"Fossies" - the Fresh Open Source Software Archive

Member "keystone-16.0.2/ChangeLog" (7 Jun 2021, 360572 Bytes) of package /linux/misc/openstack/keystone-16.0.2.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 16.0.1_vs_16.0.2.

    1 CHANGES
    2 =======
    3 
    4 16.0.2
    5 ------
    6 
    7 * Hide AccountLocked exception from end users
    8 * Retry update\_user when sqlalchemy raises StaleDataErrors
    9 * Support bytes type in generate\_public\_ID()
   10 * Use app cred user ID in policy enforcement
   11 * Drop lower-constraints job
   12 * Properly handle octet (byte) strings when converting LDAP responses
   13 * Implement more robust connection handling for asynchronous LDAP calls
   14 * Delete system role assignments from system\_assignment table
   15 * Make opensuse jobs nonvoting
   16 * Fix lower-constraint for PyMySQL
   17 * fix link in release note of bug/1794527
   18 * Change time faking for totp test
   19 * Stop explicitly requiring pycodestyle
   20 * Revert "Temporarily disable k2k tests on train and stein"
   21 
   22 16.0.1
   23 ------
   24 
   25 * Temporarily disable k2k tests on train and stein
   26 * Fix security issues with EC2 credentials
   27 * Ensure OAuth1 authorized roles are respected
   28 * Check timestamp of signed EC2 token request
   29 * Refactor some ldap code to implement TODOs
   30 * Tell reno to ignore the kilo branch
   31 * Constraint dependencies for docs build
   32 * Add voting k2k tests
   33 * Always have username in CADF initiator
   34 * Fix role\_assignments role.id filter
   35 * Ensure bootstrap handles multiple roles with the same name
   36 * Fix token auth error if federated\_groups\_id is empty list
   37 * Fix credential list for project members
   38 * Fix line-length PEP8 errors for c7fae97
   39 * Switch to opensuse-15 nodeset
   40 * Import LDAP job into project
   41 
   42 16.0.0
   43 ------
   44 
   45 * Add schema placeholders for Train
   46 * Remove legacy protection tests
   47 * Remove policy.v3cloudsample.json
   48 * Update TOX/UPPER\_CONSTRAINTS\_FILE for stable/train
   49 * Update .gitreview for stable/train
   50 
   51 16.0.0.0rc1
   52 -----------
   53 
   54 * Remove limit policies from policy.v3cloudsample.json
   55 * Add tests for project users interacting with limits
   56 * Allow domain users to access the limit API
   57 * Use immutable roles in tests
   58 * Add missing ws between words in log messages
   59 * Allow system/domain scope for assignment tree list
   60 * Make policy deprecation reasons less verbose
   61 * Readjust job timeouts
   62 * Implement scope type checking for Project Endpoints
   63 * Federation mapping debug should show direct\_maps values
   64 * Consolidate policy deprecation warnings
   65 * Add default roles and scope checking to project tags
   66 * DRY up credential policies
   67 * Move remaining protection tests
   68 * Fix test case in policy associations
   69 * Fix PostgreSQL specifc issue with credentials encoding
   70 * Fix validation of role assignment subtree list
   71 * Specify keystone is OS user for fernet and credential setup
   72 * Add remote\_id definition in \_perform\_auth
   73 * Use correct repo for initial version check
   74 * Split protection unit tests into its own job
   75 * Remove system EC2 credentials from policy.v3cloudsample.json
   76 * Remove system Domain Config from policy.v3cloudsample.json
   77 * Update API version for access rules
   78 * Add access rules to token validation
   79 * Expose access rules as its own API
   80 * Remove obsolete grant policies from policy.v3cloudsample.json
   81 * Alphabetize removed policies in tests
   82 * Implement system admin for OAUTH1 consumers
   83 * Implement system scope for domain role management
   84 * Make system tokens work with domain-specific drivers
   85 * Implement scope type checking for EC2 credentials
   86 * Increase tox job timeouts to 90 minutes
   87 * Add immutable roles status check
   88 * Remove implied roles policies from v3cloudsample
   89 * Implement system admin for implied roles
   90 * Implement domain admin support for grants
   91 * Implement domain reader support for grants
   92 * Add Project User coverage for domain config API
   93 * Add Domain User for security compliance domain config API
   94 * Implement system admin for domain config API
   95 * Implement system reader & member for domain config API
   96 * Fix timeout Zuul changes
   97 * Generate PDF documentation
   98 * Add --immutable-roles flag to bootstrap command
   99 * Add immutable option for roles and projects
  100 * Bump timeout for lower-constraints job
  101 * Implement resource options for roles and projects
  102 * Implement system reader for OAUTH1 consumers
  103 * Implement system reader for implied roles
  104 * Remove system policy and its association from policy.v3cloudsample.json
  105 * Override tox job timeouts
  106 * Fix federation CI
  107 * Fix oauthlib update errors
  108 * Use raw formatting for mapping\_engine help text
  109 * Add tests for project users for policy association
  110 * Add tests for domain users for policy association
  111 * Implement system admin for policy association
  112 * Implement system reader & member for policy association
  113 * Add tests for project users interacting with policies
  114 * Add notifications for deleting app creds by user
  115 * Add tests for domain users interacting with policies
  116 * Clean up UserGroups target enforcement callback
  117 * Fix relative links
  118 * Add tests for project users interacting with endpoint\_groups
  119 * Add tests for domain users interacting with endpoint\_groups
  120 * Implement system\_admin for endpoint\_groups
  121 * Implement system reader and member for endpoint\_groups
  122 * Add retry for DBDeadlock in credential delete
  123 * Fix translated response
  124 * Implement system admin for trusts API
  125 * Add tests for domain users for trusts
  126 * Add tests for system member for trusts
  127 * Implement system reader role for trusts API
  128 * Move get\_role\_for\_trust enforcement to policies
  129 * Move list\_roles\_for\_trust enforcement to policies
  130 * Move get\_trust enforcement to default policies
  131 * Move delete\_trust enforcement to default policies
  132 * Move list\_trusts enforcement to default policies
  133 * Add protection tests for trusts API
  134 * Update broken link
  135 * Update cli docs
  136 * Implement system admin for policies
  137 * Implement system reader and member for policies
  138 * Add support for previous TOTP windows
  139 * Honor group\_members\_are\_ids for user\_enabled\_emulation
  140 * Update api-ref for revocation list OS-PKI
  141 * Docs: Make robust with using real links
  142 * Clean up irrelevant comment
  143 * Fix list\_mappings deprecation warning message
  144 * Allows to use application credentials through group membership
  145 * Fix missing print format and missing ws between words
  146 * Suppress policy deprecation warnings in unit tests
  147 * Add API changes for app cred access rules
  148 * Add manager support for app cred access rules
  149 * Add user\_id, external\_id to access rules table
  150 * Fix websso auth loop
  151 * Deprecate keystone.conf.memcache socket\_timeout
  152 * Fix typo: RBACKEnforcer -> RBACEnforcer
  153 * Run 'tempest-ipv6-only' job in gate
  154 * Followup for remove signing[config]
  155 * Remove broken api-ref link
  156 * doc: Fix broken links
  157 * Fix python3 compatibility on LDAP search DN from id
  158 * Deprecate identity:revocation\_list policy for removal
  159 * Remove [signing] config
  160 * Update api-ref location
  161 * implement system scope for application credential
  162 * Fixing dn\_to\_id function for cases were id is not in the DN
  163 * Add new attribute to the federation protocol API
  164 * Allow to filter endpoint groups by name
  165 * update documentation for X.509 tokenless auth
  166 * Deprecate [federation] federated\_domain\_name
  167 * Allow JsonBlob to accommodate SQL NULL result sets
  168 * Add exercises for intern applicants
  169 * Fix keystone document
  170 * nit: remove some useless code
  171 * Drop limit columns
  172 * token: consistently decode binary types
  173 * Incorrect behavior of validate\_password method
  174 * Update test cases for os-pki revoke API
  175 * Blacklist sphinx 2.1.0 (autodoc bug)
  176 * Bump openstackdocstheme to 1.20.0
  177 * Remove redundant parameter passed to assertTrue
  178 * Add Python 3 Train unit tests
  179 * Switch order of precedence for unit test deps
  180 * Don't call .c from select() objects
  181 * Update misleading comment about fernet credential encryption
  182 * Fix E731 flake8
  183 * [api-ref] Fix nocatalog description for unscoped token
  184 * Drop use opendev.org for tox deps
  185 * Fix contributor doc of keystone
  186 * Add link to describe Principle of Least Privilege
  187 * Update the meaning of low-hanging-fruit
  188 * Implement system scope and default roles for token API
  189 * Update unified limit documentation
  190 * Add cadf auditing to credentials
  191 * Remove deprecated admin\_endpoint
  192 * Revert "Exclude constants from autodoc"
  193 * Revert "Ignore boilerplate constants in autodoc"
  194 * Ignore boilerplate constants in autodoc
  195 * Exclude constants from autodoc
  196 * Report correct domain in federated user token
  197 * Add flake8 ignore list to fast8 script
  198 * Add application\_credential as a CADF type
  199 * add raw format link to keystone config sample
  200 * Update mission statement and vision reflection
  201 * Add note about application credential ownership
  202 * Revert "Add JSON driver for access rules config"
  203 * Revert "Add manager for access rules config"
  204 * Revert "Add a permissive mode for access rules config"
  205 * Revert "Add manager support for app cred access rules"
  206 * Revert "Add API for /v3/access\_rules\_config"
  207 * Don't throw valueerror on bootstrap
  208 * Remove [token]/ infer\_roles
  209 * Pep8 environment to run on delta code only
  210 * Add clarification for context in install guides
  211 * Adds caching of credentials
  212 * Cap sphinx for py2 to match global requirements
  213 * Revert "Blacklist bandit 1.6.0"
  214 * Fix documentation typo
  215 * Blacklist bandit 1.6.0
  216 * Update Python 3 test runtimes for Train
  217 * [docs] remove deprecated ubuntu package from installation
  218 * Fix for werkzeug > 0.15
  219 * Replace git.openstack.org URLs with opendev.org URLs
  220 * OpenDev Migration Patch
  221 * Pass kwargs to exception to get better format of error message
  222 * Replace support matrix ext with common library
  223 * Uncap jsonschema
  224 * Fix unscoped federated token formatter
  225 * Use openstackdocstheme according to guide
  226 * Make fetching all foreign keys in a join
  227 * Support endpoint updates in bootstrap
  228 * Add missing ws separator between words
  229 * Move redelegation fields out of extras
  230 * Replace dict.iteritems() with dict.items() in keystone
  231 * Add release note for service token documentation
  232 * Fix werkzeug imports for version 0.15.x
  233 * Allow an explicit\_domain\_id parameter when creating a domain
  234 * Update the min version of tox
  235 * Convert user\_id back to string
  236 * Add API for /v3/access\_rules\_config
  237 * Ignore Stein-specific release notes
  238 * Be more verbose in logging role grant on bootstrap
  239 * Replace UUID with id\_generator for Federated users
  240 * DRY: Remove redundant policies from policy.v3cloudsample.json
  241 * Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD
  242 * Remove redundant policies from v3cloudsample
  243 * Add domain scope support for group policies
  244 * Update broken links to dogpile.cache docs
  245 * Add keystone's technical vision reflection
  246 * Add release prelude about changing policies
  247 * Consolidate user protection tests
  248 * Replace URL name to the correct one in Keystone Docs
  249 * Delete shadow users when domain is deleted
  250 * Make system admin policies consistent for grants
  251 * Remove assignment policies from policy.v3cloudsample.json
  252 * Add role assignment testing for project users
  253 * Replace openstack.org git:// URLs with https://
  254 * Implement system reader functionality for grants
  255 * Remove external-dev and consolidate to contributor
  256 * Remove system assignment policies from policy.v3cloudsample.json
  257 * Test domain and project users against group system assignment API
  258 * Add role assignment test coverage for domain admins
  259 * Add role assignment test coverage for domain members
  260 * Implement domain reader for role\_assignments
  261 * Add explicit testing for project users and the user API
  262 * Update group system grant policies for admins
  263 * Update system group assignment policies for reader and member
  264 * Fix typo in docs section header
  265 * Update master for stable/stein
  266 * Test project users against system assignment API
  267 * Test domain users against system assignment API
  268 * Update system grant policies for system admin
  269 * Update system grant policies for system member
  270 * Update system grant policies for system reader
  271 
  272 15.0.0.0rc1
  273 -----------
  274 
  275 * trivial: correct spelling in test names
  276 * Remove project policies from policy.v3cloudsample.json
  277 * Implement domain admin functionality for projects
  278 * Implement domain member functionality for projects
  279 * Only validate tokens once per request
  280 * Pin Werkzeug in lower-constraints
  281 * Implement domain admin functionality for user API
  282 * Implement domain member functionality for user API
  283 * Implement domain reader functionality for user API
  284 * Add documentation for service tokens
  285 * Added keystone identity provider installation to Devstack plugin
  286 * PY3: Ensure LDAP searches use unicode attributes
  287 * Use ForbiddenAction for invalid action instead of Forbidden
  288 * Add schema placeholders for Stein
  289 * Implement domain reader functionality for projects
  290 * Small refactor for create nonlocal user
  291 * Mention allow\_expired\_window in fernet FAQ
  292 * Fix the incorrect release name of project guide
  293 * trivial: fix broken link in trust API reference
  294 * Migrate keystone-dsvm-grenade-multinode job to Ubuntu Bionic
  295 * Remove publish-loci post job
  296 * Add hint for order of keys during distribution
  297 * Add service developer documentation for scopes
  298 * Make system members the same as system readers for credentials
  299 * Drop py35 jobs
  300 * Remove service policies from policy.v3cloudsample.json
  301 * Switch federation check jobs to opensuse
  302 * Add manager support for app cred access rules
  303 * Add driver support for app cred access rules
  304 * Add SQL migrations for app cred access rules
  305 * Add a permissive mode for access rules config
  306 * Add manager for access rules config
  307 * Add JSON driver for access rules config
  308 * Remove protocol policies from v3cloudsample.json
  309 * Add tests for project users interacting with services
  310 * Remove role policies from policy.v3cloudsample.json
  311 * Add tests for project users interacting with roles
  312 * Add tests for domain users interacting with roles
  313 * Remove endpoint policies from policy.v3cloudsample.json
  314 * Remove domain policies from policy.v3cloudsample.json
  315 * Add role assignment test coverage for system admin
  316 * Add role assignment test coverage for system members
  317 * Reorganize role assignment tests for system users
  318 * Implement system reader for role\_assignments
  319 * Remove idp policies from policy.v3cloudsample.json
  320 * Add py37 tox env
  321 * Add tests for domain users interacting with services
  322 * Update service policies for system admin
  323 * Add shibboleth config to log output
  324 * Update introduction of external services doc
  325 * Address follow-up comments in contributor guide for specs
  326 * [api-ref] add domain level limit support
  327 * Release note for domain level limit
  328 * Update project depth check
  329 * Add domain level support for strict-two-level-model
  330 * Add domain level limit support - API
  331 * Add domain level limit support - Manager
  332 * Remove mapping policies from policy.v3cloudsample.json
  333 * Add tests for project users interacting with mappings
  334 * Deprecate cache\_on\_issue configuration option
  335 * Add JWS token provider documentation
  336 * Add OpenSUSE support in devstack federation plugin
  337 * Add experimental job for OpenSUSE
  338 * Fix mock for v2 test
  339 * Add documentation for writing specifications
  340 * Remove unused sample token fixtures
  341 * Fix bindep for SUSE
  342 * add python 3.7 unit test job
  343 * Correcting tests with project\_id
  344 * Add domain\_id column for limit
  345 * [SQLite] Ensure change is addressed for limit table
  346 * Remove region policies from policy.v3cloudsample.json
  347 * Add tests for project users interacting with regions
  348 * Add tests for domain users interacting with regions
  349 * Update region policies to use system admin
  350 * Add region tests for system member role
  351 * Implement system admin role in groups API
  352 * populate request context with X.509 tokenless cred information
  353 * Fix wrong example for direct\_maps
  354 * Fixes incorrect params
  355 * Implement JWS token provider
  356 * Seperated CADF notifications tests for request\_id
  357 * Added request\_id and global\_request\_id to basic notifications
  358 * Converting the API tests to use flask's test\_client
  359 * Implement system admin role in users API
  360 * Implement system member role user test coverage
  361 * Implement system reader role for users
  362 * Replace 'tenant\_id' with 'project\_id'
  363 * Add PyJWT as a requirement
  364 * Add test fixture for the JWS key repository
  365 * Add keystone-manage create\_jws\_keypair functionality
  366 * Add configuration options for JWS provider
  367 * Test case for bad type user in assertion
  368 * Adjust Indents to meet PEP8 E117
  369 * Handle special cases with msgpack and python3
  370 * Add experimental job for CentOS
  371 * Add CentOS support in devstack federation plugin
  372 * Remove service provider policies from v3cloudsample.json
  373 * Add documentation for Auth Receipts and MFA
  374 * bump Keystone version for Stein
  375 * Allow project users to retrieve domains
  376 * Fix wrong urls
  377 * Optimize fernet token and receipts in cli.py
  378 * PY3: switch to using unicode text values
  379 * Expose receipt\_setup and receipt\_rotate command
  380 * Clean up the create\_arguments\_apply methods
  381 * Allow domain users to access the GET domain API
  382 * Update doc for token\_setup and token\_rotate
  383 * Fix nits
  384 * Fix app\_cred schema spell nit
  385 * Update limit policies for system admin
  386 * Do not use self in classmethod
  387 * Add tests for project users interacting with endpoints
  388 * Add tests for domain users interacting with endpoints
  389 * Update endpoint  policies for system admin
  390 * Add endpoint tests for system member role
  391 * Update endpoint policies for system reader
  392 * Add tests for domain users interacting with mappings
  393 * Update mapping policies for system admin
  394 * Add mapping tests for system member role
  395 * Update mapping policies for system reader
  396 * Add tests for project users interacting with idps
  397 * Add tests for domain users interacting with idps
  398 * Update idp policies for system admin
  399 * Add idp tests for system member role
  400 * Update idp policies for system reader
  401 * Add region protection tests for system readers
  402 * Update role policies for system admin
  403 * Reuse common system role definitions for roles API
  404 * Add tests for project users interacting with protocols
  405 * Add tests for domain users interacting with protocols
  406 * Implement system admin role in protocol API
  407 * Add protocol tests for system member role
  408 * Update protocol policies for system reader
  409 * Add limit tests for system member role
  410 * Add limit protection tests
  411 * Remove registered limit policies from policy.v3cloudsample.json
  412 * Add tests for project users interacting with registered limits
  413 * Allow domain users to access the registered limits API
  414 * Remove duplicated TOC in configuration guide
  415 * Implement system admin role in project API
  416 * Implement system member role project test coverage
  417 * Implement system reader role for projects
  418 * Enhance the openidc guide
  419 * Enhance the mellon guide
  420 * Enhance the shibboleth guide
  421 * Consolidate WebSSO guide into SP instructions
  422 * Add section on configuring protected auth paths
  423 * Reorganize guide on configuring a keystone SP
  424 * Clean up keystone-to-keystone section
  425 * Enhance authn sections in federation guide
  426 * correct the description on domain re-enable
  427 * Add tests for project users interacting with sps
  428 * Add tests for domain users interacting with sps
  429 * Update service provider  policies for system admin
  430 * Add prerequisites section to keystone-to-keystone
  431 * Invalidate shadow\_federated\_user cache when deleting protocol
  432 * Remove duplicate RBAC logging from enforcer
  433 * Update federation SP prerequisites section
  434 * Use samltest.id as an example sandbox IdP
  435 * Fix nits in code blocks in federation guide
  436 * Bring SP/IdP URLs closer to style guide guidance
  437 * Restructure federation guide
  438 * Update doc with samltest.id
  439 * Clarify location for HTTPD instructions
  440 * Use common system role definitions for registered limits
  441 * Implement system member test coverage for groups
  442 * Implement system reader role for groups
  443 * Add service provider tests for system member role
  444 * Update service provider policies for system reader
  445 * Add service tests for system member role
  446 * Update service policies for system reader
  447 * Use renamed template 'integrated-gate-py3'
  448 * Add scope checks to common system role definitions
  449 * Remove i18n.enable\_lazy() translation
  450 * Reorganize admin guide
  451 * Consolidate service catalog docs
  452 * Add irrelevant-files for grenade-py3 jobs
  453 * Delete outdated keystonemiddleware doc
  454 * Remove example usage from admin guide
  455 * Split trusts docs between admin and user guide
  456 * Move identity sources doc to admin guide
  457 * Remove message about circular role inferences
  458 * Remove Certificates for PKI guide
  459 * Add introduction section to federation docs
  460 * Fix links to external-authentication
  461 * Move list limit docs to admin guide
  462 * Rename admin guide pages
  463 * Consolidate tokenless X.509 docs
  464 * Update registered limit policies for system admin
  465 * Consolidate Keystone docs: admin/identity-external-authentication.rst
  466 * Implement system admin role in domains API
  467 * Implement system member role domain test coverage
  468 * Implement system reader role in domains API
  469 * Bump oslo.policy and oslo.context versions
  470 * Move supported clients section to user guide
  471 * Use request\_body\_json function
  472 * Move SSL recommendation to installation guide
  473 * Move "Public ID Generators" to relevant docs
  474 * Consolidate Keystone docs: federated-identity.rst
  475 * Add role tests for system member role
  476 * Consolidate catalog management guide
  477 * Update role policies for system reader
  478 * Change openstack-dev to openstack-discuss
  479 * Add registered limit tests for system member role
  480 * Add registered limit protection tests
  481 * Keep federation jobs running on Xenial
  482 * Clarify docstrings for domain flask refactor
  483 * Move test utility to common location
  484 * Add missing translation import to common.auth.py
  485 * Move to password validation schema
  486 * Don't emit a notification for the root domain
  487 * Pass context objects to policy enforcement
  488 * Consolidate identity-domain-specific-config.rst
  489 * Consolidate auth-totp.rst
  490 * Consolidate event\_notifications.rst
  491 * Consolidate endpoint-policy.rst
  492 * Consolidate service-catalog.rst
  493 * Update contributor doc
  494 * Use pycodestyle in place of pep8
  495 * Update api-ref to include user options
  496 * Document user options
  497 * Add scope documentation for service developers
  498 * Remove deprecated secure\_proxy\_ssl\_header config
  499 * Refactor flask domain config resources
  500 * Add missing ws seperator between words
  501 * Add the missing packages when install keystone
  502 * add request\_id and global\_request\_id to cadf notifications
  503 * changed port in tools/sample\_data.sh
  504 * Move irrelevant-files to project definition
  505 * Add tempest-full-py3 job to zuul file
  506 * Remove the repetition words in  identity-fernet-token-faq.rst
  507 * Removing default\_assigment\_driver
  508 * Bump sqlalchemy minimum version to 1.1.0
  509 * Drop the compatibility password column
  510 * Remove "crypt\_strength" option
  511 * Correct HTTP OPTIONS method
  512 * Update api-ref for set registered limits
  513 * Remove deprecated "bind" in token
  514 * Update more info of vhost file
  515 * Refactor directory creation into a common place
  516 * Region update extra support
  517 * Change \_\_all\_\_ list to tuple
  518 * Remove redundant variables from context class
  519 * Refresh admin doc
  520 * Fixing nits
  521 * Add abstract method in trusts base.py
  522 * Switch devstack plugin to samltest.id
  523 * Clean up python3.5 usage in tox.ini
  524 * Add py36 tox environment
  525 * Remove unused lower constraints
  526 * Replace usage of get\_legacy\_facade() with get\_engine()
  527 * Fix uwsgi --http flag
  528 * Fix an issue with double fernet key rotation
  529 * Delete PKI middleware debugging section
  530 * Fix developer config dir flask aftermath
  531 * Documentation fix - Port number
  532 * Use port 5000, keystone-wsgi-public and --http-socket
  533 * Changed the port numbers
  534 * Implement auth receipts spec
  535 * changed port in argument '--bootstrap-admin-url'
  536 * Unregister "Exception" from flask handler
  537 * Add release note for unified limit APIs changing
  538 * Deprecate eventlet related configuration
  539 * Remove compatability shim
  540 * Remove check for disabled v3
  541 * Remove obsolete credential policies
  542 * Delete "Preparing your environment" section
  543 * Implement scope\_type checking for credentials
  544 * Fix spelling 'unnecessary'
  545 * Remove custom auth middleware documentation
  546 * Delete the external auth admin guide
  547 * Remove useless use of :orphan:
  548 * Change port and version on v3 endpoints example
  549 * Provide a Location on HTTP 300
  550 * Set Default and resource limit as defined schema
  551 * Emit CADF notifications on authentication for invalid users
  552 * Delete administrator federation guide
  553 * Update keystone-manage bootstrap port instructions
  554 * Fix api-ref v3.9 release identifier
  555 * Update third endpoint legacy port for Keystone v3 API
  556 * Remove unused logging module
  557 * Remove useless "clean" file
  558 * Trivial: Remove repeated if conditions
  559 * Updating doc of unified limit
  560 * Adding 'date' for trust\_flush
  561 * Add caching on trust role validation to improve performance
  562 * Allow registered limit's region\_id to be None
  563 * Add a test for idp and federated user cascade deleting
  564 * Fix example for getting system scoped token
  565 * Remaining cases of MappingEngineTester
  566 * Set min and max length for resource\_name
  567 * Implement scaffolding for upgrade checks
  568 * Fixing update unified limit api-ref
  569 * Remove deprecated token\_flush
  570 * Invalidate app cred AFTER deletion
  571 * Update API version to 3.11
  572 * Added test case update registered limit with region
  573 * Remove incorrect copyright notice
  574 * Remove paste-ini
  575 * Remove pre-flask legacy code
  576 * Make collection\_key and member\_key raise if unset
  577 * Increment versioning with pbr instruction
  578 * Loosen the assertion for logging scope type warnings
  579 * Expand implied roles in system-scoped tokens
  580 * Add test case for expanding implied roles in system tokens
  581 * Move loadapp to a generic place
  582 * Make policy file support in fixture optional
  583 * Use tempest-pg-full
  584 * Cleanup test\_wsgi
  585 * Flask comment/docstring cleanup
  586 * Move AuthContextMiddleware
  587 * Convert Normalizing filter to flask native Middleware
  588 * Internally defined middleware don't use stevedore
  589 * Make Request Logging a little better
  590 * Register exceptions with a Flask Error Handler
  591 * Cleanup keystone.server.flask.application
  592 * Replace JSON Body middleware with flask-native func
  593 * Convert S3 and EC2 auth to flask native dispatching
  594 * Remove skip for test\_locked\_out\_user\_sends\_notification
  595 * Convert projects API to Flask
  596 * Convert /v3/users to flask native dispatching
  597 * add unit tests for healthcheck
  598 * Replace openSUSE experimental check with newer version
  599 * Auth flask conversion cleanup
  600 * Convert auth to flask native dispatching
  601 * Update notification tests to work with o-m 9.0.0
  602 * Don't mock internal implementation details of oslo
  603 * Update log translation hacking check
  604 * Don't quote {posargs} in tox.ini
  605 * Enable foreign keys for unit test
  606 * Update doc string for transform\_to\_group\_ids
  607 * Follow Zuul job rename
  608 * Add release names to api-ref
  609 * Avoid using dict.get() in assertions
  610 * Clarify group-mapping example in docs
  611 * Purge soft-deleted trusts
  612 * LDAP attribute names non-case-sensitive
  613 * Organize project tag api-ref by route
  614 * Add build\_target arguement to enforcer
  615 * Properly replace flask view args in links
  616 * Adding test case for MappingEngineTester
  617 * Fix command to verify role removal in docs
  618 * Add python3 functional test job
  619 * Convert legacy functional jobs to Zuul-v3-native
  620 * Update auto-provisioning example to use reader
  621 * Enable Foreign keys for sql backend unit test
  622 * Add releasenote for bug fix 1789450
  623 * Comment out un-runnable tests
  624 * Mapped Groups don't exist breaks WebSSO
  625 * Add hint back
  626 * Implement Trust Flush via keystone-manage
  627 * Properly normalize domain ids in flask
  628 * Use templates for cover and lower-constraints
  629 * Make OSA rolling upgrade test experimental
  630 * Rename v3-only functional zuul job
  631 * Remove unused revoke\_by\_user\_and\_project
  632 * Address issues with flask conversion of os-federation
  633 * Convert domains api to flask
  634 * Move use of constraints out of install\_cmd
  635 * Ensure view args is in policy dict
  636 * Rename py35 v3 only check
  637 * Convert OS-INHERIT API to flask native dispatching
  638 * Fix a translation of log
  639 * Convert groups API to flask native dispatching
  640 * Fix RBACEnforcer get\_member\_from\_driver mechanism
  641 * Refactor ProviderAPIs object to better design pattern
  642 * Convert OS-FEDERATION to flask native dispatching
  643 * Update the documentation bug tag
  644 * api-ref: Remove broken link
  645 * Added support for a \`\`description\`\` attribute for Identity Roles
  646 * Update the minimimum required version of oslo.log
  647 * Incorrect use of translation \_()
  648 * Update RDO install guide for v3
  649 * Remove member\_role\_id/name
  650 * Convert policy API to flask
  651 * Fix db model inconsistency for FederatedUser
  652 * add python 3.6 unit test job
  653 * switch documentation job to new PTI
  654 * import zuul job settings from project-config
  655 * Use items() instead of iteritems()
  656 * Add details and clarify examples on casing
  657 * Address nits
  658 * Re-Add scope.system to filters
  659 * Add placeholder migrations for Rocky
  660 * Change unique\_last\_password\_count default to 0
  661 * Trivial: Remove app\_conf kwarg from testing setup
  662 * Trivial: Add missing space in exception
  663 * Move json\_home "extension" rel functions
  664 * Convert system (role) api to flask native dispatching
  665 * Do not log token string
  666 * Convert role\_assignments API to flask native dispatching
  667 * Add safety to the inferred target extraction during enforcement
  668 * Use osc in k2k example
  669 * Fix a bug that issue token with project-scope gets error
  670 * Convert role\_inferences API to flask native dispatching
  671 * Convert Roles API to flask native dispatching
  672 * Convert endpoints api to flask native dispatching
  673 * Convert services api to flask native dispatching
  674 * Convert regions API to flask native dispatching
  675 * Remove unused util function
  676 * Redundant parameters in api-ref:domain-config
  677 * Add callback action back in
  678 * Set initiator id as user\_id for auth events
  679 * Update reno for stable/rocky
  680 * More accurate explanation in api-ref:application credentials
  681 * Imported Translations from Zanata
  682 
  683 14.0.0.0rc1
  684 -----------
  685 
  686 * Allow wrap\_member and wrap\_collection to specify target
  687 * Pass path into full\_url and base\_url
  688 * Allow for more robust config checking with keystone-manage
  689 * Remove redundant get\_project call
  690 * Convert OS-SIMPLE-CERT to flask dispatching
  691 * Migrate OS-EP-FILTER to flask native dispatching
  692 * Convert limits and registered limits to flask dispatching
  693 * Add a release note for bug 1785164
  694 * Error location of parameters in api-ref:project tags
  695 * Code optimization of create application credential
  696 * Do not allow create limits for domain
  697 * Update api-ref for unified limits
  698 * Fix json indentation of notification sample
  699 * Convert OS-AUTH1 paths to flask dispatching
  700 * Clean up token extra code
  701 * Expose a bug that issue token with project-scope gets error
  702 * Remove KeystoneToken object
  703 * Convert OS-REVOKE to flask dispatching
  704 * Address FIXMEs for listing revoked tokens
  705 * Move unenforced\_api decorator to module function
  706 * Remove direct calls to auth.controllers in some tests
  707 * Move validate\_issue\_token\_auth from controllers
  708 * Unified code style nullable description parameter
  709 * Remove get\_catalog from manage layer
  710 * Api-ref: Correct response code
  711 * Adding missing comma in docs
  712 * Expose random uuid bug in cadf notifications
  713 * Boostrap CLI tests no longer call auth controller
  714 * Implement "no-update" test for trusts
  715 * Move trusts to flask native dispatching
  716 * Address nits in strict-two-level implementation
  717 * Remove get\_catalog usage from contrib
  718 
  719 14.0.0.0b3
  720 ----------
  721 
  722 * Deprecate [token] infer\_roles=False
  723 * Reduce duplication in federated auth APIs
  724 * Fix RBACEnforcer Comment
  725 * Mirror self-link trust check from tempest
  726 * Trusts do not implement patch
  727 * Allow for 'extension' rel in json home
  728 * Add pycadf initiator for flask resource
  729 * Use oslo\_serialization.jsonutils
  730 * Correctly pull input data for enforcement
  731 * Delete project limits when deleting project
  732 * Add project hierarchical tree check when Keystone start
  733 * Update project depth check
  734 * Add include\_limits filter
  735 * Bump lower constraint for pysaml2 to 4.5.0
  736 * Allow class-level definition of API URL Prefix
  737 * Move Credentials API to Flask Native
  738 * Add project\_id filter for listing limit
  739 * Strict two level limit model
  740 * Switch to python-ldap
  741 * Add correct self-link
  742 * Properly remove content-type on HTTP 204
  743 * Increase test coverage of entity\_type id mapping query
  744 * Cleanup keystone.token.providers.common
  745 * Remove remnants of token bind
  746 * Simplify the token provider API
  747 * Add serialization for TokenModel object
  748 * Introduce new TokenModel object
  749 * Don't allow legacy and native flask to share paths
  750 * Remove uuid token size check from doctor
  751 * Do not use flask.g imported as g
  752 * Fix keystone.common.rbac\_enforcer.\_\_init\_\_.py exporting
  753 * Make keystone.server.flask more interesting for importing
  754 * Flesh out and add testing for flask\_RESTful scaffolding
  755 * Update pypi url to new url
  756 * Invalidate 'computed assignments' cache when creating a project
  757 * Filter project\_id for list limits
  758 * Expose endpoint to return enforcement model
  759 * Add docs for case-insensitivity in keystone
  760 * Clarifications to API & Scenario Tests
  761 * Remove enable config option of trust feature
  762 * Fix keystone-manage saml\_idp\_metadata under python3
  763 * Only upload SP metadata to testshib.org if IDP id is testshib
  764 * Ignore .eggs dir as well
  765 * Implement enforcement model logic in Manager
  766 * Add registered\_limit\_id column for limit
  767 * Add auto increase primary key for unified limit
  768 * Address minor comments from initial impl RBACEnforcer
  769 * Refactor \_handle\_shadow\_and\_local\_users
  770 * Refactor \_set\_domain\_id\_and\_mapping functions
  771 * Move keystone.server.common to keystone.server
  772 * Add support for enforce\_call to set value on flask.g
  773 * Refactor - remove extra for loop
  774 * Remove token bind capabilities
  775 * Address minor comments to 404 error detection
  776 * Exposing ambiguity bug when querying role assignments
  777 * pycrypto is not used by keystone
  778 * Add new "How Can I Help?" contributor guide
  779 * Added check to avoid keyerror "user['name']"
  780 * Implement base for new RBAC Enforcer
  781 * Refactor trust roles check
  782 * Make it easy to identify a 404 from Flask
  783 * Don't replace the whole app just the wsgi\_app backing
  784 * Add support for before and after request functions
  785 * Convert json\_home and version discovery to Flask
  786 * Keystone adheres to public\_endpoint opt only
  787 * Implement scaffolding for Flask-RESTful use
  788 * Add Flask-RESTful and update flask minimum(s)
  789 * Fix keystone-manage mapping\_purge with --type option
  790 * Override oauthlib docstrings that fail with Sphinx 1.7.5
  791 * Simple usage docs for implied roles
  792 * Fix duplicate role names in trusts bug
  793 * Expose duplicate role names bug in trusts
  794 * Remove unclear wording in parameters
  795 * Filter by entity\_type in get\_domain\_mapping\_list
  796 * Migrate all password hashes to the new location if needed
  797 * Add policy for limit model protection
  798 * Api-ref: Refresh the Update APIs for limits
  799 * Imported Translations from Zanata
  800 * Remove a useless function
  801 * Clarify complicated sentence in docs
  802 * Unified limit update APIs Refactor
  803 * Store JSON Home Resources off the composing router
  804 * Ensure default roles created during bootstrap
  805 * Add release notes link to README
  806 * Remove duplicated test
  807 * Expand on debug\_middleware option
  808 * Update response codes for authentication API reference
  809 * Clarify scope responses in authentication api ref
  810 * fix tox python3 overrides
  811 * Add Flaskification release-note
  812 * Remove pastedeploy
  813 * Flaskification cleanup
  814 * Remove the rest of v2.0 legacy
  815 * Add in ability to load DEBUG middleware
  816 * Revert "Rename fernet\_utils to token\_utils"
  817 * Convert Keystone to use Flask
  818 
  819 14.0.0.0b2
  820 ----------
  821 
  822 * Docs: Remove the TokenAuth middleware
  823 * Correct test\_v3\_oauth1.test\_deleting\_project\_also\_invalidates\_tokens
  824 * Correct test\_v3\_oauth1.test\_change\_user\_password\_also\_deletes\_tokens
  825 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_id
  826 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_name
  827 * Fix warnings in documentation
  828 * fix rally docs url
  829 * Decouple bootstrap from cli module
  830 * Handle empty token key files
  831 * Remove some unused functions
  832 * Update tests to work with WebOb 1.8.1
  833 * Consolidate oauth1.rst
  834 * Remove the TokenAuth middleware
  835 * Remove token driver configuration
  836 * Fix the test for unique IdP
  837 * Consolidate health-check-middleware.rst
  838 * Limit description support
  839 * The migration script to add description for limit
  840 * Update IdP sql model
  841 * Remove dead dependency injection code
  842 * Remove unused assertions from test\_v3.py
  843 * Remove dead code in token provider
  844 * Remove unused exception
  845 * Do not return all the limits for POST request
  846 * Add configuration option for enforcement models
  847 * Use the provider\_api module in limit controller
  848 * Fix the outdated URL
  849 * Remove policy service from architecture.rst
  850 * Invalidate the shadow user cache when deleting a user
  851 * Add conceptual overview of the service catalog
  852 * Trivial: Update pypi url to new url
  853 * Update the RDO installation guide to use port 5000
  854 * Update keystone functional tests
  855 
  856 14.0.0.0b1
  857 ----------
  858 
  859 * Remove the sample .conf file
  860 * Allow blocking users from self-service password change
  861 * Add prerequisite package note to Keystone install guide
  862 * Update auth\_uri option to www\_authenticate\_uri
  863 * Fix json schema nullable to add None to ENUM
  864 * Use consistent role schema in token response validation
  865 * Corrects spelling of MacOS
  866 * Fix 500 error when deleting domain
  867 * Allow cleaning up non-existant group assignments
  868 * Follow the new PTI for document build
  869 * Use the new pysaml2 constraints
  870 * Fix incompatible requirement in lower-constraints
  871 * Update install guides
  872 * Fix mispelling of accommodate in install docs
  873 * Fix list\_limit doesn't work correctly for domain
  874 * Expose a bug that list\_limit doesn't work correctly
  875 * Log warning when using token\_flush
  876 * Removal of deprecated direct driver loading
  877 * Make tags filter match subset rather than exact
  878 * Updated from global requirements
  879 * Update RDO install guide for v3
  880 * Remove admin interface in sample Apache file
  881 * add lower-constraints job
  882 * Fix integer -> method conversion for python3
  883 * Fix user email in federated shadow users
  884 * Remove references to v2.0 from external developer doc
  885 * Remove references to UUID from token documentation
  886 * Add logging for xmlsec1 installation
  887 * Updated from global requirements
  888 * Mark the implied role API as stable
  889 * Add note to keystone-manage bootstrap doc
  890 * Fix assert test error under py3.6
  891 * Fix api-ref for project tag create
  892 * Updated from global requirements
  893 * Fixing multi-region support in templated v3 catalog
  894 * Update links in README
  895 * Use different labels for user and project names
  896 * Imported Translations from Zanata
  897 * Add user documentation for JSON Home
  898 * Fix formatting of ImportError
  899 * Imported Translations from Zanata
  900 * Updated from global requirements
  901 * Imported Translations from Zanata
  902 * Remove @expression from tags
  903 * Work around deprecations for opportunistic tests
  904 * Api-ref: fix resource\_limit format
  905 * Correct typo in identity API reference
  906 * Imported Translations from Zanata
  907 * Consolidate identity-token-binding.rst
  908 * Consolidate identity-service-api-protection.rst
  909 * Add new setup commands for token keys
  910 * Consolidate endpoint-filtering.rst
  911 * Remove unnecessary config overrides from fernet tests
  912 * Make assertValidFernetKey assertion more robust
  913 * Update 3.10 versioning to limits and system scope
  914 * Remove v2.0 policies
  915 * Populate application credential data in token
  916 * Imported Translations from Zanata
  917 * Simplify federation and oauth token callbacks
  918 * Simplify token persistence callbacks
  919 * Refactor token cache invalidation callbacks
  920 * Remove needs\_persistence property from token providers
  921 * Imported Translations from Zanata
  922 * Use OSC in application credential documentation
  923 * Add docs for application credentials
  924 * Force SQLite to properly deal with foreign keys
  925 * Remove unused class variables from token provider
  926 * Imported Translations from Zanata
  927 * Grant admin a role on the system during bootstrap
  928 * Fix querying role\_assignment with system roles
  929 * Delete system role assignments when deleting groups
  930 * Expose bug in system assignment when deleting groups
  931 * Delete system role assignments when deleting users
  932 * Expose bug in system assignment when deleting users
  933 * Expose bug in /role\_assignments API with system-scope
  934 * Remove the sql token driver and uuid token provider
  935 * Imported Translations from Zanata
  936 * Update reno for stable/queens
  937 * Imported Translations from Zanata
  938 
  939 13.0.0.0rc1
  940 -----------
  941 
  942 * Add placeholder migrations for Queens
  943 * Delete SQL users before deleting domain
  944 * Reorganize api-ref: v3-ext federation mapping.inc
  945 * Update OBS install docs for v2 removal
  946 * Reorganize api-ref: v3-ext federation service-provider
  947 * Reorganize api-ref: v3-ext oauth.inc
  948 * Replace port 35357 with 5000 for ubuntu guide
  949 * Reorganize api-ref: v3 os-pki
  950 * Reorganize api-ref: v3-ext federation identity-provider
  951 * Reorganize api-ref: v3-ext trust.inc
  952 * Remove v2.0 from documentation guides
  953 * Remove v2.0 extension documentation
  954 * Update curl request documentation to remove v2.0
  955 * Remove v2 and v2-admin API documentation
  956 * Remove all v2.0 APIs except the ec2tokens API
  957 * Update sample configuration file for Queens
  958 * Imported Translations from Zanata
  959 * Finish refactoring self.\*\_api out of tests
  960 * Add cache invalidation when delete application credential
  961 * Expose a bug that application credential cache is not invalidated
  962 * Fix cache invalidation for application credential
  963 * Expose a bug that cache invalidation doesn't work for application credential
  964 * Update the base class for application credential
  965 * Fix list users by name
  966 * Refactor self.\*\_api out of tests
  967 * Use keystone.common.provider\_api for auth APIs
  968 * Fix the wrong description
  969 * Remove the redundant word
  970 * Validate identity providers during token validation
  971 * Update historical context about the removal of v2.0
  972 * Document flat limit enforcement model
  973 * add 'tags' in request body of projects
  974 * Increase MySQL max\_connections for unit tests
  975 * Add scope\_types for user policies
  976 * Use native Zuul v3 tox job
  977 * Update documentation to reflect system-scope
  978 * Add a release note for application credentials
  979 * Impose limits on application credentials
  980 * Enable application\_credential auth by default
  981 * Add api-ref for application credentials
  982 * Add application credential auth plugin
  983 * Add Application Credentials controller
  984 * Zuul: Remove project name
  985 * Refresh the admin\_token doc
  986 * Remove pki\_setup step in doc
  987 * Add documentation describing unified limits
  988 * Handle TZ change in iso8601 >=0.1.12
  989 * Remove PKI/PKIZ token in doc
  990 * Add api-ref for unified limits
