Add liberty release notes in YAML format
This commit takes all the Liberty release notes from the wiki[1] and moves them into reno YAML files. [1] https://wiki.openstack.org/wiki/ReleaseNotes/Liberty#OpenStack_Identity_.28Keystone.29 Change-Id: I5bb807968f360e31a8fc74e422359a44b5345293
This commit is contained in:
parent
7618333ba0
commit
29f39a46ab
|
@ -0,0 +1,19 @@
|
|||
---
|
||||
other:
|
||||
- Running keystone in eventlet remains deprecated and will be removed in the
|
||||
Mitaka release.
|
||||
- Using LDAP as the resource backend, i.e for projects and domains, is now
|
||||
deprecated and will be removed in the Mitaka release.
|
||||
- Using the full path to the driver class is deprecated in favor of using
|
||||
the entrypoint. In the Mitaka release, the entrypoint must be used.
|
||||
- In the [resource] and [role] sections of the ``keystone.conf`` file, not
|
||||
specifying the driver and using the assignment driver is deprecated. In
|
||||
the Mitaka release, the resource and role drivers will default to the SQL
|
||||
driver.
|
||||
- In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
|
||||
favor of the "use" directive, specifying an entrypoint.
|
||||
- Not specifying a domain during a create user, group or project call, which
|
||||
relied on falling back to the default domain, is now deprecated and will
|
||||
be removed in the N release.
|
||||
- Certain deprecated methods from the assignment manager were removed in
|
||||
favor of the same methods in the [resource] and [role] manager.
|
|
@ -0,0 +1,21 @@
|
|||
---
|
||||
features:
|
||||
- >
|
||||
**Experimental** - Domain specific configuration options can be stored in
|
||||
SQL instead of configuration files, using the new REST APIs.
|
||||
- >
|
||||
**Experimental** - Keystone now supports tokenless authorization with
|
||||
X.509 SSL client certificate.
|
||||
- Configuring per-Identity Provider WebSSO is now supported.
|
||||
- >
|
||||
``openstack_user_domain`` and ``openstack_project_domain`` attributes were
|
||||
added to SAML assertion in order to map user and project domains,
|
||||
respectively.
|
||||
- The credentials list call can now have its results filtered by credential
|
||||
type.
|
||||
- Support was improved for out-of-tree drivers by defining stable driver
|
||||
interfaces.
|
||||
- Several features were hardened, including Fernet tokens, federation,
|
||||
domain specific configurations from database and role assignments.
|
||||
- Certain variables in ``keystone.conf`` now have options, which determine
|
||||
if the user's setting is valid.
|
|
@ -0,0 +1,31 @@
|
|||
---
|
||||
upgrade:
|
||||
- The EC2 token middleware, deprecated in Juno, is no longer available in
|
||||
keystone. It has been moved to the keystonemiddleware package.
|
||||
- The ``compute_port`` configuration option, deprecated in Juno, is no longer
|
||||
available.
|
||||
- The XML middleware stub has been removed, so references to it must be
|
||||
removed from the ``keystone-paste.ini`` configuration file.
|
||||
- stats_monitoring and stats_reporting paste filters have been removed, so
|
||||
references to it must be removed from the ``keystone-paste.ini``
|
||||
configuration file.
|
||||
- The external authentication plugins ExternalDefault, ExternalDomain,
|
||||
LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
|
||||
longer available.
|
||||
- The ``keystone.conf`` file now references entrypoint names for drivers.
|
||||
For example, the drivers are now specified as "sql", "ldap", "uuid",
|
||||
rather than the full module path. See the sample configuration file for
|
||||
other examples.
|
||||
- We now expose entrypoints for the ``keystone-manage`` command instead of a
|
||||
file.
|
||||
- Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
|
||||
Only upgrades are supported.
|
||||
- Features that were "extensions" in previous releases (OAuth delegation,
|
||||
Federated Identity support, Endpoint Policy, etc) are now enabled by
|
||||
default.
|
||||
- A new ``secure_proxy_ssl_header`` configuration option is available when
|
||||
running keystone behind a proxy.
|
||||
- Several configuration options have been deprecated, renamed, or moved to
|
||||
new sections in the ``keystone.conf`` file.
|
||||
- Domain name information can now be used in policy rules with the attribute
|
||||
``domain_name``.
|
Loading…
Reference in New Issue