SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for openstack-keystone-9.3.1~a0~dev1-73.1.noarch.rpm :
Fri Feb 3 13:00:00 2017 cloud-develAATTsuse.de
- Update to version keystone-9.3.1.dev1:

* Prepare for using standard python tests
9.3.0

Sat Jan 28 13:00:00 2017 cloud-develAATTsuse.de
- Update to version keystone-9.2.1.dev9:

* Catch potential SyntaxError in federation mapping

Fri Jan 27 13:00:00 2017 cloud-develAATTsuse.de
- Update to version keystone-9.2.1.dev8:

* Enhance federation group mapping validation

* Add mapping validation tests

* Make bootstrap idempotent when it needs to be

Wed Jan 4 13:00:00 2017 cloud-develAATTsuse.de
- Update to version keystone-9.2.1.dev5:

* Expose idempotency issue with bootstrap

Wed Dec 14 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.2.1.dev4:

* Update constraints in tox.ini

Fri Oct 7 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.2.1.dev3:

* Verify domain_id when get_domain is being called

* Consistently round down timestamps
9.2.0

Fri Sep 23 14:00:00 2016 dmuellerAATTsuse.com
- fix tmpfiles dir config

Tue Sep 20 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev8:

* Distributed cache namespace to invalidate regions

Fri Aug 26 14:00:00 2016 aplanasAATTsuse.com
- Revert generate PID file for systemd (bsc#991985)

Tue Aug 23 14:00:00 2016 aplanasAATTsuse.com
- Generate PID file for systemd (bsc#991985)

Sat Aug 20 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev7:

* Add dummy domain_id column to cached role

Thu Aug 18 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev6:

* Fix the username value in federated tokens

Thu Jul 28 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev4:

* Change LocalUser sql model to eager loading

Tue Jul 12 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev3:

* /services?name= API fails when using list_limit

* Bootstrap: enable and reset password for existing users

Sat Jul 9 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.1.1.dev1:

* Handle catalog backends that don\'t support all functions
9.1.0

Wed Jun 29 14:00:00 2016 jsuchomeAATTsuse.com
- Add systemd service macros (bnc#986415)
systemd v228 has a separate generator for generating the service
files from the init scripts, and daemon-reload is needed during
package installation

Fri Jun 24 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.3.dev9:

* Correct domain_id and name constraint dropping

Sun Jun 12 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.3.dev8:

* Updated from global requirements

Sat Jun 11 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.3.dev6:

* Honor ldap_filter on filtered group list

Fri Jun 10 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.3.dev4:

* Return 404 instead of 401 for tokens w/o roles

* Revert to caching fernet tokens the same way we do UUID

Sat May 28 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.3.dev1:

* Honor ldap_filter on filtered user list
9.0.2

Thu May 26 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.2.dev1:

* Fix post jobs
9.0.1

* Updated from global requirements

* Remove test_invalid_policy_raises_error

* Allow \'domain\' property for local.group

* Add conflict validation for idp update

* Fix fernet audit ids for v2.0

* Make all fixture project_ids into uuids

* Imported Translations from Zanata

* Keystone jobs should honor upper-constraints.txt

* Updated from global requirements

Sun Apr 17 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.1.dev9:

* Fix KeyError when rename to a name is already in use

Sat Apr 16 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.1.dev7:

* Imported Translations from Zanata

* Set the values for the request_local_cache

Fri Apr 15 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.1.dev4:

* Fix totp test fails randomly

Wed Apr 13 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.1.dev3:

* Fixes bug where the updated federated display_name is not returned

* test REMOTE_USER does not authenticate

* Doc - Detailing objects\' attributes available for policy.json

* Sync oslo-incubator rpc module

* Rename requires files to standard names

* Fix test coverage for v2 scoped auth xml response (bug 1160504)

* add --config-dir=DIR for keystone-all option

* Add --config-dir=DIR in OPTIONS

* Files for Apache-HTTPD

* Bug #907521. Changes to support get roles by service

* Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here: https://github.com/ziadsawalha/keystone/commits/tests

* Fixed bug 905422. Swift caching should work again. Also fixed a few other minor syntactical stuff

* Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file

* Bug #854104 - Changes to allow admin url to be shown only for admin users. - Additional test asserts to verify

* X.509 client authentication with Keystone. Implements blueprint 2-way-ssl

* Fixing bug 859937. Removing incorrect atom feed references from roles.xsd

* Updating legacy auth translation to 2.0 (bug #863661)

* Fix invocations of TemplateError. This exception takes precisely three parameters, so I\'ve added a fake location (0, 0) to keep it happy

* Dev guide rebuild and minor fixes

* Port of glance-control to keystone. This will make writing certain keystone integration functional tests a little easier to do

* Committer: Joe Savak

* Added automatic test discovery to unit tests and removed all dead tests

* #16 Changes to remove unused group clls

* (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/

* Name changes BaseURLRefs to EndPoints and BaseURLs to EndpointTemplates

* Name changes BaseURLRefs to EndPoints and BaseURLs to EndpointTemplates

* Mae Pylintrc, reordered imports made pep8 of the files

* Added as per HACKING Files

* Modified server.py tenant group URL to fix failing test cases

* Added missing tests, mad e enable and disable password work

* Renamed to server.py and added top dir in config

* Added the keystone top dir in configuration

Fri Apr 8 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.1.dev2:

* Imported Translations from Zanata
9.0.0

Thu Apr 7 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc4.dev1:

* Imported Translations from Zanata
9.0.0.0rc3

Wed Apr 6 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc3.dev1:

* Update federated user display name with shadow_users_api
9.0.0.0rc2

Sat Apr 2 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev16:

* Correct `role_name` constraint dropping

Thu Mar 31 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev15:

* Imported Translations from Zanata

Wed Mar 30 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev14:

* Imported Translations from Zanata

* Correct test to support changing N release name

Tue Mar 29 14:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev10:

* Fix keystone-manage config file path

Sat Mar 26 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev9:

* Imported Translations from Zanata

Fri Mar 25 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev8:

* Imported Translations from Zanata

Thu Mar 24 13:00:00 2016 tbechtoldAATTsuse.com
- Switch to stable/mitaka branch

Thu Mar 24 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev18:

* Correct test to support changing N release name

* Fix test_add_int_pkey_to_revocation_event_table for MySQL

* Implement HEAD method for all v3 GET actions

Tue Mar 22 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev12:

* Add test for domains list filtering and limiting

Sat Mar 19 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev10:

* Add release note for list_limit support

* Cleanup migration tests

* Imported Translations from Zanata

* add placeholder migrations for mitaka

Fri Mar 18 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev3:

* Enables the notification tests in py3

Thu Mar 17 13:00:00 2016 tbechtoldAATTsuse.com
- Adjust Requires

Thu Mar 17 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0rc2.dev1:

* Update reno for stable/mitaka
9.0.0.0rc1

* Support `id` and `enabled` attributes when listing service providers

* Check for already present user without inserting in Bootstrap

* Mapping which yield no identities should result in ValidationError

* Make backend filter testing more comprehensive

* Change xrange to range for python3 compatibility

* Remove reference to keystoneclient CLI

* Document running in uwsgi proxied by apache

* Imported Translations from Zanata

* Fixed user in group participance

Wed Mar 16 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b4.dev121:

* Updating sample configuration file

* Correct Hints class filter documentation

* Release note cleanup

* Remove unused notification method and class

* Consolidate AATTnotifications.internal into Audit

* Remove some translations

* Add auto-increment int primary key to revoke.backends.sql

Tue Mar 15 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b4.dev107:

* Update reported version for Mitaka

* Add docs for additional bootstrap endpoint parameters

* Remove TestFernetTokenProvider

Mon Mar 14 13:00:00 2016 tbechtoldAATTsuse.com
- Update to version keystone-9.0.0.0b4.dev102:

* Imported Translations from Zanata

* Imported Translations from Zanata

* register the config generator default hook with the right name

* Imported Translations from Zanata

* Rename v2 token schema used for validation

* Migrate_repo init version helper

* Refactor TestFernetTokenProvider trust-scoped tests

* Refactor TestFernetTokenProvider project-scoped tests

* Refactor TestFernetTokenProvider domain-scoped tests

* Refactor TestFernetTokenProvider unscoped token tests

* Fixing mapping schema to allow local user

* Fix keystone-manage example command path

* Add PKIZ coverage to trust tests

* Consolidate TestTrustRedelegation and TestTrustAuth tests

* Split out domain config driver and manager tests

* Add notifications to user/group membership

* Add ability to send notifications for actors

* Updated from global requirements

* Remove foreign assignments when deleting a domain

* Correct create_project driver versioning

* Explicitly exclude tests from bandit scan

* Move role backend tests

* v2 tokens validated on the v3 API are missing timezones

* Move domain config backend tests

* Validate v2 fernet token returns extra attributes

* Clarify virtualenv setup in developer docs

* Fixes a few LDAP tests to actually run

* Imported Translations from Zanata

* Un-wrap function

* Fix warning when running tox

* Race condition in keystone domain config

* Adding \'domain_id\' filter to list_user_projects()

* Add identity endpoint creation to bootstrap

* Updated from global requirements

* Remove _disable_domain from the resource API

* Remove _disable_project from the resource API

* Remove the notification.disabled decorator

* Remove unused notification decorators

* Cleanup from from split of token backend tests

* Split identity backend tests

* Split policy backend tests

* Split catalog backend tests

* Split trust backend tests

* Split token backend tests

* Split resource backend tests

* Split assignment backend tests

* Updated from global requirements

* Consolidate configuration default overrides

* Updating sample configuration file

* IPV6 test unblacklist

* Fix trust chain tests
9.0.0.0b3

* Minor edits to the developing doc

* Add release notes for projects acting as domains

* Fix keystone.common.wsgi to explicitly use bytes

* fix sample config link that 404s

* add hints to list_services for templated backend

* Fixes hacking for Py3 tests

* Fixes to get cert tests running in Py3

* Fixes the templated backend tests for Python3

* remove pyc files before running tests

* Stop using oslotest.BaseTestCase

* Return 404 instead of 401 for tokens w/o roles

* Remove unused domain driver method in legacy wrapper

* Deprecate domain driver interface methods

* Fix the migration issue for the user doesn\'t have a password

* Add driver details in architecture doc

* Shadow users - Shadow federated users

* Projects acting as domains

* Update developer docs for ubuntu 15.10

* Moved CORS middleware configuration into oslo-config-generator

* V2 operations create default domain on demand

* Make keystone tests work on leap years

* Updating sample configuration file

* Fix doc build warnings

* Enable LDAP connection pooling by default

* Delay using threading.local() to fix check job failure

* Minor edits to the installation doc

* Minor edits to the configuration doc

* Minor community doc edits

* Updated from global requirements

* Followup for LDAP removal

* Remove get_session and get_engine

* No more legacy engine facade in tests

* Use requst local in-process cache per request

* Move admin_token_auth before build_auth_context in sample paste.ini

* Update default domain\'s description

* Reference config values at runtime

* Use the new enginefacade from oslo.db

* Updated from global requirements

* Fix incorrect assumption when deleting assignments

* Remove migration_helpers.get_default_domain

* db_sync doesn\'t create default domain

* Implied roles index with cascading delete

* Fix project-related forbidden response messages

* Fixes a bug when setting a user\'s password to null

* Renamed TOTP passcode generation function

* Updates TOTP release note

* Simplify use of secure_proxy_ssl_header

* Shadow users - Separate user identities

* Switch to configless bandit

* Parameter to return audit ids only in revocation list

* Add tests for fetching the revocation list

* Updating sample configuration file

* Deprecate logger.WritableLogger

* Removing H405 violations from keystone

* Updated from global requirements

* Updated from global requirements

* Updating sample configuration file

* Remove useless {} from __table_args__

* Time-based One-time Password

* Fix inconsistencies between Oauth1DriverV8 interface and driver

* Oauth1 manager sets consumer secret

* Remove setting class variable

* Allow user list without specifying domain

* Adds user_description_attribute mapping support to the LDAP backend

* encode user id for notifications

* Add back a bandit tox job

* Enable support for posixGroups in LDAP

* Add is_domain filter to v3 list_projects

* Add tests in preparation of projects acting as a domain

* Avoid using `len(x)` to check if x is empty

* Use the driver to get limits

* Fallback to list_limit from default config

* Add list_limit to the white list for configs in db

* Updating sample configuration file

* handle unicode names for federated users

* Verify project unique constraints for projects acting as domains

* wsgi: fix base_url finding

* Disable Admin tokens set to None

* Modify rules for domain specific role assignments

* Modify implied roles to honor domain specific roles

* Modify rules in the v3 policy sample for domain specifc roles

* Re-enable and undeprecate admin_token_auth

* Don\'t describe trusts as an extension in configuration doc

* Tidy up configuration documentation for inherited assignments

* Clean up configuration documentataion on v2 user CRUD

* Allow project domain_id to be nullable at the manager level

* Trivial: Cleanup unused conf variables

* Updating sample configuration file

* Updating sample configuration file

* Fixes parameter in duplicate project name creation

* Fix terms from patch 275706

* sensible default for secure_proxy_ssl_header

* Restricting domain_id update

* Allow project_id in catalog substitutions

* Avoid `None` as a redundant argument to dict.get()

* Avoid \"non-Pythonic\" method names

* Manager support for project cascade update

* Updating sample configuration file

* Expand implied roles in trust tokens

* add a test that uses trusts and implies roles

* Updating sample configuration file

* Convert assignment.root_role config option to list of strings

* Avoid wrong deletion of domain assignments

* Manager support for project cascade delete

* AuthContextMiddleware admin token handling

* Deprecate admin_token_auth

* Adds better logging to the domain config finder

* Extracts logic for finding domain configs

* Fix nits from domain specific roles CRUD support

* Change get_project permission

* Updated from global requirements

* Enables token_data_helper tests for Python3

* Stop using nose as a Python3 test runner

* Fix release note of removal of v2.0 trusts support

* Remove PostParams middleware

* Updated from global requirements

* Moves policy setup into a fixture

* Make pep8
*the
* linting interface

* Added tokenless auth headers to CORS middleware

* Add backend support for deleting a projects list

* Make fernet work with oauth1 authentication

* Consolidate the fernet provider validate_v2_token()

* Remove support for trusts in v2.0

* Add CRUD support for domain specific roles

* Added CORS support to Keystone

* Deprecate Saml2 auth plugin

* Uses open context manager for templated catalogs

* Disable the ipv6 tests in py34

* Missing \'region\' in service and \'name\' in endpoint for EndpointFilterCatalog

* Small typos on the ldap.url config option help

* Replace exit() with sys.exit()

* include sample config file in docs

* Fixes a language issue in a release note

* Imported Translations from Zanata

* Updated from global requirements

* Support multiple URLs for LDAP server

* Set deprecated_reason on deprecated config options

* Move user and admin crud to core

* squash migrations - kilo

* Adds validation negative unit tests

* Use oslo.log specified method to set log levels

* Add RENO update for simple_cert_extension deprecation

* Opt-out certain Keystone Notifications

* Update the home page

* Release notes for implied roles

* deprecate pki_setup from keystone-manage

* test_credential.py work with python34

* Consolidate `test_contrib_ec2.py` into `test_credential.py`

* Reinitialize the policy engine where it is needed

* Provide an error message if downgrading schema

* Updated from global requirements

* Consolidate the fernet provider issue_v2_token()

* Consolidate the fernet provider validate_v3_token()

* Add tests for role management with v3policy file

* Fix some word spellings

* Make WebSSO trusted_dashboard hostname case-insensitive

* Deprecate simple_cert extension

* Do not assign admin to service users

* Add in TRACE logging for the manager

* Add schema for OAuth1 consumer API

* Correct docstrings

* Remove un-used test code

* Raise more precise exception on keyword mapping errors

* Allow \'_\' character in mapping_id value

* Implied Roles API

* Revert \"Unit test for checking cross-version migrations compatibility\"

* replace tenant with project in cli.py

* Fix schema validation to use JSONSchema for empty entity

* Replace tenant for project in resource files

* Reuse project scoped token check for trusts

* Add checks for project scoped data creep to tests

* Add checks for domain scoped data creep

* Use the oslo.utils.reflection to extract the class name

* Test hyphens instead of underscores in request attributes

* Simplify admin_required policy

* Add caching to role assignments

* Enable bandit tests

* Update bandit.yaml

* Enhance manager list_role_assignments to support group listing

* remove KVS backend for keystone.contrib.revoke

* Fix trust redelegation and associated test

* use self.skipTest instead of self.skip

* Removed deprecated revoke KVS backend

* Revert \"skip test_get_token_id_error_handling to get gate passing\"

* Updated from global requirements

* Updated from global requirements

* skip test_get_token_id_error_handling to get gate passing

* Ensure pycadf initiator IDs are UUID

* Check for circular references when expanding implied roles

* Improves domain name case sensitivity tests

* Fixes style issues in a v2 controller tests

* Prevents creating is_domain=True projects in v2

* Refactors validation tests to better see the cases

* Remove keystone/common/cache/_memcache_pool.py

* Update mod_wsgi + cache config docs

* Address comments from Implied Role manager patch

* Fix nits in include names patch

* Unit test for checking cross-version migrations compatibility

* Online schema migration documentation

* Updated from global requirements

* Remove additional references to ldap role attribs

* Remove duplicate LDAP test class

* Remove more ldap project references
9.0.0.0b2

* Add testcases to check cache invalidation

* Fix typo abstact in comments

* deprecate write support for identity LDAP

* Deprecate `hash_algorithm` config option

* Mark memcache and memcache_pool token deprecated

* List assignments with names

* Remove LDAP Role Backend

* Remove LDAP Resource and LDAP Assignment backends

* Removes KVS catalog backend

* Fix docstring

* Strengthen Mapping Validation in Federation Mappings

* Add checks for token data creep using jsonschema

* Deprecating API v2.0

* Implied roles driver and manager

* Add support for strict url safe option on new projects and domains

* Remove bandit tox environment

* Add linters environment, keep pep8 as alias

* Make sure the assignment creation use the right arguments

* Fix indentation for oauth context

* Imported Translations from Zanata

* document the bootstrapping process

* Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10

* Updated from global requirements

* Enable `id`, `enabled` attributes filtering for list IdP API

* Improve Conflict error message in IdP creation

* Fedora link is too old and so updated with newer version

* Support the reading of default values of domain configuration options

* Correct docstrings for federation driver interface

* Update v3policysample tests to use admin_project not special domain_id

* Enable limiting in ldap for groups

* Enable limiting in ldap for users

* Doc FIX

* Store config in drivers and use it to get list_limit

* Add asserts for service providers

* Fix incorrect signature in federation legacy V8 wrapper

* Tidy up release notes for V9 drivers

* Adds an explicit utils import in test_v3_protection.py

* Refactor test auth_plugin config into fixture

* Create V9 version of resource driver interface

* Updated from global requirements

* Separate trust crud tests from trust auth tests

* Delete checks for default domain delete

* correct help text for bootstrap command

* Replace unicode with six.text_type

* Escape DN in enabled query

* Test enabled emulation with special user_tree_dn

* SQL migrations for implied roles

* Revert \"Validate domain ownership for v2 tokens\"

* Use assertIn to check if collection contains value

* Updated from global requirements

* Perform middleware tests with webtest

* De-duplicate fernet payload tests

* Reference driver methods through the Manager

* Fix users in group and groups for user exact filters

* Expose defect in users_in_group, groups_for_user exact filters

* Replace deprecated library function os.popen() with subprocess

* OAuth1 driver doesnt inherit its interface

* Update man pages with Mitaka version and dates

* Fixes hacking logger test cases to use same base

* Adds a hacking check looking for Logger.warn usage

* Change LOG.warn to LOG.warning

* Remove redundant check after enforcing schema validation

* Create V9 version of federation driver interface

* Expose method list inconsistency in federation api

* Correct DN/encoding in test

* Add audit IDs to revocation events

* Adds a base class for functional tests

* Create neutron service in sample_data.sh

* refactor: Remove unused test method

* Fix test_crud_user_project_role_grants

* Update sample catalog templates

* Wrong usage of \"an\"
- Adjust Requires and BuildRequires
- Fix demo certificate creation

Fri Jan 8 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev188:

* remove irrelevant parenthesis

* Cleanup tox.ini py34 test list

* Some small improvements on fernet uuid handling

* Deprecated tox -downloadcache option removed

* Add `type\' filter for list_credentials_for_user

* Remove comments on enforcing endpoints for trust

Thu Jan 7 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev176:

* Updating sample configuration file

* Do not use __builtin__ in python3

* Define paste entrypoints

* Add return value

* Wrong usage of \"an\"

* Make `bootstrap` idempotent

* fix reuse of variables

* Verify that attribute `enabled` equals True

* Correct SecurityError with unicode args

* Reject user creation using admin token without domain

* Config option for insecure responses

* Use oslo_config PortOpt support

Wed Jan 6 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev156:

* Add schema for federation protocol

* Test: make enforce_type=True in CONF.set_override

* Add schema for identity provider

* Fix the incompatible issue in response header

Tue Jan 5 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev148:

* Fix some inconsistency in docstrings

Sat Jan 2 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev146:

* Updated from global requirements

* Use [] where a field is required

Fri Jan 1 13:00:00 2016 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev143:

* Updating sample configuration file

* Use six.moves.reload_module instead of builtin reload

* Support url safe restriction on new projects and domains

Thu Dec 31 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev138:

* Correct fernet provider reference

Wed Dec 30 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev136:

* fix up release notes, file deprecations under right title

Tue Dec 29 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev134:

* Correct the class name of the V9 LDAP role driver

Sun Dec 27 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev133:

* Wrong usage of \"a/an\"

* Trival: Remove unused logging import

Fri Dec 25 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev130:

* Updating sample configuration file

* Fix pep8 job

Thu Dec 24 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev127:

* Fix 500 error when no fernet token is passed

* Fix multiline strings with missing spaces

* eventlet: handle system that misses TCP_KEEPIDLE

Wed Dec 23 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev122:

* Fixes kvs cache key mangling issue for Py3

* Updated from global requirements

* Update `developing.rst` to remove extensions stuff

* Add `keystone-manage bootstrap` command

Tue Dec 22 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev115:

* Updating sample configuration file

* Enable os_inherit of Keystone v3 API

* Normalize fernet payload disassembly

* Common arguments for fernet payloads assembly

* Fix use of TokenNotFound

Sat Dec 19 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev109:

* Fix key_repository_signature method for python3

* Fix defect in list_user_ids that only lists direct user assignments

* Show defect in list_user_ids that only lists direct user assignments

* Use list_role_assignments to get projects/domains for user

* Limiting for fake LDAP

* Handle fernet payload timestamp differences

* Fix fernet padding for python 3

Fri Dec 18 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev97:

* Use pip (and DevStack) instead of setuptools in docs

Thu Dec 17 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev95:

* Correct developer documentation on venv creation

* Updating sample configuration file

* Updated from global requirements

Wed Dec 16 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev90:

* Validate domain for DB-based domain config. CRUD

* Updated Cloudsample

* Verify that user is trustee only on issuing token

* Changed the key repo validation to allow read only

* Add API route for list role assignments for tree

* Add Trusts unique constraint to remove duplicates

Sat Dec 12 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev79:

* Clean up new_credential_ref usage and surrounding code

Fri Dec 11 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev78:

* Updating sample configuration file

* Updated from global requirements

* Make AATTtruncated common for all backends

* Fix exposition of bug about limiting with ldap

* Use assertDictEqual instead of assertEqualPolicies

* refactor: move the common code to manager layer

* Remove keystoneclient tests

* Ensure endpoints returned is filtered correctly

Thu Dec 10 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev63:

* Remove unfixable FIXME

* Use new_policy_ref consistently

* Create V9 Role Driver

* Create new version of assignment driver interface

* Remove invalid comment about LDAP domain support

* Pass dict into update() rather than
*
*kwargs

* Refactor test use of new_
*_ref

* Remove invalid TODO related to bug 1265071

* Deprecate the pki and pkiz token providers

* Refactor: Use Federation constants where possible

* Remove exposure of routers at package level

* Update docs for legacy keystone extensions

Wed Dec 9 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev40:

* Cleans up code for `is_admin` in tokens

* Deprecate ldap Role

* Update extensions links

* Improve comments in test_catalog

* Fix for GET project by project admin

* Updating sample configuration file

* Remove invalid TODO in extensions

* Refactor: Remove use of self where not needed

* Refactor: Move uncommon entities from setUp

* Split resource tests from assignment tests

* More useful message when using direct driver import

Mon Dec 7 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev19:

* Updated from global requirements

Sun Dec 6 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev18:

* Use subprocess.check_output instead of Popen

* Cleanup use of service refs

* Remove core module from the legacy endpoint_filter extension

Sat Dec 5 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev15:

* Remove invalid FIXME note

* Put py34 first in the env order of tox

* set `is_admin` on tokens for admin project

* Use unit.new_project_ref consistently

* Cleanup region refs

* Use new_trust_ref consistently

Fri Dec 4 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.0b2.dev7:

* Update API version info for Liberty

* remove version from setup.cfg
9.0.0.0b1

* Simplify LimitTests

Thu Dec 3 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev309:

* Add release notes for mitaka-1

* refactor: move variable to where it\'s needed

* Fix a typo in notifications function doc

* Optimize \"open\" method with context manager

Wed Dec 2 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev302:

* Reference environment close to use

* Remove RequestBodySizeLimiter from middleware

* force releasenotes warnings to be treated as errors

* Remove deprecated notification event_type

* Remove check_role_for_trust

Tue Dec 1 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev292:

* Needn\'t care about the sequence for cache validation

Mon Nov 30 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev290:

* Updated from global requirements

Fri Nov 27 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev289:

* Remove `extras` from token data

* Accepts Group IDs from the IdP without domain

Thu Nov 26 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev285:

* Correct docstring warnings

Wed Nov 25 13:00:00 2015 vuntzAATTsuse.com
- Set [catalog] driver to sql instead of
keystone.catalog.backends.sql.Catalog, as this old value is
deprecated.

