config + Add tests dir to the coverage omit list + Imports oslo policy to fix test issues ------------------------------------------------------------------- Wed Oct 2 00:09:23 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a100.g1d91334: + Sync with global requirements + Enclose command args in with_venv.sh + Imported Translations from Transifex + Fixes errors logging in as a user with no password ------------------------------------------------------------------- Tue Oct 1 00:19:02 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a92.gec4680a: + sync oslo policy + Validate token calls return 404 on invalid tokens + Eliminate type error on search_s + Fix live LDAP tests + Sync gettextutils from oslo ------------------------------------------------------------------- Mon Sep 30 16:49:43 UTC 2013 - dmueller@suse.com - add missing endpoints to catalog ------------------------------------------------------------------- Sun Sep 29 00:56:54 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a82.ge979323: + Fix error when create user with LDAP backend + Protect oauth controller calls and update policy.json ------------------------------------------------------------------- Fri Sep 27 16:23:19 UTC 2013 - dmueller@suse.com - switch to crudini ------------------------------------------------------------------- Thu Sep 26 10:00:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a79.g2f75699: + upgrade to oslo.config 1.2 final + Modify oauth1 tests to use generated keystone token in a call + Optional dependency injection + oauth using optional dependencies + only run flake8 once (bug 1223023) + Update man pages + Fix updating attributes with ldap backend + Test for backend case sensitivity + Update man page version ------------------------------------------------------------------- Tue Sep 24 23:59:15 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a61.g3130076: + Check token_format for default token providers only. + Sync gettextutils from oslo + Ensure any relevant tokens are revoked when a role is deleted + Add user to project if project ID is changed ------------------------------------------------------------------- Mon Sep 23 23:36:37 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a54.g66d7c2c: + Cleanup of tenantId, tenant_id, and default_project_id + Remove ldap identity domain attribute options ------------------------------------------------------------------- Sat Sep 21 00:15:46 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a50.gbdac547: + Rewrite README.rst + Ensure v2 tokens are correctly invalidated when using BelongsTo + Monkey patch select in environment + check for domain existence before doing any ID work + Add extra test coverage for unscoped token invalidation ------------------------------------------------------------------- Wed Sep 18 23:36:42 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a41.g5a5023b: + Include new notification options in sample config ------------------------------------------------------------------- Wed Sep 18 10:16:32 UTC 2013 - dmueller@suse.com - add 0001-Make-ROOTDIR-determination-more-robust.patch ------------------------------------------------------------------- Tue Sep 17 23:59:24 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a39.gd3460c3: + Rationalize list_user_projects and get_projects_for_user + Fix misused assertTrue in unit tests ------------------------------------------------------------------- Tue Sep 17 00:05:45 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a36.g54b8ec5: + Ignore H803 from Hacking. + fix rst syntax in database schema migrations docs ------------------------------------------------------------------- Sun Sep 15 00:05:37 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a32.gd7eff43: + Move gettextutils installation in tests to core ------------------------------------------------------------------- Fri Sep 13 23:55:11 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a30.g3651879: + Test upgrade migration 16->17 + gate on H304: no relative imports ------------------------------------------------------------------- Thu Sep 12 23:35:16 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a26.g607b115: + test token revocation list API (bug 1202952) + Remove CA key password from cert setup + Cleanup tests imports so not relative + Fixes for user response with LDAP user_enabled_mask ------------------------------------------------------------------- Wed Sep 11 23:58:00 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a18.g1b97529: + Reduce churn of cache on revocation_list + Imported Translations from Transifex ------------------------------------------------------------------- Wed Sep 11 00:15:03 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a15.g33c8025: + Import core.* in keystone.tests + Tests use "from keystone import tests" ------------------------------------------------------------------- Tue Sep 10 00:12:35 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a12.g8dc7ed2: + Close each LDAP connection after it is used, + domain-specific drivers experimental in havana + Fix incorrect test for list_users ------------------------------------------------------------------- Mon Sep 9 12:22:00 UTC 2013 - dmueller@suse.com - update openstack-keystone.init: Set HOME dir correctly for openssl random state preservation ------------------------------------------------------------------- Sat Sep 7 07:46:43 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a7.gdac281a: + Changed header from LLC to Foundation based on trademark policies ------------------------------------------------------------------- Fri Sep 6 00:02:39 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a490.g8d2f53c: + Move _generate_paste_config to tests.core + OAuth authorizing user should propose roles to delegate + Imported Translations from Transifex + Support timezone in memcached token backend + Changes template header for translation catalogs ------------------------------------------------------------------- Thu Sep 5 15:07:05 UTC 2013 - speilicke@suse.com - Fix RUNDIR in init-script ------------------------------------------------------------------- Thu Sep 5 00:21:16 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a481.gd286187: + Modify default file/directory permissions + Utilities to create directores, set ownership & permissions + Update keystone-all man page + Add a oauth1-configuration.rst and extension section to docs + Update keystone wsgi httpd script for oslo logging + Fix the code miss to show the correct error messages ------------------------------------------------------------------- Tue Sep 3 23:39:02 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a469.g36b5df5: + Cleanup cache layer tests + Implement basic caching around assignment CRUD + add 'project' notifications to docs ------------------------------------------------------------------- Mon Sep 2 08:21:36 UTC 2013 - dmueller@suse.com - Update to version 2013.2.a464.g372a062: + Fixes a link in the documentation + Create associations between projects and endpoints + Keystone Caching Layer for Manager Calls + Add defense in ldap:get_roles_for_user_and_project + filter in ldap list_groups_for_user + Implement API protection on target entities + Fix error where consumer is not deleted from sql + Implement Caching for Token Revocation List + Refactor Token Provider to be aware of expired tokens. + Add notifications module + Remove enumerate calls + Drop support for diablo to essex migrations + Use correct filename for index & serial file when setting permissions + Removes KVS references from the documentation + Implement decorator-based notifications for users + Add Memory Isolating Cache Proxy + Add project CRUD to assignment_api Manager + Enable SQL tests for oauth + Add 'cn' to attribute_list for enabled_users/tenants query + Fix role lookup for Active Directory + Bump hacking to 0.7 + Remove kvs backend from oauth1 extension + Add common code from Oslo for work with database + Use common db model class from Oslo + Imported Translations from Transifex + Implement caching for Tokens and Token Validation + Document usage notifications + Use joins instead of multiple lookups in groups sql + Use testtools as base test class. ------------------------------------------------------------------- Mon Aug 26 23:56:06 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a410.g7eed453: + Remove a useless arg in range() + Fix translate static messages in response + Use system locale when Accept-Language header is not provided ------------------------------------------------------------------- Mon Aug 26 08:56:18 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a404.g15a3bde: + Clean up keystone-manage man page ------------------------------------------------------------------- Sun Aug 25 23:59:23 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a402.g361185c: + remove flake8 option from run_tests.sh ------------------------------------------------------------------- Sun Aug 25 00:00:44 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a401.gda26317: + Delete file TODO + change oauth.consumer description into nullable ------------------------------------------------------------------- Sat Aug 24 00:06:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a397.g4dbda64: + Ensure username passed by REMOTE_USER can contain '@' + fix the default values for token and password auth + Migrating ec2 credentials to credential. + remove unused function + add foreign key constraint on oauth tables ------------------------------------------------------------------- Fri Aug 23 00:01:08 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a388.gfebab09: + use provider to validate tokens ------------------------------------------------------------------- Thu Aug 22 00:00:59 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a386.gb6f6b57: + Remove User Check from Assignments + Remove an enumerate call + Assignment to reserved built-in symbol: filter + Fix isEnabledFor for compatibility with logging ------------------------------------------------------------------- Wed Aug 21 00:08:51 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a378.g7bc167d: + Refactor Token Providers for better version interfaces + Remove kwargs from manager calls / general cleanup + remove refs to keystone.common.logging + Store hash of access as primary key for ec2 type. + Add test test_deleting_project_delete_grants + Ignore flake issues in build/ directory + Move some logic from update() to BaseLdap + Move affirm_unique() in create() to BaseLdap + Assignment to reserved built-in symbol: dir + Remove Keystone specific logging module ------------------------------------------------------------------- Mon Aug 19 09:37:28 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a358.g9c92d27: + Add support for API message localization ------------------------------------------------------------------- Sat Aug 17 23:59:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a356.g14cba15: + Add delegated_auth support for keystone ------------------------------------------------------------------- Fri Aug 16 23:58:17 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a354.g781c65b: + update usage in run_test.sh for flake8 + Increase length of username in DB + Remove unused import + Set wsgi startup log level to INFO + Add unit test to check non-string password support + Cleaned up a few old crufties from README + Clean hacking errors in advance of hacking update + Implement domain specific Identity backends + More validation in test_user_enable_attribute_mask + Fix LDAP Identity with non-zero user_enabled_default + Fix LDAP Identity get user with user_enabled_mask ------------------------------------------------------------------- Thu Aug 15 23:37:15 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a336.gb0b32d0: + Skip test_create_unicode_user_name in _ldap_livetest + Do not skip test_user_enable_attribute_mask in _ldap_livetest + Fix test_user_enable_attribute_mask so it actually tests + Revoke user tokens when disabling/delete a project + Refactor Keystone to use unified logging from Oslo + Cleaned up pluggable auth docs ------------------------------------------------------------------- Wed Aug 14 07:46:47 UTC 2013 - speilicke@suse.com - Update to version 2013.2.a327.g14e0901: + Drop extra credential indexes + Make pki_setup work with OpenSSL 0.9.x + Add memcache to httpd doc. + Move Babel dependency from test-req to req + Initial implementation of unified-logging + Sync notifier module from Oslo + Move 'tests' directory into 'keystone' package - No need to require shadow-utils anymore, even SLE_11_SP3 has pwdutils - Drop 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch: Merged upstream - Fix spec file typo (dependency token) ------------------------------------------------------------------- Tue Aug 13 07:57:51 UTC 2013 - berendt@b1-systems.de - added missing requirement python-Babel - added missing requirement python-netaddr ------------------------------------------------------------------- Mon Aug 12 23:46:51 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a315.g708ccf0: + Sync models with migrations ------------------------------------------------------------------- Mon Aug 12 09:18:18 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a313.g4829de4: + Configurable max password length (bug 1175906) + Sync unified logging solution from Oslo + Abstract out attribute_mapping filling in LDAP driver. + Create default role on demand + Abstract out attribute_ignore assigning in LDAP driver + Run test_mask_password once ------------------------------------------------------------------- Thu Aug 8 23:42:15 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a303.ga4243e1: + Fix select n+1 issue in keystone catalog ------------------------------------------------------------------- Thu Aug 8 20:07:59 UTC 2013 - dmueller@suse.com - switch to python-setuptools - remove python-d2to1 ------------------------------------------------------------------- Wed Aug 7 23:59:53 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a301.gc547eb4: + extension migrations ------------------------------------------------------------------- Wed Aug 7 00:07:48 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a299.gdb9535c: + Handle json data when migrating role metadata. + Raise max header size to accommodate large tokens. + remove swift dependency of s3 middleware -------------------------------------------------------------------- Fri Aug 2 23:59:55 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a293.ged1f967: + Clear out the dependency registry between tests + Handle circular dependencies + Use dependency injection for assignment and identity + use 'exc_info=True' instead of import traceback + .gitignore eggs + add OS-TRUST to links + Sync DB models and migrations in keystone.assignment.backends.sql + Update references with new Mailing List location + V3 API need to check mandatory field when creating resources + Clean up use of token_provider manager in tests + Remove kwargs from manager calls where not needed. + Imported Translations from Transifex + Fix typo: Tenents -> Tenants + Use oslo.sphinx and remove local copy of doc theme -------------------------------------------------------------------- Thu Aug 1 23:38:01 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a265.g0368950: + Use keystone.wsgi.Request for RequestClass + Remove passwords from LDAP queries -------------------------------------------------------------------- Thu Aug 1 00:03:58 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a261.gf1ac78c: + Ec2 credentials table not created during testing + Load backends before deploy app in client tests -------------------------------------------------------------------- Wed Jul 31 00:04:20 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a257.g5958691: + sql.Driver:authenticate() signatures should match -------------------------------------------------------------------- Tue Jul 30 14:47:43 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a255.gc21b458: + default token format/provider handling -------------------------------------------------------------------- Mon Jul 29 23:50:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a253.g10fde8e: + Clear cached engine when global engine changes + Implement exception module i18n support -------------------------------------------------------------------- Fri Jul 26 23:52:02 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a249.g97a5b49: + Remove vestiges of Assignments from LDAP Identity Backend + Scipped tests don't render as ERROR's -------------------------------------------------------------------- Thu Jul 25 00:03:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a246.g0a40152: + Fixing broken credential schema in sqlite. -------------------------------------------------------------------- Tue Jul 23 23:55:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a245.gc6b7dd8: + Deprecate kvs token backend + Load app before loading legacy client in tests. + Use assignment_api rather than assignment -------------------------------------------------------------------- Mon Jul 22 00:22:50 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a240.g7fde605: + Regenerate example PKI after change of defaults + Return correct link for effective group roles in GET /role_assignments + Deprecation warning for [signing] token_format + Add [assignment].driver to sample config + Remove an enumerate call + Correct Spelling Mistake -------------------------------------------------------------------- Thu Jul 18 23:48:41 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a228.g53ed50d: + Support token_format for backward compatibility + python3: Introduce py33 to tox.ini -------------------------------------------------------------------- Wed Jul 17 23:49:24 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a225.gc42533f: + grammar fixes in error messages + update requires to prevent version cap -------------------------------------------------------------------- Wed Jul 17 10:13:43 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a221.g2667c77: + Change domain component value to org from com + wsgi.BaseApplication and wsgi.Router factories should use **kwargs + Python 3.x