OpenStack Identity (Keystone)

Keystone 2013.1 "grizzly"

Milestone information

Project:
Keystone
Series:
grizzly
Version:
2013.1
Code name:
grizzly
Released:
2013-04-04  
Registrant:
Thierry Carrez
Release registered:
2013-04-04
Active:
No. Drivers cannot target bugs and blueprints to this milestone.  

Download RDF metadata

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File Description Downloads
download icon keystone-2013.1.tar.gz (md5, sig) Keystone 2013.1 release 763
last downloaded 24 hours ago
Total downloads: 763

Release notes 

This is Keystone 2013.1 release.
See https://wiki.openstack.org/wiki/ReleaseNotes/Grizzly

Changelog 

This release does not have a changelog.

15 blueprints and 178 bugs targeted

Blueprint Priority Assignee Delivery
Implement V3 keystone API 5 Essential Dolph Mathews  11 Implemented
Implement a policy.json and RBAC controls for invoking the Keystone API 5 Essential Dolph Mathews  11 Implemented
Default domain to support Identity API v2 5 Essential Dolph Mathews  11 Implemented
ActiveDirectory based LDAP back-end 4 High Jose Castro Leon  11 Implemented
Implement auth on Identity API v3 4 High Guang Yee  11 Implemented
Normalize tables in SQL database 4 High Adam Young  11 Implemented
Replace Tenant-User Membership with default role 4 High Adam Young  11 Implemented
Support Groups of Users within Keystone 4 High Henry Nash  11 Implemented
move the auth_token middleware to the keystoneclient repository 4 High Henry Nash  11 Implemented
Token trusts 4 High Adam Young  11 Implemented
Allow scoping to a domain, as well as a project 3 Medium Henry Nash  11 Implemented
Private name spaces for domains 3 Medium Henry Nash  11 Implemented
Role assignment to a domain should be more flexible 3 Medium Henry Nash  11 Implemented
Pluggable Identity Authentication Handlers 3 Medium Guang Yee  11 Implemented
Multi-factor-authentication 3 Medium Guang Yee  11 Implemented
Bug report Importance Assignee Status
1064914 #1064914 [OSSA-2012-018] Removing user from a tenant isn't invalidating user access to tenant 2 Critical Vish Ishaya  10 Fix Released
1075376 #1075376 keystoneclient unit tests fails on update tenants and users 2 Critical Dolph Mathews  10 Fix Released
1078497 #1078497 keystone throws error when removing user from tenant. 2 Critical Vish Ishaya  10 Fix Released
1093493 #1093493 v3 grant/revoke roles to not invalidate existing tokens 2 Critical Henry Nash  10 Fix Released
1119789 #1119789 Role table not upgraded to grizzly cleanly 2 Critical William Kelly  10 Fix Released
1122403 #1122403 no such option: log_format 2 Critical Dan Prince  10 Fix Released
1131087 #1131087 Roles lost in Folsom to Grizzly upgrade 2 Critical Adam Young  10 Fix Released
1131265 #1131265 LDAP scoped queries breaks object creation 2 Critical Adam Young  10 Fix Released
1152801 #1152801 V3 tokens do not show up in list_tokens_for_trust 2 Critical Adam Young  10 Fix Released
861854 #861854 Token in URL is a security risk 3 High Dolph Mathews  10 Fix Released
1023502 #1023502 Horizon does not use the default tenant 3 High Dolph Mathews  10 Fix Released
1031372 #1031372 PKI certs not readable by keystone user 3 High Dirk Mueller  10 Fix Released
1039567 #1039567 auth_token middleware should be stand alone 3 High Henry Nash  10 Fix Released
1043758 #1043758 RBAC policy definition is not utilized by default (policy.json) 3 High Dolph Mathews  10 Fix Released
1044032 #1044032 Trying to auth with a bad request reply with a KeyError 3 High Dolph Mathews  10 Fix Released