Wed Nov 25 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev283:

* Correct RoleNotFound usage

* Remove example extension

* Updating sample configuration file

* Using the right format to render the docstring correctly

* Add release notes for mitaka thus far

* deprecate `enabled` option for endpoint-policy extension

* Rationalize list role assignment routing

* Fix string conversion in s3 handler for python 2

Tue Nov 24 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev269:

* Use idp_id and protocol_id in jsonhome

* Use standard credential_id parameter in jsonhome

Sun Nov 22 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev265:

* Updated from global requirements

Sat Nov 21 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev264:

* Minor cleanups for usage of group refs

Fri Nov 20 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev262:

* Manager support for projects acting as domains

Fri Nov 20 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev260:

* remove useless config option in endpoint filter

* Add missing colon separators to inline comments

* Enable listing of role assignments in a project hierarchy

* Capital letters

* remove use of magic numbers in sql migrate extension tests

Thu Nov 19 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev249:

* Updating sample configuration file

* Move endpoint_filter migrations into keystone core

* Move endpoint filter into keystone core

* Move revoke sql migrations to common

* Move revoke extension into core

* Move oauth1 sql migrations to common

* Move oauth1 extension into core

* Move federation sql migrations to common

* Move federation extension into keystone core

Thu Nov 19 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev232:

* Fix inaccurate debug mode response

* Use unit.new_user_ref consistently

* Add testcases to check cache invalidation in endpoint filter extension

* Fix the wrong method name

Wed Nov 18 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev224:

* Imported Translations from Zanata

* Updated from global requirements

* Exclude old Shibboleth options from docs

* Add S3 signature v4 checking

Tue Nov 17 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev216:

* Document release notes process

* Use new_service_ref instead of manually created dict

* Make K2K Mapping Attribute Examples more visible

Sun Nov 15 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev210:

* Updating sample configuration file

* change some punctuation marks

* Updated from global requirements

Sat Nov 14 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev205:

* Remove hardcoded LDAP group schema from emulated enabled mix-in

* Updated from global requirements

* Use new_domain_ref instead of manually created ref

* Use new_region_ref instead of manually created dict

* Use unit.new_group_ref consistently

* Use unit.new_role_ref consistently

* Move AuthContext middleware into its own file

* Fix some nits inside validation/config.py

Fri Nov 13 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev189:

* Use unit.new_domain_ref consistently

* Use unit.new_region_ref() consistently

* Use unit.new_service_ref() consistently

Thu Nov 12 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev186:

* Use unit.new_endpoint_ref consistently

* Use list_role_assignments to get assignments by role_id

* Pass kwargs when using revoke_api.list_events()

* Add reno for release notes management

* Add test for security error with no message

* Add exception unit tests with different message types

* Create tests for set_default_is_domain in LDAP

Tue Nov 10 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev172:

* Cleanup message handling in test_exception

Mon Nov 9 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev170:
8.0.0

* Ensure token validation works irrespective of padding

* Show v3 endpoints in v2 endpoint list

* Imported Translations from Zanata

* Skip rows with empty remote_ids

Sun Nov 8 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev232:

* Add Mapping Combinations for Keystone to Keystone Federation

* Remove manager-driver assignment metadata construct

* [rally] remove deprecated arg

Sat Nov 7 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev226:

* Keystone Spelling Errors in docstrings and comments

* Enable try_except_pass Bandit test

Fri Nov 6 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev222:

* Correct description in Keystone key_terms

* Imported Translations from Zanata

* Get user role without project id is not implemented

* Add caching to get_catalog

Thu Nov 5 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev216:

* Capitalize a Few Words

Wed Nov 4 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev214:

* update mailmap with gyee\'s new email

* Revert \"Added CORS support to Keystone\"

* Updated from global requirements

* Use assertTrue/False instead of assertEqual(T/F)

* I18n safe exceptions

Tue Nov 3 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev208:

* test_backend_sql work with python34

* Use assertTrue/False instead of assertEqual(T/F

Sat Oct 31 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev205:

* Fix the issues found with local conf

* Promote an arbitrary string to be a docstring

* Update Configuring Keystone doc for consistency

Fri Oct 30 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev199:

* Move endpoint_policy migrations into keystone core

* Fix D204: blank line required after class docstring (PEP257)

* Fix D202: No blank lines after function docstring (PEP257)

* Cleanup fernet validate_v3_token

Wed Oct 28 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev191:

* Fix docstring

* Fix D200: 1 line docstrings should fit with quotes (PEP257)

* Includes server_default option in is_domain column

Mon Oct 26 13:00:00 2015 bwiedemannAATTsuse.com
- require python-oslo.cache
- Update to version keystone-9.0.0.dev185:

* Comment spelling error in assignment.core file

* Fix exceptions to use correct titles

* Fix UnexpectedError exceptions to use debug_message_format

* Fix punctuation in doc strings

* Updating sample configuration file

* Explain default domain in docs for other services

* Correct bashate issues in gen_pki.sh

* Fix incorrect federated mapping example

* change stackforge url to openstack url

* Updated from global requirements

* Adds already passing tests to py34 run

* Allow the PBR_VERSION env to pass through tox

* Fix D210: No whitespaces allowed surrounding docstring text (PEP257)

* Fix D300: Use \"\"\"triple double quotes\"\"\" (PEP257)

* Fix D402: First line should not be the function\'s \"signature\" (PEP257)

* Fix D208: Docstring over indented. (PEP257)

* Add docstring validation

* Fix fernet key writing for python 3

* Update test modules passing on py34

* Updated from global requirements

* Forbid non-stripped endpoint urls

* fix deprecation warnings in cache backends

* Enable subprocess_without_shell_equals_true Bandit test

* Correct typo in copyright

* switch to oslo.cache

* Correct the filename

* Fix some nits in `configure_federation.rst`

* Remove unused code in domain config checking

Fri Oct 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev133:

* Updated from global requirements

* More info in RequestContext

Thu Oct 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev129:

* Updating sample configuration file

* Updated from global requirements

* keystone-paste.ini docs for deployers are out of date

* add placeholder migrations for liberty

* Remove bas64utils and tests

* Create a version package

* Refactor: Don\'t hard code 409 Conflict error codes

* add initiator to v2 calls for additional auditing

* Handle 16-char non-uuid user IDs in payload

* Fix the referred [app:app_v3] into [pipeline:api_v3]

Thu Oct 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev111:

* Remove oslo.policy implementation tests from keystone

Tue Oct 13 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev110:

* Refactor: change 403 status codes in test names

* Refactor: change 410 status codes in test names

* Refactor: change 400 status codes in test names

* Refactor: change 404 status codes in test names

Sun Oct 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev102:

* Expose 1501698 bug

Sat Oct 10 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev100:

* Updated from global requirements

* Imported Translations from Zanata

* Fixed missed translatable string inside exception

* Enable password_config_option_not_marked_secret Bandit test

Fri Oct 9 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev93:

* Additional documentation for services

* Rename fernet methods to match expiration timestamp

* Enable hardcoded_bind_all_interfaces Bandit test

* Reclassify get_project_by_name() controller method

* Deprecate httpd/keystone.py

* functional tests for keystone on subpaths

* Document httpd for accept on /identity, /identity_admin

Thu Oct 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev81:

* Updated from global requirements

* Documentation for other services

* Trivial fix of some typos found

* Filters is_domain=True in v2 get_project_by_name

* Add test case passing is_domain flag as False

* Ensure token validation works irrespective of padding

* Rename RestfulTestCase.v3_authenticate_token() to v3_create_token()

* Improving domain_id update tests

* Use deepcopy of mapping fixtures in tests

* Cleanup _build_federated_info

* Add LimitRequestBody to sample httpd config

* Remove unused get_user_projects()

* Add unit test for creating RequestContext

* Add user_domain_id, project_domain_id to auth context

* Add user domain info to federated fernet tokens

* Unit tests for fernet validate_v3_token

* Correct docstrings

Mon Oct 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev49:

* Imported Translations from Zanata

Sun Oct 4 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev48:

* Rename RestfulTestCase.v3_authenticate_token(

Sat Oct 3 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev47:

* Enable Bandit 0.13.2 tests

* Update bandit blacklist_imports config

Fri Oct 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev43:

* Replace sqlalchemy-migrate occurences from code.google to github

* Fix unreachable code in test_v3 module

* Show v3 endpoints in v2 endpoint list

* Make __all__ immutable

* Move development environment setup instructions to standard location

Thu Oct 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev33:

* Skip rows with empty remote_ids

* Fix order of arguments in assertDictEqual

* Update bandit blacklist_calls config

Tue Sep 29 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev27:

* Fix order of arguments in assertEqual

* Adds interface tests for timeutils

* Add unit tests for token_to_auth_context

Sun Sep 27 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev21:

* Updating sample configuration file

* Cleanup of Translations

* Imported Translations from Zanata

* Uses constants for 5XX http status codes in tests

* Fixes v3_authenticate_token calls - no default

* Fixes the way v3_admin is called to match its def

* Declares expected_status in method signatures

* Refactor: Don\'t hard code the error code

* Correct comment to not be driver-specific

* Fix typo in config help

Thu Sep 24 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev4:

* Use the correct import for range

Wed Sep 23 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-9.0.0.dev3:

* Updating sample configuration file
8.0.0.0rc1

* Open Mitaka development

* Bring bandit config up-to-date

* Update the examples used for the trusted_dashboard option

* Log message when debug is enabled

* Clean up bandit profiles

* federation.idp use correct subprocess

* Imported Translations from Zanata

* Relax newly imposed sql driver restriction for domain config

* Add documentation for configuring IdP WebSSO

Tue Sep 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev57:

* Change ignore-errors to ignore_errors

Mon Sep 21 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev56:

* Updated from global requirements

* check if tokenless auth is configured before validating

* Updated from global requirements

* Issue deprecation warning if domain_id not specified in create call

* Reject rule if assertion type unset

Thu Sep 17 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev48:

* Removed the extra http:// from JSON schema link

* Support project hierarchies in data driver tests

* Fix logging in federation/idp.py

Wed Sep 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev44:

* Updated from global requirements

* Update federation router with missing call

* Update man pages with liberty version and dates

Tue Sep 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev40:

* Refactor: Don\'t hard code the error code

* Move TestClient to test_versions

* Get method\'s class name in a python3-compatible way

* Use /auth/projects in tests

Sat Sep 12 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev34:

* Use oslo.log fixture

* Remove keystone/openstack/
* from coveragerc

* Do not revoke all of a user\'s tokens when a role assignment is deleted

* Handle tokens created and quickly revoked with insufficient timestamp precision

* Show that unscoped tokens are revoked when deleting role assignments

* Remove unnecessary load_backends from TestKeystoneTokenModel

Wed Sep 9 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev27:

* Update apache-httpd.rst

* Updated from global requirements

* Remove padding from Fernet tokens

* Fixed typos in \'developing_drivers\' doc

* Build oslo.context RequestContext

Tue Sep 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev18:

* Imported Translations from Transifex

* Updated from global requirements

* Correct docstring for common.authorization

Mon Sep 7 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev15:

* Change tests to use common name for keystone.tests.unit

* Removes py3 test import hacks

Sun Sep 6 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev11:

* Test list_role_assignment in standard inheritance tests

Sat Sep 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev10:

* Stop using deprecated keystoneclient function

Fri Sep 4 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev9:

* Updating sample configuration file

* Fixes confusing deprecation message

* Add methods for checking scoped tokens

* Deprecate LDAP Resource Backend

* List credentials by type

* Fixes a typo in a comment

* Fix grammar in doc string

Thu Sep 3 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b4.dev1:
8.0.0.0b3

* Added CORS support to Keystone

* Tokenless authz with X.509 SSL client certificate

* Stable Keystone Driver Interfaces

* Initial support for versioned driver classes

* Add federated auth for idp specific websso

* Broaden domain-group testing of list_role_assignments

* Add support for group membership to data driven assignment tests

* Add support for effective & inherited mode in data driven tests

* Change JSON Home for OS-FEDERATION to use /auth/projects|domains

* Provide new_xyz_ref functions in tests.core

* Correct docstrings in resource/core.py

* Stop reading local config for domain-specific SQL config driver

Wed Sep 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev232:

* Adds caching to paste deploy\'s egg lookup

* Validate Mapped User object

Wed Sep 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev228:

* Add support for data-driven backend assignment testing

Tue Sep 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev226:

* Updated from global requirements

* Unit tests for is_domain field in project\'s table

* Group tox optional dependencies

Mon Aug 31 14:00:00 2015 tbechtoldAATTsuse.com
- Update to version keystone-8.0.0.0b3.dev220:

* Refactor mapping rule engine tests to not create servers

* Updating sample configuration file

* Set max on max_password_length to passlib max

* Simplify federated_domain_name processing

* Enforce .config_overrides is called exactly once

* Rationalize unfiltered list role assignment test

* Change mongodb extras to lowercase

* Refactor: Provider._rebuild_federated_info()

* Refactor: rename Fernet\'s unscoped federated payload

* Fernet payloads for federated scoped tokens

* Prevent exception due to missing id of LDAP entity

* Expose exception due to missing id of LDAP entity

* Remove references to keystone.openstack.common

* Use entrypoints for paste middleware and apps

* update links in http-api to point to specs repo

* Prevent exception for invalidly encoded parameters

* Use wsgi_scripts to create admin and public httpd files

* Simplify rule in sample v3 policy file

* When validating a V3 token as V2, use the v3_to_v2 conversion

* Sample config help for supplied drivers

* Update docs for stevedore drivers
- Install %{_bindir}/keystone-wsgi-admin and
%{_bindir}/keystone-wsgi-public

Mon Aug 31 14:00:00 2015 rhaferAATTsuse.com
- Added keystone_max_url_length.diff as temporary workaround for
bnc#943764

Wed Aug 26 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev177:

* No More .reload_backends() or .reload_backend()

* Ensure ephemeral user\'s user_id is url-safe

* Use min and max on IntOpt option types

* Adds a notification testcase for unbound methods

* Update Httpd configuration docs for sites-available/enabled

* Creates a fixture representing as LDAP database

Tue Aug 25 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev165:

* Remove all traces of oslo incubator

* Refactor: use fixtures.TempDir more

* Adds backend check to setup of LDAP tests

Mon Aug 24 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev159:

* Remove deprecated methods from assignment.Manager

* Stop using deprecated assignment manager methods

Sat Aug 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev155:

* Add testcase to test invalid region id in request

* Add region_id filter for List Endpoints API

Fri Aug 21 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev151:

* Add necessary executable permission

* Update \'doc/source/setup.rst\'

* Enhance tests for saml2 signing exception logging

Thu Aug 20 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev145:

* Updating sample configuration file

* Test v2 tokens being deleted by v3

* Add is_domain field in Project Table

Wed Aug 19 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev140:

* Extras for bandit

* Use extras for memcache and MongoDB packages

* Remove unnecessary check

* Updated from global requirements

* Show helpful message when request body is not provided

* Do not require the token_id for converting v3 to v2 tokens

* Maintain the expiry of v2 fernet tokens

Mon Aug 17 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev127:

* EndpointFilter driver doesnt inherit its interface

Sun Aug 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev125:

* Imported Translations from Transifex

* Updated from global requirements

Sat Aug 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev122:

* Hardens the validated decorator\'s implementation

* Maintain datatypes when loading configs from DB

Fri Aug 14 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev118:

* Updating sample configuration file

* Improve a few random docstrings

* Remove \"tenants\" from user_attribute_ignore default

* Updated from global requirements

* Fix the misspelling

* Fix typo in doc-string

Thu Aug 13 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev108:

* Validate domain ownership for v2 tokens

* Fix docstring in mapped plugin

* Updated from global requirements

* Improve List Role Assignments Filters Performance

* Give some message when an invalid token is in use

Tue Aug 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev98:

* Updated from global requirements

* Fixes an incorrect docstring in notifications

* Improve a few random docstrings (H405)

* Correct enabled emulation query to request no attributes

Mon Aug 10 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev91:

* Minor grammar fixes to connection pooling section

* Stop calling deprecated assignment manager methods

Sun Aug 9 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev88:

* Updated from global requirements

* Updating sample configuration file

* Remove reference of old endpoint_policy in paste file

Sat Aug 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev84:

* Remove excessive transformation to list

* Stop calling deprecated assignment manager methods

* Fernet \'expires\' value loses \'ms\' after validation

* NotificationsTestCase running in isolation

* Adds/updates notifications test cases

* Fix duplicate-key pylint issue

* Fix explicit line joining with backslash

* Fixes an issue with data ordering in the tests

* Imported Translations from Transifex

* Allow Domain Admin to get domain details

* Assignment driver cleaning

* Cleanup tearDown in unit tests

* Remove unnecessary check from notifications.py

* Remove oslo import hacking check

* Use extras for ldap dependencies

* Test to ensure fernet key rotation results in new key sets

* Document default value for tree_dn options

* Register fatal_deprecations before use

* Remove unused setUp for RevokeTests

* Remove unnecessary code for default suffix

Fri Aug 7 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev50:

* Imported Translations from Transifex

* Fix unbound error in federation _sign_assertion

* Fix typos of RoleAssignmentV3._format_entity doc

* Document policy target for operation

* Remove unnecessary ldap imports

* Disable migration sanity check

Thu Aug 6 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev41:

* Updated from global requirements

* Use dict.items() rather than six.iteritems()

* Better error message when unable to map user

Wed Aug 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev35:

* Updating sample configuration file

* Cleanup use of iteritems

* Missing ADMIN_USER in sample_data.sh

* Update exported variables for openstack client

* Add better user feedback when bind is not implemented

* Refactor _populate_roles_for_groups()

* Refactor: clean up TokenAPITests

* Fix test_utils for py34

* Clean up code to use .items()

* Clean up notifications type checking

Mon Aug 3 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev20:

* Add groups in scoped federated tokens

Sun Aug 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev18:

* Imported Translations from Transifex

* Reject create endpoint with invalid urls

* Reduce number of Fernet log messages

Sat Aug 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev12:

* Adds missing list_endpoints tests

* Explain the \"or None\" on eventlet\'s client_socket_timeout

* Fix test_admin to expect admin endpoint

* Fixes a docstring to reflect actual return values

* pemutils isn\'t used anymore

* Adds proper isolation to templated catalog tests

Fri Jul 31 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b3.dev2:

* Handle non-numeric files in key_repository

Thu Jul 30 14:00:00 2015 tbechtoldAATTsuse.com
- Update to version keystone-8.0.0.0b3.dev1:
8.0.0.0b2

* Updated from global requirements

* Ensure database options registered for tests

* Document sample config updated automatically
- Adjust Requires according to requirements.txt

Thu Jul 30 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev172:

* Test function call result, not function object

* Test admin app in test_admin_version_v3

* Fix remaining mention of KLWT

* Replace 401 to 404 when token is invalid

* Assign different values to public and admin ports

* Reuse token_ref fetched in AuthContextMiddleware

Wed Jul 29 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev160:

* Updating sample configuration file

* Updated from global requirements

* add federation docs for mod_auth_mellon

Sat Jul 25 14:00:00 2015 seife+obsAATTb1-systems.com
- fix spec file conditions for non-suse distributions

Sat Jul 25 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev156:

* Fix four typos and Add one space on keystone document

* Imported Translations from Transifex

* Fix test_exception.py for py34

* Fix s3.core for py34

* test_base64utils works with py34

* Docs link to ACTIONS

* Moves keystone.hacking into keystone.tests

* Add missing \"raise\" when throwing exception

Fri Jul 24 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev141:

* Updating sample configuration file

* Minor fix in the `configuration.rst`

* Correct spacing in ``mapping_combinations.rst``

* Adding Documentation for Mapping Combinations

* Clean up docs before creating new ones

* Fix docs in federation.routers

* Refactor websso ``origin`` validation

* Move backends.py to keystone.server

* move clean.py into keystone/common

* Move cli.py into keystone.cmd

* Implement backend filtering on membership queries

Wed Jul 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev119:

* Avoid the hard coding of admin token

Wed Jul 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev118:

* Fix docstrings in contrib

* Additional Fernet test coverage

* Fix for LDAP filter on group search by name

Tue Jul 21 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev112:

* Updated from global requirements

* Document use of wip up to developer

Mon Jul 20 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev108:

* Remove unnecessary executable permission

Sun Jul 19 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev107:

* Do not remove expired revocation events on \"get\"

* Federation API provides method to evaluate rules

* Move constants out of federation.core

* Deprecate LDAP assignment driver options

Sat Jul 18 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev99:

* Log xmlsec1 output if it fails

* Fix test method examining scoped federation tokens

* Spelling correction

* Fixes grammar in setup.rst in doc source

* Updated from global requirements

* Use oslo.utils instead of home brewed tempfile

* Standardize documentation at Service Managers

* Switch from MySQL-python to PyMySQL

Wed Jul 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev85:

* Updating sample configuration file

* Add testcases for list_role_assignments of v3 domains

* Centralizing build_role_assignment_
* functions

Tue Jul 14 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev79:

* Replace reference of ksc with osc

* Mask passwords in debug log on user password operations

Mon Jul 13 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev77:

* Updated from global requirements

Sun Jul 12 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev76:

* Changing exception type to ValidationError instead of Forbidden

* Removed optional dependency support

Sat Jul 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev72:

* Fixes grammar in the httpd README

* Imported Translations from Transifex

* Fixes docstring to make it more precise

* Decouple notifications from DI

* Fix log message in one of the v3 create call methods

* Simplify fernet rotation code

* Tests for correct key removed

* Add test showing password logged

* Add more Rally scenarios

Fri Jul 10 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev57:

* Fix the incorrect format for docstring

Thu Jul 9 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev56:

* Catch exception.Unauthorized when checking for admin

* Remove convert_to_sqlite.sh

* Remove fileutils from oslo-incubator

* Remove comment for doc building bug 1260495

* Fix code-block in federation documentation

* Modified command used to run keystone-all

* Delete extra parentheses in assertEqual message

* Fix the invalid testcase

* Updating sample configuration file

* Add unit test for fernet provider

* Update federation docstring

* Do not specify \'objectClass\' twice in LDAP filter string

* Fix tox -e py34

* Change mapping model so rules is dict

* Add test case for deleting endpoint with space in url

* Update requirements by hand

* Group role revocation invalidates all user tokens

* Adds some debugging statements

Thu Jul 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev21:

* Consolidate the fernet provider issue_v3_token()

* OS-FEDERATION no longer extension in docs

Wed Jul 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev17:

* Switch from deprecated oslo_utils.timeutils.strtime

* Update MANIFEST.in

Tue Jun 30 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev14:

* Use oslo.service ServiceBase when loading from eventlet

* Relax the formats of accepted mapping rules for keystone-manage

Sun Jun 28 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev10:

* Update sample config file

* Updated from global requirements

Sat Jun 27 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev7:

* Switch to oslo.service

* Update sample configuration file

* Don\'t try to drop FK constraints for sqlite

Thu Jun 25 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0b2.dev4:

* Python 3: Use range instead of xrange for py3 compatibility
8.0.0.0b1

* Document entrypoint namespaces

* Short names for auth plugins

Wed Jun 24 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0a1.dev20:

* Use stevedore for auth drivers

Tue Jun 23 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0a1.dev18:

* Update sample configuration file

* Remove unused requirements

* Add missing keystone-manage commands to doc

* Refactor extract function load_auth_method

* Add unit test to exercise key rotation

* Fix Fernet key rotation

Mon Jun 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0a1.dev6:

* Remove redundant config

Sat Jun 20 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0a1.dev4:

