Current Series Release Notes¶

New Features¶

• [bug 1803940] Request ID and global request ID have been added to CADF notifications.

Bug Fixes¶

• [bug 1649735] The auth_token middleware no longer attempts to retrieve the revocation list from the Keystone server. The deprecated options check_revocations_for_cached and check_revocations_for_cached have been removed.

• [bug 1800017] Fix audit middleware service catalog parsing for the scenario where a service does not contain any endpoints. In that case, we should just skip over that service.

• [bug 1809101] Fix req.context of Keystone audit middleware and Glance conflict with each other issue. The audit middleware now stores the admin context to req.environ[‘audit.context’].

• [bug 1797584] Fixed a bug where the audit code would select the wrong target service if the OpenStack service endpoints were not using unique TCP ports.

Bug Fixes¶

• [bug 1789351] Fixed the bug that when initialize AuthProtocol, it’ll raise “dictionary changed size during iteration” error if the input CONF object contains deprecated options.

• When delay_auth_decision is enabled and a Keystone failure prevents a final decision about whether a token is valid or invalid, it will be marked invalid and the application will be responsible for a final auth decision. This is similar to what happens when a token is confirmed not valid. This allows a Keystone outage to only affect Keystone users in a multi-auth system.

New Features¶

• [bug 1762362] The value of the header “WWW-Authenticate” in a 401 (Unauthorized) response now is double quoted to follow the RFC requirement.

Bug Fixes¶

• [bug 1766731] Keystonemiddleware now supports system scoped tokens. When a system-scoped token is parsed by auth_token middleware, it will set the OpenStack-System-Scope header accordingly.