1057436 #1057436 Delete role does not delete roles assignment in tenants 3 High Jose Castro Leon  10 Fix Released
1060389 #1060389 Non PKI Tokens longer than 32 characters can never be valid 3 High Dan Radez  10 Fix Released
1061738 #1061738 create_service() returns 500 Internal Server Error when bad keyword arg (XML only) 3 High gordon chung  10 Fix Released
1063852 #1063852 Default to PKI tokens 3 High Joseph Heck  10 Fix Released
1068851 #1068851 Openssl tests rely on expired certificate 3 High Guang Yee  10 Fix Released
1070351 #1070351 Cannot perform external Auth against SQL Backend 3 High   10 Fix Released
1074172 #1074172 PKI tokens are broken after 24 hours 3 High Vish Ishaya  10 Fix Released
1079216 #1079216 [OSSA-2012-019] token expires time incorrect for auth by one token 3 High Russell Bryant  10 Fix Released
1087405 #1087405 serviceCatalog is dict in the case of no endpoints 3 High Brian Waldon  10 Fix Released
1093248 #1093248 Domain role grants need to be honored in token authentication 3 High Henry Nash  10 Fix Released
1098307 #1098307 [OSSA 2013-003] unauthenticated POST to /tokens can fill up disk/logs 3 High Dan Prince  10 Fix Released
1099025 #1099025 block really large requests 3 High Dan Prince  10 Fix Released
1100145 #1100145 Disabling a domain has no effect 3 High Dolph Mathews  10 Fix Released
1100279 #1100279 [OSSA 2013-004] Local file leak through entities in XML requests (CVE-2013-1665) 3 High Dolph Mathews  10 Fix Released
1100282 #1100282 [OSSA 2013-004] DoS through XML entity expansion (CVE-2013-1664) 3 High Dolph Mathews  10 Fix Released
1101240 #1101240 Filter by attribute not fully supported in v3 keystone identity implementation 3 High Henry Nash  10 Fix Released
1110758 #1110758 The Domain attribute for Projects in Keystone v3 Identity API should not be an optional 3 High Henry Nash  10 Fix Released
1112535 #1112535 Keystone db_sync fails w/ PostgreSQL (migration 008) 3 High Dan Prince  10 Fix Released
1121494 #1121494 [OSSA 2013-005] EC2 authentication does not ensure user or tenant is enabled 3 High Dolph Mathews  10 Fix Released
1126021 #1126021 Updating Project and Group fails to update certain attributes 3 High gordon chung  10 Fix Released
1126043 #1126043 Keystone RBAC should support checking against query filter items 3 High Henry Nash  10 Fix Released
1126048 #1126048 Keystone v3 api has some duplicate url apis 3 High Henry Nash  10 Fix Released
1128256 #1128256 Use oslo-config 1.1.0 release 3 High Mark McLoughlin  10 Fix Released
1128925 #1128925 v3 Identity api spec has come incorrect query filters 3 High Henry Nash  10 Fix Released
1130236 #1130236 Domains are not validated on authentication 3 High Henry Nash  10 Fix Released
1130424 #1130424 SQL migration 017 fails with non-empty database 3 High Dean Troyer  10 Fix Released
1131769 #1131769 Getting domain roles for token missing in kvs/ldap backends 3 High Henry Nash  10 Fix Released
1131819 #1131819 v3_protection test leaves CONF.policyfile setting in incorrect state 3 High Henry Nash  10 Fix Released
1131840 #1131840 v3 auth API untranslatable to XML 3 High Guang Yee  10 Fix Released
1145267 #1145267 /v3/auth/tokens vs /v3/auth/token 3 High Dolph Mathews  10 Fix Released
1148186 #1148186 Update keystone version info to include v3 3 High Henry Nash  10 Fix Released
1152283 #1152283 delete token for trust invalidation has typo 3 High Adam Young  10 Fix Released
1154406 #1154406 WARNING [keystone.auth.controllers] duplicate option: password 3 High Dan Prince  10 Fix Released