* Imported Translations from Transifex

Fri Jun 19 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-8.0.0.0a1.dev3:

* Update version for Liberty
8.0.0a0

* Fix tests failing on slower system

Wed Jun 17 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev231:

* Refactor: move PKI-specific tests into the appropriate class

* Needn\'t load fernet keys twice

* Pass environment variables of proxy to tox

Tue Jun 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev225:

* Mapping Engine CLI

Fri Jun 12 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev223:

* Imported Translations from Transifex

* Add validity check of \'expires_at\' in trust creation

Thu Jun 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev220:

* Fix spelling in configuration comment

* Switch keystone over to oslo_log versionutils

* Updated from global requirements

* Use lower default value for sha512_crypt rounds

* Updated from global requirements

* Remove unnecessary dependencies from KerberosDomain

* Remove deprecated external authentication plugins

* Avoid using the interactive interpreter for a one-liner

* Revocation engine refactoring

* Add testcases to test DefaultDomain

* Remove identity_api from AuthInfo dependencies

* Fix sample policy to allow user to check own token
2015.1.0

* Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab

* Updated from global requirements

* Release Import of Translations from Transifex

* Make memcache client reusable across threads

* Set default branch to stable/kilo

* backend_argument should be marked secret (bnc#929628, CVE-2015-3646)

* Update man pages for the Kilo release

* make sure we properly initialize the backends before using the drivers

* WebSSO should use remote_id_attribute by protocol

* Work with pymongo 3.0
2014.2

Mon Jun 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev275:

* Rename directory with rally jobs files

* Refactor: use __getitem__ when the key will exists

* Refactor: create the lookup object once

Sun Jun 7 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev269:

* Remove custom assertions for python2.6

* Fix req.environ[SCRIPT_NAME] value

Sat Jun 6 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev265:

* Updated from global requirements

* Order routes so most frequent requests are first

Fri Jun 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev262:

* Don\'t query db if criteria longer than col length

* Run WSGI with group=keystone

* Fix the wrong order of parameters when using assertEqual

* Remove the deprecated ec2 token middleware

* Replace blacklist_functions with blacklist_calls

* Rename driver to backend and fix the inaccurate docstring

Thu Jun 4 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev250:

* Updated from global requirements

* Consolidate test-requirements files

* Switch from deprecated isotime

* Update access control configuration in httpd config

Wed Jun 3 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev245:

* Improve error message when tenant ID does not exist

* Adds inherited column to RoleAssignment PK

Tue Jun 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev241:

* updates sample_data script to use the new openstack commands

* Log info for Fernet tokens over 255 chars

Mon Jun 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev237:

* Update functional tox env requirements

* Update sample config file

* Correct oauth1 driver help text

* Add \"enabled\" to create service provider example

* Removes unused database setup code

* Sync oslo-incubator cc19617

Sun May 31 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev227:

* Update testing keystone2keystone doc

* `api_curl_examples.rst` is out of date

* Don\'t assume project IDs are UUID format

* Don\'t assume group IDs are UUID format

* Remove randomness from test_client_socket_timeout

Fri May 29 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev219:

* Don\'t fail on converting user ids to bytes

Thu May 28 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev217:

* Move endpoint policy into keystone core

* Update dev setup requirements for Python 3.4

Tue May 26 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev213:

* Tests don\'t override default auth methods/plugins

* Tests consistently use auth_plugin_config_override

* Test use config_overrides for configs

* Correct tests setting auth methods to a non-list

* Use single connection in get_all function

Sat May 23 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev203:

* Update sample config file

* Make sure LDAP filter is constructed correctly

Fri May 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev200:

* basestring no longer exists in Python3

* Add mocking for memcache for Python3 tests

* Fix xmldsig import

* Refactor deprecations tests

* Remove the deprecated compute_port option

* Removes temporary fix for doc generation

* Fixes deprecations test for Python3

* Revert \"Loosen validation on matching trusted dashboard\"

* Implement validation on the Identity V3 API

Wed May 20 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev182:

* Improve websso documentation

* Workflow documentation is now in infra-manual

Sun May 17 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev178:

* Remove XML middleware stub

* Replace ci.o.o links with docs.o.o/infra

Sat May 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev174:

* Rename sample_config to genconfig

* Imported Translations from Transifex

Thu May 14 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev171:

* Move bandit requirement to test-requirements-bandit.txt

Tue May 12 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev169:

* Updated from global requirements

* Add missing part for `token` object

* Remove support for loading auth plugin by class

Mon May 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev164:

* Update sample config file

* Use [] where a value is required

* De-duplicate auth methods

* Remove unnecessary oauth_api check

* Use short names for drivers

* Add mocking for ldappool for Python3 tests

* Fixes a whitespace issue

* Handles modules that moved in Python3

* Handles Python3 builtin changes

* Use stevedore for backend drivers

Sun May 10 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev144:

* Replace github reference by git.openstack.org and change a doc link

* Refactor _create_attribute_statement IdP method

* Updated from global requirements

Fri May 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev138:

* Fixes use of dict methods for Python3

Thu May 7 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev137:

* Updated from global requirements

* Use correct LOG translation indicator for errors

Wed May 6 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev133:

* Add openstack_user_domain to assertion

Wed May 6 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev131:

* Fixes test nits from a previous review

Tue May 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev129:

* Pass-in domain when testing saml signing

Sat May 2 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.0.dev128:

* Fixes tests to use the config fixture

Fri May 1 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev150:

* Fix tiny typo in comment message

* Updates the
*py3 requirements files

* Add openstack_project_domain to assertion

* Prohibit invalid ids in subtree and parents list

Thu Apr 30 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev143:

* Fixes mocking of oslo messaging for Python3

* pycadf now supports Python3

* eventlet now supports Python3

* Updated from global requirements

* Update sample config

* Allow wsgiref to reconstruct URIs per the WSGI spec

* Refactor assignment driver internal clean-up method names

Tue Apr 28 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev130:

* Updated from global requirements

Mon Apr 27 14:00:00 2015 tbechtoldAATTsuse.com
- Update to version keystone-2015.2.dev128:

* Replaced filter with a list comprehension

* Ignore multiple imports per line for six.moves

* Fixes order of imports for pep8

* pep8 whitespace changes

* Fix the misuse of `versionutils.deprecated`

* Update openid connect docs to include other distros

* Updated from global requirements

* Remove pysqlite test-requirement dependency

* Isolate injection tests

* Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab

* Fixes cyclic ref detection in project subtree

* Remove project association before removing endpoint group

* Add domain_id checking in create_project

* Refactor common function for loading drivers

* Tests don\'t override default config with default

* Entrypoints for commands

* Add fernet to test_supported_token_providers

* Tests use Database fixture

* Correct path in request logging

* Correct request logging query parameters separator

* Eventlet green threads not released back to pool

* Cleanup test keeping unnecessary fixture references

* Fixes the SQL model tests
- Remove outdated Requires and BuildRequires

Wed Apr 22 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev84:

* Updated from global requirements

* Imported Translations from Transifex

* Loosen validation on matching trusted dashboard

* adds a tox target for functional tests

* Adds an initial functional test

* Update developer doc to reference Ubuntu 14

* Move common checks into base testcase

Mon Apr 20 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev70:

* Fix the incorrect comment

* Update Get API version Curl example

Sun Apr 19 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev66:

* Stops injecting revoke_api into TestCase

* Update keystone.sample.conf

* Use choices in config.py

* remove useless nocatalog tests of endpoint_filter

* Refactor: extract and rename unique_id method

* Add test to list projects by the parent_id

Sat Apr 18 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev54:

* Remove assigned protocol before removing IdP

* Expose domain_name in the context for policy.json

* Make memcache client reusable across threads

* Remove unused policy rule for get_trust

Fri Apr 17 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev46:

* Use correct LOG translation indicator for warnings

* Don\'t provide backends from __all__ in persistence

* Fix index name the assignment.actor_id table

* Refactor sql filter code for clarity

Thu Apr 16 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev38:

* Fix incorrect setting in WebSSO documentation

* Exposes bug on role assignments creation

* Redundant events on group grant revocation

Wed Apr 15 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev33:

* Checking if Trust exists should be DRY

* Add routing for list_endpoint_groups_for_project

Tue Apr 14 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev29:

* backend_argument should be marked secret

* Fix signed_saml2_assertion.xml tests fixture

* Removes discover from test-reqs

Sun Apr 12 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev23:

* Refactor MemcachedBackend to not be a Manager

Sat Apr 11 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev21:

* Tests use common base class

* Mark some strings for translation

Fri Apr 10 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev17:

* make sure we properly initialize the backends before using the drivers

* WebSSO should use remote_id_attribute by protocol

* Update openstack-common reference in openstack/common/README

* Update testing docs

Thu Apr 9 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev9:

* Work with pymongo 3.0

* Update man pages for the Kilo release

* Add placeholders for reserved migrations

* Tox env for Bandit

Wed Apr 8 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.2.dev2:
2015.1.0rc1

* Open Liberty development

* Improved policy setting in the \'v3 filter\' tests

* Handle NULL value for service.extra in migration 066

* Skip SSL tests because some platforms do not enable SSLv3

* Add index to the revocation_event.revoked_at

* Fix for notifications for v2 role grant/delete

Tue Apr 7 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev143:

* Fix the typo in `token/providers/fernet/core.py`

* Document websso setup

* Don\'t add unformatted project-specific endpoints to catalog

Sun Apr 5 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev138:

* Allow identity provider to be created with remote_ids set to None

* Fix multiple SQL backend usage validation error

* Expose multiple SQL backend usage validation error

Sat Apr 4 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev133:

* Import fernet providers only if used in keystone-manage

* Imported Translations from Transifex

* Update sample config file

* Fix errors in ec2 signature logic checking

* Fixes bug in Federation list projects endpoint

* Exposes bug in Federation list projects endpoint

* Cleanup use of .driver

* Fix setting default log levels

Fri Apr 3 14:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev117:

* Reload drivers when their domain config is updated

* Correcting the name of directory holding dev docs

* Updated from global requirements

* Remove unnecessary .driver. references in assignment manager

* Rename notification for create/delete grants

* Drop sql.transaction() usage in migration

* Update configuration documentation for domain config

* Fix for migration 062 on MySQL

* Bump advertised API version to 3.4

* Deprecate eventlet config options

* More content in the guide for core components\' migration

Mon Mar 30 14:00:00 2015 rsalevskyAATTsuse.com
- Update to version keystone-2015.1.dev96:

* Extract response headers to private method

* Imported Translations from Transifex

* Add API to create ecp wrapped saml assertion

* Add relay_state_prefix to Service Provider

* Change the way values are migrated for 007_add_remote_id_table

* Use ORM in upgrade test instead of manual query construction

* Remove empty request bodies

* Remove unnecessary import that was not checked

* IdP ID registration and validation

* Imported Translations from Transifex

* add test of /v3/auth/catalog for endpoint_filter

* Make trust manager raise formatted message exception

* Revert \"Document mapping of policy action to operation\"

* Remove SQL Downgrades

* Add caching to getting of the fully substituted domain config

* Refactor _create_projects_hierarchy in tests

* Fixes bug when getting hierarchy on Project API

* Exposes bug when getting hierarchy on Project API

* use tokens returned by delete_tokens to invalidate cache

* Loosen the validation schema used for trustee/trustor ids

* region.description is optional and can be null

* Document mapping of policy action to operation

* Update install.rst for Fedora

* Update sample config file

* Remove parent_id in v2 tenant response

* create _member_ role as specified in CONF

* Fix sample policy to allow user to revoke own token

* Add unit tests for sample policy token operations

* Fix up token provider help text

* Remove parent_id in v2 token response

Thu Mar 19 13:00:00 2015 rsalevskyAATTsuse.com
- Update to version keystone-2015.1.dev497:

* Needn\'t workaround when invoking `app.request()` 2015.1.0b3

* Imported Translations from Transifex

* Update sample httpd config file

* Cleanup Fernet testcases and add comments

* Fix nullable constraints in service provider table

* Adds test for federation mapping list order issues

* Updated from global requirements

* Prefer . to setattr()/getattr()

* Support upload domain config files to database

* Update Apache httpd config docs for token persistence

* Add inline comment and docstrings fixes for Fernet

* Move backend LDAP role testing to the new backend testing module

* URL quote Fernet tokens

* Use existing token test for Fernet tokens

* Implement Fernet tokens for v2.0 tokens

* remove expected backtrace from logs

* Log when no external auth plugin registered

* Enable sensitive substitutions into whitelisted domain configs

* Imported Translations from Transifex

* Create a fixture for key repository

* Ignore unknown groups in lists for Federation

* Remove RestfulTestCase.admin_request

* Remove SSL configuration instructions from HTTPd docs

* Wrap apache-httpd.rst

* Remove fix for migration 37

* Cleanup for credentials schema test

* Build domain scope for Fernet tokens

* Mark the domain config API as experimental

* Imported Translations from Transifex

* Allow methods to be carried in Fernet tokens

* Federated token formatter

* Refactor: make Fernet token creation/validation API agnostic

* Convert audit_ids to bytes

* Drop Fernet token prefixes & add domain-scoped Fernet tokens

* Add JSON schema validation for service providers

* Implements whitelist and blacklist mapping rules

* Adding utf8 to federation tables

* Abstract the direct map concept into an object

Sat Feb 14 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev102:

* Cleanup tests to not set multiple workers

* Use subunit-trace from tempest-lib

* Log exceptions safely

* Imported Translations from Transifex

* Refactor _send_audit_notification

* Updated from global requirements

* Remove excess brackets in exception creation

* Update policy doc to use new rule format

* remove the unused variables in indentity/core.py

* make federation part of keystone core

* Small cleanup of cloudsample policy

* Fix error message on check on RoleV3

* Improve creation of expected assignments in tests

* Add a check to see if a federation token is being used for v2 auth

* Adds a fork of python-ldap for Py3 testing

* Updates Python3 requirements

* Add local rules in the federation mapping tests

* Don\'t try to convert LDAP attributes to boolean

* Add schema for endpoint group

* Don\'t coerce port config values

* Add new \"RoleAssignment\" exception

* Fix evaluation logic of federation mapping rules

* Minor fix in RestfulTestCase

* Remove unused testscenarios requirement

* Integrate logging with the warnings module

Fri Feb 13 13:00:00 2015 dmuellerAATTsuse.com
- update logrotate.conf

Fri Feb 13 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev53:

* fix assertTableColumns

* Imported Translations from Transifex

* Sync with oslo-incubator

Thu Feb 12 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev47:

* Split the assignments controller

* log wsgi requests at INFO level

Wed Feb 11 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev43:

* Use _VersionsEqual for a few more version tests

* Remove test PYTHONHASHSEED setting

* Correct version tests for result ordering

* Correct a v3 auth test for result ordering

* Correct catalog response checker for result ordering

* Correct test_get_v3_catalog test for result ordering

* Correct test_auth_unscoped_token_project for result ordering

* Fix the syntax issue on creating table `endpoint_group`

* Change hacking check to verify all oslo imports

* Change oslo.i18n to oslo_i18n

* Change oslo.config to oslo_config

* Change oslo.db to oslo_db

* Remove XMLEquals from tests

* Remove unused test case

* Change oslo.messaging to oslo_messaging

* Deprecate LDAP Assignment Backend

* Fix downgrade test for migration 61 on non-sqlite

Tue Feb 10 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev10:

* Make identity id mapping handle unicode

* Improve testing of unicode id mapping

* Change oslo.serialization to oslo_serialization

Sun Feb 8 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev6:

* Imported Translations from Transifex

Sat Feb 7 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev5:

* Fix race on default role creation

* Imported Translations from Transifex

Fri Feb 6 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev3:

* Unscoped to Scoped only

* Refactor federation SQL backend
2015.1.0b2

* Handle SSL termination proxies for version list

Thu Feb 5 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev214:

* Set initiators ID to user_id

* Updated from global requirements

* Adds a wip decorator for tests

Wed Feb 4 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev209:

* Imported Translations from Transifex

* Update federation config to use Service Providers

* Drop URL field from region table

* Create K2K SAML assertion from Service Provider

* Service Providers API for OS-FEDERATION

* Implements subtree_as_ids query param

* Refactor role assignment assertions

* Remove local conf information from paste-ini

* Explicit Unscoped

* Remove TODO comment which has been addressed

* Refactor keystone-all and http/keystone

* Add positive test case for content types

* add circular check when updating region

* fix the wrong update logic of catalog kvs driver

Tue Feb 3 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev181:

* Fixes \'OS-INHERIT:inherited_to\' info in tests

* During authentication validate if IdP is enabled

* Fix typo in Patch #142743

* Implements parents_as_ids query param

* Multiple IDP authentication URL

* Change oslo.utils to oslo_utils

* Imported Translations from Transifex

* Regenerate sample config file

* Make unit tests call the new resource manager

* Make controllers and managers reference new resource manager

* Remove unused pointer to assignment in identity driver

* Move projects and domains to their own backend

* Make role manager refer to role cache config options

* Documentation fix for Keystone Architecture

* Imported Translations from Transifex

* Fix up _ldap_res_to_model for ldap identity backend

* Use RequestBodySizeLimiter from oslo.middleware

* Remove list_user_projects method from assignment

* Remove unnecessary code block of exception handling

* do parameter check before updating endpoint_group

Thu Jan 29 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev144:

* remove invalid note

* Move test_utils to keystone/tests/unit/

Wed Jan 28 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev140:

* Add library oslo.concurrency in config-generator config file

* Updated from global requirements

* fix test_ec2_list_credentials

* Assignment sql backend create_grant refactoring

* Fix incorrect session usage in tests

* Change /POST to /ECP at federation config

Tue Jan 27 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev129:

* Updated from global requirements

Sun Jan 25 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev128:

* Updated from global requirements

Thu Jan 22 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev127:

* Correct comment about circular dependency

* Refactor assignment manager/driver methods

Wed Jan 21 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev123:

* Updated from global requirements

Mon Jan 19 13:00:00 2015 rhaferAATTsuse.com
- fixed dependencies. The LDAP backend requires python-ldappool

Mon Jan 19 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev122:

* Imported Translations from Transifex

* Identify groups by name/domain in mapping rules

* correct the help text of os_inherit

* invalidate cache when updating catalog objects

Sat Jan 17 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev115:

* Updated from global requirements

* Move sql specific filter test code into test_backend_sql

* Fix migration 42 downgrade

Fri Jan 16 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev110:

* Fix incorrect filter test name

* Update the keystone sample config

* Scope federated token with \'token\' identity method

* Make unit tests call the new, split out, role manager

* Make controllers call the new, split out, role manager

* Correct doc string for grant driver methods

* Split roles into their own backend within assignments

* Fix transaction issue in migration 44 downgrade

Thu Jan 15 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev94:

* Update Inherited Role Assignment Extension section

* Limit lines length on configuration doc

* Fixes spacing in sentences on configuration doc

* Fixes several typos on configuration doc

* Trust redelegation

* add missing parent_id parameter check in project schema

* Updated from global requirements

* Correct failures for H238

* Move to hacking 0.10

* Always return the service name in the catalog

Wed Jan 14 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev74:

* Additional test coverage for password changes

Mon Jan 12 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev73:

* Updated from global requirements

Sat Jan 10 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev72:

* Remove unused fields in base TestCase

* Keystoneclient tests from venv-installed client

* Cleanup test-requirements for keystoneclient

* Fix tests using extension drivers

Fri Jan 9 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev65:

* Fix downgrade from migration 61 on non-sqlite

* explicit namespace prefixes for SAML2 assertion

* Remove requirements not needed by oslo-incubator modules anymore

* let endpoint_filter sql backend return dict data

Wed Jan 7 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev58:

* Ensure manager grant methods throw exception if role_id is invalid

* update sample conf using latest oslo.conf

* Remove unnecessary oslo incubator bits

Tue Jan 6 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev52:

* switch from sample_config.sh to oslo-config-generator

Mon Jan 5 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev50:

* Enable hacking rule H302

Mon Jan 5 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev48:

* Tests fail only on deprecation warnings from keystone

Sat Jan 3 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev47:

* Update the keystone.conf sample

* Remove extra V3 version router

Thu Jan 1 13:00:00 2015 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev43:

* improve the EP-FILTER catalog length check in test_v3.py

* Don\'t allow deprecations during testing

* Fix to not use deprecated Exception.message

* Fix to not use empty IN clause

* Removes a Py2.6 version of assertSetEqual

* Removes a Py2.6 version of inspect.getcallargs

* Removes a bit of WSGI code converts unicode to str

* Enhance FakeLdap to require base entry for subtree search

Mon Dec 29 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev27:

* fix wrong self link in the response of endpoint_groups API

* rename oslo.concurrency to oslo_concurrency

Mon Dec 29 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev24:

* Imported Translations from Transifex

* Expanded mutable hacking checks

* Make the mutable default arg check very strict

* Correct use of noqa

Wed Dec 24 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev17:

* Memcache connection pool excess check

Sat Dec 20 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev15:

* Be more precise with flake8 filename matches

* Use bashate to run_tests.sh

* Update federation docs to point to specs.o.org

Fri Dec 19 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev9:

* sync to oslo commit 1cf2c6

* Update docs to no longer show XML support
2015.1.0b1

* Remove unnecessary ldap import

* Change config option examples to v3

Thu Dec 18 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev297:

* Check and delete for policy_association_for_region_and_service

* Remove XML support

* Fix modifying a role with same name using LDAP

* Add a test for modifying a role to set the name the same

* Fix disabling entities when enabled is ignored

* Add tests for enabled attribute ignored

* Fix update role without name using LDAP

Wed Dec 17 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev283.g3f42c1a:

* Rename `removeEvent` to be more pythonic

* Fix the way migration helpers check FK names

* Add test for update role without name

* Fixes links in Shibboleth configuration docs

* fix wrong indentation in contrib/federation/utils.py

* default revoke driver should be the non-deprecated driver

Tue Dec 16 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev272.g9ee165f:

* Remove database setup duplication

Sun Dec 14 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev270.gd5c8a37:

* Inherited role assignments to projects

Sat Dec 13 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev268.ged7b033:

* Cleanup eventlet use in tests

Fri Dec 12 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev266.gca8a8a6:

* Updated from global requirements

* Remove endpoint_substitution_whitelist config option

* TestAuthPlugin doesn\'t use test_auth_plugin.conf

* Add missing translation marker for dependency

Thu Dec 11 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev258.g71c9bf5:

* Fix inherited user role test docstring

Tue Dec 9 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev257.g6aaba42:

* Adds openSUSE support for developer documentation

* User ids that begin with 0 cannot authenticate through ldap

* Typo in policy call

* Updated from global requirements

* Correct max_project_tree_depth config help text

* make sample_data.sh account for the default options in keystone.conf

* Move notification unit tests to unit test dir

* Remove useless field passed into SQLAlchemy \"distinct\" statement

Sun Dec 7 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev241.g2355f3a:

* Updated from global requirements

Sat Dec 6 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev240.g39a93ca:

* Adds correct checks in LDAP backend tests

* Updated from global requirements

* Create, update and delete hierarchical projects

* Remove irrelative comment

* Moves hacking tests to unit directory

* Provide useful info when parsing policy file

Fri Dec 5 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev229.g5513052:

* Add an identity backend method to get group by name

* remove deprecated access log middleware

* sys.exit mock cleanup

* Fixes endpoint_filter tests

Thu Dec 4 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev222.g37c6766:

* Base methods to handle hierarchical projects

* Add parent_id field to projects

* Update the feature/hierarchical-multitenancy branch

Wed Dec 3 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev215.gd82a3ca:

* drop developer support for OS X

Wed Dec 3 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev213.ga8106b1:

* Ignore H302 - bug 1398472

Tue Dec 2 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev212.g1083161:

* Multiple IdPs problem

* Fixes docstring at eventlet_server

* Fix the copy-pasted help info for db_version

* Update keystone readme to point to specs.o.org

* Use true() rather than variable/singleton

* use expected_length parameter to assert expected length

Sat Nov 29 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev201.gdba82b1:

* Updated from global requirements

Thu Nov 27 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev200.g2f00feb:

* Move check_output and git() to test utils

Wed Nov 26 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev198.g6fb51ed:

* Use _ definition from keystone.i18n

* Remove Python 2.6 classifier

* Speed up memcache lock

* Add WSGIPassAuthorization to OAuth docs

Tue Nov 25 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev190.gea4fcec:

* Fixes create_saml_assertion() return

* Remove duplicate setup logic in federation tests

Sun Nov 23 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev186.g527924b:

* Add import i18n to federation/controllers.py

* Correct use of config fixture

* Extends hacking check for logging to verify i18n hints

Sat Nov 22 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev180.gb55aa76:

