Wallaby Series Release Notes¶
18.6.0-3¶
New Features¶
The new
keystone::notification_opt_out
parameter has been added.
18.6.0¶
Security Issues¶
Content of fernet keys and credential keys are now hidden from output, when these files are updated.
18.5.0¶
New Features¶
Adding the following configurable items for OpenID:
keystone::federation::openidc::openidc_pass_userinfo_as
to setOIDCPassUserInfoAs
keystone::federation::openidc::openidc_pass_claim_as
to setOIDCPassClaimsAs
The
keystone::federation::ipenidc
class now supports the newopenidc_response_mode
parameter, to customize mod_auth_openidc response mode.
18.4.0¶
New Features¶
The following parameters of the
keystone::ldap
class have been deprecated and have no effect.project_tree_dn
project_filter
project_objectclass
project_id_attribute
project_member_attribute
project_name_attribute
project_desc_attribute
project_enabled_attribute
project_domain_id_attribute
project_attribute_ignore
project_allow_create
project_allow_update
project_allow_delete
project_enabled_emulation
project_enabled_emulation_dn
project_additional_attribute_mapping
role_tree_dn
role_filter
role_objectclass
role_id_attribute
role_name_attribute
role_member_attribute
role_attribute_ignore
role_allow_create
role_allow_update
role_allow_delete
role_additional_attribute_map
The new
keystone::policy::enforce_new_defaults
parameter has been added.
Upgrade Notes¶
The following deprecated parameters have been completely removed from the
keystone::ldap_backend
resource type.project_tree_dn
project_filter
project_objectclass
project_id_attribute
project_member_attribute
project_name_attribute
project_desc_attribute
project_enabled_attribute
project_domain_id_attribute
project_attribute_ignore
project_allow_create
project_allow_update
project_allow_delete
project_enabled_emulation
project_enabled_emulation_dn
project_additional_attribute_mapping
role_tree_dn
role_filter
role_objectclass
role_id_attribute
role_name_attribute
role_member_attribute
role_attribute_ignore
role_allow_create
role_allow_update
role_allow_delete
role_additional_attribute_map
credential_driver
assignment_driver
18.3.0¶
New Features¶
Add TLS options to oslo.cache
The new
keystone::healthcheck
class has been added. This class manages parameters of healthcheck middlware in oslo_middleware.
Upgrade Notes¶
Now policy.yaml is used by default instead of policy.json.
18.1.0¶
New Features¶
Adds db_sync_timeout parameter to db sync.
The new
keystone::bootstrap::bootstrap
parameter has been added, to disablekeystone-manage bootstrap
command. This is useful to generate/etc/keystone/puppet.conf
on multiple nodes while running bootstrap command on a single node.
The new
keystone::policy::enforce_scope
parameter has been added to support the corresponding parameter in oslo.policy library.
Upgrade Notes¶
keystone-public-keystone-admin
is no longer supported as a validservice_name. Use
keystone/openstack-keystone
orhttpd
instead.
Deprecation Notes¶
allow_insecure_clients option is now deprecated for removal, the parameter has no effect.
The following options have been deprecated, as those options have been moved to keystone::db class.
keystone::database_connection
keystone::database_idle_timeout
keystone::database_max_overflow
keystone::database_max_pool_size
keystone::database_max_retries
keystone::database_retry_interval