1156780 #1156780 Folsom to Grizzly migration fails on non-empty sqlite db. 3 High Adam Gandelman  10 Fix Released
1156913 #1156913 V2 to V3 token intermix for unscoped token is broken 3 High Guang Yee  10 Fix Released
1157430 #1157430 V3 V2 token intermix should not allowed for non-default domain 3 High Guang Yee  10 Fix Released
1160504 #1160504 Grizzly v2 catalog has slight formatting changes compared to Folsom 3 High Dolph Mathews  10 Fix Released
1162845 #1162845 "Too many connections" with MySQL + sql token driver + v3 auth 3 High Dolph Mathews  10 Fix Released
949467 #949467 need a way to get a token for acting on behalf of a user to another service 4 Medium Adam Young  10 Fix Released
981906 #981906 Improve error message when there's a bad user / password somewhere 4 Medium Dolph Mathews  10 Fix Released
999615 #999615 Swift not allow ACLs between different users in different tenants using KeyStone 4 Medium Chmouel Boudjnah  10 Fix Released
1004380 #1004380 Need downloadable link for private keys 4 Medium Dolph Mathews  10 Fix Released
1023937 #1023937 v3api - core impl - identity 4 Medium Dolph Mathews  10 Fix Released
1023938 #1023938 v3api - core impl - catalog 4 Medium Dolph Mathews  10 Fix Released
1023939 #1023939 v3api - core impl - policy 4 Medium Dolph Mathews  10 Fix Released
1023943 #1023943 v3api - wrap API calls with RBAC 4 Medium Dolph Mathews  10 Fix Released
1028683 #1028683 Auth_token middleware logs env at warning level for missing auth token 4 Medium Nachiappan  10 Fix Released
1039112 #1039112 Cannot run Keystone in debugger 4 Medium Adam Young  10 Fix Released
1040361 #1040361 Use Keyring to store Tokens 4 Medium Guang Yee  10 Fix Released
1042144 #1042144 XML body not working for OSADM service api: namespace needs to be taken into account when deserializing XML 4 Medium Vincent Hou  10 Fix Released
1050406 #1050406 get_users on tenant retrieves duplicated entries on LDAP backend 4 Medium Jose Castro Leon  10 Fix Released
1051081 #1051081 HTTPD config file errors 4 Medium Adam Young  10 Fix Released
1055763 #1055763 Get user/tenant by name returning full list 4 Medium Justin Shepherd  10 Fix Released
1058429 #1058429 run_test.sh produces no output 4 Medium Joseph Heck  10 Fix Released
1068181 #1068181 Valid column creation in token table fails with postgres 4 Medium Dirk Mueller  10 Fix Released
1069667 #1069667 keystone user-update with ldap not working 4 Medium   10 Fix Released
1077065 #1077065 Transient test failures: test_service.RemoteUserTest 4 Medium Alvaro Lopez  10 Fix Released
1081681 #1081681 Unclear how domain_id is set for a user in v3 API 4 Medium   10 Fix Released
1081943 #1081943 belongsTo not implemented for UUID; raises 500 on mismatch w/ PKI 4 Medium Adam Young  10 Fix Released
1085247 #1085247 Keystone development documentation mentions Essex in many places 4 Medium Eduardo Patrocinio  10 Fix Released
1089987 #1089987 Non-API specific 404 exposes traceback 4 Medium Dolph Mathews  10 Fix Released
1090247 #1090247 create endpoint region name which is allow longer than 256 4 Medium Tony NIU  10 Fix Released
1092187 #1092187 LDAP implementation incomplete for User Groups 4 Medium Sahdev Zala  10 Fix Released
1096063 #1096063 Missing locale files in published tarballs 4 Medium Thierry Carrez  10 Fix Released
1097995 #1097995 Delete domain -- doesn't do anything with groups/users/tenants 4 Medium Henry Nash  10 Fix Released
1098174 #1098174 MySQL db_sync issue 4 Medium Dolph Mathews  10 Fix Released
1101043 #1101043 xml_body returns backtrace on XMLSyntaxError 4 Medium David Höppner  10 Fix Released
