Victoria Series Release Notes¶
Content of fernet keys and credential keys are now hidden from output, when these files are updated.
Adding the following configurable items for OpenID:
Add TLS options to oslo.cache
keystone::federation::ipenidcclass now supports the new
openidc_response_modeparameter, to customize mod_auth_openidc response mode.
Added the service_type parameter to keystone::resource::authtoken resource. This value should be set to the name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.
Add mysql_enable_ndb parameter to select mysql storage engine.
Allow to specify drivername for postgres db
The deprecated cache related parameters in the keystone class is removed and the keystone::cache is no longer included by default. Deployments should explicitly include the keystone::cache class.
The deprecated parameters validate, admin_token, admin_endpoint, retries, delay, insecure and cacert in keystone::service is removed.
The deprecated parameters admin_bind_host, public_bind_host, admin_port, public_port, admin_workers and public_workers in the keystone init class is removed.
The deprecated parameters admin_port and main_port in the classes keystone::federation::mellon and keystone::federation::shibboleth is removed.
The deprecated parameter database_min_pool_size is removed in the keystone init class and keystone::db class.
The deprecated validate_service, validate_insecure, validate_auth_url and validate_cacert parameters in the keystone class is removed.
The deprecated parameter token_driver in keystone init class is removed.
keystone::resource::service_identity::ignore_default_tenantparameter has been deprecated and will be removed in a future. Actually this parameter has been ineffective for some releases.
default/public_endpiintparameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint)
keystone::cron::trust_flushclass was added to configure a cron job to purge expired or soft-deleted trusts.
The following deprecated options for PKI token have been removed.
The classes keystone::endpoint and keystone::roles::admin is removed, use the new keystone::bootstrap class directly.
The password parameter in keystone::bootstrap is required and does not default to undef.
The deprecated parameters admin_token, admin_password and enable_bootstrap in the keystone class is removed.
keystone::cron::token_flushclass has been deprcated and has no effect.
The use of keystone-public-keystone-admin for the keystone service name is deprecated, please use simply keystone instead.
keystone::federation::mellon::trusted_dashboardshas been removed.
Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3.