  991 * Expose unified limit APIs
  992 * Implement policies for limits
  993 * Add limit provider
  994 * Improve limit sql backend
  995 * Replace Chinese punctuation with English punctuation
  996 
  997 13.0.0.0b3
  998 ----------
  999 
 1000 * Add release note for system-scope
 1001 * Implement GET /v3/auth/system
 1002 * Updated from global requirements
 1003 * Implement system-scoped tokens
 1004 * Document scope\_types for project policies
 1005 * Add scope\_types to trust policies
 1006 * Add scope\_types to grant policies
 1007 * Add scope\_types to role assignment policies
 1008 * Fix column rename migration for mariadb 10.2
 1009 * Remove foreign key for registered limit
 1010 * Introduce assertions for system-scoped token testing
 1011 * Implement system-scope in the token provider API
 1012 * Teach TokenFormatter how to handle system scope
 1013 * Remove the deprecated "giturl" option
 1014 * Relay system information in RoleAssignmentNotFound
 1015 * Rename application credential restriction column
 1016 * Update token doc
 1017 * Update keystone v2/tokenauth example
 1018 * Reorganize api-ref: v3-ext revoke.inc
 1019 * Reorganize api-ref: v3-ext ep-filter.inc
 1020 * Reorganize api-ref: v3-ext simple-cert.inc
 1021 * Reorganize api-ref: v3-ext federation projects-domains.inc
 1022 * Document scope\_types for credential policies
 1023 * Document scope\_types for ec2 policies
 1024 * Move token\_formatter to token
 1025 * Document fixes needed for token scope\_types
 1026 * Add scope\_types to service provider policies
 1027 * Add scope\_types to group policies
 1028 * Add scope\_types to domain config policies
 1029 * Add system column to app cred table
 1030 * Fix outdated links
 1031 * Add ability to list all system role assignments
 1032 * Add system role assignment documentation
 1033 * Add Application Credentials manager
 1034 * Handle TODO notes for using new\_user\_ref
 1035 * Updated from global requirements
 1036 * Add application credentials driver
 1037 * Make entries in policy\_mapping.rst consistent
 1038 * Add application credentials db migration
 1039 * Fix indentation in docs
 1040 * remove \_append\_null\_domain\_id decorator
 1041 * Fix wrong url in domains-config-v3.inc
 1042 * msgpack-python has been renamed to msgpack
 1043 * adjust response code order in 'regions-v3.inc'
 1044 * Fix wrong url in config-options.rst
 1045 * adjust response code order in 'authenticate-v3.inc'
 1046 * Reorganize api-ref: v3-ext endpoint-policy.inc
 1047 * Imported Translations from Zanata
 1048 * Extract expiration validation to utils
 1049 * Implement controller logic for system group assignments
 1050 * adjust response code order in ''policies.inc''
 1051 * adjust response code order in ''domains-config-v3.inc''
 1052 * put response code in table of ''domains.inc''
 1053 * adjust response code in order of credentials.inc
 1054 * fix wrong url link of User trusts
 1055 * Reorganize api-ref: v3-ext federation assertion.inc
 1056 * Implement controller logic for system user assignments
 1057 * Add schema check for authorize request token
 1058 * Remove whitespace from policy sample file
 1059 * Use keystone.common.provider\_api for trust APIs
 1060 * Add db operation for unified limit
 1061 * Add new tables for unified limits
 1062 * Fix federation unit test
 1063 * add response example and 'extra' info of create user
 1064 * Add scope\_types to domain policies
 1065 * Add scope\_types for policy policies
 1066 * Add scope\_types to oauth policies
 1067 * Add scope\_types to token revocation policies
 1068 * Add scope\_types to endpoint group policies
 1069 * Migrate jobs to zuulV3
 1070 * Add scope\_types to role policies
 1071 * Add scope\_types to implied role policies
 1072 * Add expired\_at\_int column to trusts
 1073 * Add scope\_types for revoke event policies
 1074 * Add scope\_types to protocol policies
 1075 * Add scope\_types to project endpoint policies
 1076 * Add scope\_types to policy association policies
 1077 * Add scope\_types to mapping policies
 1078 * Add scope\_types to identity provider policies
 1079 * Add scope\_types to service policies
 1080 * Handle InvalidScope exception from oslo.policy
 1081 * Use keystone.common.provider\_api directly in assignment
 1082 * Add scope\_types to region policies
 1083 * Add scope\_types to endpoint policies
 1084 * Expose a get\_enforcer method for oslo.policy scripts
 1085 * Reorganize api-ref: v3 project-tags
 1086 * Reorganize api-ref: v3 authenticate-v3
 1087 * Deprecate [trust]/enabled option
 1088 * Use keystone.common.provider\_api for resource APIs
 1089 * Re-organize api-ref: v3 inherit.inc
 1090 * Implement get\_unique\_role\_by\_name
 1091 * Reorganize api-ref: v3-ext federation projects-domains
 1092 * Reorganize api-ref: v3 regions-v3
 1093 * Reorganize api-ref: v3 policies
 1094 * Remove duplicated release note
 1095 * Reorganize api-ref: v3 credentials
 1096 * Reorganize api-ref: v3 domains-config-v3
 1097 * Reorganize api-ref: v3 service-catalog
 1098 * Reorganize api-ref: v3 projects
 1099 * Reorganize api-ref: v3 roles
 1100 * Use keystone.common.provider\_api for identity APIs
 1101 * Use keystone.common.provider\_api for revoke APIs
 1102 * Use keystone.common.provider\_api for policy APIs
 1103 * Use keystone.common.provider\_api for oauth APIs
 1104 * Use keystone.common.provider\_api for federation APIs
 1105 * Use keystone.common.provider\_api for endpoint\_policy APIs
 1106 * Use keystone.common.provider\_api for credential APIs
 1107 * Use keystone.common.provider\_api for catalog APIs
 1108 * Use keystone.common.provider\_api for token APIs
 1109 * modify LOG.error tip message
 1110 * Performance: improve get\_role
 1111 * Add group system grant policies
 1112 * Replace parse\_strtime with datetime.strptime
 1113 * Remove private methods for v2.0 and v3 tokens
 1114 * Ensure building scope is mutually exclusive
 1115 * Add user system grant policies
 1116 * Implement manager logic for group+system roles
 1117 * Implement manager logic for user+system roles
 1118 * Implement backend logic for system roles
 1119 * Add a new table for system role assignments
 1120 * Refactor project tags encoding
 1121 * Expose a bug when authorize request token
 1122 * Bump API version and date to 3.9
 1123 * Create doc/requirements.txt
 1124 * remove some misleading info in Update user API doc
 1125 * Updated from global requirements
 1126 * remove "admin\_token\_auth" related content"
 1127 * Remove rolling\_upgrade\_password\_hash\_compat
 1128 * Deprecate member\_role\_id and member\_role\_name
 1129 * Migrate functional tests to stestr
 1130 * Remove Dependency Injection
 1131 * Rename fernet\_utils to token\_utils
 1132 * Remove extra parameter for token auth
 1133 * Refresh sample\_data.sh
 1134 * Improve exception logging with 500 response
 1135 * Remove dead code for auth\_context
 1136 * Updated from global requirements
 1137 
 1138 13.0.0.0b2
 1139 ----------
 1140 
 1141 * Reorganize api-ref:v3 groups
 1142 * Handle deprecation of inspect.getargspec
 1143 * Enforce policy on oslo-context
 1144 * Correct error message for request token
 1145 * Refresh the Controller list
 1146 * Updated from global requirements
 1147 * Update keystone testing documentation
 1148 * Fix role schema in trust object
 1149 * Validate disabled domains and projects online
 1150 * Add New in Pike note to using db\_sync check
 1151 * Fix 500 error when create trust with invalid role key
 1152 * Expose a bug when create trust with roles
 1153 * Remove member role assignment
 1154 * Fix wrong links in keystone documentation
 1155 * Add schema check for OS-TRUST:trust authentication
 1156 * Expose a bug when authenticating for a trust-scoped token
 1157 * Update the help message for unique\_last\_password\_count
 1158 * Remove apache-httpd related link
 1159 * Populate user, project and domain names from token into context
 1160 * Remove setting of version/release from releasenotes
 1161 * Updated from global requirements
 1162 * Update cache doc
 1163 * Updated from global requirements
 1164 * Fix 500 error when authenticate with "mapped"
 1165 * Updated from global requirements
 1166 * Filter users/groups in ldap with whitespaces
 1167 * Deprecate policies API
 1168 * Change url in middleware test to v3
 1169 * Remove ensure\_default\_domain\_exists
 1170 * Ensure listing projects always returns tags
 1171 * Consolidate V2Controller functionality
 1172 * Remove v2 token value model
 1173 * Add non-voting rolling upgrade test
 1174 * Remove "no auth token" debug log
 1175 * Partially clarify federation auth plugins
 1176 * Handle ldap size limit exeeded exception
 1177 * policy.v3cloudsample.json: remove redundant blank space
 1178 * Remove expired password v2 test
 1179 * Remove v2 token test models
 1180 * Remove/update v2 catalog endpoint tests
 1181 * Remove unnecessary dependency injection
 1182 * Remove identity v2 to v3 test case
 1183 * Reorganize api-ref: v3 domains
 1184 * Correct parameter to follow convention
 1185 
 1186 13.0.0.0b1
 1187 ----------
 1188 
 1189 * Remove v2 schema and validation tests
 1190 * Implement project tags API controller and router
 1191 * Implement project tags logic into manager
 1192 * Implement backend logic for project tags
 1193 * Remove v2.0 assignment schema
 1194 * Add project tags api-ref documentation and reno
 1195 * Deleting an identity provider doesn't invalidate tokens
 1196 * Add policy for project tags
 1197 * Add JSON schema validation for project tags
 1198 * Fix initial mapping example
 1199 * Fix list in caching documentation
 1200 * Updated from global requirements
 1201 * Refactor test\_backend\_ldap tests
 1202 * Emit deprecation warning for federated domain/project APIs
 1203 * Reorganize api-ref: v3-ext federation auth
 1204 * Update the release name in install tutorial
 1205 * Reorganize api-ref: v3 users
 1206 * Add explain of mapping group attribute
 1207 * Remove v2.0 identity API documentation
 1208 * Add database migration for project tags
 1209 * Remove the v2\_deprecated decorator
 1210 * Remove the v3 to v2 resource test case
 1211 * Remove admin\_token\_auth steps from install guide
 1212 * Remove the v2.0 validate path from validate\_token
 1213 * Remove v2.0 test plumbing
 1214 * Remove v2.0 auth APIs
 1215 * Remove v2.0 token APIs
 1216 * Move auth header definitions into authorization
 1217 * Remove v2.0 identity APIs
 1218 * Use stestr directly instead of ostestr
 1219 * Remove middleware reference to PARAMS\_ENV and CONTEXT\_ENV
 1220 * Migrate to stestr
 1221 * Updated from global requirements
 1222 * Add default configuration files to data\_files
 1223 * Add unit tests to mapping\_purge
 1224 * Replace assertRegexpMatches with assertregex
 1225 * Update API reference link in README
 1226 * Refactor removal of duplicate projects/domains
 1227 * Update links in keystone
 1228 * Fix role assignment api-ref docs
 1229 * Update invalid url in admin docs
 1230 * Remove keystone-all doc
 1231 * Fix typos in bootstrap doc
 1232 * Properly normalize protocol in Fedrations update\_protocol
 1233 * Two different API achieve listing role assignments
 1234 * Add backport migrations for Pike
 1235 * Adds Bandit #nosec flag to instances of SHA1
 1236 * Policy exception
 1237 * Remove duplicate code
 1238 *   Fix a typo
 1239 * Increase multi region endpoints test coverage
 1240 * Replace DbMigrationError with DBMigrationError
 1241 * Confusing notes of ephemeral user's domain
 1242 * Confusing log messages in project hierarchy checking
 1243 * Remove vestigate HUDSON\_PUBLISH\_DOCS reference
 1244 * Add test GET for member url in the Assignment API
 1245 * Remove v2.0 resource APIs
 1246 * Remove v2.0 assignment APIs
 1247 * Remove v2.0 service and endpoint APIs
 1248 * Fix endpoint examples in api-ref
 1249 * Copy specific distro pages for install guide
 1250 * Imported Translations from Zanata
 1251 * Log format error
 1252 * Updated from global requirements
 1253 * Ignore release notes for pike and master
 1254 * Clarify documentation for release notes
 1255 * Revert "Fix wrong links"
 1256 * Remove missing release note from previous revert
 1257 * Include a link in release note for bug 1698900
 1258 * Delete redundant code
 1259 * Call methods with kwargs instead of positionals
 1260 * Remove duplicate roles from federated auth
 1261 * Add the step to create a domain
 1262 * Add int storage of datetime for password created/expires
 1263 * Resource backend is SQL only now
 1264 * Assert default project id is not domain
 1265 * Fix wrong links
 1266 * Imported Translations from Zanata
 1267 * Remove deprecation of domain\_config\_upload
 1268 * Update reno for stable/pike
 1269 
 1270 12.0.0.0rc1
 1271 -----------
 1272 
 1273 * Unset project ids for all identity backends
 1274 * Update docs: fernet is the default provider
 1275 * Add description for relationship links in api-ref
 1276 * Updated URLs in docs
 1277 * Cache list projects and domains for user
 1278 * Remove unused hints from assignment APIs
 1279 * Make an error state message more explicit
 1280 * Fill in content in CLI Documentation
 1281 * Except forbidden when clearing default project IDs
 1282 * Update URL in README.rst
 1283 * Document required \`type\` mapping attribute
 1284 * Imported Translations from Zanata
 1285 * Fix man page builds
 1286 * Fill in content in User Documentation
 1287 * Clarify SELinux note in LDAP documentation
 1288 * Remove duplicate sample files
 1289 * Remove policy for self-service password changes
 1290 * Add role\_domain\_id\_request\_body in parameters
 1291 * use the show-policy directive to show policy settings
 1292 * Move credential encryption docs to admin-guide
 1293 * Consolidate LDAP documentation into admin-guide
 1294 * Imported Translations from Zanata
 1295 * Add description of domain\_id in creating user/group
 1296 * Add cli/ directory for documentation
 1297 * Add user/ directory for documentation
 1298 * Add contributor/ directory for docs
 1299 * Removed unnecessary setUp() calls from unit tests
 1300 * Filter users and groups in ldap
 1301 * Move url safe naming docs to admin guide
 1302 * Fix ec2tokens validation in v2 after regression in metadata\_ref removal
 1303 * Add the step to install apache2 libapache2-mod-wsgi
 1304 * Handle auto-generated domains when creating IdPs
 1305 * Updated from global requirements
 1306 * Fix the documentation sample for OS-EP-FILTER
 1307 
 1308 12.0.0.0b3
 1309 ----------
 1310 
 1311 * Clarify documentation on whitelists and blacklists
 1312 * In the devstack plugin, restart keystone after modifying conf
 1313 * Fix typo in index documentation
 1314 * Move performance documentation to admin-guide
 1315 * Consolidate certificate docs to admin-guide
 1316 * Move auth plugin development doc to contrib guide
 1317 * Add missing comma to json sample
 1318 * Added new subsections to developer docs
 1319 * Fix wording of configuration help text
 1320 * Added index.rst in each sub-directory
 1321 * Optional request parameters should be not required
 1322 * Updated from global requirements
 1323 * Move development environment setup to contributor docs
 1324 * Add a hacking rule for string interpolation at logging
 1325 * Make the devstack plugin more configurable for federation
 1326 * Reorganised developer documentation
 1327 * Enable sphinx todo extension
 1328 * Remove duplicate configuration sections
 1329 * Expanded the best practices subsection in devdocs
 1330 * Added new docs to admin section
 1331 * Move bootstrapping documentation to admin-guide
 1332 * Updated from global requirements
 1333 * Add a release note for bug 1687593
 1334 * Reorganised api-ref index page
 1335 * remove default rule
 1336 * Merged the caching subsections in admin docs
 1337 * Move trust to DocumentedRuleDefault
 1338 * Improved the keystone federation image
 1339 * [install] Clarify the paths of the rc files
 1340 * fix identity:get\_identity\_providers typo
 1341 * fix assert\_admin
 1342 * Fixing flushing tokens workflow
 1343 * Replaced policy.json with policy.yaml
 1344 * Added configuration options using oslo.config
 1345 * Added configuration references to documentation
 1346 * Add history behind why keystone has two ports
 1347 * Move upgrade documentation to admin-guide
 1348 * Stop using deprecated 'message' attribute in Exception
 1349 * Move caching docs into admin-guide
 1350 * Gear documentation towards a wider audience
 1351 * Removed apache-httpd guide from docs
 1352 * Update security compliance documentation
 1353 * A simple fix about explicit unscoped string
 1354 * Remove duplicate token docs
 1355 * Update info about logging in admin guide
 1356 * Use log debug instead of warning
 1357 * Added a note for API curl examples
 1358 * Move import down to correct group
 1359 * Switch from oslosphinx to openstackdocstheme
 1360 * Clarify LDAP invalid credentials exception
 1361 * Ensure there isn't duplication in federated auth
 1362 * Remove keystone\_tempest\_plugin from setup.cfg
 1363 * Move implied role policies to DocumentedRuleDefault
 1364 * Remove duplicated list conversion
 1365 * Remove duplicated hacking rule
 1366 * Document and add release note for HEAD APIs
 1367 * Validate rolling upgrade is run in order
 1368 * Remove duplicate logging documentation
 1369 * Migrated docs from devdocs to user docs
 1370 * Updated from global requirements
 1371 * Remove note about kvs from admin-guide
 1372 * Move token flush documentation to admin-guide
 1373 * Remove the revocation api config section
 1374 * Rename Developer docs to Contributor docs
 1375 * Removed unnecessary line breaks from install-guides
 1376 * Added keystone installation guides
 1377 * Implement HEAD for assignment API
 1378 * Make federation documentation consistent
 1379 * Added keystone admin guides to documentation
 1380 * Add annotation about token authenticate
 1381 * Split test\_get\_head\_catalog\_no\_token
 1382 * Move related project information into main doc
 1383 * Move ec2 credential policies to DocumentedRuleDefault
 1384 * Return 400 when trying to create trust with ambiguous role name
 1385 * Reorganised keystone documentation structure
 1386 * Updated the keystone docs to follow the docs theme
 1387 * Fix PCI DSS docs on change\_password\_after\_first\_use
 1388 * Add HEAD API to auth
 1389 * Add HEAD APIs to federated API
 1390 * Ensure the trust API supports HEAD requests
 1391 * Ensure oauth API supports HEAD
 1392 * Ensure the endpoint policy API supports HEAD
 1393 * Improve handling of database migration checks
 1394 * Updated from global requirements
 1395 * Check log output rather than emitting in tests
 1396 * Ensure HEAD is supported with simple cert
 1397 * Ensure the ec2 API supports HEAD
 1398 * Ensure the endpoint filter API supports HEAD
 1399 * Move domain config to DocumentedRuleDefault
 1400 * Add HEAD API to domain config
 1401 * Updated from global requirements
 1402 * Move grant policies to DocumentedRuleDefault
 1403 * Move role policies to DocumentedRuleDefault
 1404 
 1405 12.0.0.0b2
 1406 ----------
 1407 
 1408 * Use DocumentedRuleDefault for token operations
 1409 * Remove the local tempest plugin
 1410 * Add response example in authenticate-v3.inc
 1411 * Addition of "type" optional attribute to list credentials
 1412 * Remove keystone.conf if not used
 1413 * Updated from global requirements
 1414 * Remove assertRaisesRegexp testing function
 1415 * Update DirectMappingError in keystone.exception
 1416 * Remove dependency requires if not used
 1417 * Add role test to test\_consume\_trust\_once in test\_v3\_auth.py
 1418 * Writing API & Scenario Tests docs
 1419 * Handle group NotFound in effective assignment list
 1420 * Updated from global requirements
 1421 * Update doctor warning about caching
 1422 * Basic overview of tempest and devstack plugins
 1423 * Updated from global requirements
 1424 * Updated from global requirements
 1425 * Don't need to contruct data if not need persistence
 1426 * Fix response body of getting role inference rule
 1427 * Quotation marks should be included in http url using curl
 1428 * Updated from global requirements
 1429 * Replace test.attr with decorators.attr
 1430 * Update test case for federation
 1431 * Support new hashing algorithms for securely storing password hashes
 1432 * Remove loading drivers outside of their expected namespaces
 1433 * Change LDAPServerConnectionError
 1434 * Error api about grant collections in policy\_mapping.rst
 1435 * Updated from global requirements
 1436 * Handle NotFound when listing role assignments for deleted users
 1437 * Update sample configuration file for Pike
 1438 * Change url scheme passed to oauth signature verifier
 1439 * Updated from global requirements
 1440 * Role name is unique within the owning domain
 1441 * Remove LDAP delete logic and associated tests
 1442 * Revert change 438035 is\_admin\_project default
 1443 * Trivial fix typo in doc
 1444 * Fix misnamed variable in config
 1445 * Change url passed to oauth signature verifier to request url
 1446 * Expose a bug in domain creation from idps
 1447 * Role name is unique within the owning domain
 1448 * Refactor is\_admin
 1449 * Update fail message to test\_database\_conflicts
 1450 * Fix keystone.tests.unit.test\_v3\_oauth1.MaliciousOAuth1Tests
 1451 * Test config option 'user\_enabled\_default' with string type value
 1452 * Stop using oslotest.mockpatch
 1453 * Remove X-Auth-Token from response parameters
 1454 * Fix test\_minimum\_password\_age\_and\_password\_expires\_days\_deactivated
 1455 * Refactor Authorization:
 1456 * Cleanup policy generation
 1457 * Fix test keystone.tests.unit.test\_token\_bind.BindTest
 1458 * Fix keystone.tests.unit.test\_backend\_ldap.LDAPIdentity
 1459 * Remove test\_metadata\_invalid\_contact\_type
 1460 * Update dead API spec links
 1461 * override config option notification\_opt\_out with list
 1462 * Add filter explain in api ref about parents\_as\_list and subtree\_as\_list
 1463 * use '&' instead of '?' to connect parameters in url
 1464 * Remove usage of enforce\_type
 1465 * Revise doc about python 3.4
 1466 * Update Devstack plugin for uwsgi and mod\_proxy\_uwsgi
 1467 * Add notes in inherit.inc
 1468 * Do not fetch group assignments without groups
 1469 * Readability enhancements to architecture doc
 1470 * Add response examples to OS-OAUTH1 api documentation
 1471 * Correct oauth create\_request\_token documentation
 1472 * Remove unused CONF
 1473 * Remove unused LOG
 1474 * Move policy generator config to config-generator/
 1475 * Include sample policy file in documentation
 1476 * Trivial Fix: fix typo in test comments
 1477 * Move user policies to DocumentedRuleDefault
 1478 * Explicitly set 'builders' option
 1479 * Make flushing tokens more robust
 1480 * Minor corrections in OS-OAUTH1 api documentation
 1481 * Fix-test-of-assertValidRole
 1482 * Small refactoring in tests development docs
 1483 * Move endpoint group to DocumentedRuleDefault
 1484 * Fix doc generation for python 3
 1485 
 1486 12.0.0.0b1
 1487 ----------
 1488 
 1489 * Updated from global requirements
 1490 * Imported Translations from Zanata
 1491 * Updated scope parameter description in v3 API-ref
 1492 * Add Apache License Content in index.rst
 1493 * Address comments from Policy in Code 5
 1494 * Remove unused revocation check in revoke\_models
 1495 * Updated from global requirements
 1496 * Remove unused code in test\_revoke
 1497 * Move group policies to DocumentedRuleDefault
 1498 * Move consumer to DocumentedRuleDefault
 1499 * Move access token to DocumentedRuleDefault
 1500 * Move mapping to DocumentedRuleDefault
 1501 * Move role assignment to DocumentedRuleDefault
 1502 * Move region policies to DocumentedRuleDefault
 1503 * Move project endpoint to DocumentedRuleDefault
 1504 * Remove unnecessary processing when deleting grant
 1505 * Add sem-ver flag so pbr generates correct version
 1506 * Move protocol to DocumentedRuleDefault
 1507 * Move credential policies to DocumentedRuleDefault
 1508 * Move policy association to DocumentedRuleDefault
 1509 * Move and refactor test\_revoke\_by\_audit\_chain\_id
 1510 * Move policy policies to DocumentedRuleDefault
 1511 * Move and refactor project\_and\_user\_and\_role
 1512 * Updated from global requirements
 1513 * Move and refactor test\_by\_domain\_domain
 1514 * Move and refactor test\_by\_domain\_project
 1515 * Move and refactor test\_by\_domain\_user
 1516 * Remove unused method \_sample\_data in test\_revoke
 1517 * Refactor test\_revoke to call check\_token directly
 1518 * Differentiate between dpkg and rpm for libssl-dev
 1519 * Move auth to DocumentedRuleDefault
 1520 * Move service policies to DocumentedRuleDefault
 1521 * Remove unnecessary setUp function in testcase
 1522 * Remove policy file from source and refactor tests
 1523 * Remove revocation API dependency from identity API
 1524 * Remove revocation API dependency from resource API
 1525 * Move project policies to DocumentedRuleDefault
 1526 * Replace wip with skip
 1527 * Removed domain conflict guard in load\_fixtures
 1528 * Updated from global requirements
 1529 * Remove create\_container\_group from tests
 1530 * Add charset to webob.Response
 1531 * Move identity provider to DocumentedRuleDefault
 1532 * Move endpoint policies to DocumentedRuleDefault
 1533 * Move domain policies to DocumentedRuleDefault
 1534 * Move service provider to DocumentedRuleDefault
 1535 * Add policy sample generation
 1536 * Removed the deprecated pki\_setup command
 1537 * Reduce fixture setup in test\_backend\_ldap
 1538 * Consolidate and cleanup test\_backend\_ldap setup
 1539 * Remove conflict guards in load\_fixtures
 1540 * Remove orphaned \_create\_context test helper
 1541 * Remove decorator for asserting validation errors
 1542 * Remove orphaned AuthTestMixin from test\_v3
 1543 * Move revoke events to DocumentedRuleDefault
 1544 * Doc db\_sync --expand incurring downtime in upgrades to Newton
 1545 * Fix some reST field lists in docstrings
 1546 * Remove log translations in keystone
 1547 * Move release note from /keystone/releasenotes to /releasenotes
 1548 * Small fixes for WebOb 1.7 compatibiltity
 1549 * Error messages are not translating with locale
 1550 * Add a note to db\_sync configuration section
 1551 * Remove unused revoke\_by\_domain\_role\_assignment
 1552 * Remove unused revoke\_by\_project\_role\_assignment
 1553 * Remove unnecessary revocation events revoke grant
 1554 * Remove unnecessary revocation events
 1555 * Remove unnecessary revocation events
 1556 * Policy in code (part 5)
 1557 * Policy in code (part 4)
 1558 * Set the correct in-code policy for ec2 operations
 1559 * Don't persist revocation events when deleting a role
 1560 * Policy in code (part 3)
 1561 * Policy in code (part 2)
 1562 * Policy in code
 1563 * Speed up check\_user\_in\_group for LDAP users
 1564 * Don't persist rev event when deleting access token
 1565 * Include the requested URL in authentication errors
 1566 * Remove extra duplicate 'be' in description
 1567 * Add group\_members\_are\_ids to whitelisted options
 1568 * Use HostAddressOpt for opts that accept IP and hostnames
 1569 * Remove x-subject-token in api-ref for v3/auth/catalog
 1570 * Add reno conventions to developer documentation
 1571 * Updated from global requirements
 1572 * Fix description for 204 response
 1573 * Updated from global requirements
 1574 * Remove keystone.common.ldap
 1575 * Fix the typo
 1576 * Add in-code comment to clarify pattern in tests
 1577 * Fix keystone.o.o URL
 1578 * Test for fernet rotation recovery after disk full
 1579 * API-ref return code fix
 1580 * Updated from global requirements
 1581 * Imported Translations from Zanata
 1582 * Fix api-ref building with sphinx 1.5
 1583 * Change is\_admin\_project to False by default
 1584 * Remove pbr warnerrors in favor of sphinx check
 1585 * Move driver loading inside of dict
 1586 * Minor cleanup from patch 429047
 1587 * Remove password\_expires\_ignore\_user\_ids
 1588 * Remove unused variable
 1589 * Revise conf param in releasenotes
 1590 * Modify examples to use v3 URLs
 1591 * Fix duplicate handling for user-specified IDs
 1592 * Removing group role assignments results in overly broad revocation events
 1593 * Typos in the LoadAuthPlugins note
 1594 * Remove domains \*-log-\* from compile\_catalog
 1595 * Add instruction to restart apache
 1596 * Exchange cURL examples for openstackclient
 1597 * Updated from global requirements
 1598 * Remove x-subject-token in api-ref for v3/auth/{projects,domains}
 1599 * Exclusively use restore\_padding method in unpacking fernet tokens
 1600 * Remove EndpointFilterCatalog
 1601 * Give a prospective removal date for all v2 APIs
 1602 * Fix some typo in releasenotes
 1603 * Correct and enhance OpenId Connect docs
 1604 * Imported Translations from Zanata
 1605 * Correct and enhance Mellon federation docs
 1606 * Clear the project ID from user information
 1607 * Fix MFA rule checks for LDAP auth
 1608 * Fix v2 role create schema validation
 1609 * Update reno for stable/ocata
 1610 * Fix the s3tokens endpoint
 1611 * Stop reading local config dirs for domain-specific file config driver
 1612 * Fix typo in config doc
 1613 * Updated from global requirements
 1614 * Fix example response formatting
 1615 * Rename protocol cascade delete migration file
 1616 * Remove logging import unused
 1617 * Address db\_sync check against new install
 1618 * Deprecate (and slate for removal) UUID tokens
 1619 * Remove the file encoding which is unnecessary
 1620 * Correct some typo errors
 1621 * Federated mapping doc improvements
 1622 * Include 'token' in the method list for federated scoped tokens
 1623 * Add --check to keystone-manage db\_sync command
 1624 * Deprecate (and emit message) AdminTokenAuthMiddleware
 1625 * Use ostestr instead of the custom pretty\_tox.sh
 1626 * Fix multiple uuid warnings with pycadf
 1627 * Add unit test for db\_sync run out of order
 1628 * Fixed warning when building keystone docs
 1629 * Ensure migration file names are unique to avoid caching errors
 1630 * use the correct bp link for shadow-mapping rel note
 1631 * Readability/Typo Fixes in Release Notes
 1632 * Remove unused api parameters
 1633 * Make use of Dict-base including extras explicit
 1634 * Add placeholder migrations for Ocata
 1635 * Update hacking version
 1636 * Use httplib constants for http status codes
 1637 * Renaming of api parameters
 1638 * Remove KVS code
 1639 
 1640 11.0.0
 1641 ------
 1642 
 1643 * Modify the spelling mistakes
 1644 * Stop reading local config dirs for domain-specific SQL config driver
 1645 * Prepare for using standard python tests
 1646 * update keystone.conf.sample for ocata-rc
 1647 * Add MFA Rules Release Note
 1648 * Remove de-dupe for MFA Rule parsing
 1649 * Add comment to clarify resource-options jsonschema
 1650 * Cleanup TODO, AuthContext and AuthInfo to auth.core
 1651 * Cleanup TODO about auth.controller code moved to core
 1652 * Add validation that token method isn't needed in MFARules
 1653 * Add validation for mfa rule validator (storage)
 1654 * Process and validate auth methods against MFA rules
 1655 * Update endpoint api for optional region\_id
 1656 * No need to enable infer\_roles setting
 1657 * Fix bad error message from FernetUtils
 1658 * Use https for docs.openstack.org references
 1659 * Update PCI documenation
 1660 * Auth Plugins pass data back via AuthHandlerResponse
 1661 * Auth Method Handlers now return a response object always
 1662 * Add MFA Rules and Enabled User options
 1663 * cleanup release notes from PCI options
 1664 * Create user option \`ignore\_lockout\_failure\_attempts\`
 1665 * Implement better validation for resource options
 1666 * Deprecate [security\_compliance]\password\_expires\_ignore\_user\_ids
 1667 * Fixes deprecations caused by latest oslo.context
 1668 * PCI-DSS Force users to change password upon first use
 1669 * clean up release notes for ocata
 1670 * Reuse already existing groups from upstream tempest config
 1671 * add additional deprecation warnings for KVS options
 1672 * Address follow-up comments from previous patchset
 1673 * Cleanup for resource-specific options
 1674 * Adds tests showing how mapping locals are handled
 1675 
 1676 11.0.0.0b3
 1677 ----------
 1678 
 1679 * Add 'options' as an explicit user schema validation
 1680 * Code-Defined Resource-specific Options
 1681 * Set the domain for federated users
 1682 * Refactor shadow users tests
 1683 * Add domain\_id to the user table
 1684 * Do not call \`to\_dict\` outside of a session context
 1685 * Remove code supporting moving resources between domains
 1686 * Change unit test class to a less generic name
 1687 * Remove dogpile.core dependencies
 1688 * Verbose breakup of method into seperate methods
 1689 * Fixed unraised exception in \_disallow\_write for LDAP
 1690 * Add password expiration queries for PCI-DSS
 1691 * Add missing parentheses
 1692 * Add queries for federated attributes in list\_users
 1693 * update entry points related to paste middleware
 1694 * Remove LDAP write support
 1695 * Remove releated role\_tree\_dn test
 1696 * Add warning about using \`external\` with federation
 1697 * Allow user to change own expired password
 1698 * Fix warnings generated by os-api-ref 1.2.0
 1699 * Improvements to external auth documentation page
 1700 * Test cross domain authentication via implied roles
 1701 * Updates to project mapping documentation
 1702 * Add documentation for auto-provisioning
 1703 * Implement federated auto-provisioning
 1704 * Fix typo in main docs page
 1705 * switch @hybrid\_property to @property
 1706 * Catch potential SyntaxError in federation mapping
 1707 * Fix typo in shibboleth federation docs
 1708 * Handling of 'region' parameter as None
 1709 * Corrected punctuation on multiple exceptions
 1710 * Exclude 'keystone\_tempest\_plugin' in doc build
 1711 * Force use of AuthContext object in .authentcate()
 1712 * Cascade delete federated\_user fk
 1713 * update sample config for ocata release
 1714 * Drop type in filters
 1715 * Add DB operations tracing
 1716 * fix broken links
 1717 * Changed 'Driver' reference to 'TokenDriverBase'
 1718 * Fix keystone-manage mapping\_engine tester
 1719 * Add anonymous bind to get\_connection method
 1720 * Set connection timeout for LDAP configuration
 1721 * Invalid parameter name on interface
 1722 * Bump API version and date
 1723 * listing revoke events should be admin only
 1724 * Adds projects mapping to the mapping engine
 1725 * Updated docstring for test\_sql\_upgrade.py
 1726 * Use public interfaces of pep8 for hacking
 1727 * [api-ref] Clean up OS-EP-FILTER association docs
 1728 * Remove comment from previous migration
 1729 * [api-ref] Clean up OS-EP-FILTER documentation
 1730 * Fixed not in toctree warnings when building docs
 1731 * Remove stevedore warning when building docs
 1732 * Update docs to require domain\_id when registering Identity Providers
 1733 * Retry on deadlock Transactions in backend
 1734 * Fix region\_id responses and requests to be consistent
 1735 * Remove endpoint\_id parameter from EP-FILTER docs
 1736 * [api] fix ep filter example
 1737 * Require domain\_id when registering Identity Providers
 1738 * Fix minor typo
 1739 * Remove references to Python 3.4
 1740 * Improve assertion in test
 1741 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1742 * Correct invalid rst in api docs
 1743 * Fixed 7 tests running twice in v3 identity
 1744 * Fix issues with keystone-dsvm-py35-functional-v3-only on py35
 1745 * Fix the usage of tempest.client.Manager class
 1746 * Correct timestamp format in token responses
 1747 * Remove unused exceptions from CADF notifications
 1748 * Minor improvement in test\_user\_id\_persistence
 1749 * Remove CONF.domain\_id\_immutable
 1750 * Fix test function name with two underscores to have only one
 1751 * Updated from global requirements
 1752 * Fix import ordering in tempest plugins
 1753 * [api] Inconsistency between v3 API and keystone token timestamps
 1754 * Federated authentication via ECP functional tests
 1755 * Removes unnecessary utf-8 encoding
 1756 * Handle disk write failure when doing Fernet key rotation
 1757 * Fix cloud\_admin rule and ensure only project tokens can be cloud admin
 1758 * Updated from global requirements
 1759 * Remove duplicate role assignment in federated setup
 1760 * Remove unused variables from federation tests
 1761 * Remove unused variables from unit test method
 1762 * Add reason to CADF notifications in docs
 1763 * [doc] point release note docs to project team guide
 1764 * [api] set \`is\_admin\_project\` on tokens for admin project
 1765 * Settings for test cases
 1766 * Add reason to notifications for PCI-DSS
 1767 * Fix typo in doc
 1768 * fix one typo
 1769 * Updated from global requirements
 1770 * Wrap invalidation region to context-local cache
 1771 * move common sql test helpers to base class
 1772 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1773 * replace assertTrue with assertIs
 1774 
 1775 11.0.0.0b2
 1776 ----------
 1777 
 1778 * Replace logging with oslo\_log
 1779 * expose v3policy failure with is\_admin\_token
 1780 * Add doctor checks for ldap symptoms
 1781 * Implement password requirements API
 1782 * Fix a typo in comment
 1783 * Add unit tests for doctor token\_fernet symptoms
 1784 * Remove impossible case from \_option\_dict method
 1785 * Make \_option\_dict() a method for domain\_config\_api
 1786 * Add unit tests for doctor tokens symptoms
 1787 * Add checks for doctor credential symptoms
 1788 * Make user to nonlocal\_user a 1:1 relationship
 1789 * Add id to conflict error if caused by duplicate id
 1790 * Refactors \_get\_names\_from\_role\_assignments
 1791 * Do not manually remove /etc/shibboleth folder
 1792 * API Documentation for user password expires
 1793 * Revert "API Documentation for user password expires"
 1794 * API Documentation for user password expires
 1795 * Clean up keystone doc landing page
 1796 * Add doctor tests on security\_compliance and rename
 1797 * Fix typo in api-ref doc
 1798 * Move V2TokenDataHelper to the v2.0 controller
 1799 * Remove exception from v2 validation path
 1800 * Make bootstrap idempotent when it needs to be
 1801 * Add unit tests for doctor's database symptoms
 1802 * Print name with duplicate error on user creation
 1803 * Expose idempotency issue with bootstrap
 1804 * Print domain name in mapping\_populate error message
 1805 * Correct missspellings of secret
 1806 * Trivial indentation corrections in mappings doc
 1807 * Add doctor check for debug mode enabled
 1808 * Fixed multiple warnings in tox -edocs
 1809 * Get assignments with names honors inheritance flag
 1810 * Updated from global requirements
 1811 * Add test to expose bug 1625230
 1812 * Invalidate token cache after token delete
 1813 * Revert "Rename doctor symptom in security\_compliance"
 1814 * Domain included for role in list\_role\_assignment
 1815 * api-ref update for roles assignments with names
 1816 * Rename doctor symptom in security\_compliance
 1817 * Corrects sample-data incorrect credential call
 1818 * Correct minor issues in test schema
 1819 * Add unit tests for doctor federation file
 1820 * Remove CONF.os\_inherit.enabled
 1821 * Add unit tests for doctor's caching symptoms
 1822 * Updated from global requirements
 1823 * Updated from global requirements
 1824 * More info in schema validation error
 1825 * Minor fix in role\_assignments api-ref
 1826 * Include mapped in the default auth methods
 1827 * Validate token issue input
 1828 * Removes unused exceptions
 1829 * Removes unused method from assignment core
 1830 * Removes unused default\_assignment\_driver method
 1831 * Removed unused EXTENSION\_TO\_ADD test declarations
 1832 * Use sha512.hash() instead of .encrypt()
 1833 * Don't invalidate all user tokens of roleless group
 1834 * Upload service provider metadata to testshib
 1835 * Updated from global requirements
 1836 * SAML federation docs refer to old WSGIScriptAlias
 1837 * cache\_on\_issue default to true
 1838 * Make try/except work for passlib 1.6 and 1.7
 1839 * Document token header in federation auth response
 1840 * Refactor Keystone admin-tokens and admin-users v2
 1841 * ignore deprecation warning for .encrypt()
 1842 * Send the identity.deleted.role\_assignment after the deletion
 1843 * Allow fetching an expired token
 1844 * Show team and repo badges on README
 1845 * Remove eventlet-related call to sleep
 1846 * Add a comment about not using assertTrue
 1847 * clean up developer docs
 1848 * Improvements in error messages
 1849 * Remove trailing "d" from -days param of OpenSSL command
 1850 * Swap the notification formats in the docs
 1851 * Normalizes use of ForbiddenAction in trusts
 1852 * Enable CADF notification format by default
 1853 * Remove unused statements in matches
 1854 * Fix doc example
 1855 * Remove extension and auth\_token middleware docs
 1856 * Move docs from key\_terms to architecture
 1857 * move content from configuringservices to configuration
 1858 * Update configuration.rst documentation
 1859 * Verbose 401/403 debug responses
 1860 * Fix the misspelling in \`keystone/tests/unit/test\_cli.py\`
 1861 * refactor notification test to work with either format
 1862 * Clarify the v2.0 validation path
 1863 * Remove metadata from token provider
 1864 * Lockout ignore user list
 1865 * Add developer docs for keystone-manage doctor
 1866 * [api] add changelog from 3.0 -> 3.7
 1867 * Devstack plugin to federate with testshib.org
 1868 * Remove entry\_points to non-existent drivers
 1869 * Fix typo in doc
 1870 
 1871 11.0.0.0b1
 1872 ----------
 1873 
 1874 * remove release note about LDAP write removal
 1875 * Change "Change User Password" request example
 1876 * Fixes remaining nits in endpoint\_policy tests
 1877 * Remove reference to future removal of saml
 1878 * Limits config fixture usage to where it's needed
 1879 * Updated from global requirements
 1880 * Remove format\_token method
 1881 * Remove issue\_v3\_token in favor of issue\_token
 1882 * Remove issue\_v2\_token
 1883 * refactor the token controller
 1884 * Use issue\_v3\_token instead of issue\_v2\_token
 1885 * Updates to the architecture doc
 1886 * Support nested groups in Active Directory
 1887 * Add healthcheck middleware to pipelines
 1888 * Request cache should not update context
 1889 * Change cfg.set\_defaults into cors.set\_defaults
 1890 * Updated from global requirements
 1891 * Updated from global requirements
 1892 * Doc warning for keystone db migration
 1893 * Wording error in upgrading documentation
 1894 * Updated from global requirements
 1895 * fix credentials backend tests
 1896 * Allow running expand & migrate at the same time
 1897 * Add test cases for passing "None" as a hint
 1898 * Fix test\_revoke to run all tests after pki removal
 1899 * Updated from global requirements
 1900 * Switch fernet to be the default token provider
 1901 * Remove support for PKI and PKIz tokens
 1902 * Doc the difference between memcache and cache
 1903 * Doctor ldap check fix for config files
 1904 * Additional logging when authenticating
 1905 * Document OS-SIMPLE-CERT Routes
 1906 * Document v2 Revoked Token Route
 1907 * Add api-ref /auth/tokens/OS-PKI/revoked (v3)
 1908 * Fix broken links in the docs
 1909 * Add structure for Devstack plugin
 1910 * Add bindep environment to tox
 1911 * Pass a request to controllers instead of a context
 1912 * Create default role as a part of bootstrap
 1913 * Updated from global requirements
 1914 * Don't deprecate the LDAP property which is still needed
 1915 * Clarifying on the remove of \`build\_auth\_context\` middleware
 1916 * log.error use \_ of i18n
 1917 * Doctor check for LDAP domain specific configs
 1918 * Updated from global requirements
 1919 * Updated from global requirements
 1920 * Validate mapping exists when creating/updating a protocol
 1921 * Remove new\_id() in test\_revoke
 1922 * Adds warning when no domain configs were uploaded
 1923 * Add release note for fernet tokens
 1924 * Tweak api-ref doc for v3 roles
 1925 * Tweak api-ref doc for v3 roles status codes
 1926 * Reorder APIs in api-ref for v3 groups
 1927 * [api-ref] Remove the duplicated sample
 1928 * Follow-on of memcache token persistence removal
 1929 * changed domain id to name in JSON request
 1930 * More configuration doc edits
 1931 * Remove backend dependencies from token provider
 1932 * Updated from global requirements
 1933 * [api-ref] Fix couple of issues on OS-INHERIT API
 1934 * Code cleanup
 1935 * Replace tenant with project for keystone catalog
 1936 * Imported Translations from Zanata
 1937 * Update, correct, and enhance federation docs
 1938 * Invalidate trust when the related project is deleted
 1939 * Remove unused arg(project and initiator)
 1940 * Drop MANIFEST.in - it's not needed by pbr
 1941 * Ignore unknown arguments to fetch\_token
 1942 * Return password\_expires\_at during auth
 1943 * Move the token abstract base class out of core
 1944 * Add is\_admin\_project to policy dict
 1945 * Fix a typo in token\_formatters.py
 1946 * Improve check\_token validation performance
 1947 * Add revocation event indexes
 1948 * Add docs for PCI-DSS
 1949 * Invalidate trust when the trustor or trustee is deleted
 1950 * Updated from global requirements
 1951 * [api] add a note about project name restrictions
 1952 * One validate method to rule them all..
 1953 * Simplify the KeystoneToken model
 1954 * Remove validate\_v2\_token() method
 1955 * [api] remove \`user\_id\` and \`project\_id\` from policy
 1956 * Remove the decorator where it's not applied
 1957 * Optimize remove unused variable
 1958 * Remove those redundant variable declaration
 1959 * [doc] Correct mapping JSON example
 1960 * Remove no use variable (domain\_id)
 1961 * Remove redundant variable declaration
 1962 * Deprecate \`endpoint\_filter.sql\` backend
 1963 * remove deprecated \`[endpoint\_policy] enable\` option
 1964 * Pass initiator to Manager as a kwarg
 1965 * create release notes for removed functionality
 1966 * Remove driver version specifiers from tests
 1967 * Enable release notes translation
 1968 * Remove driver version from identity backend test names
 1969 * Remove driver version from docs
 1970 * Updated from global requirements
 1971 * Default the assignment backend to SQL
 1972 * remove legacy driver tox target
 1973 * Use validate\_v3\_token instead of validate\_token
 1974 * Ensure all v2.0 tokens are validated the same way
 1975 * Make sure all v3 tokens are validated the same way
 1976 * re-add valid comment about None domain ID
 1977 * Default the resource backend to SQL
 1978 * Make returning is\_domain conditional
 1979 * Move audit initiator creation to request
 1980 * Don't validate token expiry in the persistence backend
 1981 * Add tests for validating expired tokens
 1982 * Fix a typo in \_init\_.py
 1983 * Remove password history validation from admin password resets
 1984 * Updating the document regarding LDAP options
 1985 * Updated from global requirements
 1986 * Remove the unused sdx doc files
 1987 * Updated from global requirements
 1988 * Remove the no use arg (auth=None)
 1989 * Fix typo in docstring
 1990 * Tweak api-ref for v3 groups status codes
 1991 * Updated from global requirements
 1992 * Add Apache 2.0 license to source file
 1993 * Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml
 1994 * Validate password history for self-service password changes
 1995 * Make test\_v3\_auth exercise the whole API
 1996 * Remove stable driver interfaces
 1997 * Updated from global requirements
 1998 * Remove the check for admin token in build\_auth\_context middleware
 1999 * Reorder APIs in api-ref doc for v3 users
 2000 * Fix a docstring typo in test\_v3\_resource.py
 2001 * Using assertIsNone(...) instead of assertIs(None, ...)