1101244 #1101244 keystone v3 grant unit-tests are relatively patchy 4 Medium gordon chung  10 Fix Released
1131294 #1131294 X-Subject-Token not returned on token validation 4 Medium Dolph Mathews  10 Fix Released
1134802 #1134802 expires_at and issues_at have inconsistent time stamp format 4 Medium Guang Yee  10 Fix Released
1137696 #1137696 Endpoint default config values fail to load with TypeError 4 Medium Dolph Mathews  10 Fix Released
1143998 #1143998 nova-api crash - keystone.middleware.auth_token broken 4 Medium Dolph Mathews  10 Fix Released
1150930 #1150930 keystone commands failing 4 Medium Dolph Mathews  10 Fix Released
1151747 #1151747 List endpoints through XML interface using keystone v3 is not successful 4 Medium Guang Yee  10 Fix Released
1152635 #1152635 legacy_endpoint_id returned on v3 4 Medium Adam Young  10 Fix Released
1153786 #1153786 ldap dereferencing is broken in the ldap backend 4 Medium Allan Feid  10 Fix Released
1155921 #1155921 Deleting User or Project should clean up Credentials/Tokens 4 Medium Henry Nash  10 Fix Released
1155924 #1155924 CredentialNotFound exception is referenced but not defined 4 Medium Henry Nash  10 Fix Released
1156594 #1156594 deserializing xml results in bad links 4 Medium Dolph Mathews  10 Fix Released
1158783 #1158783 keystone-all and keystone-manage --version are blank 4 Medium Dolph Mathews  10 Fix Released
1158980 #1158980 Rename RH-TRUST to OS-TRUST 4 Medium Russell Bryant  10 Fix Released
1159987 #1159987 auth.token_factory recreates all token data from the db on every use 4 Medium termie  10 Fix Released
1162857 #1162857 "Too many open files" with PKI + sqlite + v3 auth 4 Medium Dolph Mathews  10 Fix Released
1023544 #1023544 The "enabled" field is not type-safe nor is it normalized 5 Low Adam Young  10 Fix Released
1045962 #1045962 Transient test failure: test_token_expiry_maintained 5 Low Dolph Mathews  10 Fix Released
1046862 #1046862 Test failures in py26 environment 5 Low Steve Martinelli  10 Fix Released
1070890 #1070890 BaseException.message deprecated in py26 5 Low Dolph Mathews  10 Fix Released
1081167 #1081167 sql 006 sript needs downgrade 5 Low Justin Shepherd  10 Fix Released
1089988 #1089988 Slow test execution causing transient failures 5 Low Dolph Mathews  10 Fix Released
1103569 #1103569 unable to load certificate should abort request 5 Low David Höppner  10 Fix Released
1131292 #1131292 v3 auth - empty catalog returned for unscoped tokens 5 Low Dolph Mathews  10 Fix Released
1133526 #1133526 v3 tokens contain an 'expires' attr instead of 'expires_at' 5 Low Malini Bhandaru  10 Fix Released
1135306 #1135306 Start keyston with debug host and port fails 5 Low Nachiappan  10 Fix Released
1152632 #1152632 null endpoints are not ignored by v3 5 Low Dolph Mathews  10 Fix Released
1154918 #1154918 legacy_endpoint_id actually stored in 'extra' 5 Low Dolph Mathews  10 Fix Released
1155922 #1155922 Lack of negative testing for Credentials 5 Low Henry Nash  10 Fix Released
909543 #909543 Use tenants instead of tenant in next version of API 6 Wishlist Joseph Heck  10 Fix Released
927879 #927879 add unit test to check for plurals in routes 6 Wishlist David Ripton  10 Fix Released
1023930 #1023930 v3api testing - identity 6 Wishlist Dolph Mathews  10 Fix Released
1023933 #1023933 v3api testing - catalog 6 Wishlist Dolph Mathews  10 Fix Released
1023935 #1023935 v3api testing - policy 6 Wishlist Dolph Mathews  10 Fix Released
1063858 #1063858 LDAP identity driver does not support 'enabled' 6 Wishlist Yuriy Taraday  10 Fix Released
