"Fossies" - the Fresh Open Source Software Archive

Member "keystone-17.0.0/ChangeLog" (13 May 2020, 362546 Bytes) of package /linux/misc/openstack/keystone-17.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 16.0.1_vs_17.0.0.

    1 CHANGES
    2 =======
    3 
    4 17.0.0
    5 ------
    6 
    7 * Fix security issues with EC2 credentials
    8 * Ensure OAuth1 authorized roles are respected
    9 * Check timestamp of signed EC2 token request
   10 * Imported Translations from Zanata
   11 * Update TOX\_CONSTRAINTS\_FILE for stable/ussuri
   12 * Update .gitreview for stable/ussuri
   13 
   14 17.0.0.0rc1
   15 -----------
   16 
   17 * Add schema placeholders for Ussuri
   18 * Remove Babel as requirement
   19 * Remove a note related to UUID tokens from example configuration
   20 * Update api-ref for federated objects in user
   21 * Expiring Group Memberships API - Allow set idp authorization\_ttl
   22 * Add federated support for updating a user
   23 * Update contributors document keystone
   24 * Add federated support for creating a user
   25 * Stop configuring install\_command in tox
   26 * Cleanup py27 support
   27 * Add federated support for get user
   28 * Add expiring user group memberships on mapped authentication
   29 * Expiring Group Membership Driver - Add, List Groups
   30 * Expiring User Group Membership Model
   31 * Community goal: Adding contributing.rst
   32 * Parse cli args in get\_enforcer
   33 * Add openstack\_groups to assertion
   34 * Change time faking for totp test
   35 * Document the "immutable" resource option
   36 * remove oslo-concurrency from requirements
   37 * drop mock from test-requirements
   38 * Correcting api-ref for users
   39 * NIT: Fix spelling
   40 * Copy shibboleth logs in federation jobs
   41 * Ignore SQLAlchemy RemovedIn20Warning
   42 * Switch from mock to unittest.mock use
   43 * Refactor some ldap code to implement TODOs
   44 * Doc Cleanup
   45 * Tell reno to ignore the kilo branch
   46 * Constraint dependencies for docs build
   47 * Removing tempest-full from gate
   48 * Check if content-type contains http, not equals
   49 * Add docs about bootstrapping immutable roles
   50 * Add domain admin grant test cases
   51 * Default to bootstrapping roles as immutable
   52 * Use inspect instead of Inspector.from\_engine()
   53 * Remove six usage
   54 * Updating tox -e all-plugin command
   55 * Capture output from test run of policy generator
   56 * Cleanup doc/requirements.txt
   57 * Always have username in CADF initiator
   58 * Fix duplicated words issue like "each each user\_id"
   59 * Ensure bootstrap handles multiple roles with the same name
   60 * Fix role\_assignments role.id filter
   61 * Fix release note link formatting
   62 * Fix token auth error if federated\_groups\_id is empty list
   63 * Update OIDC documentation to handle bearer access token flow
   64 * Imported Translations from Zanata
   65 * Add docs for app cred access rules
   66 * Remove python 2.7 specific library
   67 * Add name in GET API of application credentials
   68 * Stop adding entry in local\_user while updating ephemerals
   69 * Fix api-ref roles response description
   70 * Fix credential list for project members
   71 * Fix application credential doc example
   72 * Migrate grenade jobs to py3
   73 * Start README.rst with a better title
   74 * Drop old neutron-grenade job
   75 * Stop testing Python 2
   76 * Remove group deletion for non-sql driver when removing domains
   77 * Refresh "how can I help?" doc
   78 * Re-enable line-length linter
   79 * Fix line-length PEP8 errors for c7fae97
   80 * Add voting k2k tests
   81 * Fix K2K auth flow diagram
   82 * Stop explicitly requiring pycodestyle
   83 * Add Source links to readme
   84 * Switch to opensuse-15 nodeset
   85 * Switch to official Ussuri jobs
   86 * Revert "Resource backend is SQL only now"
   87 * Drop project.id foreign keys
   88 * Fix sql migrate repo prefix check
   89 * Add schema placeholders for Train
   90 * Overhaul the RBAC documentation for administrators
   91 * Fix wrong interface description
   92 * Import LDAP job into project
   93 * Update getting started guide
   94 * Remove legacy protection tests
   95 * Update token definitions
   96 * Remove policy.v3cloudsample.json