 2002 * Updated from global requirements
 2003 * remove deprecated items from contrib
 2004 * Update man page for Ocata release version and date
 2005 * Using assertIsNone() instead of assertIs(None)
 2006 * Remove default=None when set value in config
 2007 * Undeprecate options used for signing
 2008 * Remove unused path in the v2 token controller
 2009 * Fix the belongsTo query parameter
 2010 * Fix 'API Specification for Endpoint Filtering' broken link
 2011 * Add domain check in domain-specific role implication
 2012 * Override credential key repository for null key tests
 2013 * Remove useless method override
 2014 * remove memcache token persistence backends
 2015 * remove keystone/service.py
 2016 * remove saml2 auth plugin
 2017 * remove httpd/keystone.py
 2018 * remove cache backends
 2019 * Revert "Allow compatibility with keystonemiddleware 4.0.0"
 2020 * Consolidate the common code into one method
 2021 * Handle the exception from creating request token properly
 2022 * Fix formatting strings in LOG.debug
 2023 * Fix formatting strings in LOG.warning
 2024 * Handle the exception from creating access token properly
 2025 * Updated from global requirements
 2026 * Tweak status code in api-ref doc for v3 users
 2027 * Fix prameters names in Keystone API v2-ext
 2028 * Refactor Keystone admin-tenant API v2
 2029 * Refactor Keystone admin-endpoint API
 2030 * Fix for unindent warning in doc build
 2031 * add placeholder migrations for newton
 2032 * Remove  default=None for config options
 2033 * Ensure the sqla-migrate scripts cache is cleared
 2034 * Move test\_sql\_upgrade.MigrationRepository into keystone.common
 2035 * Rename sql.migration\_helpers to sql.upgrades
 2036 * Give domain admin rights to domain specific implied roles
 2037 * Update reno for stable/newton
 2038 * Refactor find\_migrate\_repo(): require caller to specify repo
 2039 * Fixes password created\_at errors due to the server\_default
 2040 * Move the responsibility for stdout to the CLI module
 2041 * Use a read-only DB session to retrieve schema version
 2042 * Move rolling upgrade repo names into constants
 2043 
 2044 10.0.0.0rc1
 2045 -----------
 2046 
 2047 * Removal of imports within functions
 2048 * Trivial fixes in the ldap common functions
 2049 * Test that rolling upgrade repos are in lockstep
 2050 * Add unit tests for isotime()
 2051 * Remove unused \_convert\_to\_integers() method
 2052 * Adds tests for verify\_length\_and\_trunc\_password()
 2053 * Remove unused read\_cached\_file method from utils
 2054 * Allow compatibility with keystonemiddleware 4.0.0
 2055 * Fix links on configure\_federation documentation
 2056 * Add edge case tests for disabling a trustee
 2057 * Fix prameters name and response codes in Keystone API v2
 2058 * Tweak api-ref doc for services/endpoints
 2059 * Use issued\_at in fernet token provider
 2060 * Remove unused method from keystone.common.utils
 2061 * Use ConfigParser instead of SafeConfigParser
 2062 * Consistently round down timestamps
 2063 * Remove the APIs from doc that is not supported yet
 2064 * TrivialFix: Merge imports in code
 2065 * Fix the nit on how to deploy keystone with \`mod\_proxy\_uwsgi\`
 2066 * Tweak api-ref doc for projects
 2067 * Remove the dead link in schema migration doc
 2068 * Updated from global requirements
 2069 * Fix order of arguments in assertIs
 2070 * New notes on advanced upgrade/fallback for cluster
 2071 * standardize release note page ordering
 2072 * [api-ref] Correct response code status
 2073 * Replace six iteration methods with standard ones
 2074 * Fixes a nit in a comment
 2075 * Updates configuration doc with latest changes
 2076 * Use freezegun for change password tests
 2077 * Update sample keystone.conf for Newton
 2078 * Project domain must match role domain for assignment
 2079 * Add docs for the null key
 2080 * Log warning if null key is used for encryption
 2081 * Introduce null key for credential encryption
 2082 * More nit doc fixes
 2083 * Keep the order of passwords in tests
 2084 * EndpointPolicy driver doesn't inherit interface
 2085 * [api-ref] Stop supporting os-api-ref 1.0.0
 2086 * Fix up some doc nits
 2087 * Only cache callables in the base manager
 2088 * [api-ref] Correcting parameter's type
 2089 * Correct link type
 2090 * Fix problems in service api doc
 2091 * Raise NotImplementedError instead of NotImplemented
 2092 * Add the deprecated\_since to deprecated options
 2093 * Add doctor checks for credential fernet keys
 2094 * Few new commands missing from docs
 2095 * Emit log message for fernet tokens only
 2096 * Implement encryption of credentials at rest
 2097 * Typo: key\_manger\_factory to key\_mangler\_factory
 2098 
 2099 10.0.0.0b3
 2100 ----------
 2101 
 2102 * Fixes spelling mistakes
 2103 * Fixes migration where password created\_at is nullable
 2104 * Block global roles implying domain specific roles
 2105 * Correct typo in mapping\_populate command's help
 2106 * Relax the requirement for mappings to result in group memberships
 2107 * Document credential encryption
 2108 * Update sample uwsgi config for lazy-apps
 2109 * Add documentation on how to set a user's tenant
 2110 * Pre-cache new tokens
 2111 * Config logABug feature for Keystone api-ref
 2112 * Fix nits in db migration dev docs
 2113 * Disallow new migrations in the legacy migration repository
 2114 * Updated from global requirements
 2115 * Update developer docs for new rolling upgrade repos
 2116 * Add man page info for credential setup command
 2117 * Remove unnecessary try/except from token provider
 2118 * Fixes small grammar mistake in docstring
 2119 * Add a feature support matrix for identity sources
 2120 * Fix wrong response codes in 'groups' APIs
 2121 * Make token\_id a required parameter in v3\_to\_v2\_token
 2122 * Distributed cache namespace to invalidate regions
 2123 * Fix formatting strings when using multiple variables
 2124 * Add credential setup command
 2125 * Add Response Example for 'Create credential' API
 2126 * Add Response Example for 'Passwd auth with unscoped authorization'
 2127 * Remove mapping schema from the doc
 2128 * Impose a min and a max on time values in CONF.token
 2129 * Repair link in Keystone documentation
 2130 * Faster id mapping lookup
 2131 * Fix some typos in comments
 2132 * Cleaning imports in code
 2133 * Updated from global requirements
 2134 * TrivialFix: Remove logging import unused
 2135 * Removes old, unused code
 2136 * Reduce log level of Fernet key count message
 2137 * Updated from global requirements
 2138 * Adds password regular expression checks to doctor
 2139 * Let upgrade tests control all 4 repositories at once
 2140 * Adds check that minimum password age is less than password expires days
 2141 * Remove unused global variable from unit tests
 2142 * Modify sql banned operations for each of the new repos
 2143 * Use egg form of osprofiler in paste pipeline
 2144 * api-ref: Splitting status lines in API v3-ext
 2145 * api-ref: Splitting status lines in API v3
 2146 * Remove mox from test-requirements
 2147 * TrivialFix: Remove logging import unused
 2148 * [api-ref]: Outdated link reference
 2149 * Remove unnecessary \_\_init\_\_
 2150 * Add mapping\_populate command
 2151 * Doc fix: license rendered in published doc
 2152 * Doc fix: "keystone-manage upgrade" is not a thing
 2153 * Fix credential update to ec2 type
 2154 * Add key repository uniqueness check to doctor
 2155 * Update \`href\` for keystone extensions
 2156 * Updated from global requirements
 2157 * Fix the wrong URI for the OAuth1 extension in api-ref
 2158 * Shadowing a nonlocal\_user incorrectly creates a local\_user
 2159 * Add entrypoint for mapped auth method
 2160 * Get ready for os-api-ref sphinx theme change
 2161 * Add rolling upgrade documentation
 2162 * Add create and update methods to credential Manager
 2163 * Create a fernet credential provider
 2164 * Make KeyRepository shareable
 2165 * Add conf to support credential encryption
 2166 * Password expires ignore user list
 2167 * Add expand, data migration and contract logic to keystone-manage
 2168 * [api] add relationship links to v3-ext
 2169 * Removes use of freezegun in test\_auth tests
 2170 * Removes a redundant test from FernetAuthWithTrust
 2171 * api-ref: Fix parameters attributes
 2172 * Set default value for [saml]/idp\_contact\_surname
 2173 * Tidy up for late-breaking review comments on keystone-manage
 2174 * PCI-DSS Minimum password age requirements
 2175 * api-ref: Document domain specific roles
 2176 * Revert "Add debug logging to revocation event checking"
 2177 * Replace the content type with correct one
 2178 * Add credential encryption exception
 2179 * Pass key\_repository and max\_active\_keys to FernetUtils
 2180 * Make a FernetUtils class
 2181 * Move fernet utils into keystone/common/
 2182 * Add support for rolling upgrades to keystone-manage
 2183 * api-ref: Document implied roles API
 2184 * Support new osprofiler API
 2185 * api-ref: Correcting V3 OS-INHERIT APIs
 2186 * Fix typo in the file
 2187 * Add debug logging to revocation event checking
 2188 * Detail Federation Service Provider APIs in api-ref
 2189 * Detail Fed Projects and Domains APIs in api-ref
 2190 * add a header for the federation APIs
 2191 * Detail Federation Mapping APIs in api-ref docs
 2192 * Detail Federation Auth APIs in api-ref docs
 2193 * Detail Federation Assertion APIs in api-ref docs
 2194 * Move other-requirements.txt to bindep.txt
 2195 * Detail IdP APIs in api-ref docs
 2196 * api-ref: Add default domain config documentation
 2197 * Constraints are ready to be used for tox.ini
 2198 * Updated from global requirements
 2199 * [api] add relationship links to v3
 2200 * Refactor revoke matcher
 2201 * Document get auth/catalog,projects,domains
 2202 * api-ref: Renaming parameters of V3-ext APIs
 2203 * api-ref: Correcting V3 Credentials APIs
 2204 * api-ref: Correcting V3 Policies APIs
 2205 * api-ref: Correcting V3 Authentication APIs
 2206 * api-ref: Correcting V3 Domain config APIs
 2207 * Use international logging message
 2208 * Updates Development Environment Docs
 2209 * Create unit tests for endpoint policy drivers
 2210 * api-ref: Add query options to GET /projects API documentation
 2211 * Updated from global requirements
 2212 * api-ref: Add missing parameter tables to tenant
 2213 * Create unit tests for the policy drivers
 2214 * api-ref: Correcting V3 Endpoints APIs
 2215 * api-ref: Correcting V3 Services APIs
 2216 * api-ref: Add "nocatalog" option to GET /v3/auth/tokens
 2217 * Fix warning when running tox -e api-ref
 2218 * Add basic upgrade documentation
 2219 * Document query option (is\_domain) for projects
 2220 * remove test utilities related to adding extensions
 2221 * Update etc/keystone.conf.sample
 2222 * Make hash\_algorithms order deterministic
 2223 * PCI-DSS Password expires validation
 2224 * Report v2.0 as deprecated in version discovery
 2225 * Update the api-ref to mark the v2 API as deprecated
 2226 * Add schema validation to create user v2
 2227 * Fix the spelling of a test name
 2228 * Remove mention of db\_sync per backend
 2229 * Trust controller refactoring
 2230 * Use more specific asserts in tests
 2231 * Updated from global requirements
 2232 * Add debug logging for RevokeEvent deserialize problem
 2233 * Make all token provider behave the same with trusts
 2234 * Use URIOpt for endpoint URL options
 2235 * Clean up the introductory text in the docs
 2236 * Retry revocation on MySQL deadlock
 2237 * Add schema validation to update user v2
 2238 * PCI-DSS Lockout requirements
 2239 * Improve domain configuration API docs
 2240 * Skip middleware request processing for admin token
 2241 * Move Assertion API to its own file
 2242 * Bump API version number and date
 2243 * Move Federation Auth API to its own file
 2244 * Move List Projects and Domains API to its own file
 2245 * Move Service Provider API to its own file
 2246 * Move Mapping API to its own file
 2247 * Use %()d for integer substitution
 2248 * Don't include openstack/common in flake8 exclude list
 2249 * Added postgresql libs to developer docs
 2250 * Add schema validation to create service in v2
 2251 * Remove the redundant verification in OAuth1 authorization
 2252 * Add schema validation to v2 update tenant
 2253 * refactor idp to its own file
 2254 * Updated from global requirements
 2255 * PCI-DSS Password history requirements
 2256 * Move Identity Provider API to its own file
 2257 * Add dummy domain\_id column to cached role
 2258 * Allow attributes other than \`enabled\` in schema
 2259 * Remove the extensions repos
 2260 * Document the domain config API as stable
 2261 * Remove configuration references to eventlet
 2262 * Adds a custom deepcopy handler
 2263 * Add token feature support matrix to documentation
 2264 * Test number of queries on list\_users
 2265 * No need the redundant validation in manager level
 2266 * Add the missing testcases for \`name\` and \`enabled\`
 2267 * Adds test for SecurityError's translation behavior
 2268 * TOTP auth not functional in python3
 2269 * Invalid tls\_req\_cert constant as default
 2270 * Add schema validation to v2 create tenant
 2271 * Use quotes consistently in token controller
 2272 * Add performance tuning documentation
 2273 * Allow V2TestCase to be tested against fernet and uuid
 2274 * Make AuthWithTrust testable against uuid and fernet
 2275 * Improve os-federation docs
 2276 * Fix v2-ext API enabled documentation
 2277 * PCI-DSS Adds password\_expires\_at to API docs
 2278 * Make it so federated tokens are validated on v2.0
 2279 * Use freezegun in AssignmentInheritanceTestCase
 2280 * Only run KvsTokenCacheInvalidation against uuid
 2281 * Use freezegun in OSRevokeTests
 2282 * refactor: make TestFetchRevocationList test uuid
 2283 * refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz
 2284 * refactor: make TestAuthKerberos test pki/pkiz/uuid
 2285 * Add schema validation to create role
 2286 * Replace OpenStack LLC with OpenStack Foundation
 2287 * refactor: inherit AuthWithRemoteUser for other providers
 2288 * Run AuthWithToken against all token providers
 2289 * Don't run TokenCacheInvalidation with Fernet
 2290 * Refactor TestAuthExternalDomain to not inherit tests
 2291 * Use freezegun to increment clock in test\_v3\_assignment
 2292 * Add schema for enabling a user
 2293 * Fix up the api-ref request/response parameters for projects
 2294 * \`password\` is not required for updating a user
 2295 * Clarify V2 API for enabling or disabling user
 2296 * Removed duplicate parameter in v2-admin api-ref
 2297 * Fix the errors in params in api-ref for V3 region
 2298 * Fix the errors in params in api-ref for V3 user
 2299 * Added cache for id mapping manager
 2300 * Updated from global requirements
 2301 * Add Python 3.5 classifier
 2302 * Handle Py35 fix of ast.node.col\_offset bug
 2303 * deprecate a few more LDAP config options
 2304 * Clean up api-ref for domains
 2305 * keystone-manage doctor
 2306 * v2 api: add APIs for setting a user's password
 2307 * Update os-inherit API reference
 2308 * Updated from global requirements
 2309 * Run AuthTokenTests against fernet and uuid
 2310 * Use freezegun to increment the clock in test\_v3\_filters
 2311 * Prevent error when duplicate mapping is created
 2312 * Fix the wrong check condition
 2313 * Clean up the api-ref for groups
 2314 * Updated from global requirements
 2315 * Improve introdcution to api-ref projects
 2316 * Migrate OS-FEDERATION from specs repo
 2317 * v2 api: remove APIs for global roles
 2318 * v2 api: group and order the v2-ext APIs
 2319 * v2 api: remove duplicated delete user API
 2320 * v2 api: add missing /roles in role CRUD APIs
 2321 * v2 api: list user roles is defined twice
 2322 * v2 api: add OS-KSADM to service API routes
 2323 * v2 api: add tenant APIs
 2324 * v2 api: delete user is defined twice
 2325 * v2 api: change update user
 2326 * v2 api: correct user list
 2327 * Update Identity endpoint in v2 samples
 2328 * Fix up numerous errors in params in api-ref for roles
 2329 * Fix up the api-ref for role query paramaters
 2330 * Fix the username value in federated tokens
 2331 * Improve readability of the api-ref roles section
 2332 * Use constraints for coverage job
 2333 * clean up OAUTH API
 2334 * Add relationship links to OAUTH APIs
 2335 * Remove \`name\` property from \`endpoint\` create/update API
 2336 * Add v2.0 /endpoints/ api-ref
 2337 * Update identity endpoint in v3 and v3-ext samples
 2338 * Pass request to v2 token authenticate
 2339 * Remove unused context from AuthInfo
 2340 * Correct normal response codes for v2.0 extensions
 2341 * Improve user experience involving token flush
 2342 * Add "v2 overview" docs to APIs
 2343 * add OS-OAUTH1/authorize/{request\_token\_id} API
 2344 * Move OS-INHERIT api-ref from extensions to core
 2345 * re-order the oauth APIs
 2346 * Copy the preamble / summary of OAuth1 from the specs repo
 2347 * Correct normal response codes in trust documentation
 2348 * Add OS-EP-FILTER to api-ref
 2349 
 2350 10.0.0.0b2
 2351 ----------
 2352 
 2353 * PCI-DSS Password strength requirements
 2354 * Variables in URL path should be required
 2355 * Remove get\_trust\_id\_for\_request function
 2356 * Pass request to normalize\_domain\_id
 2357 * Remove a validate\_token\_bind call
 2358 * Remove get\_user\_id in trust controller
 2359 * Cleanup trusts controller
 2360 * Trivial spacing and comma corrections
 2361 * Add OS-KSCRUD api-ref
 2362 * Disable warnerrors in setup.cfg temporarily
 2363 * Add is\_domain to project example responses
 2364 * Add is\_domain to scope token response examples
 2365 * Improve keystone.conf [security\_compliance] documentation
 2366 * Improve keystone.conf [signing] documentation
 2367 * Correct normal response codes in OS-INHERIT docs
 2368 * Fix python{3,}-all-dev depends in deb based
 2369 * Correct normal status codes for v2.0 admin docs
 2370 * Improve keystone.conf [shadow\_users] documentation
 2371 * Correct normal response codes for region docs
 2372 * Correct normal response codes for auth docs
 2373 * Correct normal response codes for credential docs
 2374 * Correct normal response codes for project docs
 2375 * Correct normal response codes for policy docs
 2376 * Correct normal response codes for v2.0 versions doc
 2377 * Correct normal response codes in v2.0 versions doc
 2378 * Correct normal response codes in v2.0 tenant docs
 2379 * Use URIOpt instead of StrOpt for SAML config
 2380 * Correct normal response codes for role docs
 2381 * Correct normal response codes in v2.0 token docs
 2382 * Correct normal response codes in service catalog doc
 2383 * Correct normal response codes in oauth docs
 2384 * Correct normal response codes in v2.0 admin user docs
 2385 * Improve keystone.conf [token] documentation
 2386 * Correct normal response codes in endpoint policy docs
 2387 * Validate SAML keyfile & certfile options
 2388 * Improve keystone.conf [tokenless\_auth] documentation
 2389 * Complete OS-TRUST API documentation
 2390 * Fixes response codes in endpoint policy api-ref
 2391 * List 20X status codes as Normal in domain docs
 2392 * Improve the API documentation for groups
 2393 * Create APIs for OS-REVOKE
 2394 * Clean up token binding validation code
 2395 * Reorder request params in endpoint policy api-ref
 2396 * Adds missing parameter to endpoint policy api-ref
 2397 * Adds missing docs to endpoint policy api-ref
 2398 * Reorders API calls to match precedence rules
 2399 * Improve keystone.conf [saml] documentation
 2400 * Handle more auth information via context
 2401 * Require auth\_context middleware in the pipeline
 2402 * Updated from global requirements
 2403 * Improve keystone.conf [trust] documentation
 2404 * Improve keystone.conf [role] documentation
 2405 * Improve keystone.conf [ldap] documentation
 2406 * Improve keystone.conf [os\_inherit] documentation
 2407 * Improve keystone.conf [revoke] documentation
 2408 * Improve keystone.conf [resource] documentation
 2409 * Move logic for catalog driver differences to manager
 2410 * Minor docstring cleanup for domain\_id mapping
 2411 * Remove unnecessary stable attribute value for status
 2412 * Updated from global requirements
 2413 * Mark the domain config via API as stable
 2414 * Remove validated decorator
 2415 * Move request validation inline
 2416 * Invalidate token cache on domain disablement
 2417 * Isolate token caching into its own region
 2418 * Doc update on enabled external auth and federation
 2419 * keystone recommend deprecated memcache backend
 2420 * Use request object in policy enforcement
 2421 * Use the context's is\_admin property
 2422 * Add the oslo\_context to the environment and request
 2423 * Use http\_client constants instead of hardcoding
 2424 * Increase test coverage for token APIs
 2425 * Ensure status code is always passed as int
 2426 * Fix fernet token validate for disabled domains/trusts
 2427 * Doc update for moving abstract base classes out of core
 2428 * Fix \_populate\_token\_dates method signature
 2429 * Move the trust abstract base class out of core
 2430 * Move the credential abstract base class out of core
 2431 * Move the auth plugins abstract base class out of core
 2432 * Expose bug with Fernet tokens and trusts
 2433 * Remove last parts of query\_string from context
 2434 * Remove get\_auth\_context
 2435 * Correct reraising of exception
 2436 * Pass request to build\_driver\_hints
 2437 * Remove headers from context
 2438 * Use request.environ through auth and federation
 2439 * Remove accept\_header from context
 2440 * Fixed a Typo
 2441 * Docs: Fix the query params in role\_assignments example
 2442 * [doc/api]Remove space within word
 2443 * Remove unused LOG
 2444 * Make assert\_admin work with a request
 2445 * Add missing preamble for v3 and v3-ext
 2446 * move OAUTH1 API to extensions
 2447 * generate separate index files for each api-ref
 2448 * Migrate identity /v2-admin docs from api-ref repo
 2449 * Use request instead of context in v2 auth
 2450 * Handle catalog backends that don't support all functions
 2451 * Refactoring: remove the duplicate method
 2452 * Return \`revoked\_at\` for list revoke events
 2453 * Use skip\_test\_overrides everywhere we feature skip
 2454 * Improve keystone.conf [fernet\_tokens] documentation
 2455 * Improve keystone.conf [catalog] documentation
 2456 * Refactor: [ldap] suffix should not be an instance attribute
 2457 * Grammar fix: will -> can
 2458 * Fixes hacking's handling of log hints
 2459 * Improve keystone.conf [paste\_deploy] documentation
 2460 * Improve keystone.conf [kvs] documentation
 2461 * Improve keystone.conf [identity] documentation
 2462 * Improve keystone.conf [endpoint\_filter] documentation
 2463 * Improve keystone.conf [oauth1] documentation
 2464 * Verify domain\_id when get\_domain is being called
 2465 * Updated from global requirements
 2466 * Include doc directory in pep8 checks
 2467 * Do not register options on import
 2468 * Improve keystone.conf [policy] documentation
 2469 * Improve keystone.conf [memcache] documentation
 2470 * Use min to avoid checking < 1 max fernet keys
 2471 * Improve keystone.conf [identity\_mapping] documentation
 2472 * Improve keystone.conf [federation] documentation
 2473 * Updated tests that claimed to be blocked by bugs
 2474 * Use skip\_test\_overrides in test\_backend\_ldap
 2475 * Adds a skip method to identify useless skips
 2476 * Update the nosetests test regex for legacy tests
 2477 * update a config option deprecation message
 2478 * Improve keystone.conf [eventlet\_server] documentation
 2479 * Improve keystone.conf [endpoint\_policy] documentation
 2480 * Improve keystone.conf [credential] documentation
 2481 * Improve keystone.conf [domain\_config] documentation
 2482 * Rename [DEFAULT] keystone.conf module to keystone.conf.default
 2483 * Improve keystone.conf [DEFAULT] documentation
 2484 * Remove test\_backend\_ldap skips for missing tests
 2485 * Removes duplicate ldap test setup
 2486 * Extracted common ldap setup and use in the filter tests
 2487 * Reduce domain specific config setup duplication
 2488 * API Change Tutorial doc code modify
 2489 * Update other-requirements for Xenial
 2490 * Concrete role assignments for federated users
 2491 * PCI-DSS Disable inactive users requirements
 2492 * Migrate identity /v3-ext docs from api-ref repo
 2493 * Migrate identity /v2-ext docs from api-ref repo
 2494 * Migrate identity /v2 docs from api-ref repo
 2495 * Use request.params instead of context['query\_string']
 2496 * Config: no need to set default=None
 2497 * Do not spam the log with uncritical stacktraces
 2498 * Improve keystone.conf [auth] documentation
 2499 * Improve keystone.conf [assignment] documentation
 2500 * Group test\_backend\_ldap skips for readability
 2501 * Adds a backend test fixture
 2502 * Remove unused test code
 2503 * Moves auth plugin test setup closer to its use
 2504 * Add security\_compliance group back to config
 2505 * Fix nits related to the new keystone.conf package
 2506 * Fixes failure when password is null
 2507 * Allow auth plugins to be setup more than once
 2508 * Removes outdate comment from a test
 2509 * Replace keystone.common.config with keystone.conf package
 2510 * Updated from global requirements
 2511 * Fix a few spelling mistakes
 2512 * Allow user to get themself and their domain
 2513 * PCI-DSS Password SQL model changes
 2514 * Fix argument order for assertEqual to (expected, observed)
 2515 * Use the ldap fixture to simplify tests
 2516 * Change the remaining conf setup to use the fixture
 2517 * Reduce setup overhead in auth\_plugin tests
 2518 * /services?name=<name> API fails when using list\_limit
 2519 * Updated from global requirements
 2520 * Make sure to use InnoDB as the DB engine
 2521 * Remove TestAuth
 2522 * Move last few TestAuth tests to TokenAPITests
 2523 * Move external auth and bind test to TokenAPITests
 2524 * Refactor test\_validate\_v2\_scoped\_token\_with\_v3\_api
 2525 * Remove test\_validate\_v2\_unscoped\_token\_with\_v3\_api
 2526 * Move more project scoped token behavior to TokenAPITests
 2527 * Validate impersonation in trust redelegation
 2528 * Correct domain\_id and name constraint dropping
 2529 * Integration tests cleanup
 2530 * Use http\_proxy\_to\_wsgi from oslo.middleware
 2531 * Use request object in auth plugins
 2532 * Move cross domain/group/project auth tests
 2533 * Move negative token tests to TokenAPITests
 2534 * Move unscoped token test to TokenAPITests
 2535 * Move negative domain scope test to TokenAPITests
 2536 * Consolidate domain token tests into TokenAPITests
 2537 * Move more project scoped behavior tests to TokenAPITests
 2538 * Move project scoped catalog tests to TokenAPITests
 2539 * Update driver versioning documentation
 2540 * Move project scoped tests to TokenAPITests
 2541 * Move TestAuth unscoped token tests to TokenAPITests
 2542 * Add cache invalidation for service providers
 2543 * Updated from global requirements
 2544 * Add 'links' to implied roles response
 2545 * Updated from global requirements
 2546 * fix ldap delete\_user group member cleanup
 2547 * exception sensitive cache/audit changes
 2548 * Fix TOTP transient test failure
 2549 * Change LocalUser sql model to eager loading
 2550 * Shadow LDAP and custom driver users
 2551 * Refactor shadow users
 2552 * Fix ValidationError exception name in docstring
 2553 * Add docstring to delete\_project
 2554 * Updated from global requirements
 2555 * Revert to caching fernet tokens the same way we do UUID
 2556 * Honor ldap\_filter on filtered group list
 2557 * Pass a request to controllers instead of a context
 2558 * Update the keystone-manage man page options
 2559 * clean up test\_resource\_uuid
 2560 * Return 404 instead of 401 for tokens w/o roles
 2561 * Updating sample configuration file
 2562 * Revert "Install necessary files in etc/"
 2563 * Keystone uwsgi performance tuning
 2564 * Add caching config for federation
 2565 * Updated from global requirements
 2566 * Updating sample configuration file
 2567 * Updating sample configuration file
 2568 * Bootstrap: enable and reset password for existing users
 2569 * PEP257: Ignore D203 because it was deprecated
 2570 * Cache service providers on token validation
 2571 * Refactor revoke\_model to remove circular dependency
 2572 * Update man page for Newton release
 2573 * Move stray notification options into config module
 2574 * Adding role assignment lists unit tests
 2575 * Add protocols integration tests
 2576 * Add mapping rules integration tests
 2577 * Add service providers integration tests
 2578 * Imported Translations from Zanata
 2579 * Updated from global requirements
 2580 
 2581 10.0.0.0b1
 2582 ----------
 2583 
 2584 * Simplify & fix configuration file copy in setup.cfg
 2585 * Config settings to support PCI-DSS
 2586 * Fix credentials\_factory method call
 2587 * Allow domain admins to list users in groups with v3 policy
 2588 * Updating sample configuration file
 2589 * Updated from global requirements
 2590 * Honor ldap\_filter on filtered user list
 2591 * Install necessary files in etc/
 2592 * Replace revoke tree with linear search
 2593 * Migrate identity /v3 docs from api-ref repo
 2594 * Updated from global requirements
 2595 * Add new functionality to @wip
 2596 * remove deprecated revoke\_by\_expiration function
 2597 * Isolate common ldap code to the identity backend
 2598 * Updated from global requirements
 2599 * Remove helper script for py34
 2600 * Include project\_id in the validation error on default project is domain
 2601 * Add python 3 release note
 2602 * Add comment to test case helper function
 2603 * Add Python 3 classification
 2604 * Py3 oauth tests
 2605 * Enable py3 tests for test\_v3\_auth
 2606 * make sure default\_project\_id is not domain on user creation and update
 2607 * Let setup.py compile\_catalog process all language files
 2608 * Fix broken link of federation docs
 2609 * Add new line in keystone/common/request.py
 2610 * Move identity.backends.sql model code to sql\_model.py
 2611 * Add .mo files to MANIFEST.in
 2612 * Replace context building with a request object
 2613 * Enable py3 testing for Fernet token provider
 2614 * Enable py3 for credential tests
 2615 * reorganize mitaka release notes
 2616 * enable ldap tests for py3
 2617 * Updated from global requirements
 2618 * Add the validation rules when create token
 2619 * Use PyLDAP instead of python-ldap
 2620 * Fix config path for running wsgi in developer mode
 2621 * Move the revoke abstract base class out of core
 2622 * Updated from global requirements
 2623 * Port test\_v2 unit test to Python 3
 2624 * Move the oauth1 abstract base class out of core
 2625 * Drop the (unused) domain table
 2626 * Don't set None for ldap.OPT\_X\_TLS\_CACERTFILE
 2627 * Add API Change Tutorial
 2628 * Deprecate keystone.common.kvs
 2629 * Updating sample configuration file
 2630 * Add is\_domain in token response
 2631 * Switch to use \`new\_domain\_ref\` for testcases
 2632 * Move the assignment abstract base class out of core
 2633 * Add identity providers integration tests
 2634 * Update documentation to remove keystone-all
 2635 * Updating sample configuration file
 2636 * Updated from global requirements
 2637 * replace logging with oslo.log
 2638 * Move the federation abstract base class out of core
 2639 * Separate protocol schema
 2640 * Updated from global requirements
 2641 * Move the catalog abstract base class and common code out of core
 2642 * Enhance federation group mapping validation
 2643 * Add mapping validation tests
 2644 * Fixes example in the mapping combinations docs
 2645 * do not search file on real environment
 2646 * Allow 'domain' property for local.group
 2647 * Add conflict validation for idp update
 2648 * Always add is\_admin\_project if admin project defined
 2649 * Make keystone exit when fernet keys don't exist
 2650 * Fix fernet audit ids for v2.0
 2651 * Revert "Revert "Unit test for checking cross-version migrations compatibility""
 2652 * Make all fixture project\_ids into uuids
 2653 * Fixing D105, D203, and D205 PEP257
 2654 * Remove test\_invalid\_policy\_raises\_error
 2655 * switch to tempest instead of deprecated tempest-lib
 2656 * Move the resource abstract base class out of core
 2657 * Correct RST syntax for a code block
 2658 * Restructure policy abstract driver
 2659 * Updated from global requirements
 2660 * Add test for authentication when project and domain name clash
 2661 * Fix doc build if git is absent
 2662 * Restructure endpoint policy abstract driver
 2663 * Clean up test\_receive\_identityId
 2664 * Fix typos
 2665 * Fixes incorrect deprecation warning for IdentityDriverV8
 2666 * Add other-requirements.txt
 2667 * Fix D400 PEP257
 2668 * Imported Translations from Zanata
 2669 * Updating sample configuration file
 2670 * Customize config file location when run as wsgi app
 2671 * Updated from global requirements
 2672 * Updating sample configuration file
 2673 * Updated from global requirements
 2674 * Bump the required tox version to 2.3.1
 2675 * Add set\_config\_defaults() call to tests
 2676 * update deprecation warning for falling back to default domain
 2677 * Tests clean up global ldap settings
 2678 * Define identity interface - easy cases
 2679 * add missing deprecation reason for eventlet option
 2680 * Remove comments mentioning eventlet
 2681 * Remove support for generating ssl certs
 2682 * Updating sample configuration file
 2683 * Remove eventlet support
 2684 * Default caching to on for request-local caching
 2685 * Typo in sysctl command example Edit
 2686 * Typo fix in tests
 2687 * Add logging to cli if keystone.conf is not found
 2688 * Fix post jobs
 2689 * Refactor domain config upload
 2690 * Keystone jobs should honor upper-constraints.txt
 2691 * Fix confusing naming in ldap EnableEmuMixin
 2692 * Updating sample configuration file
 2693 * Deprecation reason for domain\_id\_immutable
 2694 * Test list project hierarchy is correct for a large tree
 2695 * Fix D401 PEP8 violation
 2696 * OSprofiler release notes
 2697 * Updating sample configuration file
 2698 * Updated from global requirements
 2699 * Add keystone service ID to observer audit
 2700 * group federated identity docs together
 2701 * Change Role/Region to role/region in keystone-manage bootstrap
 2702 * Use mockpatch fixtures from fixtures
 2703 * Set the values for the request\_local\_cache
 2704 * Add missing backslash to keystone-manage bootstrap command in documentation
 2705 * fix typo
 2706 * Fix KeyError when rename to a name is already in use
 2707 * Improve project name conflict message
 2708 * Imported Translations from Zanata
 2709 * Updating sample configuration file
 2710 * Dev doc update for moving abstract base classes out of core
 2711 * Simplify chained comparison
 2712 * Update the description of the role driver option
 2713 * Integrate OSprofiler in Keystone
 2714 * Update the Administrator guide link
 2715 * Clean up test case for shadow users
 2716 * Fixes bug where the updated federated display\_name is not returned
 2717 * Make AuthContext depend on auth\_token middleware
 2718 * Fix totp test fails randomly
 2719 
 2720 9.0.0
 2721 -----
 2722 
 2723 * Update federated user display name with shadow\_users\_api
 2724 * Update federated user display name with shadow\_users\_api
 2725 * Remove comment from D202 rule
 2726 * Remove backend interface and common code out of identity.core
 2727 * Use messaging notifications transport instead of default
 2728 * Run federation tests under Python 3
 2729 * Bandit test results
 2730 * create a new \`advanced topics\` section in the docs
 2731 
 2732 9.0.0.0rc2
 2733 ----------
 2734 
 2735 * Correct \`role\_name\` constraint dropping
 2736 * Correct \`role\_name\` constraint dropping
 2737 * Base for keystone tempest plugin
 2738 * Random project should return positive numbers
 2739 * Imported Translations from Zanata
 2740 * Improve error message for schema validation
 2741 * Imported Translations from Zanata
 2742 * The name can be just white character except project and user
 2743 * Fix typos in Keystone files
 2744 * Add \`patch\_cover\` to keystone
 2745 * Fix keystone-manage config file path
 2746 * Cleanup LDAP models
 2747 * Correct test to support changing N release name
 2748 * Correct \_populate\_default\_domain in tests
 2749 * Imported Translations from Zanata
 2750 * Removing redundant words
 2751 * Imported Translations from Zanata
 2752 * Correct test to support changing N release name
 2753 * Fix keystone-manage config file path
 2754 * Opportunistic testing with different DBs
 2755 * Correct test\_implied\_roles\_fk\_on\_delete\_cascade
 2756 * Fix table row counting SQL for MySQL and Postgresql
 2757 * Switch migration tests to oslo.db DbTestCase
 2758 * Correct test\_migrate\_data\_to\_local\_user\_and\_password\_tables
 2759 * Fix test\_add\_int\_pkey\_to\_revocation\_event\_table for MySQL
 2760 * Imported Translations from Zanata
 2761 * Implement HEAD method for all v3 GET actions
 2762 * Avoid name repetition in equality comparisons
 2763 * Simplify repetitive unequal checks
 2764 * Imported Translations from Zanata
 2765 * Add test for domains list filtering and limiting
 2766 * Imported Translations from Zanata
 2767 * remove endpoint\_policy from contrib
 2768 * Moved name formatting (clean) out of the driver
 2769 * Add py3 debugging
 2770 * Add release note for list\_limit support
 2771 * Add release note for list\_limit support
 2772 * Cleanup migration tests
 2773 * Imported Translations from Zanata
 2774 * Imported Translations from Zanata
 2775 * Update dev docs and sample script for v3/bootstrap
 2776 * add placeholder migrations for mitaka
 2777 * Enables the notification tests in py3
 2778 * Update reno for stable/mitaka
 2779 * Update .gitreview for stable/mitaka
 2780 
 2781 9.0.0.0rc1
 2782 ----------
 2783 
 2784 * Support \`id\` and \`enabled\` attributes when listing service providers
 2785 * Check for already present user without inserting in Bootstrap
 2786 * Mapping which yield no identities should result in ValidationError
 2787 * Make backend filter testing more comprehensive
 2788 * Move region configuration to a critical section
 2789 * Change xrange to range for python3 compatibility
 2790 * Remove reference to keystoneclient CLI
 2791 * Document running in uwsgi proxied by apache
 2792 * Updating sample configuration file
 2793 * Imported Translations from Zanata
 2794 * Correct Hints class filter documentation
 2795 * Release note cleanup
 2796 * Update reported version for Mitaka
 2797 * Add docs for additional bootstrap endpoint parameters
 2798 * Remove unused notification method and class
 2799 * Consolidate @notifications.internal into Audit
 2800 * Imported Translations from Zanata
 2801 * Remove some translations
 2802 * Imported Translations from Zanata
 2803 * Fixed user in group participance
 2804 * register the config generator default hook with the right name
 2805 * Imported Translations from Zanata
 2806 * Rename v2 token schema used for validation
 2807 * Migrate\_repo init version helper
 2808 * Remove TestFernetTokenProvider
 2809 * Refactor TestFernetTokenProvider trust-scoped tests
 2810 * Refactor TestFernetTokenProvider project-scoped tests
 2811 * Refactor TestFernetTokenProvider domain-scoped tests
 2812 * Refactor TestFernetTokenProvider unscoped token tests
 2813 * Fixing mapping schema to allow local user
 2814 * Fix keystone-manage example command path
 2815 * Make modifications to domain config atomic
 2816 * Add auto-increment int primary key to revoke.backends.sql
 2817 * Add PKIZ coverage to trust tests
 2818 * Consolidate TestTrustRedelegation and TestTrustAuth tests
 2819 * Expose not clearing of user default project on project delete
 2820 * Split out domain config driver and manager tests
 2821 * Add notifications to user/group membership
 2822 * Add ability to send notifications for actors
 2823 * Updated from global requirements
 2824 * Remove foreign assignments when deleting a domain
 2825 * Correct create\_project driver versioning
 2826 * Explicitly exclude tests from bandit scan
 2827 * Move role backend tests
 2828 * v2 tokens validated on the v3 API are missing timezones
 2829 * Move domain config backend tests
 2830 * Validate v2 fernet token returns extra attributes
 2831 * Clarify virtualenv setup in developer docs
 2832 * Fixes a few LDAP tests to actually run
 2833 * Imported Translations from Zanata
 2834 * Un-wrap function
 2835 * Fix warning when running tox
 2836 * Race condition in keystone domain config
 2837 * Adding 'domain\_id' filter to list\_user\_projects()
 2838 * Add identity endpoint creation to bootstrap
 2839 * Updated from global requirements
 2840 * Remove \_disable\_domain from the resource API
 2841 * Remove \_disable\_project from the resource API
 2842 * Remove the notification.disabled decorator
 2843 * Remove unused notification decorators
 2844 * Cleanup from from split of token backend tests
 2845 * Split identity backend tests
 2846 * Split policy backend tests
 2847 * Split catalog backend tests
 2848 * Split trust backend tests
 2849 * Split token backend tests
 2850 * Split resource backend tests
 2851 * Split assignment backend tests
 2852 * Updated from global requirements
 2853 * Consolidate configuration default overrides
 2854 * Updating sample configuration file
 2855 * IPV6 test unblacklist
 2856 * Fix trust chain tests
 2857 
 2858 9.0.0.0b3
 2859 ---------
 2860 
 2861 * Minor edits to the developing doc
 2862 * Add release notes for projects acting as domains
 2863 * Fix keystone.common.wsgi to explicitly use bytes
 2864 * fix sample config link that 404s
 2865 * add hints to list\_services for templated backend
 2866 * Fixes hacking for Py3 tests
 2867 * Fixes to get cert tests running in Py3
 2868 * Fixes the templated backend tests for Python3
 2869 * remove pyc files before running tests
 2870 * Stop using oslotest.BaseTestCase
 2871 * Return 404 instead of 401 for tokens w/o roles
 2872 * Remove unused domain driver method in legacy wrapper
 2873 * Deprecate domain driver interface methods
 2874 * Fix the migration issue for the user doesn't have a password
 2875 * Add driver details in architecture doc
 2876 * Shadow users - Shadow federated users
 2877 * Projects acting as domains
 2878 * Update developer docs for ubuntu 15.10
 2879 * Moved CORS middleware configuration into oslo-config-generator
 2880 * V2 operations create default domain on demand
 2881 * Make keystone tests work on leap years
 2882 * Updating sample configuration file
 2883 * Fix doc build warnings
 2884 * Enable LDAP connection pooling by default
 2885 * Delay using threading.local() to fix check job failure
 2886 * Minor edits to the installation doc
 2887 * Minor edits to the configuration doc
 2888 * Minor community doc edits
 2889 * Updated from global requirements
 2890 * Followup for LDAP removal
 2891 * Remove get\_session and get\_engine
 2892 * No more legacy engine facade in tests
 2893 * Use requst local in-process cache per request
 2894 * Move admin\_token\_auth before build\_auth\_context in sample paste.ini
 2895 * Update default domain's description
 2896 * Reference config values at runtime
 2897 * Use the new enginefacade from oslo.db
 2898 * Updated from global requirements
 2899 * Fix incorrect assumption when deleting assignments
 2900 * Remove migration\_helpers.get\_default\_domain
 2901 * db\_sync doesn't create default domain
 2902 * Implied roles index with cascading delete
 2903 * Fix project-related forbidden response messages
 2904 * Fixes a bug when setting a user's password to null
 2905 * Renamed TOTP passcode generation function
 2906 * Updates TOTP release note
 2907 * Simplify use of secure\_proxy\_ssl\_header
 2908 * Shadow users - Separate user identities
 2909 * Switch to configless bandit
 2910 * Parameter to return audit ids only in revocation list
 2911 * Add tests for fetching the revocation list
 2912 * Updating sample configuration file
 2913 * Deprecate logger.WritableLogger
 2914 * Removing H405 violations from keystone
 2915 * Updated from global requirements
 2916 * Updated from global requirements
 2917 * Updating sample configuration file
 2918 * Remove useless {} from \_\_table\_args\_\_
 2919 * Time-based One-time Password
 2920 * Fix inconsistencies between Oauth1DriverV8 interface and driver
 2921 * Oauth1 manager sets consumer secret
 2922 * Remove setting class variable
 2923 * Allow user list without specifying domain
 2924 * Adds user\_description\_attribute mapping support to the LDAP backend
 2925 * encode user id for notifications
 2926 * Add back a bandit tox job
 2927 * Enable support for posixGroups in LDAP
 2928 * Add is\_domain filter to v3 list\_projects
 2929 * Add tests in preparation of projects acting as a domain
 2930 * Avoid using \`len(x)\` to check if x is empty
 2931 * Use the driver to get limits
 2932 * Fallback to list\_limit from default config
 2933 * Add list\_limit to the white list for configs in db
 2934 * Updating sample configuration file
 2935 * handle unicode names for federated users
 2936 * Verify project unique constraints for projects acting as domains
 2937 * wsgi: fix base\_url finding
 2938 * Disable Admin tokens set to None
 2939 * Modify rules for domain specific role assignments
 2940 * Modify implied roles to honor domain specific roles
 2941 * Modify rules in the v3 policy sample for domain specifc roles
 2942 * Re-enable and undeprecate admin\_token\_auth
 2943 * Don't describe trusts as an extension in configuration doc
 2944 * Tidy up configuration documentation for inherited assignments
 2945 * Clean up configuration documentataion on v2 user CRUD
 2946 * Allow project domain\_id to be nullable at the manager level
 2947 * Trivial: Cleanup unused conf variables
 2948 * Updating sample configuration file
 2949 * Updating sample configuration file
 2950 * Fixes parameter in duplicate project name creation
 2951 * Fix terms from patch 275706
 2952 * sensible default for secure\_proxy\_ssl\_header
 2953 * Restricting domain\_id update
 2954 * Allow project\_id in catalog substitutions
 2955 * Avoid \`None\` as a redundant argument to dict.get()
 2956 * Avoid "non-Pythonic" method names
 2957 * Manager support for project cascade update
 2958 * Updating sample configuration file
 2959 * Expand implied roles in trust tokens
 2960 * add a test that uses trusts and implies roles
 2961 * Updating sample configuration file
 2962 * Convert assignment.root\_role config option to list of strings
 2963 * Avoid wrong deletion of domain assignments
 2964 * Manager support for project cascade delete
 2965 * AuthContextMiddleware admin token handling
 2966 * Deprecate admin\_token\_auth
 2967 * Adds better logging to the domain config finder
 2968 * Extracts logic for finding domain configs
 2969 * Fix nits from domain specific roles CRUD support
 2970 * Change get\_project permission
 2971 * Updated from global requirements
 2972 * Enables token\_data\_helper tests for Python3
 2973 * Stop using nose as a Python3 test runner
 2974 * Fix release note of removal of v2.0 trusts support
 2975 * Remove PostParams middleware
 2976 * Updated from global requirements
 2977 * Moves policy setup into a fixture
 2978 * Make pep8 \*the\* linting interface
 2979 * Added tokenless auth headers to CORS middleware
 2980 * Add backend support for deleting a projects list
 2981 * Make fernet work with oauth1 authentication
 2982 * Consolidate the fernet provider validate\_v2\_token()
 2983 * Remove support for trusts in v2.0
 2984 * Add CRUD support for domain specific roles
 2985 * Added CORS support to Keystone
 2986 * Deprecate Saml2 auth plugin
 2987 * Uses open context manager for templated catalogs
 2988 * Disable the ipv6 tests in py34
 2989 * Missing 'region' in service and 'name' in endpoint for EndpointFilterCatalog
 2990 * Small typos on the ldap.url config option help
 2991 * Replace exit() with sys.exit()
 2992 * include sample config file in docs
 2993 * Fixes a language issue in a release note
 2994 * Imported Translations from Zanata
 2995 * Updated from global requirements
 2996 * Support multiple URLs for LDAP server
 2997 * Set deprecated\_reason on deprecated config options
 2998 * Move user and admin crud to core
 2999 * squash migrations - kilo
 3000 * Adds validation negative unit tests
 3001 * Use oslo.log specified method to set log levels
 3002 * Add RENO update for simple\_cert\_extension deprecation
 3003 * Opt-out certain Keystone Notifications
 3004 * Update the home page
 3005 * Release notes for implied roles
 3006 * deprecate pki\_setup from keystone-manage
 3007 * test\_credential.py work with python34
 3008 * Consolidate \`test\_contrib\_ec2.py\` into \`test\_credential.py\`
 3009 * Reinitialize the policy engine where it is needed
 3010 * Provide an error message if downgrading schema
 3011 * Updated from global requirements
 3012 * Consolidate the fernet provider issue\_v2\_token()
 3013 * Consolidate the fernet provider validate\_v3\_token()
 3014 * Add tests for role management with v3policy file
 3015 * Fix some word spellings
 3016 * Make WebSSO trusted\_dashboard hostname case-insensitive
 3017 * Deprecate simple\_cert extension
 3018 * Do not assign admin to service users
 3019 * Add in TRACE logging for the manager
 3020 * Add schema for OAuth1 consumer API
 3021 * Correct docstrings
 3022 * Remove un-used test code
 3023 * Raise more precise exception on keyword mapping errors
 3024 * Allow '\_' character in mapping\_id value
 3025 * Implied Roles API
 3026 * Revert "Unit test for checking cross-version migrations compatibility"
 3027 * replace tenant with project in cli.py
 3028 * Fix schema validation to use JSONSchema for empty entity
 3029 * Replace tenant for project in resource files
 3030 * Reuse project scoped token check for trusts
 3031 * Add checks for project scoped data creep to tests
 3032 * Add checks for domain scoped data creep
 3033 * Use the oslo.utils.reflection to extract the class name
 3034 * Test hyphens instead of underscores in request attributes
 3035 * Simplify admin\_required policy
 3036 * Add caching to role assignments
 3037 * Enable bandit tests
 3038 * Update bandit.yaml
 3039 * Enhance manager list\_role\_assignments to support group listing
 3040 * remove KVS backend for keystone.contrib.revoke
