345a3a2d2a
This release picks up new commits to keystone since the last release from stable/ussuri. This is being proposed as a convenience to help make sure stable changes are being released. If the team is good with this going out, please respond with a +1 to let the release team know it is OK to proceed. If it is not wanted at this time, or if there are more changes that would be good to get merged before doing a stable release, please leave a -1 with a comment with what the team would prefer. We can then either abandon this patch, or wait for an update with a new commit hash to use instead. $ git log --oneline --no-merges 17.0.0..2cf2912fd 8ab4eb27b Hide AccountLocked exception from end users 07d3a3d3f Retry update_user when sqlalchemy raises StaleDataErrors 6b739ffc3 Use app cred user ID in policy enforcement d55c6c705 Drop lower-constraints job f4819fe36 Support bytes type in generate_public_ID() 7ac089137 Delete system role assignments from system_assignment table 35c7406bf Implement more robust connection handling for asynchronous LDAP calls c202bd506 Add vine to lower-constraints d5870f69c Properly handle octet (byte) strings when converting LDAP responses 300e79e93 Fix lower-constraint for PyMySQL 1c37797c5 Port the grenade multinode job to Zuul v3 6b8e036ba Fix UserNotFound exception for expiring groups 1f0603598 Switch to new grenade job name Signed-off-by: Elod Illes <elod.illes@est.tech> Change-Id: I9f422804e0c005d705cea5f757d93a836fe48fe8
49 lines
1.9 KiB
YAML
49 lines
1.9 KiB
YAML
---
|
|
launchpad: keystone
|
|
release-model: cycle-with-rc
|
|
team: keystone
|
|
type: service
|
|
repository-settings:
|
|
openstack/keystone: {}
|
|
cycle-highlights:
|
|
- The user experience for creating application credentials and trusts
|
|
has been greatly improved when using a federated authentication
|
|
method. Federated users whose role assignments come from mapped
|
|
group membership will have those group memberships persisted for
|
|
a configurable TTL after their token expires, during which time
|
|
their application credentials will remain valid.
|
|
- Keystone to Keystone assertions now contain the user's group memberships
|
|
on the keystone Identity Provider which can be mapped to group membership
|
|
on the keystone Service Provider.
|
|
- Federated users can now be given concrete role assignments without
|
|
relying on the mapping API by allowing federated users to be created
|
|
directly in keystone and linked to their Identity Provider.
|
|
- When bootstrapping a new keystone deployment, the admin role now
|
|
defaults to having the "immutable" option set, which prevents it
|
|
from being accidentally deleted or modified unless the "immutable"
|
|
option is deliberately removed.
|
|
- Keystonemiddleware no longer supports the Identity v2.0 API, which
|
|
was removed from keystone in previous release cycles.
|
|
releases:
|
|
- version: 17.0.0.0rc1
|
|
projects:
|
|
- repo: openstack/keystone
|
|
hash: 16ac75c2b55f3e53d574f87cfa190edef405da30
|
|
- version: 17.0.0.0rc2
|
|
projects:
|
|
- repo: openstack/keystone
|
|
hash: 28bce595bb5d7d61c09c183c053f89c216fb8d62
|
|
- version: 17.0.0
|
|
projects:
|
|
- repo: openstack/keystone
|
|
hash: 28bce595bb5d7d61c09c183c053f89c216fb8d62
|
|
diff-start: 16.0.0.0rc1
|
|
- version: 17.0.1
|
|
projects:
|
|
- repo: openstack/keystone
|
|
hash: 2cf2912fd4d23bd8515313eafc77c6df92c68b81
|
|
branches:
|
|
- name: stable/ussuri
|
|
location: 17.0.0.0rc1
|
|
release-notes: https://docs.openstack.org/releasenotes/keystone/ussuri.html
|