   97 * Imported Translations from Zanata
   98 * Fix misspell word
   99 * Update master for stable/train
  100 
  101 16.0.0.0rc1
  102 -----------
  103 
  104 * Remove limit policies from policy.v3cloudsample.json
  105 * Add tests for project users interacting with limits
  106 * Allow domain users to access the limit API
  107 * Use immutable roles in tests
  108 * Add missing ws between words in log messages
  109 * Allow system/domain scope for assignment tree list
  110 * Make policy deprecation reasons less verbose
  111 * Readjust job timeouts
  112 * Implement scope type checking for Project Endpoints
  113 * Federation mapping debug should show direct\_maps values
  114 * Consolidate policy deprecation warnings
  115 * Add default roles and scope checking to project tags
  116 * DRY up credential policies
  117 * Move remaining protection tests
  118 * Fix test case in policy associations
  119 * Fix PostgreSQL specifc issue with credentials encoding
  120 * Fix validation of role assignment subtree list
  121 * Specify keystone is OS user for fernet and credential setup
  122 * Add remote\_id definition in \_perform\_auth
  123 * Use correct repo for initial version check
  124 * Split protection unit tests into its own job
  125 * Remove system EC2 credentials from policy.v3cloudsample.json
  126 * Remove system Domain Config from policy.v3cloudsample.json
  127 * Update API version for access rules
  128 * Add access rules to token validation
  129 * Expose access rules as its own API
  130 * Remove obsolete grant policies from policy.v3cloudsample.json
  131 * Alphabetize removed policies in tests
  132 * Implement system admin for OAUTH1 consumers
  133 * Implement system scope for domain role management
  134 * Make system tokens work with domain-specific drivers
  135 * Implement scope type checking for EC2 credentials
  136 * Increase tox job timeouts to 90 minutes
  137 * Add immutable roles status check
  138 * Remove implied roles policies from v3cloudsample
  139 * Implement system admin for implied roles
  140 * Implement domain admin support for grants
  141 * Implement domain reader support for grants
  142 * Add Project User coverage for domain config API
  143 * Add Domain User for security compliance domain config API
  144 * Implement system admin for domain config API
  145 * Implement system reader & member for domain config API
  146 * Fix timeout Zuul changes
  147 * Generate PDF documentation
  148 * Add --immutable-roles flag to bootstrap command
  149 * Add immutable option for roles and projects
  150 * Bump timeout for lower-constraints job
  151 * Implement resource options for roles and projects
  152 * Implement system reader for OAUTH1 consumers
  153 * Implement system reader for implied roles
  154 * Remove system policy and its association from policy.v3cloudsample.json
  155 * Override tox job timeouts
  156 * Fix federation CI
  157 * Fix oauthlib update errors
  158 * Use raw formatting for mapping\_engine help text
  159 * Add tests for project users for policy association
  160 * Add tests for domain users for policy association
  161 * Implement system admin for policy association
  162 * Implement system reader & member for policy association
  163 * Add tests for project users interacting with policies
  164 * Add notifications for deleting app creds by user
  165 * Add tests for domain users interacting with policies
  166 * Clean up UserGroups target enforcement callback
  167 * Fix relative links
  168 * Add tests for project users interacting with endpoint\_groups
  169 * Add tests for domain users interacting with endpoint\_groups
  170 * Implement system\_admin for endpoint\_groups
  171 * Implement system reader and member for endpoint\_groups
  172 * Add retry for DBDeadlock in credential delete
  173 * Fix translated response
  174 * Implement system admin for trusts API
  175 * Add tests for domain users for trusts
  176 * Add tests for system member for trusts
  177 * Implement system reader role for trusts API
  178 * Move get\_role\_for\_trust enforcement to policies
  179 * Move list\_roles\_for\_trust enforcement to policies
  180 * Move get\_trust enforcement to default policies
  181 * Move delete\_trust enforcement to default policies