compatible use of print + Add unittest for keystone.identity.backends.sql Models + Don't use deprecated BaseException.message + Implements Pluggable V2 Token Provider + Implement role assignment inheritance (OS-INHERIT extension) + Pluggable Remote User + Fix XML rendering with empty auth payload. + Implemented token creation without catalog response. + Implement Token Binding. ------------------------------------------------------------------- Mon Jul 15 23:34:54 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a202.gdec66cd: + Implements Pluggable V3 Token Provider ------------------------------------------------------------------- Sun Jul 14 23:51:17 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a200.gdf63b9c: + Add version so that pre-release versioning works ------------------------------------------------------------------- Sat Jul 13 23:52:58 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.198.g95a27a8: + Register Extensions + Sync-up crypto from oslo-incubator ------------------------------------------------------------------- Fri Jul 12 23:53:00 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.194.g85a5022: + Add crypto dependency + Sync install_venv_common from oslo + Pass on arguments on Base.get_session + Imported Translations from Transifex + Mixed LDAP/SQL Backend. ------------------------------------------------------------------- Thu Jul 11 23:55:05 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.184.g41ca51c: + Remove a useless arg in range() + Rationalize how we get roles after authentication in the controllers + Do not create LDAP Domains sub tree + Remove context from get_token call in normalize_domain_id + Use InnoDB for MySQL + Move temporary test files into tests/tmp ------------------------------------------------------------------- Tue Jul 9 23:55:53 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.172.gfafdf07: + assignment backend ------------------------------------------------------------------- Tue Jul 9 16:44:01 UTC 2013 - dmueller@suse.com - add 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch ------------------------------------------------------------------- Tue Jul 9 10:08:09 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.171.gb556d8a: + Work without admin_token_auth middleware + Move comments in front of dependencies ------------------------------------------------------------------- Mon Jul 8 23:56:23 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.167.g699b483: + Implement GET /role_assignment API call + DB2 migration support + Remove an enumerate call + Fix issue with v3 tokens and group membership roles + Imported Translations from Transifex + Add callbacks for set_global_engine ------------------------------------------------------------------- Sat Jul 6 23:52:19 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.155.g6450f75: + Update paths to pem files in keystone.conf.sample ------------------------------------------------------------------- Fri Jul 5 23:51:16 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.153.g5746f5b: + rename quantum to neutron in docs ------------------------------------------------------------------- Thu Jul 4 08:12:47 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.151.gbb6ebd4: + Fix up some trivial license mismatches ------------------------------------------------------------------- Wed Jul 3 23:57:13 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.149.g62d948a: + Use event.listen() instead of deprecated listeners kwarg ------------------------------------------------------------------- Wed Jul 3 14:01:15 UTC 2013 - naehring@b1-systems.de - adding keystone-paste.ini - the paste configuration has been moved to keystone-paste.ini ------------------------------------------------------------------- Wed Jul 3 08:48:01 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.147.g214df21: + Remove hard tabs and trailing whitespace + Install locales for httpd. ------------------------------------------------------------------- Tue Jul 2 23:58:33 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.143.gda9dc14: + `tox -ecover` failure. Missing entry in tox.ini ------------------------------------------------------------------- Mon Jul 1 23:44:39 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.141.g59ea706: + Add 'application' to keystone.py for WSGI -------------------------------------------------------------------- Fri Jun 28 23:43:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.140.g6362fb7: + Stop passing context to managers (bug 1194938) + check for constraint before dropping + Clean up keystone-all.rst + Manager instead of direct driver -------------------------------------------------------------------- Thu Jun 27 23:42:04 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.133.g6c6d15c: + Revert environment module usage in middleware. + Do not raise NEW exceptions -------------------------------------------------------------------- Wed Jun 26 23:41:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.129.g600c38b: + LDAP list group users not fail if user entry deleted -------------------------------------------------------------------- Tue Jun 25 23:41:03 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.128.g31863d1: + Remove explicit distribute depend. -------------------------------------------------------------------- Mon Jun 24 23:40:52 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.126.g95cf470: + Version response compatible with Folsom -------------------------------------------------------------------- Sun Jun 23 23:40:53 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.124.gf1cfbd7: + python WebOb dependency made unpinned. + Initialize logging from HTTPD. + wsgi.Middleware factory should use **kwargs + Consolidate admin_or_owner rule -------------------------------------------------------------------- Sat Jun 22 23:40:47 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.116.g97225ff: + Fix link typo in Sphinx doc + Base.get_engine honor allow_global_engine=False -------------------------------------------------------------------- Fri Jun 21 23:40:38 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.112.gb9e46fb: + Move identity ldap backend from directory to file -------------------------------------------------------------------- Thu Jun 20 23:40:44 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.111.g7ccfac7: + Removing LDAP API Shim -------------------------------------------------------------------- Thu Jun 20 00:02:42 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.110.g7cd0bb0: + Isolate eventlet code into environment. + Set default 'ou' name for LDAP projects to Projects -------------------------------------------------------------------- Tue Jun 18 23:42:35 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.106.ge0834da: + LDAP get_project_users should not return password + Remove how to contribute section in favor of CONTRIBUTING.rst + Imported Translations from Transifex + Http 400 when project enabled is not a boolean + Remove a stat warning log + Correct the resolving api logic in stat middleware + Move user fileds type check to identity.Manager + Adds tests for XML version response + Imported Translations from Transifex -------------------------------------------------------------------- Sun Jun 16 00:00:18 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.88.g3c687d1: + Using sql as default driver for tokens + Imported Translations from Transifex + Correct the default name attribute for role -------------------------------------------------------------------- Sat Jun 15 00:02:46 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.82.g543714b: + drop user and group constraints + Allow request headers access in app context. + Fix token purging for memcache for user token index. + Add checks to test if enabled is bool -------------------------------------------------------------------- Thu Jun 13 23:59:36 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.74.gc963383: + Force simple Bind for authentication + Correct LDAP configuration doc ------------------------------------------------------------------- Thu Jun 13 15:58:02 UTC 2013 - dmueller@suse.com - fix typo in post-install script -------------------------------------------------------------------- Wed Jun 12 09:33:49 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.72.g6111bc9: + Move coverage output dir for Jenkins. + Replace openstack-common with oslo in docs -------------------------------------------------------------------- Tue Jun 11 09:33:09 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.68.g5df7424: + Fix internal doc links (bug 1176211) + Remove bufferedhttp + add ca_key to sample configuration + Commit transaction in migration -------------------------------------------------------------------- Mon Jun 10 13:45:12 UTC 2013 - bmwiedemann@opensuse.org - BuildRequire python-sqlalchemy + migrate for post-build-checks - Update to version 2013.2.b1.60.gb1d4de7: + Add db_version command to keystone-manage + run_tests.sh should use flake8 (bug 1180609) + Require keystone-user/-group for pki_setup + Import eventlet