From 7a5a0e4df646d46476ec7a9fcdedd638e8781f6e Mon Sep 17 00:00:00 2001
From: asteroide <thomas.duval@orange.com>
Date: Wed, 2 Dec 2015 09:49:33 +0100
Subject: Update keystone to the branch stable/liberty.

Change-Id: I7cce62ae4b4cbca525a7b9499285455bdd04993e
---
 keystone-moon/releasenotes/notes/.placeholder      |  0
 .../notes/deprecations-c4afc19dc5324b9c.yaml       | 19 +++++++++++++
 .../notes/new_features-e33d793d8a5ca76a.yaml       | 21 +++++++++++++++
 .../notes/upgrade_notes-ca81f5d531ab3522.yaml      | 31 ++++++++++++++++++++++
 4 files changed, 71 insertions(+)
 create mode 100644 keystone-moon/releasenotes/notes/.placeholder
 create mode 100644 keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
 create mode 100644 keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
 create mode 100644 keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml

(limited to 'keystone-moon/releasenotes/notes')

diff --git a/keystone-moon/releasenotes/notes/.placeholder b/keystone-moon/releasenotes/notes/.placeholder
new file mode 100644
index 00000000..e69de29b
diff --git a/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml b/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
new file mode 100644
index 00000000..0c1c4f11
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
@@ -0,0 +1,19 @@
+---
+other:
+  - Running keystone in eventlet remains deprecated and will be removed in the
+    Mitaka release.
+  - Using LDAP as the resource backend, i.e for projects and domains, is now
+    deprecated and will be removed in the Mitaka release.
+  - Using the full path to the driver class is deprecated in favor of using
+    the entrypoint. In the Mitaka release, the entrypoint must be used.
+  - In the [resource] and [role] sections of the ``keystone.conf`` file, not
+    specifying the driver and using the assignment driver is deprecated. In
+    the Mitaka release, the resource and role drivers will default to the SQL
+    driver.
+  - In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
+    favor of the "use" directive, specifying an entrypoint.
+  - Not specifying a domain during a create user, group or project call, which
+    relied on falling back to the default domain, is now deprecated and will
+    be removed in the N release.
+  - Certain deprecated methods from the assignment manager were removed in
+    favor of the same methods in the [resource] and [role] manager.
diff --git a/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml b/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
new file mode 100644
index 00000000..06e1db2c
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
@@ -0,0 +1,21 @@
+---
+features:
+  - >
+    **Experimental** - Domain specific configuration options can be stored in
+    SQL instead of configuration files, using the new REST APIs.
+  - >
+    **Experimental** - Keystone now supports tokenless authorization with
+    X.509 SSL client certificate.
+  - Configuring per-Identity Provider WebSSO is now supported.
+  - >
+    ``openstack_user_domain`` and ``openstack_project_domain`` attributes were
+    added to SAML assertion in order to map user and project domains,
+    respectively.
+  - The credentials list call can now have its results filtered by credential
+    type.
+  - Support was improved for out-of-tree drivers by defining stable driver
+    interfaces.
+  - Several features were hardened, including Fernet tokens, federation,
+    domain specific configurations from database and role assignments.
+  - Certain variables in ``keystone.conf`` now have options, which determine
+    if the user's setting is valid.
diff --git a/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml b/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
new file mode 100644
index 00000000..be8282ce
--- /dev/null
+++ b/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
@@ -0,0 +1,31 @@
+---
+upgrade:
+  - The EC2 token middleware, deprecated in Juno, is no longer available in
+    keystone. It has been moved to the keystonemiddleware package.
+  - The ``compute_port`` configuration option, deprecated in Juno, is no longer
+    available.
+  - The XML middleware stub has been removed, so references to it must be
+    removed from the ``keystone-paste.ini`` configuration file.
+  - stats_monitoring and stats_reporting paste filters have been removed, so
+    references to it must be removed from the ``keystone-paste.ini``
+    configuration file.
+  - The external authentication plugins ExternalDefault, ExternalDomain,
+    LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
+    longer available.
+  - The ``keystone.conf`` file now references entrypoint names for drivers.
+    For example, the drivers are now specified as "sql", "ldap", "uuid",
+    rather than the full module path. See the sample configuration file for
+    other examples.
+  - We now expose entrypoints for the ``keystone-manage`` command instead of a
+    file.
+  - Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
+    Only upgrades are supported.
+  - Features that were "extensions" in previous releases (OAuth delegation,
+    Federated Identity support, Endpoint Policy, etc) are now enabled by
+    default.
+  - A new ``secure_proxy_ssl_header`` configuration option is available when
+    running keystone behind a proxy.
+  - Several configuration options have been deprecated, renamed, or moved to
+    new sections in the ``keystone.conf`` file.
+  - Domain name information can now be used in policy rules with the attribute
+    ``domain_name``.
-- 
cgit 1.2.3-korg