Newton Series Release Notes

4.6.0

Prelude

  • Add the X_IS_ADMIN_PROJECT header.

New Features

  • [bug 1583690] For services such as Swift, which may not be utilising oslo_config, we need to be able to determine the project name from local config. If project name is specified in both local config and oslo_config, the one in local config will be used instead. In case project is undetermined (i.e. not set), we use taxonomy.UNKNOWN as an indicator so operators can take corrective actions.

  • [bug 1540115] Optional dependencies can now be installed using extras. To install audit related libraries, use pip install keystonemiddleware[audit_nofications]. Refer to keystonemiddleware documentation for further information.

  • Added the X_IS_ADMIN_PROJECT header to authenticated headers. This has the string value of ‘True’ or ‘False’ and can be used to enforce admin project policies.

Bug Fixes

  • [bug 1583699] Some service APIs (such as Swift list public containers) do not require a token. Therefore, there will be no identity or service catalogue information available. In these cases, audit now fills in the default (i.e. taxonomy.UNKNOWN) for both initiator and target instead of raising an exception.

  • [bug 1583702] Some services such as Swift does not use Oslo (global) config. In that case, the options are conveyed via local config. This patch utilized an established pattern in auth_token middleware, which is to first look for the given option in local config, then Oslo global config.

4.5.0

New Features

  • [bug 1544840] Adding audit middleware specific notification related configuration to allow a different notification driver and transport for audit if needed.

  • A new configuration option for the s3token middleware called auth_uri can be used to set the URI to be used for authentication. This replaces auth_host, auth_port, and auth_protocol.

Deprecation Notes

  • The auth_host, auth_port, and auth_protocol configuration options to the s3token middleware are now deprecated.