patch from oslo. + Check schema when dropping constraints. + Missing contraction: Its -> It's (bug 1176213) + Raise key length defaults + fix error default policy for create_project + Ignore the .update-venv directory. ------------------------------------------------------------------- Mon Jun 10 13:06:46 UTC 2013 - dmueller@suse.com - remove hybrid keystone backend -------------------------------------------------------------------- Thu Jun 6 00:26:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.42.ge6d551d: + Ignore conflict on v2 auto role assignment (bug 1161963) + split authenticate call + remove_role_from_user_and_project affecting all users (bug 1170649) -------------------------------------------------------------------- Wed Jun 5 00:20:14 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.36.g0c9538d: + Maintain tokens after role assignments (bug 1170186) + typo in 'import pydev' statement -------------------------------------------------------------------- Fri May 31 23:38:54 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.33.gcd34971: + Convert openstack-common.conf to the nicer multiline format. + Rename requires files to standard names. + Test 403 error title + Disable eventlet monkey-patching of DNS + Revert "Set EVENTLET_NO_GREENDNS=yes in tox.ini." + Document size limits + Fixes a typo + Add index on valid column of the SQL token Backend + Add missing oslo module. + Fix incorrect role assignment in migration. + Live SQL migration tests ------------------------------------------------------------------- Fri May 31 09:14:26 UTC 2013 - dmueller@suse.com - avoid warning in post script -------------------------------------------------------------------- Thu May 30 23:39:05 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.b1.11.gfa2f963: + Move auth_token middleware from admin user to an RBAC policy + Improve the performance of tokens deletion for user + Add <version> arg to keystone-manage db_sync + Imported Translations from Transifex -------------------------------------------------------------------- Wed May 29 23:38:58 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.1.rc2.161.gd67e31b: + Add KEYSTONE_LOCALEDIR env variable + Add missing space to error msg + Fix the debug statement. ------------------------------------------------------------------- Wed May 29 11:18:45 UTC 2013 - dmueller@suse.com - remove setBadness call from rpmlintrc -------------------------------------------------------------------- Tue May 28 23:38:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.1.rc2.157.g2879d42: + Replace assertDictContainsSubset with stdlib ver + separate paste-deploy configuration from parameters + Add index on expires column of the SQL token Backend -------------------------------------------------------------------- Mon May 27 10:03:12 UTC 2013 - speilicke@suse.com - Update to version 2013.1.rc2.153.gaf4e969: + Implement Token Flush via keystone-manage. + Documentation about the initial configuration file and sample data. + Imported Translations from Transifex + Read-only default domain for LDAP (bug 1168726) + Add assertNotEmpty to tests and use it. + Fix 403 status response + Use webtest for v2 and v3 API testing. + Consolidate eventlet code + Imported Translations from Transifex + Satisfy flake8 import rules F401 and F403 + Migrate to pbr. + Remove unused variables (flake8 F841) + Enumerate ignored flake8 H* rules + Use TODO(NAME) (flake8 H101) + use the 'not in' operator (flake8 H902) + consistent i18n placeholders (flake8 H701, H702, H703) + eliminate 'except:' (flake8 H201) + one import per line (flake8 H301) + Remove unnecessary commented out code + import only modules (flake8 H302) + imports not in alphabetical order (flake8 H306) + Remove useless private method + Cleanup docstrings (flake8 H401, H402, H403, H404) - More build requirements for for %post section keystone-manage invocation: + python-WebOb + python-passlib + python-routes ------------------------------------------------------------------- Mon May 27 08:50:37 UTC 2013 - dmueller@suse.com - python-pbr/d2to1 requires ------------------------------------------------------------------- Tue May 21 13:54:20 UTC 2013 - iartarisi@suse.com - add missing requirement python-sqlalchemy-migrate -------------------------------------------------------------------- Mon May 20 23:58:12 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a118.g8d2b8e6: + get SQL refs from session (bp sql-query-get) ------------------------------------------------------------------- Sat May 18 13:05:42 UTC 2013 - dmueller@suse.com - update requires based on pip-requires -------------------------------------------------------------------- Sat May 18 00:00:13 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a117.g7b99bd6: + Test listing of tokens with a null tenant + Http 400 when user enabled is not a boolean + extracting credentials + Accept env variables to override default passwords -------------------------------------------------------------------- Wed May 15 23:35:41 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a109.g2e15fe4: + Fix pyflakes and pep8 in prep for flake8. + Migrate to flake8. -------------------------------------------------------------------- Wed May 15 08:54:30 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a105.gcb0ddab: + Enable unicode error message -------------------------------------------------------------------- Fri May 10 23:38:30 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a103.gefc30be: + Disable eventlet monkey-patching of DNS + Set EVENTLET_NO_GREENDNS=yes in tox.ini. + Revert "Disable eventlet monkey-patching of DNS" + Allow backend & client SQL tests on mysql and pg. -------------------------------------------------------------------- Thu May 9 23:38:24 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a99.g693a486: + Remove unused CONF.pam.url + Replace password to "***" in the debug message + Revoke tokens on user delete (bug 1166670) + A minor refactor in wsgi.py -------------------------------------------------------------------- Tue May 7 23:38:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a92.g96a816f: + LDAP list groups with missing member entry -------------------------------------------------------------------- Tue May 7 16:18:10 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a90.gb55620d: + Skip IPv6 tests for eventlet dns -------------------------------------------------------------------- Wed May 1 23:37:48 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a89.g22d96b2: + HACKING LDAP -------------------------------------------------------------------- Sat Apr 27 00:01:59 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a87.ga78bc2e: + Allow additional attribute mappings in ldap -------------------------------------------------------------------- Thu Apr 25 23:54:41 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a85.gd9dd876: + Mark LDAP password and admin_token secret ------------------------------------------------------------------- Thu Apr 25 14:24:35 UTC 2013 - dmueller@suse.com - require python-python-memcached 1.31 -------------------------------------------------------------------- Wed Apr 24 23:54:56 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a83.g7617fef: + Remove new constraint from migration downgrade. + Make migration tests postgres & mysql friendly. + Delete extra dict in token controller. -------------------------------------------------------------------- Tue Apr 23 21:58:35 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a77.geefc8e0: + Set empty element to "" + close db migration session + fix undefined variable + fix duplicate option error + Add rule for list_groups_for_user in policy.json + clean up invalid variable reference -------------------------------------------------------------------- Mon Apr 22 23:59:52 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a65.g92e40ce: + test duplicate name + don't migrate as often -------------------------------------------------------------------- Sun Apr 21 23:27:01 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a61.g166a03c: + Rename trust extension (bug 1158980) + use the roles in the token when recreating + keystone commands don't print any version information + keystone commands don't print any version information + Fix test coverage for v2 scoped auth xml response (bug 1160504) + Fix test coverage for v2 scoped auth xml response (bug 1160504) + Mark sql connection with secret flag + Share one engine for more than just sqlite in-memory + Sync with oslo-incubator. + Fix IBM copyright strings + Fix example in documentation. + stop using time.sleep in tests + use the openstack test runner + Fix 401 status response + Add TLS Support for LDAP + catch errors in wsgi.Middleware. + Fix for configuring non-default auth plugins properly + Generate HTTPS certificates with ssl_setup. + Use string for port in default endpoints (bug 1160573) + residual grants after delete action (bug1125637) + Use is_enabled() in folsom->grizzly upgrade (bug 1167421) + Add missing colon for documentation build steps. + Remove un-needed LimitingReader