Stein Series Release Notes


Upgrade Notes

  • The lower constraint for python-memcached must be raised to version 1.58 in order to work with Python 3.4 and above.


New Features

  • [bug 1803940] Request ID and global request ID have been added to CADF notifications.

Bug Fixes

  • [bug 1649735] The auth_token middleware no longer attempts to retrieve the revocation list from the Keystone server. The deprecated options check_revocations_for_cached and check_revocations_for_cached have been removed.

  • [bug 1800017] Fix audit middleware service catalog parsing for the scenario where a service does not contain any endpoints. In that case, we should just skip over that service.

  • [bug 1809101] Fix req.context of Keystone audit middleware and Glance conflict with each other issue. The audit middleware now stores the admin context to req.environ[‘audit.context’].

  • [bug 1813739] When admin identity endpoint is not created yet, keystonemiddleware emit EndpointNotFound exception. Even after admin identity endpoint created, auth_token middleware could not be notified of update since it does not invalidate existing auth. Add an invalidation step so that endpoint updates can be detected.

  • [bug 1797584] Fixed a bug where the audit code would select the wrong target service if the OpenStack service endpoints were not using unique TCP ports.


Bug Fixes

  • [bug 1789351] Fixed the bug that when initialize AuthProtocol, it’ll raise “dictionary changed size during iteration” error if the input CONF object contains deprecated options.

  • When delay_auth_decision is enabled and a Keystone failure prevents a final decision about whether a token is valid or invalid, it will be marked invalid and the application will be responsible for a final auth decision. This is similar to what happens when a token is confirmed not valid. This allows a Keystone outage to only affect Keystone users in a multi-auth system.