Rocky Series Release Notes


Upgrade Notes

  • The lower constraint for python-memcached must be raised to version 1.58 in order to work with Python 3.4 and above.

Bug Fixes

  • [bug 1809101] Fix req.context of Keystone audit middleware and Glance conflict with each other issue. The audit middleware now stores the admin context to req.environ[‘audit.context’].


Bug Fixes

  • [bug 1800017] Fix audit middleware service catalog parsing for the scenario where a service does not contain any endpoints. In that case, we should just skip over that service.


Bug Fixes

  • [bug 1782404] Keystonemiddleware incorrectly implemented an abstraction for the memcache client pool that utilized a queue.Queue get method instead of the supplied acquire() context manager. The acquire() context manager properly places the client connection back into the pool after __exit__.


New Features

  • [bug 1762362] The value of the header “WWW-Authenticate” in a 401 (Unauthorized) response now is double quoted to follow the RFC requirement.

Bug Fixes

  • [bug 1766731] Keystonemiddleware now supports system scoped tokens. When a system-scoped token is parsed by auth_token middleware, it will set the OpenStack-System-Scope header accordingly.


New Features

  • [bug 1695038] The use_oslo_messaging configuration option is added for services such as Swift, which need the audit middleware to use the local logger instead of the oslo.messaging notifier regardless of whether the oslo.messaging package is present or not. Leave this option set to its default True value to keep the previous behavior unchanged - the audit middleware will use the oslo.messaging notifier if the oslo.messaging package is present, and the local logger otherwise. Services that rely on the local logger for audit notifications must set this option to False.

Bug Fixes

  • [bug/1747655] When keystone is temporarily unavailable, keystonemiddleware correctly sends a 503 response to the HTTP client but was not identifying which service was down, leading to confusion on whether it was keystone or the service using keystonemiddleware that was unavailable. This change identifies keystone in the error response.

Other Notes

  • The kwargs_to_fetch_token setting was removed from the BaseAuthProtocol class. Implementations of auth_token now assume kwargs will be passed to the fetch_token method.