read() function. + Clean up duplicate methods + Fix token ids for memcached + Fixed unicode username user creation error + Fixed logging usage instead of LOG + Removed unused imports + Remove non-production middleware from sample pipelines + What is this for? + bug 1159888 broken links in rst doc + Sync with oslo-incubator copy of setup.py -------------------------------------------------------------------- Mon Mar 25 13:52:34 UTC 2013 - opensuse-cloud@opensuse.org - Update to version 2013.2.a338.gbceee56: + Fix XML handling of member links (bug 1156594) + Test default_project_id scoping (bug 1023502) + Ensure delete domain removes all owned entities + Utilize legacy_endpoint_id column (bug 1154918) + Pass project membership as dict in migration 015. + V2, V3 token intermix for unscoped tokens (bug 1156913) + Revise docs to use keystoneclient.middleware.auth_token + Fix live ldap tests + Support for LDAP groups (bug #1092187) + Correct spacing in warning msg + Validate domains unconditionally (bug 1130236) + Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430) + Properly handle emulated ldap enablement + Wrap config module and require manual setup (bug 1143998) + Enable emulation for domains + Allow trusts to be optional + Version bump to 2013.2 + Add a dereference option for ldap + Move trusts to extension + Make versions aware of enabled pipelines. + Imported Translations from Transifex + Rework S3Token middleware tests. + Rename trust extension. ------------------------------------------------------------------- Mon Mar 18 10:41:29 UTC 2013 - speilicke@suse.com - Drop +git.$TIMESTAMP.$COMMITHASH version suffix -------------------------------------------------------------------- Sun Mar 17 11:28:35 UTC 2013 - dmueller@suse.com - Update to version 2013.1.a301.g16b4643+git.1363519715.16b4643: + Explain LDAP page_size & default value + Catch and log server exceptions + Filter out legacy_endpoint_id (bug 1152635) + Ensure tokens are revoked for relevant v3 api calls + Switch to final 1.1.0 oslo.config release + Added test cases to improve LDAP project testing + Migrate roles from metadata to user_project_metadata + duplicated trust tests + quiet route logging on skipped tests + Remove TODO that didn't land in grizzly + No parent exception to wrap + Remove duplicate password/token opts. + Fixes bug 1151747: broken XML translation for resource collections + xml_body returns backtrace on XMLSyntaxError + extracting user and trust ids into normalized fields + Discard null endpoints (bug 1152632) - remove keystone-cs24277.diff: * merged upstream ------------------------------------------------------------------- Wed Mar 13 10:17:48 UTC 2013 - dmueller@suse.com - add keystone-cs24277.diff: * make keystone start again -------------------------------------------------------------------- Wed Mar 13 00:17:24 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1.a271.g45228ca+git.1363133844.45228ca: + cleanup trusts in controllers + remove spurious roles check + add belongs_to check + Improve tests for api protection and filtering ------------------------------------------------------------------- Tue Mar 12 10:44:59 UTC 2013 - dmueller@suse.com - require python-oslo.config -------------------------------------------------------------------- Tue Mar 12 00:10:56 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1.a263.g09e2fc7+git.1363047056.09e2fc7: + Make getting user-domain roles backend independant + Make Keystone return v3 as part of the version api + bug 1133526 + Run keystone server in debug mode. + Fix folsom -> grizzly role table migration issues (bug 1119789) + Revert "from tests import" + Revert "update tests/__init__.py to verify openssl version" -------------------------------------------------------------------- Mon Mar 11 09:59:43 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1.a251.g59757f6+git.1362995983.59757f6: + Unpin pam dependency version + Sync timeutils with oslo + Remove obsolete *page[_marker] methods from LDAP backend. + bug 1134802: fix inconsistent format for expires_at and issued_at + Trusts + Expand v3 trust test coverage + keystone : Use Ec2Signer utility class from keystoneclient + remove unused import + Move auth plugins to 'keystone.auth.plugins' (bug 1136967) + ports should be ints in config (bug 1137696) + mark 2.0 API as stable + Straighten out NotFound raising in LDAP backend. + fix typo in kvs backend + Move get_by_name to LdapBase. + Remove unused methods from LDAP backed. + return 201 Created on POST request (bug1131119) + Delete tokens for user + unable to load certificate should abort request + add missing attributes for group/project tables (bug1126021) + v3 endpoints won't have legacy ID's (bug 1150930) + Change exception raised to Forbidden on trust_id + from tests import ------------------------------------------------------------------- Fri Mar 8 11:01:34 UTC 2013 - vuntz@suse.com - Fix ownership of /var/log/keystone/keystone.log after call to "keystone-manage pki_setup" in %post: if the package is installed for the first time, the log file is owned by root, which breaks keystone (since it can't write to the log file). ------------------------------------------------------------------- Thu Mar 7 16:10:27 UTC 2013 - bwiedemann@suse.com - fix logging.conf to be about keystone and have absolute path -------------------------------------------------------------------- Tue Mar 5 17:22:34 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1.a210.g2515d1b+git.1362504154.2515d1b: + Ensure keystone unittests do not leave CONF.policyfile in bad state + Move handle_conflicts decorator into sql + flatten payload for policy + Convert api to controller + bug 1131840: fix auth and token data for XML translation + domain_id_attributes in config.py have wrong default value + command line switch for short pep8 output. + Setup logging in keystone-manage command. + Imported Translations from Transifex + Enable a parameters on ldap to allow paged_search of ldap queries This fixes bug 1083463 + update tests/__init__.py to verify openssl version ------------------------------------------------------------------- Mon Mar 4 13:38:13 UTC 2013 - iartarisi@suse.com - Move python-ldap requirement to python-keystone subpackage ------------------------------------------------------------------- Thu Feb 28 14:07:54 UTC 2013 - dmueller@suse.com - Fix last change ------------------------------------------------------------------- Mon Feb 25 13:27:40 UTC 2013 - saschpe@suse.de - Ghost /var/run/keystone ------------------------------------------------------------------- Mon Feb 25 10:07:11 UTC 2013 - saschpe@suse.de - Drop sysconfig from init scripts -------------------------------------------------------------------- Sun Feb 24 18:52:11 UTC 2013 - dmueller@suse.com - Update to version 2013.1.a191.g30dbb74+git.1361731931.30dbb74: + Remove test_auth_token_middleware + Silence routes internal debug logging + Workaround Migration issue with PostgreSQL + Add pysqlite as explicit test dep + project membership to role conversion + Remove usage of UserRoleAssociation.id in LDAP + Add an update option to run_tests.sh + make fakeldap._match_query work for an arbitrary number of groups + Update sample_data.sh to match docs + Use oslo-config-2013.1b3 + Remove old, outdated keystone devref docs + Implement name space for domains + Update the Keystone policy engine to the latest openstack common + Ensure user and tenant enabled in EC2 + merging in fix from oslo upstream + Disable XML entity parsing + make LDAP query scope configurable + enabled attribute emulation support + v3 token API + Pass query filter attributes to policy engine + Removed redundant assertion + Update oslo-config version. + domain-scoping + Fix id_to_dn for creating objects + Tests for domain-scoped tokens + Change the default LDAP mapping for description. + Correct SQL migration 017 column name ------------------------------------------------------------------- Fri Feb 22 10:25:20 UTC 2013 - saschpe@suse.de - Require openstack-suse-macros instead of openstack-common-macros ------------------------------------------------------------------- Thu Feb 21 17:08:52 UTC 2013 - iartarisi@suse.com - added oslo-config requirement ------------------------------------------------------------------- Mon Feb 18 11:18:18 UTC 2013 - saschpe@suse.de - Init script cleanup: + Drop useless shell variables + Don't depend on $network facility, we already have $remote_fs (comes after $network) + Source /etc/sysconfig/openstack-keystone (if available), orthogonal to the other init scripts we provide. We're not using this feature ATM though - Default configuration cleanup: + Use openstack-utils to set as much default values in the package as possible (instead of patch/sed/...). Some may be overwritting later on by, .e.g., crowbar - More useful lograte configuration: + Compress + Make sure to keep log files for at least 90 days (i.e. rotate 15 + weekly = 15 weeks). + Add size=1M to avoid getting DoS'ed by wild daemons + Use copytruncate instead of create+postrotate+sharedscripts to avoid a daemon restart -------------------------------------------------------------------- Mon