------------------------------------------------------------------- Fri Nov 27 13:18:18 UTC 2015 - vuntz@suse.com - Bump rpm package version to 2014.2.4.juno: - a few months ago, we moved from versions like 2014.2.4.devX to 2014.2.4~a0~devX, which is technically a downgrade. - as Juno code is now frozen upstream, there will be no 2014.2.5 release and so no new version that would help us avoid the downgrade issue. - 2014.2.4 got released upstream, so technically, 2014.2.4.juno is correct and it is higher than both 2014.2.4.devX and 2014.2.4~a0~devX, so there's no downgrade issue. ------------------------------------------------------------------- Thu Nov 12 02:01:55 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev15: * Mask passwords in debug log on user password operations * Add test showing password logged ------------------------------------------------------------------- Wed Nov 11 01:59:49 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev11: * Test v2 tokens being deleted by v3 ------------------------------------------------------------------- Sat Oct 17 00:11:09 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev9: * Updated from global requirements ------------------------------------------------------------------- Thu Aug 27 00:03:12 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev8: * Updated from global requirements ------------------------------------------------------------------- Sun Aug 23 00:03:18 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev7: * Eventlet green threads not released back to pool ------------------------------------------------------------------- Sat Jul 18 01:31:11 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev6: * Fix xmldsig import ------------------------------------------------------------------- Thu Jun 4 02:33:57 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev5: * Deal with PEP-0476 certificate chaining checking * Updated from global requirements ------------------------------------------------------------------- Wed Apr 22 00:52:56 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev2: * backend_argument should be marked secret ------------------------------------------------------------------- Tue Apr 14 01:02:00 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.4.dev1: * Bump stable/juno version to 2014.2.4 2014.2.3 ------------------------------------------------------------------- Fri Apr 10 01:03:45 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev27: * Updated from global requirements * Work with pymongo 3.0 ------------------------------------------------------------------- Tue Apr 7 01:00:59 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev24: * Speed up memcache lock ------------------------------------------------------------------- Fri Apr 3 01:01:16 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev22: * Fix up _ldap_res_to_model for ldap identity backend ------------------------------------------------------------------- Thu Apr 2 00:57:15 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev21: * Don't try to convert LDAP attributes to boolean * fix the wrong update logic of catalog kvs driver * do parameter check before updating endpoint_group ------------------------------------------------------------------- Thu Mar 12 01:29:48 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev15: * Correct initialization order for logging to use eventlet locks ------------------------------------------------------------------- Sat Feb 28 01:30:05 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev13: * Fix the syntax issue on creating table `endpoint_group` ------------------------------------------------------------------- Mon Feb 23 01:56:02 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev11: * Updated from global requirements ------------------------------------------------------------------- Tue Feb 17 02:18:29 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev10: * Make identity id mapping handle unicode * Improve testing of unicode id mapping * Updated from global requirements ------------------------------------------------------------------- Fri Feb 13 02:17:25 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev5: * Fix race on default role creation ------------------------------------------------------------------- Thu Feb 12 02:17:53 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.3.dev3: * Keystoneclient tests from venv-installed client * Bump stable/juno version to 2014.2.3 2014.2.2 ------------------------------------------------------------------- Fri Jan 30 11:26:42 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.2.dev36: * Additional test coverage for password changes * explicit namespace prefixes for SAML2 assertion * Fix modifying a role with same name using LDAP * Add a test for modifying a role to set the name the same * Fix disabling entities when enabled is ignored * Add tests for enabled attribute ignored * Fix update role without name using LDAP * Add test for update role without name * Exclude domains with inherited roles from user domain list * Improve testing of exclusion of inherited roles * Fix project federation tokens for inherited roles * Improve testing of project federation tokens for inherited roles * Fix domain federation tokens for inherited roles * Improve testing of domain federation tokens for inherited roles * User ids that begin with 0 cannot authenticate through ldap * Move unit tests from test_backend_ldap ------------------------------------------------------------------- Thu Jan 29 01:29:24 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.2.dev4: * Updated from global requirements ------------------------------------------------------------------- Fri Jan 16 01:29:12 UTC 2015 - cloud-devel@suse.de - Update to version keystone-2014.2.2.dev3: * Updated from global requirements ------------------------------------------------------------------- Fri Dec 19 01:19:15 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.2.dev2: * Updated from global requirements ------------------------------------------------------------------- Sat Dec 6 01:16:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.2.dev1.g8a7282b: * Bump stable/juno next version to 2014.2.2 2014.2.1 * Updated from global requirements ------------------------------------------------------------------- Fri Dec 5 01:17:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.1.dev7.g9053a60: * Updated from global requirements ------------------------------------------------------------------- Wed Nov 26 01:41:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.1.dev6.gf6b1b5e: * Adds IPv6 url validation support ------------------------------------------------------------------- Sun Nov 23 00:51:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.1.dev4.gf54fa8f: * Prevent infinite loop in token_flush ------------------------------------------------------------------- Mon Oct 27 17:38:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.1.dev3.gdb291b3: * Use newer python-ldap paging control API ------------------------------------------------------------------- Fri Oct 17 23:43:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.1.dev2.ge9cba76: * Opening stable/juno * Add oslo.serialization for latest keystoneclient ------------------------------------------------------------------- Tue Oct 7 09:42:50 UTC 2014 - dmueller@suse.com - 2014.2.rc1 * Add placeholders for reserved migrations * Remove duplicated assertion * add --rebuild option for ssl/pki_setup * Remove unused cache functions from token.core * Correct typos in keystone/common/base64utils.py docstrings * improve dependency injection doc strings * Remove trailing space from string * Fixes code comment to be more accurate ------------------------------------------------------------------- Sun Sep 28 00:35:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev188.g1f9248e: * Imported Translations from Transifex * Uses session in migration to stop DB locking * Set issuer value to CONF.saml.idp_entity_id * Updated from global requirements * Add version attribute to the SAML2 Assertion object * Fail on empty userId/username before query ------------------------------------------------------------------- Sat Sep 27 00:34:57 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev176.g0200751: * Mark k2k as experimental * Update architecture documentation ------------------------------------------------------------------- Fri Sep 26 09:42:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev172.gd229892: * New section for CLI examples in docs * Fix failure of delete domain group grant when identity is LDAP * Clean up the Configuration documentation * Adding an index on token.user_id and token.trust_id ------------------------------------------------------------------- Fri