 3041 * Fix trust redelegation and associated test
 3042 * use self.skipTest instead of self.skip
 3043 * Removed deprecated revoke KVS backend
 3044 * Revert "skip test\_get\_token\_id\_error\_handling to get gate passing"
 3045 * Updated from global requirements
 3046 * Updated from global requirements
 3047 * skip test\_get\_token\_id\_error\_handling to get gate passing
 3048 * Ensure pycadf initiator IDs are UUID
 3049 * Check for circular references when expanding implied roles
 3050 * Improves domain name case sensitivity tests
 3051 * Fixes style issues in a v2 controller tests
 3052 * Prevents creating is\_domain=True projects in v2
 3053 * Refactors validation tests to better see the cases
 3054 * Remove keystone/common/cache/\_memcache\_pool.py
 3055 * Update mod\_wsgi + cache config docs
 3056 * Address comments from Implied Role manager patch
 3057 * Fix nits in include names patch
 3058 * Unit test for checking cross-version migrations compatibility
 3059 * Online schema migration documentation
 3060 * Updated from global requirements
 3061 * Remove additional references to ldap role attribs
 3062 * Remove duplicate LDAP test class
 3063 * Remove more ldap project references
 3064 
 3065 9.0.0.0b2
 3066 ---------
 3067 
 3068 * Add testcases to check cache invalidation
 3069 * Fix typo abstact in comments
 3070 * deprecate write support for identity LDAP
 3071 * Deprecate \`hash\_algorithm\` config option
 3072 * Mark memcache and memcache\_pool token deprecated
 3073 * List assignments with names
 3074 * Remove LDAP Role Backend
 3075 * Remove LDAP Resource and LDAP Assignment backends
 3076 * Removes KVS catalog backend
 3077 * Fix docstring
 3078 * Strengthen Mapping Validation in Federation Mappings
 3079 * Add checks for token data creep using jsonschema
 3080 * Deprecating API v2.0
 3081 * Implied roles driver and manager
 3082 * Add support for strict url safe option on new projects and domains
 3083 * Remove bandit tox environment
 3084 * Add linters environment, keep pep8 as alias
 3085 * Make sure the assignment creation use the right arguments
 3086 * Fix indentation for oauth context
 3087 * Imported Translations from Zanata
 3088 * document the bootstrapping process
 3089 * Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10
 3090 * Updated from global requirements
 3091 * Enable \`id\`, \`enabled\` attributes filtering for list IdP API
 3092 * Improve Conflict error message in IdP creation
 3093 * Fedora link is too old and so updated with newer version
 3094 * Support the reading of default values of domain configuration options
 3095 * Correct docstrings for federation driver interface
 3096 * Update v3policysample tests to use admin\_project not special domain\_id
 3097 * Enable limiting in ldap for groups
 3098 * Enable limiting in ldap for users
 3099 * Doc FIX
 3100 * Store config in drivers and use it to get list\_limit
 3101 * Add asserts for service providers
 3102 * Fix incorrect signature in federation legacy V8 wrapper
 3103 * Tidy up release notes for V9 drivers
 3104 * Adds an explicit utils import in test\_v3\_protection.py
 3105 * Refactor test auth\_plugin config into fixture
 3106 * Create V9 version of resource driver interface
 3107 * Updated from global requirements
 3108 * Separate trust crud tests from trust auth tests
 3109 * Delete checks for default domain delete
 3110 * correct help text for bootstrap command
 3111 * Replace unicode with six.text\_type
 3112 * Escape DN in enabled query
 3113 * Test enabled emulation with special user\_tree\_dn
 3114 * SQL migrations for implied roles
 3115 * Revert "Validate domain ownership for v2 tokens"
 3116 * Use assertIn to check if collection contains value
 3117 * Updated from global requirements
 3118 * Perform middleware tests with webtest
 3119 * De-duplicate fernet payload tests
 3120 * Reference driver methods through the Manager
 3121 * Fix users in group and groups for user exact filters
 3122 * Expose defect in users\_in\_group, groups\_for\_user exact filters
 3123 * Replace deprecated library function os.popen() with subprocess
 3124 * OAuth1 driver doesnt inherit its interface
 3125 * Update man pages with Mitaka version and dates
 3126 * Fixes hacking logger test cases to use same base
 3127 * Adds a hacking check looking for Logger.warn usage
 3128 * Change LOG.warn to LOG.warning
 3129 * Remove redundant check after enforcing schema validation
 3130 * Updating sample configuration file
 3131 * Create V9 version of federation driver interface
 3132 * Do not use \_\_builtin\_\_ in python3
 3133 * Define paste entrypoints
 3134 * Add schema for federation protocol
 3135 * Expose method list inconsistency in federation api
 3136 * remove irrelevant parenthesis
 3137 * Add return value
 3138 * Test: make enforce\_type=True in CONF.set\_override
 3139 * Updated from global requirements
 3140 * Add schema for identity provider
 3141 * Updating sample configuration file
 3142 * Use six.moves.reload\_module instead of builtin reload
 3143 * Fix the incompatible issue in response header
 3144 * Wrong usage of "an"
 3145 * Correct fernet provider reference
 3146 * Correct DN/encoding in test
 3147 * Support url safe restriction on new projects and domains
 3148 * Correct the class name of the V9 LDAP role driver
 3149 * Wrong usage of "a/an"
 3150 * Trival: Remove unused logging import
 3151 * Updating sample configuration file
 3152 * Fix pep8 job
 3153 * Fix some inconsistency in docstrings
 3154 * Fix 500 error when no fernet token is passed
 3155 * Cleanup tox.ini py34 test list
 3156 * Fixes kvs cache key mangling issue for Py3
 3157 * Some small improvements on fernet uuid handling
 3158 * Updated from global requirements
 3159 * Updating sample configuration file
 3160 * Fix key\_repository\_signature method for python3
 3161 * Add audit IDs to revocation events
 3162 * Enable os\_inherit of Keystone v3 API
 3163 * Use pip (and DevStack) instead of setuptools in docs
 3164 * Correct developer documentation on venv creation
 3165 * Updating sample configuration file
 3166 * Updated from global requirements
 3167 * Validate domain for DB-based domain config. CRUD
 3168 * fix up release notes, file deprecations under right title
 3169 * Updated Cloudsample
 3170 * Update \`developing.rst\` to remove extensions stuff
 3171 * Verify that user is trustee only on issuing token
 3172 * Adds a base class for functional tests
 3173 * Make \`bootstrap\` idempotent
 3174 * Add \`keystone-manage bootstrap\` command
 3175 * Changed the key repo validation to allow read only
 3176 * Deprecated tox -downloadcache option removed
 3177 * Fix defect in list\_user\_ids that only lists direct user assignments
 3178 * Show defect in list\_user\_ids that only lists direct user assignments
 3179 * Add API route for list role assignments for tree
 3180 * Use list\_role\_assignments to get projects/domains for user
 3181 * Add \`type' filter for list\_credentials\_for\_user
 3182 * Clean up new\_credential\_ref usage and surrounding code
 3183 * Create neutron service in sample\_data.sh
 3184 * Updating sample configuration file
 3185 * Updated from global requirements
 3186 * Limiting for fake LDAP
 3187 * Make @truncated common for all backends
 3188 * Fix exposition of bug about limiting with ldap
 3189 * Use assertDictEqual instead of assertEqualPolicies
 3190 * refactor: Remove unused test method
 3191 * Remove unfixable FIXME
 3192 * Use new\_policy\_ref consistently
 3193 * fix reuse of variables
 3194 * Remove comments on enforcing endpoints for trust
 3195 * refactor: move the common code to manager layer
 3196 * Create V9 Role Driver
 3197 * Create new version of assignment driver interface
 3198 * Remove keystoneclient tests
 3199 * Verify that attribute \`enabled\` equals True
 3200 * Remove invalid comment about LDAP domain support
 3201 * Pass dict into update() rather than \*\*kwargs
 3202 * Refactor test use of new\_\*\_ref
 3203 * Cleans up code for \`is\_admin\` in tokens
 3204 * Deprecate ldap Role
 3205 * Update extensions links
 3206 * Improve comments in test\_catalog
 3207 * Fix for GET project by project admin
 3208 * Fix multiline strings with missing spaces
 3209 * Updating sample configuration file
 3210 * Remove invalid TODO in extensions
 3211 * Updated from global requirements
 3212 * Refactor: Remove use of self where not needed
 3213 * Refactor: Move uncommon entities from setUp
 3214 * Split resource tests from assignment tests
 3215 * Remove invalid TODO related to bug 1265071
 3216 * Fix test\_crud\_user\_project\_role\_grants
 3217 * Deprecate the pki and pkiz token providers
 3218 * Remove invalid FIXME note
 3219 * Refactor: Use Federation constants where possible
 3220 * Remove exposure of routers at package level
 3221 * Update API version info for Liberty
 3222 * remove version from setup.cfg
 3223 * Ensure endpoints returned is filtered correctly
 3224 * Put py34 first in the env order of tox
 3225 
 3226 9.0.0.0b1
 3227 ---------
 3228 
 3229 * Add release notes for mitaka-1
 3230 * set \`is\_admin\` on tokens for admin project
 3231 * Use unit.new\_project\_ref consistently
 3232 * Reference environment close to use
 3233 * refactor: move variable to where it's needed
 3234 * Needn't care about the sequence for cache validation
 3235 * Updated from global requirements
 3236 * Fix a typo in notifications function doc
 3237 * Remove RequestBodySizeLimiter from middleware
 3238 * Optimize "open" method with context manager
 3239 * eventlet: handle system that misses TCP\_KEEPIDLE
 3240 * force releasenotes warnings to be treated as errors
 3241 * Cleanup region refs
 3242 * Remove \`extras\` from token data
 3243 * Use subprocess.check\_output instead of Popen
 3244 * Remove deprecated notification event\_type
 3245 * Remove check\_role\_for\_trust
 3246 * Correct RoleNotFound usage
 3247 * Remove example extension
 3248 * Updating sample configuration file
 3249 * Correct docstring warnings
 3250 * Using the right format to render the docstring correctly
 3251 * Add release notes for mitaka thus far
 3252 * Accepts Group IDs from the IdP without domain
 3253 * Cleanup use of service refs
 3254 * Update docs for legacy keystone extensions
 3255 * Correct SecurityError with unicode args
 3256 * Updated from global requirements
 3257 * Use idp\_id and protocol\_id in jsonhome
 3258 * Use standard credential\_id parameter in jsonhome
 3259 * Remove core module from the legacy endpoint\_filter extension
 3260 * Minor cleanups for usage of group refs
 3261 * Reject user creation using admin token without domain
 3262 * Add Trusts unique constraint to remove duplicates
 3263 * deprecate \`enabled\` option for endpoint-policy extension
 3264 * remove useless config option in endpoint filter
 3265 * Use [] where a field is required
 3266 * Manager support for projects acting as domains
 3267 * Config option for insecure responses
 3268 * Add missing colon separators to inline comments
 3269 * Simplify LimitTests
 3270 * Rationalize list role assignment routing
 3271 * Enable listing of role assignments in a project hierarchy
 3272 * Capital letters
 3273 * remove use of magic numbers in sql migrate extension tests
 3274 * Use new\_trust\_ref consistently
 3275 * Updating sample configuration file
 3276 * Move endpoint\_filter migrations into keystone core
 3277 * Move endpoint filter into keystone core
 3278 * Move revoke sql migrations to common
 3279 * Move revoke extension into core
 3280 * Move oauth1 sql migrations to common
 3281 * Move oauth1 extension into core
 3282 * Move federation sql migrations to common
 3283 * Move federation extension into keystone core
 3284 * Fix string conversion in s3 handler for python 2
 3285 * Fix inaccurate debug mode response
 3286 * Use unit.new\_user\_ref consistently
 3287 * Imported Translations from Zanata
 3288 * Updated from global requirements
 3289 * Add testcases to check cache invalidation in endpoint filter extension
 3290 * Fix the wrong method name
 3291 * Updating sample configuration file
 3292 * change some punctuation marks
 3293 * Updated from global requirements
 3294 * Remove hardcoded LDAP group schema from emulated enabled mix-in
 3295 * Exclude old Shibboleth options from docs
 3296 * Updated from global requirements
 3297 * Use new\_domain\_ref instead of manually created ref
 3298 * Use new\_region\_ref instead of manually created dict
 3299 * Document release notes process
 3300 * Use new\_service\_ref instead of manually created dict
 3301 * Use unit.new\_group\_ref consistently
 3302 * Use unit.new\_role\_ref consistently
 3303 * Use unit.new\_domain\_ref consistently
 3304 * Use unit.new\_region\_ref() consistently
 3305 * Use unit.new\_service\_ref() consistently
 3306 * Move AuthContext middleware into its own file
 3307 * Use unit.new\_endpoint\_ref consistently
 3308 * Use list\_role\_assignments to get assignments by role\_id
 3309 * Pass kwargs when using revoke\_api.list\_events()
 3310 * Add reno for release notes management
 3311 * Make K2K Mapping Attribute Examples more visible
 3312 * Add S3 signature v4 checking
 3313 * Fix some nits inside validation/config.py
 3314 * Add Mapping Combinations for Keystone to Keystone Federation
 3315 * Remove manager-driver assignment metadata construct
 3316 * Correct description in Keystone key\_terms
 3317 * Imported Translations from Zanata
 3318 * Handle fernet payload timestamp differences
 3319 * Fix fernet padding for python 3
 3320 * More useful message when using direct driver import
 3321 * Get user role without project id is not implemented
 3322 * Update sample catalog templates
 3323 * update mailmap with gyee's new email
 3324 * Revert "Added CORS support to Keystone"
 3325 * Updated from global requirements
 3326 * test\_backend\_sql work with python34
 3327 * Use assertTrue/False instead of assertEqual(T/F)
 3328 * Fix the issues found with local conf
 3329 * Add test for security error with no message
 3330 * Add exception unit tests with different message types
 3331 * Cleanup message handling in test\_exception
 3332 * Normalize fernet payload disassembly
 3333 * Common arguments for fernet payloads assembly
 3334 * Capitalize a Few Words
 3335 * I18n safe exceptions
 3336 * Keystone Spelling Errors in docstrings and comments
 3337 * [rally] remove deprecated arg
 3338 * Move endpoint\_policy migrations into keystone core
 3339 * Promote an arbitrary string to be a docstring
 3340 * Fix D204: blank line required after class docstring (PEP257)
 3341 * Fix D202: No blank lines after function docstring (PEP257)
 3342 * Update Configuring Keystone doc for consistency
 3343 * Comment spelling error in assignment.core file
 3344 * Fix exceptions to use correct titles
 3345 * Fix UnexpectedError exceptions to use debug\_message\_format
 3346 * Fix punctuation in doc strings
 3347 * Fix docstring
 3348 * Updating sample configuration file
 3349 * Explain default domain in docs for other services
 3350 * Correct bashate issues in gen\_pki.sh
 3351 * Fix incorrect federated mapping example
 3352 * change stackforge url to openstack url
 3353 * Updated from global requirements
 3354 * Adds already passing tests to py34 run
 3355 * Wrong usage of "an"
 3356 * Allow the PBR\_VERSION env to pass through tox
 3357 * Fix D200: 1 line docstrings should fit with quotes (PEP257)
 3358 * Fix D210: No whitespaces allowed surrounding docstring text (PEP257)
 3359 * Fix D300: Use """triple double quotes""" (PEP257)
 3360 * Fix D402: First line should not be the function's "signature" (PEP257)
 3361 * Fix D208: Docstring over indented. (PEP257)
 3362 * Add docstring validation
 3363 * Add caching to get\_catalog
 3364 * Fix fernet key writing for python 3
 3365 * Update test modules passing on py34
 3366 * Updated from global requirements
 3367 * Forbid non-stripped endpoint urls
 3368 * fix deprecation warnings in cache backends
 3369 * Create tests for set\_default\_is\_domain in LDAP
 3370 * Enable try\_except\_pass Bandit test
 3371 * Enable subprocess\_without\_shell\_equals\_true Bandit test
 3372 * Correct typo in copyright
 3373 * Updated from global requirements
 3374 * switch to oslo.cache
 3375 * Updating sample configuration file
 3376 * Updated from global requirements
 3377 * keystone-paste.ini docs for deployers are out of date
 3378 * Correct the filename
 3379 * More info in RequestContext
 3380 * Fix some nits in \`configure\_federation.rst\`
 3381 * add placeholder migrations for liberty
 3382 * Remove bas64utils and tests
 3383 * Create a version package
 3384 * Remove oslo.policy implementation tests from keystone
 3385 * Refactor: Don't hard code 409 Conflict error codes
 3386 * Fix use of TokenNotFound
 3387 * Refactor: change 403 status codes in test names
 3388 * Refactor: change 410 status codes in test names
 3389 * Refactor: change 400 status codes in test names
 3390 * Refactor: change 404 status codes in test names
 3391 * Updated from global requirements
 3392 * Imported Translations from Zanata
 3393 * add initiator to v2 calls for additional auditing
 3394 * Fixed missed translatable string inside exception
 3395 * Handle 16-char non-uuid user IDs in payload
 3396 * Additional documentation for services
 3397 * Rename fernet methods to match expiration timestamp
 3398 * Updated from global requirements
 3399 * Enable password\_config\_option\_not\_marked\_secret Bandit test
 3400 * Enable hardcoded\_bind\_all\_interfaces Bandit test
 3401 * Documentation for other services
 3402 * Reclassify get\_project\_by\_name() controller method
 3403 * Trivial fix of some typos found
 3404 * Filters is\_domain=True in v2 get\_project\_by\_name
 3405 * Add test case passing is\_domain flag as False
 3406 
 3407 8.0.0
 3408 -----
 3409 
 3410 * Ensure token validation works irrespective of padding
 3411 * Ensure token validation works irrespective of padding
 3412 * Imported Translations from Zanata
 3413 * Rename RestfulTestCase.v3\_authenticate\_token() to v3\_create\_token()
 3414 * Improving domain\_id update tests
 3415 * Show v3 endpoints in v2 endpoint list
 3416 * Expose 1501698 bug
 3417 * Replace sqlalchemy-migrate occurences from code.google to github
 3418 * Fix unreachable code in test\_v3 module
 3419 * Imported Translations from Zanata
 3420 * Use deepcopy of mapping fixtures in tests
 3421 * Show v3 endpoints in v2 endpoint list
 3422 * Enable Bandit 0.13.2 tests
 3423 * Update bandit blacklist\_imports config
 3424 * Cleanup \_build\_federated\_info
 3425 * Add LimitRequestBody to sample httpd config
 3426 * Make \_\_all\_\_ immutable
 3427 * Skip rows with empty remote\_ids
 3428 * Includes server\_default option in is\_domain column
 3429 * Remove unused get\_user\_projects()
 3430 * Deprecate httpd/keystone.py
 3431 * Skip rows with empty remote\_ids
 3432 * Fix order of arguments in assertDictEqual
 3433 * Cleanup fernet validate\_v3\_token
 3434 * Update bandit blacklist\_calls config
 3435 * Add unit test for creating RequestContext
 3436 * Add user\_domain\_id, project\_domain\_id to auth context
 3437 * Add user domain info to federated fernet tokens
 3438 * Unit tests for fernet validate\_v3\_token
 3439 * Fix order of arguments in assertEqual
 3440 * Updating sample configuration file
 3441 * Cleanup of Translations
 3442 * Imported Translations from Zanata
 3443 * Uses constants for 5XX http status codes in tests
 3444 * Fixes v3\_authenticate\_token calls - no default
 3445 * Fixes the way v3\_admin is called to match its def
 3446 * Declares expected\_status in method signatures
 3447 * Refactor: Don't hard code the error code
 3448 * Correct docstrings
 3449 * Correct comment to not be driver-specific
 3450 * Move development environment setup instructions to standard location
 3451 * Fix typo in config help
 3452 * Use the correct import for range
 3453 * Adds interface tests for timeutils
 3454 * Add unit tests for token\_to\_auth\_context
 3455 * Updating sample configuration file
 3456 
 3457 8.0.0.0rc1
 3458 ----------
 3459 
 3460 * Open Mitaka development
 3461 * Bring bandit config up-to-date
 3462 * Update the examples used for the trusted\_dashboard option
 3463 * Log message when debug is enabled
 3464 * Clean up bandit profiles
 3465 * federation.idp use correct subprocess
 3466 * Change ignore-errors to ignore\_errors
 3467 * Imported Translations from Zanata
 3468 * Remove unused code in domain config checking
 3469 * Relax newly imposed sql driver restriction for domain config
 3470 * Add documentation for configuring IdP WebSSO
 3471 * Updated from global requirements
 3472 * check if tokenless auth is configured before validating
 3473 * Fix the referred [app:app\_v3] into [pipeline:api\_v3]
 3474 * Updated from global requirements
 3475 * Issue deprecation warning if domain\_id not specified in create call
 3476 * functional tests for keystone on subpaths
 3477 * Removed the extra http:// from JSON schema link
 3478 * Document httpd for accept on /identity, /identity\_admin
 3479 * Updated from global requirements
 3480 * Update federation router with missing call
 3481 * Reject rule if assertion type unset
 3482 * Update man pages with liberty version and dates
 3483 * Refactor: Don't hard code the error code
 3484 * Move TestClient to test\_versions
 3485 * Use oslo.log fixture
 3486 * Update apache-httpd.rst
 3487 * Updated from global requirements
 3488 * Remove padding from Fernet tokens
 3489 * Imported Translations from Transifex
 3490 * Updated from global requirements
 3491 * Fixed typos in 'developing\_drivers' doc
 3492 * Stop using deprecated keystoneclient function
 3493 * Change tests to use common name for keystone.tests.unit
 3494 * Removes py3 test import hacks
 3495 * Updating sample configuration file
 3496 * Fixes confusing deprecation message
 3497 
 3498 8.0.0.0b3
 3499 ---------
 3500 
 3501 * Add methods for checking scoped tokens
 3502 * Build oslo.context RequestContext
 3503 * Correct docstring for common.authorization
 3504 * Deprecate LDAP Resource Backend
 3505 * Added CORS support to Keystone
 3506 * List credentials by type
 3507 * Fixes a typo in a comment
 3508 * Tokenless authz with X.509 SSL client certificate
 3509 * Support project hierarchies in data driver tests
 3510 * Stable Keystone Driver Interfaces
 3511 * Initial support for versioned driver classes
 3512 * Add federated auth for idp specific websso
 3513 * Adds caching to paste deploy's egg lookup
 3514 * Fix grammar in doc string
 3515 * Test list\_role\_assignment in standard inheritance tests
 3516 * Broaden domain-group testing of list\_role\_assignments
 3517 * Add support for group membership to data driven assignment tests
 3518 * Add support for effective & inherited mode in data driven tests
 3519 * Add support for data-driven backend assignment testing
 3520 * Updated from global requirements
 3521 * Change JSON Home for OS-FEDERATION to use /auth/projects|domains
 3522 * Unit tests for is\_domain field in project's table
 3523 * Group tox optional dependencies
 3524 * Provide new\_xyz\_ref functions in tests.core
 3525 * Refactor mapping rule engine tests to not create servers
 3526 * Updating sample configuration file
 3527 * Correct docstrings in resource/core.py
 3528 * Validate Mapped User object
 3529 * Set max on max\_password\_length to passlib max
 3530 * Simplify federated\_domain\_name processing
 3531 * Get method's class name in a python3-compatible way
 3532 * Stop reading local config for domain-specific SQL config driver
 3533 * Enforce .config\_overrides is called exactly once
 3534 * Use /auth/projects in tests
 3535 * Remove keystone/openstack/\* from coveragerc
 3536 * Rationalize unfiltered list role assignment test
 3537 * Change mongodb extras to lowercase
 3538 * Refactor: Provider.\_rebuild\_federated\_info()
 3539 * Refactor: rename Fernet's unscoped federated payload
 3540 * Fernet payloads for federated scoped tokens
 3541 * No More .reload\_backends() or .reload\_backend()
 3542 * Ensure ephemeral user's user\_id is url-safe
 3543 * Use min and max on IntOpt option types
 3544 * Adds a notification testcase for unbound methods
 3545 * Do not revoke all of a user's tokens when a role assignment is deleted
 3546 * Handle tokens created and quickly revoked with insufficient timestamp precision
 3547 * Show that unscoped tokens are revoked when deleting role assignments
 3548 * Prevent exception due to missing id of LDAP entity
 3549 * Expose exception due to missing id of LDAP entity
 3550 * Add testcase to test invalid region id in request
 3551 * Add region\_id filter for List Endpoints API
 3552 * Remove references to keystone.openstack.common
 3553 * Remove all traces of oslo incubator
 3554 * Updating sample configuration file
 3555 * Test v2 tokens being deleted by v3
 3556 * Use entrypoints for paste middleware and apps
 3557 * update links in http-api to point to specs repo
 3558 * Add necessary executable permission
 3559 * Refactor: use fixtures.TempDir more
 3560 * Add is\_domain field in Project Table
 3561 * Prevent exception for invalidly encoded parameters
 3562 * Extras for bandit
 3563 * Use extras for memcache and MongoDB packages
 3564 * Use wsgi\_scripts to create admin and public httpd files
 3565 * Update Httpd configuration docs for sites-available/enabled
 3566 * Remove unnecessary check
 3567 * Update 'doc/source/setup.rst'
 3568 * Remove unnecessary load\_backends from TestKeystoneTokenModel
 3569 * Updated from global requirements
 3570 * Imported Translations from Transifex
 3571 * Updated from global requirements
 3572 * Show helpful message when request body is not provided
 3573 * Fix logging in federation/idp.py
 3574 * Enhance tests for saml2 signing exception logging
 3575 * Remove deprecated methods from assignment.Manager
 3576 * Stop using deprecated assignment manager methods
 3577 * EndpointFilter driver doesnt inherit its interface
 3578 * Hardens the validated decorator's implementation
 3579 * Updating sample configuration file
 3580 * Simplify rule in sample v3 policy file
 3581 * Improve a few random docstrings
 3582 * Maintain datatypes when loading configs from DB
 3583 * Remove "tenants" from user\_attribute\_ignore default
 3584 * Use oslo\_config PortOpt support
 3585 * Updated from global requirements
 3586 * Updated from global requirements
 3587 * Fix the misspelling
 3588 * When validating a V3 token as V2, use the v3\_to\_v2 conversion
 3589 * Do not require the token\_id for converting v3 to v2 tokens
 3590 * Maintain the expiry of v2 fernet tokens
 3591 * Fix typo in doc-string
 3592 * Validate domain ownership for v2 tokens
 3593 * Fix docstring in mapped plugin
 3594 * Updated from global requirements
 3595 * Minor grammar fixes to connection pooling section
 3596 * Creates a fixture representing as LDAP database
 3597 * Sample config help for supplied drivers
 3598 * Improve List Role Assignments Filters Performance
 3599 * Update docs for stevedore drivers
 3600 * Fixes an incorrect docstring in notifications
 3601 * Stop calling deprecated assignment manager methods
 3602 * Updated from global requirements
 3603 * Updating sample configuration file
 3604 * Adds backend check to setup of LDAP tests
 3605 * Improve a few random docstrings (H405)
 3606 * Remove excessive transformation to list
 3607 * Stop calling deprecated assignment manager methods
 3608 * Remove reference of old endpoint\_policy in paste file
 3609 * Fernet 'expires' value loses 'ms' after validation
 3610 * Correct enabled emulation query to request no attributes
 3611 * NotificationsTestCase running in isolation
 3612 * Adds/updates notifications test cases
 3613 * Fix duplicate-key pylint issue
 3614 * Fix explicit line joining with backslash
 3615 * Fixes an issue with data ordering in the tests
 3616 * Imported Translations from Transifex
 3617 * Allow Domain Admin to get domain details
 3618 * Assignment driver cleaning
 3619 * Cleanup tearDown in unit tests
 3620 * Fix unbound error in federation \_sign\_assertion
 3621 * Fix typos of RoleAssignmentV3.\_format\_entity doc
 3622 * Updating sample configuration file
 3623 * Updated from global requirements
 3624 * Remove unnecessary check from notifications.py
 3625 * Remove oslo import hacking check
 3626 * Use dict.items() rather than six.iteritems()
 3627 * Cleanup use of iteritems
 3628 * Imported Translations from Transifex
 3629 * Missing ADMIN\_USER in sample\_data.sh
 3630 * Update exported variables for openstack client
 3631 * Use extras for ldap dependencies
 3632 * Add better user feedback when bind is not implemented
 3633 * Test to ensure fernet key rotation results in new key sets
 3634 * Better error message when unable to map user
 3635 * Refactor \_populate\_roles\_for\_groups()
 3636 * Add groups in scoped federated tokens
 3637 * Adds missing list\_endpoints tests
 3638 * Reject create endpoint with invalid urls
 3639 * Explain the "or None" on eventlet's client\_socket\_timeout
 3640 * Reduce number of Fernet log messages
 3641 * Fix test\_admin to expect admin endpoint
 3642 * Fixes a docstring to reflect actual return values
 3643 * Give some message when an invalid token is in use
 3644 
 3645 8.0.0.0b2
 3646 ---------
 3647 
 3648 * Updated from global requirements
 3649 * Ensure database options registered for tests
 3650 * Document sample config updated automatically
 3651 * Test function call result, not function object
 3652 * Test admin app in test\_admin\_version\_v3
 3653 * Updating sample configuration file
 3654 * Handle non-numeric files in key\_repository
 3655 * Fix remaining mention of KLWT
 3656 * Updated from global requirements
 3657 * Replace 401 to 404 when token is invalid
 3658 * Assign different values to public and admin ports
 3659 * Fix four typos and Add one space on keystone document
 3660 * Reuse token\_ref fetched in AuthContextMiddleware
 3661 * Refactor: clean up TokenAPITests
 3662 * pemutils isn't used anymore
 3663 * Imported Translations from Transifex
 3664 * Fix test\_exception.py for py34
 3665 * Fix s3.core for py34
 3666 * Updating sample configuration file
 3667 * Fix test\_utils for py34
 3668 * test\_base64utils works with py34
 3669 * Minor fix in the \`configuration.rst\`
 3670 * Correct spacing in \`\`mapping\_combinations.rst\`\`
 3671 * add federation docs for mod\_auth\_mellon
 3672 * Avoid the hard coding of admin token
 3673 * Adding Documentation for Mapping Combinations
 3674 * Clean up docs before creating new ones
 3675 * Document policy target for operation
 3676 * Fix docs in federation.routers
 3677 * Fix docstrings in contrib
 3678 * Additional Fernet test coverage
 3679 * Refactor websso \`\`origin\`\` validation
 3680 * Docs link to ACTIONS
 3681 * Clean up code to use .items()
 3682 * Document default value for tree\_dn options
 3683 * Remove unnecessary ldap imports
 3684 * Move backends.py to keystone.server
 3685 * move clean.py into keystone/common
 3686 * Updated from global requirements
 3687 * Remove unnecessary executable permission
 3688 * Move cli.py into keystone.cmd
 3689 * Do not remove expired revocation events on "get"
 3690 * Clean up notifications type checking
 3691 * Federation API provides method to evaluate rules
 3692 * Move constants out of federation.core
 3693 * Implement backend filtering on membership queries
 3694 * Moves keystone.hacking into keystone.tests
 3695 * Add missing "raise" when throwing exception
 3696 * Log xmlsec1 output if it fails
 3697 * Fix test method examining scoped federation tokens
 3698 * Spelling correction
 3699 * Fixes grammar in setup.rst in doc source
 3700 * Updated from global requirements
 3701 * Deprecate LDAP assignment driver options
 3702 * Register fatal\_deprecations before use
 3703 * Use oslo.utils instead of home brewed tempfile
 3704 * Updating sample configuration file
 3705 * Add testcases for list\_role\_assignments of v3 domains
 3706 * Centralizing build\_role\_assignment\_\* functions
 3707 * Replace reference of ksc with osc
 3708 * Updated from global requirements
 3709 * Changing exception type to ValidationError instead of Forbidden
 3710 * Standardize documentation at Service Managers
 3711 * Fixes grammar in the httpd README
 3712 * Fix the incorrect format for docstring
 3713 * Imported Translations from Transifex
 3714 * Fixes docstring to make it more precise
 3715 * Removed optional dependency support
 3716 * Decouple notifications from DI
 3717 * Adds proper isolation to templated catalog tests
 3718 * Fix log message in one of the v3 create call methods
 3719 * Catch exception.Unauthorized when checking for admin
 3720 * Remove convert\_to\_sqlite.sh
 3721 * Fix for LDAP filter on group search by name
 3722 * Remove fileutils from oslo-incubator
 3723 * Remove comment for doc building bug 1260495
 3724 * Fix code-block in federation documentation
 3725 * Modified command used to run keystone-all
 3726 * Delete extra parentheses in assertEqual message
 3727 * Fix the invalid testcase
 3728 * Updating sample configuration file
 3729 * Add unit test for fernet provider
 3730 * Update federation docstring
 3731 * Do not specify 'objectClass' twice in LDAP filter string
 3732 * Fix tox -e py34
 3733 * Change mapping model so rules is dict
 3734 * Add test case for deleting endpoint with space in url
 3735 * Update requirements by hand
 3736 * Consolidate the fernet provider issue\_v3\_token()
 3737 * Group role revocation invalidates all user tokens
 3738 * OS-FEDERATION no longer extension in docs
 3739 * Switch from deprecated oslo\_utils.timeutils.strtime
 3740 * Remove unused setUp for RevokeTests
 3741 * Update MANIFEST.in
 3742 * Update sample config file
 3743 * Disable migration sanity check
 3744 * Updated from global requirements
 3745 * Use oslo.service ServiceBase when loading from eventlet
 3746 * Document use of wip up to developer
 3747 * Simplify fernet rotation code
 3748 * Tests for correct key removed
 3749 * Relax the formats of accepted mapping rules for keystone-manage
 3750 * Python 3: Use range instead of xrange for py3 compatibility
 3751 
 3752 8.0.0.0b1
 3753 ---------
 3754 
 3755 * Document entrypoint namespaces
 3756 * Short names for auth plugins
 3757 * Update sample configuration file
 3758 * Switch to oslo.service
 3759 * Update sample configuration file
 3760 * Remove redundant config
 3761 * Don't try to drop FK constraints for sqlite
 3762 * Remove unused requirements
 3763 * Add missing keystone-manage commands to doc
 3764 * Mask passwords in debug log on user password operations
 3765 * Add test showing password logged
 3766 * Adds some debugging statements
 3767 * Imported Translations from Transifex
 3768 * Use stevedore for auth drivers
 3769 * Refactor extract function load\_auth\_method
 3770 * Add unit test to exercise key rotation
 3771 * Fix Fernet key rotation
 3772 * Update version for Liberty
 3773 
 3774 8.0.0a0
 3775 -------
 3776 
 3777 * Refactor: move PKI-specific tests into the appropriate class
 3778 * Needn't load fernet keys twice
 3779 * Pass environment variables of proxy to tox
 3780 * Fix tests failing on slower system
 3781 * Mapping Engine CLI
 3782 * Imported Translations from Transifex
 3783 * Fix spelling in configuration comment
 3784 * Switch keystone over to oslo\_log versionutils
 3785 * Updated from global requirements
 3786 * Use lower default value for sha512\_crypt rounds
 3787 * Updated from global requirements
 3788 * Add more Rally scenarios
 3789 * Remove unnecessary dependencies from KerberosDomain
 3790 * Remove deprecated external authentication plugins
 3791 * Remove unnecessary code for default suffix
 3792 * Remove custom assertions for python2.6
 3793 * Avoid using the interactive interpreter for a one-liner
 3794 * Add validity check of 'expires\_at' in trust creation
 3795 * Revocation engine refactoring
 3796 * Updated from global requirements
 3797 * Rename directory with rally jobs files
 3798 * Fix req.environ[SCRIPT\_NAME] value
 3799 * Don't query db if criteria longer than col length
 3800 * Updated from global requirements
 3801 * Run WSGI with group=keystone
 3802 * Consolidate test-requirements files
 3803 * Switch from deprecated isotime
 3804 * Fix the wrong order of parameters when using assertEqual
 3805 * Add testcases to test DefaultDomain
 3806 * Remove the deprecated ec2 token middleware
 3807 * Replace blacklist\_functions with blacklist\_calls
 3808 * updates sample\_data script to use the new openstack commands
 3809 * Log info for Fernet tokens over 255 chars
 3810 * Update functional tox env requirements
 3811 * Update sample config file
 3812 * Correct oauth1 driver help text
 3813 * Rename driver to backend and fix the inaccurate docstring
 3814 * Add "enabled" to create service provider example
 3815 * Update testing keystone2keystone doc
 3816 * Removes unused database setup code
 3817 * Refactor: use \_\_getitem\_\_ when the key will exists
 3818 * Refactor: create the lookup object once
 3819 * Order routes so most frequent requests are first
 3820 * \`api\_curl\_examples.rst\` is out of date
 3821 * Don't assume project IDs are UUID format
 3822 * Don't assume group IDs are UUID format
 3823 * Don't fail on converting user ids to bytes
 3824 * Move endpoint policy into keystone core
 3825 * Update sample config file
 3826 * Tests don't override default auth methods/plugins
 3827 * Tests consistently use auth\_plugin\_config\_override
 3828 * Test use config\_overrides for configs
 3829 * Correct tests setting auth methods to a non-list
 3830 * Make sure LDAP filter is constructed correctly
 3831 * basestring no longer exists in Python3
 3832 * Add mocking for memcache for Python3 tests
 3833 * Fix xmldsig import
 3834 * Refactor deprecations tests
 3835 * Switch from MySQL-python to PyMySQL
 3836 * Improve websso documentation
 3837 * Remove the deprecated compute\_port option
 3838 * Workflow documentation is now in infra-manual
 3839 * Remove XML middleware stub
 3840 * Rename sample\_config to genconfig
 3841 * Imported Translations from Transifex
 3842 * Replace ci.o.o links with docs.o.o/infra
 3843 * Sync oslo-incubator cc19617
 3844 * Use single connection in get\_all function
 3845 * Removes temporary fix for doc generation
 3846 * Improve error message when tenant ID does not exist
 3847 * Updated from global requirements
 3848 * Add missing part for \`token\` object
 3849 * Remove identity\_api from AuthInfo dependencies
 3850 * Move bandit requirement to test-requirements-bandit.txt
 3851 * Adds inherited column to RoleAssignment PK
 3852 * Update dev setup requirements for Python 3.4
 3853 * Update sample config file
 3854 * Remove support for loading auth plugin by class
 3855 * Use [] where a value is required
 3856 * De-duplicate auth methods
 3857 * Remove unnecessary oauth\_api check
 3858 * Use short names for drivers
 3859 * Fixes deprecations test for Python3
 3860 * Add mocking for ldappool for Python3 tests
 3861 * Fixes a whitespace issue
 3862 * Handles modules that moved in Python3
 3863 * Handles Python3 builtin changes
 3864 * Fixes use of dict methods for Python3
 3865 * Updated from global requirements
 3866 * Replace github reference by git.openstack.org and change a doc link
 3867 * Refactor \_create\_attribute\_statement IdP method
 3868 * Revert "Loosen validation on matching trusted dashboard"
 3869 * Updated from global requirements
 3870 * Use correct LOG translation indicator for errors
 3871 * Add openstack\_user\_domain to assertion
 3872 * Pass-in domain when testing saml signing
 3873 * Fixes test nits from a previous review
 3874 * Implement validation on the Identity V3 API
 3875 * Fix tiny typo in comment message
 3876 * Updates the \*py3 requirements files
 3877 * Fixes mocking of oslo messaging for Python3
 3878 * pycadf now supports Python3
 3879 * eventlet now supports Python3
 3880 * Updated from global requirements
 3881 * Add openstack\_project\_domain to assertion
 3882 * Use stevedore for backend drivers
 3883 * Prohibit invalid ids in subtree and parents list
 3884 * Update sample config
 3885 * Fix sample policy to allow user to check own token
 3886 * Replaced filter with a list comprehension
 3887 * Ignore multiple imports per line for six.moves
 3888 * Fixes order of imports for pep8
 3889 * pep8 whitespace changes
 3890 * Remove randomness from test\_client\_socket\_timeout
 3891 * Allow wsgiref to reconstruct URIs per the WSGI spec
 3892 * Fix the misuse of \`versionutils.deprecated\`
 3893 * Updated from global requirements
 3894 * Update openid connect docs to include other distros
 3895 
 3896 2015.1.0
 3897 --------
 3898 
 3899 * Updated from global requirements
 3900 * Remove pysqlite test-requirement dependency
 3901 * Fixes tests to use the config fixture
 3902 * Isolate injection tests
 3903 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 3904 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 3905 * Fixes cyclic ref detection in project subtree
 3906 * Updated from global requirements
 3907 * Updated from global requirements
 3908 * Release Import of Translations from Transifex
 3909 * Make memcache client reusable across threads
 3910 * Imported Translations from Transifex
 3911 * Remove project association before removing endpoint group
 3912 * Loosen validation on matching trusted dashboard
 3913 * adds a tox target for functional tests
 3914 * Adds an initial functional test
 3915 * Fix the incorrect comment
 3916 * Set default branch to stable/kilo
 3917 * Remove assigned protocol before removing IdP
 3918 * Expose domain\_name in the context for policy.json
 3919 * Update developer doc to reference Ubuntu 14
 3920 * Make memcache client reusable across threads
 3921 * Update Get API version Curl example
 3922 * Remove unused policy rule for get\_trust
 3923 * backend\_argument should be marked secret
 3924 * Update man pages for the Kilo release
 3925 * make sure we properly initialize the backends before using the drivers
 3926 * WebSSO should use remote\_id\_attribute by protocol
 3927 * Work with pymongo 3.0
 3928 * Fix incorrect setting in WebSSO documentation
 3929 * Stops injecting revoke\_api into TestCase
 3930 * Checking if Trust exists should be DRY
 3931 * Use correct LOG translation indicator for warnings
 3932 * backend\_argument should be marked secret
 3933 * Fix signed\_saml2\_assertion.xml tests fixture
 3934 * Don't provide backends from \_\_all\_\_ in persistence
 3935 * Add domain\_id checking in create\_project
 3936 * Update keystone.sample.conf
 3937 * Use choices in config.py
 3938 * make sure we properly initialize the backends before using the drivers
 3939 * WebSSO should use remote\_id\_attribute by protocol
 3940 * Refactor common function for loading drivers
 3941 * Tests don't override default config with default
 3942 * Refactor MemcachedBackend to not be a Manager
 3943 * Update openstack-common reference in openstack/common/README
 3944 * Exposes bug on role assignments creation
 3945 * Removes discover from test-reqs
 3946 * Work with pymongo 3.0
 3947 
 3948 2015.1.0rc1
 3949 -----------
 3950 
 3951 * Update man pages for the Kilo release
 3952 * Add placeholders for reserved migrations
 3953 * Redundant events on group grant revocation
 3954 * Open Liberty development
 3955 * Improved policy setting in the 'v3 filter' tests
 3956 * Handle NULL value for service.extra in migration 066
 3957 * Skip SSL tests because some platforms do not enable SSLv3
 3958 * Fix the typo in \`token/providers/fernet/core.py\`
 3959 * Fix index name the assignment.actor\_id table
 3960 * Add index to the revocation\_event.revoked\_at
 3961 * Document websso setup
 3962 * Allow identity provider to be created with remote\_ids set to None
 3963 * Update testing docs
 3964 * Import fernet providers only if used in keystone-manage
 3965 * Imported Translations from Transifex
 3966 * Fix multiple SQL backend usage validation error
 3967 * Expose multiple SQL backend usage validation error
 3968 * Fix for notifications for v2 role grant/delete
 3969 * Update sample config file
 3970 * Fix errors in ec2 signature logic checking
 3971 * Don't add unformatted project-specific endpoints to catalog
 3972 * Reload drivers when their domain config is updated
 3973 * Correcting the name of directory holding dev docs
 3974 * Fixes bug in Federation list projects endpoint
 3975 * Exposes bug in Federation list projects endpoint
 3976 * Updated from global requirements
 3977 * Refactor assignment driver internal clean-up method names
 3978 * Remove unnecessary .driver. references in assignment manager
 3979 * Rename notification for create/delete grants
 3980 * Drop sql.transaction() usage in migration
 3981 * Update configuration documentation for domain config
 3982 * Fix for migration 062 on MySQL
 3983 * Bump advertised API version to 3.4
 3984 * Extract response headers to private method
 3985 * Deprecate eventlet config options
 3986 * Imported Translations from Transifex
 3987 * remove useless nocatalog tests of endpoint\_filter
 3988 * Add API to create ecp wrapped saml assertion
 3989 * Add relay\_state\_prefix to Service Provider
 3990 * Change the way values are migrated for 007\_add\_remote\_id\_table
 3991 * Add routing for list\_endpoint\_groups\_for\_project
 3992 * Use ORM in upgrade test instead of manual query construction
 3993 * Remove empty request bodies
 3994 * Remove unnecessary import that was not checked
 3995 * IdP ID registration and validation
 3996 * Imported Translations from Transifex
 3997 * add test of /v3/auth/catalog for endpoint\_filter
 3998 * Entrypoints for commands
 3999 * More content in the guide for core components' migration
 4000 * Make trust manager raise formatted message exception
 4001 * Revert "Document mapping of policy action to operation"
 4002 * Remove SQL Downgrades
 4003 * Add caching to getting of the fully substituted domain config
 4004 * Refactor \_create\_projects\_hierarchy in tests
 4005 * Fixes bug when getting hierarchy on Project API
 4006 * Exposes bug when getting hierarchy on Project API
 4007 * Move common checks into base testcase
 4008 * Tests use common base class
 4009 * use tokens returned by delete\_tokens to invalidate cache
 4010 * Loosen the validation schema used for trustee/trustor ids
 4011 * region.description is optional and can be null
 4012 * Update access control configuration in httpd config
 4013 * Document mapping of policy action to operation
 4014 * Update install.rst for Fedora
 4015 * Update sample config file
 4016 * Remove parent\_id in v2 tenant response
 4017 * Tox env for Bandit
 4018 * Refactor: extract and rename unique\_id method
 4019 * create \_member\_ role as specified in CONF
 4020 * Fix sample policy to allow user to revoke own token
 4021 * Add unit tests for sample policy token operations
 4022 * Mark some strings for translation
 4023 * Add fernet to test\_supported\_token\_providers
 4024 * Fix up token provider help text
 4025 * Tests use Database fixture
 4026 * Remove parent\_id in v2 token response
 4027 * Update ServiceProviderModel attributes
 4028 * Add docstrings to keystone.notifications functions
 4029 * Remove unused metadata parameter from get\_catalog methods
 4030 * Imported Translations from Transifex
 4031 * Cleanup use of .driver
 4032 * Specify time units for default\_lock\_timeout
 4033 * Remove stevedore from test-requirements
 4034 * Lookup identity provider by remote\_id for websso
 4035 * Deal with PEP-0476 certificate chaining checking
 4036 * Distinguish between unset and empty black and white lists
 4037 * Remove unused domain config method paramters
 4038 * Correct path in request logging
 4039 * Correct request logging query parameters separator
 4040 * Fix setting default log levels
 4041 * On creation default service name to empty string
 4042 * Needn't workaround when invoking \`app.request()\`
 4043 
 4044 2015.1.0b3
 4045 ----------
 4046 
 4047 * Imported Translations from Transifex
 4048 * Support upload domain config files to database
 4049 * Update sample httpd config file
 4050 * Update Apache httpd config docs for token persistence
 4051 * Cleanup Fernet testcases and add comments
 4052 * Add inline comment and docstrings fixes for Fernet
 4053 * Fix nullable constraints in service provider table
 4054 * Move backend LDAP role testing to the new backend testing module
 4055 * URL quote Fernet tokens
 4056 * Use existing token test for Fernet tokens
 4057 * Implement Fernet tokens for v2.0 tokens
 4058 * Refactor code supporting status in JSON Home
 4059 * remove expected backtrace from logs
 4060 * Log when no external auth plugin registered
 4061 * Adds test for federation mapping list order issues
 4062 * Updated from global requirements
 4063 * Enable sensitive substitutions into whitelisted domain configs
 4064 * Imported Translations from Transifex
 4065 * Create a fixture for key repository
 4066 * Ignore unknown groups in lists for Federation
 4067 * Remove RestfulTestCase.admin\_request
 4068 * Remove SSL configuration instructions from HTTPd docs
 4069 * Wrap apache-httpd.rst
 4070 * Remove fix for migration 37
 4071 * Cleanup for credentials schema test
 4072 * Refactor sql filter code for clarity
 4073 * Prefer . to setattr()/getattr()
 4074 * Build domain scope for Fernet tokens
 4075 * Mark the domain config API as experimental
 4076 * Imported Translations from Transifex
 4077 * Allow methods to be carried in Fernet tokens
 4078 * Federated token formatter
 4079 * Refactor: make Fernet token creation/validation API agnostic
 4080 * Convert audit\_ids to bytes
 4081 * Drop Fernet token prefixes & add domain-scoped Fernet tokens
 4082 * Add JSON schema validation for service providers
 4083 * Implements whitelist and blacklist mapping rules
 4084 * Adding utf8 to federation tables
 4085 * Eventlet green threads not released back to pool
 4086 * Abstract the direct map concept into an object
 4087 * Remove redundant creation timestamp from fernet tokens
 4088 * Fix deprecated group for eventlet\_server options
 4089 * Sync oslo-incubator to f2cfbba
 4090 * Cleanup test keeping unnecessary fixture references
 4091 * Fix typo in name of variable in resource router
 4092 * Add test to list projects by the parent\_id
 4093 * Fixes minor spelling issue
 4094 * Crosslink to other sites that are owned by Keystone
 4095 * Imported Translations from Transifex
 4096 * move region and service exist checks into manager layer