* Adds missing log hints for level E/I/W

* Adds dynamic checking for mapped tokens

Fri Nov 21 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev176.g1ee9468:

* Updated from global requirements

Thu Nov 20 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev175.g2bea749:

* Enable cloud_admin to list projects in all domains

* Remove string from URL in list_revoke_events()

* Configuring Keystone edits

* Imported Translations from Transifex

* Increase test coverage of test_versions.py

* Increase test coverage of test_base64utils.py

* Move base64 unit tests to keystone/tests/unit dir

* Move injection unit tests to keystone/tests/unit

* Doc about specifying domains in domains specific backends

* Update references to auth_token middleware

Sat Nov 15 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev157.g4ec0c61:

* Move test_pemutils.py to unit test directory

* Don\'t return ``user_name`` in mapped.Mapped class

* Allow for REMOTE_USER name in federation mapping

* Exclude domains with inherited roles from user domain list

* Improve testing of exclusion of inherited roles

* Fix project federation tokens for inherited roles

* Improve testing of project federation tokens for inherited roles

* Move shib specific documentation

Fri Nov 14 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev141.g32734df:

* Fix domain federation tokens for inherited roles

* fix the wrong order of assertEqual args in test_v3

Thu Nov 13 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev137.g6d5a093:

* Improve testing of domain federation tokens for inherited roles

* Additional debug logs for federation flows

* Add openid connect support

Wed Nov 12 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev131.gb05a540:

* Enable hacking rule H904

* Prevent infinite loop in token_flush

* Tests raise exception if logging problem

Tue Nov 11 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev125.ge333b41:

* Change ca to uppercase in keystone.conf

* Doc about deleting a domain specific backend domain

Mon Nov 10 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev121.g2b7fdb1:

* Fix misspelling at configuration.rst file

Sat Nov 8 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev120.g17ec695:

* Imported Translations from Transifex

Fri Nov 7 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev119.gb13db25:

* Imported Translations from Transifex

* Enable hacking rule H104 File contains nothing but comments

* Rename _handle_saml2_tokens() method

* Updated from global requirements

Thu Nov 6 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev114.g2ba7d67:

* Rename _handle_saml2_tokens(

Thu Oct 30 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev113.g3d9184b:

* Updated from global requirements

* Remove token persistence proxy

* revise error message for keystone.token.persistence pkg

Thu Oct 30 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev107.g7fa6e92:

* Adds IPv6 url validation support

Wed Oct 29 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev106.gf45b3e5:

* Use oslo.concurrency instead of sync\'ed version

* Use correct name of oslo debugger script

Tue Oct 28 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev102.g15a01f2:

* Remove nonexistant param from docstring

* Fixes aggressive use of translation hints

Mon Oct 27 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev98.g1658095:

* Sync modules from oslo-incubator

* test_utils use jsonutils from oslo.serialization

* Add fileutils module

* PKI and PKIZ tokens unnecessary whitespace removed

* Move unit tests from test_backend_ldap

* Updated from global requirements

* Imported Translations from Transifex

* Correct the code path of implementation for the abstract method

* Use newer python-ldap paging control API

* Add xmlsec1 dependency comments

* Add max-complexity to pep8 for Keystone

* Remove check_password() in identity.backend.ldap

* Remove unused ec2 driver option

* Extract Assignment tests from IdentityTestCase

* Fixes docstrings to be more accurate

Fri Oct 17 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev73.gfdbad9f:

* Restrict certain APIs to cloud admin in domain-aware policy

Thu Oct 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev72.g61ccca5:

* wrong logic in assertValidRoleAssignmentListResponse method

Tue Oct 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev70.gb276f3d:

* obsolete deployment docs

* Address some late comments for memcache clients

* Fix fakeldap search_s documentation

Sun Oct 12 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev64.gc0285c8:

* Add v3 openstackclient CLI examples

* Update the CLI examples to also use openstackclient

Sat Oct 11 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev60.gaf25b2b:

* Clean up federated identity audit code

Fri Oct 10 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev58.g9025b64:

* Updated from global requirements

* revise docs on default _member_ role

* Refactor FakeLdap to share delete code

* Updates package comment to be more accurate

Thu Oct 9 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev50.g1b2fc1e:

* Fixes a spelling error in hacking tests

* Remove deprecated KVS trust backend

* Imported Translations from Transifex

* Replace an instance of keystone/openstack/common/timeutils

* Use importutils from oslo.utils

* Use jsonutils from oslo.serialization

* Update \'Configuring Services\' documentation

* Use openstackclient examples in configuration documentation

* Remove deprecated TemplatedCatalog class

* Add an XML code directive to a shibboleth example

* Add testcase for coverage of 002_add_endpoint_groups

Tue Oct 7 14:00:00 2014 dmuellerAATTsuse.com
- fix cert creation on hosts with broken hostname

Tue Oct 7 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev30.g5a615fc:

* Ensure sql upgrade tests can run with non-sqlite databases

* Remove identity and assignment kvs backends

Mon Oct 6 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev26.gb27a9b2:

* Validates controller methods exist when specified

* Switch LdapIdentitySqlAssignment to use oslo.mockpatch

Sun Oct 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev22.g4f9bbb8:

* Fixes an error deleting an endpoint group project

* Remove images directory from docs

* Fix tests comparing tokens

Fri Oct 3 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev17.gaf1f960:

* Remove OS-STATS monitoring

* Handle default string values when using user_enabled_invert

* Remove duplicated assertion

* Remove unused cache functions from token.core

Thu Oct 2 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev10.gc1b8fbc:

* Convert unicode to UTF8 when calling ldap.str2dn()

* Fix parsing of emulated enabled DN

Wed Oct 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev6.ge258917:

* Add test for getting a token with inherited role
2014.2.rc1

Tue Sep 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2015.1.dev201.g82ded4a:

* Open Kilo development

* Add placeholders for reserved migrations

* add --rebuild option for ssl/pki_setup

Mon Sep 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev196.g6778df0:

* Correct typos in keystone/common/base64utils.py docstrings

* improve dependency injection doc strings

* Remove trailing space from string

* Fixes code comment to be more accurate

Sun Sep 28 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev188.g1f9248e:

* Imported Translations from Transifex

* Uses session in migration to stop DB locking

* Set issuer value to CONF.saml.idp_entity_id

* Updated from global requirements

* Add version attribute to the SAML2 Assertion object

* Fail on empty userId/username before query

Sat Sep 27 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev176.g0200751:

* Mark k2k as experimental

* Update architecture documentation

Fri Sep 26 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev172.gd229892:

* New section for CLI examples in docs

* Fix failure of delete domain group grant when identity is LDAP

* Clean up the Configuration documentation

* Adding an index on token.user_id and token.trust_id

Fri Sep 26 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev164.g2fc25ff:

* Fix a spelling mistake in keystone/common/utils.py

Thu Sep 25 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev162.gd8d1477:

* Prevent infinite recursion on persistence core on init

Wed Sep 24 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev160.g08416ac:

* Imported Translations from Transifex

* Read idp_metadata_path value from CONF.saml

* Fix Policy backend driver documentation

Tue Sep 23 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev154.g1af2428:

* Fix create and user-role-add in LDAP backend

* Fix minor spelling issues in comments

* Add a pool of memcached clients

* Set LDAP certificate trust options for LDAPS and TLS

Mon Sep 22 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev146.g641381a:

* Update URLs for keystone federation configuration docs

* Add info about pysaml2 into federation docs

Sun Sep 21 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev142.g54054e8:

* Do not run git-cloned ksc master tests when local client specified

Sat Sep 20 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev140.g2f14f3a:

* Mock doesn\'t have assert_called_once()

* Imported Translations from Transifex

Sat Sep 20 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev136.gee4ee3b:

* Updated from global requirements

* Safer check for enabled in trusts

* Set the default number of workers when running under eventlet

* Add the processutils from oslo-incubator

* Update \'Configure Federation\' documentation

* Update man pages

Fri Sep 19 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev124.g8e6e6b3:

* Ensure identity sql driver supports domain-specific configuration

Thu Sep 18 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev123.ga56d363:

* Allow users to clean up role assignments

Wed Sep 17 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev121.gae22900:

* Adds a whitelist for endpoint catalog substitution (bnc#895847, CVE-2014-3621)

* Revoke the tokens of group members when a group role is revoked

* Change pysaml2 comment in test-requrements.txt

* Document Keystone2Keystone federation

Tue Sep 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev114.g9d4e22b:

* ldap/core deleteTree not always supported

* Reduce unit test log level for notifications

* Fix delete group cleans up role assignments with LDAP

* Refactor LDAP backend using context manager for connection

* Add delete notification to endpoint grouping

* Ensure a consistent transactional context is used

* Adds hint about filter placement to extension docs

* Making KvsInheritanceTests use backend KVS

Sun Sep 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev100.g30c1e8b:

* Fix using local ID to clean up user/group assignments

* Add characterization test for cleanup role assignments for group

* Fix LDAP group role assignment listing

* Adds pipeline hints to the example paste config

* Use id attribute map for read-only LDAP

* Use oslo_debug_helper and remove our own version

* trustor_user_id not available in v2 trust token

Sat Sep 13 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev86.g1e20448:

* Add V3 JSON Home support to GET /

* Make the extension docs a top level entry in the landing page

* LDAP: refactor use of \"1.1\" OID

* Enable filtering of services by name

* Sync jsonutils from oslo-incubator 32e7f0b5

* Update the docs that list sections in keystone.conf

Fri Sep 12 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev74.gc4e9556:

* Document mod_wsgi doesn\'t support chunked encoding

* Keystone local authenticate has an unnecessary pending audit record

* JSON Home data is required

Thu Sep 11 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev68.g12655bf:

* Stop skipping LDAP tests

* Update the revocation configuration docs

* Fixes formatting error in debug log statement

* Update paste pipelines in configuration docs

* Fixed typo \'in sane manner\' to \'in a sane manner\'

* correct typos

* Prevent domains creation for the default LDAP+SQL

* Fix oauth sqlite migration downgrade failure

* Imported Translations from Transifex

* Avoid conversion of binary LDAP values (bnc#897467)

* Remove unused variable TIME_FORMAT

* Add characterization test for group role assignment listing

* Fix dn_startswith

* Fixes a mock cleanup issue caused by oslotest

* Add rst code-blocks to a bunch of missing examples

* Capitalize all instances of Keystone in the docs
2014.2.b3

* Fixed spelling mistakes in comments

* use one indentation style

* Fix admin server doesn\'t report v2 support in Apache httpd

* Add test for single app loaded version response

* Work toward Python 3.4 support and testing

* Update the federation configuration docs for saml2

* Add docs for enabling endpoint policy

* warn against sorting requirements

* Fix minor nits for token2saml generation

* Routes for Keystone-IdP metadata endpoint

Fri Sep 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev324.g7d9b8dc:

* Lower log level for notification registration

* Test cleanup: do not leak FDs during test runs

* Cleanup superfluous string comprehension and coersion

Thu Sep 4 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev318.g8661e94:

* Adds region back into the catalog endpoint

* Implementation of Endpoint Grouping

* Implement validation on Trust V3 API

* Remove TODO that was done

* Fix follow up review issues with endpoint policy backend patch

* Mark the revoke kvs backend deprecated, for removal in Kilo

Tue Sep 2 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev306.g67b474f:

* Transform a Keystone token to a SAML assertion

* Fix region schema comment

* Remove unused _validate_endpoint

* controller for the endpoint policy extension

* Implement validation on the Catalog V3 API

Mon Sep 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev296.g7b81974:

* backend for policy endpoint extension

* Implement validation on Credential V3

* Implement validation on Policy V3 API

* Fix token flush fails with recursion depth exception

* Add index for actor_id in assignments table

* Endpoint table is missing reference to region table

* add missing log hints for level C/E/I/W

* Add string id type validation

* Implement validation on Assignment V3 API

* Redirect stdout and stderr when using subprocess

Sun Aug 31 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev276.g9a8e6bd:

* Add audit support to keystone federation

* Adds tests that show how update with validation works

* Mark the trust kvs backend deprecated, for removal in Kilo

* Do not load auth plugins by class in tests

Sat Aug 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev269.ge0d8377:

* Add commas for ease of maintenance

* Comments to docstrings for notification emit methods

* Notification cleanup: namespace actions

* Add bash code style to some portions of configuration.rst

* Update tests to not use token_api

* Make persistence manager in token_provider_api private

* Add extra guarding to revoke_by_audit_id methods

* Mark methods on token_api deprecated

* Remove SAML2 plugin dependency on token_api

* Remove oauth controller dependency on token_api

Fri Aug 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev249.g18efc78:

* Mark kvs backends as deprecated, for removal in Kilo

* Add libxmlsec1 as external package dependency on OS X

* Remove assignment_api dependency on token_api

Thu Aug 28 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev243.g4bbbf81:

* Update sample config

Wed Aug 27 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev241.gf4f0bdf:

* Enhance GET /v3 to handle Accept header

* Enhance V3 extensions to provide JSON Home data

* Enhance V3 extension class to integrate JSON Home data

* Change OS-INHERIT extension to provide JSON Home data

* Change the sub-routers to provide JSON Home data

* Change V3 router classes to provide JSON Home data

* Create additional docs for role assignment events

* Add __repr__ to KeystoneToken model

* Notification Constant Cleanup and internal notify type

* Remove wsgi and base controller dependency on token_api

* Remove identity_api dependency on token_api

* Remove trust dependency on token_api

* Update AuthContextMiddleware to not use token_api

* Back off initial migration to 34

Tue Aug 26 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev213.g0b54321:

* Revoke by Audit Id / Audit Id Chain instead of expires

* assignment controller error path fix

* Make SQL the default backend for Identity & Assignment unit tests

* Enhance V3 version controller to provide JSON Home response

* Provide the V3 routers to the V3 extension controller

* Back off initial migration to 35

* Configurable python-keystoneclient repo

Mon Aug 25 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev199.gde2c6e1:

* Add CADF notifications for role assignment create and delete

* Enhance V3 routers to store basic resource description

Mon Aug 25 14:00:00 2014 bwiedemannAATTsuse.com
- use %_rundir if available, otherwise /var/run

Sat Aug 23 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev195.ge372aaf:

* Sync Py2 and Py3 requirements files

* Standardizing the Federation Process

Fri Aug 22 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev191.g463b2ee:

* Convert to urlsafe base64 audit ids

* Sync with oslo-incubator

* Add audit ids to tokens

Thu Aug 21 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev185.gf6ad8f0:

* Add notifications for policy, region, service and endpoint

* Correct the signature for some catalog abstract method signatures

* Fixing simple type in comment

* Create authentication specific routes

* Allow LDAP lock attributes to be used as enable attributes

Tue Aug 19 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev177.g498a003:

* Enable filtering of credentials by user ID

* Expose context to create grant and delete grant

* Use python convention for function names in test_notifications

* Fixes an issue with the XMLEquals matcher

Mon Aug 18 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev170.g2e49770:

* Use mail for the default LDAP email attribute name

Sat Aug 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev168.g45728c5:

* Bump hacking to 0.9.x series

* Rename bash8 requirement

* Support the hints mechanism in list_credentials()

* Keystone service throws error on receiving SIGHUP

* Issue multiple SQL statements in separate engine.execute() calls

Fri Aug 15 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev159.ga1da397:

* Do not require method attribute on plugins

Thu Aug 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev157.g409c94d:

* Remove _BaseFederationExtension

* Add a URL field to region table

* Remove unnecessary declaration of CONF

* Filter List Regions by \'parent_region_id\'

Wed Aug 13 14:00:00 2014 tbechtoldAATTsuse.com
- Update to version keystone-2014.2.dev149.g2ea3006:

* Updates the sample config

* remove unused import

* Clean whitespace off token

* Remove strutils and timeutils from openstack-common.conf

* Use functions in oslo.utils

* Add an OS-FEDERATION section to scoped federation tokens

* Ensure roles created by unit tests have correct attributes

* Update control_exchange value in keystone.conf

* swap import order of lxml

* add i18n to lxml error

* Check for empty string value in REMOTE_USER

* Refactor names in catalog backends

* Update CADF auditing example to show non-payload information

* Remove ec2 contrib dependency on token_api

* Expose token revocation list via token_provider_api

* Remove assignment controller dependency on token_api

* Refactor serializer import to XmlBodyMiddleware

* Delete intersphinx mappings

* Fix documentation link

* Make token_provider_api contain token persistence

* Remove S3 middleware tests from tox.ini

* Remove unused function

* Add oslo.utils requirement

* Surround REMOTE_USER variable name with quotes

* Remove `with_lockmode` use from Trust SQL backend

* Improve instructions about federation

* Do not override venvs

* Imported Translations from Transifex

* Remove debug CADF payload for every authN request

* Don\'t override tox envdir for pep8 and cover jobs
- Add python-oslo.utils to requirements and post requirements

Sun Aug 3 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev60.g1ef2975:

* Fix invalid self link in get access token

* Details the proper way to call a callable

Fri Aug 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev56.g76f3c55:

* Check that region ID is not an empty string

Thu Jul 31 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev54.ga617408:

* Do not consume trust uses when create token fails

* Refactor set domain-id and mapping code

Wed Jul 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev50.g99bef1f:

* Add filters to the collections \'self\' link

* Use config fixture from oslo.config

* Updated from global requirements

* KeyError instead of exception.KeyError

* Remove duplicated asserts

* Check url is in the \'self\' link in list responses

* Update middleware that was moved to keystonemiddleware

Tue Jul 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev36.g5017993:

* Update setup docs with Fedora 19+ dependencies

* Correct revocation event test for domain_id (bnc#892099, CVE-2014-5253)

* Add workaround to support tox 1.7.2

* Fix for V2 token issued_at time changing (bnc#892095, CVE-2014-5252)

* Sqlite files excluded from the repo

Mon Jul 28 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev26.gdf13caf:

* Fixes a capitalization issue

* Add tests related to V2 token issued_at time changing

* Sample config update

* auth tests should not require admin token

Fri Jul 25 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev19.g4cbe8ca:

* Add the new Keystone TokenModel

* Add X-Auth-Token header in federation examples

* Clean up EP-Filter after delete project/endpoint

* add internal delete notification for endpoint

* remove static files from docs

* Move token persistence classes to token.persistence module

Thu Jul 24 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev7.g1c88ead:

* cache the catalog

* Disable a domain will revoke tokens under the same domain

* Adding support for ldap connection pooling
2014.2.b2

* Add the new oslo.i18n as a dependency for Python 3

Thu Jul 24 14:00:00 2014 dmuellerAATTsuse.com
- Update to version keystone-2014.2.dev225.g686597b:

* Fixes test_exceptions.py for Python3

* Fixes test_wsgi for Python3

* Adds several more test modules that pass on Py3

* Reduces the amount of mocked imports for Python 3

* Disables LDAP unit tests

* Updated from global requirements

* Initial implementation of validator

* Mark the \'check_vX_token\' methods deprecated

* Extracting get group roles for project logic to drivers

* implement GET /v3/catalog

* Adds coverage report to py33 test runs

* Fixed tox cover environment to share venv

* Regenerate sample config file

* Example JSON files should be human-readable

* Consolidate `assert_XXX_enabled` type calls to managers

* Move keystone.token.default_expire_time to token.provider

* Move token_api.unique_id to token_provider_api

* Capitalize a few project names in configuring services doc

* Fixes a Python3 syntax error

* Introduce pragma no cover to asbtract classes

* project disabled/deleted notification recommendations

* Use oslo.i18n

* Implicitly ignore attributes that are mapped to None in LDAP

Thu Jul 24 14:00:00 2014 dmuellerAATTsuse.com
- fix requires

Thu Jul 17 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev180.gc1a6639:

* Sync with oslo-incubator

* render json examples with syntax highlighting

* Avoid loading a ref from SQL to delete the ref

* Add revocation extension to default pipeline

* Update docs to reflect new db_sync behaviour

* Migrate default extensions

* Update the configuration docs for the revocation extension

* LDAP: Added documentation for debug_level option

* Fixes the order of assertEqual arguments

Wed Jul 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev162.g362216b:

* Make sure unit tests set the correct log levels

* Clean up the endpoint filtering configuration docs

Sat Jul 12 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev158.gbbfd58a:

* multi-backend support for identity

* Add oslo.i18n as dependency

* Do not use lazy translation for keystone-manage

* Remove deprecated token_api.list_tokens

* Imported Translations from Transifex

* Add keystonemiddleware to requirements

* Do not use keystone\'s config for nova\'s port

* Adds hacking check for debug logging translations

Fri Jul 11 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev144.gb3f9a5f:

* Add _BaseFederationExtension class

* Correct the region table to be InnoDB and UTF8

* HEAD responses should return same status as GET

* Make OS-FEDERATION core.Driver methods abstract

Wed Jul 9 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev137.gfac022a:

* Fix OAuth1 to not JSON-encode create access token response

* Do not support toggling key_manglers in cache layer

Tue Jul 8 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev133.g9d0ecaa:

* Updated from global requirements

* Sync with oslo-incubator e9bb0b59

* Fix the section name in CONTRIBUTING.rst

* Fix docs and scripts for pki_setup and ssl_setup

Sun Jul 6 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev127.gb4140ae:

* Add schema check for OS-FEDERATION mapping table

Sat Jul 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev126.g59e01e5:

* update example with a status code we actually use

* Correct docstring for assertResponseSuccessful

* remove default=None for config options

Thu Jul 3 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev122.g4e45a5f:

* Ending periods in exception messages deleted

* Ensure that in v2 auth tenant_id matches trust (bnc#885798, CVE-2014-352)

* Add identity mapping capability

Wed Jul 2 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev117.gb2f3b5c:

* Updated from global requirements

* Move bash8 to run under pep8 tox env

Tue Jul 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev114.g7c47629:

* Fix test for get_
*_by_name invalidation

* Remove backend_entities from backend_ldap.conf

* Do not leak SQL queries in HTTP 409 (conflict)

Sun Jun 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev108.g50be156:

* Remove db, db.sqlalchemy from openstack-common.conf

* Consolidate provider calls to token_api.create_token

* Updates Python3 requirements to match Python2

* TestAuthInfo class in test_v3_auth made more efficient

* Only emit disable notifications for project/domain on disable

* Fixes catalog URL formatting to never return None

* Updates keystone.catalog.core.format_url tests

Sat Jun 28 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev94.gd96d546:

* Regenerate sample config file

Fri Jun 27 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev92.gbaf4c23:

* Adds oslo.db support for Python 3 tests

* Imported Translations from Transifex

* Do not log 14+ INFO lines on a broken pipe error (eventlet)

* Convert explicit session get/begin to transaction context

Thu Jun 26 14:00:00 2014 dmuellerAATTsuse.com
- Update to version keystone-2014.2.dev85.gf82b887:

* deprecate LDAP config options for \'tenants\'

* the user_tenant_membership table was replaced by \"assignment\"

* Corrects minor spelling mistakes

* Ignoring order of user list in TenantTestCase

* Make gen_pki.sh & debug_helper.sh bash8 compliant

* Update docs to reference #openstack-keystone

* Don\'t set sqlite_db default

* Migrate ID generation for users/groups from controller to manager

* oslo.db implementation

* Test `common.sql` initialization

* Kerberos as method name

* test REMOTE_USER does not authenticate

* Document pkiz as provider in config

* Fix the typo and reformat the comments for the added option

* Updated from global requirements

* fix flake8 issues

* Update sample keystone.conf file

* Fix 500 error if request body is not JSON object

* Default to PKIZ tokens

* Fix a few typos in the shibboleth doc

* Ignore broken endpoints in get_catalog

* Properly invalidate cache for get_
*_by_name methods

* remove unnecessary word in docs: \'an\'

* remove unneeded definitions of Python Source Code Encoding

* update release support warning for domain-specific drivers

Wed Jun 18 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev36.gd9193ce:

* pkiz String conversion

* Add instructions for removing pyc files to docs

* Add missing docstrings and 1 unittest for LDAP utf-8 fixes

* install gettext on OS X for msgfmt

Tue Jun 17 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev28.gd738598:

* Allow for multiple PKI Style Providers

* Password trunction makes password insecure

Mon Jun 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev24.g7029722:

* enable multiple keystone-all worker processes

Sun Jun 15 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev22.g51a05bd:

* Add cloud auditing notification documentation

* Fixes typo error in Keystone

* Make sure domains are enabled by default

* Add v3 curl examples

* Sync service module from oslo-incubator

* gitignore etc/keystone/

* Enforce ``saml2`` protocol in Apache config

* Use translation hints

* Fix type error message in format_url

Sat Jun 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev4.ge7baea2:

* Block delegation escalation of privilege (bnc#881977, CVE-2014-3476)

Fri Jun 13 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev2.g4f93ec6:
2014.2.b1