Feb 18 09:37:31 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1.a138.g5a8682d+git.1361180251.5a8682d: + fix unit test when memcache middleware is not configured + Fix bugs with set ldap password. + Cleaned up keystone-all --help output + add missing kvs functionality (bug1119770) + remove unneeded config reloading (it's already done during setUp) + Update to oslo version code. ------------------------------------------------------------------- Thu Feb 14 13:27:29 UTC 2013 - iartarisi@suse.com - Remove unused/upstreamed patches for requests and LDAP scope -------------------------------------------------------------------- Thu Feb 14 11:38:35 UTC 2013 - iartarisi@suse.cz - Update keystone-hybrid-backend to fix unit tests - Update to version 2013.1+git.1360841915.901d079: + Fix normalize identity sql ugrade for Mysql and postgresql + Sync latest cfg from oslo-incubator + Update .coveragerc + Query only attributes strictly required for keystone when using it with existing LDAP servers + remove duplicate model declaration/attribution + import tools/flakes from oslo + Expand dependency injection test coverage + simplify query building logic + Generate apache-style common access logs + Add missing log_format, log_file, log_dir opts. + allow unauthenticated connections to an LDAP server + Missed import for IPv6 tests skip. + Spell accommodate correctly. + Use install_venv_common.py from oslo. + Keystone backend preparation for domain-scoping + Fix spelling mistakes + Fix test_contrib_s3_core unit test + add check for config-dir parameter (bug1101129) + don't create a new, copied list in get_project_users + Tenant update on LDAP breaks if there is no update to apply + adding additional backend tests (bug1101244) ------------------------------------------------------------------- Tue Feb 12 12:13:21 UTC 2013 - dmueller@suse.com - add service-endpoints for Quantum -------------------------------------------------------------------- Mon Feb 11 15:41:59 UTC 2013 - dmueller@suse.com - Update to version 2013.1+git.1360597319.c05041e: + Add --keystone-user/group to keystone-manage pki_setup + UserApi.update not to require all fields in arg + return 400 Bad Request if invalid params supplied (bug1061738) + Relational API links + Adds png versions of all svg image files. Changes reference. ------------------------------------------------------------------- Mon Feb 11 15:41:40 UTC 2013 - dmueller@suse.com - Remove lp-bug-1031372.patch: * Merged upstream ------------------------------------------------------------------- Thu Feb 7 10:15:55 UTC 2013 - iartarisi@suse.com - use in-memory database for hybrid backend unit-tests ------------------------------------------------------------------- Wed Feb 6 16:08:22 UTC 2013 - iartarisi@suse.com - re-enable hybrid backend -------------------------------------------------------------------- Wed Feb 6 15:28:28 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1+git.1360164508.8ec247b: + Document user group LDAP options + Why .pop()'ing urls first is important + Imported Translations from Transifex + Delete Roles for User and Project LDAP + Fixes 'not in' operator usage + Add size validations to token controller. -------------------------------------------------------------------- Mon Feb 4 11:57:14 UTC 2013 - dmueller@suse.com - Update to version 2013.1+git.1359979034.4722c84: + Updates migration 008 to work on PostgreSQL. + Create a default domain (bp default-domain) + tenant to project in the apis + Tenant to Project in Back ends + Enable/disable domains (bug 1100145) + Readme: use 'doc' directory not 'docs' ------------------------------------------------------------------- Thu Jan 31 16:46:36 UTC 2013 - dmueller@suse.com - Add lp-bug-1031372.patch: Rework the way pki_setup is used ------------------------------------------------------------------- Mon Jan 28 13:26:21 UTC 2013 - saschpe@suse.de - Add keystone-requests-compat.patch: Compatiblity with requests>=1.0 -------------------------------------------------------------------- Mon Jan 28 12:49:28 UTC 2013 - dmueller@sue.com - Update to version 2013.1+git.1359377368.56f194a: + rename tenant to project in sql + Fix pep8 error. -------------------------------------------------------------------- Wed Jan 23 16:39:37 UTC 2013 - cloud-devel@suse.de - Update to version 2013.1+git.1358959177.7691276: + Limit the size of HTTP requests. ------------------------------------------------------------------- Wed Jan 23 14:03:35 UTC 2013 - saschpe@suse.de - Clean up %config(noreplace), only logrotate config and *.conf files should be noreplace ------------------------------------------------------------------- Tue Jan 22 13:30:16 UTC 2013 - dmueller@suse.com - use pki_setup to setup initial public/private key pair -------------------------------------------------------------------- Mon Jan 21 09:51:50 UTC 2013 - dmueller@suse.com - Update to version 2013.1+git.1358761910.8748cfa: + Allow running of sql against the live DB. + Test that you can undo & re-apply all migrations + downgrade user and tenant + Auto-detect max SQL migration + Safer data migrations + Sync base identity Driver defs with SQL driver + Fix i18n of string templates. + Enhance wsgi to listen on ipv6 address + add database string field length check + Autoload schema before creating FK's (bug 1098174) + Enable exception format checking in the tests. + reorder tables for delete ------------------------------------------------------------------- Wed Jan 16 15:05:54 UTC 2013 - dmueller@suse.com - copy example ssl cert to the place where keystone expects it - remove apache2 ssl/wsgi wrapper, keystone can do SSL on its own -------------------------------------------------------------------- Mon Jan 14 15:15:38 UTC 2013 - saschpe@suse.de - Update to version 2013.1+git.1358172938.ceec5c0: + Validated URLs in v2 endpoint creation API + Fixes import order nits + Cleanup keystoneclient testing requirements + Correct spelling errors / typos in test names + Keystone server support for user groups + Add missing .po files to tarball + adds keyring to test-requires + Revert "shorten pep8 output" + Upgrade WebOb to 1.2.3 + il8n some strings + Imported Translations from Transifex + Removed unused variables + Removed unused imports + Add pyflakes to tox.ini + Fix spelling typo + shorten pep8 output + Driver registry + Adding a means to connect back to a pydevd debugger. + add in pip requires for requests + Split endpoint records in SQL by interface + Fix typo s/interalurl/internalurl/ + module refactoring + Test for content-type appropriate 404 (bug 1089987) + Imported Translations from Transifex + fixing bug 1046862 + Expand default time delta (bug 1089988) + Add tests for contrib.s3.core. + Test drivers return HTTP 501 Not Implemented + Support non-default role_id_attribute + Remove swift auth. + Move token controller into keystone.token + Import pysqlite2 if sqlite3 is not available. + Remove mentions of essex in docs (bug 1085247) + Ensure serviceCatalog is list when empty, not dict + Adding downgrade steps for migration scripts. + Port to argparse based cfg + Only 'import *' from 'core' modules + use keystone test and change config during setUp + Bug 1075090 -- Fixing log messages in python source code to support internationalization. + Added documentation for the external auth support + check the redirected path on the request, not the response + Validate password type (bug 1081861) + split identities module into logical parts remove unneeded imports from core + Ensure token expiration is maintained (bug 1079216) + normalize identity + Fixes typo in keystone setup doc + Imported Translations from Transifex + Stop using cfg's internal implementation details + syncing run_tests to match tox + Expose auth failure details in debug mode + Utilize policy.json by default (bug 1043758) + Wrap v3 API with RBAC (bug 1023943) + v3 Identity + v3 Catalog + v3 Policies + Import auth_token middleware from keystoneclient + Imported Translations from Transifex + Refix transient test failures + Make the controller addresses configurable. + Expose authn/z failure info to API in debug mode + Refactor TokenController.authenticate() method. + Fix error un fixtures. + Ensures User is member of tenant in ec2 validation + Properly list tokens with a null tenant + Reduce total number of fixtures + Provide config file fields for enable users in LDAP backend (bug1067516) + populate table check. + Run test_keystoneclient_sql in-memory + Make tox.ini run pep8 checks on bin. + tweaking docs to fix link to wiki Keystone page + Various pep8 fixes for keystone. + Use the right subprocess based on os monkeypatch + Fix transient test failures (bug 1077065, bug 1045962) + Rewrite initial migration + Fix default port for identity.internalURL + Improve feedback on test failure + fixes bug 1074172 + SQL upgrade test. + Include 'extra' attributes twice (bug 1076120) + Return non-indexed attrs, not 'extra' (bug 1075376) + bug 1069945: generate certs for the tests in one place + monkeypatch cms Popen + HACKING compliance: consistent use of 'except' + auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware + key all backends off of hash of pki token. + don't import filter_user name, use it from the identity module + don't modify the passed in dict to from_dict + move hashing user password functions to common/utils + ignore .tox directory for pep8 in runtests + Imported Translations from Transifex + Implements REMOTE_USER authentication support. + pin sqlalchemy to 0.7 + Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi + Removes duplicate flag for token_format. + Raise exception if openssl stderr indicates one. + Ignore keystone.openstack for PEP8 + Fixed typo in log message + Fixes 500 err on authentication for invalid body + Enable Deletion of Services with Endpoints + Exception.message deprecated in py26 (bug 1070890) + Utilize logging instead of print() + stop LdapIdentity.create_user from returning the user's password + Compare token expiry without seconds + Moved SQL backend tests into memory + Add trove classifiers for PyPI + Adding handling for get user/tenant by name + Fixed bug 1068851. Refreshed new crypto for the SSL tests. + move filter_user function to keystone.identity.core + Fixes response for missing credentials in auth + making PKI default token type + Fixes Bug 1063852 + bug 1068674 + Update common. + Extract hardcoded configuration in ldap backend (bug 1052111) + Fix Not Found error, when router not match. + add --config-dir=DIR for keystone-all option + Add --config-dir=DIR in OPTIONS + Delete role does not delete role assignments in tenants (bug 1057436) + replacing PKI token detection from content length to content prefix. (bug 1060389) + Document PKI configuration and management + Raise if we see incorrect keyword args "condition" or "methods" + Filter users in LDAP backend (bug 1052925) + Use setup.py develop to insert code into venv. + Raise 400 if credentials not provided (bug 1044032) + Fix catalog when services have no URL + Unparseable endpoint URL's should raise friendly error + Configurable actions on LDAP backend in users Active Directory (bug 1052929) + Unable to delete tenant if contains roles in LDAP backend (bug 1057407) + Replaced underscores with dashes + fixes bug 1058429 + Command line switch for standard threads. + Remove run_test.py in favor of stock nose. + utf-8 encode user keys in memcache (bug 1056373) + Convert database schemas to use utf8 character set. + Return a meaningful Error when token_id is missing + Backslash continuation cleanup + notify calling process we are ready to serve + add Swift endpoint in sample data + Updated Fix for duplicated entries on LDAP backend for get_tenant_users + Fix wsgi config file access for HTTPD + Bump version to 2013.1 + add Quantum endpoint in sample data + Add XML namespace support for OSADM service api. + Identity API v3 Config, Routers, Controllers - Updated requirements - Dropped patches (merged upstream): + keystone-certs-test.patch + keystone-sql-backend-from_dict.patch + keystone-webob-empty-resp-environ.patch - Dropped FIX-BUILD.patch, we should fix that finally - Disabled hybrid LDAP backend ------------------------------------------------------------------- Fri Jan 11 15:39:23 UTC 2013 - iartarisi@suse.com - revert %setup to also unpack hybrid backend tarball ------------------------------------------------------------------- Fri Jan 11 15:12:13 UTC 2013 - iartarisi@suse.com - update and re-enable backend hybrid code: * use sample config for testing * raise errors in user retrieval code instead of returning None ------------------------------------------------------------------- Fri Jan 11 11:23:40 UTC 2013 - saschpe@suse.de - Require WebTest instead of webtest in the test sub-package ------------------------------------------------------------------- Thu Jan 10 12:52:41 UTC 2013 - saschpe@suse.de - Add logrotate configuration ------------------------------------------------------------------- Wed Jan 9 15:36:36 UTC 2013 - bwiedemann@suse.com - package sample_data.sh for use in quickstart script -------------------------------------------------------------------- Wed Dec 19 12:40:14 UTC 2012 - saschpe@suse.de - Move to obs-service-git_tarballs - Update to version 2012.2.3+git.1355917214.0c8c2a3: + Merge commit 'refs/changes/01/17901/1' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom + Bump next version to 2012.2.3 + Ensure serviceCatalog is list when empty, not dict ------------------------------------------------------------------- Mon Dec 10 23:57:58 UTC 2012 - saschpe@suse.de - Update to version 2012.2.1+git.1354224563.7869c3e: + lp#1064914 Removing user from a tenant isn't invalidating user access to tenant + lp#1073569 Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1 + lp#1078497 keystone throws error when removing user from tenant. + lp#1060389 Non PKI Tokens longer than 32 characters can never be valid + lp#1068851 Openssl tests rely on expired certificate + lp#1079216 token expires time incorrect for auth by one token + lp#968519 Object reference validation should occur in drivers + lp#1068674 Redo part of bp/sql-identiy-pam undone by bug 968519 ------------------------------------------------------------------- Wed Dec 5 09:36:14 UTC 2012 - saschpe@suse.de - Use @PARENT_TAG@ in _service file to automate versioning ------------------------------------------------------------------- Mon Dec 3 11:34:01 UTC 2012 - iartarisi@suse.com - fix unittest failure with ssl certificates ------------------------------------------------------------------- Fri Nov 30 13:59:57 UTC 2012 - iartarisi@suse.com - fix unittest failure on our version of webob ------------------------------------------------------------------- Thu Nov 22 12:35:37 UTC 2012 - iartarisi@suse.com - fix typo in passlib dependency package name ------------------------------------------------------------------- Thu Nov 22 10:41:39 UTC 2012 - saschpe@suse.de - Split of doc package into seperate spec file - Comment out hybrid_backend parts for now to fix build - Re-arranged %build section to match other packages - Removed a whole bunch of unneded build requirements - Updated requirements for python module and test sub-packages ------------------------------------------------------------------- Wed Nov 21 12:59:17 UTC 2012 - iartarisi@suse.com - disable keystone-hybrid-backend source service ------------------------------------------------------------------- Tue Nov 20 14:50:26 UTC 2012 - iartarisi@suse.com - Add source service for keystone-hybrid-backend - Update to latest git (f65604d): + Ensures User is member of tenant in ec2 validation ------------------------------------------------------------------- Thu Nov 15 13:55:59 UTC 2012 - saschpe@suse.de - Use openstack-macros ------------------------------------------------------------------- Thu Nov 8 13:50:26 UTC 2012 - saschpe@suse.de - Fix malformed changes file entries ------------------------------------------------------------------- Thu Nov 8 13:03:54 UTC 2012 - saschpe@suse.de - Update to version 2012.2 (Folsom): + See https://github.com/openstack/keystone/commits/folsom-3 - Drop the following upstreamed patches: + keystone-ldap-no-authentication.patch + keystone-log-warn-auth-errors.patch - Rebased the following patches: + keystone-sql-backend-from_dict.patch + keystone-hybrid-conf-scope.patch - BuildRequire python-pam for man-page build - Install new man-pages keystone-all.1 and keystone-manage.1 - Introduce temporary FIX-BUILD.patch ------------------------------------------------------------------- Thu Nov 8 11:44:18 UTC 2012 - saschpe@suse.de - Drop from_vcs build flag ------------------------------------------------------------------- Wed Oct 31 15:15:16 UTC 2012 - saschpe@suse.de - Drop temporary fixes for file permissions and attributes in %post section. They were necessary only to migrate from pre-1.0 packages. ------------------------------------------------------------------- Tue Oct 16 11:08:47 CEST 2012 - iartarisi@suse.cz - patch sql backend's from_dict method to not modify the content of the passed in dict (lp:1066851) ------------------------------------------------------------------- Wed Oct 10 14:56:49 CEST 2012 - iartarisi@suse.cz - add hybrid backend test configuration file ------------------------------------------------------------------- Wed Oct 10 14:10:43 CEST 2012 - iartarisi@suse.cz - make user search ldap SCOPE configurable in the hybrid backend ------------------------------------------------------------------- Mon Oct 8 14:38:58 CEST 2012 - iartarisi@suse.cz - fix LDAP bind with dinamically found user DN ------------------------------------------------------------------- Fri Oct 5 12:46:20 CEST 2012 - iartarisi@suse.cz - hybrid backend fixes: + use the DN for the user we just signed in to check for password + fix invalid user error (bnc#783200) ------------------------------------------------------------------- Tue Oct 2 13:57:41 CEST 2012 - iartarisi@suse.cz - fix checking for SQL user passwords in the hybrid backend bnc#783036 ------------------------------------------------------------------- Mon Oct 1 09:26:15 UTC 2012 - jenkins@suse.de - Update to latest git (0e1f05e): + utf-8 encode user keys in memcache (bug 