summaryrefslogtreecommitdiffstats
path: root/keystone-moon/releasenotes/notes
diff options
context:
space:
mode:
Diffstat (limited to 'keystone-moon/releasenotes/notes')
-rw-r--r--keystone-moon/releasenotes/notes/.placeholder0
-rw-r--r--keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml19
-rw-r--r--keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml21
-rw-r--r--keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml31
4 files changed, 71 insertions, 0 deletions
diff --git a/keystone-moon/releasenotes/notes/.placeholder b/keystone-moon/releasenotes/notes/.placeholder
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/.placeholder
diff --git a/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml b/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
new file mode 100644
index 00000000..0c1c4f11
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
@@ -0,0 +1,19 @@
+---
+other:
+ - Running keystone in eventlet remains deprecated and will be removed in the
+ Mitaka release.
+ - Using LDAP as the resource backend, i.e for projects and domains, is now
+ deprecated and will be removed in the Mitaka release.
+ - Using the full path to the driver class is deprecated in favor of using
+ the entrypoint. In the Mitaka release, the entrypoint must be used.
+ - In the [resource] and [role] sections of the ``keystone.conf`` file, not
+ specifying the driver and using the assignment driver is deprecated. In
+ the Mitaka release, the resource and role drivers will default to the SQL
+ driver.
+ - In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
+ favor of the "use" directive, specifying an entrypoint.
+ - Not specifying a domain during a create user, group or project call, which
+ relied on falling back to the default domain, is now deprecated and will
+ be removed in the N release.
+ - Certain deprecated methods from the assignment manager were removed in
+ favor of the same methods in the [resource] and [role] manager.
diff --git a/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml b/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
new file mode 100644
index 00000000..06e1db2c
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
@@ -0,0 +1,21 @@
+---
+features:
+ - >
+ **Experimental** - Domain specific configuration options can be stored in
+ SQL instead of configuration files, using the new REST APIs.
+ - >
+ **Experimental** - Keystone now supports tokenless authorization with
+ X.509 SSL client certificate.
+ - Configuring per-Identity Provider WebSSO is now supported.
+ - >
+ ``openstack_user_domain`` and ``openstack_project_domain`` attributes were
+ added to SAML assertion in order to map user and project domains,
+ respectively.
+ - The credentials list call can now have its results filtered by credential
+ type.
+ - Support was improved for out-of-tree drivers by defining stable driver
+ interfaces.
+ - Several features were hardened, including Fernet tokens, federation,
+ domain specific configurations from database and role assignments.
+ - Certain variables in ``keystone.conf`` now have options, which determine
+ if the user's setting is valid.
diff --git a/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml b/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
new file mode 100644
index 00000000..be8282ce
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
@@ -0,0 +1,31 @@
+---
+upgrade:
+ - The EC2 token middleware, deprecated in Juno, is no longer available in
+ keystone. It has been moved to the keystonemiddleware package.
+ - The ``compute_port`` configuration option, deprecated in Juno, is no longer
+ available.
+ - The XML middleware stub has been removed, so references to it must be
+ removed from the ``keystone-paste.ini`` configuration file.
+ - stats_monitoring and stats_reporting paste filters have been removed, so
+ references to it must be removed from the ``keystone-paste.ini``
+ configuration file.
+ - The external authentication plugins ExternalDefault, ExternalDomain,
+ LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
+ longer available.
+ - The ``keystone.conf`` file now references entrypoint names for drivers.
+ For example, the drivers are now specified as "sql", "ldap", "uuid",
+ rather than the full module path. See the sample configuration file for
+ other examples.
+ - We now expose entrypoints for the ``keystone-manage`` command instead of a
+ file.
+ - Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
+ Only upgrades are supported.
+ - Features that were "extensions" in previous releases (OAuth delegation,
+ Federated Identity support, Endpoint Policy, etc) are now enabled by
+ default.
+ - A new ``secure_proxy_ssl_header`` configuration option is available when
+ running keystone behind a proxy.
+ - Several configuration options have been deprecated, renamed, or moved to
+ new sections in the ``keystone.conf`` file.
+ - Domain name information can now be used in policy rules with the attribute
+ ``domain_name``.