Add liberty release notes in YAML format
This commit takes all the Liberty release notes from the wiki[1] and moves them into reno YAML files. [1] https://wiki.openstack.org/wiki/ReleaseNotes/Liberty#OpenStack_Identity_.28Keystone.29 Change-Id: I5bb807968f360e31a8fc74e422359a44b5345293
This commit is contained in:
parent
7618333ba0
commit
29f39a46ab
|
@ -0,0 +1,19 @@
|
||||||
|
---
|
||||||
|
other:
|
||||||
|
- Running keystone in eventlet remains deprecated and will be removed in the
|
||||||
|
Mitaka release.
|
||||||
|
- Using LDAP as the resource backend, i.e for projects and domains, is now
|
||||||
|
deprecated and will be removed in the Mitaka release.
|
||||||
|
- Using the full path to the driver class is deprecated in favor of using
|
||||||
|
the entrypoint. In the Mitaka release, the entrypoint must be used.
|
||||||
|
- In the [resource] and [role] sections of the ``keystone.conf`` file, not
|
||||||
|
specifying the driver and using the assignment driver is deprecated. In
|
||||||
|
the Mitaka release, the resource and role drivers will default to the SQL
|
||||||
|
driver.
|
||||||
|
- In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
|
||||||
|
favor of the "use" directive, specifying an entrypoint.
|
||||||
|
- Not specifying a domain during a create user, group or project call, which
|
||||||
|
relied on falling back to the default domain, is now deprecated and will
|
||||||
|
be removed in the N release.
|
||||||
|
- Certain deprecated methods from the assignment manager were removed in
|
||||||
|
favor of the same methods in the [resource] and [role] manager.
|
|
@ -0,0 +1,21 @@
|
||||||
|
---
|
||||||
|
features:
|
||||||
|
- >
|
||||||
|
**Experimental** - Domain specific configuration options can be stored in
|
||||||
|
SQL instead of configuration files, using the new REST APIs.
|
||||||
|
- >
|
||||||
|
**Experimental** - Keystone now supports tokenless authorization with
|
||||||
|
X.509 SSL client certificate.
|
||||||
|
- Configuring per-Identity Provider WebSSO is now supported.
|
||||||
|
- >
|
||||||
|
``openstack_user_domain`` and ``openstack_project_domain`` attributes were
|
||||||
|
added to SAML assertion in order to map user and project domains,
|
||||||
|
respectively.
|
||||||
|
- The credentials list call can now have its results filtered by credential
|
||||||
|
type.
|
||||||
|
- Support was improved for out-of-tree drivers by defining stable driver
|
||||||
|
interfaces.
|
||||||
|
- Several features were hardened, including Fernet tokens, federation,
|
||||||
|
domain specific configurations from database and role assignments.
|
||||||
|
- Certain variables in ``keystone.conf`` now have options, which determine
|
||||||
|
if the user's setting is valid.
|
|
@ -0,0 +1,31 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- The EC2 token middleware, deprecated in Juno, is no longer available in
|
||||||
|
keystone. It has been moved to the keystonemiddleware package.
|
||||||
|
- The ``compute_port`` configuration option, deprecated in Juno, is no longer
|
||||||
|
available.
|
||||||
|
- The XML middleware stub has been removed, so references to it must be
|
||||||
|
removed from the ``keystone-paste.ini`` configuration file.
|
||||||
|
- stats_monitoring and stats_reporting paste filters have been removed, so
|
||||||
|
references to it must be removed from the ``keystone-paste.ini``
|
||||||
|
configuration file.
|
||||||
|
- The external authentication plugins ExternalDefault, ExternalDomain,
|
||||||
|
LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
|
||||||
|
longer available.
|
||||||
|
- The ``keystone.conf`` file now references entrypoint names for drivers.
|
||||||
|
For example, the drivers are now specified as "sql", "ldap", "uuid",
|
||||||
|
rather than the full module path. See the sample configuration file for
|
||||||
|
other examples.
|
||||||
|
- We now expose entrypoints for the ``keystone-manage`` command instead of a
|
||||||
|
file.
|
||||||
|
- Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
|
||||||
|
Only upgrades are supported.
|
||||||
|
- Features that were "extensions" in previous releases (OAuth delegation,
|
||||||
|
Federated Identity support, Endpoint Policy, etc) are now enabled by
|
||||||
|
default.
|
||||||
|
- A new ``secure_proxy_ssl_header`` configuration option is available when
|
||||||
|
running keystone behind a proxy.
|
||||||
|
- Several configuration options have been deprecated, renamed, or moved to
|
||||||
|
new sections in the ``keystone.conf`` file.
|
||||||
|
- Domain name information can now be used in policy rules with the attribute
|
||||||
|
``domain_name``.
|
Loading…
Reference in New Issue