Wallaby Series Release Notes

18.5.0-4

Security Issues

  • Content of fernet keys and credential keys are now hidden from output, when these files are updated.

18.5.0

New Features

  • Adding the following configurable items for OpenID:

    • keystone::federation::openidc::openidc_pass_userinfo_as to set OIDCPassUserInfoAs

    • keystone::federation::openidc::openidc_pass_claim_as to set OIDCPassClaimsAs

  • The keystone::federation::ipenidc class now supports the new openidc_response_mode parameter, to customize mod_auth_openidc response mode.

18.4.0

New Features

  • The following parameters of the keystone::ldap class have been deprecated and have no effect.

    • project_tree_dn

    • project_filter

    • project_objectclass

    • project_id_attribute

    • project_member_attribute

    • project_name_attribute

    • project_desc_attribute

    • project_enabled_attribute

    • project_domain_id_attribute

    • project_attribute_ignore

    • project_allow_create

    • project_allow_update

    • project_allow_delete

    • project_enabled_emulation

    • project_enabled_emulation_dn

    • project_additional_attribute_mapping

    • role_tree_dn

    • role_filter

    • role_objectclass

    • role_id_attribute

    • role_name_attribute

    • role_member_attribute

    • role_attribute_ignore

    • role_allow_create

    • role_allow_update

    • role_allow_delete

    • role_additional_attribute_map

  • The new keystone::policy::enforce_new_defaults parameter has been added.

Upgrade Notes

  • The following deprecated parameters have been completely removed from the keystone::ldap_backend resource type.

    • project_tree_dn

    • project_filter

    • project_objectclass

    • project_id_attribute

    • project_member_attribute

    • project_name_attribute

    • project_desc_attribute

    • project_enabled_attribute

    • project_domain_id_attribute

    • project_attribute_ignore

    • project_allow_create

    • project_allow_update

    • project_allow_delete

    • project_enabled_emulation

    • project_enabled_emulation_dn

    • project_additional_attribute_mapping

    • role_tree_dn

    • role_filter

    • role_objectclass

    • role_id_attribute

    • role_name_attribute

    • role_member_attribute

    • role_attribute_ignore

    • role_allow_create

    • role_allow_update

    • role_allow_delete

    • role_additional_attribute_map

    • credential_driver

    • assignment_driver

18.3.0

New Features

  • Add TLS options to oslo.cache

  • The new keystone::healthcheck class has been added. This class manages parameters of healthcheck middlware in oslo_middleware.

Upgrade Notes

  • Now policy.yaml is used by default instead of policy.json.

18.1.0

New Features

  • Adds db_sync_timeout parameter to db sync.

  • The new keystone::bootstrap::bootstrap parameter has been added, to disable keystone-manage bootstrap command. This is useful to generate /etc/keystone/puppet.conf on multiple nodes while running bootstrap command on a single node.

  • The new keystone::policy::enforce_scope parameter has been added to support the corresponding parameter in oslo.policy library.

Upgrade Notes

  • keystone-public-keystone-admin is no longer supported as a valid

    service_name. Use keystone/openstack-keystone or httpd instead.

Deprecation Notes

  • allow_insecure_clients option is now deprecated for removal, the parameter has no effect.

  • The following options have been deprecated, as those options have been moved to keystone::db class.

    • keystone::database_connection

    • keystone::database_idle_timeout

    • keystone::database_max_overflow

    • keystone::database_max_pool_size

    • keystone::database_max_retries

    • keystone::database_retry_interval