  182 * Move list\_trusts enforcement to default policies
  183 * Add protection tests for trusts API
  184 * Update broken link
  185 * Update cli docs
  186 * Implement system admin for policies
  187 * Implement system reader and member for policies
  188 * Add support for previous TOTP windows
  189 * Honor group\_members\_are\_ids for user\_enabled\_emulation
  190 * Update api-ref for revocation list OS-PKI
  191 * Docs: Make robust with using real links
  192 * Clean up irrelevant comment
  193 * Fix list\_mappings deprecation warning message
  194 * Allows to use application credentials through group membership
  195 * Fix missing print format and missing ws between words
  196 * Suppress policy deprecation warnings in unit tests
  197 * Add API changes for app cred access rules
  198 * Add manager support for app cred access rules
  199 * Add user\_id, external\_id to access rules table
  200 * Fix websso auth loop
  201 * Deprecate keystone.conf.memcache socket\_timeout
  202 * Fix typo: RBACKEnforcer -> RBACEnforcer
  203 * Run 'tempest-ipv6-only' job in gate
  204 * Followup for remove signing[config]
  205 * Remove broken api-ref link
  206 * doc: Fix broken links
  207 * Fix python3 compatibility on LDAP search DN from id
  208 * Deprecate identity:revocation\_list policy for removal
  209 * Remove [signing] config
  210 * Update api-ref location
  211 * implement system scope for application credential
  212 * Fixing dn\_to\_id function for cases were id is not in the DN
  213 * Add new attribute to the federation protocol API
  214 * Allow to filter endpoint groups by name
  215 * update documentation for X.509 tokenless auth
  216 * Deprecate [federation] federated\_domain\_name
  217 * Allow JsonBlob to accommodate SQL NULL result sets
  218 * Add exercises for intern applicants
  219 * Fix keystone document
  220 * nit: remove some useless code
  221 * Drop limit columns
  222 * token: consistently decode binary types
  223 * Incorrect behavior of validate\_password method
  224 * Update test cases for os-pki revoke API
  225 * Blacklist sphinx 2.1.0 (autodoc bug)
  226 * Bump openstackdocstheme to 1.20.0
  227 * Remove redundant parameter passed to assertTrue
  228 * Add Python 3 Train unit tests
  229 * Switch order of precedence for unit test deps
  230 * Don't call .c from select() objects
  231 * Update misleading comment about fernet credential encryption
  232 * Fix E731 flake8
  233 * [api-ref] Fix nocatalog description for unscoped token
  234 * Drop use opendev.org for tox deps
  235 * Fix contributor doc of keystone
  236 * Add link to describe Principle of Least Privilege
  237 * Update the meaning of low-hanging-fruit
  238 * Implement system scope and default roles for token API
  239 * Update unified limit documentation
  240 * Add cadf auditing to credentials
  241 * Remove deprecated admin\_endpoint
  242 * Revert "Exclude constants from autodoc"
  243 * Revert "Ignore boilerplate constants in autodoc"
  244 * Ignore boilerplate constants in autodoc
  245 * Exclude constants from autodoc
  246 * Report correct domain in federated user token
  247 * Add flake8 ignore list to fast8 script
  248 * Add application\_credential as a CADF type
  249 * add raw format link to keystone config sample
  250 * Update mission statement and vision reflection
  251 * Add note about application credential ownership
  252 * Revert "Add JSON driver for access rules config"
  253 * Revert "Add manager for access rules config"
  254 * Revert "Add a permissive mode for access rules config"
  255 * Revert "Add manager support for app cred access rules"
  256 * Revert "Add API for /v3/access\_rules\_config"
  257 * Don't throw valueerror on bootstrap
  258 * Remove [token]/ infer\_roles
  259 * Pep8 environment to run on delta code only
  260 * Add clarification for context in install guides
  261 * Adds caching of credentials
  262 * Cap sphinx for py2 to match global requirements
  263 * Revert "Blacklist bandit 1.6.0"
  264 * Fix documentation typo
  265 * Blacklist bandit 1.6.0
  266 * Update Python 3 test runtimes for Train
  267 * [docs] remove deprecated ubuntu package from installation
  268 * Fix for werkzeug > 0.15
  269 * Replace git.openstack.org URLs with opendev.org URLs
  270 * OpenDev Migration Patch
  271 * Pass kwargs to exception to get better format of error message
  272 * Replace support matrix ext with common library
  273 * Uncap jsonschema
  274 * Fix unscoped federated token formatter
  275 * Use openstackdocstheme according to guide
  276 * Make fetching all foreign keys in a join
  277 * Support endpoint updates in bootstrap
  278 * Add missing ws separator between words
  279 * Move redelegation fields out of extras
  280 * Replace dict.iteritems() with dict.items() in keystone
  281 * Add release note for service token documentation
  282 * Fix werkzeug imports for version 0.15.x
  283 * Allow an explicit\_domain\_id parameter when creating a domain
  284 * Update the min version of tox
  285 * Convert user\_id back to string
  286 * Add API for /v3/access\_rules\_config
  287 * Ignore Stein-specific release notes
  288 * Be more verbose in logging role grant on bootstrap
  289 * Replace UUID with id\_generator for Federated users
  290 * DRY: Remove redundant policies from policy.v3cloudsample.json
  291 * Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD
  292 * Remove redundant policies from v3cloudsample
  293 * Add domain scope support for group policies
  294 * Update broken links to dogpile.cache docs
  295 * Add keystone's technical vision reflection
  296 * Add release prelude about changing policies
  297 * Consolidate user protection tests
  298 * Replace URL name to the correct one in Keystone Docs
  299 * Delete shadow users when domain is deleted
  300 * Make system admin policies consistent for grants
  301 * Remove assignment policies from policy.v3cloudsample.json
  302 * Add role assignment testing for project users
  303 * Replace openstack.org git:// URLs with https://
  304 * Implement system reader functionality for grants
  305 * Remove external-dev and consolidate to contributor
  306 * Remove system assignment policies from policy.v3cloudsample.json
  307 * Test domain and project users against group system assignment API
  308 * Add role assignment test coverage for domain admins
  309 * Add role assignment test coverage for domain members
  310 * Implement domain reader for role\_assignments
  311 * Add explicit testing for project users and the user API
  312 * Update group system grant policies for admins
  313 * Update system group assignment policies for reader and member
  314 * Fix typo in docs section header
  315 * Update master for stable/stein
  316 * Test project users against system assignment API
  317 * Test domain users against system assignment API
  318 * Update system grant policies for system admin
  319 * Update system grant policies for system member
  320 * Update system grant policies for system reader
  321 
  322 15.0.0.0rc1
  323 -----------
  324 
  325 * trivial: correct spelling in test names
  326 * Remove project policies from policy.v3cloudsample.json
  327 * Implement domain admin functionality for projects
  328 * Implement domain member functionality for projects
  329 * Only validate tokens once per request
  330 * Pin Werkzeug in lower-constraints
  331 * Implement domain admin functionality for user API
  332 * Implement domain member functionality for user API
  333 * Implement domain reader functionality for user API
  334 * Add documentation for service tokens
  335 * Added keystone identity provider installation to Devstack plugin
  336 * PY3: Ensure LDAP searches use unicode attributes
  337 * Use ForbiddenAction for invalid action instead of Forbidden
  338 * Add schema placeholders for Stein
  339 * Implement domain reader functionality for projects
  340 * Small refactor for create nonlocal user
  341 * Mention allow\_expired\_window in fernet FAQ
  342 * Fix the incorrect release name of project guide
  343 * trivial: fix broken link in trust API reference
  344 * Migrate keystone-dsvm-grenade-multinode job to Ubuntu Bionic
  345 * Remove publish-loci post job
  346 * Add hint for order of keys during distribution
  347 * Add service developer documentation for scopes
  348 * Make system members the same as system readers for credentials
  349 * Drop py35 jobs
  350 * Remove service policies from policy.v3cloudsample.json
  351 * Switch federation check jobs to opensuse
  352 * Add manager support for app cred access rules
