Wallaby Series Release Notes¶
18.5.0-4¶
Security Issues¶
Content of fernet keys and credential keys are now hidden from output, when these files are updated.
18.5.0¶
New Features¶
Adding the following configurable items for OpenID:
keystone::federation::openidc::openidc_pass_userinfo_as
to setOIDCPassUserInfoAs
keystone::federation::openidc::openidc_pass_claim_as
to setOIDCPassClaimsAs
The
keystone::federation::ipenidc
class now supports the newopenidc_response_mode
parameter, to customize mod_auth_openidc response mode.
18.4.0¶
New Features¶
The following parameters of the
keystone::ldap
class have been deprecated and have no effect.project_tree_dn
project_filter
project_objectclass
project_id_attribute
project_member_attribute
project_name_attribute
project_desc_attribute
project_enabled_attribute
project_domain_id_attribute
project_attribute_ignore
project_allow_create
project_allow_update
project_allow_delete
project_enabled_emulation
project_enabled_emulation_dn
project_additional_attribute_mapping
role_tree_dn
role_filter
role_objectclass
role_id_attribute
role_name_attribute
role_member_attribute
role_attribute_ignore
role_allow_create
role_allow_update
role_allow_delete
role_additional_attribute_map
The new
keystone::policy::enforce_new_defaults
parameter has been added.
Upgrade Notes¶
The following deprecated parameters have been completely removed from the
keystone::ldap_backend
resource type.project_tree_dn
project_filter
project_objectclass
project_id_attribute
project_member_attribute
project_name_attribute
project_desc_attribute
project_enabled_attribute
project_domain_id_attribute
project_attribute_ignore
project_allow_create
project_allow_update
project_allow_delete
project_enabled_emulation
project_enabled_emulation_dn
project_additional_attribute_mapping
role_tree_dn
role_filter
role_objectclass
role_id_attribute
role_name_attribute
role_member_attribute
role_attribute_ignore
role_allow_create
role_allow_update
role_allow_delete
role_additional_attribute_map
credential_driver
assignment_driver
18.3.0¶
New Features¶
Add TLS options to oslo.cache
The new
keystone::healthcheck
class has been added. This class manages parameters of healthcheck middlware in oslo_middleware.
Upgrade Notes¶
Now policy.yaml is used by default instead of policy.json.
18.1.0¶
New Features¶
Adds db_sync_timeout parameter to db sync.
The new
keystone::bootstrap::bootstrap
parameter has been added, to disablekeystone-manage bootstrap
command. This is useful to generate/etc/keystone/puppet.conf
on multiple nodes while running bootstrap command on a single node.
The new
keystone::policy::enforce_scope
parameter has been added to support the corresponding parameter in oslo.policy library.
Upgrade Notes¶
keystone-public-keystone-admin
is no longer supported as a validservice_name. Use
keystone/openstack-keystone
orhttpd
instead.
Deprecation Notes¶
allow_insecure_clients option is now deprecated for removal, the parameter has no effect.
The following options have been deprecated, as those options have been moved to keystone::db class.
keystone::database_connection
keystone::database_idle_timeout
keystone::database_max_overflow
keystone::database_max_pool_size
keystone::database_max_retries
keystone::database_retry_interval