 4097 * make credential policy check ownership of credential
 4098 * Remove unused threads argument
 4099 * Refactor: remove dep on trust\_api / v3 token helper
 4100 * Enable use of database domain config
 4101 * add oauth authentication to config file
 4102 * Prevent calling waitall() inside a GreenPool's greenthread
 4103 * Rename get\_events to list\_events on the Revoke API
 4104 * Address nits for default cache time more explicit
 4105 * add cadf notifications for oauth
 4106 * Add scope info to initiator data for CADF notifications
 4107 * Removed maxDiff attribute from TestCase
 4108 * Refactoring: use BaseTestCase instead of TestCase
 4109 * Moved sys.exit mocking into BaseTestClass
 4110 * Refactor: move initiator test to cadf specific section
 4111 * Refactor: create a common base for notification tests
 4112 * Migrations squash
 4113 * Consistently use oslo\_config.cfg.CONF
 4114 * Removes logging code that supported Python <2.7
 4115 * Refactoring: removed client method from TestCase
 4116 * Refactoring: remove self.\_config\_file\_list from TestCase
 4117 * Deprecate passing "extras" in token data
 4118 * 'Assignment' has no attr 'get\_domain\_by\_name'
 4119 * Refactor: make extras optional in v3 get\_token\_data
 4120 * Remove extra semicolon from mapping fixtures
 4121 * Imported Translations from Transifex
 4122 * Fix seconds since epoch use in fernet tokens
 4123 * Add API support for domain config
 4124 * Remove unused checkout\_vendor
 4125 * Move test\_core to keysteone.tests.unit.tests
 4126 * Fixes the SQL model tests
 4127 * Add documentation for key terms and basic authenticating
 4128 * Remove useless comment from requirements.txt
 4129 * Move pysaml to requirements.txt for py3
 4130 * Docstring fixes in fernet.token\_formatters
 4131 * Made project\_id required for ec2 credential
 4132 * Add Federation mixin for setting up data
 4133 * Refactor: remove token formatters dep on 'token\_data' on create()
 4134 * Refactor: rename the "standard" token formatter to "scoped"
 4135 * Add unscoped token formatter for Fernet tokens
 4136 * Fix the wrong order of parameters when using assertEqual
 4137 * Imported Translations from Transifex
 4138 * Spelling and grammar cleanup
 4139 * Fixes bug in SQL/LDAP when honoring driver\_hints
 4140 * Remove policy parsing exception
 4141 * Cleanup policy related tests
 4142 * Remove incubated version of oslo policy
 4143 * Use oslo.policy instead of incubated version
 4144 * Fixes minor whitespace issues
 4145 * Updated from global requirements
 4146 * Add checking for existing group/option to update domain config
 4147 * Stop debug logging of Ldap while running unit tests
 4148 * Exposes bug in SQL/LDAP when honoring driver\_hints
 4149 * Updated from global requirements
 4150 * Fix typos in tests/unit/core.py
 4151 * Remove unnecessary import
 4152 * Update developer docs landing page
 4153 * Add support for whitelisting and partial domain configs
 4154 * Change headers to be byte string friendly
 4155 * fix import order in federation controller
 4156 * Imported Translations from Transifex
 4157 * Fix a minor coding nit in Fernet testing
 4158 * Move install of cryptography before six
 4159 * refactor: extract and document audit ID generation
 4160 * Update sample config file
 4161 * log query string instead of openstack.params and request args
 4162 * Cleanup docstrings in test\_v3\_federation.py
 4163 * refactor: consistently refer to "unpacked tokens" as the token's "payload"
 4164 * refactor: extract fernet packing & unpacking methods
 4165 * Fix nits from 157495
 4166 * Deprecate Eventlet Deployment in favor of wsgi containers
 4167 * remove old docstr referring to keyczar
 4168 * Implement backend driver support for domain config
 4169 * Use revocation events for lightweight tokens
 4170 * Avoid multiple instances for a provider
 4171 * Always load revocation manager
 4172 * Cleanup comments from 159865
 4173 * Updated from global requirements
 4174 * Rename "Keystone LightWeight Tokens" (KLWT) to "Fernet" tokens
 4175 * Make the default cache time more explicit in code
 4176 * Keystone Lightweight Tokens (KLWT)
 4177 * Refactor and provide scaffolding for domain specific loading
 4178 * Populate token with service providers
 4179 * Add CADF notifications for trusts
 4180 * Get initiator from manager and send to controller
 4181 * Add in non-decorator notifiers
 4182 * Implemented caching in identity layer
 4183 * Imported Translations from Transifex
 4184 * Use dict comprehensions instead of dict constructor
 4185 * Remove deprecated methods and functions in token subsystem
 4186 * Authenticate local users via federated workflow
 4187 * Move UserAuthInfo to a separate file
 4188 * Make RuleProcessor.\_UserType class public
 4189 * Enhance user identification in mapping engine
 4190 * Remove conditional check (and test) for oauth\_api
 4191 * Fixes test\_multiple\_filters filters definition
 4192 * Remove conditionals that check for revoke\_api
 4193 * Use correct dependency decorator
 4194 * Add minimum release support notes for federation
 4195 * Update \`os service create\` examples in config services
 4196 * Reference OSC docs in CLI examples
 4197 * Chain a trust with a role specified by name
 4198 * Add parent\_id to test\_project\_model
 4199 * Revamp the documentation surrounding notifications
 4200 * Remove unused tmp directory in tests
 4201 * Correct initialization order for logging to use eventlet locks
 4202 * add missing links for v3 OS-EC2 API response
 4203 * Remove explicit mentions of JSON from test\_v2
 4204 * Rename test\_keystoneclient\*
 4205 * Rename test\_content\_types
 4206 * Fix for KVS cache backend incompatible with redis-py
 4207 * Enable endpoint\_policy, endpoint\_filter and oauth by default
 4208 * Add links to extensions that point to api specs
 4209 * Classifying extensions and defining process
 4210 * Imported Translations from Transifex
 4211 * Add oslo request id middleware to keystone paste pipeline
 4212 * Uses SQL catalog driver for v2 REST tests
 4213 * Fixed skip msg in templated catalog test
 4214 * Remove invalid comment/statement at role manager
 4215 * Standardize notifications types as constants
 4216 * Change use of random to random.SystemRandom
 4217 * Remove extra call to oauth manager from tests
 4218 * Remove an extra call to create federation manager
 4219 * Updated from global requirements
 4220 * Imported Translations from Transifex
 4221 * Improve List Role Assignment Tests
 4222 * Enable filtering in LDAP backend for listing entities
 4223 * Refactor filter and sensitivity tests in prepartion for LDAP support
 4224 * Imported Translations from Transifex
 4225 * Provide additional detail if OAuth headers are missing
 4226 * Add WebSSO support for federation
 4227 * Check consumer and project id before creating request token
 4228 * Regenerate sample config file
 4229 * Move eventlet server options to a config section
 4230 * refactor: use \_get\_project\_endpoint\_group\_url() where applicable
 4231 * Update sample config file
 4232 * Consistently use oslo\_config.cfg.CONF
 4233 * Imported Translations from Transifex
 4234 * Removes unnecessary checks when cleaning a domain
 4235 * Remove check\_role\_for\_trust from sample policies
 4236 * Remove duplicated test for get\_role
 4237 * Add a test for create\_domain in notifications
 4238 * Add CADF notification handling for policy/region/service/endpoint
 4239 * Publicize region/endpoint/policy/service events
 4240 * Add CADF notifications for most resources
 4241 * Updated from global requirements
 4242 * Drop foreign key (domain\_id) from user and group tables
 4243 * Make federated domain configurable
 4244 * Imported Translations from Transifex
 4245 * Move backend role tests into their own module
 4246 * Fix nits from patch #110858
 4247 * Fix invalid super() usage in memcache pool
 4248 * Add a domain to federated users
 4249 * Wrap dependency registry
 4250 * Remove unnecessary code setting provider
 4251 * Fix tests to not load federation manager twice
 4252 * Fix places where role API calls still called assignment\_api
 4253 * fix a small issue in test\_v3\_auth.py
 4254 * Imported Translations from Transifex
 4255 * rename cls in get\_auth\_context to self
 4256 * make tests of endpoint\_filter check endpoints num
 4257 * remove the Conf.signing.token\_format option support
 4258 * Remove list\_endpoint\_groups\_for\_project from sample policies
 4259 * Add get\_endpoint\_group\_in\_project to sample policy files
 4260 * Check for invalid filtering on v3/role\_assignments
 4261 * Remove duplicate token revocation check
 4262 * Remove incubator version of log and local
 4263 * Use oslo.log instead of incubator
 4264 * Move existing tests to unit
 4265 * Cleanup tests to not set multiple workers
 4266 * Use subunit-trace from tempest-lib
 4267 * Log exceptions safely
 4268 * Imported Translations from Transifex
 4269 * Refactor \_send\_audit\_notification
 4270 * Updated from global requirements
 4271 * Remove excess brackets in exception creation
 4272 * Update policy doc to use new rule format
 4273 * remove the unused variables in indentity/core.py
 4274 * fix assertTableColumns
 4275 * Imported Translations from Transifex
 4276 * make federation part of keystone core
 4277 * Small cleanup of cloudsample policy
 4278 * Fix error message on check on RoleV3
 4279 * Improve creation of expected assignments in tests
 4280 * Add a check to see if a federation token is being used for v2 auth
 4281 * Adds a fork of python-ldap for Py3 testing
 4282 * Updates Python3 requirements
 4283 * Sync with oslo-incubator
 4284 * Add local rules in the federation mapping tests
 4285 * Don't try to convert LDAP attributes to boolean
 4286 * Add schema for endpoint group
 4287 * Split the assignments controller
 4288 * Use \_VersionsEqual for a few more version tests
 4289 * Remove test PYTHONHASHSEED setting
 4290 * Correct version tests for result ordering
 4291 * Correct a v3 auth test for result ordering
 4292 * Correct catalog response checker for result ordering
 4293 * Correct test\_get\_v3\_catalog test for result ordering
 4294 * Correct test\_auth\_unscoped\_token\_project for result ordering
 4295 * Fix the syntax issue on creating table \`endpoint\_group\`
 4296 * Change hacking check to verify all oslo imports
 4297 * Change oslo.i18n to oslo\_i18n
 4298 * Change oslo.config to oslo\_config
 4299 * Change oslo.db to oslo\_db
 4300 * Remove XMLEquals from tests
 4301 * Remove unused test case
 4302 * Don't coerce port config values
 4303 * Make identity id mapping handle unicode
 4304 * Improve testing of unicode id mapping
 4305 * Add new "RoleAssignment" exception
 4306 * Imported Translations from Transifex
 4307 * log wsgi requests at INFO level
 4308 * Fix race on default role creation
 4309 * Imported Translations from Transifex
 4310 * Unscoped to Scoped only
 4311 * Refactor federation SQL backend
 4312 
 4313 2015.1.0b2
 4314 ----------
 4315 
 4316 * Set initiators ID to user\_id
 4317 * Updated from global requirements
 4318 * Change oslo.messaging to oslo\_messaging
 4319 * Change oslo.serialization to oslo\_serialization
 4320 * Handle SSL termination proxies for version list
 4321 * Imported Translations from Transifex
 4322 * Update federation config to use Service Providers
 4323 * Drop URL field from region table
 4324 * Create K2K SAML assertion from Service Provider
 4325 * Service Providers API for OS-FEDERATION
 4326 * Implements subtree\_as\_ids query param
 4327 * Refactor role assignment assertions
 4328 * Fixes 'OS-INHERIT:inherited\_to' info in tests
 4329 * During authentication validate if IdP is enabled
 4330 * Fix typo in Patch #142743
 4331 * Make the LDAP dependency clear between identity, resource & assignment
 4332 * Implements parents\_as\_ids query param
 4333 * Internal notifications for cleanup domain
 4334 * Multiple IDP authentication URL
 4335 * Change oslo.utils to oslo\_utils
 4336 * Imported Translations from Transifex
 4337 * Regenerate sample config file
 4338 * Make unit tests call the new resource manager
 4339 * Make controllers and managers reference new resource manager
 4340 * Remove unused pointer to assignment in identity driver
 4341 * Move projects and domains to their own backend
 4342 * Make role manager refer to role cache config options
 4343 * Documentation fix for Keystone Architecture
 4344 * Imported Translations from Transifex
 4345 * Fix evaluation logic of federation mapping rules
 4346 * Deprecate LDAP Assignment Backend
 4347 * Fix up \_ldap\_res\_to\_model for ldap identity backend
 4348 * Remove local conf information from paste-ini
 4349 * Use RequestBodySizeLimiter from oslo.middleware
 4350 * Adds a wip decorator for tests
 4351 * Remove list\_user\_projects method from assignment
 4352 * Updated from global requirements
 4353 * Remove unnecessary code block of exception handling
 4354 * Updated from global requirements
 4355 * Add library oslo.concurrency in config-generator config file
 4356 * Updated from global requirements
 4357 * Explicit Unscoped
 4358 * add missing API in docstring of EndpointFilterExtension
 4359 * fix test\_ec2\_list\_credentials
 4360 * Assignment sql backend create\_grant refactoring
 4361 * Updated from global requirements
 4362 * Imported Translations from Transifex
 4363 * Remove TODO comment which has been addressed
 4364 * Refactor keystone-all and http/keystone
 4365 * Updated from global requirements
 4366 * Identify groups by name/domain in mapping rules
 4367 * do parameter check before updating endpoint\_group
 4368 * Move sql specific filter test code into test\_backend\_sql
 4369 * Fix incorrect filter test name
 4370 * Update the keystone sample config
 4371 * Minor fix in RestfulTestCase
 4372 * Scope federated token with 'token' identity method
 4373 * Correct comment about circular dependency
 4374 * Refactor assignment manager/driver methods
 4375 * Make unit tests call the new, split out, role manager
 4376 * Make controllers call the new, split out, role manager
 4377 * Correct doc string for grant driver methods
 4378 * Split roles into their own backend within assignments
 4379 * correct the help text of os\_inherit
 4380 * Update Inherited Role Assignment Extension section
 4381 * Limit lines length on configuration doc
 4382 * Fixes spacing in sentences on configuration doc
 4383 * Fixes several typos on configuration doc
 4384 * Trust redelegation
 4385 * add missing parent\_id parameter check in project schema
 4386 * Fix incorrect session usage in tests
 4387 * Fix migration 42 downgrade
 4388 * Updated from global requirements
 4389 * Additional test coverage for password changes
 4390 * Fix downgrade test for migration 61 on non-sqlite
 4391 * Fix transaction issue in migration 44 downgrade
 4392 * Correct failures for H238
 4393 * Move to hacking 0.10
 4394 * Updated from global requirements
 4395 * Remove unused fields in base TestCase
 4396 * Keystoneclient tests from venv-installed client
 4397 * Fix downgrade from migration 61 on non-sqlite
 4398 * explicit namespace prefixes for SAML2 assertion
 4399 * Remove requirements not needed by oslo-incubator modules anymore
 4400 * Remove unused testscenarios requirement
 4401 * Cleanup test-requirements for keystoneclient
 4402 * Fix tests using extension drivers
 4403 * Ensure manager grant methods throw exception if role\_id is invalid
 4404 * update sample conf using latest oslo.conf
 4405 * Remove unnecessary oslo incubator bits
 4406 * let endpoint\_filter sql backend return dict data
 4407 * Tests fail only on deprecation warnings from keystone
 4408 * switch from sample\_config.sh to oslo-config-generator
 4409 * Add positive test case for content types
 4410 * Update the keystone.conf sample
 4411 * remove invalid note
 4412 * invalidate cache when updating catalog objects
 4413 * Enable hacking rule H302
 4414 * fix wrong self link in the response of endpoint\_groups API
 4415 * Imported Translations from Transifex
 4416 * improve the EP-FILTER catalog length check in test\_v3.py
 4417 * Don't allow deprecations during testing
 4418 * Fix to not use deprecated Exception.message
 4419 * Integrate logging with the warnings module
 4420 * rename oslo.concurrency to oslo\_concurrency
 4421 * Fix to not use empty IN clause
 4422 * Be more precise with flake8 filename matches
 4423 * Use bashate to run\_tests.sh
 4424 * Move test\_utils to keystone/tests/unit/
 4425 * add circular check when updating region
 4426 * fix the wrong update logic of catalog kvs driver
 4427 * Removes a Py2.6 version of assertSetEqual
 4428 * Removes a Py2.6 version of inspect.getcallargs
 4429 * Removes a bit of WSGI code converts unicode to str
 4430 * Expanded mutable hacking checks
 4431 * Make the mutable default arg check very strict
 4432 * sync to oslo commit 1cf2c6
 4433 * Update federation docs to point to specs.o.org
 4434 * Memcache connection pool excess check
 4435 * Always return the service name in the catalog
 4436 * Update docs to no longer show XML support
 4437 
 4438 2015.1.0b1
 4439 ----------
 4440 
 4441 * Check and delete for policy\_association\_for\_region\_and\_service
 4442 * Remove unnecessary ldap import
 4443 * Rename \`removeEvent\` to be more pythonic
 4444 * Fix the way migration helpers check FK names
 4445 * Remove XML support
 4446 * Fix modifying a role with same name using LDAP
 4447 * Add a test for modifying a role to set the name the same
 4448 * Fix disabling entities when enabled is ignored
 4449 * Add tests for enabled attribute ignored
 4450 * Cleanup eventlet use in tests
 4451 * Fix update role without name using LDAP
 4452 * Add test for update role without name
 4453 * Inherited role assignments to projects
 4454 * Updated from global requirements
 4455 * Fix inherited user role test docstring
 4456 * Fixes links in Shibboleth configuration docs
 4457 * Updated from global requirements
 4458 * fix wrong indentation in contrib/federation/utils.py
 4459 * Adds openSUSE support for developer documentation
 4460 * User ids that begin with 0 cannot authenticate through ldap
 4461 * Typo in policy call
 4462 * Updated from global requirements
 4463 * Remove endpoint\_substitution\_whitelist config option
 4464 * Correct max\_project\_tree\_depth config help text
 4465 * Adds correct checks in LDAP backend tests
 4466 * Updated from global requirements
 4467 * Add an identity backend method to get group by name
 4468 * Create, update and delete hierarchical projects
 4469 * drop developer support for OS X
 4470 * Ignore H302 - bug 1398472
 4471 * Remove irrelative comment
 4472 * remove deprecated access log middleware
 4473 * Multiple IdPs problem
 4474 * Fixes docstring at eventlet\_server
 4475 * Fix the copy-pasted help info for db\_version
 4476 * Updated from global requirements
 4477 * TestAuthPlugin doesn't use test\_auth\_plugin.conf
 4478 * Add missing translation marker for dependency
 4479 * Use \_ definition from keystone.i18n
 4480 * Remove Python 2.6 classifier
 4481 * Correct token flush logging
 4482 * Speed up memcache lock
 4483 * Moves hacking tests to unit directory
 4484 * Fixes create\_saml\_assertion() return
 4485 * Add import i18n to federation/controllers.py
 4486 * Correct use of config fixture
 4487 * Extends hacking check for logging to verify i18n hints
 4488 * Adds missing log hints for level E/I/W
 4489 * make sample\_data.sh account for the default options in keystone.conf
 4490 * Adds dynamic checking for mapped tokens
 4491 * Updated from global requirements
 4492 * Enable cloud\_admin to list projects in all domains
 4493 * Remove string from URL in list\_revoke\_events()
 4494 * Configuring Keystone edits
 4495 * Update keystone readme to point to specs.o.org
 4496 * Imported Translations from Transifex
 4497 * Add WSGIPassAuthorization to OAuth docs
 4498 * Increase test coverage of test\_versions.py
 4499 * Move test\_pemutils.py to unit test directory
 4500 * Don't return \`\`user\_name\`\` in mapped.Mapped class
 4501 * Increase test coverage of test\_base64utils.py
 4502 * Move base64 unit tests to keystone/tests/unit dir
 4503 * Move injection unit tests to keystone/tests/unit
 4504 * Move notification unit tests to unit test dir
 4505 * Allow for REMOTE\_USER name in federation mapping
 4506 * Doc about specifying domains in domains specific backends
 4507 * Remove useless field passed into SQLAlchemy "distinct" statement
 4508 * Exclude domains with inherited roles from user domain list
 4509 * Improve testing of exclusion of inherited roles
 4510 * Fix project federation tokens for inherited roles
 4511 * Improve testing of project federation tokens for inherited roles
 4512 * Fix domain federation tokens for inherited roles
 4513 * Improve testing of domain federation tokens for inherited roles
 4514 * Fix misspelling at configuration.rst file
 4515 * Remove duplicate setup logic in federation tests
 4516 * Imported Translations from Transifex
 4517 * Enable hacking rule H904
 4518 * Move shib specific documentation
 4519 * Additional debug logs for federation flows
 4520 * Add openid connect support
 4521 * Imported Translations from Transifex
 4522 * Enable hacking rule H104 File contains nothing but comments
 4523 * Rename \_handle\_saml2\_tokens() method
 4524 * Updated from global requirements
 4525 * Update references to auth\_token middleware
 4526 * Use true() rather than variable/singleton
 4527 * Change ca to uppercase in keystone.conf
 4528 * default revoke driver should be the non-deprecated driver
 4529 * Prevent infinite loop in token\_flush
 4530 * Adds IPv6 url validation support
 4531 * Provide useful info when parsing policy file
 4532 * Doc about deleting a domain specific backend domain
 4533 * Updated from global requirements
 4534 * Remove token persistence proxy
 4535 * Correct use of noqa
 4536 * Use oslo.concurrency instead of sync'ed version
 4537 * revise error message for keystone.token.persistence pkg
 4538 * Change config option examples to v3
 4539 * Sync modules from oslo-incubator
 4540 * test\_utils use jsonutils from oslo.serialization
 4541 * Add fileutils module
 4542 * Move check\_output and git() to test utils
 4543 * Remove nonexistant param from docstring
 4544 * Fixes aggressive use of translation hints
 4545 * PKI and PKIZ tokens unnecessary whitespace removed
 4546 * Move unit tests from test\_backend\_ldap
 4547 * Use correct name of oslo debugger script
 4548 * Updated from global requirements
 4549 * Imported Translations from Transifex
 4550 * Change /POST to /ECP at federation config
 4551 * Base methods to handle hierarchical projects
 4552 * use expected\_length parameter to assert expected length
 4553 * fix the wrong order of assertEqual args in test\_v3
 4554 * sys.exit mock cleanup
 4555 * Tests raise exception if logging problem
 4556 * Correct the code path of implementation for the abstract method
 4557 * Use newer python-ldap paging control API
 4558 * Add xmlsec1 dependency comments
 4559 * Add parent\_id field to projects
 4560 * Add max-complexity to pep8 for Keystone
 4561 * Remove check\_password() in identity.backend.ldap
 4562 * Restrict certain APIs to cloud admin in domain-aware policy
 4563 * Remove unused ec2 driver option
 4564 * Extract Assignment tests from IdentityTestCase
 4565 * Clean up federated identity audit code
 4566 * obsolete deployment docs
 4567 * Remove database setup duplication
 4568 * Fixes endpoint\_filter tests
 4569 * Fixes a spelling error in hacking tests
 4570 * Fixes docstrings to be more accurate
 4571 * Update the feature/hierarchical-multitenancy branch
 4572 * Updated from global requirements
 4573 
 4574 2014.2
 4575 ------
 4576 
 4577 * updated translations
 4578 * Remove deprecated KVS trust backend
 4579 * Imported Translations from Transifex
 4580 * Ensure sql upgrade tests can run with non-sqlite databases
 4581 * Ensure sql upgrade tests can run with non-sqlite databases
 4582 * Validates controller methods exist when specified
 4583 * Fixes an error deleting an endpoint group project
 4584 * Add v3 openstackclient CLI examples
 4585 * Update the CLI examples to also use openstackclient
 4586 * Replace an instance of keystone/openstack/common/timeutils
 4587 * Use importutils from oslo.utils
 4588 * Use jsonutils from oslo.serialization
 4589 * Update 'Configuring Services' documentation
 4590 * Use openstackclient examples in configuration documentation
 4591 * Validates controller methods exist when specified
 4592 * Fixes an error deleting an endpoint group project
 4593 * Switch LdapIdentitySqlAssignment to use oslo.mockpatch
 4594 * Fix tests comparing tokens
 4595 * Remove deprecated TemplatedCatalog class
 4596 * Remove images directory from docs
 4597 * Remove OS-STATS monitoring
 4598 * Remove identity and assignment kvs backends
 4599 * Add an XML code directive to a shibboleth example
 4600 * revise docs on default \_member\_ role
 4601 * Convert unicode to UTF8 when calling ldap.str2dn()
 4602 * Fix tests comparing tokens
 4603 * Fix parsing of emulated enabled DN
 4604 * Handle default string values when using user\_enabled\_invert
 4605 * Handle default string values when using user\_enabled\_invert
 4606 * Convert unicode to UTF8 when calling ldap.str2dn()
 4607 * Fix parsing of emulated enabled DN
 4608 * Add test for getting a token with inherited role
 4609 * wrong logic in assertValidRoleAssignmentListResponse method
 4610 * Open Kilo development
 4611 
 4612 2014.2.rc1
 4613 ----------
 4614 
 4615 * Enhance FakeLdap to require base entry for subtree search
 4616 * Imported Translations from Transifex
 4617 * Uses session in migration to stop DB locking
 4618 * Address some late comments for memcache clients
 4619 * Set issuer value to CONF.saml.idp\_entity\_id
 4620 * Updated from global requirements
 4621 * Add placeholders for reserved migrations
 4622 * Mark k2k as experimental
 4623 * Add version attribute to the SAML2 Assertion object
 4624 * New section for CLI examples in docs
 4625 * Fix failure of delete domain group grant when identity is LDAP
 4626 * Clean up the Configuration documentation
 4627 * Adding an index on token.user\_id and token.trust\_id
 4628 * Update architecture documentation
 4629 * Fix a spelling mistake in keystone/common/utils.py
 4630 * Imported Translations from Transifex
 4631 * Prevent infinite recursion on persistence core on init
 4632 * Read idp\_metadata\_path value from CONF.saml
 4633 * Remove duplicated assertion
 4634 * Fix create and user-role-add in LDAP backend
 4635 * Fix minor spelling issues in comments
 4636 * Add a pool of memcached clients
 4637 * Update URLs for keystone federation configuration docs
 4638 * add --rebuild option for ssl/pki\_setup
 4639 * Mock doesn't have assert\_called\_once()
 4640 * Do not run git-cloned ksc master tests when local client specified
 4641 * Add info about pysaml2 into federation docs
 4642 * Imported Translations from Transifex
 4643 * Remove unused cache functions from token.core
 4644 * Updated from global requirements
 4645 * Safer check for enabled in trusts
 4646 * Set the default number of workers when running under eventlet
 4647 * Add the processutils from oslo-incubator
 4648 * Update 'Configure Federation' documentation
 4649 * Ensure identity sql driver supports domain-specific configuration
 4650 * Allow users to clean up role assignments
 4651 * Adds a whitelist for endpoint catalog substitution
 4652 * Revoke the tokens of group members when a group role is revoked
 4653 * Change pysaml2 comment in test-requrements.txt
 4654 * Document Keystone2Keystone federation
 4655 * Set LDAP certificate trust options for LDAPS and TLS
 4656 * Fail on empty userId/username before query
 4657 * Refactor FakeLdap to share delete code
 4658 * ldap/core deleteTree not always supported
 4659 * Reduce unit test log level for notifications
 4660 * Fix delete group cleans up role assignments with LDAP
 4661 * Refactor LDAP backend using context manager for connection
 4662 * Fix fakeldap search\_s documentation
 4663 * Add delete notification to endpoint grouping
 4664 * Fix using local ID to clean up user/group assignments
 4665 * Add characterization test for cleanup role assignments for group
 4666 * Fix LDAP group role assignment listing
 4667 * Correct typos in keystone/common/base64utils.py docstrings
 4668 * Add V3 JSON Home support to GET /
 4669 * Ensure a consistent transactional context is used
 4670 * Adds hint about filter placement to extension docs
 4671 * Adds pipeline hints to the example paste config
 4672 * Make the extension docs a top level entry in the landing page
 4673 * LDAP: refactor use of "1.1" OID
 4674 * Fix Policy backend driver documentation
 4675 * improve dependency injection doc strings
 4676 * Document mod\_wsgi doesn't support chunked encoding
 4677 * Making KvsInheritanceTests use backend KVS
 4678 * Keystone local authenticate has an unnecessary pending audit record
 4679 * Use id attribute map for read-only LDAP
 4680 * Stop skipping LDAP tests
 4681 * Update the revocation configuration docs
 4682 * Fixes formatting error in debug log statement
 4683 * Remove trailing space from string
 4684 * Update paste pipelines in configuration docs
 4685 * Update man pages
 4686 * Updates package comment to be more accurate
 4687 * Fixed typo 'in sane manner' to 'in a sane manner'
 4688 * Enable filtering of services by name
 4689 * correct typos
 4690 * Fixes code comment to be more accurate
 4691 * Prevent domains creation for the default LDAP+SQL
 4692 * Add testcase for coverage of 002\_add\_endpoint\_groups
 4693 * Fix oauth sqlite migration downgrade failure
 4694 * Sync jsonutils from oslo-incubator 32e7f0b5
 4695 * Imported Translations from Transifex
 4696 * Avoid conversion of binary LDAP values
 4697 * Remove unused variable TIME\_FORMAT
 4698 * Add characterization test for group role assignment listing
 4699 * Fix dn\_startswith
 4700 * Use oslo\_debug\_helper and remove our own version
 4701 * Fixes a mock cleanup issue caused by oslotest
 4702 * Add rst code-blocks to a bunch of missing examples
 4703 * Capitalize all instances of Keystone in the docs
 4704 
 4705 2014.2.b3
 4706 ---------
 4707 
 4708 * Update the docs that list sections in keystone.conf
 4709 * Fixed spelling mistakes in comments
 4710 * use one indentation style
 4711 * Fix admin server doesn't report v2 support in Apache httpd
 4712 * Add test for single app loaded version response
 4713 * Work toward Python 3.4 support and testing
 4714 * Update the federation configuration docs for saml2
 4715 * Add docs for enabling endpoint policy
 4716 * warn against sorting requirements
 4717 * Adds region back into the catalog endpoint
 4718 * Remove extra V3 version router
 4719 * Implementation of Endpoint Grouping
 4720 * Fix minor nits for token2saml generation
 4721 * Routes for Keystone-IdP metadata endpoint
 4722 * Generate IdP Metadata with keystone-manage
 4723 * IdP SAML Metadata generator
 4724 * Implement validation on Trust V3 API
 4725 * Create SAML generation route and controller
 4726 * trustor\_user\_id not available in v2 trust token
 4727 * Transform a Keystone token to a SAML assertion
 4728 * Remove TODO that was done
 4729 * Fix region schema comment
 4730 * Remove unused \_validate\_endpoint
 4731 * Fix follow up review issues with endpoint policy backend patch
 4732 * controller for the endpoint policy extension
 4733 * Mark the revoke kvs backend deprecated, for removal in Kilo
 4734 * Fix logging config twice
 4735 * Implement validation on the Catalog V3 API
 4736 * General logging cleanup in keystone.notifications
 4737 * Lower log level for notification registration
 4738 * backend for policy endpoint extension
 4739 * Implement validation on Credential V3
 4740 * Implement validation on Policy V3 API
 4741 * Fix token flush fails with recursion depth exception
 4742 * Spelling errors fixed in the comments
 4743 * Add index for actor\_id in assignments table
 4744 * Endpoint table is missing reference to region table
 4745 * add missing log hints for level C/E/I/W
 4746 * Add audit support to keystone federation
 4747 * Add string id type validation
 4748 * Implement validation on Assignment V3 API
 4749 * Adds tests that show how update with validation works
 4750 * Mark the trust kvs backend deprecated, for removal in Kilo
 4751 * Test cleanup: do not leak FDs during test runs
 4752 * Do not load auth plugins by class in tests
 4753 * JSON Home data is required
 4754 * Cleanup superfluous string comprehension and coersion
 4755 * Add commas for ease of maintenance
 4756 * Comments to docstrings for notification emit methods
 4757 * Notification cleanup: namespace actions
 4758 * Mark kvs backends as deprecated, for removal in Kilo
 4759 * Add bash code style to some portions of configuration.rst
 4760 * Update sample config
 4761 * Update tests to not use token\_api
 4762 * Make persistence manager in token\_provider\_api private
 4763 * Enhance GET /v3 to handle Accept header
 4764 * Enhance V3 extensions to provide JSON Home data
 4765 * Enhance V3 extension class to integrate JSON Home data
 4766 * Change OS-INHERIT extension to provide JSON Home data
 4767 * Change the sub-routers to provide JSON Home data
 4768 * Change V3 router classes to provide JSON Home data
 4769 * Create additional docs for role assignment events
 4770 * Add libxmlsec1 as external package dependency on OS X
 4771 * Add \_\_repr\_\_ to KeystoneToken model
 4772 * Add extra guarding to revoke\_by\_audit\_id methods
 4773 * Mark methods on token\_api deprecated
 4774 * Remove SAML2 plugin dependency on token\_api
 4775 * Remove oauth controller dependency on token\_api
 4776 * Remove assignment\_api dependency on token\_api
 4777 * Notification Constant Cleanup and internal notify type
 4778 * Remove wsgi and base controller dependency on token\_api
 4779 * Remove identity\_api dependency on token\_api
 4780 * Remove trust dependency on token\_api
 4781 * Update AuthContextMiddleware to not use token\_api
 4782 * Revoke by Audit Id / Audit Id Chain instead of expires
 4783 * assignment controller error path fix
 4784 * Make SQL the default backend for Identity & Assignment unit tests
 4785 * Add CADF notifications for role assignment create and delete
 4786 * Add notifications for policy, region, service and endpoint
 4787 * Enhance V3 version controller to provide JSON Home response
 4788 * Provide the V3 routers to the V3 extension controller
 4789 * Enhance V3 routers to store basic resource description
 4790 * Correct the signature for some catalog abstract method signatures
 4791 * Convert to urlsafe base64 audit ids
 4792 * Sync Py2 and Py3 requirements files
 4793 * Sync with oslo-incubator
 4794 * Add audit ids to tokens
 4795 * Fixing simple type in comment
 4796 * Create authentication specific routes
 4797 * Standardizing the Federation Process
 4798 * Enable filtering of credentials by user ID
 4799 * Expose context to create grant and delete grant
 4800 * Redirect stdout and stderr when using subprocess
 4801 * Back off initial migration to 34
 4802 * Back off initial migration to 35
 4803 * Use python convention for function names in test\_notifications
 4804 * Use mail for the default LDAP email attribute name
 4805 * Bump hacking to 0.9.x series
 4806 * Fixes an issue with the XMLEquals matcher
 4807 * Do not require method attribute on plugins
 4808 * Remove \_BaseFederationExtension
 4809 * Add a URL field to region table
 4810 * Remove unnecessary declaration of CONF
 4811 * Remove trailing space in tox.ini
 4812 * Rename bash8 requirement
 4813 * Updates the sample config
 4814 * remove unused import
 4815 * Clean whitespace off token
 4816 * Support the hints mechanism in list\_credentials()
 4817 * Keystone service throws error on receiving SIGHUP
 4818 * Remove strutils and timeutils from openstack-common.conf
 4819 * Use functions in oslo.utils
 4820 * Add an OS-FEDERATION section to scoped federation tokens
 4821 * Ensure roles created by unit tests have correct attributes
 4822 * Update control\_exchange value in keystone.conf
 4823 * swap import order of lxml
 4824 * add i18n to lxml error
 4825 * Check for empty string value in REMOTE\_USER
 4826 * Refactor names in catalog backends
 4827 * Update CADF auditing example to show non-payload information
 4828 * Remove ec2 contrib dependency on token\_api
 4829 * Expose token revocation list via token\_provider\_api
 4830 * Remove assignment controller dependency on token\_api
 4831 * Refactor serializer import to XmlBodyMiddleware
 4832 * Delete intersphinx mappings
 4833 * Fix documentation link
 4834 * Make token\_provider\_api contain token persistence
 4835 * Remove S3 middleware tests from tox.ini
 4836 * Remove unused function
 4837 * Add oslo.utils requirement
 4838 * Surround REMOTE\_USER variable name with quotes
 4839 * Remove \`with\_lockmode\` use from Trust SQL backend
 4840 * Allow LDAP lock attributes to be used as enable attributes
 4841 * Improve instructions about federation
 4842 * Do not override venvs
 4843 * Imported Translations from Transifex
 4844 * Remove debug CADF payload for every authN request
 4845 * Don't override tox envdir for pep8 and cover jobs
 4846 * Change V3 extensions to use resources
 4847 * Enhance V3 extension class to use resources
 4848 * V3 Extension class
 4849 * Change V3 router classes to use resources
 4850 * Enhance V3 router class for resources
 4851 * Class for V3 router packages
 4852 * Filter List Regions by 'parent\_region\_id'
 4853 * Refactor existing endpoint filter tests
 4854 * Trust unit tests should target additional threat scenarios
 4855 * Update the config file
 4856 * Fix revocation event handling with MySQL
 4857 * Set default token provider to UUID
 4858 * Add filters to the collections 'self' link
 4859 * Issue multiple SQL statements in separate engine.execute() calls
 4860 * Remove fixture from openstack-common.conf
 4861 * Use config fixture from oslo.config
 4862 * Fix revoking a scoped token from an unscoped token
 4863 * Updated from global requirements
 4864 * KeyError instead of exception.KeyError
 4865 * Catch correct oslo.db exception
 4866 * Update setup docs with Fedora 19+ dependencies
 4867 * Add a test for revoking a scoped token from an unscoped
 4868 * Fix revoking domain-scoped tokens
 4869 * Correct revocation event test for domain\_id
 4870 * Add pluggable range functions for token flush
 4871 * Configurable python-keystoneclient repo
 4872 * Fix invalid self link in get access token
 4873 * Add workaround to support tox 1.7.2
 4874 * Fixes a capitalization issue
 4875 * Do not consume trust uses when create token fails
 4876 * Refactor set domain-id and mapping code
 4877 * Remove duplicated asserts
 4878 * Fix for V2 token issued\_at time changing
 4879 * Add tests related to V2 token issued\_at time changing
 4880 * Sample config update
 4881 * Add the new Keystone TokenModel
 4882 * Add X-Auth-Token header in federation examples
 4883 * Check url is in the 'self' link in list responses
 4884 * Clean up EP-Filter after delete project/endpoint
 4885 * add internal delete notification for endpoint
 4886 * remove static files from docs
 4887 * Move token persistence classes to token.persistence module
 4888 * cache the catalog
 4889 * Disable a domain will revoke tokens under the same domain
 4890 * Sqlite files excluded from the repo
 4891 * Adding support for ldap connection pooling
 4892 * Details the proper way to call a callable
 4893 
 4894 2014.2.b2
 4895 ---------
 4896 
 4897 * Add the new oslo.i18n as a dependency for Python 3
 4898 * Fixes test\_exceptions.py for Python3
 4899 * Fixes test\_wsgi for Python3
 4900 * Adds several more test modules that pass on Py3
 4901 * Reduces the amount of mocked imports for Python 3
 4902 * Disables LDAP unit tests
 4903 * Updated from global requirements
 4904 * Initial implementation of validator
 4905 * Mark the 'check\_vX\_token' methods deprecated
 4906 * Extracting get group roles for project logic to drivers
 4907 * implement GET /v3/catalog
 4908 * Adds coverage report to py33 test runs
 4909 * Fixed tox cover environment to share venv
 4910 * Regenerate sample config file
 4911 * Check that region ID is not an empty string
 4912 * auth tests should not require admin token
 4913 * Example JSON files should be human-readable
 4914 * Consolidate \`assert\_XXX\_enabled\` type calls to managers
 4915 * Move keystone.token.default\_expire\_time to token.provider
 4916 * Move token\_api.unique\_id to token\_provider\_api
 4917 * Capitalize a few project names in configuring services doc
 4918 * Fixes a Python3 syntax error
 4919 * Introduce pragma no cover to asbtract classes
 4920 * Update middleware that was moved to keystonemiddleware
 4921 * Sync with oslo-incubator
 4922 * project disabled/deleted notification recommendations
 4923 * render json examples with syntax highlighting
 4924 * Use oslo.i18n
 4925 * Make sure unit tests set the correct log levels
 4926 * Clean up the endpoint filtering configuration docs
 4927 * Avoid loading a ref from SQL to delete the ref
 4928 * Add revocation extension to default pipeline
 4929 * multi-backend support for identity
 4930 * Update docs to reflect new db\_sync behaviour
 4931 * Migrate default extensions
 4932 * Add oslo.i18n as dependency
 4933 * Do not use lazy translation for keystone-manage
 4934 * Update the configuration docs for the revocation extension
 4935 * Remove deprecated token\_api.list\_tokens
 4936 * Imported Translations from Transifex
 4937 * Add keystonemiddleware to requirements
 4938 * Add \_BaseFederationExtension class
 4939 * Correct the region table to be InnoDB and UTF8
 4940 * HEAD responses should return same status as GET
 4941 * Updated from global requirements
 4942 * Sync with oslo-incubator e9bb0b59
 4943 * Add schema check for OS-FEDERATION mapping table
 4944 * Make OS-FEDERATION core.Driver methods abstract
 4945 * update example with a status code we actually use
 4946 * Correct docstring for assertResponseSuccessful
 4947 * Fix the section name in CONTRIBUTING.rst
 4948 * Fix OAuth1 to not JSON-encode create access token response
 4949 * Ending periods in exception messages deleted
 4950 * Ensure that in v2 auth tenant\_id matches trust
 4951 * Add identity mapping capability
 4952 * Do not use keystone's config for nova's port
 4953 * Fix docs and scripts for pki\_setup and ssl\_setup
 4954 * LDAP: Added documentation for debug\_level option
 4955 * Updated from global requirements
 4956 * Fixes the order of assertEqual arguments
 4957 * remove default=None for config options
 4958 * Fix test for get\_\*\_by\_name invalidation
 4959 * Do not support toggling key\_manglers in cache layer
 4960 * Implicitly ignore attributes that are mapped to None in LDAP
 4961 * Move bash8 to run under pep8 tox env
 4962 * Remove db, db.sqlalchemy from openstack-common.conf
 4963 * Remove backend\_entities from backend\_ldap.conf
 4964 * Consolidate provider calls to token\_api.create\_token
 4965 * Adds hacking check for debug logging translations
 4966 * Updates Python3 requirements to match Python2
 4967 * Adds oslo.db support for Python 3 tests
 4968 * Do not leak SQL queries in HTTP 409 (conflict)
 4969 * Imported Translations from Transifex
 4970 * Do not log 14+ INFO lines on a broken pipe error (eventlet)
 4971 * Regenerate sample config file
 4972 * deprecate LDAP config options for 'tenants'
 4973 * the user\_tenant\_membership table was replaced by "assignment"
 4974 * Corrects minor spelling mistakes
 4975 * Ignoring order of user list in TenantTestCase
 4976 * Make gen\_pki.sh & debug\_helper.sh bash8 compliant
 4977 * TestAuthInfo class in test\_v3\_auth made more efficient
 4978 * Update docs to reference #openstack-keystone
 4979 * Don't set sqlite\_db default
 4980 * Migrate ID generation for users/groups from controller to manager
 4981 * oslo.db implementation
 4982 * Test \`common.sql\` initialization
 4983 * Kerberos as method name
 4984 * test REMOTE\_USER  does not authenticate
 4985 * Document pkiz as provider in config
 4986 * Only emit disable notifications for project/domain on disable
 4987 * Fix the typo and reformat the comments for the added option
 4988 * Updated from global requirements
 4989 * fix flake8 issues
 4990 * Update sample keystone.conf file
 4991 * Fix 500 error if request body is not JSON object
 4992 * Default to PKIZ tokens
 4993 * Fix a few typos in the shibboleth doc
 4994 * pkiz String conversion
 4995 * Fixes catalog URL formatting to never return None
 4996 * Updates keystone.catalog.core.format\_url tests
 4997 * Ignore broken endpoints in get\_catalog
 4998 * Allow for multiple PKI Style Providers
 4999 * Add instructions for removing pyc files to docs
 5000 * Password trunction makes password insecure
 5001 * enable multiple keystone-all worker processes
 5002 * Add cloud auditing notification documentation
 5003 * Block delegation escalation of privilege
 5004 * Fixes typo error in Keystone
 5005 * Add missing docstrings and 1 unittest for LDAP utf-8 fixes
 5006 * Properly invalidate cache for get\_\*\_by\_name methods
 5007 * Make sure domains are enabled by default
 5008 * Convert explicit session get/begin to transaction context
 5009 
 5010 2014.2.b1
 5011 ---------
 5012 
 5013 * remove unnecessary word in docs: 'an'
 5014 * add docs on v2 & v3 support in the service catalog
 5015 * Add v3 curl examples
 5016 * Use code-block for curl examples
 5017 * Sync service module from oslo-incubator
 5018 * remove unneeded definitions of Python Source Code Encoding
 5019 * gitignore etc/keystone/
 5020 * Enforce \`\`saml2\`\` protocol in Apache config
 5021 * install gettext on OS X for msgfmt
 5022 * Use translation hints
 5023 * Add v2 & v3 API documentation
 5024 * Make sure all the auth plugins agree on the shared identity attributes
 5025 * update release support warning for domain-specific drivers
 5026 * Catalog driver generates v3 catalog from v2 catalog
 5027 * Compressed Token Provider
 5028 * document keystone-specs instead of LP blueprints in README
 5029 * fixed several pep8 issues
 5030 * Invalid command referenced in federation documentation
 5031 * Fix curl example refs in docs
 5032 * pep8: do not test locale files
 5033 * Consistenly use jsonutils instead of json
 5034 * Fix type error message in format\_url
 5035 * Updated from global requirements
 5036 * remove out of date docs for Fedora 15
 5037 * Make sure scoping to the project of a disabled domain result in 401
 5038 * document pki\_setup and ssl\_setup in keystone.conf.sample
 5039 * Fixed wrong behavior when updating tenant or user with LDAP backends
 5040 * Cleanup openstack-common.conf and sync from olso
 5041 * recommend excluding 35357 from ephemeral ports
 5042 * Fixes duplicated DELETE queries on SQL backends
 5043 * Refactor tests regarding required attributes
 5044 * Suggest users to remove REMOTE\_USER from shibd conf
 5045 * Refactor driver\_hints
 5046 * Imported Translations from Transifex
 5047 * Code which gets and deletes elements of tree was moved to one method
 5048 * indicate that sensitive messages can be disabled
 5049 * Check that the user is dumb moved to the common method
 5050 * Fix spelling mistakes in docs
 5051 * Replace magic value 'service/security' in CadfNotificationWrapper
 5052 * Replace assertTrue and assertFalse with more suitable asserts
 5053 * replaced unicode() with six.text\_type()
 5054 * Remove obsolete note from ldap
 5055 * install from source docs never actually install the keystone service
 5056 * LDAP fix for get\_roles\_for\_user\_and\_project user=group ID
 5057 * Cleanup of ldap assignment backend
 5058 * Remove all mostly untranslated PO files
 5059 * Mapping engine does not handle regex properly
 5060 * SQL fix for get\_roles\_for\_user\_and\_project user=group ID
 5061 * Unimplemented get roles by group for project list
 5062 * sql migration: ensure using innodb utf8 for assignment table
 5063 * Update mailmap entry for Brant
 5064 * Reduce log noise on expired tokens
 5065 * Add note for v3 API clients using auth plugin docs
 5066 * Refactor test\_auth trust related tests
 5067 * Add detailed federation configuration docs
 5068 * remove a few backslash line continuations
 5069 * Reduce excess LDAP searches
 5070 * Regenerate sample config
 5071 * Fix version links to docs.openstack.org
 5072 * Add mailmap entry
 5073 * Refactor create\_trust for readability
 5074 * Adds several more tests to the Python 3 test run
 5075 * Fixed the policy tests in Python 3
 5076 * Fixed the size limit tests in Python 3
 5077 * fixed typos found by RETF rules in RST files
 5078 * Remove the configure portion of extension docs
 5079 * Ensure token is a string
 5080 * Fixed some typos throughout the codebase
 5081 * Allow 'description' in V3 Regions to be optional
 5082 * More random values for oAuth1 verifier
 5083 * Add rally performance gate job for keystone
 5084 * Set proper DB\_INIT\_VERSION on db\_version command
 5085 * Escape values in LDAP search filters
 5086 * Migration DB\_INIT\_VERSION in common place
 5087 * Redundant unique constraint
 5088 * Correct \`nullable\` values in models and migrations
 5089 * Move hacking code to a separate fixture
 5090 * Some methods in ldap were moved to superclass
 5091 * Sync with oslo-incubator 28fba9c
 5092 * Use oslo.test mockpatch
 5093 * Check that all po/pot files are valid
 5094 * No longer allow listing users by email
 5095 * Refactor notifications
 5096 * Add localized response test
 5097 * Refactor service readiness notification
 5098 * Make test\_revoke expiry times distinct
 5099 * Removed duplication with list\_user\_ids\_for\_project
 5100 * Fix cache configuration checks
 5101 * setUp must be called on a fixture's parent first
 5102 * First real Python 3 tests
 5103 * Make the py33 Jenkins job happy
 5104 * Fix the "search for sql.py" files for db models
 5105 * Sync with oslo-incubator 74ae271
 5106 * no one uses macports
 5107 * Updated from global requirements
 5108 * Compatible server default value in the models
 5109 * Explicit foreign key indexes
 5110 * Added statement for ... if ... else
 5111 * Imported Translations from Transifex
 5112 * Ignore broken endpoints in get\_v3\_catalog
 5113 * Fix typo on cache backend module
 5114 * Fix sql\_upgrade tests run by themselves
 5115 * Discourage use of pki\_setup