Sep 26 00:35:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev164.g2fc25ff: * Fix a spelling mistake in keystone/common/utils.py ------------------------------------------------------------------- Thu Sep 25 08:25:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev162.gd8d1477: * Prevent infinite recursion on persistence core on init ------------------------------------------------------------------- Wed Sep 24 23:50:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev160.g08416ac: * Imported Translations from Transifex * Read idp_metadata_path value from CONF.saml * Fix Policy backend driver documentation ------------------------------------------------------------------- Tue Sep 23 23:48:38 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev154.g1af2428: * Fix create and user-role-add in LDAP backend * Fix minor spelling issues in comments * Add a pool of memcached clients * Set LDAP certificate trust options for LDAPS and TLS ------------------------------------------------------------------- Mon Sep 22 23:49:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev146.g641381a: * Update URLs for keystone federation configuration docs * Add info about pysaml2 into federation docs ------------------------------------------------------------------- Sun Sep 21 23:48:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev142.g54054e8: * Do not run git-cloned ksc master tests when local client specified ------------------------------------------------------------------- Sat Sep 20 23:49:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev140.g2f14f3a: * Mock doesn't have assert_called_once() * Imported Translations from Transifex ------------------------------------------------------------------- Sat Sep 20 00:21:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev136.gee4ee3b: * Updated from global requirements * Safer check for enabled in trusts * Set the default number of workers when running under eventlet * Add the processutils from oslo-incubator * Update 'Configure Federation' documentation * Update man pages ------------------------------------------------------------------- Fri Sep 19 00:23:03 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev124.g8e6e6b3: * Ensure identity sql driver supports domain-specific configuration ------------------------------------------------------------------- Thu Sep 18 00:20:51 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev123.ga56d363: * Allow users to clean up role assignments ------------------------------------------------------------------- Wed Sep 17 00:22:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev121.gae22900: * Adds a whitelist for endpoint catalog substitution * Revoke the tokens of group members when a group role is revoked * Change pysaml2 comment in test-requrements.txt * Document Keystone2Keystone federation ------------------------------------------------------------------- Tue Sep 16 00:20:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g9d4e22b: * ldap/core deleteTree not always supported * Reduce unit test log level for notifications * Fix delete group cleans up role assignments with LDAP * Refactor LDAP backend using context manager for connection * Add delete notification to endpoint grouping * Ensure a consistent transactional context is used * Adds hint about filter placement to extension docs * Making KvsInheritanceTests use backend KVS ------------------------------------------------------------------- Sun Sep 14 00:21:15 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev100.g30c1e8b: * Fix using local ID to clean up user/group assignments * Add characterization test for cleanup role assignments for group * Fix LDAP group role assignment listing * Adds pipeline hints to the example paste config * Use id attribute map for read-only LDAP * Use oslo_debug_helper and remove our own version * trustor_user_id not available in v2 trust token ------------------------------------------------------------------- Sat Sep 13 00:20:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev86.g1e20448: * Add V3 JSON Home support to GET / * Make the extension docs a top level entry in the landing page * LDAP: refactor use of "1.1" OID * Enable filtering of services by name * Sync jsonutils from oslo-incubator 32e7f0b5 * Update the docs that list sections in keystone.conf ------------------------------------------------------------------- Fri Sep 12 00:22:03 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev74.gc4e9556: * Document mod_wsgi doesn't support chunked encoding * Keystone local authenticate has an unnecessary pending audit record * JSON Home data is required ------------------------------------------------------------------- Thu Sep 11 00:19:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev68.g12655bf: * Stop skipping LDAP tests * Update the revocation configuration docs * Fixes formatting error in debug log statement * Update paste pipelines in configuration docs * Fixed typo 'in sane manner' to 'in a sane manner' * correct typos * Prevent domains creation for the default LDAP+SQL * Fix oauth sqlite migration downgrade failure * Imported Translations from Transifex * Avoid conversion of binary LDAP values * Remove unused variable TIME_FORMAT * Add characterization test for group role assignment listing * Fix dn_startswith * Fixes a mock cleanup issue caused by oslotest * Add rst code-blocks to a bunch of missing examples * Capitalize all instances of Keystone in the docs 2014.2.b3 * Fixed spelling mistakes in comments * use one indentation style * Fix admin server doesn't report v2 support in Apache httpd * Add test for single app loaded version response * Work toward Python 3.4 support and testing * Update the federation configuration docs for saml2 * Add docs for enabling endpoint policy * warn against sorting requirements * Fix minor nits for token2saml generation * Routes for Keystone-IdP metadata endpoint ------------------------------------------------------------------- Fri Sep 5 00:19:38 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev324.g7d9b8dc: * Lower log level for notification registration * Test cleanup: do not leak FDs during test runs * Cleanup superfluous string comprehension and coersion ------------------------------------------------------------------- Thu Sep 4 00:20:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev318.g8661e94: * Adds region back into the catalog endpoint * Implementation of Endpoint Grouping * Implement validation on Trust V3 API * Remove TODO that was done * Fix follow up review issues with endpoint policy backend patch * Mark the revoke kvs backend deprecated, for removal in Kilo ------------------------------------------------------------------- Tue Sep 2 13:15:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev306.g67b474f: * Transform a Keystone token to a SAML assertion * Fix region schema comment * Remove unused _validate_endpoint * controller for the endpoint policy extension * Implement validation on the Catalog V3 API ------------------------------------------------------------------- Mon Sep 1 00:20:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev296.g7b81974: * backend for policy endpoint extension * Implement validation on Credential V3 * Implement validation on Policy V3 API * Fix token flush fails with recursion depth exception * Add index for actor_id in assignments table * Endpoint table is missing reference to region table * add missing log hints for level C/E/I/W * Add string id type validation * Implement validation on Assignment V3 API * Redirect stdout and stderr when using subprocess ------------------------------------------------------------------- Sun Aug 31 00:19:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev276.g9a8e6bd: * Add audit support to keystone federation * Adds tests that show how update with validation works * Mark the trust kvs backend deprecated, for removal in Kilo * Do not load auth plugins by class in tests ------------------------------------------------------------------- Sat Aug 30 00:19:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev269.ge0d8377: * Add commas for ease of maintenance * Comments to docstrings for notification emit methods * Notification cleanup: namespace actions * Add bash code style to some portions of configuration.rst * Update tests to not use token_api * Make persistence manager in token_provider_api private * Add extra guarding to revoke_by_audit_id methods * Mark methods on token_api deprecated * Remove SAML2 plugin dependency on token_api * Remove oauth controller dependency on token_api ------------------------------------------------------------------- Fri Aug 29 00:20:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev249.g18efc78: * Mark kvs backends as deprecated, for