Queens Series Release Notes


New Features

  • In Keystone, we can set group_members_are_ids option. This parameter enables the members of the group object class to be keystone user IDs rather than LDAP DNs. This is the case when using posixGroup as the group object class in Open Directory.

  • Add support to configure [oslo_middleware]/max_request_body_size with $max_request_body_size in the keystone:: class.

  • Add openstack-db tag to Exec that run db-sync.

Deprecation Notes

  • keystone::federation::mellon::module_plugin, keystone::federation::shibboleth::module_plugin, keystone::federation::openidc::module_plugin have been deprecated and are no longer used.

Bug Fixes

  • Fixed bug where it would select the wrong memcache python binding package name when installing on RedHat based operating systems. Deployments settings the manage_memcache_package to true is now working as intended.

  • Fixed a bug where the keystone_user resource would test the password with a disabled project causing it to think the password was changed when it actually wasn’t.


New Features

  • Adds user_description_attribute mapping support to the LDAP backend.

  • The security_compliance module was added, which configures the values in the security_compliance section of keystone.conf. This is useful for the SQL backend and to comply with PCI-DSS.


New Features

  • Expose use_json logging parameter, which enables JSON formatted logging.


New Features

  • Adds the use_journal option for configuring oslo.log. This will enable passing the logs to journald.

Deprecation Notes

  • revocation_cache_time option is now deprecated for removal, the parameter has no effect.