 5116 * add dependencies of keystone dev-enviroment
 5117 * More efficient DN list for LDAP role delete
 5118 * Stronger assertion for test\_user\_extra\_attribute\_mapping
 5119 * Refactor test\_password\_hashed to the backend testers
 5120 * Remove LDAP password hashing code
 5121 * More notification unit tests
 5122 * Add missing import, remove trailing ":" in middleware example
 5123 * Fixes for in-code documentation
 5124 * Isolate backend loading
 5125 * Sync with oslo-incubator 2fd457b
 5126 * Adding one more check on project\_id
 5127 * Moves test database setup/teardown into a fixture
 5128 * Make the LDAP debug option a configurable setting
 5129 * Remove unnecessary dict copy
 5130 * More debug output for test
 5131 * Code which gets elements of tree in ldap moved to a common method
 5132 * Removed unused code
 5133 * Don't re-raise instance
 5134 * Fix catalog Driver signatures
 5135 * Include extra attributes in list results
 5136 * Allow any attributes in mapping
 5137 * Enhance tests for user extra attribute mapping
 5138 * Fix typo of ANS1 to ASN1
 5139 * Updated from global requirements
 5140 * Refactor: moved flatten function to utils
 5141 * Collapse SQL Migrations
 5142 * Treat LDAP attribute names as case-insensitive
 5143 * replace word 'by' with 'be'
 5144 * Configurable token hash algorithm
 5145 * Adds style checks to ease reviewer burden
 5146 * Adding more descriptive error message
 5147 * Fixed wrong behavior in method search\_s in BaseLdap class
 5148 * Fix response for missing attributes in trust
 5149 * Refactor: move federation functions to federation utils
 5150 * List all forbidden attributes in the request body
 5151 * Convert test\_backend\_ldap to config fixture
 5152 * Add tests for user ID with comma
 5153 * Fix invalid LDAP filter for user ID with comma
 5154 * Remove assignment proxy methods/controllers
 5155 * Remove legacy\_endpoint\_id and enabled from service catalog
 5156 * Replace all use of mox with mock
 5157 * Fix assertEqual arguments order(catalog, cert\_setup, etc)
 5158 * Remove common.V3Controller.check\_required\_params() method
 5159 * Fix parallel unit tests keystoneclient partial checkout
 5160 * Sync from oslo db.sqlalchemy.migration
 5161 * Removes unused db\_sync methods
 5162 * Removes useless wrapper from manager base class
 5163 * Cleanup of test\_cert\_setup tests
 5164 * Sanitizes authentication methods received in requests
 5165 * Fix create\_region\_with\_id raise 500 Error bug
 5166 * For ldap, API wrongly reports user is in group
 5167 * support conventional domain name with one or more dot
 5168 * Remove \_delete\_tokens function from federation controller
 5169 * Keystone doesn't use pam
 5170 * Fixed small capitalization issue
 5171 * Fix Jenkins translation jobs
 5172 * Removes some duplicate setup from a testcase
 5173 * Updated from global requirements
 5174 * Enable concurrent testing by default
 5175 * Cleanup ldap tests (mox and reset values)
 5176 * Check domain\_id with equality in assignment kvs
 5177 * Moves database setup/teardown closer to its usage
 5178 * Cleanup config.py
 5179 * Clean up config help text
 5180 * Imported Translations from Transifex
 5181 * test\_v3\_token\_id correctly hash token
 5182 * Safer noqa handling
 5183 * Remove noqa form import \_s
 5184 * Fix assertEqual arguments order(auth\_plugin, backend, backend\_sql, etc)
 5185 * Expand the use of non-ascii values in ldap test
 5186 * Properly handle unicode & utf-8 in LDAP
 5187 * Refactor LDAP API
 5188 * Use in-memory SQLite for sql migration tests
 5189 * Use in-memory SQLite for testing
 5190 * Remove extraenous instantiations of managers
 5191 * Make service catalog include service name
 5192 * Add placeholders for reserved migrations
 5193 
 5194 2014.1.rc1
 5195 ----------
 5196 
 5197 * Open Juno development
 5198 * Enable lazy translations in httpd/keystone.py
 5199 * Avoid using .values() on the indexed columns
 5200 * Imported Translations from Transifex
 5201 * revert deprecation of v2 API
 5202 * Remove unnecessary test setUps
 5203 * code hygiene; use six.text\_type, escape regexp's, use key function
 5204 * Use CMS to generate sample tokens
 5205 * Allows override of stdout/stderr/log capturing
 5206 * exclude disabled services from the catalog
 5207 * refactor AuthCatalog tests
 5208 * Rename keystone.tests.fixtures
 5209 * Change the default version discovery URLs
 5210 * Remove extra cache layer debugging
 5211 * Updated from global requirements
 5212 * Fix doc build errors with SQLAlchemy 0.9
 5213 * Sync oslo-incubator db.sqlalchemy b9e2499
 5214 * Create TMPDIR for tests recursively
 5215 * Always include 'enabled' field in service response
 5216 * test tcp\_keepidle only if it's available on the current platform
 5217 * Add dedicated URL for issuing unscoped federation tokens
 5218 * Cleanup revocation query
 5219 * Reduce environment logging
 5220 * Use assertIsNone when comparing against None
 5221 * Removes the use of mutables as default args
 5222 * Add a space after the hash for block comments
 5223 * Filter SAML2 assertion parameters with certain prefix
 5224 * Use assertIn in test\_v3\_catalog
 5225 * Add support for parallel testr workers in Keystone
 5226 * is\_revoked check all viable subtrees
 5227 * update sample conf
 5228 * explicitly import gettext function
 5229 * expires\_at should be in a tuple not turned into one
 5230 * Comparisons should account for instantaneous test execution
 5231 * Start using to oslotest
 5232 * Uses generator expressions instead of filter
 5233 * Remove unused db\_sync from extensions
 5234 * Ability to turn off ldap referral chasing
 5235 * Add user\_id when calling populate\_roles\_for\_groups
 5236 * Store groups ids objects list in the OS-FEDERATION object
 5237 * Make domain\_id immutable by default
 5238 * Do not expose internal data on UnexpectedError
 5239 * Use oslo db.sqlalchemy.session.EngineFacade.from\_config
 5240 * Uses explicit imports for \_
 5241 * Rename scope\_to\_bad\_project() to test\_scope\_to\_bad\_project()
 5242 * Make LIVE Tests configurable with ENV
 5243 * Filter out nonstring environment variables before rules mapping
 5244 * Provide option to make domain\_id immutable
 5245 * Replace httplib.HTTPSConnection in ec2\_token
 5246 * Move test .conf files to keystone/tests/config\_files
 5247 * Removal of test .conf files
 5248 * Don't automatically enable revocation events
 5249 * Ensure v3policysample correctly limits domain\_admin access
 5250 * Sync db, db.sqlalchemy from oslo-incubator 0a3436f
 5251 * Do not use keystone.conf.sample in tests
 5252 * Filter LDAP dumb member when listing role assignments
 5253 * Updated from global requirements
 5254 * Remove unnecessary oauth1.Manager constructions
 5255 * Enforce groups presence for federated authn
 5256 * Update sample config
 5257 * Very minor cleanup to default\_fixtures
 5258 * Cleanup keystoneclient tests
 5259 * Cleanup fixture data added to test instances
 5260 * Cleans up test data from limit tests
 5261 * Cleanup of instance attrs in core tests
 5262 * Cleanup backends after each test
 5263 * Fixup region description uniqueness
 5264 * Add slowest output to tox runs (testr)
 5265 * Add missing documentation for enabling oauth1 auth plugin
 5266 * Add missing documentation for enabling federation auth plugin
 5267 * Use class attribute to represent 'user' and 'group'
 5268 * Configurable temporary directory for tests
 5269 * Call an existing method in sync cache for revoke events
 5270 * Remove unnecessary calls to self.config()
 5271 * remove the unused variable in test\_sql\_upgrade
 5272 * remove hardcoded SQL queries in tests
 5273 * Fix db\_version failed with wrong arguments
 5274 * Use config fixture
 5275 * Fix docstrings in federation related modules
 5276 * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd
 5277 * V3 xml responses should use v3 namespace
 5278 * trust creation allowed with empty roles list
 5279 * Fix test\_provider\_token\_expiration\_validation transient failure
 5280 * Fix include only enabled endpoints in catalog
 5281 * Add unit tests for disabled endpoints in catalog
 5282 
 5283 2014.1.b3
 5284 ---------
 5285 
 5286 * Update ADMIN\_TOKEN description in docs
 5287 * Mark revoke as experimental
 5288 * Import order is fixed
 5289 * Remove unused function from tests
 5290 * Add OS-OAUTH1 to consumers links section
 5291 * Don't need session.flush in context managed by session
 5292 * Imported Translations from Transifex
 5293 * allow create credential with the system admin token
 5294 * Stop gating on up-to-date sample config file
 5295 * Always include 'enabled' field in endpoint response
 5296 * Add the last of the outstanding helpstrings to config
 5297 * Token Revocation Extension
 5298 * Remove vim headers
 5299 * Removes use of timeutils.set\_time\_override
 5300 * drop key distribution from icehouse
 5301 * Limited use trusts
 5302 * Update curl api example to specify tenant
 5303 * Update Oslo wiki link in README
 5304 * Properly configure OS-EP-FILTER test backend
 5305 * Add tests for endpoint enabled
 5306 * Remove the un-used and non-maintained PAM identity backend
 5307 * Remove paste\_deploy from test\_overrides.conf
 5308 * SQLAlchemy Change to support more strict dialect checking
 5309 * Remove "test-only" pam config options
 5310 * Imported Translations from Transifex
 5311 * Fix get project users when no user exists
 5312 * deprecate XML support in favor of JSON
 5313 * Lazy gettextutils behavior
 5314 * Fix the order of assertEqual arguments(keystoneclient, kvs, etc)
 5315 * Update Oslo wiki link in README
 5316 * Removes a redundant test
 5317 * Remove unused variable
 5318 * Implement V3 Specific Version of EC2 Contrib
 5319 * revocation\_list only call isotime on datetime objects
 5320 * Support authentication via SAML 2.0 assertions
 5321 * Fix table name typo in test\_sql\_upgrade
 5322 * Cleanup and add more config help strings
 5323 * Ensure v2 API only returns projects in the default domain
 5324 * Support for mongo as dogpile cache backend
 5325 * v3 endpoint create should require url
 5326 * Fix issue with DB upgrade to assignment table
 5327 * Remove duplicated cms file
 5328 * oauth1 extension migration fails with DB2
 5329 * Handle exception messages with six.text\_type
 5330 * Remove common.sql.migration
 5331 * Unimplemented error on V3 get token
 5332 * Updated from global requirements
 5333 * Replace assertEqual(None, \*) with assertIsNone in tests
 5334 * Fix keystone-manage db\_version
 5335 * Fix assertEqual arguments order(\_ldap\_tls\_livetest, backend\_kvs, etc)
 5336 * Fix assertEqual arguments order(backend\_ldap, cache, v3\_protection)
 5337 * Fix the order of assertEqual arguments(v3\_auth, v3\_identity)
 5338 * Move \_BaseController to common/controllers.py
 5339 * Remove oslo rpc
 5340 * Fix webob.exc.HTTPForbidden parameter miss
 5341 * Remove redundant default value None for dict.get
 5342 * Remove oslo notifier
 5343 * Uses the venv virtualenv for the pep8 command
 5344 * Sync db.exception from Oslo
 5345 * Update oslo-incubator log.py to a01f79c
 5346 * Update man pages
 5347 * Add tests for create grant when no group
 5348 * Add tests for create grant when no user
 5349 * Correct a docstring in keystone.common.config
 5350 * Enable pep8 test against auto-generated configuration
 5351 * Update config options with helpstrings and generate sample
 5352 * Keystone doc has wrong keystone-manage command
 5353 * Fix assertEqual arguments order
 5354 * strengthen assertion for unscoped tokens
 5355 * Remove sql.Base
 5356 * Always hash passwords on their way into the DB
 5357 * bad config user\_enable\_emulation in mask test
 5358 * Convert Token Memcache backend to new KeyValueStore Impl
 5359 * Implement mechanism to provide non-expiring keys in KVS
 5360 * Rationalize the Assignment Grant Tables
 5361 * Add version routes to KDS
 5362 * Keystone team uses #openstack-keystone now
 5363 * Adds model mixin for {to,from}\_dict functionality
 5364 * Adds Cloud Audit (CADF) Support for keystone authentication
 5365 * Use class attribute to represent 'project'
 5366 * Switch over to oslosphinx
 5367 * Replace notifier with oslo.messaging
 5368 * Clean StatsController unnecesary members
 5369 * Use global to represent OS-TRUST:trust
 5370 * Additional notifications for revocations
 5371 * add policy entries for /v3/regions
 5372 * Use Oslo.db migration
 5373 * \`find\_migrate\_repo\` improvement
 5374 * Variable 'domain\_ref' referenced before assignment
 5375 * Cleanup Dogpile KVS Memcache backend support
 5376 * Fix test\_provider\_token\_expiration\_validation transient failure
 5377 * Restructure KDS options to be more like Keystone's options
 5378 * Setup code for auto-config sample generation
 5379 * Correct \`find\_migrate\_repo\` usage
 5380 * Make live LDAP user DN match the default from devstack
 5381 * Set sensible default for keystone's paste
 5382 * Treat sphinx warnings as errors
 5383 * Use WebOb directly in ec2\_token middleware
 5384 * Add lockfile and kombu as requirements for keystone
 5385 * Move filter\_limit\_query out of sql.Base
 5386 * List trusts, incorrect self link
 5387 * LDAP: document enabled\_emulation
 5388 * Remove s3\_token functional tests
 5389 * Provide clearer error when deleting enabled domain
 5390 * Remove copyright from empty files
 5391 * Syncing policy engine from oslo-incubator
 5392 * Rename Openstack to OpenStack
 5393 * Refactor get role for trust
 5394 * KDS fix documented exception
 5395 * Cleanup oauth tests
 5396 * Correctly normalize consumer fields on update
 5397 * Add tests for oauth consumer normalize fields
 5398 * Adds a fixture for setting up the cache
 5399 * Clean up database fixtures
 5400 * Fixes bug in exception message generation
 5401 * reverse my preferred mailmap
 5402 * Notifications upon disable
 5403 * Move identity logic from controller to manager
 5404 * Changing testcase name to match our terminology
 5405 * Allow specifying region ID when creating region
 5406 * explicitly expect hints in the @truncated signature
 5407 * list limit doc cleanup
 5408 * Correct error class in find\_migrate\_repo
 5409 * Remove unnecessary check to see if trustee exists
 5410 * Enforce current certificate retrieval behaviour
 5411 * Use WebOb directly for locale testing
 5412 * Cleanup KDS doc build errors
 5413 * Adds rule processing for mapping
 5414 * Add in functionality to set key\_mangler on dogpile backends
 5415 * Fix indentation issue
 5416 * Cleanup invalid token exception text
 5417 * Limit calls to memcache backend as user token index increases in size
 5418 * Style the code examples in docs as python
 5419 * Fixes a misspelling
 5420 * Doc - Keystone configuration - moving RBAC section
 5421 * Doc - Detailing  objects' attributes available for policy.json
 5422 * Do not use auth\_info objects for accessing the API
 5423 * Remove unused method \_get\_domain\_id\_from\_auth
 5424 * Remove unused method \_get\_domain\_conf
 5425 * Remove unused method \_store\_protocol
 5426 * Remove tox locale overrides
 5427 * Remove unused methods from AuthInfo
 5428 * Remove unused method \_create\_metadata
 5429 * Add test for list project users when no user
 5430 * Fix assignment KVS backend to not use identity
 5431 * Update kvs assignment backend docs
 5432 * Don't skip tests for some bugs
 5433 * Update oslo-incubator fixture to 81c478
 5434 * Remove vim header
 5435 * revise example extension directory structure
 5436 * Deprecate s3\_token middleware
 5437 * Update requirements to 661e6
 5438 * Implement list limiting support in driver backends
 5439 * Fix misspellings in keystone
 5440 * Removes use of fake\_notify and fixes notify test
 5441 * Remove host from per notification options
 5442 * Document priority level on Keystone notifications
 5443 * Remove default\_notification\_level from conf
 5444 * Mock sys.exit in testing
 5445 * Remove auth\_token middleware doc
 5446 * Move v3\_to\_v2\_user from manager to controller
 5447 * Update db.sqlalchemy.session from oslo-incubator 018138
 5448 * Adds tcp\_keepalive and tcp\_keepidle config options
 5449 * Ensure mapping rule has only local and remote properties
 5450 * clean up keystone-manage man page
 5451 * Refactor tests move assertValidErrorResponse
 5452 * fix grammar error in keystone-manage.rst
 5453 * Add rules to be a required field for mapping schema
 5454 * Cleanup docstrings
 5455 * Do not call deprecated functions
 5456 * Removes useless string
 5457 * Removes duplicate key from test fixtures
 5458 * Fixes a Python3 syntax error using raise
 5459 * Uses six.text\_type instead of unicode
 5460 * Uses six.iteritems for Python3 compat
 5461 * Add tests to ensure additional remote properties are not validated
 5462 * Removes xrange for Python3 compat
 5463 * Cleanup sample config
 5464 * Change 'oauth\_extension' to 'oauth1\_extension'
 5465 * Modified keystone endpoint-create default region
 5466 * Load the federation manager
 5467 * Fix indentation errors found by Pep8 1.4.6+
 5468 * Mark strings for translation in ldap backends
 5469 * Remove unused variable assignment
 5470 * Sync oslo's policy module
 5471 * Replace urllib/urlparse with six.moves.\*
 5472 * Change Continuous Integration Project link
 5473 * Remove legacy diablo and essex test cruft
 5474 * Refactor Auth plugin configuration options
 5475 * Use self.opt\_in\_group overrides
 5476 * Federation IdentityProvider filter fields on update response
 5477 * Remove unnecessary test methods
 5478 * Refactor federation controller class hierarchy
 5479 * Refactor mutable parameter handling
 5480 * Avoid use of str() with exceptions
 5481 * Use message when creating Unauthorized exception
 5482 * Make error strings translatable
 5483 * Enhancing tests to check project deletion in Active Directory
 5484 * Add required properties field to rules schema
 5485 * Fix assignment to not require user or group existence
 5486 * deprecate access log middleware
 5487 * remove access log middleware from the default paste pipeline
 5488 * deprecate v2.0 API in multiple choice response
 5489 * cleaned up extension development docs
 5490 * Add a docstring and rename mapping tests
 5491 * Remove versionId, versionInfo, versionList from examples
 5492 * Tests initialize database
 5493 * Don't set default for a nullable column
 5494 * Remove autoincrement from String column
 5495 * Fix docstrings in federation controller
 5496 * Change assertTrue(isinstance()) by optimal assert
 5497 * sync oslo-incubator log.py
 5498 * turn off eventlet.wsgi debug
 5499 * Make boolean query filter "False" argument work
 5500 * Fix list\_projects\_for\_endpoint failed bug
 5501 * Introduce database functionality into KDS
 5502 * Update the default\_log\_levels defaults
 5503 * Correct sample config default log levels
 5504 * deprecate stats middleware
 5505 * Use passed filter dict param in core sql filtering
 5506 * Fix federation documentation reference
 5507 * build auth context from middleware
 5508 * correct the document links in man documents
 5509 * Use six.text\_type to replace unicode
 5510 * Don't mask the filter built-in
 5511 * Move sql.Base.transaction
 5512 * Remove sql.Base.get\_session
 5513 * renamed extensions development doc
 5514 * Implement filter support in driver backends
 5515 * append extension name to trust notifications
 5516 * Allow event callback registration for arbitrary resource types
 5517 * Fix test\_auth isolation
 5518 * Policy sample - Identity v3 resources management
 5519 * Tests use setUp rather than init
 5520 * Improve forbidden checks
 5521 * Tests remove useless config list cleanup code
 5522 * use assertEqual instead of assertIs for string comparison
 5523 * Don't configure on import
 5524 * Fix reading cache-time before configured
 5525 * Cleanup eventlet setup
 5526 * Remove unused variables from common.config
 5527 * Reference dogpile.cache.memcached backend properly
 5528 * Unify StringIO usage with six.StringIO
 5529 * Fix typos in documents and comments
 5530 * Sync oslo strutils.py
 5531 * Use six.string\_types instead of basestring
 5532 
 5533 2014.1.b2
 5534 ---------
 5535 
 5536 * Use six to make dict work in Python 2 and Python 3
 5537 * initialize environment for tests that call popen
 5538 * Don't duplicate the existing config file list
 5539 * Implement notifications for trusts
 5540 * Remove kwargs from trust\_api.create\_trust
 5541 * Fixup incorrect comment
 5542 * Simple Certificate Extension
 5543 * Add mapping function to keystone
 5544 * Switch from 400 to 403 on ImmutableAttributeError
 5545 * Identity Providers CRUD operations
 5546 * Move KDS paths file
 5547 * Update comments in test\_v3\_protection.py
 5548 * description is wrong in endpoint filter rst doc
 5549 * Drop unsused "extras" dependency
 5550 * LDAP Assignment does not support grant v3 API
 5551 * Adds run\_tests.sh cli option to stop on failure
 5552 * Removes option to delete test DB from run\_tests.sh
 5553 * Removes deprecation warning from run\_tests.sh
 5554 * v3 credentials, ensure blob response is json
 5555 * Store ec2 credentials blob as json
 5556 * remove unused LOG
 5557 * Store trust\_id for v3/credentials ec2 keypairs
 5558 * Refactor context trust\_id check to wsgi.Application base class
 5559 * Implementation of internal notification callbacks within Keystone
 5560 * Replacing python-oauth2 by oauthlib
 5561 * Fix using non-default default\_domain\_id
 5562 * Enhance auth tests for non-default default\_domain\_id
 5563 * KVS support domain as namespace for users
 5564 * Remove unused member from KVS assignment
 5565 * Enhance tests for non-default default\_domain\_id
 5566 * rename templated.TemplatedCatalog to templated.Catalog
 5567 * Sync with global requirements
 5568 * Implements regions resource in 3.2 Catalog API
 5569 * Reduces memory utilization during test runs
 5570 * reduce default token duration to one hour
 5571 * Document running with pdb
 5572 * Restructure developing.rst
 5573 * Enable lazy translation
 5574 * Sync gettextutils from oslo-incubator 997ab277
 5575 * derive custom exceptions directly from Exception
 5576 * Do not append to messages with +
 5577 * Convert Token KVS backend to new KeyValueStore Impl
 5578 * Fix sample config external default doc
 5579 * Documentation cleanup
 5580 * Make common log import consistent
 5581 * Remove unused variables
 5582 * Safe command handling for openssl
 5583 * Fix external auth (REMOTE\_USER) plugin support
 5584 * Cleanup test\_no\_admin\_token\_auth cleanup code
 5585 * Subclasses of TestCase don't need to reset conf
 5586 * Cleanup test\_associate\_project\_endpoint\_extension
 5587 * Tests use cleanUp rather than tearDown
 5588 * Remove netifaces requirement
 5589 * Clean up fakeldap logging
 5590 * Resolve oauth dependency after paste pipeline is loaded
 5591 * Change ListOpt default value from str or None to list
 5592 * Sync oslo-incubator rpc	module
 5593 * Cleanup from business logic refactor
 5594 * Introduce basic Pecan/WSME framework for KDS
 5595 * Don't need session.flush in context managed by session
 5596 * races cause 404 when removing user from project
 5597 * initialize eventlet for tests
 5598 * Flush tokens in batches with DB2
 5599 * Remove unnecessary line in test\_auth
 5600 * Clean up docstrings in contrib.oauth1.core
 5601 * Remove unused test function
 5602 * Remove 'disable user' logic from \_delete\_domain\_contents
 5603 * Break dependency of base V3Controller on V2Controller
 5604 * Move deletion business logic out of controllers
 5605 * Do not update password when updating grants in Assignment KVS
 5606 * Cleanup of new credential\_api delete methods
 5607 * Enhance list\_group\_users in GroupApi
 5608 * Remove noop code
 5609 * Remove unused imports
 5610 * Fix typo in test
 5611 * Fix IPv6 check
 5612 * Remove unused code in contrib/ec2/controllers.py
 5613 * Fix use the fact that empty sequences are false
 5614 * Imported Translations from Transifex
 5615 * Synchronized with oslo db and db.sqlalchemy
 5616 * Fix variable passed to driver module
 5617 * Updated Keystone development install instructions for Ubuntu
 5618 * Stops file descriptor leaking in tests
 5619 * Re-write comment for ADMIN\_TOKEN
 5620 * Reduced parameters not used in \_populate\_user()
 5621 * Sync several modules from oslo-incubator
 5622 * Use oslo.db sessions
 5623 * Switch to oslo-incubator mask\_password
 5624 * Replace xrange in for loop with range
 5625 * Move Assignment Controllers and Routers to be First Class
 5626 * Remove Identity and Assignment controller interdependancies
 5627 * Policy based domain isolation can't be defined
 5628 * Moves keystoneclient master tests in a new class
 5629 * Makes the test git checkout info more declaritive
 5630 * trustee unable to perform role based operations on trust
 5631 * Cleanup backend loading
 5632 * Uses oslo's deprecated decorator; removes ours
 5633 * Move endpoint\_filter extension documentation
 5634 * Refactor setup\_logging
 5635 * Fixes documentation building
 5636 * Create user returns 400 without a password
 5637 * Fixes the v2 GET /extensions curl example in the documentation
 5638 * Add assertSetEqual to base test class
 5639 * Base Implementation of KVS Dogpile Refactor
 5640 * Sync db.sqlalchemy from oslo-incubator
 5641 * Fix errors for create\_endpoint api in version2
 5642 * Fix issues handling trust tokens via ec2tokens API
 5643 * Fix typo in identity:list\_role\_assignments policy
 5644 * Debug env for tox
 5645 * Updated from global requirements
 5646 * Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2
 5647 * Add ABCMeta metaclass to token provider
 5648 * token provider cleanup
 5649 * Sync versionutils from oslo
 5650 * Cleanup duplication in test\_backend
 5651 * replace "global" roles var names with "all" roles
 5652 * Remove unused token.valid index
 5653 * Narrow columns used in list\_revoked\_tokens sql
 5654 * Remove roles from OS-TRUST list responses
 5655 * Remove deprecated code
 5656 * Sync rpc fix from oslo-incubator
 5657 * Don't run non-tests
 5658 * Formalize deprecation of token\_api.list\_tokens
 5659 * Add index to cover revoked token list
 5660 
 5661 2014.1.b1
 5662 ---------
 5663 
 5664 * Refactor assertEqualXML into a testtools matcher
 5665 * Adds support for username to match the v2 spec
 5666 * One transaction per call to sql assignment backend
 5667 * Allow caching to be disabled and tests still pass
 5668 * Sync From OSLO
 5669 * Updated from global requirements
 5670 * Revert "Return a descriptive error message for controllers"
 5671 * Adds a resource for changing a user's password
 5672 * Deprecates V2 controllers
 5673 * Updates .gitignore
 5674 * Ensure the sample policy file won't diverge
 5675 * Add pycrypto as a test-requirement
 5676 * Imported Translations from Transifex
 5677 * Fix typo in keystone
 5678 * Added documentation to keystone.common.dependency
 5679 * Make HACKING.rst DRYer
 5680 * Allow downgrade for extensions
 5681 * Try decoding string to UTF-8 on error message fail
 5682 * Import strutils from oslo
 5683 * Capture debug logging in tests
 5684 * Easy testing with alternate keystoneclient
 5685 * Sync log\_handler module from Oslo
 5686 * refactor test\_catalog
 5687 * PasteConfigNotFound also raised when keystone.conf not found
 5688 * Style improvements to logging format strings
 5689 * Sync the DB2 communication error code change from olso
 5690 * Skip test\_arbitrary\_attributes\_\* in \_ldap\_livetest
 5691 * Add documentation for Read Only LDAP configuration option
 5692 * Remove deprecated auth\_token middleware
 5693 * Role NoneType object has no attribute setdefault
 5694 * Utilites for manipulating base64 & PEM
 5695 * Add memcache options to sample config
 5696 * UUID vs PKI docs
 5697 * RST fix for os\_inherit example
 5698 * Rewrites the serveapp method into a fixture
 5699 * Allow use of rules Policy driver
 5700 * Return a descriptive error message for controllers
 5701 * Proxy Assignment from Identity Deprecated
 5702 * Remove obsolete redhat-eventlet.patch
 5703 * AuthInfo use dependency injection
 5704 * Issue unscoped token if user's default project is invalid
 5705 * Detangle v3 RestfulTestCase setup
 5706 * Do not name variables as builtins
 5707 * Updated from global requirements
 5708 * Removes unused paste appserver instances from tests
 5709 * Add WSGI environment to context
 5710 * trusts raise validation error if expires\_at is invalid
 5711 * Fix newly discovered H302
 5712 * test attribute update edge cases
 5713 * Return an error when a non-existing tenant is added to a user
 5714 * use different bind addresses for admin and public
 5715 * Sync log module from oslo
 5716 * Change deprecated CLI arguments
 5717 * UserAuthInfo use dependency injection
 5718 * fix unparseable JSON
 5719 * Duplicate delete the user\_project\_metadata
 5720 * Skip test\_create\_update\_delete\_unicode\_project in \_ldap\_livetest
 5721 * don't rebind stdlib's os.chdir function
 5722 * Dependency cleanup
 5723 * Moves common RestfulTestCase to it's own module
 5724 * proxy removed from identity and changed to assignment
 5725 * Uses fixtures for mox and stubs
 5726 * Adds fixture package from oslo
 5727 * Fix KVS create\_grant to not raise NotFound if no user/group
 5728 * Enhance tests for assignment create\_grant when no user or group
 5729 * Clean up duplicate exceptions in docs for assignment.Driver
 5730 * Remove obsolete driver test module
 5731 * Change sample policy files to use policy language
 5732 * Documentation on how-to develop Keystone Extensions
 5733 * Allow delete user or group at same time as role
 5734 * Enhance tests for delete\_grant no user/group
 5735 * Fix issue deleting ec2-credentials as non-admin user
 5736 * Remove duplicated code on test\_v3\_auth
 5737 * Removes NoModule from the base testcase
 5738 * Fixes tox coverage command
 5739 * Update mailmap for Joe Gordon
 5740 * Add WWW-Authenticate header in 401 responses
 5741 * Use abstract base class for endpoint\_filter driver
 5742 * Use abstract base class for oauth driver
 5743 * Use abstract base class for policy driver
 5744 * Use abstract base class for token driver
 5745 * Document tox instead of run\_tests.sh
 5746 * Update my mailmap
 5747 * remove 8888 port in sample\_data.sh
 5748 * Adds decorator to deprecate functions and methods
 5749 * Move fakeldap to tests
 5750 * Fix remove role assignment adds role using LDAP assignment
 5751 * Enhance tests for deleting a role not assigned
 5752 * Implementation of opt-out from catalog data during token validation
 5753 * Add external.Base class to external plugins
 5754 * Add notifications for groups and roles
 5755 * add IRC channel & wiki link to README
 5756 * Add python-six to requirements
 5757 * Fix v2 token user ref with trust impersonation=True
 5758 * Changes to testr as the test runner
 5759 * Fixes error messaging
 5760 * Handle unicode at the caching layer more elegantly
 5761 * set user\_update policy to admin\_required
 5762 * Remove unused DEFAULT\_DOMAIN variable
 5763 * Remove unused config option auth\_admin\_prefix
 5764 * Remove unused member
 5765 * Adds tests for user extra attribute behavior
 5766 * Adds identity v2 tests to show extra behavior
 5767 * Treats OS-KSADM:password as password in v2 APIs
 5768 * Adds more uniformity to identity update\_user calls
 5769 * Don't use default value in LimitingReader
 5770 * Use abstract base class for auth handler
 5771 * Use abstract base class for catalog driver
 5772 * Use abstract base class for credential driver
 5773 * Use abstract base class for assignment driver
 5774 * Use abstract base class for trust driver
 5775 * Use abstract base class for identity driver
 5776 * remove the nova dependency in the ec2\_token middleware
 5777 * Catch the socket exception and log it
 5778 * Fixes broken doc references
 5779 * Sync db.sqlalchemy
 5780 * Handle DB2 disconnect
 5781 * Fix mysql checkout handler AttributeError
 5782 * Disable lazy gettext
 5783 
 5784 2013.2.rc1
 5785 ----------
 5786 
 5787 * Open Icehouse development
 5788 * Imported Translations from Transifex
 5789 * Sync with global requirements
 5790 * Add tests dir to the coverage omit list
 5791 * Update tox config
 5792 * Close the cursor for SQLite for 034 upgrade/downgrade on select
 5793 * Imports oslo policy to fix test issues
 5794 * Fixes errors logging in as a user with no password
 5795 * Fix live LDAP tests
 5796 * Eliminate type error on search\_s
 5797 * Fix error when create user with LDAP backend
 5798 * assertEquals is deprecated, use assertEqual (H602)
 5799 * Validate token calls return 404 on invalid tokens
 5800 * Protect oauth controller calls and update policy.json
 5801 * Fix updating attributes with ldap backend
 5802 * sync oslo policy
 5803 * Changes v1.1 to v2 for Compute endpoint in sample\_data.sh
 5804 * Update man pages
 5805 * Update man page version
 5806 * Sync gettextutils from oslo
 5807 * only run flake8 once (bug 1223023)
 5808 * upgrade to oslo.config 1.2 final
 5809 * Add user to project if project ID is changed
 5810 * Ensure any relevant tokens are revoked when a role is deleted
 5811 * Check token\_format for default token providers only
 5812 * Modify oauth1 tests to use generated keystone token in a call
 5813 * Test for backend case sensitivity
 5814 * Remove ldap identity domain attribute options
 5815 * Cleanup of tenantId, tenant\_id, and default\_project\_id
 5816 * Add extra test coverage for unscoped token invalidation
 5817 * Monkey patch select in environment
 5818 * Rewrite README.rst
 5819 * Enclose command args in with\_venv.sh
 5820 * check for domain existence before doing any ID work
 5821 * Ensure v2 tokens are correctly invalidated when using BelongsTo
 5822 * Sync gettextutils from oslo
 5823 * Use localisation for logged warnings
 5824 * Fix misused assertTrue in unit tests
 5825 * oauth using optional dependencies
 5826 * Rationalize list\_user\_projects and get\_projects\_for\_user
 5827 * Optional dependency injection
 5828 * Include new notification options in sample config
 5829 * fix rst syntax in database schema migrations docs
 5830 * Ignore H803 from Hacking
 5831 * Test upgrade migration 16->17
 5832 * test token revocation list API (bug 1202952)
 5833 * Imported Translations from Transifex
 5834 * gate on H304: no relative imports
 5835 * Move gettextutils installation in tests to core
 5836 * Cleanup tests imports so not relative
 5837 * Tests use "from keystone import tests"
 5838 * Reduce churn of cache on revocation\_list
 5839 * domain-specific drivers experimental in havana
 5840 * Fixes for user response with LDAP user\_enabled\_mask
 5841 * Close each LDAP connection after it is used, following python-ldap docs
 5842 * Remove CA key password from cert setup
 5843 * Import core.\* in keystone.tests
 5844 * Fix incorrect test for list\_users
 5845 * Changed header from LLC to Foundation based on trademark policies
 5846 * Changes template header for translation catalogs
 5847 * Support timezone in memcached token backend
 5848 
 5849 2013.2.b3
 5850 ---------
 5851 
 5852 * Imported Translations from Transifex
 5853 * Move CA key from certs directory to private directory
 5854 * OAuth authorizing user should propose roles to delegate
 5855 * Need to use \_() to handle i18n string messages
 5856 * Fix the code miss to show the correct error messages
 5857 * Move \_generate\_paste\_config to tests.core
 5858 * add 'project' notifications to docs
 5859 * Implement basic caching around assignment CRUD
 5860 * Update keystone wsgi httpd script for oslo logging
 5861 * Utilities to create directores, set ownership & permissions
 5862 * Modify default file/directory permissions
 5863 * Add a oauth1-configuration.rst and extension section to docs
 5864 * Update keystone-all man page
 5865 * Cleanup cache layer tests
 5866 * Implement caching for Tokens and Token Validation
 5867 * Document usage notifications
 5868 * Imported Translations from Transifex
 5869 * Remove kvs backend from oauth1 extension
 5870 * Use joins instead of multiple lookups in groups sql
 5871 * Add project CRUD to assignment\_api Manager
 5872 * Add Memory Isolating Cache Proxy
 5873 * Enable SQL tests for oauth
 5874 * Implement decorator-based notifications for users
 5875 * Use common db model class from Oslo
 5876 * Add common code from Oslo for work with database
 5877 * Use testtools as base test class
 5878 * Bump hacking to 0.7
 5879 * Removes KVS references from the documentation
 5880 * Add notifications module
 5881 * Drop support for diablo to essex migrations
 5882 * Add 'cn' to attribute\_list for enabled\_users/tenants query
 5883 * Implement API protection on target entities
 5884 * Refactor Token Provider to be aware of expired tokens
 5885 * Implement Caching for Token Revocation List
 5886 * Keystone Caching Layer for Manager Calls
 5887 * Create associations between projects and endpoints
 5888 * Fixes a link in the documentation
 5889 * Use correct filename for index & serial file when setting permissions
 5890 * remove flake8 option from run\_tests.sh
 5891 * Fix role lookup for Active Directory
 5892 * Clean up keystone-manage man page
 5893 * change oauth.consumer description into nullable
 5894 * Use system locale when Accept-Language header is not provided
 5895 * Fix translate static messages in response
 5896 * Migrating ec2 credentials to credential
 5897 * Fix error where consumer is not deleted from sql
 5898 * add foreign key constraint on oauth tables
 5899 * Remove a useless arg in range()
 5900 * Remove enumerate calls
 5901 * filter in ldap list\_groups\_for\_user
 5902 * Delete file TODO
 5903 * use provider to validate tokens
 5904 * Fix isEnabledFor for compatibility with logging
 5905 * Ensure username passed by REMOTE\_USER can contain '@'
 5906 * fix the default values for token and password auth
 5907 * Remove an enumerate call
 5908 * Add defense in ldap:get\_roles\_for\_user\_and\_project
 5909 * remove unused function
 5910 * Remove Keystone specific logging module
 5911 * remove refs to keystone.common.logging
 5912 * Remove User Check from Assignments
 5913 * Refactor Token Providers for better version interfaces
 5914 * Remove kwargs from manager calls / general cleanup
 5915 * Store hash of access as primary key for ec2 type
 5916 * Add delegated\_auth support for keystone
 5917 * Fix LDAP Identity get user with user\_enabled\_mask
 5918 * Fix LDAP Identity with non-zero user\_enabled\_default
 5919 * More validation in test\_user\_enable\_attribute\_mask
 5920 * Add test test\_deleting\_project\_delete\_grants
 5921 * Cleaned up a few old crufties from README
 5922 * Clean hacking errors in advance of hacking update
 5923 * Add unit test to check non-string password support
 5924 * Assignment to reserved built-in symbol: filter
 5925 * Implement domain specific Identity backends
 5926 * Increase length of username in DB
 5927 * Cleaned up pluggable auth docs
 5928 * Fix test\_user\_enable\_attribute\_mask so it actually tests
 5929 * Do not skip test\_user\_enable\_attribute\_mask in \_ldap\_livetest
 5930 * Skip test\_create\_unicode\_user\_name in \_ldap\_livetest
 5931 * Refactor Keystone to use unified logging from Oslo
 5932 * Revoke user tokens when disabling/delete a project
 5933 * Move affirm\_unique() in create() to BaseLdap
 5934 * Move some logic from update() to BaseLdap
 5935 * Add support for API message localization
 5936 * Remove unused import
 5937 * Assignment to reserved built-in symbol: dir
 5938 * Move 'tests' directory into 'keystone' package
 5939 * Initial implementation of unified-logging
 5940 * Sync notifier module from Oslo
 5941 * Move Babel dependency from test-req to req
 5942 * Ignore flake issues in build/ directory
 5943 * update usage in run\_test.sh for flake8
 5944 * Drop extra credential indexes
 5945 * Sync models with migrations
 5946 * Add memcache to httpd doc
 5947 * Sync unified logging solution from Oslo
 5948 * Configurable max password length (bug 1175906)
 5949 * Fix select n+1 issue in keystone catalog
 5950 * Make pki\_setup work with OpenSSL 0.9.x
 5951 * extension migrations
 5952 * Create default role on demand
 5953 * Set wsgi startup log level to INFO
 5954 * Abstract out attribute\_ignore assigning in LDAP driver
 5955 * Abstract out attribute\_mapping filling in LDAP driver
 5956 * Imported Translations from Transifex
 5957 * remove swift dependency of s3 middleware
 5958 * Raise max header size to accommodate large tokens
 5959 * Clean up use of token\_provider manager in tests
 5960 * add OS-TRUST to links
 5961 * Run test\_mask\_password once
 5962 * Remove kwargs from manager calls where not needed
 5963 * V3 API need to check mandatory field when creating resources
 5964 * Use dependency injection for assignment and identity
 5965 * Handle circular dependencies
 5966 * Clear out the dependency registry between tests
 5967 * .gitignore eggs
 5968 * Handle json data when migrating role metadata
 5969 * Sync DB models and migrations in keystone.assignment.backends.sql
 5970 * Remove passwords from LDAP queries
 5971 * use 'exc\_info=True' instead of import traceback
 5972 * Fix typo: Tenents -> Tenants
 5973 * Use keystone.wsgi.Request for RequestClass
 5974 * Update references with new Mailing List location
 5975 * Scipped tests don't render as ERROR's
 5976 * Implement exception module i18n support
 5977 * Remove vestiges of Assignments from LDAP Identity Backend
 5978 * Load backends before deploy app in client tests
 5979 * default token format/provider handling
 5980 * Fixing broken credential schema in sqlite
 5981 * Use assignment\_api rather than assignment
 5982 * Deprecate kvs token backend
 5983 * Ec2 credentials table not created during testing
 5984 * Correct Spelling Mistake
 5985 * Remove an enumerate call
 5986 * Load app before loading legacy client in tests
 5987 * Add [assignment].driver to sample config
 5988 * Deprecation warning for [signing] token\_format
 5989 * Support token\_format for backward compatibility
 5990 * sql.Driver:authenticate() signatures should match
 5991 * update requires to prevent version cap
 5992 * Return correct link for effective group roles in GET /role\_assignments
 5993 * Implement Token Binding
 5994 * Implemented token creation without catalog response
 5995 * Fix XML rendering with empty auth payload
 5996 * Pluggable Remote User
 5997 * grammar fixes in error messages
 5998 * Implement role assignment inheritance (OS-INHERIT extension)
 5999 * Implements Pluggable V2 Token Provider
 6000 * Register Extensions
 6001 * Implements Pluggable V3 Token Provider
 6002 * Mixed LDAP/SQL Backend
 6003 * Clear cached engine when global engine changes
 6004 * python3: Introduce py33 to tox.ini
 6005 * Add version so that pre-release versioning works
 6006 * Sync-up crypto from oslo-incubator
 6007 * Add crypto dependency
 6008 * Imported Translations from Transifex
 6009 * Change domain component value to org from com
 6010 * Move temporary test files into tests/tmp
 6011 * Use InnoDB for MySQL
 6012 * Rationalize how we get roles after authentication in the controllers
 6013 * Python 3.x compatible use of print
 6014 * Regenerate example PKI after change of defaults
 6015 * assignment backend
 6016 * wsgi.BaseApplication and wsgi.Router factories should use \*\*kwargs
 6017 * Add unittest for keystone.identity.backends.sql Models
 6018 * Imported Translations from Transifex
 6019 * Do not create LDAP Domains sub tree
 6020 * Use oslo.sphinx and remove local copy of doc theme
 6021 * Move comments in front of dependencies
 6022 * Remove context from get\_token call in normalize\_domain\_id
 6023 * Fix issue with v3 tokens and group membership roles
 6024 * Sync install\_venv\_common from oslo
 6025 * Remove a useless arg in range()
 6026 * Remove an enumerate call
 6027 * Update paths to pem files in keystone.conf.sample
 6028 * Don't use deprecated BaseException.message
 6029 * Add callbacks for set\_global\_engine
 6030 * Work without admin\_token\_auth middleware
 6031 * Implement GET /role\_assignment API call
 6032 * rename quantum to neutron in docs
 6033 * Install locales for httpd
 6034 * DB2 migration support
 6035 * Use event.listen() instead of deprecated listeners kwarg
 6036 * Add 'application' to keystone.py for WSGI
 6037 * Remove hard tabs and trailing whitespace
 6038 * Manager instead of direct driver
 6039 * check for constraint before dropping
 6040 * Stop passing context to managers (bug 1194938)
 6041 * \`tox -ecover\` failure. Missing entry in tox.ini
 6042 * Clean up keystone-all.rst
 6043 * Fix up some trivial license mismatches
 6044 * Revert environment module usage in middleware
 6045 * LDAP list group users not fail if user entry deleted
 6046 * Do not raise NEW exceptions
 6047 * Move identity ldap backend from directory to file
 6048 * wsgi.Middleware factory should use \*\*kwargs
 6049 * Removing LDAP API Shim
 6050 * Consolidate admin\_or\_owner rule
 6051 * Isolate eventlet code into environment
 6052 * Set default 'ou' name for LDAP projects to Projects
 6053 * Imported Translations from Transifex
 6054 * Imported Translations from Transifex
 6055 * Move user fileds type check to identity.Manager
 6056 * Http 400 when project enabled is not a boolean
 6057 * Imported Translations from Transifex
 6058 * Correct the resolving api logic in stat middleware
 6059 * Remove a stat warning log
 6060 * Using sql as default driver for tokens
 6061 * Correct LDAP configuration doc
 6062 * Force simple Bind for authentication
 6063 * Initialize logging from HTTPD
 6064 * LDAP get\_project\_users should not return password
 6065 * Add checks to test if enabled is bool
 6066 * Fix link typo in Sphinx doc
 6067 * python WebOb dependency made unpinned
 6068 * Remove explicit distribute depend
 6069 * Version response compatible with Folsom
 6070 * Adds tests for XML version response
 6071 * Replace openstack-common with oslo in docs
 6072 * drop user and group constraints
 6073 * Correct the default name attribute for role
 6074 * Allow request headers access in app context
 6075 * Remove how to contribute section in favor of CONTRIBUTING.rst
 6076 * Fix token purging for memcache for user token index
 6077 * add ca\_key to sample configuration
 6078 * Commit transaction in migration
 6079 * Fix internal doc links (bug 1176211)
 6080 * Missing contraction: Its -> It's (bug 1176213)
 6081 * Pass on arguments on Base.get\_session
 6082 * Remove bufferedhttp
 6083 * Move coverage output dir for Jenkins
 6084 * Check schema when dropping constraints
 6085 * Import eventlet patch from oslo
 6086 * Raise key length defaults
 6087 * Base.get\_engine honor allow\_global\_engine=False
 6088 * run\_tests.sh should use flake8 (bug 1180609)
 6089 * Ignore the .update-venv directory
 6090 * Ignore conflict on v2 auto role assignment (bug 1161963)
 6091 * remove\_role\_from\_user\_and\_project affecting all users (bug 1170649)
 6092 * Maintain tokens after role assignments (bug 1170186)
 6093 * split authenticate call
 6094 * Add db\_version command to keystone-manage
 6095 * Live SQL migration tests
 6096 * Fix incorrect role assignment in migration
 6097 * typo in 'import pydev' statement
 6098 * Fixes a typo
 6099 * Imported Translations from Transifex
 6100 * Improve the performance of tokens deletion for user
 6101 * Revert "Set EVENTLET\_NO\_GREENDNS=yes in tox.ini."
 6102 * Disable eventlet monkey-patching of DNS
 6103 * Fix the debug statement
 6104 * Document size limits
 6105 * Add index on valid column of the SQL token Backend
 6106 * Add KEYSTONE\_LOCALEDIR env variable
 6107 * Add <version> arg to keystone-manage db\_sync
 6108 
 6109 2013.2.b1
 6110 ---------
 6111 
 6112 * Add index on expires column of the SQL token Backend
 6113 * fix error default policy for create\_project
 6114 * Require keystone-user/-group for pki\_setup
 6115 * Replace assertDictContainsSubset with stdlib ver
 6116 * separate paste-deploy configuration from parameters
 6117 * Add missing oslo module
 6118 * Convert openstack-common.conf to the nicer multiline format
 6119 *    Rename requires files to standard names
 6120 * Cleanup docstrings (flake8 H401, H402, H403, H404)
 6121 * imports not in alphabetical order (flake8 H306)
 6122 * import only modules (flake8 H302)
 6123 * one import per line (flake8 H301)
 6124 * eliminate 'except:' (flake8 H201)
 6125 * consistent i18n placeholders (flake8 H701, H702, H703)
 6126 * use the 'not in' operator (flake8 H902)
 6127 * Use TODO(NAME) (flake8 H101)
 6128 * Remove unnecessary commented out code
 6129 * Enumerate ignored flake8 H\* rules
 6130 * Migrate to pbr
 6131 * Remove unused variables (flake8 F841)
 6132 * Satisfy flake8 import rules F401 and F403
 6133 * Test 403 error title
 6134 * Imported Translations from Transifex
 6135 * Remove useless private method
 6136 * Consolidate eventlet code
 6137 * Use webtest for v2 and v3 API testing
 6138 * Add missing space to error msg
 6139 * Imported Translations from Transifex
 6140 * Read-only default domain for LDAP (bug 1168726)
 6141 * Add assertNotEmpty to tests and use it
 6142 * Implement Token Flush via keystone-manage
 6143 * get SQL refs from session (bp sql-query-get)
 6144 * extracting credentials
 6145 * Move auth\_token middleware from admin user to an RBAC policy
 6146 * Accept env variables to override default passwords
 6147 * Http 400 when user enabled is not a boolean
 6148 * Migrate to flake8
 6149 * Fix pyflakes and pep8 in prep for flake8
 6150 * Allow backend & client SQL tests on mysql and pg
 6151 * Revert "Disable eventlet monkey-patching of DNS"
 6152 * Set EVENTLET\_NO\_GREENDNS=yes in tox.ini
 6153 * Disable eventlet monkey-patching of DNS
 6154 * Revoke tokens on user delete (bug 1166670)
 6155 * A minor refactor in wsgi.py
 6156 * Skip IPv6 tests for eventlet dns
 6157 * LDAP list groups with missing member entry
 6158 * Fix 403 status response
 6159 * Remove unused CONF.pam.url
 6160 * Mark LDAP password and admin\_token secret
 6161 * HACKING LDAP
 6162 * Make migration tests postgres & mysql friendly
 6163 * Documentation about the initial configuration file and sample data
 6164 * Add rule for list\_groups\_for\_user in policy.json
 6165 * Test listing of tokens with a null tenant
 6166 * fix duplicate option error
 6167 * Delete extra dict in token controller
 6168 * What is this for?