* Use code-block for curl examples

Wed Jun 11 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev349.gfb0e4c5:

* add docs on v2 & v3 support in the service catalog

Tue Jun 10 14:00:00 2014 cloud-develAATTsuse.de
- Rebased patches:
+ 0001-Consistenly-use-jsonutils-instead-of-json.patch dropped (merged upstream)

Tue Jun 10 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev347.g8de4ffa:

* Make sure all the auth plugins agree on the shared identity attributes

* Catalog driver generates v3 catalog from v2 catalog

* fixed several pep8 issues

* Consistenly use jsonutils instead of json

Mon Jun 9 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev339.ga0a3237:

* Code which gets and deletes elements of tree was moved to one method

* Remove obsolete note from ldap

Fri Jun 6 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev335.g3c07fba:

* Add v2 & v3 API documentation

* Compressed Token Provider

* document keystone-specs instead of LP blueprints in README

Thu Jun 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev329.g983baf4:

* remove out of date docs for Fedora 15

Wed Jun 4 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev327.g25a7f4a:

* Invalid command referenced in federation documentation

* Fix curl example refs in docs

* pep8: do not test locale files

* Updated from global requirements

* Refactor driver_hints

* Unimplemented get roles by group for project list

* Update mailmap entry for Brant

Sat May 31 14:00:00 2014 dmuellerAATTsuse.com
- add 0001-Consistenly-use-jsonutils-instead-of-json.patch

Sat May 31 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev314.g3556857:

* Make sure scoping to the project of a disabled domain result in 401

* Fixed wrong behavior when updating tenant or user with LDAP backends

* Cleanup openstack-common.conf and sync from olso

* Refactor tests regarding required attributes

* Check that the user is dumb moved to the common method

Fri May 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev304.g6ed0549:

* document pki_setup and ssl_setup in keystone.conf.sample

Thu May 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev303.g93bc881:

* recommend excluding 35357 from ephemeral ports

* Fixes duplicated DELETE queries on SQL backends

* Suggest users to remove REMOTE_USER from shibd conf

* Imported Translations from Transifex

* indicate that sensitive messages can be disabled

* replaced unicode() with six.text_type()

* no one uses macports

Wed May 28 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev290.g972322d:

* Fix spelling mistakes in docs

* Replace magic value \'service/security\' in CadfNotificationWrapper

* Replace assertTrue and assertFalse with more suitable asserts

* remove a few backslash line continuations

Tue May 27 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev282.g97fca80:

* sql migration: ensure using innodb utf8 for assignment table

Mon May 26 14:00:00 2014 dmuellerAATTsuse.com
- setup tmpdirs under systemd distributions

Mon May 26 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev280.g8b83737:

* install from source docs never actually install the keystone service

Sun May 25 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev278.g660d351:

* Cleanup of ldap assignment backend

Sat May 24 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev276.g7d09cdc:

* LDAP fix for get_roles_for_user_and_project user=group ID
(bnc#876902, CVE-2014-0204)

* Mapping engine does not handle regex properly

* Regenerate sample config

* Stronger assertion for test_user_extra_attribute_mapping

Fri May 23 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev268.g6c9b48f:

* Reduce log noise on expired tokens

* Fix version links to docs.openstack.org

Wed May 21 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev264.g72f046f:

* Remove all mostly untranslated PO files

* SQL fix for get_roles_for_user_and_project user=group ID

Sun May 18 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev261.g455d50e:

* Add note for v3 API clients using auth plugin docs

* Refactor test_auth trust related tests

* Add mailmap entry

Wed May 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev255.g3ca5ce4:

* Make the LDAP debug option a configurable setting

Tue May 13 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev253.g8697b39:

* Add detailed federation configuration docs

* Escape values in LDAP search filters

Fri May 9 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev249.g401294d:

* Reduce excess LDAP searches

Tue May 6 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev248.g820e4f1:

* Refactor create_trust for readability

* Adds several more tests to the Python 3 test run

Mon May 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev246.g3ec0c5e:

* Fixed the policy tests in Python 3

* Fixed the size limit tests in Python 3

* Fix cache configuration checks

Sat May 3 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev242.g1e6b45f:

* setUp must be called on a fixture\'s parent first

* First real Python 3 tests

* Make the py33 Jenkins job happy

Fri May 2 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev236.ga725b67:

* fixed typos found by RETF rules in RST files

* Remove the configure portion of extension docs

* Ensure token is a string

* Fixed some typos throughout the codebase

* Allow \'description\' in V3 Regions to be optional

* More random values for oAuth1 verifier

* Set proper DB_INIT_VERSION on db_version command

* Sync with oslo-incubator 28fba9c

* Check that all po/pot files are valid

* Refactor service readiness notification

Thu May 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev216.g1dde174:

* Add rally performance gate job for keystone

Wed Apr 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev214.g314c032:

* Migration DB_INIT_VERSION in common place

* Redundant unique constraint

* Correct `nullable` values in models and migrations

Tue Apr 29 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev208.g69ef772:

* Move hacking code to a separate fixture

* Some methods in ldap were moved to superclass

* Use oslo.test mockpatch

* Refactor notifications

* Ignore broken endpoints in get_v3_catalog

Sun Apr 27 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev198.gd4c4a96:

* No longer allow listing users by email

* Fix sql_upgrade tests run by themselves

* Refactor test_password_hashed to the backend testers

* Fix catalog Driver signatures

Sat Apr 26 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev190.g64857e3:

* Add localized response test

* Make test_revoke expiry times distinct

* Removed duplication with list_user_ids_for_project

* Fix the \"search for sql.py\" files for db models

* Sync with oslo-incubator 74ae271

* Updated from global requirements

* Compatible server default value in the models

* Explicit foreign key indexes

* Added statement for ... if ... else

* More notification unit tests

* Fix typo of ANS1 to ASN1

Fri Apr 25 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev169.gb44ba65:

* Imported Translations from Transifex

* Fix typo on cache backend module

Thu Apr 24 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev166.g2fea4a9:

* Code which gets elements of tree in ldap moved to a common method

* Include extra attributes in list results

* Configurable token hash algorithm

Wed Apr 23 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev160.gc267914:

* Discourage use of pki_setup

* Fixes for in-code documentation

Tue Apr 22 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev156.gfd5a148:

* add dependencies of keystone dev-enviroment

Mon Apr 21 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev155.g0773c4e:

* Remove LDAP password hashing code

Sun Apr 20 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev153.gaca369f:

* More efficient DN list for LDAP role delete

* Allow any attributes in mapping

Sat Apr 19 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev150.g4907779:

* Don\'t re-raise instance

* Enhance tests for user extra attribute mapping

Fri Apr 18 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev146.ge55216e:

* Isolate backend loading

* Adding one more check on project_id

* Cleanup of test_cert_setup tests

Wed Apr 16 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev140.g0473e5a:

* Add missing import, remove trailing \":\" in middleware example

* Sync with oslo-incubator 2fd457b

* Remove unnecessary dict copy

* Removed unused code

Tue Apr 15 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev133.gde33c22:

* Moves test database setup/teardown into a fixture

* More debug output for test

* Updated from global requirements

Mon Apr 14 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev127.g4cc6a9c:

* Collapse SQL Migrations

Sat Apr 12 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev125.g58d71b9:

* Refactor: moved flatten function to utils

* Treat LDAP attribute names as case-insensitive

* Adds style checks to ease reviewer burden

* Refactor: move federation functions to federation utils

* Convert test_backend_ldap to config fixture

* Fix assertEqual arguments order(catalog, cert_setup, etc)

Fri Apr 11 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev114.g9b580d2:

* replace word \'by\' with \'be\'

* List all forbidden attributes in the request body

Thu Apr 10 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev110.gda4d4a1:

* Adding more descriptive error message

* Fixed wrong behavior in method search_s in BaseLdap class

Wed Apr 9 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev108.gdc43f94:

* Fix response for missing attributes in trust

* Add tests for user ID with comma

* Cleanup config.py

Tue Apr 8 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev103.g76b396a:

* Clean up config help text

Sun Apr 6 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev101.g284511a:

* Remove common.V3Controller.check_required_params() method

Sat Apr 5 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev99.gdef83cc:

* Fix invalid LDAP filter for user ID with comma

* Remove assignment proxy methods/controllers

* Remove legacy_endpoint_id and enabled from service catalog

* Replace all use of mox with mock

* Reduce environment logging

* Add slowest output to tox runs (testr)

Fri Apr 4 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev87.g8c53f42:

* Fix parallel unit tests keystoneclient partial checkout

* Sync from oslo db.sqlalchemy.migration

* Removes unused db_sync methods

* Removes useless wrapper from manager base class

* For ldap, API wrongly reports user is in group

* Keystone doesn\'t use pam

* remove the unused variable in test_sql_upgrade

Thu Apr 3 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev73.gd8c0c81:

* Sanitizes authentication methods received in requests

* Fix create_region_with_id raise 500 Error bug

* Make service catalog include service name

* Remove unused db_sync from extensions

Wed Apr 2 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev65.gd33cd47:

* support conventional domain name with one or more dot

* Remove _delete_tokens function from federation controller

Tue Apr 1 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev61.gb803fe8:

* Fixed small capitalization issue

* Removes some duplicate setup from a testcase

* Updated from global requirements

* Enable concurrent testing by default

* Moves database setup/teardown closer to its usage

* Fix assertEqual arguments order(auth_plugin, backend, backend_sql, etc)

* Fix the order of assertEqual arguments(keystoneclient, kvs, etc)

Sun Mar 30 14:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev47.ge8d8306:

* Fix Jenkins translation jobs

Sat Mar 29 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev46.g7882359:

* Cleanup ldap tests (mox and reset values)

* Check domain_id with equality in assignment kvs

* Imported Translations from Transifex

* test_v3_token_id correctly hash token

* Safer noqa handling

* Expand the use of non-ascii values in ldap test

* Properly handle unicode & utf-8 in LDAP

* Refactor LDAP API

* Remove unnecessary test setUps

* Use CMS to generate sample tokens

* Allows override of stdout/stderr/log capturing

* Cleanup revocation query

* Use assertIsNone when comparing against None

* Removes the use of mutables as default args

* Use assertIn in test_v3_catalog

* Start using to oslotest

* Fix test_provider_token_expiration_validation transient failure

Fri Mar 28 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev13.ga5382fa:

* Remove noqa form import _s

* Use in-memory SQLite for sql migration tests

* Use in-memory SQLite for testing

* Remove extraenous instantiations of managers

* Add placeholders for reserved migrations
2014.1.rc1

* code hygiene; use six.text_type, escape regexp\'s, use key function

* Add a space after the hash for block comments

Thu Mar 27 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.2.dev176.g724d056:

* Open Juno development

* Enable lazy translations in httpd/keystone.py

* Avoid using .values() on the indexed columns

* Imported Translations from Transifex

* revert deprecation of v2 API

* Updated from global requirements

* Uses generator expressions instead of filter

Wed Mar 26 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev162.g3056dc5:

* exclude disabled services from the catalog

* refactor AuthCatalog tests

* Rename keystone.tests.fixtures

* Change the default version discovery URLs

* Remove extra cache layer debugging

* Fix doc build errors with SQLAlchemy 0.9

* Sync oslo-incubator db.sqlalchemy b9e2499

* Always include \'enabled\' field in service response

Tue Mar 25 13:00:00 2014 cloud-develAATTsuse.de
- Rebased patches:
+ 0001-Create-TMPDIR-for-tests-recursively.patch dropped (merged upstream)
+ 0001-Create-TMPDIR-for-tests-recursively.patch dropped (merged upstream)

Tue Mar 25 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev146.ge7b3005:

* Create TMPDIR for tests recursively

* test tcp_keepidle only if it\'s available on the current platform

* Add dedicated URL for issuing unscoped federation tokens

Mon Mar 24 13:00:00 2014 dmuellerAATTsuse.com
- add 0001-Create-TMPDIR-for-tests-recursively.patch

Mon Mar 24 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev141.g0fb0dfd:

* Filter SAML2 assertion parameters with certain prefix

Sun Mar 23 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev139.g1e84251:

* Use oslo db.sqlalchemy.session.EngineFacade.from_config

Sat Mar 22 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev137.ga3c7553:

* Add support for parallel testr workers in Keystone

* is_revoked check all viable subtrees

* update sample conf

* explicitly import gettext function

* expires_at should be in a tuple not turned into one

* Comparisons should account for instantaneous test execution

* Make domain_id immutable by default

* Do not expose internal data on UnexpectedError

* Filter LDAP dumb member when listing role assignments

Fri Mar 21 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev121.gff88763:

* Ability to turn off ldap referral chasing

* Add user_id when calling populate_roles_for_groups

* Store groups ids objects list in the OS-FEDERATION object

* Uses explicit imports for _

* Rename scope_to_bad_project() to test_scope_to_bad_project()

* Make LIVE Tests configurable with ENV

Wed Mar 19 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev109.gd4574a7:

* Move test .conf files to keystone/tests/config_files

* Removal of test .conf files

Tue Mar 18 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev105.gd906f57:

* Filter out nonstring environment variables before rules mapping

* Provide option to make domain_id immutable

* Replace httplib.HTTPSConnection in ec2_token

* Don\'t automatically enable revocation events

* Ensure v3policysample correctly limits domain_admin access

* Sync db, db.sqlalchemy from oslo-incubator 0a3436f

* Do not use keystone.conf.sample in tests

* Use class attribute to represent \'user\' and \'group\'

* trust creation allowed with empty roles list

Mon Mar 17 13:00:00 2014 rhaferAATTsuse.com
- switch over to non-openstack-prefix\'ed users

Sat Mar 15 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev88.gcd3b6f6:

* Update sample config

* remove hardcoded SQL queries in tests

* Fix db_version failed with wrong arguments

Fri Mar 14 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev82.g358674a:

* Updated from global requirements

* Remove unnecessary oauth1.Manager constructions

* Enforce groups presence for federated authn

* Very minor cleanup to default_fixtures

* Cleanup keystoneclient tests

* Cleanup fixture data added to test instances

* Cleans up test data from limit tests

* Cleanup of instance attrs in core tests

* Cleanup backends after each test

* Fix include only enabled endpoints in catalog

* Add unit tests for disabled endpoints in catalog

* Add OS-OAUTH1 to consumers links section

Thu Mar 13 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev58.gcb742d0:

* Fixup region description uniqueness

* Add missing documentation for enabling oauth1 auth plugin

* Configurable temporary directory for tests

Wed Mar 12 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev52.g989dd71:

* Add missing documentation for enabling federation auth plugin

* Call an existing method in sync cache for revoke events

* Remove unnecessary calls to self.config()

* Import order is fixed

Tue Mar 11 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev45.gfb8209e:

* Use config fixture

Mon Mar 10 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev43.g58bb5e9:

* Fix docstrings in federation related modules

* Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd

* V3 xml responses should use v3 namespace
2014.1.b3

* Update ADMIN_TOKEN description in docs

* Remove unused function from tests

* Don\'t need session.flush in context managed by session

* Remove vim headers

* Removes use of timeutils.set_time_override

* Removes a redundant test

* revocation_list only call isotime on datetime objects

* Handle exception messages with six.text_type

* Fix webob.exc.HTTPForbidden parameter miss

Fri Mar 7 13:00:00 2014 speilickeAATTsuse.com
- Use sphinx-build rathern than pbr-infested setup.py build_sphinx

Fri Mar 7 13:00:00 2014 speilickeAATTsuse.com
- Fix requirements

Thu Mar 6 13:00:00 2014 speilickeAATTsuse.com
- Update to version keystone-2014.1.dev515.g8c168bc:

* v3 endpoint create should require url
- Fixed requirements

Thu Mar 6 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev513.g7913636:

* Mark revoke as experimental

* Imported Translations from Transifex

* allow create credential with the system admin token

* Always include \'enabled\' field in endpoint response

* Add the last of the outstanding helpstrings to config

* Update curl api example to specify tenant

* Update Oslo wiki link in README

* Lazy gettextutils behavior

* Update Oslo wiki link in README

Thu Mar 6 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev495.g388155c:

* Stop gating on up-to-date sample config file

* Token Revocation Extension

Wed Mar 5 13:00:00 2014 bwiedemannAATTsuse.com
- Update to version keystone-2014.1.dev492.g4bec42e:

* drop key distribution from icehouse

* Limited use trusts

* Remove common.sql.migration

Tue Mar 4 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev487.ge9c5a00:

* Properly configure OS-EP-FILTER test backend

* Add tests for endpoint enabled

* Remove the un-used and non-maintained PAM identity backend

* SQLAlchemy Change to support more strict dialect checking

* Update oslo-incubator log.py to a01f79c

Mon Mar 3 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev477.gfb19984:

* deprecate XML support in favor of JSON

* Remove unused variable

* Replace assertEqual(None,
*) with assertIsNone in tests

* Fix assertEqual arguments order(_ldap_tls_livetest, backend_kvs, etc)

Mon Mar 3 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev469.g0908a0b:

* Remove paste_deploy from test_overrides.conf

* Remove \"test-only\" pam config options

* Imported Translations from Transifex

* Fix assertEqual arguments order(backend_ldap, cache, v3_protection)

* add policy entries for /v3/regions

Sun Mar 2 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev460.g42e2375:

* Fix get project users when no user exists

* Implement V3 Specific Version of EC2 Contrib

* Support authentication via SAML 2.0 assertions

* oauth1 extension migration fails with DB2

Sat Mar 1 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev453.g716c52c:

* Fix table name typo in test_sql_upgrade

* Cleanup and add more config help strings

* Ensure v2 API only returns projects in the default domain

* Fix the order of assertEqual arguments(v3_auth, v3_identity)

Thu Feb 27 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev445.g9663fa8:

* Support for mongo as dogpile cache backend

* Fix issue with DB upgrade to assignment table

* Remove duplicated cms file

Wed Feb 26 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev440.g8c8f776:

* Unimplemented error on V3 get token

* Updated from global requirements

* Fix keystone-manage db_version

* Remove redundant default value None for dict.get

* Always hash passwords on their way into the DB

* Refactor tests move assertValidErrorResponse

Tue Feb 25 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev428.gb5a26b3:

* Move _BaseController to common/controllers.py

* Remove oslo rpc

* Uses the venv virtualenv for the pep8 command

* Update man pages

* Remove auth_token middleware doc

Mon Feb 24 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev418.g8bc0433:

* Sync db.exception from Oslo

* Add tests for create grant when no group

* Add tests for create grant when no user

* Add version routes to KDS

* KDS fix documented exception

* Remove unused method _get_domain_id_from_auth

Sun Feb 23 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev406.g72b794f:

* Remove oslo notifier

* Keystone doc has wrong keystone-manage command

Sat Feb 22 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev402.g932647d:

* Correct a docstring in keystone.common.config

* Enable pep8 test against auto-generated configuration

* Update config options with helpstrings and generate sample

* strengthen assertion for unscoped tokens

* bad config user_enable_emulation in mask test

* Fix test_provider_token_expiration_validation transient failure

* Update oslo-incubator fixture to 81c478

* Mark strings for translation in ldap backends

Fri Feb 21 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev386.g472cc5e:

* Fix assertEqual arguments order

* Remove sql.Base

* Add test for list project users when no user

Thu Feb 20 13:00:00 2014 dmuellerAATTsuse.com
- Update to version keystone-2014.1.dev381.g9fbb60d:

* Convert Token Memcache backend to new KeyValueStore Impl

* Implement mechanism to provide non-expiring keys in KVS

* Rationalize the Assignment Grant Tables

* Keystone team uses #openstack-keystone now

* Adds model mixin for {to,from}_dict functionality

* Adds Cloud Audit (CADF) Support for keystone authentication

* Use class attribute to represent \'project\'

* Switch over to oslosphinx

* Replace notifier with oslo.messaging

* Clean StatsController unnecesary members

* Use global to represent OS-TRUST:trust

* Additional notifications for revocations

* Use Oslo.db migration

* `find_migrate_repo` improvement

* Variable \'domain_ref\' referenced before assignment

* Cleanup Dogpile KVS Memcache backend support

* Restructure KDS options to be more like Keystone\'s options

* Setup code for auto-config sample generation

* Correct `find_migrate_repo` usage

* Make live LDAP user DN match the default from devstack

* Set sensible default for keystone\'s paste

* Treat sphinx warnings as errors

* Use WebOb directly in ec2_token middleware

* Add lockfile and kombu as requirements for keystone

* Move filter_limit_query out of sql.Base

* List trusts, incorrect self link

* LDAP: document enabled_emulation

* Provide clearer error when deleting enabled domain

* Cleanup oauth tests

* Correctly normalize consumer fields on update

Fri Feb 14 13:00:00 2014 dmuellerAATTsuse.com
- added patches:

* 0001-Set-sensible-default-for-keystone-s-paste.patch

Fri Feb 14 13:00:00 2014 dmuellerAATTsuse.com
- revert last change
- fix keystone-manage.log permissions

Fri Feb 14 13:00:00 2014 speilickeAATTsuse.com
- Use oauthlib on openSUSE and keep oauth2 for SLE

Fri Feb 14 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev310.ge8f8c17:

* Remove s3_token functional tests

* Remove copyright from empty files

* Syncing policy engine from oslo-incubator

* Rename Openstack to OpenStack

* Refactor get role for trust

* Adds a fixture for setting up the cache

* Fixes bug in exception message generation

* reverse my preferred mailmap

* Notifications upon disable

* Move identity logic from controller to manager

* Changing testcase name to match our terminology

* explicitly expect hints in the AATTtruncated signature

* list limit doc cleanup

* Correct error class in find_migrate_repo

* Enforce current certificate retrieval behaviour

* Use WebOb directly for locale testing

* Doc - Keystone configuration - moving RBAC section

* Do not use auth_info objects for accessing the API

* Update kvs assignment backend docs

* Remove vim header

* Document priority level on Keystone notifications

* Uses six.iteritems for Python3 compat

* Use message when creating Unauthorized exception

* Use passed filter dict param in core sql filtering

* Tests use setUp rather than init

* Tests remove useless config list cleanup code

* Reference dogpile.cache.memcached backend properly

* Safe command handling for openssl

Thu Feb 13 13:00:00 2014 dmuellerAATTsuse.com
- remove log_file option setting
- added patches:

* 0001-Switch-over-to-oslosphinx.patch

Thu Feb 13 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev255.g586a3ff:

* Allow specifying region ID when creating region

* Cleanup KDS doc build errors

* Add in functionality to set key_mangler on dogpile backends

* Fix indentation issue

* Cleanup invalid token exception text

* Fixes a misspelling

* Doc - Detailing objects\' attributes available for policy.json

* Remove unused method _get_domain_conf

* Remove unused method _store_protocol

* Remove tox locale overrides

* Remove unused methods from AuthInfo

* Remove unused method _create_metadata

* revise example extension directory structure

* Update db.sqlalchemy.session from oslo-incubator 018138

* Do not call deprecated functions

* Fixes a Python3 syntax error using raise

* Uses six.text_type instead of unicode

* Removes xrange for Python3 compat

* Cleanup sample config

* Remove unused variable assignment

* Remove legacy diablo and essex test cruft

* Enhancing tests to check project deletion in Active Directory

* Change assertTrue(isinstance()) by optimal assert

* sync oslo-incubator log.py

* turn off eventlet.wsgi debug

Wed Feb 12 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev205.gfcc1547:

* Adds rule processing for mapping

* Limit calls to memcache backend as user token index increases in size

* Implement list limiting support in driver backends

* Update the default_log_levels defaults

* Correct sample config default log levels

Tue Feb 11 13:00:00 2014 cloud-develAATTsuse.de
- Update to version keystone-2014.1.dev195.g6ed19c2:

* Style the code examples in docs as python

* Deprecate s3_token middleware

* Update requirements to 661e6

* Fix misspellings in keystone

* Removes use of fake_notify and fixes notify test

* Remove host from per notification options

* Remove default_notification_level from conf

* Mock sys.exit in testing

* Move v3_to_v2_user from manager to controller

* Adds tcp_keepalive and tcp_keepidle config options

* clean up keystone-manage man page

* Fix indentation errors found by Pep8 1.4.6+

* Fix assignment to not require user or group existence

* cleaned up extension development docs

* Tests initialize database

* Improve forbidden checks

* rename templated.TemplatedCatalog to templated.Catalog

Sun Feb 9 13:00:00 2014 speilickeAATTsuse.com
- Update to version keystone-2014.1.dev161.g211bfc3:

* Ensure mapping rule has only local and remote properties

* fix grammar error in keystone-manage.rst

* Add rules to be a required field for mapping schema

* Cleanup docstrings

* Removes useless string

* Removes duplicate key from test fixtures

* Add tests to ensure additional remote properties are not validated

* Change \'oauth_extension\' to \'oauth1_extension\'