removal in Kilo * Add libxmlsec1 as external package dependency on OS X * Remove assignment_api dependency on token_api ------------------------------------------------------------------- Thu Aug 28 15:54:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev243.g4bbbf81: * Update sample config ------------------------------------------------------------------- Wed Aug 27 23:48:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev241.gf4f0bdf: * Enhance GET /v3 to handle Accept header * Enhance V3 extensions to provide JSON Home data * Enhance V3 extension class to integrate JSON Home data * Change OS-INHERIT extension to provide JSON Home data * Change the sub-routers to provide JSON Home data * Change V3 router classes to provide JSON Home data * Create additional docs for role assignment events * Add __repr__ to KeystoneToken model * Notification Constant Cleanup and internal notify type * Remove wsgi and base controller dependency on token_api * Remove identity_api dependency on token_api * Remove trust dependency on token_api * Update AuthContextMiddleware to not use token_api * Back off initial migration to 34 ------------------------------------------------------------------- Tue Aug 26 23:47:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev213.g0b54321: * Revoke by Audit Id / Audit Id Chain instead of expires * assignment controller error path fix * Make SQL the default backend for Identity & Assignment unit tests * Enhance V3 version controller to provide JSON Home response * Provide the V3 routers to the V3 extension controller * Back off initial migration to 35 * Configurable python-keystoneclient repo ------------------------------------------------------------------- Mon Aug 25 23:47:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev199.gde2c6e1: * Add CADF notifications for role assignment create and delete * Enhance V3 routers to store basic resource description ------------------------------------------------------------------- Sat Aug 23 23:47:21 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev195.ge372aaf: * Sync Py2 and Py3 requirements files * Standardizing the Federation Process ------------------------------------------------------------------- Fri Aug 22 23:47:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev191.g463b2ee: * Convert to urlsafe base64 audit ids * Sync with oslo-incubator * Add audit ids to tokens ------------------------------------------------------------------- Thu Aug 21 23:47:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev185.gf6ad8f0: * Add notifications for policy, region, service and endpoint * Correct the signature for some catalog abstract method signatures * Fixing simple type in comment * Create authentication specific routes * Allow LDAP lock attributes to be used as enable attributes ------------------------------------------------------------------- Tue Aug 19 23:46:56 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev177.g498a003: * Enable filtering of credentials by user ID * Expose context to create grant and delete grant * Use python convention for function names in test_notifications * Fixes an issue with the XMLEquals matcher ------------------------------------------------------------------- Mon Aug 18 16:09:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev170.g2e49770: * Use mail for the default LDAP email attribute name ------------------------------------------------------------------- Sat Aug 16 00:25:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev168.g45728c5: * Bump hacking to 0.9.x series * Rename bash8 requirement * Support the hints mechanism in list_credentials() * Keystone service throws error on receiving SIGHUP * Issue multiple SQL statements in separate engine.execute() calls ------------------------------------------------------------------- Fri Aug 15 00:24:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev159.ga1da397: * Do not require method attribute on plugins ------------------------------------------------------------------- Thu Aug 14 00:24:09 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev157.g409c94d: * Remove _BaseFederationExtension * Add a URL field to region table * Remove unnecessary declaration of CONF * Filter List Regions by 'parent_region_id' ------------------------------------------------------------------- Wed Aug 13 04:53:30 UTC 2014 - tbechtold@suse.com - Update to version keystone-2014.2.dev149.g2ea3006: * Updates the sample config * remove unused import * Clean whitespace off token * Remove strutils and timeutils from openstack-common.conf * Use functions in oslo.utils * Add an OS-FEDERATION section to scoped federation tokens * Ensure roles created by unit tests have correct attributes * Update control_exchange value in keystone.conf * swap import order of lxml * add i18n to lxml error * Check for empty string value in REMOTE_USER * Refactor names in catalog backends * Update CADF auditing example to show non-payload information * Remove ec2 contrib dependency on token_api * Expose token revocation list via token_provider_api * Remove assignment controller dependency on token_api * Refactor serializer import to XmlBodyMiddleware * Delete intersphinx mappings * Fix documentation link * Make token_provider_api contain token persistence * Remove S3 middleware tests from tox.ini * Remove unused function * Add oslo.utils requirement * Surround REMOTE_USER variable name with quotes * Remove `with_lockmode` use from Trust SQL backend * Improve instructions about federation * Do not override venvs * Imported Translations from Transifex * Remove debug CADF payload for every authN request * Don't override tox envdir for pep8 and cover jobs ------------------------------------------------------------------- Sun Aug 3 23:55:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev60.g1ef2975: * Fix invalid self link in get access token * Details the proper way to call a callable ------------------------------------------------------------------- Fri Aug 1 23:57:17 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev56.g76f3c55: * Check that region ID is not an empty string ------------------------------------------------------------------- Thu Jul 31 23:57:02 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev54.ga617408: * Do not consume trust uses when create token fails * Refactor set domain-id and mapping code ------------------------------------------------------------------- Wed Jul 30 23:56:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev50.g99bef1f: * Add filters to the collections 'self' link * Use config fixture from oslo.config * Updated from global requirements * KeyError instead of exception.KeyError * Remove duplicated asserts * Check url is in the 'self' link in list responses * Update middleware that was moved to keystonemiddleware ------------------------------------------------------------------- Tue Jul 29 23:56:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev36.g5017993: * Update setup docs with Fedora 19+ dependencies * Correct revocation event test for domain_id * Add workaround to support tox 1.7.2 * Fix for V2 token issued_at time changing * Sqlite files excluded from the repo ------------------------------------------------------------------- Mon Jul 28 23:57:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev26.gdf13caf: * Fixes a capitalization issue * Add tests related to V2 token issued_at time changing * Sample config update * auth tests should not require admin token ------------------------------------------------------------------- Fri Jul 25 23:44:09 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev19.g4cbe8ca: * Add the new Keystone TokenModel * Add X-Auth-Token header in federation examples * Clean up EP-Filter after delete project/endpoint * add internal delete notification for endpoint * remove static files from docs * Move token persistence classes to token.persistence module ------------------------------------------------------------------- Thu Jul 24 23:43:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev7.g1c88ead: * cache the catalog * Disable a domain will revoke tokens under the same domain * Adding support for ldap connection pooling 2014.2.b2 * Add the new oslo.i18n as a dependency for Python 3 ------------------------------------------------------------------- Thu Jul 24 08:49:19 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.2.dev225.g686597b: * Fixes test_exceptions.py for Python3 * Fixes test_wsgi for Python3 * Adds several more test modules that pass on Py3 * Reduces the amount of mocked imports for Python 3 * Disables LDAP unit tests * Updated from global requirements * Initial implementation of validator * Mark the 'check_vX_token' methods deprecated * Extracting get group roles for project logic to drivers * implement GET /v3/catalog * Adds coverage report to py33 test runs * Fixed tox cover environment to share venv * Regenerate sample config file * Example JSON files should be human-readable * Consolidate `assert_XXX_enabled` type calls to managers * Move keystone.token.default_expire_time to token.provider * Move token_api.unique_id to token_provider_api * Capitalize a few project names in configuring services doc * Fixes a Python3 syntax error * Introduce pragma no cover to asbtract classes * project disabled/deleted notification recommendations * Use oslo.i18n * Implicitly ignore attributes that are mapped to None in LDAP ------------------------------------------------------------------- Thu Jul 17 23:44:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev180.gc1a6639: * Sync with oslo-incubator * render json examples with syntax highlighting * Avoid loading a ref from SQL to delete the ref * Add revocation extension to default pipeline * Update docs to reflect new db_sync behaviour * Migrate default extensions * Update the configuration docs for the revocation extension * LDAP: Added documentation for debug_level option * Fixes the order of assertEqual arguments ------------------------------------------------------------------- Wed Jul 16 23:52:13 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev162.g362216b: * Make sure unit tests set the correct log levels * Clean up the endpoint filtering configuration docs ------------------------------------------------------------------- Sat Jul 12 00:35:09 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev158.gbbfd58a: * multi-backend support for identity * Add oslo.i18n as dependency * Do not use lazy translation for keystone-manage * Remove deprecated token_api.list_tokens * Imported Translations from Transifex * Add keystonemiddleware to requirements * Do not use keystone's config for nova's port * Adds hacking check for debug logging translations ------------------------------------------------------------------- Fri Jul 11 00:34:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev144.gb3f9a5f: * Add _BaseFederationExtension class * Correct the region table to be InnoDB and UTF8 * HEAD responses should return same status as GET * Make OS-FEDERATION core.Driver methods abstract ------------------------------------------------------------------- Wed Jul 9 00:34:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev137.gfac022a: * Fix OAuth1 to not JSON-encode create access token response * Do not support toggling key_manglers in cache layer ------------------------------------------------------------------- Tue Jul 8 00:34:12 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev133.g9d0ecaa: * Updated from global requirements * Sync with oslo-incubator e9bb0b59 * Fix the section name in CONTRIBUTING.rst * Fix docs and scripts for pki_setup and ssl_setup ------------------------------------------------------------------- Sun Jul 6 00:33:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev127.gb4140ae: * Add schema check for OS-FEDERATION mapping table ------------------------------------------------------------------- Sat Jul 5 00:34:14 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev126.g59e01e5: * update example with a status code we actually use * Correct docstring for assertResponseSuccessful * remove default=None for config options ------------------------------------------------------------------- Thu Jul 3 00:31:47 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev122.g4e45a5f: * Ending periods in exception messages deleted * Ensure that in v2 auth tenant_id matches trust * Add identity mapping capability ------------------------------------------------------------------- Wed Jul 2 00:30:08 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev117.gb2f3b5c: * Updated from global requirements * Move bash8 to run under pep8 tox env ------------------------------------------------------------------- Tue Jul 1 00:29:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g7c47629: * Fix test for get_*_by_name invalidation * Remove backend_entities from backend_ldap.conf * Do not leak SQL queries in HTTP 409 (conflict) ------------------------------------------------------------------- Sun Jun 29 00:29:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev108.g50be156: * Remove db, db.sqlalchemy from openstack-common.conf * Consolidate provider calls to token_api.create_token * Updates Python3 requirements to match Python2 * TestAuthInfo class in test_v3_auth made more efficient * Only emit disable notifications for project/domain on disable * Fixes catalog URL formatting to never return None * Updates keystone.catalog.core.format_url tests ------------------------------------------------------------------- Sat Jun 28 00:28:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev94.gd96d546: * Regenerate sample config file ------------------------------------------------------------------- Fri Jun 27 06:01:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev92.gbaf4c23: * Adds oslo.db support for Python 3 tests * Imported Translations from Transifex * Do not log 14+ INFO lines on a broken pipe error (eventlet) * Convert explicit session get/begin to transaction context ------------------------------------------------------------------- Thu Jun 26 11:35:50 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.2.dev85.gf82b887: * deprecate LDAP config options for 'tenants' * the user_tenant_membership table was replaced by "assignment" * Corrects minor spelling mistakes * Ignoring order of user list in TenantTestCase * Make gen_pki.sh & debug_helper.sh bash8 compliant * Update docs to reference #openstack-keystone * Don't set sqlite_db default * Migrate ID generation for users/groups from controller to manager * oslo.db implementation * Test `common.sql` initialization * Kerberos as method name * test REMOTE_USER does not authenticate * Document pkiz as provider in config * Fix the typo and reformat the comments for the added option * Updated from global requirements * fix flake8 issues * Update sample keystone.conf file * Fix 500 error if request body is not JSON object * Default to PKIZ tokens * Fix a few typos in the shibboleth doc * Ignore broken endpoints in get_catalog * Properly invalidate cache for get_*_by_name methods * remove unnecessary word in docs: 'an' * remove unneeded definitions of Python Source Code Encoding * update release support warning for domain-specific drivers ------------------------------------------------------------------- Wed Jun 18 00:08:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev36.gd9193ce: * pkiz String conversion * Add instructions for removing pyc files to docs * Add missing docstrings and 1 unittest for LDAP utf-8 fixes * install gettext on OS X for msgfmt ------------------------------------------------------------------- Tue Jun 17 00:07:33 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev28.gd738598: * Allow for multiple PKI Style Providers * Password trunction makes password insecure ------------------------------------------------------------------- Mon Jun 16 00:06:54 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev24.g7029722: * enable multiple keystone-all worker processes ------------------------------------------------------------------- Sun Jun 15 00:07:19 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev22.g51a05bd: * Add cloud auditing notification documentation * Fixes typo error in Keystone * Make sure domains are enabled by default * Add v3 curl examples * Sync service module from oslo-incubator * gitignore etc/keystone/ * Enforce ``saml2`` protocol in Apache config * Use translation hints * Fix type error message in format_url ------------------------------------------------------------------- Sat Jun 14 00:07:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev4.ge7baea2: * Block delegation escalation of privilege ------------------------------------------------------------------- Fri Jun 13 00:07:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev2.g4f93ec6: 2014.2.b1 * Use code-block for curl examples ------------------------------------------------------------------- Wed Jun 11 23:41:59 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev349.gfb0e4c5: * add docs on v2 & v3 support in the service catalog ------------------------------------------------------------------- Tue Jun 10 23:41:45 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev347.g8de4ffa: * Make sure all the auth plugins agree on the shared identity attributes * Catalog driver generates v3 catalog from v2 catalog * fixed several pep8 issues * Consistenly use jsonutils instead of json ------------------------------------------------------------------- Mon Jun 9 23:41:35 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev339.ga0a3237: * Code which gets and deletes elements of tree was moved to one method * Remove obsolete note from ldap ------------------------------------------------------------------- Fri Jun 6 23:41:32 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev335.g3c07fba: * Add v2 & v3 API documentation * Compressed Token Provider * document keystone-specs instead of LP blueprints in README ------------------------------------------------------------------- Thu Jun 5 23:41:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev329.g983baf4: * remove out of date docs for Fedora 15 ------------------------------------------------------------------- Wed Jun 4 23:41:45 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev327.g25a7f4a: * Invalid command referenced in federation documentation * Fix curl example refs in docs * pep8: do not test locale files * Updated from global requirements * Refactor driver_hints * Unimplemented get roles by group for project list * Update mailmap entry for Brant ------------------------------------------------------------------- Sat May 31 00:06:43 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev314.g3556857: * Make sure scoping to the project of a disabled domain result in 401 * Fixed wrong behavior when updating tenant or user with LDAP backends * Cleanup openstack-common.conf and sync from olso * Refactor tests regarding required attributes * Check that the user is dumb moved to the common method ------------------------------------------------------------------- Fri May 30 00:09:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev304.g6ed0549: * document pki_setup and ssl_setup in keystone.conf.sample ------------------------------------------------------------------- Thu May 29 00:09:24 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev303.g93bc881: * recommend excluding 35357 from ephemeral ports * Fixes duplicated DELETE queries on SQL backends * Suggest users to remove REMOTE_USER from shibd conf * Imported Translations from Transifex * indicate that sensitive messages can be disabled * replaced unicode() with six.text_type() * no one uses macports ------------------------------------------------------------------- Wed May 28 00:08:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev290.g972322d: * Fix spelling mistakes in docs * Replace magic value 'service/security' in CadfNotificationWrapper * Replace assertTrue and assertFalse with more suitable asserts * remove a few backslash line continuations ------------------------------------------------------------------- Tue May 27 00:07:34 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev282.g97fca80: * sql migration: ensure using innodb utf8 for assignment table ------------------------------------------------------------------- Mon May 26 00:07:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev280.g8b83737: * install from source docs never actually install the keystone service ------------------------------------------------------------------- Sun May 25 00:07:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev278.g660d351: * Cleanup of ldap assignment backend ------------------------------------------------------------------- Sat May 24 00:08:35 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev276.g7d09cdc: * LDAP fix for get_roles_for_user_and_project user=group ID * Mapping engine does not handle regex properly * Regenerate sample config * Stronger assertion for test_user_extra_attribute_mapping ------------------------------------------------------------------- Fri May 23 00:08:17 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev268.g6c9b48f: * Reduce log noise on expired tokens * Fix version links to docs.openstack.org ------------------------------------------------------------------- Wed May 21 23:44:59 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev264.g72f046f: * Remove all mostly untranslated PO files * SQL fix for get_roles_for_user_and_project user=group ID ------------------------------------------------------------------- Sun May 18 23:44:07 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev261.g455d50e: * Add note for v3 API clients using auth plugin docs * Refactor test_auth trust related tests * Add mailmap entry ------------------------------------------------------------------- Wed May 14 23:57:16 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev255.g3ca5ce4: * Make the LDAP debug option a configurable setting ------------------------------------------------------------------- Tue May 13 23:57:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev253.g8697b39: * Add detailed federation configuration docs * Escape values in LDAP search filters ------------------------------------------------------------------- Fri May 9 23:57:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev249.g401294d: * Reduce excess LDAP searches ------------------------------------------------------------------- Tue May 6 23:56:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev248.g820e4f1: * Refactor create_trust for readability * Adds several more tests to the Python 3 test run ------------------------------------------------------------------- Mon May 5 23:52:58 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev246.g3ec0c5e: * Fixed the policy tests in Python 3 * Fixed the size limit tests in Python 3 * Fix cache configuration checks ------------------------------------------------------------------- Sat May 3 23:52:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev242.g1e6b45f: * setUp must be called on a fixture's parent first * First real Python 3 tests * Make the py33 Jenkins job happy ------------------------------------------------------------------- Fri May 2 23:52:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev236.ga725b67: * fixed typos found by RETF rules in RST files * Remove the configure portion of extension docs * Ensure token is a string * Fixed some typos throughout the codebase * Allow 'description' in V3 Regions to be optional * More random values for oAuth1 verifier * Set proper DB_INIT_VERSION on db_version command * Sync with oslo-incubator 28fba9c * Check that all po/pot files are valid * Refactor service readiness notification ------------------------------------------------------------------- Thu May 1 23:52:23 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev216.g1dde174: * Add rally performance gate job for keystone ------------------------------------------------------------------- Wed Apr 30 23:52:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev214.g314c032: * Migration DB_INIT_VERSION in common place * Redundant unique constraint * Correct `nullable` values in models and migrations ------------------------------------------------------------------- Tue Apr 29 23:53:02 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev208.g69ef772: * Move hacking code to a separate fixture * Some methods in ldap were moved to superclass * Use oslo.test mockpatch * Refactor notifications * Ignore broken endpoints in get_v3_catalog ------------------------------------------------------------------- Sun Apr 27 00:42:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev198.gd4c4a96: * No longer allow listing users by email * Fix sql_upgrade tests run by themselves * Refactor test_password_hashed to the backend testers * Fix catalog Driver signatures ------------------------------------------------------------------- Sat Apr 26 00:39:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev190.g64857e3: * Add localized response test * Make test_revoke expiry times distinct * Removed duplication with list_user_ids_for_project * Fix the "search for sql.py" files for db models * Sync with oslo-incubator 74ae271 * Updated from global requirements * Compatible server default value in the models * Explicit foreign key indexes * Added statement for ... if ... else * More notification unit tests * Fix typo of ANS1 to ASN1 ------------------------------------------------------------------- Fri Apr 25 00:38:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev169.gb44ba65: * Imported Translations from Transifex * Fix typo on cache backend module ------------------------------------------------------------------- Thu Apr 24 00:38:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev166.g2fea4a9: * Code which gets elements of tree in ldap moved to a common method * Include extra attributes in list results * Configurable token hash algorithm ------------------------------------------------------------------- Wed Apr 23 00:39:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev160.gc267914: * Discourage use of pki_setup * Fixes for in-code documentation ------------------------------------------------------------------- Tue Apr 22 00:42:40 