 6169 * Removed unused imports
 6170 * Remove non-production middleware from sample pipelines
 6171 * Replace password to "\*\*\*" in the debug message
 6172 * Fixed logging usage instead of LOG
 6173 * Remove new constraint from migration downgrade
 6174 * Allow additional attribute mappings in ldap
 6175 * Enable unicode error message
 6176 * Sync with oslo-incubator copy of setup.py
 6177 * Set empty element to ""
 6178 * Fixed unicode username user creation error
 6179 * Fix token ids for memcached
 6180 * Use is\_enabled() in folsom->grizzly upgrade (bug 1167421)
 6181 * Generate HTTPS certificates with ssl\_setup
 6182 * Fix for configuring non-default auth plugins properly
 6183 * test duplicate name
 6184 * Add TLS Support for LDAP
 6185 * fix undefined variable
 6186 * clean up invalid variable reference
 6187 * Clean up duplicate methods
 6188 * stop using time.sleep in tests
 6189 * don't migrate as often
 6190 * use the openstack test runner
 6191 * Fix 401 status response
 6192 * Fix example in documentation
 6193 * Fix IBM copyright strings
 6194 * Share one engine for more than just sqlite in-memory
 6195 * Add missing colon for documentation build steps
 6196 * Mark sql connection with secret flag
 6197 
 6198 2013.1.rc2
 6199 ----------
 6200 
 6201 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6202 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6203 * close db migration session
 6204 * Use string for port in default endpoints (bug 1160573)
 6205 * keystone commands don't print any version information
 6206 * bug 1159888 broken links in rst doc
 6207 * use the roles in the token when recreating
 6208 * Sync with oslo-incubator
 6209 * Rename trust extension (bug 1158980)
 6210 * Rename trust extension
 6211 * keystone commands don't print any version information
 6212 * Imported Translations from Transifex
 6213 
 6214 2013.1.rc1
 6215 ----------
 6216 
 6217 * Add a dereference option for ldap
 6218 * Make versions aware of enabled pipelines
 6219 * Move trusts to extension
 6220 * Move trusts to extension
 6221 * Version bump to 2013.2
 6222 * Add a dereference option for ldap
 6223 * Allow trusts to be optional
 6224 * Enable emulation for domains
 6225 * Wrap config module and require manual setup (bug 1143998)
 6226 * Correct spacing in warning msg
 6227 * Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430)
 6228 * Properly handle emulated ldap enablement
 6229 * Support for LDAP groups (bug #1092187)
 6230 * Validate domains unconditionally (bug 1130236)
 6231 * Fix live ldap tests
 6232 * V2, V3 token intermix for unscoped tokens (bug 1156913)
 6233 * Pass project membership as dict in migration 015
 6234 * Ensure delete domain removes all owned entities
 6235 * Utilize legacy\_endpoint\_id column (bug 1154918)
 6236 * Test default\_project\_id scoping (bug 1023502)
 6237 * Fix XML handling of member links (bug 1156594)
 6238 * Discard null endpoints (bug 1152632)
 6239 * extracting user and trust ids into normalized fields
 6240 * No parent exception to wrap
 6241 * Remove duplicate password/token opts
 6242 * xml\_body returns backtrace on XMLSyntaxError
 6243 * duplicated trust tests
 6244 * Migrate roles from metadata to user\_project\_metadata
 6245 * Fixes bug 1151747: broken XML translation for resource collections
 6246 * Revise docs to use keystoneclient.middleware.auth\_token
 6247 * quiet route logging on skipped tests
 6248 * Ensure tokens are revoked for relevant v3 api calls
 6249 * Remove un-needed LimitingReader read() function
 6250 * Catch and log server exceptions
 6251 * Added test cases to improve LDAP project testing
 6252 * Switch to final 1.1.0 oslo.config release
 6253 * Filter out legacy\_endpoint\_id (bug 1152635)
 6254 * Improve tests for api protection and filtering
 6255 * add belongs\_to check
 6256 * Revert "update tests/\_\_init\_\_.py to verify openssl version"
 6257 * Revert "from tests import"
 6258 * Make Keystone return v3 as part of the version api
 6259 * Run keystone server in debug mode
 6260 * remove spurious roles check
 6261 * bug 1133526
 6262 * Fix folsom -> grizzly role table migration issues (bug 1119789)
 6263 * Delete tokens for user
 6264 * from tests import
 6265 * v3 endpoints won't have legacy ID's (bug 1150930)
 6266 * return 201 Created on POST request (bug1131119)
 6267 * add missing attributes for group/project tables (bug1126021)
 6268 * Remove unused methods from LDAP backed
 6269 * Move get\_by\_name to LdapBase
 6270 * fix typo in kvs backend
 6271 * mark 2.0 API as stable
 6272 * unable to load certificate should abort request
 6273 * Move auth plugins to 'keystone.auth.plugins' (bug 1136967)
 6274 * Change exception raised to Forbidden on trust\_id
 6275 * cleanup trusts in controllers
 6276 * remove unused import
 6277 * ports should be ints in config (bug 1137696)
 6278 * Expand v3 trust test coverage
 6279 * Trusts
 6280 * bug 1134802: fix inconsistent format for expires\_at and issued\_at
 6281 * Sync timeutils with oslo
 6282 * Straighten out NotFound raising in LDAP backend
 6283 * residual grants after delete action (bug1125637)
 6284 * Remove TODO that didn't land in grizzly
 6285 * Make getting user-domain roles backend independant
 6286 * Explain LDAP page\_size & default value
 6287 * Imported Translations from Transifex
 6288 * Enable a parameters on ldap to allow paged\_search of ldap queries This fixes bug 1083463
 6289 * update tests/\_\_init\_\_.py to verify openssl version
 6290 * command line switch for short pep8 output
 6291 * Convert api to controller
 6292 * bug 1131840: fix auth and token data for XML translation
 6293 * flatten payload for policy
 6294 * Unpin pam dependency version
 6295 * keystone : Use Ec2Signer utility class from keystoneclient
 6296 * Move handle\_conflicts decorator into sql
 6297 * domain\_id\_attributes in config.py have wrong default value
 6298 * Rework S3Token middleware tests
 6299 * Remove obsolete \*page[\_marker] methods from LDAP backend
 6300 * Setup logging in keystone-manage command
 6301 * Ensure keystone unittests do not leave CONF.policyfile in bad state
 6302 * catch errors in wsgi.Middleware
 6303 * Fix id\_to\_dn for creating objects
 6304 * Tests for domain-scoped tokens
 6305 * domain-scoping
 6306 * Pass query filter attributes to policy engine
 6307 * Removed redundant assertion
 6308 * v3 token API
 6309 * Update oslo-config version
 6310 * Correct SQL migration 017 column name
 6311 * merging in fix from oslo upstream
 6312 * enabled attribute emulation support
 6313 * Change the default LDAP mapping for description
 6314 * Ensure user and tenant enabled in EC2
 6315 * Disable XML entity parsing
 6316 * Remove old, outdated keystone devref docs
 6317 * Update the Keystone policy engine to the latest openstack common
 6318 * Implement name space for domains
 6319 * Update sample\_data.sh to match docs
 6320 * project membership to role conversion
 6321 * Remove test\_auth\_token\_middleware
 6322 * Workaround Migration issue with PostgreSQL
 6323 * make LDAP query scope configurable
 6324 * make fakeldap.\_match\_query work for an arbitrary number of groups
 6325 * Use oslo-config-2013.1b3
 6326 * Remove usage of UserRoleAssociation.id in LDAP
 6327 * Add an update option to run\_tests.sh
 6328 * Add pysqlite as explicit test dep
 6329 * fix unit test when memcache middleware is not configured
 6330 * add missing kvs functionality (bug1119770)
 6331 * Update to oslo version code
 6332 * adding additional backend tests (bug1101244)
 6333 * Fix spelling mistakes
 6334 * Cleaned up keystone-all --help output
 6335 * Keystone backend preparation for domain-scoping
 6336 * Use install\_venv\_common.py from oslo
 6337 * Spell accommodate correctly
 6338 * Missed import for IPv6 tests skip
 6339 * Add missing log\_format, log\_file, log\_dir opts
 6340 * Fix normalize identity sql ugrade for Mysql and postgresql
 6341 * remove duplicate model declaration/attribution
 6342 * simplify query building logic
 6343 * Fix test\_contrib\_s3\_core unit test
 6344 * Expand dependency injection test coverage
 6345 * remove unneeded config reloading (it's already done during setUp)
 6346 * allow unauthenticated connections to an LDAP server
 6347 * Relational API links
 6348 * return 400 Bad Request if invalid params supplied (bug1061738)
 6349 * UserApi.update not to require all fields in arg
 6350 * Tenant update on LDAP breaks if there is no update to apply
 6351 * Query only attributes strictly required for keystone when using it with existing LDAP servers
 6352 * Update .coveragerc
 6353 * Add size validations to token controller
 6354 * add check for config-dir parameter (bug1101129)
 6355 * Silence routes internal debug logging
 6356 * Imported Translations from Transifex
 6357 * Delete Roles for User and Project LDAP
 6358 * Why .pop()'ing urls first is important
 6359 * don't create a new, copied list in get\_project\_users
 6360 * Fixes 'not in' operator usage
 6361 * Add --keystone-user/group to keystone-manage pki\_setup
 6362 * Adds png versions of all svg image files. Changes reference
 6363 * Updates migration 008 to work on PostgreSQL
 6364 * Create a default domain (bp default-domain)
 6365 * Generate apache-style common access logs
 6366 * import tools/flakes from oslo
 6367 * tenant to project in the apis
 6368 * Tenant to Project in Back ends
 6369 * Fix bugs with set ldap password
 6370 * Enable/disable domains (bug 1100145)
 6371 * Readme: use 'doc' directory not 'docs'
 6372 * rename tenant to project in sql
 6373 * Update to requests>=1.0.0 for keystoneclient
 6374 * Fix pep8 error
 6375 * Document user group LDAP options
 6376 * Sync latest cfg from oslo-incubator
 6377 * Limit the size of HTTP requests
 6378 * Fix role delete method in LDAP backend
 6379 * public\_endpoint & admin\_endpoint configuration
 6380 * Skip IPv6 tests if IPv6 is not supported
 6381 * Allow running of sql against the live DB
 6382 * Test that you can undo & re-apply all migrations
 6383 * downgrade user and tenant normalized tables downgraded such that sqlite is supported, too
 6384 * Auto-detect max SQL migration
 6385 * Safer data migrations
 6386 * Sync base identity Driver defs with SQL driver
 6387 * Fix i18n of string templates
 6388 * Enhance wsgi to listen on ipv6 address
 6389 * add database string field length check
 6390 * Autoload schema before creating FK's (bug 1098174)
 6391 * Enable exception format checking in the tests
 6392 * reorder tables for delete
 6393 * Validated URLs in v2 endpoint creation API
 6394 * Fixes import order nits
 6395 * Cleanup keystoneclient testing requirements
 6396 * Fix issue in test\_forbidden\_action\_exposure
 6397 * Correct spelling errors / typos in test names
 6398 * Update ldap exceptions to pass correct kwargs
 6399 * Add \_FATAL\_EXCEPTION\_FORMAT\_ERRORS global
 6400 * Keystone server support for user groups
 6401 * Add missing .po files to tarball
 6402 * Imported Translations from Transifex
 6403 * adds keyring to test-requires
 6404 * Revert "shorten pep8 output"
 6405 * Upgrade WebOb to 1.2.3
 6406 * il8n some strings
 6407 * Imported Translations from Transifex
 6408 * Removed unused variables
 6409 * Removed unused imports
 6410 * Add pyflakes to tox.ini
 6411 * Fix spelling typo
 6412 * shorten pep8 output
 6413 * Driver registry
 6414 * Adding a means to connect back to a pydevd debugger
 6415 * add in pip requires for requests
 6416 * Split endpoint records in SQL by interface
 6417 * Fix typo s/interalurl/internalurl/
 6418 * module refactoring
 6419 * Test for content-type appropriate 404 (bug 1089987)
 6420 * Imported Translations from Transifex
 6421 * fixing bug 1046862
 6422 * Expand default time delta (bug 1089988)
 6423 * Add tests for contrib.s3.core
 6424 * Test drivers return HTTP 501 Not Implemented
 6425 * Support non-default role\_id\_attribute
 6426 * Remove swift auth
 6427 * Move token controller into keystone.token
 6428 * Import pysqlite2 if sqlite3 is not available
 6429 * Remove mentions of essex in docs (bug 1085247)
 6430 * Ensure serviceCatalog is list when empty, not dict
 6431 * Adding downgrade steps for migration scripts
 6432 * Port to argparse based cfg
 6433 * Only 'import \*' from 'core' modules
 6434 * use keystone test and change config during setUp
 6435 * Bug 1075090 -- Fixing log messages in python source code to support internationalization
 6436 * Added documentation for the external auth support
 6437 * check the redirected path on the request, not the response
 6438 * Validate password type (bug 1081861)
 6439 * split identities module into logical parts remove unneeded imports from core
 6440 * Ensure token expiration is maintained (bug 1079216)
 6441 * normalize identity
 6442 * Fixes typo in keystone setup doc
 6443 * Imported Translations from Transifex
 6444 * Stop using cfg's internal implementation details
 6445 * syncing run\_tests to match tox
 6446 * Expose auth failure details in debug mode
 6447 * Utilize policy.json by default (bug 1043758)
 6448 * Wrap v3 API with RBAC (bug 1023943)
 6449 * v3 Identity
 6450 * v3 Catalog
 6451 * v3 Policies
 6452 * Import auth\_token middleware from keystoneclient
 6453 * Imported Translations from Transifex
 6454 * Refix transient test failures
 6455 * Make the controller addresses configurable
 6456 * Expose authn/z failure info to API in debug mode
 6457 * Refactor TokenController.authenticate() method
 6458 * Fix error un fixtures
 6459 * Ensures User is member of tenant in ec2 validation
 6460 * Properly list tokens with a null tenant
 6461 * Reduce total number of fixtures
 6462 * Provide config file fields for enable users in LDAP backend (bug1067516)
 6463 * populate table check
 6464 * Run test\_keystoneclient\_sql in-memory
 6465 * Make tox.ini run pep8 checks on bin
 6466 * tweaking docs to fix link to wiki Keystone page
 6467 * Various pep8 fixes for keystone
 6468 * Use the right subprocess based on os monkeypatch
 6469 * Fix transient test failures (bug 1077065, bug 1045962)
 6470 * Rewrite initial migration
 6471 * Fix default port for identity.internalURL
 6472 * Improve feedback on test failure
 6473 * fixes bug 1074172
 6474 * SQL upgrade test
 6475 * Include 'extra' attributes twice (bug 1076120)
 6476 * Return non-indexed attrs, not 'extra' (bug 1075376)
 6477 * bug 1069945: generate certs for the tests in one place
 6478 * monkeypatch cms Popen
 6479 * HACKING compliance: consistent use of 'except'
 6480 * auth\_token hash pki key PKI tokens on hash in memcached when accessed by auth\_token middelware
 6481 * key all backends off of hash of pki token
 6482 * don't import filter\_user name, use it from the identity module
 6483 * don't modify the passed in dict to from\_dict
 6484 * move hashing user password functions to common/utils
 6485 * ignore .tox directory for pep8 in runtests
 6486 * Imported Translations from Transifex
 6487 * Implements REMOTE\_USER authentication support
 6488 * pin sqlalchemy to 0.7
 6489 * Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi
 6490 * Removes duplicate flag for token\_format
 6491 * Raise exception if openssl stderr indicates one
 6492 * Ignore keystone.openstack for PEP8
 6493 * Fixed typo in log message
 6494 * Fixes 500 err on authentication for invalid body
 6495 * Enable Deletion of Services with Endpoints
 6496 * Exception.message deprecated in py26 (bug 1070890)
 6497 * Utilize logging instead of print()
 6498 * stop LdapIdentity.create\_user from returning the user's password
 6499 * Compare token expiry without seconds
 6500 * Moved SQL backend tests into memory
 6501 * Add trove classifiers for PyPI
 6502 * Adding handling for get user/tenant by name
 6503 * Fixed bug 1068851. Refreshed new crypto for the SSL tests
 6504 * move filter\_user function to keystone.identity.core
 6505 * Fixes response for missing credentials in auth
 6506 * making PKI default token type
 6507 * Fixes Bug 1063852
 6508 * bug 1068674
 6509 * Update common
 6510 * Extract hardcoded configuration in ldap backend (bug 1052111)
 6511 * Fix Not Found error, when router not match
 6512 * add --config-dir=DIR  for keystone-all option
 6513 * Add  --config-dir=DIR in OPTIONS
 6514 * Delete role does not delete role assignments in tenants (bug 1057436)
 6515 * replacing PKI token detection from content length to content prefix. (bug 1060389)
 6516 * Document PKI configuration and management
 6517 * Raise if we see incorrect keyword args "condition" or "methods"
 6518 * Filter users in LDAP backend (bug 1052925)
 6519 * Use setup.py develop to insert code into venv
 6520 * Raise 400 if credentials not provided (bug 1044032)
 6521 * Fix catalog when services have no URL
 6522 * Unparseable endpoint URL's should raise friendly error
 6523 * Configurable actions on LDAP backend in users Active Directory (bug 1052929)
 6524 * Unable to delete tenant if contains roles in LDAP backend (bug 1057407)
 6525 * Replaced underscores with dashes
 6526 * fixes bug 1058429
 6527 * Command line switch for standard threads
 6528 * Remove run\_test.py in favor of stock nose
 6529 * utf-8 encode user keys in memcache (bug 1056373)
 6530 * Convert database schemas to use utf8 character set
 6531 * Return a meaningful Error when token\_id is missing
 6532 * Backslash continuation cleanup
 6533 * notify calling process we are ready to serve
 6534 * add Swift endpoint in sample data
 6535 * Updated Fix for duplicated entries on LDAP backend for get\_tenant\_users
 6536 * Fix wsgi config file access for HTTPD
 6537 * Bump version to 2013.1
 6538 * Limit token revocation to tenant (bug 1050025)
 6539 * Fixed trivally true tests (bug 983304)
 6540 * add Quantum endpoint in sample data
 6541 * Add XML namespace support for OSADM service api
 6542 * Delete user tokens after role grant/revoke
 6543 * LDAP backend attribute fixes
 6544 * Document memcached host system time configuration
 6545 * Implementation of tenant,user,role list functions for ldap
 6546 * Initialize Metadata variable
 6547 * Cleanup PEP8 errors from Common
 6548 * List tokens for memcached backend
 6549 * Implement token endpoint list (bug 1006777)
 6550 * Ignore eclipse files
 6551 * Identity API v3 Config, Routers, Controllers
 6552 * Sync some misc changes from openstack-common
 6553 * Sync latest cfg from openstack-common
 6554 * Remove id\_hash column
 6555 * LOG.warn all exception.Unauthorized authentication failures
 6556 * Fixed: test\_default\_tenant\_uuid\_token not running
 6557 * Upgrade PEP8 to 1.3.3 (bug 1037303)
 6558 * Expand PEP8 coverage to include docs & tests
 6559 * Removed/fixed unused variable references
 6560 * HACKING compliance & staticly init module vars
 6561 * PEP8 fix E251
 6562 * PEP8 fix
 6563 * Removed unused imports
 6564 * Check for expected cfg impl (bug 1043479)
 6565 * Fixed typos in comment
 6566 * HACKING: Import by full module path
 6567 * HACKING: Use single quotes
 6568 * mistake in doc string
 6569 * pep8 1.3.3 cleanup removing unused imports
 6570 * Removed dead code
 6571 * Fix auth\_token middleware to fetch revocation list as admin
 6572 * Require authz to update user's tenant (bug 1040626)
 6573 * Code cleanup in doc/source/conf.py
 6574 * Typo fix in keystone: existant => existent
 6575 * allow middleware configuration from app config
 6576 * PEP8 fix for PAM test
 6577 * change verbose and debug to Fasle in keystone.conf.sample
 6578 * add token\_format=UUID to keystone.conf.sample
 6579 * Demonstrate that authenticate() returns roles
 6580 * Add nosehtmloutput as a test dependency
 6581 * Less information returned with IntegrityError
 6582 * Support running the tests in the debugger
 6583 * Removed stray print statement (bug 1038131)
 6584 * Remove unused variables
 6585 * PKI Token revocation
 6586 * Remove unused imports
 6587 * Adding missing files to MANIFEST.in
 6588 * Simplify the sql backend deletion of users and tenants
 6589 * Add tests for PAM authentication
 6590 * Allow overloading of username and tenant name in the config files
 6591 * Enabling SQL Catalog tests (bug 958950)
 6592 * Use user home dir as default for cache
 6593 * Set example key\_size to 1024
 6594 * Log errors when signing/verifying
 6595 * Implement python version of migration 002
 6596 * Set default signing\_dir based on os USER
 6597 * Assert adminness on token validation (bug 1030968)
 6598 * Test for Cert by name
 6599 * Typo error in keystone/doc/source/configuration.rst
 6600 * fix broken link
 6601 * Cryptographically Signed tokens
 6602 * Sync jsonutils from openstack-common
 6603 * Added user name validation. Fixes bug 966251
 6604 * Import ec2 credentials from old keystone db
 6605 * Debug output may include passwords (bug 1004114)
 6606 * Raise unauthorized if tenant disabled (bug 988920)
 6607 * Files for  Apache-HTTPD
 6608 * Implementation of LDAP functions
 6609 * Fix the wrong infomation in keystone-manage.rst
 6610 * Webob needs body to calc Content-Length (bug 1016171)
 6611 * Prevent service catalog injection in auth\_token
 6612 * Admin Auth URI prefix
 6613 * updating testing documentation
 6614 * adding keystoneclient test
 6615 * Removed redundant / excessively verbose debug
 6616 * Making docs pretty!
 6617 * Adding user password setting api call
 6618 * Fixing pep8 errors in tests/\*py
 6619 * Make sure user dict has id key before checking against it
 6620 * pep8 for openssl
 6621 * Run pep8 for tests
 6622 * Move monkey patch to keystone-all startup
 6623 * Use sdist tarball instead of zipball
 6624 * Return a 409 error when adding a second time a role to user/tenant
 6625 * notify calling process we are ready to serve
 6626 * Set iso8601 module as default dependence
 6627 * Fixed user-only role deletion error
 6628 * Use PyPI for keystoneclient
 6629 * keystone\_manage certificate generation
 6630 * documenting models
 6631 * Reorder test imports by full import path
 6632 * pep8 v1.3.3 compliance (bug 1019498)
 6633 * Correct Tree DN
 6634 * don't assume that the LDAP server require authentication
 6635 * fix variable names to coincide with the ones in common.ldap
 6636 * Keystone should use openstack.common.timeutils
 6637 * Fixed marker & limit computation (bug 1006055)
 6638 * Do not crash when trying to remove a user role (without a tenant)
 6639 * Keystone should use openstack.common.jsonutils
 6640 * Refactor 404's into managers & drivers (bug 968519)
 6641 * fix sphinx warnings
 6642 * fix man page build
 6643 * Utilize newer changes in openstack-common
 6644 * Add .mailmap file
 6645 * setting up babel for i18n work blueprint start-keystone-i18n
 6646 * Removed unused import
 6647 * Fix order of returned tuple elements in pam authenticate
 6648 * Reorder imports by full module path
 6649 * Pass serviceCatalog in auth\_token middleware
 6650 * Fixed typo in routing conditions (bug 1006793)
 6651 * 400 on unrecognized content type (bug 1012282)
 6652 * Basic request stats monitoring & reporting
 6653 * Monkey patching 'thread'
 6654 * Speed up SQL unit tests
 6655 * PEP8 fixes
 6656 * Clean up test requires a bit
 6657 * Use cfg's new global CONF object
 6658 * Add s3 extension in keystone.conf sample
 6659 * Tweak for easier, safer subclassing
 6660 * Revert file mode to be non-executable
 6661 * fix importing of optional modules in auth\_token
 6662 * Carrying over token expiry time when token chaining
 6663 * Keystone should use openstack.common.importutils
 6664 * Require authz for user role list (bug 1006815)
 6665 * Require authz for service CRUD (bug 1006822)
 6666 * PEP8 fixes
 6667 * Use cfg's new behavior of reset() clearing overrides
 6668 * Use cfg's new group autocreation feature
 6669 * Sync with latest version of openstack.common.cfg
 6670 * blueprint 2-way-ssl
 6671 * Fixes some pep8 warning/errors
 6672 * Update swift\_auth documentation
 6673 * Add ACL check using <tenant\_id>:<user> format
 6674 * Use X\_USER\_NAME and X\_ROLES headers
 6675 * Allow other middleware overriding authentication
 6676 * Backslash continuation removal (Keystone folsom-1)
 6677 * Remove service\_\* from authtoken examples
 6678 * Nail prettytable test dependency at 0.5.0
 6679 * Invalidate user tokens when a user is disabled
 6680 * Fix depricated /users/{user-id}/roles
 6681 * Changed arguments in keystone CLI for consistency
 6682 * Add validations of 'name' field for roles, users and tenants
 6683 * Added 'NormalizingFilter' middleware
 6684 * One 'ctrl-c' kills keystone
 6685 * Make sure we parse delay\_auth\_decision as boolean
 6686 * Flush tenant membership deletion before user
 6687 * notify calling process we are ready to serve
 6688 * Invalidate user tokens when password is changed
 6689 * Added tenant name validation. Fixes bug 966249
 6690 * Corrects url conversion in export\_legacy\_catalog
 6691 * Truly handle mailmap entries for all combinations
 6692 * fix pam admin user case
 6693 * Improve the sample keystone.conf
 6694 * Add defaults for ldap options
 6695 * Sync to newer openstack-common
 6696 * Set defaults for sql options
 6697 * Set defaults for port options
 6698 * Add defaults for driver options
 6699 * Use ConfigOpts.find\_file() to locate catalog template
 6700 * Use ConfigOpts.find\_file() to locate policy.json
 6701 * Policy doc updates; RST syntax consistency
 6702 * Removed SimpleMatch 'shim'; updated readme
 6703 * Removed old sections; improved syntax consistency
 6704 * cleanup dependent data upon user/tenant deletion
 6705 * Update tests to run servers on 127.0.0.1
 6706 * Switch to 1000 rounds during unit tests
 6707 * Fix argument name referred in the document
 6708 * Exit on error in a S3 way
 6709 * Auto generate AUTHORS file for keystone component
 6710 * Misnamed exception attribute (bug 991936)
 6711 * Avoid ValueError in 12.04 essex pkg (bug 988523)
 6712 * Non-nullable User, Tenant, Role names (bug 987121)
 6713 * Fix expired token tests
 6714 * Make run\_tests.py non-executable
 6715 * Add distribute to test-requires
 6716 * Makes the ldap backend return proper role metadata
 6717 * cleanup no\_meta user in live LDAP test
 6718 * Add ChangeLog to tarball
 6719 * Fix "it's" grammar errors
 6720 * Rename keystone.conf to .sample
 6721 * Import latest openstack-common
 6722 * Stub out swift log configuration during testing
 6723 * Remove tenant membership during user deletion
 6724 * Add a \_ at the end of reseller\_prefix default
 6725 * additional logging to support debugging auth issue
 6726 * Add support to swift\_auth for tokenless authz
 6727 * Make import\_nova\_auth only create roles which don't already exist
 6728 * don't duplicate the extra dict in extra
 6729 * Fix looking for config files
 6730 * endpoint-crud 404 (bug 963056)
 6731 * user-role-crud 404 (bug 963056)
 6732 * ec2-credential-crud 404 (bug 963056)
 6733 * service-crud 404 (bug 963056)
 6734 * user-crud 404 (bug 963056)
 6735 * tenant-crud 404 (bug 963056)
 6736 * Add build artifacts missing from .gitignore
 6737 * Switch keystone.test.TestCase to use unittest2
 6738 * Raise keystone.exception for HTTP 401 (bug 962563)
 6739 * Fixed misc errors in configuration.rst
 6740 * Docs: SQL-based vs File-based Service Catalog
 6741 * Improve service CRUD test coverage
 6742 * Change default catalog driver to SQL; doc the options
 6743 * Replace tabs with spaces
 6744 * role-crud 404 (bug 963056)
 6745 * Improve swift\_auth test coverage + Minor fixes
 6746 * Open Folsom
 6747 * S3 tokens cleanups
 6748 * Check values for EC2
 6749 * Fix critical typo in endpoint\_create (bug 961412)
 6750 * updating docs to include creating service accts
 6751 * unique role name constraint
 6752 * Add test for swift middleware
 6753 * Spring cleaning, fix PEP8 violations
 6754 * Rename tokenauth to authtoken
 6755 * pass the arguments in when starting keystone-all
 6756 * fix keystone-all's usage of options vs conf
 6757 * Wrapped unexpected exceptions (bug 955411)
 6758 * Changing belongsTo validation back to ID
 6759 * Clean up sql connection args
 6760 * Improved file logging example (bug 959610)
 6761 * Swift middleware doc update
 6762 * Fixes LP #954089 - Service list templated catalog
 6763 * Remove nova-specific middlewares
 6764 * Add check for MAX\_PASSWORD\_LENGTH to utils
 6765 * Remove glance\_auth\_token middleware
 6766 * Support PyPAM in pam backend, update to latest API
 6767 * Fix default port for identity.internalURL
 6768 * Installing keystone docs
 6769 * Update username -> name in token response
 6770 * Refactor keystone.common.logging use (bug 948224)
 6771 * Add automatically generated code docs
 6772 * Properly return 501 for unsupported Catalog calls
 6773 * docstring cleanup to remove sphinx warnings
 6774 * updating documentation for rewrite of auth\_token
 6775 * Allow connect to another tenant
 6776 * Update docs for keystone client cli args
 6777 * Raising unauthorized instead of 500 (bug 954547)
 6778 * Failing to update tenants (bug 953678, bug 954673)
 6779 * added LDAP section to architecture and architecture
 6780 * Bug #943031 MySQL Server has gone away added docnotes of error messages caught for mysql and reference
 6781 * making all use of time follow datetime.utcnow() fixes bug 954057
 6782 * Improved legacy tenancy resolution (bug 951933)
 6783 * sample\_data.sh: check file paths for packaged installations
 6784 * Fix iso8601 import/use and date comparaison
 6785 * Fix double-quoted service names
 6786 * Remove Nova Diablo reference from migrate docs
 6787 * Fixes the cli documentation of user/tenant/roles
 6788 * Add simple set of tests for auth\_token middleware
 6789 * update documention on changing user password
 6790 * enables run\_test option to skip integration
 6791 * Add token caching via memcache
 6792 * Update get\_metadata to return {}
 6793 * Diablo to Essex migration docs (bug 934328)
 6794 * Added license header (bug 929663)
 6795 * Add AUTHORS to the tarball
 6796 * create service endpoints in sample data
 6797 * Fix EC2 credentials crud after policy backend change
 6798 * port common policy code to keystone
 6799 * rename belongs\_to to belongsTo as per the API spec
 6800 * Make sure we have a port number before int it
 6801 * fixes lp#949648 change belongsTo validate to name
 6802 * HTTP\_AUTHORIZATION was used in proxy mode
 6803 * fix Nova Volume Service in sample data
 6804 * fixes bug lp#948439 belongs\_to and serviceCatalog behavior \* removing belongs\_to as a kwarg and getting from the context \* adding a serviceCatalog for belongs\_to calls to tokens \* adding test to validate belongs\_to behavior in tokens
 6805 * Make bind host configurable
 6806 * add more default catalog templates
 6807 * Fix coverage jobs for Jenkins
 6808 * Improve auth\_str\_equal()
 6809 * Set default identity driver to sql (bug 934332)
 6810 * Renamed sqlite files (bug 944951)
 6811 * Isolating backtraces to DEBUG (bug 947060)
 6812 * updating readme to point to developer setup docs \* fixes bug 945274
 6813 * Add reseller admin capability
 6814 * Remove trailing whitespaces in regular file
 6815 * LDAP get\_user\_by\_name
 6816 * Added missing import (bug 944905)
 6817 * add git commit date / sha1 to sphinx html docs
 6818 * gitignore follow up for docs/ rename
 6819 * improve auth\_token middleware
 6820 * Add service accounts to sample\_data.sh
 6821 * standardize ldap and related tests
 6822 * Align with project configs
 6823 * Fixes doc typo s/SERVIVE/SERVICE/
 6824 * Use constant time string comparisons for auth
 6825 * Unpythonic code in redux in auth\_token.py
 6826 * fix pep8
 6827 * GET /v2.0 (bug 930321)
 6828 * LDAP member defaults
 6829 * Handle KeyError in \_get\_admin\_auth\_token
 6830 * Align tox jobs with project standards
 6831 * renaming pip-requires-test to test-requires
 6832 * Provide request to Middleware.process\_response()
 6833 * Add Vary header (bug 928057)
 6834 * Implement a Catalog SQL backend
 6835 * Set tenantName to 'admin' in get\_admin\_auth\_token
 6836 * LDAP Identity backend
 6837 * Implements extension discovery (bug 928054)
 6838 * Support unicode in the keystone database
 6839 * Add HEAD /tokens/{token\_id} (bug 933587)
 6840 * XML de/serialization (bug 928058)
 6841 * fleshing out architecture docs
 6842 * Update auth\_token middleware so it sets X\_USER\_ID
 6843 * Adds AUTHORS file generated from git log (and de-duplicated)
 6844 * The default nova compute port is 8774
 6845 * Fix case of admin role in middleware
 6846 * Fix MANIFEST.in to include missing files
 6847 * Remove extraneous \_validate\_claims() arg
 6848 * Create tools/sample\_data.sh
 6849 * Backslash continuations (Keystone)
 6850 * Correct config name for max\_pool\_size
 6851 * Use cfg's new print\_help() method
 6852 * Move cfg to keystone.openstack.common
 6853 * Remove cfg dict mixin
 6854 * Update cfg from openstack-common
 6855 * Fix copyright dates and remove duplicate Apache licenses
 6856 * some additional style bits
 6857 * Add migration path for Nova auth
 6858 * fix the style guide to match the code
 6859 * Re-adds admin\_pass/user to auth\_tok middleware
 6860 * Fix thinko in keystone-all sys.path hack
 6861 * Removing broken & redundant code (bug 933555)
 6862 * Return HTTP 401 bad user/password is specified
 6863 * cli now returns an exit status cmd is invalid
 6864 * Ignore sqlite.db files
 6865 * Implements admin logic for tenant\_list call
 6866 * Implemented get\_tenant\_users. Fixed bug 933721
 6867 * Removing unused imports from keystone.cli
 6868 * Set include\_package\_data=True in setup.py
 6869 * Remove data\_files section from setup.py
 6870 * Update Manifest.in
 6871 * Add migrate.cfg to data\_files in setup.py
 6872 * Should return 300 Multiple Choice (bug 925548)
 6873 * Admin version pipeline not utilized (bug 925548)
 6874 * fixes #934459
 6875 * Fix logging.config import
 6876 * backport some asserts
 6877 * remove pycli
 6878 * Adds missing argument to add\_user\_to\_tenant in create\_user
 6879 * Fixes a failure caused by a recent change to user update in the client
 6880 * remove executable bit from setup.py
 6881 * Raising 'NotImplmented' results in TypeError
 6882 * Update docs for Swift and S3 middlewares
 6883 * Added Apache 2.0 License information
 6884 * Add docs on keystone\_old -> ksl migration
 6885 * Add token expiration
 6886 * Update docs to for current keystone-manage usage
 6887 * add catalog export
 6888 * Handle unicode keys in memcache token backend
 6889 * make sure passwords work after migration
 6890 * add legacy diablo import tests
 6891 * change password hash
 6892 * add essex test as well
 6893 * add sql for import legacy tests
 6894 * add import legacy cli command
 6895 * add migration from legacy db
 6896 * remove keystoneclient-based manage commands
 6897 * Remove executable bit from auth\_token.py
 6898 * Update swift token middleware
 6899 * Add s3\_token
 6900 * Add pagination to GET /tokens
 6901 * Fixes role checking for admin check
 6902 * Fix webob exceptions in test\_middlware
 6903 * Add tests for core middleware
 6904 * Add version description to root path
 6905 * Add TokenNotFound exception
 6906 * remove diablo tests, they aren't doing much
 6907 * Fix largest memory leak in ksl tests
 6908 * Add memcache token backend
 6909 * Friendly JSON exceptions (bug 928061, bug 928062)
 6910 * Fix comment on bcrypt and avoid hard-coding 29 as the salt length
 6911 * Add SQL token backend
 6912 * Add content-type to responses
 6913 * Cope with unicode passwords or None
 6914 * Add auth checks to ec2 credential crud operations
 6915 * termie all the things
 6916 * example in hacking was incorrect
 6917 * Ensures duplicate users and tenants can't be made
 6918 * make pip requires match nova
 6919 * fixes lp:925721 adds .gitreview for redux branch
 6920 * remove novaclient, fix python syntax
 6921 * We don't need all the deps to check pep8
 6922 * remove extra line
 6923 * Make ec2 auth actually work
 6924 * fixing grammar, noting broken enable, adding hacking with prefs for project
 6925 * Removed unused reference
 6926 * adding a token service Driver to define the interface
 6927 * Added support for DELETE /tokens/{token\_id}
 6928 * Fixes bug 924391
 6929 * ran through all commands to verify keywords against current (master) keystonelight
 6930 * updating docs:
 6931 * Fix "KeyError: 'service-header-mappings'"
 6932 * updating tox.ini with test pip requirements
 6933 * use our own logging module
 6934 * Update auth\_token middleware to support creds
 6935 * Removes nova middleware and config from keystone
 6936 * minor docstring update for new locations
 6937 * Missed one more keystone-server
 6938 * Renamed keystone-server to keystone-all based on comments in LP: #910484
 6939 * be more safe with getting json aprams
 6940 * skip the two tests where testing code is failing
 6941 * accept POST or PUT for tenant update
 6942 * deal with reparsing the config files
 6943 * don't automatically parse sys.argv for cfg
 6944 * deal with tags in git checkout
 6945 * fix keystoneclient tests
 6946 * add tests for essex and fix the testing framework
 6947 * Update docs/source/developing.rst
 6948 * Change the name of keystone to keystone-server so the binaries dont conflict with python-keystoneclient
 6949 * Normalize build files with current jenkins
 6950 * Use gerrit instead of github
 6951 * Fix pep8 violations
 6952 * Add .gitreview file
 6953 * Added keystone-manage list\_role\_grants (bug 923933)
 6954 * removing unused images, cleaning up RST in docstrings from sphinx warnings
 6955 * pep8 cleanup
 6956 * shifting contents from \_static to static
 6957 * adding in testing details
 6958 * moved notes from README.rst into docs/architecture.rst
 6959 * updating formating for configuration page
 6960 * format tweaks and moving old docs
 6961 * shifting older docs into old/ directory
 6962 * doc updates
 6963 * moving in all the original docs from keystone
 6964 * adding python keystoneclient to setup.py deps
 6965 * fixing up PIP requirements for testing and virtualenv
 6966 * indents
 6967 * Make it as a subclass
 6968 * Added shortcut for id=NULL queries (bug 916386)
 6969 * fix style and termie's comments about comments
 6970 * invalid params for roles.delete
 6971 * initial stab at requiring adminness
 6972 * Simplify code
 6973 * add tests that auth with tenant user isn't member of
 6974 * Add s3tokens validation
 6975 * Test coverage for issue described in bug 919335
 6976 * Removing \_\_init\_\_ from non-packages (bug 921054)
 6977 * add instructions for setting up a devenv on openSUSE 11.4 and 12.1
 6978 * Documented race condition (bug 921634)
 6979 * Fix race in TestCreateTokenCommand (bug 921634)
 6980 * Forgot to update models (bug 885426)
 6981 * Updating example glance paste config
 6982 * add a bunch of basic tests for the cli
 6983 * Migrated 'enabled' int columns to bool for postgres (bug 885426)
 6984 * remove this useless catalog
 6985 * move cli code into a module for testing
 6986 * Updated bp keystone-configuration for bp keystone-manage2
 6987 * Return Version and Tenant in Endpoints
 6988 * Updated error message for keystone-manage2
 6989 * allow class names to be different from attr names
 6990 * add ec2 credentials to the cli
 6991 * fix middleware
 6992 * Added: "UserWithPassword" Added: "UserWithOnlyEnabled" Removed: "UserWithOnlyPassword"
 6993 * Update Extended Credentials (EC2, S3)
 6994 * Fix for bug 921126
 6995 * Adds keystone auth-n/auth-z for Swift S3 API
 6996 * Implement cfg.py
 6997 * bcrypt the passwords
 6998 * fix token vs auth\_token
 6999 * Implement Secure Token Auth
 7000 * some quick fixes to cli, tests incoming
 7001 * fix pep8
 7002 * fix some more pass-by-reference bugs
 7003 * strip password before checking output
 7004 * flip actual and expected to match common api
 7005 * don't allow disabled users to authenticate
 7006 * turn off echo
 7007 * fix invalid\_password, skip ec2 tests
 7008 * Suppressed backtraces in tests causes sweaty eyes
 7009 * strip password from sql backend
 7010 * raise and catch correct authenticate error
 7011 * rely on internal \_get\_user for update calls
 7012 * Fixed: Inserting URLs into endpoint version attr
 7013 * strip password from kvs backend
 7014 * fix user\_get/user\_list tests
 7015 * Release Notes for E3
 7016 * Addresses bug 918608
 7017 * Restore Console Info Logging - bp keystone-logging
 7018 * removing the sphinx\_build from setup.py, adding how to run the docs into the README
 7019 * Added Vary header to support caching (bug 913895)
 7020 * Implemented subparsers (bp keystone-manage2)
 7021 * Handle EC2 Credentials on /tokens
 7022 * ec2 docs
 7023 * simple docstrings for ec2 crud
 7024 * Fixed PEP8 violations and disallowed them
 7025 * Implemented bp keystone-manage2
 7026 * Fixes 918535: time not properly parsed in auth\_token middleware
 7027 * Use dateutil 1.5
 7028 * get docs working
 7029 * some cli improvements
 7030 * add checks for no password attribute
 7031 * Prestage fix - fixed requirement name; python-dateutil, not dateutil
 7032 * users with correct credentials but disabled are forbidden not unauthorized
 7033 * Pre-staging pip requires
 7034 * shimming in basics from original keystone
 7035 * test login fails with invalid password or disabled user
 7036 * doctry
 7037 * use token\_client in token tests
 7038 * remove duplicate pycli from pip-requires
 7039 * fix ec2 sql config
 7040 * get\_client lets you send user and tenant
 7041 * update how user is specified in tests
 7042 * rename ec2 tests to be more explicit
 7043 * use the sql backend for ec2 tests
 7044 * more failing ec2 tests
 7045 * add METADATA for boo
 7046 * add (failing) tests for scoping ec2 crud
 7047 * add some docs that got overwritten last night
 7048 * Bug #916199: keystone-manage service list fails with AttributeError on Service.description
 7049 * Exception raise error
 7050 * Updates to middleware to deprecate X\_USER
 7051 * Revert "Exception raise error"
 7052 * fix pep8
 7053 * update tests
 7054 * update some names
 7055 * fix some imports
 7056 * split up sql backends too
 7057 * split up the services and kvs backends
 7058 * establish basic structure
 7059 * add docs for various service managers
 7060 * expect sphinx sources to be autogenned
 7061 * some tiny docs
 7062 * fix sphinx
 7063 * testing rst on github
 7064 * updating dependencies for ksl
 7065 * needed to do more for cli opts
 7066 * make a main in keystone-manage
 7067 * fix pep8 error
 7068 * rename apidoc to autodoc
 7069 * Fix typo
 7070 * Fix LDAP Schema Syntax (bug 904380)
 7071 * return to starting directory after git work
 7072 * spacing
 7073 * tests for ec2 crud
 7074 * add keystoneclient expected format
 7075 * add sql backend, too
 7076 * add an ec2 extension
 7077 * update readme
 7078 * Exception raise error
 7079 * re-indent
 7080 * re-indent
 7081 * re-indent
 7082 * re-indent kvs.py
 7083 * re-indent test.py
 7084 * remove models.py
 7085 * add some docs to manager
 7086 * dynamic manager classes for now
 7087 * add a couple more tests
 7088 * Bug #915544: keystone-manage version 1 commands broken when using flags
 7089 * add some more todos
 7090 * strip newlines
 7091 * TODO
 7092 * add role refs to validate token
 7093 * fix token auth
 7094 * check for membership
 7095 * flush that sht
 7096 * add more middleware
 7097 * fixing WatchedFileHandler
 7098 * logging to debugging by default for now
 7099 * add a noop controller
 7100 * woops
 7101 * add glance middleware ??
 7102 * add legacy middleware
 7103 * fix setup.py
 7104 * adding #vim to file with changed indent
 7105 * add id-only flag to return IDs
 7106 * rename ks to keystone-manage
 7107 * fixing imports for syslog handlers and gettext
 7108 * adding gettext
 7109 * adding logging from configuration files, default logging per common
 7110 * cli using keystoneclient
 7111 * add a db\_sync command to bin/ks, remove others
 7112 * merge test and default configs
 7113 * adding project to keystone config to find default config files
 7114 * some more config in bin/keystone
 7115 * in the bin config too
 7116 * rename many service parts to public
 7117 * keystone\_compat -> service
 7118 * remove keystone from names, remove service
 7119 * remove default configuration
 7120 * basic service running again
 7121 * rename extras to metadata
 7122 * version number in setup.py
 7123 * add basic sphinx doc bits
 7124 * remove references to keystone light
 7125 * renaming keystonelight to keystone
 7126 * keystoneclient tests working against sql backend
 7127 * run all teh keystoneclient tests against sql too
 7128 * move everything over to the default config
 7129 * config system overhaul
 7130 * add nova's cfg framework
 7131 * fix pep8
 7132 * missed a file
 7133 * most tests working again
 7134 * still wip, got migration mostly working
 7135 * get the sql ball rolling, still wip
 7136 * add sql backend, WIP
 7137 * Show useful traceback if manage command fails
 7138 * Fix minor typo
 7139 * Add 'tenants' to Auth & Validate Response
 7140 * Fixed Test Coverage Handling
 7141 * Adding prettytable dependency
 7142 * Front-end logging
 7143 * tweaking for running regular tests in jenkins
 7144 * Implement Role Model
 7145 * xsd fixes
 7146 * Added decorators for admin and service\_admin checks
 7147 * Initial keystone-manage rewrite (bp keystone-manage2)
 7148 * Correct endpoint template URLs in docs
 7149 * fix bug lp:843064
 7150 * finished up services stuff
 7151 * add the various role tests
 7152 * add list users
 7153 * get user tests working
 7154 * Remove install\_requires processing
 7155 * get endpoints test working
 7156 * get tenant\_add\_and\_remove\_user test working
 7157 * tenant test working again
 7158 * copy over the os-ksadm extension
 7159 * Implement Endpoint, Endpoint Template, and Credential Managers
 7160 * PEP8 keystone cleanup
 7161 * Changes run\_tests.sh to also run pep8 by default
 7162 * example crud extension for create\_tenant
 7163 * Updates to Tests/Testing
 7164 * Un-pythonic methods lp:911311 Fixed pep8 problems Changed comments to docstrings
 7165 * get some tests working again
 7166 * merge fixes
 7167 * fixup
 7168 * Made tests use both service and admin endpoints
 7169 * All tests but create\_tenant pass
 7170 * Split keystone compat by admin and service endpoints
 7171 * Install a good version of pip in the venv
 7172 * fix bug lp:910491 option "service\_host" in keystone.conf not works
 7173 * Added broken tests to show compatibility gaps
 7174 * Added tox.ini file
 7175 * Split keystone compat by admin and service endpoints
 7176 * Implement Service Manager
 7177 * Implement Tenant Manager
 7178 * Fixes bug lp:910169 - Tests are using too much memory Added super() call to tearDown() method
 7179 * Changed the call to create the KeystoneContextMiddleware object to pass the correct glance ConfigOpts object
 7180 * Added logging on core modules
 7181 * Adding logging to Auth-Token Middleware
 7182 * Implement Role Manager
 7183 * Refactor models and backends
 7184 * Add HP-IDM extension to fix Bug 890411
 7185 * Move URL Normalizer to Frontends
 7186 * move novaclient tests over also
 7187 * clean up test\_identity\_api
 7188 * clean up keystoneclient setup
 7189 * Move Global Role variables out of backendutils
 7190 * Bug #909255: Endpoint handling broken on SQL backend by portable-identifiers changes
 7191 * add role crud
 7192 * speed up tests
 7193 * add basic fixture functionality
 7194 * documentation driven development
 7195 * novaclient now requires prettytable
 7196 * Return Endpoint IDs
 7197 * Correct Handling of Default Tenant
 7198 * Fix duplicate logging
 7199 * Added global endpoints response in XML as well
 7200 * Fix: Client and Unit Tests not correctly failing a build
 7201 *  Bug #907521.     Changes to support get roles by service
 7202 * Always Return Global Endpoints
 7203 * Added release notes
 7204 * Fixed error with database initialization
 7205 * Tests use free TCP/IP ports
 7206 * Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here:   https://github.com/ziadsawalha/keystone/commits/tests
 7207 * Added HP-IDM documentation artifacts
 7208 * whitespace
 7209 * whitespace
 7210 * make create\_tenant work for keystone api
 7211 * common ks client creation
 7212 * Fixed version response (bug 891555 and bug 843052)
 7213 * Implement Multiple Choices Response (bug 843051)
 7214 * updating of docs
 7215 * Fix LDAP schema (bug 904815)
 7216 * working on a tenant\_create test
 7217 * standardize spacing
 7218 * novaclient uses password instead of apikey
 7219 * update to use the correct repo for python-novaclient
 7220 * fix tenant auth tests
 7221 * Updated namespace
 7222 * Fixes the catalog return in d5\_compat calls
 7223 * Added: ./keystone-manage database goto <version>
 7224 * Added databased version check on startup w/ docs
 7225 * Revised in-memory sql connection path for sqlalchemy
 7226 * Clarify 'test not found' error message
 7227 * Contract fix: change IDs from xsd:ID to xsd:string
 7228 * Tenants - asserted all the things (bug 887844)
 7229 * Support for unscoped admin tokens
 7230 * LDAP: fix to keystone.ldif
 7231 * Contract fix: IDs are not Ints, they are ID or string types
 7232 * Contract fix: description optional
 7233 * Update tracer excludes for Linux
 7234 * Fixed bug 905422. Swift caching should work again.  Also fixed a few other minor syntactical stuff
 7235 * Update test\_keystone\_manage to use unittest2
 7236 * Python 2.6 subprocess.check\_output doesn't exist
 7237 * No more python path changes
 7238 * Clarified language on migration instructions
 7239 * Refactor: Workaround for python build\_sphinx failure
 7240 * Fixed some skipped tests
 7241 * Format keystone-manage output better
 7242 * Added instructions to git clone from github
 7243 * Refactor: Computing api/model module paths dynamically
 7244 * Introduces UID's & domain models (bp portable-identifiers)
 7245 * Improved test coverage of d5 compat
 7246 * Fixed: Tests returning successful (0) on failure
 7247 * D5 Compatibility Support
 7248 * Added original tenants blueprint to docs
 7249 * Fixed broken import of version info (bug 902316)
 7250 * Added missing import preventing keystone from starting (bug 901453)
 7251 * Fix some issues with new version module
 7252 * quantum\_auth\_token.py middleware fails on roles
 7253 * Removed Server class from \_\_init\_\_.py
 7254 * Fix auth\_token middleware: make \_verify\_claims not static. Fixes bug #901049
 7255 * Pylint fixes to auth\_token.py
 7256 * Split version code into its own file
 7257 * Change is\_global == 1 to is\_global == True
 7258 * Bug 897496: Remove tenant id from Glance URLs
 7259 * Refactor: move initialization code to class
 7260 * Add missing json validation
 7261 * Refactor: get rid of keystone/config.py
 7262 * Fixes missed tests and subsequently introduced bugs
 7263 * Rename .keystone-venv to .venv
 7264 * Refactor: Rename auth controller to token controller
 7265 * Added documentation
 7266 * Added SSL and memcache sample config files
 7267 * Updated auth\_token middleware caching to support memcache
 7268 * Deprecating RAX-KEY middleware
 7269 * Added argparse to support python 2.3 - 2.6
 7270 * Make bin/keystone use port settings in the config file. Fixes bug #898935
 7271 * Bug#899116: use correct module when building docs
 7272 * Minor RST changes
 7273 * Revised extension documentation
 7274 * Added documentation for SQL tables
 7275 * Remove pysqlite deps. Fixes bug #898343
 7276 * Pretty-printed JSON samples
 7277 * Added option to pretty-print JSON
 7278 * Implements blueprint keystone-swift-acls
 7279 * Updated docstring to match auth\_token.py (bug 898211)
 7280 * Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from  additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file
 7281 * Added JSON validator; fixed samples (bug 898353)
 7282 * Fixes a number of configuration/startup bugs
 7283 * Fixed RST syntax (bug 898211)
 7284 * Revised schema migration docs
 7285 * Improved doc formatting consistency (bug 898211)
 7286 * Fixed RST syntax in doc strings (bug 898211)
 7287 * Added ssl docs to index; fixed rst syntax (bug 898211)
 7288 * Bug-897724: Added method to list endpoints specific to a service and related tests
 7289 * Eliminated debug output from sphinx\_build (bug 898211)
 7290 * Updated testing
 7291 * Fixes bug lp:897819
 7292 * Check that endpointTemplate ID is valid in endpoint add cmd (#897749)
 7293 * Added Endpoint and Endpoint Template documentation
 7294 * Bug #854104   - Changes to allow admin url to be shown only for admin users.   - Additional test asserts to verify
 7295 * Fixed memcache tests
 7296 * Update documentation and examples following API 1.1 removal
 7297 * Fixes bug 843065
 7298 * Additional middleware test coverage
 7299 * Enforce service ownership
 7300 * Add keystone\_tenant\_user\_admin option and fixes
 7301 * Make owner the user named same as tenant/account
 7302 * Restored developer default log dir
 7303 * Add default for log directory and log filenames
 7304 * Added wadls, pdfs, samples and functional test confs (bug 891093)
 7305 * Additional documentation
 7306 * ./keystone-manage endpointTemplates list missing arg (bug 891843)
 7307 * Bug #890399
 7308 * Bug #891451: Changes to support update endpointTemplates call in the WADL
 7309 * add an example for capability rbac
 7310 * make readme use code style
 7311 * add the policy code
 7312 * describe and add a policy backend
 7313 * policty stub
 7314 * re-indent
 7315 * Added timeout to bufferedhttp class and timeout setting for middleware - bug 891687
 7316 * Refactoring master to match stable/diablo fix for bug 891710
 7317 * Refactor auth\_token.py to only call out to Keystone once
 7318 * Added files missing from dist packaging (bug 891093)
 7319 * pylintrc should not be hidden (bug 891093)
 7320 * Simplified gitignore (in pursuit of bug 891093)
 7321 * Fixes typo in setup document
 7322 * Adding middleware tests
 7323 * Remove executable bit on template
 7324 * change array syntax
 7325 * updates to make compatible with middleware
 7326 * mergeish dolph's port change
 7327 * fix tests
 7328 * handle unscoped requests
 7329 * adjust default port
 7330 * Revised version status response (bug 890807)
 7331 * Refactored headers produced by middleware (bug 835087)
 7332 * move noop to identity controller
 7333 * Ignoring db migrate mgmt module to workaround bug 889287
 7334 * 'text/json' should be 'application/json' (bug 843226)
 7335 * Revised curl examples (bug 884789)
 7336 * allow setting user\_id on create
 7337 * users require a name
 7338 * pep8
 7339 * update test conf too
 7340 * cli for adding users, tenants, extras
 7341 * adjust paths and use composite apps
 7342 * add tests for extras
 7343 * add tenant crud
 7344 * oops, forgot update in crud
 7345 * add crud tests
 7346 * add crud tests
 7347 * add crud tests
 7348 * add test for create user and get user
 7349 * add test for create user and get user
 7350 * re-indent identity.py
 7351 * don't pep8 swp files
 7352 * accept data as kwargs for crud
 7353 * use the keystone app in the conf
 7354 * reorg
 7355 * re-indent service.py
 7356 * Bug 888448: - Changes to allow validate token call return user name as per contract. - Additional test assertions to test the same. - Changes to middleware
 7357 * more dyanmic client
 7358 * get some initial identity api tests working
 7359 * update service to middleware in confs
 7360 * move around middleware
 7361 * make a composite app
 7362 * add crud methods to identity manager
 7363 * Add a new swift auth middleware
 7364 * Use TENANT\_ID if it exists, but still support X\_TENANT
 7365 * cli beginnings
 7366 * Bug 888170: Fixing references to incorrect schema
 7367 * add admin port
 7368 * add an etc dir
 7369 * Bug #888210: Changes to fix calls to use the right path
 7370 * bug 878431: Minor changes to auth\_token middleware
 7371 * add a default handler for /
 7372 * Bug #886046 Add Quantum auth middleware to Keystone source code tree
 7373 * add a stubby setup.py
 7374 * use paste for the binary
 7375 * add a trivial admin-only middleware
 7376 * update keystone sample tests, skip one
 7377 * Bug #887236: - Changes to allow extensions to be configured. - Introduced a new property that holds list of extensions that are to be enabled
 7378 * add crud info to readme
 7379 * get novaclient tests working
 7380 * add novaclient, intermediate
 7381 * add run\_tests.sh and pep8 stuff
 7382 * remove italics on Light
 7383 * modify requirements
 7384 * link diagrams
 7385 * Track post-Diablo database evolution using migrations (BP: database-migrations)
 7386 * Changed blatant hack (fixed spelling also) to 5 second timout as tests were not completing
 7387 * Use TENANT\_ID instead of TENANT for project\_id
 7388 * X.509 client authentication with Keystone.  Implements blueprint 2-way-ssl
 7389 * whitespace
 7390 * added catalog tests
 7391 * added tests for tokens
 7392 * test the other methods too
 7393 * add some tests and get others to pass
 7394 * add some failing tests
 7395 * add a default conf
 7396 * minor whitespace cleanup
 7397 * add some todo
 7398 * fixed the output message error on granting user a role
 7399 * Bug #884930 Support/Remove additional calls for for Tenant. - Supported call to get users for a tenant for a specific role. - Removed calls to get specific role for a user and to get all the roles for a specific tenant as they are not useful. - Fixed LDAP backend call to get users for a tenant. - Disabling Invalid pylint check
 7400 * adding docs to test classes, updating run\_tests.sh to match reality adding debug middleware factory adding docs on enabling debug middleware resolving pep8 issues
 7401 * Fixes LP Bug#885434 - Documentation showing multiple tenants misleading
 7402 * add example
 7403 * rst blah blah
 7404 * updated readme
 7405 * authenticate and tenants working
 7406 * working authenticate in keystoneclient
 7407 * remove test\_keystone\_compat's catalog tests
 7408 * add templated catalog backend
 7409 * Use pure version number ("2012.1") in tarball name
 7410 * Set run\_tests.sh so pep8 runs in the virtualenv
 7411 * bug 885364
 7412 * bug:884518 Changes to support passwordcredentials calls as per API contract. Minor LDAP code change to support tests
 7413 * Fixed spelling of 'Resources' (Resoruces)
 7414 * pep8 cleanup
 7415 * everything but the catalog
 7416 * Remove execute bit on keystone.conf
 7417 * Fixes LP882760.Changes to return TenantId properly as part of roles.Additional tests to support the same
 7418 * Moving contributor docs into rst (bug #843056)
 7419 * fixing search sequence to not include directory structure from os.walk()
 7420 * bug lp:882371 Standardize Json pagination structures
 7421 * get a checkout of keystoneclient
 7422 * bug lp:882233 Code changes to support API calls to fetch services/roles by name
 7423 * Removed contributor doc build info from project README (bug #843056)
 7424 * Revised documentation build process (bug #843056)
 7425 * updates to keystone documentation - install & conf bug 843056 blueprint keystone-documentation
 7426 * Specific LDAP version causing hiccups installing on latest ubuntu & fedora
 7427 * Adding the concept of creating a Keystone HTTP client in Python which can be used in Keystone and imported from Keystone to allow for easier Keystone integration
 7428 * Add .gitreview config file for gerrit
 7429 * updating keystone developer documentation updating docstrings to remove errors in automodule generation updating setup.py to generate source documentation blueprint keystone-documentation bug 843056
 7430 * Changes to support getuser by name and gettenant by name calls
 7431 * Changes to support get endpoints for token call
 7432 * Additional changes to support endpointtemplates operations.Disabling pylint msgs that dont fit
 7433 * Github markdown doens't seem to like irc:// links
 7434 * Removed 'under construction' docs provided elsewhere
 7435 * Updated self-documentation to point to docs.openstack.org
 7436 * Revised documentation
 7437 * Changes to endpoint operations as per OSKSCATALOG contract. Adding couple of pylint fixes
 7438 * Refactored version attributes
 7439 * Changes to support endpointTemplate operations as per new API.Fixed issues with command line manage stuff
 7440 * Updated Secret Q&A to extend CredentialType
 7441 * Changes to support API calls as per OS-KSCATALOG extension
 7442 * Improved CLI error feedback (bug 877504)
 7443 * authenticate working, too
 7444 * base tests on keystone-diablo/stable
 7445 * get tenants passing, yay
 7446 * flow working, added debugging
 7447 * add context to calls
 7448 * move diagram into docs dir
 7449 * refactor keystone compat and add catalog service
 7450 * added sequence diagrams for keystone compat
 7451 * Resubmitting change. Fixing issue #843226. Changes to throw appropriate faults during token validation
 7452 * bug lp:865448 change abspath to dirname in controllers/version.py to correct path problems
 7453 * Moving non core users and tenants calls to appropriate extensions
 7454 * Fix issues in the ec2 middleware
 7455 * Adding calls to get roles for user as per new format.Cleaning references to old code
 7456 * Fixes LP844959, typo in Authors file
 7457 * Changes to support roles and services calls via extensions. Change-Id: I1316633b30c2be07353dacdffb321791a4e2e231
 7458 * Simplified README
 7459 * First commit for Secret Question and Answer Extension: RAX-KSQA
 7460 * Fixing issue 854425.ie chaning token table name to tokens. Fixing issue 863667.Changes to support updation of user/tenant name as well using api calls. Fixing LDAP backend to have id independent of name.Fixing getuser call to also return name
 7461 *  Fixing bug 859937.  Removing incorrect atom feed references from roles.xsd
 7462 * Minor corrections to the middleware and wadl
 7463 * Changes to show name also for the user list
 7464 * Changes to show admin URL also as a part of json in endpoints listing
 7465 * getting closer, need to match api now
 7466 * tests running through, still failing
 7467 * add a test client
 7468 * added a test, need to get it working now
 7469 * Use the tenant name for X\_TENANT
 7470 * Fix possible\_topdir computing
 7471 * Change roleId to role.id for swift middleware
 7472 * adding in doc and setup to cover existing scripts adding doc around credentials command usage (for EC2)
 7473 
 7474 2011.3
 7475 ------
 7476 
 7477 * Updating legacy auth translation to 2.0 (bug #863661)
 7478 * Shouldn't look in /etc/init/ for config files
 7479 * Changing default admin port from 5001 to 35357, per IANA/IETF (bug #843054)
 7480 * Organizing and documenting pypi requirements
 7481 * sample data updates to remove -service from image and identity
 7482 * Refactor and unit test json auth parsing
 7483 * Error message expecting 'e' in local scope
 7484 * Do not return identical error messages twice
 7485 * Update auth examples in README
 7486 * README.md changes to point to openstack repo
 7487 * updating docs for Mac source install, no docs for mac package install relevant
 7488 * POST /tokens: Added tenant id & name to scoped tokens in XML (#862752)
 7489 * Updated guides.Have recompiled to use the latest examples
 7490 * Fix bug 861546
 7491 * Fix swift middleware with regard to latest changes
 7492 * Changes to support getTenants to behave differntly for admin users when invoked as a service api or admin api
 7493 * Changes to stored hashed password in backends. Using passlib a password hashing library. Using sha512. Setting hashing to be the default behavior
 7494 * Changes to WADLs to refer actual types
 7495 * Revised docstring
 7496 * Added /etc/init/keystone.conf to list of known configuration paths
 7497 * Revising tenant IDs & Names in samples (#854228)
 7498 * Authenticating against non-existent tenant (fixed #859927)
 7499 * Adds list of dependencies to dev install
 7500 * Fixed Anne's email address & list position (alphabetical)
 7501 * Added support for scoping by tenantName
 7502 * Changes to return groups as a part of RAXKSGRP extension.Also fixed incorrect schema version references in wadls and examples
 7503 * Changes to support authenticate call to accept token as per agreed format
 7504 * Minor changes to wadl
 7505 * Making type mandatory as per sandy's request and minor fixes to wadl examples. Adding Ann as an author
 7506 * Changes to structures to support authenticate using token. Minor wadl fixes. Adding Anne as an author
 7507 * Removing token element from token.xsd
 7508 * Update to token.xsd to allow element token as a root element in relation tu bug: https://bugs.launchpad.net/keystone/+bug/855216 - apiKeyCredentials Samples casing apiKey update
 7509 * Changes to support endpoint template addition/listing by service names. Changes to list service details as well
 7510 * Modified apiKeyCredentials to extend single entity and use restriction
 7511 * Reorder params in User() constructor
 7512 * Fix for bug 856857 - add user.name to User() constructor to re-align param
 7513 * Fix for bug 856846 - cast ints to string in users\_get\_by\_tenant\_get\_page so that they can be joined
 7514 * POST /tokens: A chronicle of missing features
 7515 * Fixes issues with ldap tests
 7516 * Get Service Catalog from token
 7517 * Fixes auth\_token middleware to allow admin users in nova
 7518 * Initial set of changes to move role operations to extensions
 7519 * Updating guide wrt wadl changes
 7520 * Minor Changes to extension WADL
 7521 * Changes to support auth catalog as per new format
 7522 * Changes to docs
 7523 * Adding tenantid to user roles and endpoints
 7524 * Fixes bug 855823
 7525 * Add code removed in https://code.launchpad.net/~vishvananda/nova/remove-keystone-middleware/+merge/76297 to keystone
 7526 * Added support for HEAD /tokens/{token\_id} Changed POST /tokens response container from 'auth' to 'access'
 7527 * Making identity-admin.wadl well-formed
 7528 * Converting to new doc format for included code samples
 7529 * Changing authenticate request content xml as well as json
 7530 * GET /tokens/{token\_id}: Exposing both role ID's and Name's
 7531 * Renaming 'roleRef' container to 'role'
 7532 * Renaming 'roleRefs' container to 'roles'
 7533 * Renaming GET /tokens/{token\_id} response container to 'access'
 7534 * Revised samples
 7535 * Fixed path issues with keystone-import
 7536 * Update validate\_service\_or\_keystone\_admin\_token so that it doesn't cause exceptions if the admin or service admin haven't been configured
 7537 * Changing/introducing actual extension json/xml snippets. Adding updated documents
 7538 * Backend-managed role & service ID's (bug #834683)
 7539 * Initial Changes to move service operations to extensions
 7540 * Docs,wadls,samples,initial code to support RAX-KSKEY and OS-KSEC2 extensions. Removed tenant id from being part of endpoints
 7541 * Glance Auth Token Middleware fix
 7542 * Sorted AUTHORS list
 7543 * adding imports from Nova for roles, tenants, users and credentials
 7544 * Update keystone-manage commands to convert tenant name to id. Fixes #lp849007
 7545 * 1.Changed all Json paginated collection structure. 2.Introduced a type for credential type (path param) and change wadls and xsds. 3.Added List Users call. 4.Changed Endpoint creation example
 7546 * Don't import keystone.test unless we are in testing. Fixes #lp848267
 7547 * Add toggle to run tests in-process, w/ realtime progress feedback
 7548 * Add ability to run fakeldap in memory
 7549 * Added backend-managed primary key to User and Tenant model
 7550 * Introducing doc to support OS-KSCATALOG extensions.Adding new calls to OS-KSADM extension document
 7551 * Adding initial document for OS-KSADM-admin extension.Related changes on wadl,json,xsd etc
 7552 * Fixing sample content
 7553 * Adding new doc.Changes to sample xmls and jsons
 7554 * Validation content and relavant changes
 7555 * Minor fixes on xsds and sample xmls
 7556 * Fixing existing wadl.Completing wadl for extension OS-KSADM
 7557 * Fix invocations of TemplateError.  This exception takes precisely three parameters, so I've added a fake location (0, 0) to keep it happy
 7558 * Adding wadl for OS-KSCATALOG extension.Fixing existing xsds.Fixing service wadls. Merging changes. Change-Id: Id29dc19cbc89f47e21329e531fc33bd66c14cf61
 7559 * Update Nova and Glance paste config examples
 7560 * Various documentation-related changes
 7561 * Consolidating xsds. Splitting contrib to admin and service
 7562 * Adding guides for groups extension
 7563 * Fix host/port split code in authenticate\_ec2. Resolves an AttributeError: 'Ec2Credentials' object has no attribute 'partition' exception that can occur for EC2 auth validations
 7564 * Adding guide for RAX-KSKEY-service extension. Adding guide for OS-KSEC2-service extension
 7565 * Fix NameError exceptions in add\_credentials. Adds test case on creating credentials
 7566 * Redefining credential types. Defining additional extensions and renaming extensions. Removed wadls that are not needed
 7567 * Fix for duplicate <any> tag on credentials.xsd
 7568 * Move tools/tracer into the keystone code. Fixes ImportError's when running keystone as a .deb package
 7569 * Fixed error where endpoints returned for tenant instead of token
 7570 * Updated the AUTHORS file to test the new rpc script and workflow
 7571 * Update rfc.sh to use 'true'
 7572 * Made it possible to integrate with external LDAP
 7573 *     Dev guide rebuild and minor fixes
 7574 * Updates to samples, XSDs, and WADLs
 7575 * Added AUTHORS, .mailmap and generate\_authors.sh
 7576 * Changes to support endpoint template updates
 7577 * Fixes bug 831574. Adds missing sys import
 7578 * Updated schema to reflect id and name changes to Users and Tenants
 7579 * Updated guides and samples
 7580 * Additional contract changes
 7581 * Sample changes
 7582 * Atom links on Token
 7583 * Cleanup service it endpoint catalog
 7584 * Removed redundant function from base user api
 7585 * Updated samples
 7586 * Fixed reference to unassigned variable
 7587 * Reworked XSDs and WADL to support auth and access elements
 7588 * Remove more group stuff
 7589 * Removed OSX files that shouldn't be in git
 7590 * Documentation cleanups
 7591 * Banished .DS\_Store
 7592 * Add rfc.sh for git review
 7593 * Wrong common namespace
 7594 * XSD & sample updates
 7595 * Added more missing files to MANIFEST.in
 7596 * hanges to allow test to work on python 2.6.\*
 7597 * Cleaned up come issues with python2.6
 7598 * Refactored manage.py to be both testable and useful for testing
 7599 * Sample changes to support v2.0 api
 7600 * Sample changes to support v2.0 api
 7601 * Admin WADL Revisions
 7602 * Add the files in keystone/test/etc
 7603 * Add run\_tests.\* to the MANIFEST.in
 7604 * Keystone manage.py cleanup
 7605 * Tests running on in-memory sqlite db
 7606 * Additional changes to fix minor service support stuff and increase test coverage. Also making validate token call available using service admin tokens
 7607 * Made all sample data loading in one script
 7608 * Minor fix to run\_tests
 7609 * Contract changes
 7610 * Admin WADL updates
 7611 * Port of glance-control to keystone.  This will make writing certain keystone integration functional tests a little easier to do
 7612 * Updates to XML and JSON changes for validateToken
 7613 * Added pylint message count as run\_tests.sh -l
 7614 * Added reponse handling for xsd static file rendering III Extra extension tests (for RS-KEY)
 7615 * Creating an artificial whitespace merge conflict
 7616 * Moved run\_test logic into abstract class
 7617 * Git-ignore python coverage data
 7618 * Added reponse handling for xsd static file rendering
 7619 * Additional tests and minor changes to support services CRUD
 7620 * Added reponse handling for xsd static file rendering
 7621 * Schema updates. Split WADLs and extensions and got xsds to compile
 7622 * Ziads changes and fixes for them
 7623 * Added check\_password to abstract backend user API
 7624 * Doc changes, including service catalog xsd
 7625 * Fixed service-bound roles implementation in LDAP backend
 7626 * Removed ldap names import from fakeldap module
 7627 * fix ec2 and add keystone-manage command for creating credentials
 7628 * Legacy auth fix and doc, wadl, and xsd updates
 7629 * Replacing tokens with the dummy tokens from sampledata.sh
 7630 * Add option for running coverage with unit2
 7631 * Adding curl documentation and additional installation doc. Also updated man documentation for keystone-manage
 7632 * Changes to improve performance
 7633 * Removed the need to set PYTHONPATH before tests
 7634 * Back to zero PEP8 violations
 7635 * Schema and WADL updates
 7636 * Adding documentation to WADL
 7637 * Correct 401, 305, and www-authenticate responses
 7638 * Correct 401, 305, and www-authenticate responses
 7639 * Correct 401, 305, and www-authenticate responses
 7640 * Added xsd content, update static controller, and static tests
 7641 * Updated wadl
 7642 * Fix LDAP requires to compatible version
 7643 * Moved password check logic to backend
 7644 * Changes to delete dependencies when services,endpoint\_templates,roles are being deleted. PEP8 and Pylint fixes.Also do ldap related changes
 7645 * Add LDAP schema
 7646 * Add wrapper for real LDAP connection with logging and type converting
 7647 * Fix console and debug logging
 7648 * Redux: Add proper simple\_bind\_s to fakeldap
 7649 * Adds support for authenticating via ec2 signatures
 7650 * Changes to allow additional calls to support endpoint template CRUD and additional checks on existing method
 7651 *  Committer: Joe Savak <joe3963@joe3963-VirtualBox.(none)>
 7652 * Refactoring business logic behind GET /tenants to make it less convoluted
 7653 * Moved run\_tests.py to match other projects
 7654 * Revert "Add proper simple\_bind\_s to fakeldap, removed all imports from ldap."