1067516 #1067516 Provide config file fields for enable users in LDAP backend 6 Wishlist Jose Castro Leon  10 Fix Released
1073291 #1073291 Update sample_data.sh to match docs 6 Wishlist David Höppner  10 Fix Released
1075090 #1075090 I18N issue: some log/messages are not wrapped with _() 6 Wishlist Nachiappan  10 Fix Released
1132080 #1132080 Tests for v3 protection/filtering need to be improved 6 Wishlist Henry Nash  10 Fix Released
1132372 #1132372 Filtering the results from an api call by boolean doesn't work 6 Wishlist Henry Nash  10 Fix Released
1136967 #1136967 The "methods" modules conflicts with common usage in python 6 Wishlist Dolph Mathews  10 Fix Released
1019475 #1019475 Need to cascade deletes from services to endpoints 1 Undecided Sathish Nagappan  10 Fix Released
1052111 #1052111 extract hardcoded configuration in LDAP backend 1 Undecided Jose Castro Leon  10 Fix Released
1052925 #1052925 Filter users, tenants and roles in LDAP backend 1 Undecided Jose Castro Leon  10 Fix Released
1052929 #1052929 Configurable actions on LDAP backend in users, tenants and roles 1 Undecided Jose Castro Leon  10 Fix Released
1053474 #1053474 missing X-Auth-Token Header yields Internal Server Error (500) instead of 401 1 Undecided Ralf Haferkamp  10 Fix Released
1054412 #1054412 keystone database schemas should use utf8 character set 1 Undecided Yaguang Tang  10 Fix Released
1057407 #1057407 Unable to delete tenant if contains roles in LDAP backend 1 Undecided Jose Castro Leon  10 Fix Released
1058494 #1058494 Unparseable endpoint URL's should raise a user friendly error 1 Undecided stelford  10 Fix Released
1060709 #1060709 500 Error returned by Keystone server on passing invalid body for POST /tokens 1 Undecided Unmesh Gurjar  10 Fix Released
1060723 #1060723 Incorrect HTTP response for POST /v2.0/tokens scenarios 1 Undecided Unmesh Gurjar  10 Fix Released
1061736 #1061736 SQL backend fails if not all URL are defined in an endpoint 1 Undecided Julien Danjou  10 Fix Released
1064585 #1064585 Docs missing for keystone-manage pki_setup 1 Undecided Adam Young  10 Fix Released
1065234 #1065234 404 and accept 'application/xml' causes 500 response 1 Undecided wanglong  10 Fix Released
1066851 #1066851 tenant dictionary passed to (SQL)Identity.create_tenant is modified 1 Undecided Ionuț Arțăriși  10 Fix Released
1068674 #1068674 Redo part of bp/sql-identiy-pam undone by bug 968519 1 Undecided Ken Thomas  10 Fix Released
1069945 #1069945 certificate generation for unit tests cannot be replicated 1 Undecided Guang Yee  10 Fix Released
1071855 #1071855 The cms module does not raise an exception if the call fails, but the exit code is zero. 1 Undecided   10 Fix Released
1073272 #1073272 PKI-signed token hash saved as token ID for SQL backend only 1 Undecided Russell Cloran  10 Fix Released
1073343 #1073343 Key PKI tokens on hash in memcached for auth_token middleware 1 Undecided Adam Young  10 Fix Released
1073569 #1073569 Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1 1 Undecided Ionuț Arțăriși  10 Fix Released
1074257 #1074257 quantum-server creates openssl zombies until process limit is reached 1 Undecided Adam Young  10 Fix Released
1076120 #1076120 update tenant api changed 1 Undecided Dolph Mathews  10 Fix Released
1079661 #1079661 API v3 users.list limits result 1 Undecided Dolph Mathews  10 Fix Released
1081861 #1081861 password type differences when create user 1 Undecided Wu Wenxiang  10 Fix Released
