Victoria Series Release Notes¶
17.5.0-2¶
Security Issues¶
Content of fernet keys and credential keys are now hidden from output, when these files are updated.
17.5.0¶
New Features¶
Adding the following configurable items for OpenID:
keystone::federation::openidc::openidc_pass_userinfo_as
to setOIDCPassUserInfoAs
keystone::federation::openidc::openidc_pass_claim_as
to setOIDCPassClaimsAs
Add TLS options to oslo.cache
The
keystone::federation::ipenidc
class now supports the newopenidc_response_mode
parameter, to customize mod_auth_openidc response mode.
17.3.0¶
New Features¶
Added the service_type parameter to keystone::resource::authtoken resource. This value should be set to the name or type of the service as it appears in the service catalog. This is used to validate tokens that have restricted access rules.
Add mysql_enable_ndb parameter to select mysql storage engine.
Allow to specify drivername for postgres db
Upgrade Notes¶
The deprecated cache related parameters in the keystone class is removed and the keystone::cache is no longer included by default. Deployments should explicitly include the keystone::cache class.
The deprecated parameters validate, admin_token, admin_endpoint, retries, delay, insecure and cacert in keystone::service is removed.
The deprecated parameters admin_bind_host, public_bind_host, admin_port, public_port, admin_workers and public_workers in the keystone init class is removed.
The deprecated parameters admin_port and main_port in the classes keystone::federation::mellon and keystone::federation::shibboleth is removed.
The deprecated parameter database_min_pool_size is removed in the keystone init class and keystone::db class.
The deprecated validate_service, validate_insecure, validate_auth_url and validate_cacert parameters in the keystone class is removed.
The deprecated parameter token_driver in keystone init class is removed.
Deprecation Notes¶
The
keystone::resource::service_identity::ignore_default_tenant
parameter has been deprecated and will be removed in a future. Actually this parameter has been ineffective for some releases.
Bug Fixes¶
The
default/public_endpiint
parameter is no longer set by default because of known issue with different hosts/protocol used for each endpoints (especially for admin endpoint and public endpoint)
17.2.0¶
New Features¶
The new
keystone::cron::trust_flush
class was added to configure a cron job to purge expired or soft-deleted trusts.
Upgrade Notes¶
The following deprecated options for PKI token have been removed.
keystone::cache_dir
keystone::resource::authtoken::hash_algorithms
keystone::resource::authtoken::check_revocations_for_cached
The classes keystone::endpoint and keystone::roles::admin is removed, use the new keystone::bootstrap class directly.
The password parameter in keystone::bootstrap is required and does not default to undef.
The deprecated parameters admin_token, admin_password and enable_bootstrap in the keystone class is removed.
Deprecation Notes¶
The
keystone::cron::token_flush
class has been deprcated and has no effect.
The use of keystone-public-keystone-admin for the keystone service name is deprecated, please use simply keystone instead.
The
keystone::federation::mellon::trusted_dashboards
has been removed.
Bug Fixes¶
Fixed a bug where the keystone::resource::authtoken resource would not install the proper python memcache bindings when using python3.