Add liberty release notes in YAML format

This commit takes all the Liberty release notes from the wiki[1] and moves them into reno YAML files. [1] https://wiki.openstack.org/wiki/ReleaseNotes/Liberty#OpenStack_Identity_.28Keystone.29 Change-Id: I5bb807968f360e31a8fc74e422359a44b5345293
2015-11-16 20:31:32 -05:00 · 2015-11-16 20:31:32 -05:00 · 29f39a46ab
parent 7618333ba0
commit 29f39a46ab
3 changed files with 71 additions and 0 deletions
--- a/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
+++ b/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
@ -0,0 +1,19 @@
+---
+other:
+  - Running keystone in eventlet remains deprecated and will be removed in the
+    Mitaka release.
+  - Using LDAP as the resource backend, i.e for projects and domains, is now
+    deprecated and will be removed in the Mitaka release.
+  - Using the full path to the driver class is deprecated in favor of using
+    the entrypoint. In the Mitaka release, the entrypoint must be used.
+  - In the [resource] and [role] sections of the ``keystone.conf`` file, not
+    specifying the driver and using the assignment driver is deprecated. In
+    the Mitaka release, the resource and role drivers will default to the SQL
+    driver.
+  - In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
+    favor of the "use" directive, specifying an entrypoint.
+  - Not specifying a domain during a create user, group or project call, which
+    relied on falling back to the default domain, is now deprecated and will
+    be removed in the N release.
+  - Certain deprecated methods from the assignment manager were removed in
+    favor of the same methods in the [resource] and [role] manager.
--- a/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
+++ b/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
@ -0,0 +1,21 @@
+---
+features:
+  - >
+    **Experimental** - Domain specific configuration options can be stored in
+    SQL instead of configuration files, using the new REST APIs.
+  - >
+    **Experimental** - Keystone now supports tokenless authorization with
+    X.509 SSL client certificate.
+  - Configuring per-Identity Provider WebSSO is now supported.
+  - >
+    ``openstack_user_domain`` and ``openstack_project_domain`` attributes were
+    added to SAML assertion in order to map user and project domains,
+    respectively.
+  - The credentials list call can now have its results filtered by credential
+    type.
+  - Support was improved for out-of-tree drivers by defining stable driver
+    interfaces.
+  - Several features were hardened, including Fernet tokens, federation,
+    domain specific configurations from database and role assignments.
+  - Certain variables in ``keystone.conf`` now have options, which determine
+    if the user's setting is valid.
--- a/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
+++ b/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
@ -0,0 +1,31 @@
+---
+upgrade:
+  - The EC2 token middleware, deprecated in Juno, is no longer available in
+    keystone. It has been moved to the keystonemiddleware package.
+  - The ``compute_port`` configuration option, deprecated in Juno, is no longer
+    available.
+  - The XML middleware stub has been removed, so references to it must be
+    removed from the ``keystone-paste.ini`` configuration file.
+  - stats_monitoring and stats_reporting paste filters have been removed, so
+    references to it must be removed from the ``keystone-paste.ini``
+    configuration file.
+  - The external authentication plugins ExternalDefault, ExternalDomain,
+    LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
+    longer available.
+  - The ``keystone.conf`` file now references entrypoint names for drivers.
+    For example, the drivers are now specified as "sql", "ldap", "uuid",
+    rather than the full module path. See the sample configuration file for
+    other examples.
+  - We now expose entrypoints for the ``keystone-manage`` command instead of a
+    file.
+  - Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
+    Only upgrades are supported.
+  - Features that were "extensions" in previous releases (OAuth delegation,
+    Federated Identity support, Endpoint Policy, etc) are now enabled by
+    default.
+  - A new ``secure_proxy_ssl_header`` configuration option is available when
+    running keystone behind a proxy.
+  - Several configuration options have been deprecated, renamed, or moved to
+    new sections in the ``keystone.conf`` file.
+  - Domain name information can now be used in policy rules with the attribute
+    ``domain_name``.