* Modified keystone endpoint-create default region

* Load the federation manager

* Sync oslo\'s policy module

* Replace urllib/urlparse with six.moves.
*

* Change Continuous Integration Project link

* Refactor Auth plugin configuration options

* Use self.opt_in_group overrides

* Federation IdentityProvider filter fields on update response

* Remove unnecessary test methods

* Refactor federation controller class hierarchy

* Refactor mutable parameter handling

* Make error strings translatable

* Add required properties field to rules schema

* deprecate access log middleware

* remove access log middleware from the default paste pipeline

* deprecate v2.0 API in multiple choice response

* Add a docstring and rename mapping tests

* Remove versionId, versionInfo, versionList from examples

* Don\'t set default for a nullable column

* Remove autoincrement from String column
- Replace git_tarballs source service with download_files and set_version
+ Use upstream URL as source (enables verification)

Thu Feb 6 13:00:00 2014 dmuellerAATTsuse.com
- fix typo in logrotate

Sun Feb 2 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev134.ge2f8277:
+ Make error strings translatable
+ Sync oslo\'s policy module

Sat Feb 1 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev130.g14a159b:
+ Use self.opt_in_group overrides
+ remove access log middleware from the default paste pipeline
+ Refactor Auth plugin configuration options
+ Refactor mutable parameter handling
+ Refactor federation controller class hierarchy
+ Remove unnecessary test methods
+ Federation IdentityProvider filter fields on update response
+ deprecate access log middleware

Fri Jan 31 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev115.g70b2f2a:
+ Make boolean query filter \"False\" argument work
+ deprecate stats middleware
+ Policy sample - Identity v3 resources management
+ Drop unsused \"extras\" dependency
+ Introduce database functionality into KDS
+ Add required properties field to rules schema
+ Add a docstring and rename mapping tests

Thu Jan 30 13:00:00 2014 speilickeAATTsuse.com
- Set common name of example certs to FQDN to make then slightly more
useful

Thu Jan 30 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev101.g4fc6e97:
+ Fix list_projects_for_endpoint failed bug
+ Fix federation documentation reference
+ Fix docstrings in federation controller.
+ Remove autoincrement from String column.
+ Don\'t set default for a nullable column

Wed Jan 29 13:00:00 2014 dmuellerAATTsuse.com
- move cronjob to hourly

Mon Jan 27 13:00:00 2014 dmuellerAATTsuse.com
- fix dependency

Mon Jan 27 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev91.g51602dc:
+ correct the document links in man documents
+ Fix test_auth isolation

Mon Jan 27 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev87.g28f43f8:
+ Use six.text_type to replace unicode
+ Remove sql.Base.get_session
+ Move sql.Base.transaction
+ Don\'t mask the filter built-in
+ description is wrong in endpoint filter rst doc
+ append extension name to trust notifications
+ Adds support for username to match the v2 spec
+ build auth context from middleware
+ Clean up docstrings in contrib.oauth1.core

Sun Jan 26 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev70.g455219d:
+ Fix reading cache-time before configured
+ Don\'t configure on import
+ Fix typos in documents and comments
+ Cleanup eventlet setup
+ use assertEqual instead of assertIs for string comparison
+ Use six to make dict work in Python 2 and Python 3
+ Implement filter support in driver backends
+ renamed extensions development doc
+ Allow event callback registration for arbitrary resource types
+ Unify StringIO usage with six.StringIO

Sat Jan 25 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev50.gdaa44b8:
+ Sync several modules from oslo-incubator
+ Sync with global requirements
+ remove unused LOG
+ Use six.string_types instead of basestring
+ derive custom exceptions directly from Exception
+ Don\'t duplicate the existing config file list
+ initialize environment for tests that call popen
+ Remove unused variables from common.config

Fri Jan 24 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev34.g627141f:
+ Document running with pdb
+ Fix sample config external default doc
+ Subclasses of TestCase don\'t need to reset conf
+ Cleanup test_no_admin_token_auth cleanup code
+ Refactor context trust_id check to wsgi.Application base class
+ Store trust_id for v3/credentials ec2 keypairs
+ Store ec2 credentials blob as json
+ v3 credentials, ensure blob response is json
+ Enable lazy translation
+ Move KDS paths file
+ Update comments in test_v3_protection.py
+ Identity Providers CRUD operations
+ Add mapping function to keystone
+ Switch from 400 to 403 on ImmutableAttributeError
+ Simple Certificate Extension
+ Fixup incorrect comment
+ Remove kwargs from trust_api.create_trust
+ Implement notifications for trusts
+ Merge db.sqlalchemy from oslo-incubator af5f710
+ Sync oslo strutils.py
+ Enhance tests for non-default default_domain_id
+ Remove unused member from KVS assignment
+ KVS support domain as namespace for users
+ Enhance auth tests for non-default default_domain_id
+ Fix using non-default default_domain_id

Thu Jan 23 13:00:00 2014 dmuellerAATTsuse.com
- install cron job to flush expired tokens, otherwise keystone
slows down after a while

Wed Jan 22 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev190.gb7b8134:
+ Removes deprecation warning from run_tests.sh
+ Removes option to delete test DB from run_tests.sh
+ Adds run_tests.sh cli option to stop on failure
+ LDAP Assignment does not support grant v3 API
+ Remove unused variables

Tue Jan 21 13:00:00 2014 dmuellerAATTsuse.com
- fix requires

Mon Jan 20 13:00:00 2014 speilickeAATTsuse.com
- Sync requirements:
+ Replace oauth2 with oauthlib
+ Use discover only on SLE

Sun Jan 19 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev180.g5b1fa19:
+ Reduces memory utilization during test runs
+ Do not append to messages with +
+ Sync gettextutils from oslo-incubator 997ab277
+ Replacing python-oauth2 by oauthlib
+ Implementation of internal notification callbacks within Keystone
+ Restructure developing.rst

Sat Jan 18 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev168.g012618c:
+ Implements regions resource in 3.2 Catalog API

Fri Jan 17 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev166.ge54a6a3:
+ Documentation cleanup
+ reduce default token duration to one hour

Thu Jan 16 13:00:00 2014 dmuellerAATTsuse.com
- fix requires

Tue Jan 14 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev162.g9837137:
+ Flush tokens in batches with DB2
+ Convert Token KVS backend to new KeyValueStore Impl

Mon Jan 13 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev159.g5a1a371:
+ Remove unnecessary line in test_auth
+ Make common log import consistent
+ Cleanup test_associate_project_endpoint_extension
+ Synchronized with oslo db and db.sqlalchemy
+ Sync oslo-incubator rpc module
+ Don\'t need session.flush in context managed by session

Sun Jan 12 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev147.g4759276:
+ races cause 404 when removing user from project
+ Remove unused test function
+ Remove netifaces requirement
+ Change ListOpt default value from str or None to list
+ Tests use cleanUp rather than tearDown
+ Resolve oauth dependency after paste pipeline is loaded
+ Fix external auth (REMOTE_USER) plugin support

Sat Jan 11 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev133.g89a99de:
+ Clean up fakeldap logging
+ Remove noop code

Fri Jan 10 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev129.g53d5f77:
+ Remove unused code in contrib/ec2/controllers.py
+ Remove unused imports
+ Fix typo in test
+ Introduce basic Pecan/WSME framework for KDS
+ Cleanup from business logic refactor

Thu Jan 9 13:00:00 2014 speilickeAATTsuse.com
- Move to DB-based endpoint catalog. Avoids running out of sync with
upstream changes in the default_catalog.template.sample file and
allows to manipulate via \'keystone\' CLI tool.

Thu Jan 9 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev119.gd7eb925:
+ initialize eventlet for tests
+ Enhance list_group_users in GroupApi.
+ Cleanup of new credential_api delete methods
+ Do not update password when updating grants in Assignment KVS
+ Move deletion business logic out of controllers
+ Break dependency of base V3Controller on V2Controller
+ Remove \'disable user\' logic from _delete_domain_contents

Wed Jan 8 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev105.gf33ec9e:
+ Updated Keystone development install instructions for Ubuntu
+ Remove unused token.valid index

Tue Jan 7 13:00:00 2014 dmuellerAATTsuse.com
- fix requires

Tue Jan 7 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev101.g11bb081:
+ Fixes the v2 GET /extensions curl example in the documentation.

Sat Jan 4 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev99.g8d1072f:
+ Fix IPv6 check

Thu Jan 2 13:00:00 2014 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev97.gce5fcb1:
+ Imported Translations from Transifex
+ Fix variable passed to driver module
+ Fix use the fact that empty sequences are false.
+ Reduced parameters not used in _populate_user()

Tue Dec 24 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev90.ga22520b:
+ Moves keystoneclient master tests in a new class
+ Stops file descriptor leaking in tests
+ Updated from global requirements

Mon Dec 23 13:00:00 2013 dmuellerAATTsuse.com
- remove sqlalchemy-08x.diff: we switched back to sqlalchemy 0.7.x

Sat Dec 21 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev84.gde73544:
+ Remove Identity and Assignment controller interdependancies
+ Move Assignment Controllers and Routers to be First Class
+ Re-write comment for ADMIN_TOKEN
+ Makes the test git checkout info more declaritive

Fri Dec 20 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev76.g5fe6602:
+ replace \"global\" roles var names with \"all\" roles
+ Use oslo.db sessions
+ Switch to oslo-incubator mask_password
+ Replace xrange in for loop with range
+ Move endpoint_filter extension documentation

Thu Dec 19 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev66.g0d83e3a:
+ Cleanup duplication in test_backend
+ Remove roles from OS-TRUST list responses

Wed Dec 18 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev62.g1a96f96:
+ Uses oslo\'s deprecated decorator; removes ours
+ Policy based domain isolation can\'t be defined.
+ trustee unable to perform role based operations on trust

Mon Dec 16 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev56.g576f5d9:
+ Refactor setup_logging
+ Cleanup backend loading
+ Fix typo in identity:list_role_assignments policy

Sun Dec 15 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev50.g61a2ad3:
+ Fixes documentation building
+ Create user returns 400 without a password
+ Remove deprecated code

Sat Dec 14 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev44.gf6aa723:
+ Fix issues handling trust tokens via ec2tokens API (bnc#855338, CVE-2013-6391)
+ UUID vs PKI docs
+ Base Implementation of KVS Dogpile Refactor
+ Add ABCMeta metaclass to token provider
+ Add assertSetEqual to base test class

Fri Dec 13 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev34.g35242b0:
+ Sync db.sqlalchemy from oslo-incubator

Thu Dec 12 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev32.g52cb8fe:
+ Fix errors for create_endpoint api in version2
+ Debug env for tox

Wed Dec 11 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev29.g6c7f00d:
+ Sync versionutils from oslo
+ token provider cleanup
+ Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2

Tue Dec 10 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev25.g926755a:
+ refactor test_catalog
+ Formalize deprecation of token_api.list_tokens

Mon Dec 9 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev21.gc354a38:
+ Narrow columns used in list_revoked_tokens sql

Sun Dec 8 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev19.g45b8f13:
+ Add index to cover revoked token list
+ Allow caching to be disabled and tests still pass
+ Sync rpc fix from oslo-incubator

Fri Dec 6 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev13.g5acd26b:
+ Add pycrypto as a test-requirement
+ Revert \"Return a descriptive error message for controllers\"
+ Adds a resource for changing a user\'s password
+ Deprecates V2 controllers
+ don\'t rebind stdlib\'s os.chdir function
+ Dependency cleanup
+ Updated from global requirements
+ Enhance tests for assignment create_grant when no user or group
+ Fix KVS create_grant to not raise NotFound if no user/group
+ Utilites for manipulating base64 & PEM
+ Updates .gitignore
+ One transaction per call to sql assignment backend
+ Fix typo in keystone
+ Try decoding string to UTF-8 on error message fail
+ Sync From OSLO
+ Refactor assertEqualXML into a testtools matcher
+ Added documentation to keystone.common.dependency.
+ Ensure the sample policy file won\'t diverge
+ Don\'t run non-tests
+ Easy testing with alternate keystoneclient

Sun Dec 1 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev199.gf72f369:
+ Return a descriptive error message for controllers

Sat Nov 30 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev197.g789cade:
+ Imported Translations from Transifex

Fri Nov 29 13:00:00 2013 dmuellerAATTsuse.com
- fix test package requires

Fri Nov 29 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev195.g7172737:
+ PasteConfigNotFound also raised when keystone.conf not found
+ Sync the DB2 communication error code change from olso
+ Style improvements to logging format strings
+ RST fix for os_inherit example
+ Make HACKING.rst DRYer
+ Allow downgrade for extensions

Thu Nov 28 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev183.gdbdb94c:
+ Import strutils from oslo
+ Skip test_create_update_delete_unicode_project in _ldap_livetest
+ Add documentation for Read Only LDAP configuration option.
+ Remove deprecated auth_token middleware
+ Sync log_handler module from Oslo
+ Skip test_arbitrary_attributes_
* in _ldap_livetest

Wed Nov 27 13:00:00 2013 dmuellerAATTsuse.com
- add sqlalchemy-08x.diff

Wed Nov 27 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev171.g886befa:
+ Capture debug logging in tests

Mon Nov 25 13:00:00 2013 dmuellerAATTsuse.com
- fix requires

Sat Nov 23 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev170.g607b850:
+ Update mailmap for Joe Gordon
+ Add WWW-Authenticate header in 401 responses.
+ Detangle v3 RestfulTestCase setup
+ Fix issue deleting ec2-credentials as non-admin user
+ fix unparseable JSON
+ Remove obsolete redhat-eventlet.patch
+ Add memcache options to sample config
+ Rewrites the serveapp method into a fixture
+ Proxy Assignment from Identity Deprecated
+ Return an error when a non-existing tenant is added to a user
+ Allow use of rules Policy driver
+ Role NoneType object has no attribute setdefault

Sat Nov 16 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev146.g2ab2c62:
+ Sync log module from oslo

Fri Nov 15 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev144.ge5416c4:
+ Updated from global requirements
+ Issue unscoped token if user\'s default project is invalid
+ Do not name variables as builtins
+ Duplicate delete the user_project_metadata.
+ AuthInfo use dependency injection
+ UserAuthInfo use dependency injection

Thu Nov 14 13:00:00 2013 speilickeAATTsuse.com
- Update to version 2014.1.dev132.g9307dee:
+ Moves common RestfulTestCase to it\'s own module.
+ Change deprecated CLI arguments
+ Change sample policy files to use policy language
+ test attribute update edge cases
+ use different bind addresses for admin and public
+ Fix newly discovered H302
+ Add WSGI environment to context
+ Removes unused paste appserver instances from tests
+ trusts raise validation error if expires_at is invalid
- Explicitly require OpenStack\'s fork of sqlalchemy-migrate for the
%post scriptlet

Mon Nov 4 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev115.g6751c7d:
+ Clean up duplicate exceptions in docs for assignment.Driver

Fri Nov 1 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev113.g8de9861:
+ Enhance tests for delete_grant no user/group
+ Allow delete user or group at same time as role
+ Adds fixture package from oslo
+ proxy removed from identity and changed to assignment
+ Uses fixtures for mox and stubs
+ Remove unused DEFAULT_DOMAIN variable
+ Update my mailmap
+ Remove duplicated code on test_v3_auth

Thu Oct 31 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev97.geee9fd5:
+ Removes NoModule from the base testcase
+ Use abstract base class for token driver
+ Catch the socket exception and log it.
+ Use abstract base class for policy driver
+ Use abstract base class for oauth driver
+ Use abstract base class for endpoint_filter driver
+ Document tox instead of run_tests.sh
+ Documentation on how-to develop Keystone Extensions
+ Remove obsolete driver test module

Wed Oct 30 13:00:00 2013 rhaferAATTsuse.com
- Add %{python_sitelib}/keystone/tests/tmp symlink to the -test
subpackage allow the unittests to create/located their database

Tue Oct 29 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.dev79.g402060a:
+ Remove unused config option auth_admin_prefix
+ remove 8888 port in sample_data.sh
+ Fixes tox coverage command

Fri Oct 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a73.gf4a441c:
+ Adds tests for user extra attribute behavior

Fri Oct 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a71.g11f589d:
+ Move fakeldap to tests
+ Treats OS-KSADM:password as password in v2 APIs
+ Adds decorator to deprecate functions and methods
+ Adds identity v2 tests to show extra behavior

Thu Oct 24 14:00:00 2013 dmuellerAATTsuse.com
- fix post requires on python-Routes

Wed Oct 23 14:00:00 2013 iartarisiAATTsuse.com
- Move default tests TMPDIR location to
/var/lib/openstack-keystone-test/tmp

Wed Oct 23 14:00:00 2013 dmuellerAATTsuse.com
- switched to testr now, refresh requirements

Tue Oct 22 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a63.g4a100d4:
+ Enhance tests for deleting a role not assigned
+ Fix remove role assignment adds role using LDAP assignment
+ Add external.Base class to external plugins
+ Implementation of opt-out from catalog data during token validation.

Sun Oct 20 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a57.g2df1b7c:
+ Move CA key from certs directory to private directory

Fri Oct 18 14:00:00 2013 speilickeAATTsuse.com
- Update to version 2014.1.a55.ga0e26c1:
+ Fixes error messaging
+ Add notifications for groups and roles
+ Changes to testr as the test runner
- Drop 0001-Make-ROOTDIR-determination-more-robust.patch: Solved
diffently upstream

Thu Oct 17 14:00:00 2013 dmuellerAATTsuse.com
- update requires

Thu Oct 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a49.g060ced4:
+ remove the nova dependency in the ec2_token middleware
+ Use abstract base class for auth handler

Wed Oct 16 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a45.g7ee88a0:
+ Add python-six to requirements
+ add IRC channel & wiki link to README
+ Use abstract base class for catalog driver
+ Adds more uniformity to identity update_user calls
+ Fixes broken doc references

Wed Oct 16 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a37.g20d6ffb:
+ Use abstract base class for assignment driver
+ Fix v2 token user ref with trust impersonation=True
+ Use abstract base class for credential driver

Mon Oct 14 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a31.gb426fa5:
+ Handle unicode at the caching layer more elegantly
+ Use abstract base class for identity driver
+ Remove unused member
+ set user_update policy to admin_required
+ Use abstract base class for trust driver

Mon Oct 14 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a22.g8ba9898:
+ Need to use _() to handle i18n string messages
+ Don\'t use default value in LimitingReader

Wed Oct 9 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2014.1.a18.gdf0a963:
+ Sync db.sqlalchemy
+ Fix mysql checkout handler AttributeError
+ Handle DB2 disconnect

Tue Oct 8 14:00:00 2013 dmuellerAATTsuse.com
- run db_sync before starting keystone server

Wed Oct 2 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.rc1:
+ Update tox config
+ Add tests dir to the coverage omit list
+ Imports oslo policy to fix test issues

Wed Oct 2 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a100.g1d91334:
+ Sync with global requirements
+ Enclose command args in with_venv.sh
+ Imported Translations from Transifex
+ Fixes errors logging in as a user with no password

Tue Oct 1 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a92.gec4680a:
+ sync oslo policy
+ Validate token calls return 404 on invalid tokens
+ Eliminate type error on search_s
+ Fix live LDAP tests
+ Sync gettextutils from oslo

Mon Sep 30 14:00:00 2013 dmuellerAATTsuse.com
- add missing endpoints to catalog

Sun Sep 29 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a82.ge979323:
+ Fix error when create user with LDAP backend
+ Protect oauth controller calls and update policy.json

Fri Sep 27 14:00:00 2013 dmuellerAATTsuse.com
- switch to crudini

Thu Sep 26 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a79.g2f75699:
+ upgrade to oslo.config 1.2 final
+ Modify oauth1 tests to use generated keystone token in a call
+ Optional dependency injection
+ oauth using optional dependencies
+ only run flake8 once (bug 1223023)
+ Update man pages
+ Fix updating attributes with ldap backend
+ Test for backend case sensitivity
+ Update man page version

Tue Sep 24 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a61.g3130076:
+ Check token_format for default token providers only.
+ Sync gettextutils from oslo
+ Ensure any relevant tokens are revoked when a role is deleted
+ Add user to project if project ID is changed

Mon Sep 23 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a54.g66d7c2c:
+ Cleanup of tenantId, tenant_id, and default_project_id
+ Remove ldap identity domain attribute options

Sat Sep 21 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a50.gbdac547:
+ Rewrite README.rst
+ Ensure v2 tokens are correctly invalidated when using BelongsTo
+ Monkey patch select in environment
+ check for domain existence before doing any ID work
+ Add extra test coverage for unscoped token invalidation

Wed Sep 18 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a41.g5a5023b:
+ Include new notification options in sample config

Wed Sep 18 14:00:00 2013 dmuellerAATTsuse.com
- add 0001-Make-ROOTDIR-determination-more-robust.patch

Tue Sep 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a39.gd3460c3:
+ Rationalize list_user_projects and get_projects_for_user
+ Fix misused assertTrue in unit tests

Tue Sep 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a36.g54b8ec5:
+ Ignore H803 from Hacking.
+ fix rst syntax in database schema migrations docs

Sun Sep 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a32.gd7eff43:
+ Move gettextutils installation in tests to core

Fri Sep 13 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a30.g3651879:
+ Test upgrade migration 16->17
+ gate on H304: no relative imports

Thu Sep 12 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a26.g607b115:
+ test token revocation list API (bug 1202952)
+ Remove CA key password from cert setup
+ Cleanup tests imports so not relative
+ Fixes for user response with LDAP user_enabled_mask

Wed Sep 11 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a18.g1b97529:
+ Reduce churn of cache on revocation_list
+ Imported Translations from Transifex

Wed Sep 11 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a15.g33c8025:
+ Import core.
* in keystone.tests
+ Tests use \"from keystone import tests\"

Tue Sep 10 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a12.g8dc7ed2:
+ Close each LDAP connection after it is used,
+ domain-specific drivers experimental in havana
+ Fix incorrect test for list_users

Mon Sep 9 14:00:00 2013 dmuellerAATTsuse.com
- update openstack-keystone.init: Set HOME dir correctly
for openssl random state preservation

Sat Sep 7 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a7.gdac281a:
+ Changed header from LLC to Foundation based on trademark policies

Fri Sep 6 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a490.g8d2f53c:
+ Move _generate_paste_config to tests.core
+ OAuth authorizing user should propose roles to delegate
+ Imported Translations from Transifex
+ Support timezone in memcached token backend
+ Changes template header for translation catalogs

Thu Sep 5 14:00:00 2013 speilickeAATTsuse.com
- Fix RUNDIR in init-script

Thu Sep 5 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a481.gd286187:
+ Modify default file/directory permissions
+ Utilities to create directores, set ownership & permissions
+ Update keystone-all man page
+ Add a oauth1-configuration.rst and extension section to docs
+ Update keystone wsgi httpd script for oslo logging
+ Fix the code miss to show the correct error messages

Tue Sep 3 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a469.g36b5df5:
+ Cleanup cache layer tests
+ Implement basic caching around assignment CRUD
+ add \'project\' notifications to docs

Mon Sep 2 14:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.2.a464.g372a062:
+ Fixes a link in the documentation
+ Create associations between projects and endpoints
+ Keystone Caching Layer for Manager Calls
+ Add defense in ldap:get_roles_for_user_and_project
+ filter in ldap list_groups_for_user
+ Implement API protection on target entities
+ Fix error where consumer is not deleted from sql
+ Implement Caching for Token Revocation List
+ Refactor Token Provider to be aware of expired tokens.
+ Add notifications module
+ Remove enumerate calls
+ Drop support for diablo to essex migrations
+ Use correct filename for index & serial file when setting permissions
+ Removes KVS references from the documentation
+ Implement decorator-based notifications for users
+ Add Memory Isolating Cache Proxy
+ Add project CRUD to assignment_api Manager
+ Enable SQL tests for oauth
+ Add \'cn\' to attribute_list for enabled_users/tenants query
+ Fix role lookup for Active Directory
+ Bump hacking to 0.7
+ Remove kvs backend from oauth1 extension
+ Add common code from Oslo for work with database
+ Use common db model class from Oslo
+ Imported Translations from Transifex
+ Implement caching for Tokens and Token Validation
+ Document usage notifications
+ Use joins instead of multiple lookups in groups sql
+ Use testtools as base test class.

