2023.2 Series Release Notes¶
17.0.0¶
Prelude¶
This version adds support to the secret consumers and microversions functionalities. The detailed secret consumers specification can be found on <https://specs.openstack.org/openstack/barbican-specs/specs/train/secret-consumers.html>. Microversions allow clients to interact with Barbican server to gather information on minimum and maximum versions supported by the server. More information can be found on <https://docs.openstack.org/barbican/latest/api/microversions.html>.
新特性¶
The secret consumers functionality allows other OpenStack projects, such as Cinder and Glance, to name a few, to register consumers of secrets. This is useful when a project wants to make an end user aware that it is using the secret.
Secret consumers do not block the secret to be deleted by the end user though. When an end user needs to delete a secret that has consumers, it can simply do it. However, deletion of secrets with consumers must be forced using a corresponding parameter, either in the client's CLI or in the client's API.
Microversions enable clients to do a server supported version discovery, allowing old clients (not supporting the feature) to interact with newer servers.
Security Issues¶
Fixed Story #2010258: Fixes a security vulnerability where the contents of a request query string were mistakenly being used in the RBAC policy engine.
System scope has been removed from the RBAC policies as specified in the Consistent and Secure Default RBAC community goal. See: https://governance.openstack.org/tc/goals/selected/consistent-and-secure-rbac.html APIs that required system scoped tokens can now be accessed by using a project scoped token with the "admin" role.