Zed Series Release Notes


New Features

  • [blueprint oauth2-client-credentials-ext] Users can now use the OAuth2.0 Access Token API to get an access token from the keystone identity server with application credentials. Then the users can use the access token to access the OpenStack APIs that use the keystone middleware to support OAuth2.0 client credentials authentication through the keystone identity server.

Upgrade Notes

  • Python 3.6 & 3.7 support has been dropped. The minimum version of Python now supported is Python 3.8.

  • The database migration engine has changed from sqlalchemy-migrate to alembic. For most deployments, this should have minimal to no impact and the switch should be mostly transparent. The main user-facing impact is the change in schema versioning. While sqlalchemy-migrate used a linear, integer-based versioning scheme, which required placeholder migrations to allow for potential migration backports, alembic uses a distributed version control-like schema where a migration’s ancestor is encoded in the file and branches are possible. The alembic migration files therefore use a arbitrary UUID-like naming scheme and the keystone-manage db_version command returns such a version.

    When the keystone-manage db_sync command is run without options or with the --expand or --contract options, all remaining sqlalchemy-migrate-based migrations will be automatically applied.

    Data migrations are now included in the expand phase and the --migrate option is now a no-op. It may be removed in a future release.

Bug Fixes

  • [bug 1926483] Keystone will only log warnings about token length for Fernet tokens when the token length exceeds the value of keystone.conf [DEFAULT] max_token_size.