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev156.gfd5a148: * add dependencies of keystone dev-enviroment ------------------------------------------------------------------- Mon Apr 21 00:42:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev155.g0773c4e: * Remove LDAP password hashing code ------------------------------------------------------------------- Sun Apr 20 00:43:45 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev153.gaca369f: * More efficient DN list for LDAP role delete * Allow any attributes in mapping ------------------------------------------------------------------- Sat Apr 19 00:43:52 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev150.g4907779: * Don't re-raise instance * Enhance tests for user extra attribute mapping ------------------------------------------------------------------- Fri Apr 18 00:43:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev146.ge55216e: * Isolate backend loading * Adding one more check on project_id * Cleanup of test_cert_setup tests ------------------------------------------------------------------- Wed Apr 16 23:37:03 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev140.g0473e5a: * Add missing import, remove trailing ":" in middleware example * Sync with oslo-incubator 2fd457b * Remove unnecessary dict copy * Removed unused code ------------------------------------------------------------------- Tue Apr 15 23:37:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev133.gde33c22: * Moves test database setup/teardown into a fixture * More debug output for test * Updated from global requirements ------------------------------------------------------------------- Mon Apr 14 23:37:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev127.g4cc6a9c: * Collapse SQL Migrations ------------------------------------------------------------------- Sat Apr 12 23:37:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev125.g58d71b9: * Refactor: moved flatten function to utils * Treat LDAP attribute names as case-insensitive * Adds style checks to ease reviewer burden * Refactor: move federation functions to federation utils * Convert test_backend_ldap to config fixture * Fix assertEqual arguments order(catalog, cert_setup, etc) ------------------------------------------------------------------- Fri Apr 11 00:02:55 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev114.g9b580d2: * replace word 'by' with 'be' * List all forbidden attributes in the request body ------------------------------------------------------------------- Thu Apr 10 00:03:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev110.gda4d4a1: * Adding more descriptive error message * Fixed wrong behavior in method search_s in BaseLdap class ------------------------------------------------------------------- Wed Apr 9 00:03:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev108.gdc43f94: * Fix response for missing attributes in trust * Add tests for user ID with comma * Cleanup config.py ------------------------------------------------------------------- Tue Apr 8 00:44:52 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev103.g76b396a: * Clean up config help text ------------------------------------------------------------------- Sun Apr 6 00:41:27 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev101.g284511a: * Remove common.V3Controller.check_required_params() method ------------------------------------------------------------------- Sat Apr 5 00:42:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev99.gdef83cc: * Fix invalid LDAP filter for user ID with comma * Remove assignment proxy methods/controllers * Remove legacy_endpoint_id and enabled from service catalog * Replace all use of mox with mock * Reduce environment logging * Add slowest output to tox runs (testr) ------------------------------------------------------------------- Fri Apr 4 09:14:42 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev87.g8c53f42: * Fix parallel unit tests keystoneclient partial checkout * Sync from oslo db.sqlalchemy.migration * Removes unused db_sync methods * Removes useless wrapper from manager base class * For ldap, API wrongly reports user is in group * Keystone doesn't use pam * remove the unused variable in test_sql_upgrade ------------------------------------------------------------------- Thu Apr 3 00:50:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev73.gd8c0c81: * Sanitizes authentication methods received in requests * Fix create_region_with_id raise 500 Error bug * Make service catalog include service name * Remove unused db_sync from extensions ------------------------------------------------------------------- Wed Apr 2 00:56:06 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev65.gd33cd47: * support conventional domain name with one or more dot * Remove _delete_tokens function from federation controller ------------------------------------------------------------------- Tue Apr 1 00:53:44 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev61.gb803fe8: * Fixed small capitalization issue * Removes some duplicate setup from a testcase * Updated from global requirements * Enable concurrent testing by default * Moves database setup/teardown closer to its usage * Fix assertEqual arguments order(auth_plugin, backend, backend_sql, etc) * Fix the order of assertEqual arguments(keystoneclient, kvs, etc) ------------------------------------------------------------------- Mon Mar 31 12:22:22 UTC 2014 - speilicke@suse.com - Add python-oslotest dependency to fix build ------------------------------------------------------------------- Sun Mar 30 01:02:30 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev47.ge8d8306: * Fix Jenkins translation jobs ------------------------------------------------------------------- Sat Mar 29 01:03:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev46.g7882359: * Cleanup ldap tests (mox and reset values) * Check domain_id with equality in assignment kvs * Imported Translations from Transifex * test_v3_token_id correctly hash token * Safer noqa handling * Expand the use of non-ascii values in ldap test * Properly handle unicode & utf-8 in LDAP * Refactor LDAP API * Remove unnecessary test setUps * Use CMS to generate sample tokens * Allows override of stdout/stderr/log capturing * Cleanup revocation query * Use assertIsNone when comparing against None * Removes the use of mutables as default args * Use assertIn in test_v3_catalog * Start using to oslotest * Fix test_provider_token_expiration_validation transient failure ------------------------------------------------------------------- Fri Mar 28 01:03:04 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev13.ga5382fa: * Remove noqa form import _s * Use in-memory SQLite for sql migration tests * Use in-memory SQLite for testing * Remove extraenous instantiations of managers * Add placeholders for reserved migrations 2014.1.rc1 * code hygiene; use six.text_type, escape regexp's, use key function * Add a space after the hash for block comments ------------------------------------------------------------------- Thu Mar 27 01:02:43 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.2.dev176.g724d056: * Open Juno development * Enable lazy translations in httpd/keystone.py * Avoid using .values() on the indexed columns * Imported Translations from Transifex * revert deprecation of v2 API * Updated from global requirements * Uses generator expressions instead of filter ------------------------------------------------------------------- Wed Mar 26 01:04:09 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev162.g3056dc5: * exclude disabled services from the catalog * refactor AuthCatalog tests * Rename keystone.tests.fixtures * Change the default version discovery URLs * Remove extra cache layer debugging * Fix doc build errors with SQLAlchemy 0.9 * Sync oslo-incubator db.sqlalchemy b9e2499 * Always include 'enabled' field in service response ------------------------------------------------------------------- Tue Mar 25 01:04:33 UTC 2014 - cloud-devel@suse.de - Rebased patches: + 0001-Create-TMPDIR-for-tests-recursively.patch dropped (merged upstream) ------------------------------------------------------------------- Tue Mar 25 01:04:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev146.ge7b3005: * Create TMPDIR for tests recursively * test tcp_keepidle only if it's available on the current platform * Add dedicated URL for issuing unscoped federation tokens ------------------------------------------------------------------- Mon Mar 24 01:03:17 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev141.g0fb0dfd: * Filter SAML2 assertion parameters with certain prefix ------------------------------------------------------------------- Sun Mar 23 01:04:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev139.g1e84251: * Use oslo