1056373) ------------------------------------------------------------------- Wed Sep 26 09:57:47 UTC 2012 - jdsn@suse.de - make init script start after database (bnc#781798) ------------------------------------------------------------------- Sun Sep 16 18:24:07 UTC 2012 - jenkins@suse.de - Update to latest git (176ee9b): + Require authz to update user's tenant (bug 1040626) + List tokens for memcached backend + Delete user tokens after role grant/revoke + Limit token revocation to tenant (bug 1050025) ------------------------------------------------------------------- Wed Sep 12 11:07:31 UTC 2012 - vuntz@suse.com - Do not use a sed to modify /usr/bin/gensslcert in %post: this file belongs to another package, and we actually don't do any change with the sed... Fix bnc#779747. ------------------------------------------------------------------- Mon Sep 10 08:26:18 UTC 2012 - vuntz@suse.com - Add keystone-fix-revoke.patch: fix revoking of roles to also invalidate already existing tokens. Fix bnc#779477, CVE-2012-4413. ------------------------------------------------------------------- Tue Aug 28 21:40:12 UTC 2012 - cthiel@suse.com - Require authz to update user's tenant (lp#1040626, bnc#777664) ------------------------------------------------------------------- Fri Aug 24 13:44:39 UTC 2012 - bwiedemann@suse.com - mark hybrid_config.py as config ------------------------------------------------------------------- Thu Aug 23 09:08:38 UTC 2012 - jenkins@suse.de - Update to latest git (a16a0ab): + Allow overloading of username and tenant name in the config files. + Returning roles from authenticate in ldap backend ------------------------------------------------------------------- Tue Aug 14 17:40:08 CEST 2012 - iartarisi@suse.cz - Add hybrid identity backend ------------------------------------------------------------------- Tue Aug 14 14:22:19 CEST 2012 - iartarisi@suse.cz - Add patch to log all Unauthorized exceptions (authentication failures). Discussed in bnc#753329. ------------------------------------------------------------------- Fri Aug 10 22:08:44 UTC 2012 - jenkins@suse.de - Update to latest git (359c426): + Open 2012.1.3 development ------------------------------------------------------------------- Wed Aug 8 14:12:01 UTC 2012 - jenkins@suse.de - Update to latest git (afc37ae): + Open 2012.1.2 development ------------------------------------------------------------------- Tue Aug 7 11:53:19 UTC 2012 - bwiedemann@suse.com - drop executable bit from config file ------------------------------------------------------------------- Tue Jul 31 22:12:53 UTC 2012 - jenkins@suse.de - Update to latest git (f65604d): + fix variable names to coincide with the ones in common.ldap + Import ec2 credentials from old keystone db + Raise unauthorized if tenant disabled (bug 988920) ------------------------------------------------------------------- Tue Jul 31 15:56:43 CEST 2012 - iartarisi@suse.cz - Remove fix-ldap-varnames patch after being accepted upstream ------------------------------------------------------------------- Wed Jul 25 11:23:57 UTC 2012 - saschpe@suse.de - Secure file permissions for Apache SSL certificate files ------------------------------------------------------------------- Thu Jul 19 20:20:59 UTC 2012 - cthiel@suse.com - drop keystone-cleanup-user-tenant-deletion.patch, which has been merged upstream: https://review.openstack.org/#/c/7482/ ------------------------------------------------------------------- Tue Jul 17 13:02:33 UTC 2012 - saschpe@suse.de - Fix WSGI app names, use the 'composite' apps to get the correct routes mapping ------------------------------------------------------------------- Tue Jul 17 12:18:32 UTC 2012 - saschpe@suse.de - Forward keystone WSGI log events to mod_wsgi ------------------------------------------------------------------- Tue Jul 17 11:05:49 CEST 2012 - iartarisi@suse.cz - Fix some variable names in the LDAP backend which were causing NameErrors - Don't require authentication for LDAP ------------------------------------------------------------------- Mon Jul 16 14:22:53 CEST 2012 - iartarisi@suse.cz - Fix bnc#755426 cleanup dependent data upon user/tenant deletion ------------------------------------------------------------------- Mon Jul 9 14:50:53 UTC 2012 - saschpe@suse.de - Provide Apache2 SSL-proxy example configuration based on mod_wsgi - Provide self-signed SSL certificates to be used for non-production setups (like openstack-quickstart) - Fix /var/lib/keystone permissions to 0755 ------------------------------------------------------------------- Mon Jul 2 12:33:42 UTC 2012 - saschpe@suse.de - Drop runtime requirement on openstack-glance - Change requirement for openstack-swift to python-swift, keystone only seems to use it in the S3-compatibility code - Change requirement for openstack-nova to python-nova, keystone only seems to use it in the EC2-compatibility code ------------------------------------------------------------------- Wed Jun 27 10:29:24 UTC 2012 - saschpe@suse.de - Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV - Simplify from_vcs macros ------------------------------------------------------------------- Wed Jun 27 10:35:56 CEST 2012 - vuntz@suse.com - Really drop unused disable-tests.patch: not needed anymore. ------------------------------------------------------------------- Tue Jun 26 12:23:35 UTC 2012 - saschpe@suse.de - Consistent package summaries - Use upstream description and correct URL - Macro cleanup: + Package is noarch except for SLE-11 + No need to redefine %_initddir, SLE-11 works correctly ------------------------------------------------------------------- Mon Jun 25 12:49:58 UTC 2012 - saschpe@suse.de - Also install documentation and manpage when build - No need for "fixing" the %_initddir macro ------------------------------------------------------------------- Tue Jun 12 10:48:49 UTC 2012 - saschpe@suse.de - Use 'openstack-keystone' system user instead of 'keystone' ------------------------------------------------------------------- Wed Jun 6 13:22:43 UTC 2012 - saschpe@suse.de - Add %restart_on_update to %post section for openstack-keystone (daemons should be restarted after package update) - Fix some rpmlint warnings - Added rpmlintrc for non-issues ------------------------------------------------------------------- Thu May 24 10:36:40 MDT 2012 - jfehlig@suse.com - Add 'Requires: python >= 2.6.8' to openstack-keystone and python-keystone subpackage ------------------------------------------------------------------- Thu Mar 29 09:11:01 UTC 2012 - bwiedemann@suse.com - use latest upstream default_catalog.templates to fix nova-volume problems ------------------------------------------------------------------- Tue Feb 14 18:22:37 UTC 2012 - bwiedemann@suse.com - run as keystone user ------------------------------------------------------------------- Wed Feb 8 12:59:05 UTC 2012 - rhafer@suse.de - Updated to the lastest git checkout ------------------------------------------------------------------- Thu Jan 26 12:51:28 UTC 2012 - rhafer@suse.de - Fixed try-restart implementation in init-script ------------------------------------------------------------------- Thu Jan 26 10:25:09 UTC 2012 - rhafer@suse.de - Fixed init script dependencies ------------------------------------------------------------------- Thu Jan 26 10:12:27 UTC 2012 - rhafer@suse.de - removed no longer needed workaround for lp#921054 - patch for lp#921634 is upstreamed - refreshed config file patch ------------------------------------------------------------------- Tue Jan 24 16:37:58 UTC 2012 - rhafer@suse.de - Added workaround for doc/, examples/ and tools/ dirs showing up in site-packages/ (https://bugs.launchpad.net/keystone/+bug/921054) - Include examples into the -doc subpackage ------------------------------------------------------------------- Tue Jan 24 14:14:02 UTC 2012 - rhafer@suse.de - cleaned up more dependencies ------------------------------------------------------------------- Mon Jan 23 15:46:33 UTC 2012 - rhafer@suse.de - run testsuite during build ------------------------------------------------------------------- Fri Jan 20 14:51:35 UTC 2012 - rhafer@suse.de - Updated to today's git snapshot - Removed some unneeded conditionals - Updated dependencies ------------------------------------------------------------------- Mon Jan 16 16:03:20 UTC 2012 - prusnak@opensuse.org - fix initscript scriptlets ------------------------------------------------------------------- Tue Jan 10 13:38:58 UTC 2012 - bwiedemann@suse.com - use spdx.org License name Apache-2.0 ------------------------------------------------------------------- Tue Dec 13 15:31:49 UTC 2011 - mlin@suse.com - Enabled build from git - Removed unnecessary dependencies - Separate python-keystone - Fix rpmlint warning - Enabled build for Fedora ------------------------------------------------------------------- Mon Dec 5 11:27:09 UTC 2011 - prusnak@opensuse.org - added preun and postun sections to handle initscripts ------------------------------------------------------------------- Mon Dec 5 11:16:58 UTC 2011 - prusnak@opensuse.org - spec cleanup
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor