openstack/keystone
Code Issues Proposed changes
d44ed7f18c
keystone/releasenotes/notes
History
Harry Rybacki d44ed7f18c Ensure default roles created during bootstrap 
Expand bootstrap process to include creation of roles outlined in
basic default roles spec.

The bootstrap process now creates two new roles, 'reader' and 'member,
in addition to the well established 'admin' role. During this process,
a role implication[1] chain is created: 'admin' implies 'member' and
'member' implies 'reader'.

[1] - https://developer.openstack.org/api-ref/identity/v3/#create-role-inference-rule

Co-Authored-By: Juan Antonio Osorio Robles <jaosorior@redhat.com>
bp basic-default-roles
Depends-On: https://review.openstack.org/574149
Change-Id: Ie18a269e3d1075d955fe494acaf634a393c6bd7b
2018-06-14 10:54:54 -04:00
..
.placeholder Add reno for release notes management 2015-11-10 16:10:00 -05:00
add_password_expires_at_to_user_response-22f14ab629c48bc2.yaml PCI-DSS Adds password_expires_at to API docs 2016-07-22 17:47:27 +00:00
add-bootstrap-cli-192500228cc6e574.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
add-expires-at-int-to-trusts-60ae3c5d0c00808a.yaml Add expired_at_int column to trusts 2018-01-04 22:28:44 +01:00
add-limit-description-c1f42641d9c6c33d.yaml Limit description support 2018-05-08 10:59:41 +08:00
add-unified-limit-apis-c9ebc5116bc2cf93.yaml Add api-ref for unified limits 2018-01-25 16:33:25 +08:00
admin_token-a5678d712783c145.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
admin_token-c634ec12fc714255.yaml Disable Admin tokens set to None 2016-02-16 20:00:34 +00:00
Assignment_V9_driver-c22be069f7baccb0.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
bp-allow-expired-f5d845b9601bc1ef.yaml Readability/Typo Fixes in Release Notes 2017-02-08 00:31:19 +00:00
bp-application-credentials-c699f1f17c7d4e2f.yaml Add a release note for application credentials 2018-01-27 12:00:23 +01:00
bp-basic-default-roles-4ff6502b6ac57d48.yaml Ensure default roles created during bootstrap 2018-06-14 10:54:54 -04:00
bp-domain-config-as-stable-716ca5ab33c0cc42.yaml Mark the domain config via API as stable 2016-07-08 14:44:30 -07:00
bp-domain-config-default-82e42d946ee7cb43.yaml Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml 2016-09-29 09:25:59 +08:00
bp-manage-migration-c398963a943a89fe.yaml Add expand, data migration and contract logic to keystone-manage 2016-08-18 10:37:56 +01:00
bp-password-expires-validation-4b32fe7032595932.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bp-pci-dss-notifications-808a205a637bac25.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
bp-pci-dss-password-requirements-api-87bc724b2aa554f7.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bp-pci-dss-query-password-expired-users-a7c96a3843bb9abc.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bp-per-user-auth-plugin-reqs-feb95fd907be4b40.yaml Add MFA Rules Release Note 2017-01-31 22:07:37 +00:00
bp-policy-in-code-722372a27291b9cd.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
bp-shadow-mapping-06fc7c71a401d707.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
bp-support-federated-attr-94084d4073f50280.yaml Fix some typo in releasenotes 2017-02-27 10:14:14 +08:00
bp-system-scope-7d236ee5992d4e20.yaml Grant admin a role on the system during bootstrap 2018-02-13 21:37:31 +00:00
bp-url-safe-naming-ad90d6a659f5bf3c.yaml Add support for strict url safe option on new projects and domains 2016-01-19 03:47:31 +00:00
bug_1526462-df9a3f3974d9040f.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
bug_1543048_and_1668503-7ead4e15faaab778.yaml Support new hashing algorithms for securely storing password hashes 2017-05-18 20:03:25 -05:00
bug_1674415-e8a7345aa2b05ab7.yaml Error messages are not translating with locale. 2017-03-24 20:08:17 +00:00
bug_1688188-256e3572295231a1.yaml Handle auto-generated domains when creating IdPs 2017-07-27 20:20:00 +00:00
bug_1698900-f195125bf341d887.yaml Include a link in release note for bug 1698900 2017-08-22 17:14:23 +00:00
bug-1017606-98313bb4c1edf250.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1291157-00b5c714a097e84c.yaml Validate identity providers during token validation 2018-02-01 23:33:42 +00:00
bug-1490804-de58a9606edb31eb.yaml Add audit IDs to revocation events 2015-12-17 10:46:23 -06:00
bug-1519210-de76097c974f9c93.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
bug-1523369-4d42c841b6e7e54e.yaml Move release note from /keystone/releasenotes to /releasenotes 2017-03-24 16:41:36 -04:00
bug-1524030-0814724d5c2b7c8d.yaml Validate disabled domains and projects online 2017-11-27 23:06:10 +00:00
bug-1524030-ccff6b0ec9d1cbf2.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1535878-change-get_project-permission-e460af1256a2c056.yaml Change get_project permission 2016-02-11 12:21:24 +00:00
bug-1542417-d630b7886bb0b369.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
bug-1547684-911aed68a0d3df17.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1561054-dbe88b552a936a05.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
bug-1563101-134df5b99ea48f00.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1571878-1bcaea5337905af0.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1582585-a368ac5a252ec84f.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1590587-domain-specific-role-assignment-8f120604a6625852.yaml Project domain must match role domain for assignment 2016-09-07 11:43:53 -07:00
bug-1594482-52a5dd1d8477b694.yaml /services?name=<name> API fails when using list_limit 2016-06-21 14:22:19 -07:00
bug-1611102-e1348cbec9b1110a.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1613466-credential-update-ec2-type-8fb51ff3ad3a449c.yaml Fix credential update to ec2 type 2016-08-23 06:58:03 +00:00
bug-1615014-b30f606a2d202428.yaml Validate rolling upgrade is run in order 2017-06-27 20:54:04 +00:00
bug-1616424-c46ba773f7ac40ae.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1622310-c501cf77437fdfa6.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1636950-8fa1a47fce440977.yaml Fix some typo in releasenotes 2017-02-27 10:14:14 +08:00
bug-1638603-354ee4167e6e.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1641645-516709f9da3de26f.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1641654-8630ce7bcde43a7e.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1641660-f938267e1ec54071.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1641816-8b39f3f73359c778.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1642212-9964dfd3af0184bd.yaml Add --check to keystone-manage db_sync command 2017-02-09 19:45:02 +00:00
bug-1642348-83d4c86ad3984d75.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1642457-4533f9810a8cd927.yaml Handle disk write failure when doing Fernet key rotation 2016-12-26 10:17:01 +08:00
bug-1642687-5497fb56fe86806d.yaml Readability/Typo Fixes in Release Notes 2017-02-08 00:31:19 +00:00
bug-1642687-c7ab1c9be152db20.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1642692-d669c8fcf9e171d9.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1645487-ca22c216ec26cc9b.yaml PCI-DSS Force users to change password upon first use 2017-01-27 18:47:15 +00:00
bug-1649138-c53974f6bb0eab14.yaml Add anonymous bind to get_connection method 2017-01-12 04:02:24 +00:00
bug-1649446-efff94143823755d.yaml listing revoke events should be admin only 2017-01-09 21:12:47 +00:00
bug-1649616-b835d1dac3401e8c.yaml Fixing flushing tokens workflow 2017-07-10 17:10:38 -03:00
bug-1656076-c4422270f73b43b.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1659730-17834ba2dde668ae.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
bug-1659995-f3e716de743b7291.yaml Revise conf param in releasenotes 2017-03-03 09:58:02 +08:00
bug-1670382-ee851ba4f364d608.yaml Add group_members_are_ids to whitelisted options 2017-03-20 12:09:26 +00:00
bug-1676497-92271e25f642e2de.yaml Differentiate between dpkg and rpm for libssl-dev 2017-03-31 11:27:25 -04:00
bug-1684994-264fb8f182ced180.yaml Clarify LDAP invalid credentials exception 2017-06-29 16:17:06 -05:00
bug-1687593-95e1568291ecd70b.yaml Add a release note for bug 1687593 2017-07-13 22:43:44 +00:00
bug-1696574-15a728396350a95a.yaml Document and add release note for HEAD APIs 2017-06-27 21:15:44 +00:00
bug-1700852-de775d0eb2ddfdd1.yaml Cache list projects and domains for user 2017-08-09 14:45:58 +00:00
bug-1701324-739a31f38037f77b.yaml Remove duplicate roles from federated auth 2017-08-16 15:20:58 +00:00
bug-1702211-abb59adda73fd78e.yaml Add int storage of datetime for password created/expires 2017-08-15 16:29:18 +00:00
bug-1703369-9a901d627a1e0316.yaml fix identity:get_identity_providers typo 2017-07-11 17:51:57 -04:00
bug-1703666-b8a990f2bf5b62f0.yaml Fixing multi-region support in templated v3 catalog 2018-03-13 11:10:08 -07:00
bug-1704205-bc0570feeb3ec5c4.yaml Filter users and groups in ldap 2017-08-01 01:18:40 +05:30
bug-1705485-7a1ad17b9cc99b9d.yaml Remove policy for self-service password changes 2017-08-04 13:56:59 +00:00
bug-1718747-50d39fa87bdbb12b.yaml Delete SQL users before deleting domain 2018-02-08 21:19:02 +01:00
bug-1727099-1af277b35db34372.yaml Update the help message for unique_last_password_count 2017-11-24 08:52:12 +08:00
bug-1727726-0b47608811a2cd16.yaml Filter users/groups in ldap with whitespaces 2017-11-03 20:52:41 +05:30
bug-1728907-bab6769ab46bd8aa.yaml Handle empty token key files 2018-05-16 15:02:32 -05:00
bug-1733754-4d9d3042b8501ec6.yaml Add schema check for OS-TRUST:trust authentication 2017-11-24 01:35:17 +00:00
bug-1734244-1b4ea83baa72566d.yaml Fix 500 error when create trust with invalid role key 2017-11-27 15:11:34 +00:00
bug-1736875-c790f568c5f4d671.yaml Add schema check for authorize request token 2018-01-10 14:32:16 +08:00
bug-1738895-342864cd0285bc42.yaml Fix list users by name 2018-02-03 15:50:29 +08:00
bug-1740951-82b7e4bd608742ab.yaml Expose a get_enforcer method for oslo.policy scripts 2018-01-03 20:47:56 +00:00
bug-1746599-848a1163e52ac0a6.yaml Fix user email in federated shadow users 2018-03-22 19:26:08 +08:00
bug-1747694-48c8caa4871300e3.yaml Reorganize api-ref: v3-ext trust.inc 2018-02-07 19:01:20 +05:30
bug-1748970-eb63ad2030e296f3.yaml Fix querying role_assignment with system roles 2018-02-13 21:37:15 +00:00
bug-1749264-676ca02902bcd169.yaml Delete system role assignments when deleting users 2018-02-13 20:24:10 +00:00
bug-1749267-96153d2fa6868f67.yaml Delete system role assignments when deleting groups 2018-02-13 20:47:54 +00:00
bug-1750415-95ede3a9685b6e0c.yaml Populate application credential data in token 2018-02-19 22:41:12 +01:00
bug-1751045-f950e3fb85e2b573.yaml Allow cleaning up non-existant group assignments 2018-04-09 16:08:34 +00:00
bug-1753584-e052bc7805f001b4.yaml Fix formatting of ImportError 2018-03-07 09:29:20 -06:00
bug-1755874-9951f77c6d18431c.yaml Allow blocking users from self-service password change 2018-04-18 19:15:07 +00:00
bug-1756190-0e5d86d334555931.yaml Make tags filter match subset rather than exact 2018-03-27 13:38:47 -05:00
bug-1759289-466cdf4514de3498.yaml Log warning when using token_flush 2018-03-29 20:15:55 +00:00
bug-1760205-87dedd6d8812db3f.yaml Invalidate the shadow user cache when deleting a user 2018-04-25 11:39:29 +08:00
bug-1760521-fec5c88af214401f.yaml Fix list_limit doesn't work correctly for domain 2018-04-03 14:26:59 +08:00
bug-1760809-711df870a9d67c0d.yaml Fix 500 error when deleting domain 2018-04-11 10:35:31 +08:00
bug-1763824-3d2f5169af9d42f.yaml Fix json schema nullable to add None to ENUM 2018-04-14 16:41:25 +00:00
catalog_project_id-519f5a70f9f7c4c6.yaml Allow project_id in catalog substitutions 2016-02-15 10:55:23 -06:00
catalog-caching-12f2532cfb71325a.yaml Add release notes for mitaka thus far 2015-11-23 16:29:39 -05:00
deprecate-endpoint-policy-cfg-option-d018acab72a398a0.yaml fix up release notes, file deprecations under right title 2015-12-14 22:27:47 -05:00
deprecate-memcache-token-persistence-eac88c80147ea241.yaml Mark memcache and memcache_pool token deprecated 2016-01-19 21:45:48 -05:00
deprecate-policies-api-b104fbd1d2367b1b.yaml Deprecate policies API 2017-11-02 14:59:53 -04:00
deprecate-v2-apis-894284c17be881d2.yaml reorganize mitaka release notes 2016-05-18 17:33:32 +00:00
deprecated-as-of-mitaka-8534e43fa40c1d09.yaml reorganize mitaka release notes 2016-05-18 17:33:32 +00:00
deprecated-as-of-newton-be1d8dbcc6bdc68f.yaml Deprecate keystone.common.kvs 2016-05-12 23:30:15 -07:00
deprecated-as-of-ocata-a5b2f1e3e39f818e.yaml Merge "add additional deprecation warnings for KVS options" 2017-01-28 03:01:05 +00:00
deprecated-as-of-pike-506f9aca91674550.yaml Deprecate (and slate for removal) UUID tokens 2017-02-11 06:01:27 +00:00
deprecated-as-of-queens-8ad7f826e4f08f57.yaml Deprecate [trust]/enabled option 2018-01-02 19:42:21 +01:00
DomainSpecificRoles-fc5dd2ef74a1442c.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
enable-filter-idp-d0135f4615178cfc.yaml Support id and enabled attributes when listing service providers 2016-03-16 13:27:12 -04:00
enable-inherit-on-default-54ac435230261a6a.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
endpoints-from-endpoint_group-project-association-7271fba600322fb6.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
extensions-to-core-a0d270d216d47276.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
federation-group-ids-mapping-6c56120d65a5cb22.yaml Add release notes for mitaka-1 2015-12-01 17:32:49 -05:00
httpd-keystone-d51b7335559b09c8.yaml fix up release notes, file deprecations under right title 2015-12-14 22:27:47 -05:00
identity_driver_new_change_password_method-e8c0e06795bca2d8.yaml PCI-DSS Minimum password age requirements 2016-08-16 21:47:49 +00:00
impl-templated-catalog-1d8f6333726b34f8.yaml Removes KVS catalog backend 2016-01-19 21:26:30 -05:00
implied-roles-026f401adc0f7fb6.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
implied-roles-stable-8b293e187c5620ad.yaml Mark the implied role API as stable 2018-03-16 16:04:27 +00:00
insecure_reponse-2a168230709bc8e7.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
integrate-osprofiler-ad0e16a542b12899.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
is-admin-24b34238c83b3a82.yaml Cleans up code for is_admin in tokens 2015-12-07 19:30:37 -03:00
ldap-conn-pool-enabled-90df94652f1ded53.yaml Enable LDAP connection pooling by default 2016-02-26 14:19:10 +00:00
ldap-emulation-91c4d535eb9c3d10.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
list_limit-ldap-support-5d31d51466fc49a6.yaml Add release note for list_limit support 2016-03-18 18:15:41 +03:00
list_role_assignment_names-33aedc1e521230b6.yaml Fix nits in include names patch 2016-01-22 08:25:38 -06:00
mapping_populate-521d92445505b8a3.yaml Add mapping_populate command 2016-08-23 20:52:10 +00:00
migration_squash-f655329ddad7fc2a.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
no-default-domain-2161ada44bf7a3f7.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
notify-on-user-group-membership-8c0136ee0484e255.yaml Add notifications to user/group membership 2016-03-09 17:20:33 +00:00
oauth1-headers-content-type-9a9245d9bbec8f8e.yaml Replace the content type with correct one 2016-08-16 21:26:06 +08:00
oslo.cache-a9ce47bfa8809efa.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
password-created_at-nullable-b3c284be50d93ef5.yaml Fixes migration where password created_at is nullable 2016-09-01 17:15:47 +00:00
policy_new_federated_projects_for_user-dcd7bd148efef049.yaml Concrete role assignments for federated users 2016-06-29 02:24:03 +00:00
pre-cache-tokens-73450934918af26b.yaml Pre-cache new tokens 2016-08-31 20:14:53 +03:00
project-tags-1e72a6779d9d02c5.yaml Add project tags api-ref documentation and reno 2017-10-17 17:56:29 -05:00
projects_as_domains-3ea8a58b4c2965e1.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
python3-support-e4189e0a1a6e2e4f.yaml Add python 3 release note. 2016-05-20 21:54:54 +00:00
remove-token-auth-middleware-5ea3b3734ce1d9e6.yaml Remove the TokenAuth middleware 2018-05-10 14:40:39 +00:00
remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml Fix release note of removal of v2.0 trusts support 2016-02-11 06:39:26 +00:00
removed-as-of-mitaka-9ff14f87d0b98e7e.yaml Removed deprecated revoke KVS backend 2016-01-25 01:08:15 -08:00
removed-as-of-newton-721c06b5dcb1b34a.yaml remove deprecated revoke_by_expiration function 2016-05-22 14:39:58 +00:00
removed-as-of-ocata-436bb4b839e74494.yaml clean up release notes for ocata 2017-01-27 14:36:54 +00:00
removed-as-of-pike-deadbeefdeadbeef.yaml Remove loading drivers outside of their expected namespaces 2017-05-18 18:08:26 +00:00
removed-as-of-queens-94c04e88c08f89aa.yaml Remove duplicated release note 2017-12-29 10:10:30 +08:00
removed-as-of-rocky-f44c3ba7c3e73d01.yaml Removal of deprecated direct driver loading 2018-03-27 19:20:15 +00:00
request_context-e143ba9c446a5952.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
resource-backend-sql-only-03154d8712b36bd0.yaml Resource backend is SQL only now 2017-08-14 19:01:02 +00:00
revert-v2-token-issued-for-non-default-domain-25ea5337f158ef13.yaml Add release note for revert of c4723550aa 2016-01-17 20:42:36 +00:00
Role_V9_driver-971c3aae14d9963d.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
s3-aws-v4-c6cb75ce8d2289d4.yaml Add release notes for mitaka thus far 2015-11-23 16:29:39 -05:00
support_encrypted_credentials_at_rest-93dcb67b3508e91a.yaml Document credential encryption 2016-08-31 21:28:42 +00:00
token-formatter-ec58aba00fa83706.yaml Move token_formatter to token 2018-01-19 16:17:47 -06:00
token-provider-refactor-a3a64146807daf36.yaml Remove needs_persistence property from token providers 2018-02-15 20:38:54 +00:00
totp-40d93231714c6a20.yaml Revert "Fix wrong links" 2017-08-22 18:54:25 +00:00
use-pyldap-6e811c28bf350d6d.yaml Use PyLDAP instead of python-ldap 2016-05-18 02:38:34 -04:00
v2-dep-d6e7ab2d08119549.yaml Give a prospective removal date for all v2 APIs 2017-02-27 15:27:58 +00:00
v3-endpoints-in-v2-list-b0439816938713d6.yaml Add release notes for mitaka thus far 2015-11-23 16:29:39 -05:00
v9FederationDriver-cbebcf5f97e1eae2.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
V9ResourceDriver-26716f97c0cc1a80.yaml Release note cleanup 2016-03-14 19:04:58 +00:00
x509-auth-df0a229780b8e3ff.yaml Release note cleanup 2016-03-14 19:04:58 +00:00