2024.2 Series Release Notes

25.0.0

New Features

• Added the new keystone::max_password_length parameter to configure the maximum allowed length for user passwords.

• Add keystone::federation::openidc::additional_locations to specify additional Apache Location directives with mod_auth_openidc parameters.

• Added new manage_resources (default to true) in keystone::bootstrap class that can be set to false to not manage resources created by bootstrap.

• The following new parameters have been added to the keystone::cache class.

  • token_cache_time

  • credential_caching

  • credential_cache_time

  • application_credential_caching

  • application_credential_cache_time

• The new keystone::rabbit_enable_cancel_on_failover parameter has been added.

• Add keystone::federation::openidc:openidc_metadata_dir parameter to specify OIDCMetadataDir path instead of OIDCProviderMetadataURL . This may be required when multiple OIDC providers are used for the federation.

• The new keystone::healthcheck::enable_by_file_paths parameter has been added.

• Added database_slave_connection parameter to keystone::db class.

• Added manage_package parameter to the keystone class.

• The new keystone::list_limit parameter has been added.

• The new keystone::notification_retry parameter has been added.

• The new keystone::federation::openidc::openidc_redirect_uri parameter has been added.

• The new keystone::rabbit_qos_prefetch_count parameter has been added.

• The new keystone::bootstrap::service_description parameter has been added.

Upgrade Notes

• If you’re setting bootstrap parameter in keystone::bootstrap class to false you now also need to set manage_resources to false to keep the same behaviour.

• The deprecated keystone::messaging::amqp class has been removed.

Deprecation Notes

• The keystone::logging::watch_log_file parameter has been deprecated.