Mon Aug 26 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a410.g7eed453:
+ Remove a useless arg in range()
+ Fix translate static messages in response
+ Use system locale when Accept-Language header is not provided

Mon Aug 26 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a404.g15a3bde:
+ Clean up keystone-manage man page

Sun Aug 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a402.g361185c:
+ remove flake8 option from run_tests.sh

Sun Aug 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a401.gda26317:
+ Delete file TODO
+ change oauth.consumer description into nullable

Sat Aug 24 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a397.g4dbda64:
+ Ensure username passed by REMOTE_USER can contain \'AATT\'
+ fix the default values for token and password auth
+ Migrating ec2 credentials to credential.
+ remove unused function
+ add foreign key constraint on oauth tables

Fri Aug 23 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a388.gfebab09:
+ use provider to validate tokens

Thu Aug 22 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a386.gb6f6b57:
+ Remove User Check from Assignments
+ Remove an enumerate call
+ Assignment to reserved built-in symbol: filter
+ Fix isEnabledFor for compatibility with logging

Wed Aug 21 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a378.g7bc167d:
+ Refactor Token Providers for better version interfaces
+ Remove kwargs from manager calls / general cleanup
+ remove refs to keystone.common.logging
+ Store hash of access as primary key for ec2 type.
+ Add test test_deleting_project_delete_grants
+ Ignore flake issues in build/ directory
+ Move some logic from update() to BaseLdap
+ Move affirm_unique() in create() to BaseLdap
+ Assignment to reserved built-in symbol: dir
+ Remove Keystone specific logging module

Mon Aug 19 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a358.g9c92d27:
+ Add support for API message localization

Sat Aug 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a356.g14cba15:
+ Add delegated_auth support for keystone

Fri Aug 16 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a354.g781c65b:
+ update usage in run_test.sh for flake8
+ Increase length of username in DB
+ Remove unused import
+ Set wsgi startup log level to INFO
+ Add unit test to check non-string password support
+ Cleaned up a few old crufties from README
+ Clean hacking errors in advance of hacking update
+ Implement domain specific Identity backends
+ More validation in test_user_enable_attribute_mask
+ Fix LDAP Identity with non-zero user_enabled_default
+ Fix LDAP Identity get user with user_enabled_mask

Thu Aug 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a336.gb0b32d0:
+ Skip test_create_unicode_user_name in _ldap_livetest
+ Do not skip test_user_enable_attribute_mask in _ldap_livetest
+ Fix test_user_enable_attribute_mask so it actually tests
+ Revoke user tokens when disabling/delete a project
+ Refactor Keystone to use unified logging from Oslo
+ Cleaned up pluggable auth docs

Wed Aug 14 14:00:00 2013 speilickeAATTsuse.com
- Update to version 2013.2.a327.g14e0901:
+ Drop extra credential indexes
+ Make pki_setup work with OpenSSL 0.9.x
+ Add memcache to httpd doc.
+ Move Babel dependency from test-req to req
+ Initial implementation of unified-logging
+ Sync notifier module from Oslo
+ Move \'tests\' directory into \'keystone\' package
- No need to require shadow-utils anymore, even SLE_11_SP3 has pwdutils
- Drop 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch: Merged upstream
- Fix spec file typo (dependency token)

Tue Aug 13 14:00:00 2013 berendtAATTb1-systems.de
- added missing requirement python-Babel
- added missing requirement python-netaddr

Mon Aug 12 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a315.g708ccf0:
+ Sync models with migrations

Mon Aug 12 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a313.g4829de4:
+ Configurable max password length (bug 1175906)
+ Sync unified logging solution from Oslo
+ Abstract out attribute_mapping filling in LDAP driver.
+ Create default role on demand
+ Abstract out attribute_ignore assigning in LDAP driver
+ Run test_mask_password once

Thu Aug 8 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a303.ga4243e1:
+ Fix select n+1 issue in keystone catalog

Thu Aug 8 14:00:00 2013 dmuellerAATTsuse.com
- switch to python-setuptools
- remove python-d2to1

Wed Aug 7 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a301.gc547eb4:
+ extension migrations

Wed Aug 7 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a299.gdb9535c:
+ Handle json data when migrating role metadata.
+ Raise max header size to accommodate large tokens.
+ remove swift dependency of s3 middleware

Fri Aug 2 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a293.ged1f967:
+ Clear out the dependency registry between tests
+ Handle circular dependencies
+ Use dependency injection for assignment and identity
+ use \'exc_info=True\' instead of import traceback
+ .gitignore eggs
+ add OS-TRUST to links
+ Sync DB models and migrations in keystone.assignment.backends.sql
+ Update references with new Mailing List location
+ V3 API need to check mandatory field when creating resources
+ Clean up use of token_provider manager in tests
+ Remove kwargs from manager calls where not needed.
+ Imported Translations from Transifex
+ Fix typo: Tenents -> Tenants
+ Use oslo.sphinx and remove local copy of doc theme

Thu Aug 1 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a265.g0368950:
+ Use keystone.wsgi.Request for RequestClass
+ Remove passwords from LDAP queries

Thu Aug 1 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a261.gf1ac78c:
+ Ec2 credentials table not created during testing
+ Load backends before deploy app in client tests

Wed Jul 31 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a257.g5958691:
+ sql.Driver:authenticate() signatures should match

Tue Jul 30 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a255.gc21b458:
+ default token format/provider handling

Mon Jul 29 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a253.g10fde8e:
+ Clear cached engine when global engine changes
+ Implement exception module i18n support

Fri Jul 26 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a249.g97a5b49:
+ Remove vestiges of Assignments from LDAP Identity Backend
+ Scipped tests don\'t render as ERROR\'s

Thu Jul 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a246.g0a40152:
+ Fixing broken credential schema in sqlite.

Tue Jul 23 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a245.gc6b7dd8:
+ Deprecate kvs token backend
+ Load app before loading legacy client in tests.
+ Use assignment_api rather than assignment

Mon Jul 22 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a240.g7fde605:
+ Regenerate example PKI after change of defaults
+ Return correct link for effective group roles in GET /role_assignments
+ Deprecation warning for [signing] token_format
+ Add [assignment].driver to sample config
+ Remove an enumerate call
+ Correct Spelling Mistake

Thu Jul 18 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a228.g53ed50d:
+ Support token_format for backward compatibility
+ python3: Introduce py33 to tox.ini

Wed Jul 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a225.gc42533f:
+ grammar fixes in error messages
+ update requires to prevent version cap

Wed Jul 17 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a221.g2667c77:
+ Change domain component value to org from com
+ wsgi.BaseApplication and wsgi.Router factories should use
*
*kwargs
+ Python 3.x compatible use of print
+ Add unittest for keystone.identity.backends.sql Models
+ Don\'t use deprecated BaseException.message
+ Implements Pluggable V2 Token Provider
+ Implement role assignment inheritance (OS-INHERIT extension)
+ Pluggable Remote User
+ Fix XML rendering with empty auth payload.
+ Implemented token creation without catalog response.
+ Implement Token Binding.

Mon Jul 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a202.gdec66cd:
+ Implements Pluggable V3 Token Provider

Sun Jul 14 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a200.gdf63b9c:
+ Add version so that pre-release versioning works

Sat Jul 13 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.198.g95a27a8:
+ Register Extensions
+ Sync-up crypto from oslo-incubator

Fri Jul 12 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.194.g85a5022:
+ Add crypto dependency
+ Sync install_venv_common from oslo
+ Pass on arguments on Base.get_session
+ Imported Translations from Transifex
+ Mixed LDAP/SQL Backend.

Thu Jul 11 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.184.g41ca51c:
+ Remove a useless arg in range()
+ Rationalize how we get roles after authentication in the controllers
+ Do not create LDAP Domains sub tree
+ Remove context from get_token call in normalize_domain_id
+ Use InnoDB for MySQL
+ Move temporary test files into tests/tmp

Tue Jul 9 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.172.gfafdf07:
+ assignment backend

Tue Jul 9 14:00:00 2013 dmuellerAATTsuse.com
- add 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch

Tue Jul 9 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.171.gb556d8a:
+ Work without admin_token_auth middleware
+ Move comments in front of dependencies

Mon Jul 8 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.167.g699b483:
+ Implement GET /role_assignment API call
+ DB2 migration support
+ Remove an enumerate call
+ Fix issue with v3 tokens and group membership roles
+ Imported Translations from Transifex
+ Add callbacks for set_global_engine

Sat Jul 6 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.155.g6450f75:
+ Update paths to pem files in keystone.conf.sample

Fri Jul 5 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.153.g5746f5b:
+ rename quantum to neutron in docs

Thu Jul 4 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.151.gbb6ebd4:
+ Fix up some trivial license mismatches

Wed Jul 3 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.149.g62d948a:
+ Use event.listen() instead of deprecated listeners kwarg

Wed Jul 3 14:00:00 2013 naehringAATTb1-systems.de
- adding keystone-paste.ini
- the paste configuration has been moved to keystone-paste.ini

Wed Jul 3 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.147.g214df21:
+ Remove hard tabs and trailing whitespace
+ Install locales for httpd.

Tue Jul 2 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.143.gda9dc14:
+ `tox -ecover` failure. Missing entry in tox.ini

Mon Jul 1 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.141.g59ea706:
+ Add \'application\' to keystone.py for WSGI

Fri Jun 28 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.140.g6362fb7:
+ Stop passing context to managers (bug 1194938)
+ check for constraint before dropping
+ Clean up keystone-all.rst
+ Manager instead of direct driver

Thu Jun 27 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.133.g6c6d15c:
+ Revert environment module usage in middleware.
+ Do not raise NEW exceptions

Wed Jun 26 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.129.g600c38b:
+ LDAP list group users not fail if user entry deleted

Tue Jun 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.128.g31863d1:
+ Remove explicit distribute depend.

Mon Jun 24 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.126.g95cf470:
+ Version response compatible with Folsom

Sun Jun 23 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.124.gf1cfbd7:
+ python WebOb dependency made unpinned.
+ Initialize logging from HTTPD.
+ wsgi.Middleware factory should use
*
*kwargs
+ Consolidate admin_or_owner rule

Sat Jun 22 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.116.g97225ff:
+ Fix link typo in Sphinx doc
+ Base.get_engine honor allow_global_engine=False

Fri Jun 21 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.112.gb9e46fb:
+ Move identity ldap backend from directory to file

Thu Jun 20 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.111.g7ccfac7:
+ Removing LDAP API Shim

Thu Jun 20 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.110.g7cd0bb0:
+ Isolate eventlet code into environment.
+ Set default \'ou\' name for LDAP projects to Projects

Tue Jun 18 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.106.ge0834da:
+ LDAP get_project_users should not return password
+ Remove how to contribute section in favor of CONTRIBUTING.rst
+ Imported Translations from Transifex
+ Http 400 when project enabled is not a boolean
+ Remove a stat warning log
+ Correct the resolving api logic in stat middleware
+ Move user fileds type check to identity.Manager
+ Adds tests for XML version response
+ Imported Translations from Transifex

Sun Jun 16 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.88.g3c687d1:
+ Using sql as default driver for tokens
+ Imported Translations from Transifex
+ Correct the default name attribute for role

Sat Jun 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.82.g543714b:
+ drop user and group constraints
+ Allow request headers access in app context.
+ Fix token purging for memcache for user token index.
+ Add checks to test if enabled is bool

Thu Jun 13 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.74.gc963383:
+ Force simple Bind for authentication
+ Correct LDAP configuration doc

Thu Jun 13 14:00:00 2013 dmuellerAATTsuse.com
- fix typo in post-install script

Wed Jun 12 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.72.g6111bc9:
+ Move coverage output dir for Jenkins.
+ Replace openstack-common with oslo in docs

Tue Jun 11 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.68.g5df7424:
+ Fix internal doc links (bug 1176211)
+ Remove bufferedhttp
+ add ca_key to sample configuration
+ Commit transaction in migration

Mon Jun 10 14:00:00 2013 bmwiedemannAATTopensuse.org
- BuildRequire python-sqlalchemy + migrate for post-build-checks
- Update to version 2013.2.b1.60.gb1d4de7:
+ Add db_version command to keystone-manage
+ run_tests.sh should use flake8 (bug 1180609)
+ Require keystone-user/-group for pki_setup
+ Import eventlet patch from oslo.
+ Check schema when dropping constraints.
+ Missing contraction: Its -> It\'s (bug 1176213)
+ Raise key length defaults
+ fix error default policy for create_project
+ Ignore the .update-venv directory.

Mon Jun 10 14:00:00 2013 dmuellerAATTsuse.com
- remove hybrid keystone backend

Thu Jun 6 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.42.ge6d551d:
+ Ignore conflict on v2 auto role assignment (bug 1161963)
+ split authenticate call
+ remove_role_from_user_and_project affecting all users (bug 1170649)

Wed Jun 5 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.36.g0c9538d:
+ Maintain tokens after role assignments (bug 1170186)
+ typo in \'import pydev\' statement

Fri May 31 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.33.gcd34971:
+ Convert openstack-common.conf to the nicer multiline format.
+ Rename requires files to standard names.
+ Test 403 error title
+ Disable eventlet monkey-patching of DNS
+ Revert \"Set EVENTLET_NO_GREENDNS=yes in tox.ini.\"
+ Document size limits
+ Fixes a typo
+ Add index on valid column of the SQL token Backend
+ Add missing oslo module.
+ Fix incorrect role assignment in migration.
+ Live SQL migration tests

Fri May 31 14:00:00 2013 dmuellerAATTsuse.com
- avoid warning in post script

Thu May 30 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.b1.11.gfa2f963:
+ Move auth_token middleware from admin user to an RBAC policy
+ Improve the performance of tokens deletion for user
+ Add arg to keystone-manage db_sync
+ Imported Translations from Transifex

Wed May 29 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.1.rc2.161.gd67e31b:
+ Add KEYSTONE_LOCALEDIR env variable
+ Add missing space to error msg
+ Fix the debug statement.

Wed May 29 14:00:00 2013 dmuellerAATTsuse.com
- remove setBadness call from rpmlintrc

Tue May 28 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.1.rc2.157.g2879d42:
+ Replace assertDictContainsSubset with stdlib ver
+ separate paste-deploy configuration from parameters
+ Add index on expires column of the SQL token Backend

Mon May 27 14:00:00 2013 speilickeAATTsuse.com
- Update to version 2013.1.rc2.153.gaf4e969:
+ Implement Token Flush via keystone-manage.
+ Documentation about the initial configuration file and sample data.
+ Imported Translations from Transifex
+ Read-only default domain for LDAP (bug 1168726)
+ Add assertNotEmpty to tests and use it.
+ Fix 403 status response
+ Use webtest for v2 and v3 API testing.
+ Consolidate eventlet code
+ Imported Translations from Transifex
+ Satisfy flake8 import rules F401 and F403
+ Migrate to pbr.
+ Remove unused variables (flake8 F841)
+ Enumerate ignored flake8 H
* rules
+ Use TODO(NAME) (flake8 H101)
+ use the \'not in\' operator (flake8 H902)
+ consistent i18n placeholders (flake8 H701, H702, H703)
+ eliminate \'except:\' (flake8 H201)
+ one import per line (flake8 H301)
+ Remove unnecessary commented out code
+ import only modules (flake8 H302)
+ imports not in alphabetical order (flake8 H306)
+ Remove useless private method
+ Cleanup docstrings (flake8 H401, H402, H403, H404)
- More build requirements for for %post section keystone-manage invocation:
+ python-WebOb
+ python-passlib
+ python-routes

Mon May 27 14:00:00 2013 dmuellerAATTsuse.com
- python-pbr/d2to1 requires

Tue May 21 14:00:00 2013 iartarisiAATTsuse.com
- add missing requirement python-sqlalchemy-migrate

Mon May 20 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a118.g8d2b8e6:
+ get SQL refs from session (bp sql-query-get)

Sat May 18 14:00:00 2013 dmuellerAATTsuse.com
- update requires based on pip-requires

Sat May 18 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a117.g7b99bd6:
+ Test listing of tokens with a null tenant
+ Http 400 when user enabled is not a boolean
+ extracting credentials
+ Accept env variables to override default passwords

Wed May 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a109.g2e15fe4:
+ Fix pyflakes and pep8 in prep for flake8.
+ Migrate to flake8.

Wed May 15 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a105.gcb0ddab:
+ Enable unicode error message

Fri May 10 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a103.gefc30be:
+ Disable eventlet monkey-patching of DNS
+ Set EVENTLET_NO_GREENDNS=yes in tox.ini.
+ Revert \"Disable eventlet monkey-patching of DNS\"
+ Allow backend & client SQL tests on mysql and pg.

Thu May 9 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a99.g693a486:
+ Remove unused CONF.pam.url
+ Replace password to \"
*
*
*\" in the debug message
+ Revoke tokens on user delete (bug 1166670)
+ A minor refactor in wsgi.py

Tue May 7 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a92.g96a816f:
+ LDAP list groups with missing member entry

Tue May 7 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a90.gb55620d:
+ Skip IPv6 tests for eventlet dns

Wed May 1 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a89.g22d96b2:
+ HACKING LDAP

Sat Apr 27 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a87.ga78bc2e:
+ Allow additional attribute mappings in ldap

Thu Apr 25 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a85.gd9dd876:
+ Mark LDAP password and admin_token secret

Thu Apr 25 14:00:00 2013 dmuellerAATTsuse.com
- require python-python-memcached 1.31

Wed Apr 24 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a83.g7617fef:
+ Remove new constraint from migration downgrade.
+ Make migration tests postgres & mysql friendly.
+ Delete extra dict in token controller.

Tue Apr 23 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a77.geefc8e0:
+ Set empty element to \"\"
+ close db migration session
+ fix undefined variable
+ fix duplicate option error
+ Add rule for list_groups_for_user in policy.json
+ clean up invalid variable reference

Mon Apr 22 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a65.g92e40ce:
+ test duplicate name
+ don\'t migrate as often

Sun Apr 21 14:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a61.g166a03c:
+ Rename trust extension (bug 1158980)
+ use the roles in the token when recreating
+ keystone commands don\'t print any version information
+ keystone commands don\'t print any version information
+ Fix test coverage for v2 scoped auth xml response (bug 1160504)
+ Fix test coverage for v2 scoped auth xml response (bug 1160504)
+ Mark sql connection with secret flag
+ Share one engine for more than just sqlite in-memory
+ Sync with oslo-incubator.
+ Fix IBM copyright strings
+ Fix example in documentation.
+ stop using time.sleep in tests
+ use the openstack test runner
+ Fix 401 status response
+ Add TLS Support for LDAP
+ catch errors in wsgi.Middleware.
+ Fix for configuring non-default auth plugins properly
+ Generate HTTPS certificates with ssl_setup.
+ Use string for port in default endpoints (bug 1160573)
+ residual grants after delete action (bug1125637)
+ Use is_enabled() in folsom->grizzly upgrade (bug 1167421)
+ Add missing colon for documentation build steps.
+ Remove un-needed LimitingReader read() function.
+ Clean up duplicate methods
+ Fix token ids for memcached
+ Fixed unicode username user creation error
+ Fixed logging usage instead of LOG
+ Removed unused imports
+ Remove non-production middleware from sample pipelines
+ What is this for?
+ bug 1159888 broken links in rst doc
+ Sync with oslo-incubator copy of setup.py

Mon Mar 25 13:00:00 2013 opensuse-cloudAATTopensuse.org
- Update to version 2013.2.a338.gbceee56:
+ Fix XML handling of member links (bug 1156594)
+ Test default_project_id scoping (bug 1023502)
+ Ensure delete domain removes all owned entities
+ Utilize legacy_endpoint_id column (bug 1154918)
+ Pass project membership as dict in migration 015.
+ V2, V3 token intermix for unscoped tokens (bug 1156913)
+ Revise docs to use keystoneclient.middleware.auth_token
+ Fix live ldap tests
+ Support for LDAP groups (bug #1092187)
+ Correct spacing in warning msg
+ Validate domains unconditionally (bug 1130236)
+ Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430)
+ Properly handle emulated ldap enablement
+ Wrap config module and require manual setup (bug 1143998)
+ Enable emulation for domains
+ Allow trusts to be optional
+ Version bump to 2013.2
+ Add a dereference option for ldap
+ Move trusts to extension
+ Make versions aware of enabled pipelines.
+ Imported Translations from Transifex
+ Rework S3Token middleware tests.
+ Rename trust extension.

Mon Mar 18 13:00:00 2013 speilickeAATTsuse.com
- Drop +git.$TIMESTAMP.$COMMITHASH version suffix

Sun Mar 17 13:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.1.a301.g16b4643+git.1363519715.16b4643:
+ Explain LDAP page_size & default value
+ Catch and log server exceptions
+ Filter out legacy_endpoint_id (bug 1152635)
+ Ensure tokens are revoked for relevant v3 api calls
+ Switch to final 1.1.0 oslo.config release
+ Added test cases to improve LDAP project testing
+ Migrate roles from metadata to user_project_metadata
+ duplicated trust tests
+ quiet route logging on skipped tests
+ Remove TODO that didn\'t land in grizzly
+ No parent exception to wrap
+ Remove duplicate password/token opts.
+ Fixes bug 1151747: broken XML translation for resource collections
+ xml_body returns backtrace on XMLSyntaxError
+ extracting user and trust ids into normalized fields
+ Discard null endpoints (bug 1152632)
- remove keystone-cs24277.diff:

* merged upstream

Wed Mar 13 13:00:00 2013 dmuellerAATTsuse.com
- add keystone-cs24277.diff:

* make keystone start again

Wed Mar 13 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1.a271.g45228ca+git.1363133844.45228ca:
+ cleanup trusts in controllers
+ remove spurious roles check
+ add belongs_to check
+ Improve tests for api protection and filtering

Tue Mar 12 13:00:00 2013 dmuellerAATTsuse.com
- require python-oslo.config

Tue Mar 12 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1.a263.g09e2fc7+git.1363047056.09e2fc7:
+ Make getting user-domain roles backend independant
+ Make Keystone return v3 as part of the version api
+ bug 1133526
+ Run keystone server in debug mode.
+ Fix folsom -> grizzly role table migration issues (bug 1119789)
+ Revert \"from tests import\"
+ Revert \"update tests/__init__.py to verify openssl version\"

Mon Mar 11 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1.a251.g59757f6+git.1362995983.59757f6:
+ Unpin pam dependency version
+ Sync timeutils with oslo
+ Remove obsolete
*page[_marker] methods from LDAP backend.
+ bug 1134802: fix inconsistent format for expires_at and issued_at
+ Trusts
+ Expand v3 trust test coverage
+ keystone : Use Ec2Signer utility class from keystoneclient
+ remove unused import
+ Move auth plugins to \'keystone.auth.plugins\' (bug 1136967)
+ ports should be ints in config (bug 1137696)
+ mark 2.0 API as stable
+ Straighten out NotFound raising in LDAP backend.
+ fix typo in kvs backend
+ Move get_by_name to LdapBase.
+ Remove unused methods from LDAP backed.
+ return 201 Created on POST request (bug1131119)
+ Delete tokens for user
+ unable to load certificate should abort request
+ add missing attributes for group/project tables (bug1126021)
+ v3 endpoints won\'t have legacy ID\'s (bug 1150930)
+ Change exception raised to Forbidden on trust_id
+ from tests import

Fri Mar 8 13:00:00 2013 vuntzAATTsuse.com
- Fix ownership of /var/log/keystone/keystone.log after call to
\"keystone-manage pki_setup\" in %post: if the package is installed
for the first time, the log file is owned by root, which breaks
keystone (since it can\'t write to the log file).

Thu Mar 7 13:00:00 2013 bwiedemannAATTsuse.com
- fix logging.conf to be about keystone and have absolute path

Tue Mar 5 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1.a210.g2515d1b+git.1362504154.2515d1b:
+ Ensure keystone unittests do not leave CONF.policyfile in bad state
+ Move handle_conflicts decorator into sql
+ flatten payload for policy
+ Convert api to controller
+ bug 1131840: fix auth and token data for XML translation
+ domain_id_attributes in config.py have wrong default value
+ command line switch for short pep8 output.
+ Setup logging in keystone-manage command.
+ Imported Translations from Transifex
+ Enable a parameters on ldap to allow paged_search of ldap queries This fixes bug 1083463
+ update tests/__init__.py to verify openssl version

Mon Mar 4 13:00:00 2013 iartarisiAATTsuse.com
- Move python-ldap requirement to python-keystone subpackage

Thu Feb 28 13:00:00 2013 dmuellerAATTsuse.com
- Fix last change

Mon Feb 25 13:00:00 2013 saschpeAATTsuse.de
- Ghost /var/run/keystone

Mon Feb 25 13:00:00 2013 saschpeAATTsuse.de
- Drop sysconfig from init scripts

Sun Feb 24 13:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.1.a191.g30dbb74+git.1361731931.30dbb74:
+ Remove test_auth_token_middleware
+ Silence routes internal debug logging
+ Workaround Migration issue with PostgreSQL
+ Add pysqlite as explicit test dep
+ project membership to role conversion
+ Remove usage of UserRoleAssociation.id in LDAP
+ Add an update option to run_tests.sh
+ make fakeldap._match_query work for an arbitrary number of groups
+ Update sample_data.sh to match docs
+ Use oslo-config-2013.1b3
+ Remove old, outdated keystone devref docs
+ Implement name space for domains
+ Update the Keystone policy engine to the latest openstack common
+ Ensure user and tenant enabled in EC2
+ merging in fix from oslo upstream
+ Disable XML entity parsing
+ make LDAP query scope configurable
+ enabled attribute emulation support
+ v3 token API
+ Pass query filter attributes to policy engine
+ Removed redundant assertion
+ Update oslo-config version.
+ domain-scoping
+ Fix id_to_dn for creating objects
+ Tests for domain-scoped tokens
+ Change the default LDAP mapping for description.
+ Correct SQL migration 017 column name

Fri Feb 22 13:00:00 2013 saschpeAATTsuse.de
- Require openstack-suse-macros instead of openstack-common-macros

Thu Feb 21 13:00:00 2013 iartarisiAATTsuse.com
- added oslo-config requirement

Mon Feb 18 13:00:00 2013 saschpeAATTsuse.de
- Init script cleanup:
+ Drop useless shell variables
+ Don\'t depend on $network facility, we already have $remote_fs
(comes after $network)
+ Source /etc/sysconfig/openstack-keystone (if available), orthogonal
to the other init scripts we provide. We\'re not using this feature
ATM though
- Default configuration cleanup:
+ Use openstack-utils to set as much default values in the package
as possible (instead of patch/sed/...). Some may be overwritting
later on by, .e.g., crowbar
- More useful lograte configuration:
+ Compress
+ Make sure to keep log files for at least 90 days (i.e. rotate 15
+ weekly = 15 weeks).
+ Add size=1M to avoid getting DoS\'ed by wild daemons
+ Use copytruncate instead of create+postrotate+sharedscripts to
avoid a daemon restart

Mon Feb 18 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1.a138.g5a8682d+git.1361180251.5a8682d:
+ fix unit test when memcache middleware is not configured
+ Fix bugs with set ldap password.
+ Cleaned up keystone-all --help output
+ add missing kvs functionality (bug1119770)
+ remove unneeded config reloading (it\'s already done during setUp)
+ Update to oslo version code.