1082805 #1082805 transifex-ify all current OpenStack projects 1 Undecided olaph  10 Fix Released
1083463 #1083463 Size limit exceeded when querying AD with more than 1000 entries 1 Undecided Jose Castro Leon  10 Fix Released
1086812 #1086812 test_create_certs ssl certificate directory is wrongly set 1 Undecided Ionuț Arțăriși  10 Fix Released
1092200 #1092200 Listing grants in v3 can issue an un-caught exception 1 Undecided Henry Nash  10 Fix Released
1092227 #1092227 ceilometer dependency WebOb>=1.2dev is causing conflict with other Openstack modules 1 Undecided Doug Hellmann  10 Fix Released
1096466 #1096466 python keyring required for testing 1 Undecided Ken Pepple  10 Fix Released
1097747 #1097747 V2: Endpoint creation with missing URL returns 500 1 Undecided Tushar Patil  10 Fix Released
1101129 #1101129 keystone-all --config-dir is being ignored 1 Undecided gordon chung  10 Fix Released
1102358 #1102358 Filter LDAP attribute queries in existing LDAP infrastructures 1 Undecided Jose Castro Leon  10 Fix Released
1112058 #1112058 Use the "not in" operator for collection membership evaluation 1 Undecided shu, xinxin  10 Fix Released
1113146 #1113146 test_auth_token_middleware fails when using latest keystoneclient 1 Undecided   10 Fix Released
1115519 #1115519 user delete fails on LDAP when user has assigned roles 1 Undecided   10 Fix Released
1117362 #1117362 Update Object on LDAP module breaks if there is no update 1 Undecided Jose Castro Leon  10 Fix Released
1118161 #1118161 v3 Keystone Identity api should support domain_id as a query filter when listing Users 1 Undecided Henry Nash  10 Fix Released
1119495 #1119495 Allow unauthenticated LDAP connections in the LDAP backend 1 Undecided Ionuț Arțăriși  10 Fix Released
1119770 #1119770 identity kvs impl missing/differing functionality compared to sql 1 Undecided gordon chung  10 Fix Released
1120896 #1120896 S3 signature unit tests do not run standalone 1 Undecided Nathanael Burton  10 Fix Released
1122181 #1122181 Allow for different LDAP scopes when authenticating 1 Undecided Ionuț Arțăriși  10 Fix Released
1126037 #1126037 Keystone should use latest policy engine 1 Undecided Henry Nash  10 Fix Released
1129243 #1129243 fakehttpconnection unit tests failure - unexpected keyword argument 'timeout' 1 Undecided Ionuț Arțăriși  10 Fix Released
1131119 #1131119 Add user has wrong response code 1 Undecided gordon chung  10 Fix Released
1131439 #1131439 keystone.conf.sample missing domain_id_attribute examples 1 Undecided Brad Topol  10 Fix Released
1131443 #1131443 domain_id_attributes in config.py have wrong default value 1 Undecided Brad Topol  10 Fix Released
1133041 #1133041 Keystone silently crashes on SSL misconfiguration 1 Undecided Brant Knudson  10 Fix Released
1133240 #1133240 Unpin pam dependency version 1 Undecided Mark McLoughlin  10 Fix Released
1135230 #1135230 V2 API reported at Beta 1 Undecided Adam Young  10 Fix Released
1152326 #1152326 __init__.py in tests directory breaks running individual tests 1 Undecided Adam Young  10 Fix Released
1154216 #1154216 LDAP project tests are insufficient 1 Undecided Brad Topol  10 Fix Released
1154277 #1154277 _ldap_livetest suite fails in its current state 1 Undecided Adam Young  10 Fix Released
1155234 #1155234 emulated ldap enabled improperly handles updates 1 Undecided Adam Young  10 Fix Released
1157727 #1157727 ldap backend fails to work with enabled attributes on domains and groups 1 Undecided Dolph Mathews  10 Fix Released
This milestone contains Public information
Everyone can see this information.