 7655 * Add proper simple\_bind\_s to fakeldap, removed all imports from ldap
 7656 * Gets Keystone a bit more inline with the way that other OpenStack projects run tests. Basically, adds the standard run\_tests.sh script, modifies the run\_tests.py script to do the following:
 7657 * Changes to support CRUD on services/roles
 7658 * Issue #115: Added support for testing multiple keystone configurations (sql-only, memcache, ldap)
 7659 * Added automatic test discovery to unit tests  and removed all dead tests
 7660 * PEP8 fixes... all of them
 7661 * Small licensing change to test Gerrit
 7662 * Small change to test Gerrit
 7663 * Fix brain-o--we may not need project\_ref, but we do need to create the project!
 7664 * updated README with more accurate swift info
 7665 * Determine is\_admin based on 'Admin' role; remove dead project\_ref code; pass auth\_token into request context; pass user\_id/project\_id into request context instead of their refs
 7666 * Added support for versioned openstack MIME types
 7667 *  #16 Changes to remove unused group clls
 7668 * Add unittest2 to pip requires for testing
 7669 * #66 Change in variable cases
 7670 * #66 Change in variable cases
 7671 * Changes to make cache time configurable
 7672 * Changes to store tokens using memcache #66
 7673 * Changes suggested by Ziad.Adding validateToken operation
 7674 * Flow diagram to support keystone service registration
 7675 * Restored identity.wadl w/ system test
 7676 * pylint fixes for role api
 7677 * Removing attribute duplicated from superclass; causes an issue in py 2.7
 7678 * pylint fixes for tenant-group unit tests
 7679 * pylint fixes for server unit tests
 7680 * Making the API version configurable per API request
 7681 * PEP8 fixes for system tests
 7682 * Issue #13: Added support for Accept-appropriate 404 responses w/ tests for json & xml
 7683 * Simple change to test gerrit
 7684 * Document how to allow anonymous access
 7685 * Sigh. Proofreading..
 7686 * Update README with instructions to fix segfault
 7687 * These changes make no sense--I didn't do them, and I'm in sync!
 7688 * Add middleware for glance integration
 7689 * #3 Preventing creation of users with empty user id and pwds
 7690 * Fixing naming conflict with builtin function next()
 7691 * This makes the use of set\_enabled more clear
 7692 * Fixes failing test introduced after disabled check remove
 7693 * Changes to allow password updates even when the user is disabled.Also fixed failing tests
 7694 * Disabled users should now be returned by GET /users/{user\_id}
 7695 * Updating a disabled user (via xml) should now succeed
 7696 * Updating a disabled user should now succeed
 7697 * Noted potential issue, but I'm not sure if this is dead code or not anyway?
 7698 * Assigned Base API classes so downstream code knows what to expect
 7699 * Adding missing class variable declaration
 7700 * Cleaning up unit tests
 7701 * Removes disabled checks from get\_user and update\_user
 7702 * Fixing module-level variable naming issues
 7703 * Improving variable naming consistency
 7704 * Avoiding overloading of built-in: type()
 7705 * Fixing indentation
 7706 * Specified python-ldap version, which appears to avoid the packaging issues we've experienced
 7707 * Added missing import
 7708 * More LDAP tweaks
 7709 * LDAP backend updates
 7710 * More test fixes
 7711 * Fixed deprecation warning
 7712 * Updated test to allow for additional role
 7713 * Restored UnauthorizedFaults to token validation requests
 7714 * Fix for issue #85
 7715 * - System test framework can now assert specific response codes automatically - Revised system test for issue #85 based on clarification from Ziad - Added system test to attempt admin action using a service token
 7716 * Adds the member role to sampledata, gives it to joeuser
 7717 * PEP8 fixes
 7718 * Formatting
 7719 * Merged duplicate code
 7720 * Add first implementation of LDAP backend
 7721 * Added (failing) system test for issue #13
 7722 * Minor cleanup
 7723 * Made all API methods raise NotImplementedError if they are not implemented in backend
 7724 * Made delete\_all\_endpoint calm if there is nothing to do
 7725 * Fixed bug causing request body setting to fail
 7726 * Add check to sqlalchemy backed to prevent loud crush
 7727 * Tweaked import\_module to clearly import module if it can
 7728 * Removed hardcoded references to sql backends
 7729 * Add exception throwing and logging to keystone-manage
 7730 * Merging keystone.auth\_protocols package into keystone.middleware
 7731 * - Added 'automatic' admin authentication to KeystoneTestCase using bootstrapped user - Added system tests for admin & service authentication - Abstracted '/v2.0' path prefix away from system tests - Added simple uuid function to generate data for system tests (random number gen w/ seeds might work better?) - Refactored issue #85 tests with setUp & tearDown methods
 7732 * Clarifying test case
 7733 * Fixed minor pylint issues
 7734 * Removed tenant id from admin user
 7735 * Move dev guide to OpenStack
 7736 * Commented out failing request, until it's review
 7737 * Wrote test case for github issue #85
 7738 * Formatting change
 7739 * Was this a typo or an incredibly lame joke?
 7740 * Added missing imports and fixed a few pylint issues
 7741 * Improved dict formatting
 7742 * Improved readability a bit
 7743 * Abstracted underlying HTTP behavior away from RestfulTestCase Added 'automatic' JSON body encoding (TODO: automatic XML encoding) Improved user-feedback on automatic response status assertion
 7744 * Added run\_tests.py to keystone.test.system, which uses bootstrap db script
 7745 * Added bootstrap configuration script (with admin user assigned an Admin role)
 7746 * Added 'automatic' token auth for each API
 7747 * Refactored port configuration strategy to allow a single test case to address both the admin and service API's
 7748 * Added automatic json/xml parsing to system test framework
 7749 * Added system test discovery to run\_tests.py
 7750 * Added system tests for content type handling and url rewriting
 7751 * Updated tests to reflect last bug fix
 7752 * Extracted sample test from framework and moved system test framework into \_\_init\_\_
 7753 * Converted system test framework to use httplib
 7754 * Initial system test approach, using urllib2
 7755 * Fixed bug: traceback thrown when the path '/' is requested
 7756 * Updated \*unused\* tests to reflect refactored API's
 7757 * Removed some useless/dead code
 7758 * Cleaned up authentication tests
 7759 * Improved readability slightly
 7760 * Moved db imports to config module Removed useless try/except blocks
 7761 * Organized imports
 7762 * Simplified a few util functions
 7763 * Fixed line length
 7764 * Renamed service API configuration options
 7765 * Renamed ServiceApi router module
 7766 * Renamed ServiceApi router
 7767 * Cleaned up keystone.logic
 7768 * Removed unused logger
 7769 * Refactored routers and controllers into their own modules (issue #44)
 7770 * Fixed doc string
 7771 * Improved PEP8 compliance
 7772 * Fixed spelling
 7773 * Removed unused import
 7774 * Slightly simplified base wsgi router
 7775 * Added note about run\_tests.py to readme
 7776 * Organized imports
 7777 * Improved readme consistency
 7778 * pep8
 7779 * Pylint an pep8 fixes
 7780 * Fixing bug reported using with swift
 7781 * Fixed default content type behavior (was defaulting to XML)
 7782 * Removed redundant action mappings (for version controller)
 7783 * Renamed exthandler to urlrewritefilter to better illustrate it's purpose
 7784 * Minor comment change
 7785 * Refactored URL extensions handling (for .json/.xml) Added universal support for optional trailing slashes
 7786 * Return users in a tenant as part of a many-to-many relationship
 7787 * Added import, autoformatting
 7788 * Removed unused imports
 7789 * Moved exthandler to keystone.middleware
 7790 * \*\* keystone.conf refactoring \*\*
 7791 * Fixed 'is\_xml\_response' function, which had no clear intention
 7792 * Removed unused function
 7793 * Rewrote .json/.xml extension handler with additional unit test
 7794 * Added links to readme
 7795 * Added python-ldap to pip-requires
 7796 * Initialized LDAP backend
 7797 * Various fixes for test running
 7798 * Commented out suspicious unit tests.....
 7799 * Added test automation script
 7800 * Cleaned up file
 7801 * Added missing test files to test collection
 7802 * Made unit tests executable from the cmd line
 7803 * Added test\_auth to list of unit tests
 7804 * Update auth test to account for generic service names
 7805 * Changes to make Admin for keystone configurable.#27
 7806 * Remove old initializers
 7807 * Changes to introduce BaseAPI to support multiple back ends
 7808 * Changes to support dynamic loading of models
 7809 * Adding list of todos
 7810 * Initial changes to support multiple backends
 7811 * Fixed identity.wadl response - issue #71#
 7812 * Recompiled devguide with endpoints and templates
 7813 * Removed unnecessary symlink
 7814 * Changes to support endpoints and endpointemplates (renaming BaseUrls and BaseURLRefs)
 7815 * Make swift middleware live where it should
 7816 * Remove swift-y bits from generic token auth
 7817 * Changes on Sample data
 7818 * Code changes to support global endpointTemplates
 7819 * Swift-specific middleware
 7820 * Issue 31: Switching default ports to 5000/5001 (public/admin)
 7821 * Fixed readme instructions for Nova - Issue #55
 7822 * Fixed requires for development and in readme
 7823 * Bringing back the changes to support endpointTemplates and endpoints
 7824 * Readme fix
 7825 * Edited keystone/auth\_protocols/nova\_auth\_token.py via GitHub
 7826 * Issue 32: Updated readme to reflect fix for issue 32 (removed 'cd bin' prefixes before several commands)
 7827 * (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/
 7828 * Issue 32: ./bin/keystone cannot be executed outside of bin/
 7829 * Issue 31: Reverted ports to 8080/8081 while the issue is under discussion
 7830 * Adding endpoint related files
 7831 * Updated readme to reflect docs/ -> doc/ change Added tools/pip-requires-dev for depelopment dependencies
 7832 * Basic authorization for swift
 7833 * Republished developer guide for Jun 21, 2011
 7834 * Updated token validation sample xml (dev guide)
 7835 * Updated dev guide publish date
 7836 * Added developer guide build folder to git ignore list
 7837 * Auto-formatted and syntacically validated every JSON example in the doc guide
 7838 * working with dashboard
 7839 * add get\_tenants
 7840 * rudimentary login working
 7841 * most bits working
 7842 * initial
 7843 * Reverting change thats not needed
 7844 * Fixing some of the failing tests
 7845 * Merging changes from trunk
 7846 * demo of membership using keystone in sampledata
 7847 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7848 * Fixed formatting, imports
 7849 * Issue 31: Updated docs and examples
 7850 * Committing unit test configuration for issue 31
 7851 * Issue 31: Changed default ports to 80/8080
 7852 * Issue #8: Renamed primary key of Token to 'id'
 7853 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7854 * Changes to hash password
 7855 * Restored tools.tracer to bin/ scripts; included fix for empty frames
 7856 * Merging changes
 7857 * Removed unused import
 7858 * Removed redundant sentence in dev guide
 7859 * Removed unused imports in bin/
 7860 * Fix for keystone issue 41: https://github.com/rackspace/keystone/issues/41
 7861 * Merging changes from rackspace
 7862 * Fixed spelling error
 7863 * Changes to include support for paginations
 7864 * Fixing existing methods on wadl
 7865 * Fixed broken unit test code
 7866 * Refactored api function names to avoid redundancy with new module names
 7867 * Changes to wadl to support user operations
 7868 * Refactored DB API into modules by model
 7869 * Pep8 changes
 7870 * Changes to allow user creation without a tenant
 7871 * for got to change a 1.1 to 1.0
 7872 * dash needs both 1.0 and 1.1 compatability - need to fix that!
 7873 * nova needs 1.0 api currently
 7874 * Some field validations
 7875 * Merged docs
 7876 * make sampledata executable again
 7877 * Admin for nova doesn't take a tenant
 7878 * add keystone to its own service catalog
 7879 * Fixed error on UrlExtensionFilterTest
 7880 * Fixed imports; improved PEP8 formatting compliance
 7881 * Fixed imports in keystone.common
 7882 * Removed unused imports and denoted unused variables
 7883 * Fixed imports in auth\_protocols
 7884 * Removed duplicated function
 7885 * Added coverage to pip development requirements
 7886 * Fixed relative & unused imports
 7887 * Adding py init to functional tests
 7888 * Created pip requirements file for development env (added sphinx python doc generation to start)
 7889 * Added pydev files to gitignore
 7890 * Added py init files to directories already being referenced as modules
 7891 * Users must have tenants or nova breaks
 7892 * Doc updates and dev requires
 7893 * Resolved conflicts
 7894 * To PUT or to POST
 7895 * Fixed v1.0 auth test to account for cdn baseURL order
 7896 * Support for GET /v2.0/users and add cdn back to sampledata for v1.0 support
 7897 * Update the baseURL data pushed into glance
 7898 * Fix symlinks after docs -> doc rename
 7899 * Adding call to modify tenant.Adding more tests and fixing minor issue
 7900 * Added pip requirements file for testing environments
 7901 * Grammar corrections
 7902 * Adds Sphinx build ability and RST documentation
 7903 * Removing unused references to UserTenantAssociation
 7904 * Introduced a method to get all users @Users resource.Also moved the method to get user groups out of tenant scope
 7905 * Changed BaseURLs to OpenStack names
 7906 * Test fixes
 7907 * Seperating user calls from tenants
 7908 * Improved README formatting/consistency
 7909 * Updated paths to unit/function tests in README
 7910 * Updated docs: sampledata.sh can't be executed outside of bin/
 7911 * Added Routes and httplib2 to production dependencies
 7912 * Correcting typo
 7913 * Setup.py fix
 7914 * Readd test folder
 7915 * Forgot to add doc file
 7916 * Moved tests to keystone folder and removed old management tools - issue #26
 7917 * Updated SWIFT endpoint default
 7918 * Update to dev guide explaining admin call auth requirements
 7919 * Update sample data and keystone-manage for local install of OpenStack
 7920 * Put updated Swift Quickstart into README.md
 7921 * API v2.0 Proposal
 7922 * Doc updates.Minor keyston-manage changes
 7923 * Doc updates
 7924 * Doc updates
 7925 * set nova admin role if keystone user has "Admin" role
 7926 * keystone repo is now at github.com/rackspace/keystone
 7927 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 7928 * Add Admin API tests for v2 authentication
 7929 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 7930 * Rename file.Ziad suggestion
 7931 * Name changes suggested by Ziad
 7932 * Minor fixes
 7933 * Code cleanup
 7934 * PEP8 changes
 7935 * Removing redundant files
 7936 * Changing to legacy auth to standard wsgi middleware.Name change of some of the files
 7937 * Changing to legacy auth to standard wsgi middleware
 7938 * Introducing new frontend component to handle rackspace legacy calls
 7939 * Introducing new frontend component to handle rackspace legacy calls
 7940 * keystone repo is now at github.com/rackspace/keystone
 7941 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 7942 * Add Admin API tests for v2 authentication
 7943 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 7944 * Removing debug print
 7945 * Changes to return service urls for Auth1.0 style calls
 7946 * Changes to return service urls for Auth1.0 style calls
 7947 * Updating tests and sample data
 7948 * Merging changes from rackspace
 7949 * Changes to support service catalog
 7950 * pep8
 7951 * Added URLs to sampledata
 7952 * Support for listing BaseURL refs in keystone-manage
 7953 * Support transforming service catalog
 7954 * Removing remerged comments
 7955 * Adding roles as comma seperated values on a single header
 7956 * Changes to support getTenants call for user with admin privelage and regular user
 7957 * Add more test cases for v2 authentication for bad requests and unauthorized results
 7958 * Add test case for verifying GET /v2.0/tokens returns 404 Not Found
 7959 * It's possible to authenticate through the Admin API
 7960 * Changes on auth basic middleware component to return roles.Also changes on the application to return roles not tied to a tenant
 7961 * Update the sample to reflect some minor enhancements to the base framework
 7962 * Add test for validate\_token
 7963 * Save expiration data for later comparison
 7964 * Don't need to fiddle around with user tokens here, just admin tokens
 7965 * Get and revoke both admin and user tokens..
 7966 * Merging changes
 7967 * Bah, somehow my sample data failed to include Admin as admin's role
 7968 * Merging changes
 7969 * Merging changes
 7970 * Merging changes
 7971 * Meging changes
 7972 * Changes to also return role references as a part of user when get token call is made for a specific tenant
 7973 * Use un-spaced exception names..
 7974 * Try to use an admin credential to revoke the token
 7975 * Split the Keystone service from the Admin service so we can test both
 7976 * The API is a moving target; update the test
 7977 * Support for listing roles in keystone-manage
 7978 * Adds unit testing base class that takes care of much of the tedium around setting up test fixtures. This first commit just demoes the new test case functionality with a new test case /test/unit/test\_authn\_v2.py
 7979 * pep8
 7980 * Fixed issue #6
 7981 * Support POST /tokens only - issue #5
 7982 * Added quick start guide to integrating Swift and Keystone; fixed setup.py tokenauth filter installation
 7983 * Added role and user data to sampledata.sh
 7984 * Additional unit tests for base url refs.Minor code refactorings
 7985 * Changes to support baseurlrefs operations
 7986 * MD cleanup
 7987 * md futzing
 7988 * More readme cleanup
 7989 * Merged DTest tests and moved ini file to examples/paste
 7990 * moved paste example to examples
 7991 * Readme updates
 7992 * Just making sure leading whitespace is stripped if automated
 7993 * to->too
 7994 * Updated dev guide
 7995 * Add a sample to document how to create tests
 7996 * Add a test for authenticate/revoke\_token
 7997 * Ensure that --username, --password, and --keystone are given
 7998 * Build base classes for tests
 7999 * Documentation fixes to versions
 8000 * Build the skeleton necessary to run tests
 8001 * Add x\_auth\_token header to most methods
 8002 * Make sure we don't lose the body completely if we can't json.load() it
 8003 * Add debugging messages
 8004 * Add a property to get the RESTClient instance
 8005 * Fix up get()/put()/post()/delete() calls to make\_req()
 8006 * Deal with the case that no headers are provided
 8007 * Deal more intelligently with empty strings
 8008 * Listing technologies to integrate
 8009 * Um, queries are supposed to be optional, all others required
 8010 * Properly join relative paths
 8011 * Apparently "/token" is actually spelled "/tokens"
 8012 * Accidentally left out the reqwrapper argument
 8013 * Sketch in a basis for the Keystone API 2.0
 8014 * Make argument order a little more natural
 8015 * Fixing unit tests.Introduced support for global roles
 8016 * Don't let self.\_path be the empty string
 8017 * self.\_scheme isn't set yet
 8018 * Don't add a field if there isn't one..
 8019 * Create a simple means of building a REST-based API
 8020 * Fixing unit tests for user and groups
 8021 * Docs
 8022 * Link fix
 8023 * API Spec updates
 8024 * More /token -> /tokens fixes
 8025 * /tokens instead of /token
 8026 * Prep for move to git@github.com:rackspace/keystone.git
 8027 * Made URL relative
 8028 * pep-8 and minor mapping fix
 8029 * Dev guide update - BaseURLs and Roles
 8030 * Update docs on how to use nova.sh to deploy openstack on cloud servers
 8031 * Changes to support calls to getBaseUrls
 8032 * Changes to support /tokens on docbook and minor roleref changes
 8033 * Changes to support roleref calls
 8034 * Updated to use X\_USER as decided in Issue 49
 8035 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8036 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8037 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8038 * user should be what keystone returns
 8039 * Fixed issue #54
 8040 * Updated to use X\_USER as decided in Issue 49
 8041 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8042 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8043 * Minor changes to the document
 8044 * Changes to unique relationship definition
 8045 * Adding more tests for roleref operations
 8046 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8047 * Changes to support /tokens on docbook and minor roleref changes
 8048 * Changes to support roleref calls
 8049 * user should be what keystone returns
 8050 * midnight typo
 8051 * Added examples readme
 8052 * Fixed issue #54
 8053 * Link to latest dev guide in readme
 8054 * Instructions to run with Nova
 8055 * Documentation update and new API spec
 8056 * Updates to README
 8057 * Updates to README
 8058 * Updates to README
 8059 * Updates to README
 8060 * Updates to README
 8061 * Updates to README
 8062 * Fix up broken setup.py scripts list
 8063 * -Removed .project file from project and added it to .gitignore -Moved pylintrc -> .pylintrc, personal preference that this file should be available, but not seen -Moved echo to examples directory, seemed a bit odd to be in the top level -Moved management directory to tools, seemed a bit odd to be in the top level -Moved pip-requires to tools/, and updated the reference to it in README.md
 8064 * Fix the identity.wadl symlink
 8065 * keystone src directory needs symlinked
 8066 * remove copy&paste ware from nova\_auth\_token and use auth\_token middleware
 8067 * Flow diagrams
 8068 * simple flow diagrams
 8069 * Multi-tenant token fixes
 8070 * Fixed invalid tenant authentication
 8071 * Fix error in tenant\_is\_empty (model has changed)
 8072 * Fixed debug/verbose flag processing
 8073 * update readme
 8074 * keep nova\_auth\_token in keystone
 8075 * Changes to support /Roles calls.Removing create call from being exposed as of now
 8076 * Changes to support /Roles calls.Description included
 8077 * Changes to support /Roles calls
 8078 * Readme merge
 8079 * Readme updaes for load testing
 8080 * hack nova\_auth\_token to work
 8081 * removing unused library
 8082 * Changes to support roles and baseurls on wadl
 8083 * Changes to support roles and baseurls on wadl
 8084 * Changes to support roles and baseURLs
 8085 * missed some nova reqs
 8086 * information on using nova\_auth\_token
 8087 * lazy provisioning for nova
 8088 * readme fixes
 8089 * Merged in anotherjesse's changes
 8090 * New model working with echo\_client.py
 8091 * Missed a file
 8092 * Added tracing and modified model
 8093 * echo\_client should be executable
 8094 * move nova's path injection to management scripts
 8095 * server.py/version.py shouldn't be executable while cli tools should
 8096 * spacing for readme
 8097 * Add keystone-manage to support bootstrapping Keystone with add user command
 8098 * Setup.py update
 8099 * Updated logging and parameterization for bin scripts
 8100 * Minor readme fixes
 8101 * Simplified running Keystone and Updated readme
 8102 * v1 compatibility and Service/Admin API split
 8103 * DocBook Changes
 8104 * Merging HCL changes - pull 40
 8105 * Changes to support baseurls and roles on the document.Adding sample files
 8106 * Changes to support baseurls and roles on the document
 8107 * Adding xsds to support roles and baseurls
 8108 * More version fixes
 8109 * Initial commit
 8110 * Make config compatible with legacy
 8111 * Move to v2.0
 8112 * Changes to move the db settings to conf file
 8113 * removing bottle
 8114 * Adding Accept header to is\_xml\_response logic
 8115 * Removing bottle dependencies
 8116 * Mae Pylintrc, reordered imports made pep8 of the  files
 8117 * Foundation for some server and auth unit tests
 8118 * Added as per HACKING  Files
 8119 * pylint fixes
 8120 * fixes
 8121 * fixed test cases
 8122 * Merged api,service,server,test\_common
 8123 * Added test cases for add user to a tenanat
 8124 * multi token test cases and bug fixes
 8125 * Moved all Server functions to utils.py
 8126 * Fixed failing test - bug introduced in cleanup
 8127 * Added pylint and cleanup from last commit
 8128 * Merged pull 37. Removes bottle, adds configuration, and adds daemonization
 8129 * fixed pylint
 8130 * fixed bugs
 8131 * fixes
 8132 * fixes
 8133 * removed backslashes
 8134 * Added functionality add user to a tenant
 8135 * fixes
 8136 * Pep8 test\_users.py
 8137 * checking SSLv3 problems
 8138 * checking SSLv3 problems
 8139 * checking SSLv3 problems
 8140 * checking git push problems
 8141 * Optimised test\_users.py
 8142 * Modified the README and README.md
 8143 * fixed bug raised when included exthandler
 8144 * Removed unwanted file
 8145 * removed unused run method
 8146 * Added PEP8 to test cases
 8147 * Removed importing objects from keystone
 8148 * pylintrc optimization
 8149 * optimization of test cases and handling multi token
 8150 * fixes
 8151 * Nochanges
 8152 * Modified the README for keystone-control issue
 8153 * Modified the README
 8154 * Added PEP8 for remaining test cases
 8155 * PEP8 for test cases by praveena
 8156 * renamed test\_identity.py to test\_keystone
 8157 * added pidfile and removed print statement from test\_common
 8158 * fixes
 8159 * removed print statement
 8160 * Added keystone.log to ignore list
 8161 * Modified  server.py tenant group URL to fix failing test cases
 8162 * Added \*.log to gitignore
 8163 * neglect changes
 8164 * Added new script to run all tests
 8165 * Modified and tests. Tests groups throwing some minor errors still
 8166 * Modified and commented the code
 8167 * Split the test cases into individual files Fixed Bugs of api
 8168 * Made PEP8 of server
 8169 * Too much of duplication and incomplete conflict resolution in test\_identity.py
 8170 * Sisirhs changes
 8171 * Sai and Praveena's Changes
 8172 * Added missing tests,  mad e enable and disable password work
 8173 * merged conflicts
 8174 * test cases modfications and bug fixes
 8175 * Renamed  to server.py and added  top dir in config
 8176 * Added the keystone  top dir in configuration
 8177 * Modified the README
 8178 * latest updates
 8179 * latest updates
 8180 * new merge with installation fixes
 8181 * A brief README for the auth-server
 8182 * Added keystone-control
 8183 * chasing tenant group bug
 8184 * Added tests for the URL extension middleware
 8185 * modified keystone-control and reshuffling of file names
 8186 * Adding unit test for the URL extension handler
 8187 * Modified test cases
 8188 * Yes, I modified, but I wont commit
 8189 * merged Sai changes
 8190 * Installation of keystone done
 8191 * corrects charset=utf=8
 8192 * Working on echo server
 8193 * one more push
 8194 * move the template code from bottle into a separate file:
 8195 * modified auth\_server.py
 8196 * Added echod and renamed echo.py to server.py
 8197 * Minor cleanup + pep8
 8198 * merging changes from sai branch
 8199 * saving changes to auth\_server.py
 8200 * get version implementation s Please enter the commit message for your changes. Lines starting
 8201 * get\_version\_info is still not working
 8202 * in the middle of get\_version\_info
 8203 * Modified test\_identity
 8204 * removed .auth.serve.py.swp
 8205 * Added some more functions through Routes and mapper
 8206 * Update for Abdul
 8207 * My Changes part 2
 8208 * modified Resposne to resp=Response()
 8209 * My Changes
 8210 * minor tweak
 8211 * Some more cleaning up of git merges
 8212 * Cleaning up of git merges
 8213 * Added glance type of eventlet, because of its plug and play which meets the need of running everything independently if needed
 8214 * pep8 and fixes
 8215 * Readme updates
 8216 * Removed keystone.db - should be generated by ORM
 8217 * Removed extra files from last commit
 8218 * Removed Global groups tests, which still needs to be tested. Updated README on how to run unit test
 8219 * Deleted keystone.db
 8220 * Merged pagination
 8221 * Git problems - lingering commit
 8222 * Renamed identity.py to server.py and added bin directory
 8223 * Adding router to requires. Updating standards in HACKING. Removing schema (generated from ORM)
 8224 * Added pagination functionality and tenant\_group functionality with unit tests
 8225 * Removing unused imports
 8226 * Removing unused function
 8227 * unwanted file
 8228 * added the code that would go to hussein repo
 8229 * Added tenant groups in identity, created test cases for tenant groups
 8230 * Added latest changes to sirish branch with pagination for get tenants
 8231 * Annotate TODOs
 8232 * argument handling in echo.py
 8233 * getting pep8-y with it
 8234 * Merged conflicts
 8235 * Basic auth and refactor
 8236 * more pep8
 8237 * testing merging
 8238 * get \_tenants pagination updates
 8239 * Merging keystone code
 8240 * Basic Auth support
 8241 * 17: query extension works
 8242 * Issue 17: Adding tests
 8243 * removed \r chararcter from unit directory
 8244 * removed windows newline characters from management folder
 8245 * removed unwanted files
 8246 * Adding First kestone repo
 8247 * Add Description File
 8248 * sai added by sai
 8249 * Foo2
 8250 * Foo
 8251 * Initial
 8252 * Minor changes + call using WSGI instead of bottle
 8253 * Restored remoteauth
 8254 * Reverted accidental(?) WADL deletion >:-(
 8255 * Renamed protocol modules to auth\_[type] Renamed PAPIAuth to RemoteAuth - better documented it and added redirect to auth\_token (to stop using this) Cleaned up ini files and ini file handling (removed hard-coded defaults)
 8256 * simple json cleanups for tests
 8257 * pep8-ize
 8258 * Added protocol stubs (openid and basic auth)
 8259 * Renamed delegated to 'delay\_auth\_decision' Remove PAPIAuth Rename folder to Auth\_protocols (that is where we add protocol components)Get\_request -> get\_content Make protocol module more generic (prepare for superclassing and multiple protocol support Refactor Auth\_protocol\_token If no token, bail out quick (clearer) same with if app Break out headers: - here is what is coming in - here is what we add - explain the X in headers: extended header
 8260 * Updated Readme, and added TODO
 8261 * Added XML/Json tests to the identity and updated the README
 8262 * Fixed issue with standalone install
 8263 * Updated readme
 8264 * Fixed remote proxy issue
 8265 * draft remote proxy: needs fixing
 8266 * Updated readme and echo\_client
 8267 * Adding remote echo ini file
 8268 * Fixes to middleware, ini parameters, and support for running echo remotely
 8269 * replaced localhost with config
 8270 * modifide middleware; echo\_client works
 8271 * Fixing and documenting middleware
 8272 * Merged pull request #30 from cloudbuilders/master
 8273 * Updated management scripts to use SQLAlchemy
 8274 * Fixed SQLAlchemy db location to keystone directory
 8275 * Added unit tests and updated the README.md on how to run it
 8276 * made echo test work
 8277 * get\_request is actually init model from request contents
 8278 * missed simplejson assumption
 8279 * finish removing simplejson
 8280 * pythonizing
 8281 * update fault to be pythonic
 8282 * remove unpythonic properties from atom and tenant
 8283 * error decorator and logging unhandled errors
 8284 * missed auth\_data
 8285 * fix typos
 8286 * more pythonic
 8287 * we don't need properties yet
 8288 * use string formating
 8289 * use relative import in init
 8290 * fixed paste configs to run without eggs
 8291 * Fixed mistake in port for echo service
 8292 * Added echo\_client.py
 8293 * keystone.db should be in keystone dir
 8294 * pep8 / whitespace
 8295 * gitignore pyc files
 8296 * split out running and installing sections in readme
 8297 * allow apps to be run without setup.py
 8298 * add command for test database to readme
 8299 * echo has a separate setup.py
 8300 * httplib2 isn't used
 8301 * spacing
 8302 * add httplib2 to deps and sort them
 8303 * Added pip-requires and updated readme to include missing deps
 8304 * explict installs for python libraries
 8305 * update readme formating
 8306 * update readme to be markdown
 8307 * Updated readme
 8308 * Doc fixes
 8309 * Friendly error message if a user is not associated with a tenant
 8310 * Ensure schema complience assertion is on in all tests
 8311 * Whoops, details element is optional in faults
 8312 * Remove identity (1) stuff and renamed identity2 to identity
 8313 * Added wadl and xsd contract links
 8314 * Adjust reletive links in schema
 8315 * Comment seperators
 8316 * Init version links
 8317 * Initial version support
 8318 * Initial extensions support
 8319 * Initial update tenant
 8320 * Make sure we don't delete non-empty tenants
 8321 * Initial delete tenant
 8322 * Initial getTenant
 8323 * Minor updates to tests
 8324 * Initial implementation of get tenants
 8325 * added unit tests in test/unit/test\_keystone.py
 8326 * Initial create tenant
 8327 * Minor bug when serializing tenant to JSON
 8328 * Schema update
 8329 * Whoops forgot 409 in JSON as well!
 8330 * Whoops missed 409 on create tenant
 8331 * setup.py fix
 8332 * Minor fixes
 8333 * pep-8 cleanup of model
 8334 * More pep-8 cleanup
 8335 * Minor fixes
 8336 * Some pep-8 cleanup
 8337 * Initial revoke token
 8338 * Initial support for authenticate
 8339 * Whoops, bad user data
 8340 * Initial working validate token
 8341 * Whoops need to convert datetimes to iso format
 8342 * Test updates
 8343 * tokenId should not be a string!
 8344 * Cleaned up validate token call
 8345 * Full check admin token with soap ui tests
 8346 * Some SQL testing scripts
 8347 * Initial check admin token from db
 8348 * made identity.py pep8 compliant
 8349 * Better error handling
 8350 * Initial full response to authenticate token, still having issues with errors
 8351 * Stubb for token calls
 8352 * Initial prototype of default token based auth protocol
 8353 * Initial deserialization of tenant
 8354 * Initial deserialization of password credentials
 8355 * SQL Alchemy additions: Token
 8356 * SQL Alchemy additions
 8357 * Whoops pep8
 8358 * Output serialization of faults
 8359 * XML and JSON rendering on tenant/s
 8360 * Translations of auth to XML and JSON
 8361 * Sample service.py with sqlalchemy
 8362 * Fixed relative path issue
 8363 * sqlalchemy draft
 8364 * Initial service.py
 8365 * Cleaned up setup.py
 8366 * Added collections
 8367 * Initial atom link type
 8368 * Initial fault type
 8369 * Initial tenant type
 8370 * PEP-8 for echo.py
 8371 * Initial auth types
 8372 * Readme update
 8373 * Fixed identity.py and some styling
 8374 * Minor updates
 8375 * Keystone WSGI and eventlet
 8376 * Corrected how to run echo service
 8377 * Replaced paster with eventlet for echo service
 8378 * Added create tables in README and modified keystone.db to reflect the new schema
 8379 * Merged identity functions second time
 8380 * Sync
 8381 * Whoops should have never checked this in
 8382 * all management files except user add and delete from group
 8383 * Management files except for add/delete user from group
 8384 * Updated README
 8385 * Setup PasteDeploy and configured PAPIAuth
 8386 * reorganization of files
 8387 * Add SOAPUI projects
 8388 * Resolved Conflicts
 8389 * Removed Conflicts
 8390 * dos2unix
 8391 * Deleted IDE files
 8392 * Importing from DevTeam
 8393 * Import from DevTeam
 8394 * updates DevTeam
 8395 * Code by Dev Team
 8396 * Added Power API Auth Middleware
 8397 * removed unused libraries
 8398 * Dev Team: validate\_token , create\_user ( created for test purpose) and update\_tenant
 8399 * Added to README
 8400 * Fixed bug in echo.py
 8401 * Whoops forgot auth header
 8402 * Instructions for soapUI
 8403 * Add WADL links for convenience
 8404 * Initial work into paste deploy...commen out for now
 8405 * Added echo.wadl
 8406 * Fixed for case with missing accept header
 8407 * Added content nagotiation
 8408 * Use XSL to convert
 8409 * Better quote handling
 8410 * Add JSON transform
 8411 * Whoops samples don't match
 8412 * XSD for echo service
 8413 * Initial echo service
 8414 * Updates to identity.py and README
 8415 * Added X-Auth-Token
 8416 * Added extensions
 8417 * Updated errors for extension requests
 8418 * Added getTenant, updateTenant, deleteTenant
 8419 * Added get and create tenants
 8420 * Initial WADL with token operations
 8421 * Added faults
 8422 * Remove refrences to usernameConflict and groupConflict
 8423 * Added common extensions
 8424 * Added api.xsd schema index
 8425 * Added XSD 1.1 and atom linking support
 8426 * Made the tenant xsd extensible
 8427 * Initial tenant xsd
 8428 * Made the token schema extensible
 8429 * Initial token schema
 8430 * Groups should have ids instead of names?
 8431 * Added Creating Tenants, JSON only
 8432 * Remove mention of service catalog
 8433 * Updated samples
 8434 * Updated pubdate
 8435 * Updates to intro section
 8436 * Updated concepts
 8437 * Better entities in document
 8438 * Removed init section from docs, we'll get to them later
 8439 * Added Dependencies section
 8440 * Added License & Create/Delete user management CLI
 8441 * Initial docs import
 8442 * Created DB with users table, simple schema
 8443 * first commit