From 1fb6a30ee59a16cd4b6c49bab963ff9e3f974580 Mon Sep 17 00:00:00 2001
From: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>
Date: Sat, 16 Sep 2017 02:57:39 +0900
Subject: [PATCH] Change log updates for version 1.12

Change-Id: Iba7303f0e16560310db4d8a375c1d027c65fe748
---
 CHANGELOG        | 31 +++++++++++++++++++++++++++++++
 requirements.txt |  2 +-
 tox.ini          |  4 ++--
 3 files changed, 34 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 958a7ae6..02cf07d7 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,34 @@
+Swift3 (1.12)
+    * Stop using client accessible header for cross-middleware communication
+      - Older swift3 using common HTTP header to communicate with auth middleware for
+        Swift. Now, the auth information is in wsgi env variable to prevent the header
+        from being passed by clients. This change closes a significant bug. See
+        https://bugs.launchpad.net/swift3/+bug/1561199 in detail.
+      - Plus, improve the auth middleware pipeline communication to let the auth middleware
+        just call check_signature func with the user's secret.
+
+      UpgradeInpact:
+        - If you're using tempauth, you need to upgrade your swift to later than 2.14.0.
+        - If you're using custom authentication middleware, you have to modify your middleware
+          to use auth information from wsgi environ variable. The reference change is
+          https://github.com/openstack/swift/commit/f3ef616dc6a2c4987c952b31232fa3bbb5bc6801.
+
+    * Various improvement for auth mechanism in s3_token
+      - Following a pipeline change, only contact Keystone once per client request.
+      - If ONLY using the S3 API, kesytonemiddleware.auth_token is no longer required.
+      - IPv6 format for keystone host is supported
+      - http_timeout option and delay_auth_decision option are supported. Those options
+        allows other auth middlewares to continue serving requests even when either Keystone
+        is down or rejects the request.
+
+    * ceph/s3api testing is supported as tox environment
+
+    * Add minimum segment size option for multipart upload is supported in swift3 config
+
+    * Fix some error response codes and messages to fit actual S3 response
+
+    * Other minor bug fixes and various improvements
+
 Swift3 (1.11)
 
     * Amazon S3 Signature V4 support
diff --git a/requirements.txt b/requirements.txt
index 4c0edf3c..6a938364 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,4 +1,4 @@
-swift>=2.13.0
+swift>=2.14.0
 lxml
 requests!=2.9.0,>=2.8.1 # Apache-2.0
 six>=1.9.0
diff --git a/tox.ini b/tox.ini
index a063b2e5..057449d7 100644
--- a/tox.ini
+++ b/tox.ini
@@ -7,10 +7,10 @@ skipsdist = True
 whitelist_externals =/bin/bash
 usedevelop = True
 install_command = {toxinidir}/tools/tox_install.sh {opts} {packages}
-# swift stable/ocata (about 2.13.0) from openstack.org
+# swift stable/pike (about 2.15.1) from openstack.org
 deps =
   -r{toxinidir}/test-requirements.txt
-  http://tarballs.openstack.org/swift/swift-stable-ocata.tar.gz
+  http://tarballs.openstack.org/swift/swift-stable-pike.tar.gz
 commands = nosetests {posargs:swift3/test/unit}
 setenv = VIRTUAL_ENV={envdir}
          NOSE_WITH_OPENSTACK=1