db.sqlalchemy.session.EngineFacade.from_config ------------------------------------------------------------------- Sat Mar 22 01:02:46 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev137.ga3c7553: * Add support for parallel testr workers in Keystone * is_revoked check all viable subtrees * update sample conf * explicitly import gettext function * expires_at should be in a tuple not turned into one * Comparisons should account for instantaneous test execution * Make domain_id immutable by default * Do not expose internal data on UnexpectedError * Filter LDAP dumb member when listing role assignments ------------------------------------------------------------------- Fri Mar 21 00:57:29 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev121.gff88763: * Ability to turn off ldap referral chasing * Add user_id when calling populate_roles_for_groups * Store groups ids objects list in the OS-FEDERATION object * Uses explicit imports for _ * Rename scope_to_bad_project() to test_scope_to_bad_project() * Make LIVE Tests configurable with ENV ------------------------------------------------------------------- Wed Mar 19 01:09:28 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev109.gd4574a7: * Move test .conf files to keystone/tests/config_files * Removal of test .conf files ------------------------------------------------------------------- Tue Mar 18 10:31:49 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev105.gd906f57: * Filter out nonstring environment variables before rules mapping * Provide option to make domain_id immutable * Replace httplib.HTTPSConnection in ec2_token * Don't automatically enable revocation events * Ensure v3policysample correctly limits domain_admin access * Sync db, db.sqlalchemy from oslo-incubator 0a3436f * Do not use keystone.conf.sample in tests * Use class attribute to represent 'user' and 'group' * trust creation allowed with empty roles list ------------------------------------------------------------------- Sat Mar 15 01:12:05 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev88.gcd3b6f6: * Update sample config * remove hardcoded SQL queries in tests * Fix db_version failed with wrong arguments ------------------------------------------------------------------- Fri Mar 14 00:57:36 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev82.g358674a: * Updated from global requirements * Remove unnecessary oauth1.Manager constructions * Enforce groups presence for federated authn * Very minor cleanup to default_fixtures * Cleanup keystoneclient tests * Cleanup fixture data added to test instances * Cleans up test data from limit tests * Cleanup of instance attrs in core tests * Cleanup backends after each test * Fix include only enabled endpoints in catalog * Add unit tests for disabled endpoints in catalog * Add OS-OAUTH1 to consumers links section ------------------------------------------------------------------- Thu Mar 13 01:39:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev58.gcb742d0: * Fixup region description uniqueness * Add missing documentation for enabling oauth1 auth plugin * Configurable temporary directory for tests ------------------------------------------------------------------- Wed Mar 12 00:55:39 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev52.g989dd71: * Add missing documentation for enabling federation auth plugin * Call an existing method in sync cache for revoke events * Remove unnecessary calls to self.config() * Import order is fixed ------------------------------------------------------------------- Tue Mar 11 01:34:48 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev45.gfb8209e: * Use config fixture ------------------------------------------------------------------- Mon Mar 10 16:21:20 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev43.g58bb5e9: * Fix docstrings in federation related modules * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd * V3 xml responses should use v3 namespace 2014.1.b3 * Update ADMIN_TOKEN description in docs * Remove unused function from tests * Don't need session.flush in context managed by session * Remove vim headers * Removes use of timeutils.set_time_override * Removes a redundant test * revocation_list only call isotime on datetime objects * Handle exception messages with six.text_type * Fix webob.exc.HTTPForbidden parameter miss ------------------------------------------------------------------- Thu Mar 6 16:31:18 UTC 2014 - speilicke@suse.com - Fix requirements ------------------------------------------------------------------- Thu Mar 6 16:20:17 UTC 2014 - speilicke@suse.com - Update to version keystone-2014.1.dev515.g8c168bc: * v3 endpoint create should require url ------------------------------------------------------------------- Thu Mar 6 15:15:26 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev513.g7913636: * Mark revoke as experimental * Imported Translations from Transifex * allow create credential with the system admin token * Always include 'enabled' field in endpoint response * Add the last of the outstanding helpstrings to config * Update curl api example to specify tenant * Update Oslo wiki link in README * Lazy gettextutils behavior * Update Oslo wiki link in README ------------------------------------------------------------------- Thu Mar 6 00:55:38 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev495.g388155c: * Stop gating on up-to-date sample config file * Token Revocation Extension ------------------------------------------------------------------- Wed Mar 5 01:00:25 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev492.g4bec42e: * drop key distribution from icehouse * Limited use trusts * Remove common.sql.migration ------------------------------------------------------------------- Tue Mar 4 01:31:16 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev487.ge9c5a00: * Properly configure OS-EP-FILTER test backend * Add tests for endpoint enabled * Remove the un-used and non-maintained PAM identity backend * SQLAlchemy Change to support more strict dialect checking * Update oslo-incubator log.py to a01f79c ------------------------------------------------------------------- Mon Mar 3 11:55:18 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev477.gfb19984: * deprecate XML support in favor of JSON * Remove unused variable * Replace assertEqual(None, *) with assertIsNone in tests * Fix assertEqual arguments order(_ldap_tls_livetest, backend_kvs, etc) ------------------------------------------------------------------- Mon Mar 3 01:34:37 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev469.g0908a0b: * Remove paste_deploy from test_overrides.conf * Remove "test-only" pam config options * Imported Translations from Transifex * Fix assertEqual arguments order(backend_ldap, cache, v3_protection) * add policy entries for /v3/regions ------------------------------------------------------------------- Sun Mar 2 00:46:10 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev460.g42e2375: * Fix get project users when no user exists * Implement V3 Specific Version of EC2 Contrib * Support authentication via SAML 2.0 assertions * oauth1 extension migration fails with DB2 ------------------------------------------------------------------- Sat Mar 1 01:13:15 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev453.g716c52c: * Fix table name typo in test_sql_upgrade * Cleanup and add more config help strings * Ensure v2 API only returns projects in the default domain * Fix the order of assertEqual arguments(v3_auth, v3_identity) ------------------------------------------------------------------- Thu Feb 27 01:31:01 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev445.g9663fa8: * Support for mongo as dogpile cache backend * Fix issue with DB upgrade to assignment table * Remove duplicated cms file ------------------------------------------------------------------- Wed Feb 26 00:38:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev440.g8c8f776: * Unimplemented error on V3 get token * Updated from global requirements * Fix keystone-manage db_version * Remove redundant default value None for dict.get * Always hash passwords on their way into the DB * Refactor tests move assertValidErrorResponse ------------------------------------------------------------------- Tue Feb 25 01:33:05 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev428.gb5a26b3: * Move _BaseController to common/controllers.py * Remove oslo rpc * Uses the venv virtualenv for the pep8 command * Update man pages * Remove auth_token middleware doc ------------------------------------------------------------------- Mon Feb 24 01:10:26 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev418.g8bc0433: * Sync db.exception from Oslo * Add tests for create grant when no group * Add tests for create grant when no user * Add version routes to KDS * KDS fix documented exception * Remove unused method _get_domain_id_from_auth ------------------------------------------------------------------- Sun Feb 23 00:54:50 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev406.g72b794f: * Remove oslo notifier * Keystone doc has wrong keystone-manage command ------------------------------------------------------------------- Sat Feb 22 00:54:41 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev402.g932647d: * Correct a docstring in keystone.common.config * Enable pep8 test against auto-generated configuration * Update config options with helpstrings and generate sample * strengthen assertion for unscoped tokens * bad config user_enable_emulation in mask test * Fix test_provider_token_expiration_validation transient failure * Update oslo-incubator fixture to 81c478 * Mark strings for translation in ldap backends ------------------------------------------------------------------- Fri Feb 21 01:35:55 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev386.g472cc5e: * Fix assertEqual arguments order * Remove sql.Base * Add test for list project users when no user ------------------------------------------------------------------- Thu Feb 20 15:33:47 UTC 2014 - dmueller@suse.com - Update to version keystone-2014.1.dev381.g9fbb60d: * Convert Token Memcache backend to new KeyValueStore Impl * Implement mechanism to provide non-expiring keys in KVS * Rationalize the Assignment Grant Tables * Keystone team uses #openstack-keystone now * Adds model mixin for {to,from}_dict functionality * Adds Cloud Audit (CADF) Support for keystone authentication * Use class attribute to represent 'project' * Switch over to oslosphinx * Replace notifier with oslo.messaging * Clean StatsController unnecesary members * Use global to represent OS-TRUST:trust * Additional notifications for revocations * Use Oslo.db migration * `find_migrate_repo` improvement * Variable 'domain_ref' referenced before assignment * Cleanup Dogpile KVS Memcache backend support * Restructure KDS options to be more like Keystone's options * Setup code for auto-config sample generation * Correct `find_migrate_repo` usage * Make live LDAP user DN match the default from devstack * Set sensible default for keystone's paste * Treat sphinx warnings as errors * Use WebOb directly in ec2_token middleware * Add lockfile and kombu as requirements for keystone * Move filter_limit_query out of sql.Base * List trusts, incorrect self link * LDAP: document enabled_emulation * Provide clearer error when deleting enabled domain * Cleanup oauth tests * Correctly normalize consumer fields on update ------------------------------------------------------------------- Fri Feb 14 07:44:02 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev310.ge8f8c17: * Remove s3_token functional tests * Remove copyright from empty files * Syncing policy engine from oslo-incubator * Rename Openstack to OpenStack * Refactor get role for trust * Adds a fixture for setting up the cache * Fixes bug in exception message generation * reverse my preferred mailmap * Notifications upon disable * Move identity logic from controller to manager * Changing testcase name to match our terminology * explicitly expect hints in the @truncated signature * list limit doc cleanup * Correct error class in find_migrate_repo * Enforce current certificate retrieval behaviour * Use WebOb directly for locale testing * Doc - Keystone configuration - moving RBAC section * Do not use auth_info objects for accessing the API * Update kvs assignment backend docs * Remove vim header * Document priority level on Keystone notifications * Uses six.iteritems for Python3 compat * Use message when creating Unauthorized exception * Use passed filter dict param in core sql filtering * Tests use setUp rather than init * Tests remove useless config list cleanup code * Reference dogpile.cache.memcached backend properly * Safe command handling for openssl ------------------------------------------------------------------- Thu Feb 13 01:25:31 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev255.g586a3ff: * Allow specifying region ID when creating region * Cleanup KDS doc build errors * Add in functionality to set key_mangler on dogpile backends * Fix indentation issue * Cleanup invalid token exception text * Fixes a misspelling * Doc - Detailing objects' attributes available for policy.json * Remove unused method _get_domain_conf * Remove unused method _store_protocol * Remove tox locale overrides * Remove unused methods from AuthInfo * Remove unused method _create_metadata * revise example extension directory structure * Update db.sqlalchemy.session from oslo-incubator 018138 * Do not call deprecated functions * Fixes a Python3 syntax error using raise * Uses six.text_type instead of unicode * Removes xrange for Python3 compat * Cleanup sample config * Remove unused variable assignment * Remove legacy diablo and essex test cruft * Enhancing tests to check project deletion in Active Directory * Change assertTrue(isinstance()) by optimal assert * sync oslo-incubator log.py * turn off eventlet.wsgi debug ------------------------------------------------------------------- Wed Feb 12 00:55:22 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev205.gfcc1547: * Adds rule processing for mapping * Limit calls to memcache backend as user token index increases in size * Implement list limiting support in driver backends * Update the default_log_levels defaults * Correct sample config default log levels ------------------------------------------------------------------- Tue Feb 11 14:45:56 UTC 2014 - cloud-devel@suse.de - Update to version keystone-2014.1.dev195.g6ed19c2: * Style the code examples in docs as python * Deprecate s3_token middleware * Update requirements to 661e6 * Fix misspellings in keystone * Removes use of fake_notify and fixes notify test * Remove host from per notification options * Remove default_notification_level from conf * Mock sys.exit in testing * Move v3_to_v2_user from manager to controller * Adds tcp_keepalive and tcp_keepidle config options * clean up keystone-manage man page * Fix indentation errors found by Pep8 1.4.6+ * Fix assignment to not require user or group existence * cleaned up extension development docs * Tests initialize database * Improve forbidden checks * rename templated.TemplatedCatalog to templated.Catalog ------------------------------------------------------------------- Wed Feb 5 15:41:43 UTC 2014 - speilicke@suse.com - Update to version keystone-2014.1.dev161.g211bfc3: * Ensure mapping rule has only local and remote properties * fix grammar error in keystone-manage.rst * Add rules to be a required field for mapping schema * Cleanup docstrings * Removes useless string * Removes duplicate key from test fixtures * Add tests to ensure additional remote properties are not validated * Change 'oauth_extension' to 'oauth1_extension' * Modified keystone endpoint-create default region * Load the federation manager * Sync oslo's policy module * Replace urllib/urlparse with six.moves.* * Change Continuous Integration Project link * Refactor Auth plugin configuration options * Use self.opt_in_group overrides * Federation IdentityProvider filter fields on update response * Remove unnecessary test methods * Refactor federation controller class hierarchy * Refactor mutable parameter handling * Make error strings translatable * Add required properties field to rules schema * deprecate access log middleware * remove access log middleware from the default paste pipeline * deprecate v2.0 API in multiple choice response * Add a docstring and rename mapping tests * Remove versionId, versionInfo, versionList from examples * Don't set default for a nullable column * Remove autoincrement from String column ------------------------------------------------------------------- Mon Mar 18 10:41:35 UTC 2013 - speilicke@suse.com - Drop +git.$TIMESTAMP.$COMMITHASH version suffix ------------------------------------------------------------------- Fri Feb 22 10:25:35 UTC 2013 - saschpe@suse.de - Require openstack-suse-macros instead of openstack-macros ------------------------------------------------------------------- Wed Dec 19 15:37:39 UTC 2012 - saschpe@suse.de - It's a noarch package -------------------------------------------------------------------- Wed Dec 19 12:40:14 UTC 2012 - saschpe@suse.de - Move to obs-service-git_tarballs - Update to version 2012.2.3+git.1355917214.0c8c2a3: + Merge commit 'refs/changes/01/17901/1' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom + Bump next version to 2012.2.3 + Ensure serviceCatalog is list when empty, not dict ------------------------------------------------------------------- Thu Nov 22 10:41:32 UTC 2012 - saschpe@suse.de - Initial version