Yoga Series Release Notes


New Features

  • Added description parameter to keystone_user resource.

Security Issues

  • Content of fernet keys and credential keys are now hidden from output, when these files are updated.


Deprecation Notes

  • The keystone::catalog_type parameter has been deprecated. Use the catalog_driver parameter instead.

  • The keystone_puppet_config resource type has been deprecated and will be removed in a future release.

Bug Fixes

  • Now the keystone::ldap class enables connection pools for LDAP access by default.


New Features

  • Add options to configure pymemcache’s HashClient retrying mechanisms (dogpile.cache) backend.

  • Add cache client retry options for the pymemcache (dogpile.cache) backend.

  • Add socket keepalive options for the pymemcache (dogpile.cache) backend.

  • Now this module supports CentOS 9 and Red Hat Enterprise Linux 9.

  • The following parameters of the keystone class has been removed.

    • database_connection

    • database_idle_timeout

    • database_max_overflow

    • database_max_pool_size

    • database_max_retries

    • database_retry_interval

Upgrade Notes

  • The keystone::messaging::amqp::allow_insecure_clients parameter has been removed.


New Features

  • The keystone::admin_endpoint parameter has been deprecated because it has not been used for several releases.

  • The system_scope parameter has been added to the following resource types.

    • keystone::resource::authtoken

    • keystone::resource::service_user

  • The keystone_user_role resource type supports creating a system role.

Upgrade Notes

  • Default value of the keystone::enable_credential_setup parameter has been updated from false to true.

  • The keystone::cron::token_flush class has been removed.

  • The keystone::resource::service_identity::ignore_default_tenant parameter has been removed.

  • The following parameters of the keystone::ldap class have been removed.

    • project_tree_dn

    • project_filter

    • project_objectclass

    • project_id_attribute

    • project_member_attribute

    • project_name_attribute

    • project_desc_attribute

    • project_enabled_attribute

    • project_domain_id_attribute

    • project_attribute_ignore

    • project_allow_create

    • project_allow_update

    • project_allow_delete

    • project_enabled_emulation

    • project_enabled_emulation_dn

    • project_additional_attribute_mapping

    • role_tree_dn

    • role_filter

    • role_objectclass

    • role_id_attribute

    • role_name_attribute

    • role_member_attribute

    • role_attribute_ignore

    • role_allow_create

    • role_allow_update

    • role_allow_delete

    • role_additional_attribute_map

Deprecation Notes

  • The member_role_id parameter and the member_role_name parameter of the keystone class have been deprecated and have no effect now. These parameters will be removed in a future release.


New Features

  • The keystone::federation::ipenidc class now supports the new openidc_response_mode parameter, to customize mod_auth_openidc response mode.

Upgrade Notes

  • Default value of the keystone::wsgi::apache::ssl parameter will be changed from true to false in a future release. Make sure the parameter is set to the desired value.