Thu Feb 14 13:00:00 2013 iartarisiAATTsuse.com
- Remove unused/upstreamed patches for requests and LDAP scope

Thu Feb 14 13:00:00 2013 iartarisiAATTsuse.cz
- Update keystone-hybrid-backend to fix unit tests
- Update to version 2013.1+git.1360841915.901d079:
+ Fix normalize identity sql ugrade for Mysql and postgresql
+ Sync latest cfg from oslo-incubator
+ Update .coveragerc
+ Query only attributes strictly required for keystone when using it with existing LDAP servers
+ remove duplicate model declaration/attribution
+ import tools/flakes from oslo
+ Expand dependency injection test coverage
+ simplify query building logic
+ Generate apache-style common access logs
+ Add missing log_format, log_file, log_dir opts.
+ allow unauthenticated connections to an LDAP server
+ Missed import for IPv6 tests skip.
+ Spell accommodate correctly.
+ Use install_venv_common.py from oslo.
+ Keystone backend preparation for domain-scoping
+ Fix spelling mistakes
+ Fix test_contrib_s3_core unit test
+ add check for config-dir parameter (bug1101129)
+ don\'t create a new, copied list in get_project_users
+ Tenant update on LDAP breaks if there is no update to apply
+ adding additional backend tests (bug1101244)

Tue Feb 12 13:00:00 2013 dmuellerAATTsuse.com
- add service-endpoints for Quantum

Mon Feb 11 13:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.1+git.1360597319.c05041e:
+ Add --keystone-user/group to keystone-manage pki_setup
+ UserApi.update not to require all fields in arg
+ return 400 Bad Request if invalid params supplied (bug1061738)
+ Relational API links
+ Adds png versions of all svg image files. Changes reference.

Mon Feb 11 13:00:00 2013 dmuellerAATTsuse.com
- Remove lp-bug-1031372.patch:

* Merged upstream

Thu Feb 7 13:00:00 2013 iartarisiAATTsuse.com
- use in-memory database for hybrid backend unit-tests

Wed Feb 6 13:00:00 2013 iartarisiAATTsuse.com
- re-enable hybrid backend

Wed Feb 6 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1+git.1360164508.8ec247b:
+ Document user group LDAP options
+ Why .pop()\'ing urls first is important
+ Imported Translations from Transifex
+ Delete Roles for User and Project LDAP
+ Fixes \'not in\' operator usage
+ Add size validations to token controller.

Mon Feb 4 13:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.1+git.1359979034.4722c84:
+ Updates migration 008 to work on PostgreSQL.
+ Create a default domain (bp default-domain)
+ tenant to project in the apis
+ Tenant to Project in Back ends
+ Enable/disable domains (bug 1100145)
+ Readme: use \'doc\' directory not \'docs\'

Thu Jan 31 13:00:00 2013 dmuellerAATTsuse.com
- Add lp-bug-1031372.patch: Rework the way pki_setup is used

Mon Jan 28 13:00:00 2013 saschpeAATTsuse.de
- Add keystone-requests-compat.patch: Compatiblity with requests>=1.0

Mon Jan 28 13:00:00 2013 dmuellerAATTsue.com
- Update to version 2013.1+git.1359377368.56f194a:
+ rename tenant to project in sql
+ Fix pep8 error.

Wed Jan 23 13:00:00 2013 cloud-develAATTsuse.de
- Update to version 2013.1+git.1358959177.7691276:
+ Limit the size of HTTP requests.

Wed Jan 23 13:00:00 2013 saschpeAATTsuse.de
- Clean up %config(noreplace), only logrotate config and
*.conf
files should be noreplace

Tue Jan 22 13:00:00 2013 dmuellerAATTsuse.com
- use pki_setup to setup initial public/private key pair

Mon Jan 21 13:00:00 2013 dmuellerAATTsuse.com
- Update to version 2013.1+git.1358761910.8748cfa:
+ Allow running of sql against the live DB.
+ Test that you can undo & re-apply all migrations
+ downgrade user and tenant
+ Auto-detect max SQL migration
+ Safer data migrations
+ Sync base identity Driver defs with SQL driver
+ Fix i18n of string templates.
+ Enhance wsgi to listen on ipv6 address
+ add database string field length check
+ Autoload schema before creating FK\'s (bug 1098174)
+ Enable exception format checking in the tests.
+ reorder tables for delete

Wed Jan 16 13:00:00 2013 dmuellerAATTsuse.com
- copy example ssl cert to the place where keystone expects it
- remove apache2 ssl/wsgi wrapper, keystone can do SSL on its
own

Mon Jan 14 13:00:00 2013 saschpeAATTsuse.de
- Update to version 2013.1+git.1358172938.ceec5c0:
+ Validated URLs in v2 endpoint creation API
+ Fixes import order nits
+ Cleanup keystoneclient testing requirements
+ Correct spelling errors / typos in test names
+ Keystone server support for user groups
+ Add missing .po files to tarball
+ adds keyring to test-requires
+ Revert \"shorten pep8 output\"
+ Upgrade WebOb to 1.2.3
+ il8n some strings
+ Imported Translations from Transifex
+ Removed unused variables
+ Removed unused imports
+ Add pyflakes to tox.ini
+ Fix spelling typo
+ shorten pep8 output
+ Driver registry
+ Adding a means to connect back to a pydevd debugger.
+ add in pip requires for requests
+ Split endpoint records in SQL by interface
+ Fix typo s/interalurl/internalurl/
+ module refactoring
+ Test for content-type appropriate 404 (bug 1089987)
+ Imported Translations from Transifex
+ fixing bug 1046862
+ Expand default time delta (bug 1089988)
+ Add tests for contrib.s3.core.
+ Test drivers return HTTP 501 Not Implemented
+ Support non-default role_id_attribute
+ Remove swift auth.
+ Move token controller into keystone.token
+ Import pysqlite2 if sqlite3 is not available.
+ Remove mentions of essex in docs (bug 1085247)
+ Ensure serviceCatalog is list when empty, not dict
+ Adding downgrade steps for migration scripts.
+ Port to argparse based cfg
+ Only \'import
*\' from \'core\' modules
+ use keystone test and change config during setUp
+ Bug 1075090 -- Fixing log messages in python source code to support internationalization.
+ Added documentation for the external auth support
+ check the redirected path on the request, not the response
+ Validate password type (bug 1081861)
+ split identities module into logical parts remove unneeded imports from core
+ Ensure token expiration is maintained (bug 1079216)
+ normalize identity
+ Fixes typo in keystone setup doc
+ Imported Translations from Transifex
+ Stop using cfg\'s internal implementation details
+ syncing run_tests to match tox
+ Expose auth failure details in debug mode
+ Utilize policy.json by default (bug 1043758)
+ Wrap v3 API with RBAC (bug 1023943)
+ v3 Identity
+ v3 Catalog
+ v3 Policies
+ Import auth_token middleware from keystoneclient
+ Imported Translations from Transifex
+ Refix transient test failures
+ Make the controller addresses configurable.
+ Expose authn/z failure info to API in debug mode
+ Refactor TokenController.authenticate() method.
+ Fix error un fixtures.
+ Ensures User is member of tenant in ec2 validation
+ Properly list tokens with a null tenant
+ Reduce total number of fixtures
+ Provide config file fields for enable users in LDAP backend (bug1067516)
+ populate table check.
+ Run test_keystoneclient_sql in-memory
+ Make tox.ini run pep8 checks on bin.
+ tweaking docs to fix link to wiki Keystone page
+ Various pep8 fixes for keystone.
+ Use the right subprocess based on os monkeypatch
+ Fix transient test failures (bug 1077065, bug 1045962)
+ Rewrite initial migration
+ Fix default port for identity.internalURL
+ Improve feedback on test failure
+ fixes bug 1074172
+ SQL upgrade test.
+ Include \'extra\' attributes twice (bug 1076120)
+ Return non-indexed attrs, not \'extra\' (bug 1075376)
+ bug 1069945: generate certs for the tests in one place
+ monkeypatch cms Popen
+ HACKING compliance: consistent use of \'except\'
+ auth_token hash pki key PKI tokens on hash in memcached when accessed by auth_token middelware
+ key all backends off of hash of pki token.
+ don\'t import filter_user name, use it from the identity module
+ don\'t modify the passed in dict to from_dict
+ move hashing user password functions to common/utils
+ ignore .tox directory for pep8 in runtests
+ Imported Translations from Transifex
+ Implements REMOTE_USER authentication support.
+ pin sqlalchemy to 0.7
+ Move \'opentack.context\' and \'openstack.params\' definitions to keystone.common.wsgi
+ Removes duplicate flag for token_format.
+ Raise exception if openssl stderr indicates one.
+ Ignore keystone.openstack for PEP8
+ Fixed typo in log message
+ Fixes 500 err on authentication for invalid body
+ Enable Deletion of Services with Endpoints
+ Exception.message deprecated in py26 (bug 1070890)
+ Utilize logging instead of print()
+ stop LdapIdentity.create_user from returning the user\'s password
+ Compare token expiry without seconds
+ Moved SQL backend tests into memory
+ Add trove classifiers for PyPI
+ Adding handling for get user/tenant by name
+ Fixed bug 1068851. Refreshed new crypto for the SSL tests.
+ move filter_user function to keystone.identity.core
+ Fixes response for missing credentials in auth
+ making PKI default token type
+ Fixes Bug 1063852
+ bug 1068674
+ Update common.
+ Extract hardcoded configuration in ldap backend (bug 1052111)
+ Fix Not Found error, when router not match.
+ add --config-dir=DIR for keystone-all option
+ Add --config-dir=DIR in OPTIONS
+ Delete role does not delete role assignments in tenants (bug 1057436)
+ replacing PKI token detection from content length to content prefix. (bug 1060389)
+ Document PKI configuration and management
+ Raise if we see incorrect keyword args \"condition\" or \"methods\"
+ Filter users in LDAP backend (bug 1052925)
+ Use setup.py develop to insert code into venv.
+ Raise 400 if credentials not provided (bug 1044032)
+ Fix catalog when services have no URL
+ Unparseable endpoint URL\'s should raise friendly error
+ Configurable actions on LDAP backend in users Active Directory (bug 1052929)
+ Unable to delete tenant if contains roles in LDAP backend (bug 1057407)
+ Replaced underscores with dashes
+ fixes bug 1058429
+ Command line switch for standard threads.
+ Remove run_test.py in favor of stock nose.
+ utf-8 encode user keys in memcache (bug 1056373)
+ Convert database schemas to use utf8 character set.
+ Return a meaningful Error when token_id is missing
+ Backslash continuation cleanup
+ notify calling process we are ready to serve
+ add Swift endpoint in sample data
+ Updated Fix for duplicated entries on LDAP backend for get_tenant_users
+ Fix wsgi config file access for HTTPD
+ Bump version to 2013.1
+ add Quantum endpoint in sample data
+ Add XML namespace support for OSADM service api.
+ Identity API v3 Config, Routers, Controllers
- Updated requirements
- Dropped patches (merged upstream):
+ keystone-certs-test.patch
+ keystone-sql-backend-from_dict.patch
+ keystone-webob-empty-resp-environ.patch
- Dropped FIX-BUILD.patch, we should fix that finally
- Disabled hybrid LDAP backend

Fri Jan 11 13:00:00 2013 iartarisiAATTsuse.com
- revert %setup to also unpack hybrid backend tarball

Fri Jan 11 13:00:00 2013 iartarisiAATTsuse.com
- update and re-enable backend hybrid code:

* use sample config for testing

* raise errors in user retrieval code instead of returning None

Fri Jan 11 13:00:00 2013 saschpeAATTsuse.de
- Require WebTest instead of webtest in the test sub-package

Thu Jan 10 13:00:00 2013 saschpeAATTsuse.de
- Add logrotate configuration

Wed Jan 9 13:00:00 2013 bwiedemannAATTsuse.com
- package sample_data.sh for use in quickstart script

Wed Dec 19 13:00:00 2012 saschpeAATTsuse.de
- Move to obs-service-git_tarballs
- Update to version 2012.2.3+git.1355917214.0c8c2a3:
+ Merge commit \'refs/changes/01/17901/1\' of ssh://review.openstack.org:29418/openstack/keystone into stable/folsom
+ Bump next version to 2012.2.3
+ Ensure serviceCatalog is list when empty, not dict

Mon Dec 10 13:00:00 2012 saschpeAATTsuse.de
- Update to version 2012.2.1+git.1354224563.7869c3e:
+ lp#1064914 Removing user from a tenant isn\'t invalidating user access to
tenant
+ lp#1073569 Jenkins jobs fail because of incompatibility between
sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1
+ lp#1078497 keystone throws error when removing user from tenant.
+ lp#1060389 Non PKI Tokens longer than 32 characters can never be valid
+ lp#1068851 Openssl tests rely on expired certificate
+ lp#1079216 token expires time incorrect for auth by one token
+ lp#968519 Object reference validation should occur in drivers
+ lp#1068674 Redo part of bp/sql-identiy-pam undone by bug 968519

Wed Dec 5 13:00:00 2012 saschpeAATTsuse.de
- Use AATTPARENT_TAGAATT in _service file to automate versioning

Mon Dec 3 13:00:00 2012 iartarisiAATTsuse.com
- fix unittest failure with ssl certificates

Fri Nov 30 13:00:00 2012 iartarisiAATTsuse.com
- fix unittest failure on our version of webob

Thu Nov 22 13:00:00 2012 iartarisiAATTsuse.com
- fix typo in passlib dependency package name

Thu Nov 22 13:00:00 2012 saschpeAATTsuse.de
- Split of doc package into seperate spec file
- Comment out hybrid_backend parts for now to fix build
- Re-arranged %build section to match other packages
- Removed a whole bunch of unneded build requirements
- Updated requirements for python module and test sub-packages

Wed Nov 21 13:00:00 2012 iartarisiAATTsuse.com
- disable keystone-hybrid-backend source service

Tue Nov 20 13:00:00 2012 iartarisiAATTsuse.com
- Add source service for keystone-hybrid-backend
- Update to latest git (f65604d):
+ Ensures User is member of tenant in ec2 validation

Thu Nov 15 13:00:00 2012 saschpeAATTsuse.de
- Use openstack-macros

Thu Nov 8 13:00:00 2012 saschpeAATTsuse.de
- Fix malformed changes file entries

Thu Nov 8 13:00:00 2012 saschpeAATTsuse.de
- Update to version 2012.2 (Folsom):
+ See https://github.com/openstack/keystone/commits/folsom-3
- Drop the following upstreamed patches:
+ keystone-ldap-no-authentication.patch
+ keystone-log-warn-auth-errors.patch
- Rebased the following patches:
+ keystone-sql-backend-from_dict.patch
+ keystone-hybrid-conf-scope.patch
- BuildRequire python-pam for man-page build
- Install new man-pages keystone-all.1 and keystone-manage.1
- Introduce temporary FIX-BUILD.patch

Thu Nov 8 13:00:00 2012 saschpeAATTsuse.de
- Drop from_vcs build flag

Wed Oct 31 13:00:00 2012 saschpeAATTsuse.de
- Drop temporary fixes for file permissions and attributes in %post
section. They were necessary only to migrate from pre-1.0 packages.

Tue Oct 16 14:00:00 2012 iartarisiAATTsuse.cz
- patch sql backend\'s from_dict method to not modify the content of the
passed in dict (lp:1066851)

Wed Oct 10 14:00:00 2012 iartarisiAATTsuse.cz
- add hybrid backend test configuration file

Wed Oct 10 14:00:00 2012 iartarisiAATTsuse.cz
- make user search ldap SCOPE configurable in the hybrid backend

Mon Oct 8 14:00:00 2012 iartarisiAATTsuse.cz
- fix LDAP bind with dinamically found user DN

Fri Oct 5 14:00:00 2012 iartarisiAATTsuse.cz
- hybrid backend fixes:
+ use the DN for the user we just signed in to check for password
+ fix invalid user error (bnc#783200)

Tue Oct 2 14:00:00 2012 iartarisiAATTsuse.cz
- fix checking for SQL user passwords in the hybrid backend bnc#783036

Mon Oct 1 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (0e1f05e):
+ utf-8 encode user keys in memcache (bug 1056373)

Wed Sep 26 14:00:00 2012 jdsnAATTsuse.de
- make init script start after database (bnc#781798)

Sun Sep 16 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (176ee9b):
+ Require authz to update user\'s tenant (bug 1040626)
+ List tokens for memcached backend
+ Delete user tokens after role grant/revoke
+ Limit token revocation to tenant (bug 1050025)

Wed Sep 12 14:00:00 2012 vuntzAATTsuse.com
- Do not use a sed to modify /usr/bin/gensslcert in %post: this
file belongs to another package, and we actually don\'t do any
change with the sed... Fix bnc#779747.

Mon Sep 10 14:00:00 2012 vuntzAATTsuse.com
- Add keystone-fix-revoke.patch: fix revoking of roles to also
invalidate already existing tokens. Fix bnc#779477,
CVE-2012-4413.

Tue Aug 28 14:00:00 2012 cthielAATTsuse.com
- Require authz to update user\'s tenant (lp#1040626, bnc#777664)

Fri Aug 24 14:00:00 2012 bwiedemannAATTsuse.com
- mark hybrid_config.py as config

Thu Aug 23 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (a16a0ab):
+ Allow overloading of username and tenant name in the config files.
+ Returning roles from authenticate in ldap backend

Tue Aug 14 14:00:00 2012 iartarisiAATTsuse.cz
- Add hybrid identity backend

Tue Aug 14 14:00:00 2012 iartarisiAATTsuse.cz
- Add patch to log all Unauthorized exceptions (authentication
failures). Discussed in bnc#753329.

Fri Aug 10 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (359c426):
+ Open 2012.1.3 development

Wed Aug 8 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (afc37ae):
+ Open 2012.1.2 development

Tue Aug 7 14:00:00 2012 bwiedemannAATTsuse.com
- drop executable bit from config file

Tue Jul 31 14:00:00 2012 jenkinsAATTsuse.de
- Update to latest git (f65604d):
+ fix variable names to coincide with the ones in common.ldap
+ Import ec2 credentials from old keystone db
+ Raise unauthorized if tenant disabled (bug 988920)

Tue Jul 31 14:00:00 2012 iartarisiAATTsuse.cz
- Remove fix-ldap-varnames patch after being accepted upstream

Wed Jul 25 14:00:00 2012 saschpeAATTsuse.de
- Secure file permissions for Apache SSL certificate files

Thu Jul 19 14:00:00 2012 cthielAATTsuse.com
- drop keystone-cleanup-user-tenant-deletion.patch, which has been merged
upstream: https://review.openstack.org/#/c/7482/

Tue Jul 17 14:00:00 2012 saschpeAATTsuse.de
- Fix WSGI app names, use the \'composite\' apps to get the correct
routes mapping

Tue Jul 17 14:00:00 2012 saschpeAATTsuse.de
- Forward keystone WSGI log events to mod_wsgi

Tue Jul 17 14:00:00 2012 iartarisiAATTsuse.cz
- Fix some variable names in the LDAP backend which were causing
NameErrors
- Don\'t require authentication for LDAP

Mon Jul 16 14:00:00 2012 iartarisiAATTsuse.cz
- Fix bnc#755426 cleanup dependent data upon user/tenant deletion

Mon Jul 9 14:00:00 2012 saschpeAATTsuse.de
- Provide Apache2 SSL-proxy example configuration based on mod_wsgi
- Provide self-signed SSL certificates to be used for non-production setups
(like openstack-quickstart)
- Fix /var/lib/keystone permissions to 0755

Mon Jul 2 14:00:00 2012 saschpeAATTsuse.de
- Drop runtime requirement on openstack-glance
- Change requirement for openstack-swift to python-swift, keystone
only seems to use it in the S3-compatibility code
- Change requirement for openstack-nova to python-nova, keystone
only seems to use it in the EC2-compatibility code

Wed Jun 27 14:00:00 2012 saschpeAATTsuse.de
- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV
- Simplify from_vcs macros

Wed Jun 27 14:00:00 2012 vuntzAATTsuse.com
- Really drop unused disable-tests.patch: not needed anymore.

Tue Jun 26 14:00:00 2012 saschpeAATTsuse.de
- Consistent package summaries
- Use upstream description and correct URL
- Macro cleanup:
+ Package is noarch except for SLE-11
+ No need to redefine %_initddir, SLE-11 works correctly

Mon Jun 25 14:00:00 2012 saschpeAATTsuse.de
- Also install documentation and manpage when build
- No need for \"fixing\" the %_initddir macro

Tue Jun 12 14:00:00 2012 saschpeAATTsuse.de
- Use \'openstack-keystone\' system user instead of \'keystone\'

Wed Jun 6 14:00:00 2012 saschpeAATTsuse.de
- Add %restart_on_update to %post section for openstack-keystone
(daemons should be restarted after package update)
- Fix some rpmlint warnings
- Added rpmlintrc for non-issues

Thu May 24 14:00:00 2012 jfehligAATTsuse.com
- Add \'Requires: python >= 2.6.8\' to openstack-keystone and
python-keystone subpackage

Thu Mar 29 14:00:00 2012 bwiedemannAATTsuse.com
- use latest upstream default_catalog.templates to fix nova-volume problems

Tue Feb 14 13:00:00 2012 bwiedemannAATTsuse.com
- run as keystone user

Wed Feb 8 13:00:00 2012 rhaferAATTsuse.de
- Updated to the lastest git checkout

Thu Jan 26 13:00:00 2012 rhaferAATTsuse.de
- Fixed try-restart implementation in init-script

Thu Jan 26 13:00:00 2012 rhaferAATTsuse.de
- Fixed init script dependencies

Thu Jan 26 13:00:00 2012 rhaferAATTsuse.de
- removed no longer needed workaround for lp#921054
- patch for lp#921634 is upstreamed
- refreshed config file patch

Tue Jan 24 13:00:00 2012 rhaferAATTsuse.de
- Added workaround for doc/, examples/ and tools/ dirs showing up
in site-packages/
(https://bugs.launchpad.net/keystone/+bug/921054)
- Include examples into the -doc subpackage

Tue Jan 24 13:00:00 2012 rhaferAATTsuse.de
- cleaned up more dependencies

Mon Jan 23 13:00:00 2012 rhaferAATTsuse.de
- run testsuite during build

Fri Jan 20 13:00:00 2012 rhaferAATTsuse.de
- Updated to today\'s git snapshot
- Removed some unneeded conditionals
- Updated dependencies

Mon Jan 16 13:00:00 2012 prusnakAATTopensuse.org
- fix initscript scriptlets

Tue Jan 10 13:00:00 2012 bwiedemannAATTsuse.com
- use spdx.org License name Apache-2.0

Tue Dec 13 13:00:00 2011 mlinAATTsuse.com
- Enabled build from git
- Removed unnecessary dependencies
- Separate python-keystone
- Fix rpmlint warning
- Enabled build for Fedora

Mon Dec 5 13:00:00 2011 prusnakAATTopensuse.org
- added preun and postun sections to handle initscripts

Mon Dec 5 13:00:00 2011 prusnakAATTopensuse.org
- spec cleanup


 
ICM