  353 * Add driver support for app cred access rules
  354 * Add SQL migrations for app cred access rules
  355 * Add a permissive mode for access rules config
  356 * Add manager for access rules config
  357 * Add JSON driver for access rules config
  358 * Remove protocol policies from v3cloudsample.json
  359 * Add tests for project users interacting with services
  360 * Remove role policies from policy.v3cloudsample.json
  361 * Add tests for project users interacting with roles
  362 * Add tests for domain users interacting with roles
  363 * Remove endpoint policies from policy.v3cloudsample.json
  364 * Remove domain policies from policy.v3cloudsample.json
  365 * Add role assignment test coverage for system admin
  366 * Add role assignment test coverage for system members
  367 * Reorganize role assignment tests for system users
  368 * Implement system reader for role\_assignments
  369 * Remove idp policies from policy.v3cloudsample.json
  370 * Add py37 tox env
  371 * Add tests for domain users interacting with services
  372 * Update service policies for system admin
  373 * Add shibboleth config to log output
  374 * Update introduction of external services doc
  375 * Address follow-up comments in contributor guide for specs
  376 * [api-ref] add domain level limit support
  377 * Release note for domain level limit
  378 * Update project depth check
  379 * Add domain level support for strict-two-level-model
  380 * Add domain level limit support - API
  381 * Add domain level limit support - Manager
  382 * Remove mapping policies from policy.v3cloudsample.json
  383 * Add tests for project users interacting with mappings
  384 * Deprecate cache\_on\_issue configuration option
  385 * Add JWS token provider documentation
  386 * Add OpenSUSE support in devstack federation plugin
  387 * Add experimental job for OpenSUSE
  388 * Fix mock for v2 test
  389 * Add documentation for writing specifications
  390 * Remove unused sample token fixtures
  391 * Fix bindep for SUSE
  392 * add python 3.7 unit test job
  393 * Correcting tests with project\_id
  394 * Add domain\_id column for limit
  395 * [SQLite] Ensure change is addressed for limit table
  396 * Remove region policies from policy.v3cloudsample.json
  397 * Add tests for project users interacting with regions
  398 * Add tests for domain users interacting with regions
  399 * Update region policies to use system admin
  400 * Add region tests for system member role
  401 * Implement system admin role in groups API
  402 * populate request context with X.509 tokenless cred information
  403 * Fix wrong example for direct\_maps
  404 * Fixes incorrect params
  405 * Implement JWS token provider
  406 * Seperated CADF notifications tests for request\_id
  407 * Added request\_id and global\_request\_id to basic notifications
  408 * Converting the API tests to use flask's test\_client
  409 * Implement system admin role in users API
  410 * Implement system member role user test coverage
  411 * Implement system reader role for users
  412 * Replace 'tenant\_id' with 'project\_id'
  413 * Add PyJWT as a requirement
  414 * Add test fixture for the JWS key repository
  415 * Add keystone-manage create\_jws\_keypair functionality
  416 * Add configuration options for JWS provider
  417 * Test case for bad type user in assertion
  418 * Adjust Indents to meet PEP8 E117
  419 * Handle special cases with msgpack and python3
  420 * Add experimental job for CentOS
  421 * Add CentOS support in devstack federation plugin
  422 * Remove service provider policies from v3cloudsample.json
  423 * Add documentation for Auth Receipts and MFA
  424 * bump Keystone version for Stein
  425 * Allow project users to retrieve domains
  426 * Fix wrong urls
  427 * Optimize fernet token and receipts in cli.py
  428 * PY3: switch to using unicode text values
  429 * Expose receipt\_setup and receipt\_rotate command
  430 * Clean up the create\_arguments\_apply methods
  431 * Allow domain users to access the GET domain API
  432 * Update doc for token\_setup and token\_rotate
  433 * Fix nits
  434 * Fix app\_cred schema spell nit
  435 * Update limit policies for system admin
  436 * Do not use self in classmethod
  437 * Add tests for project users interacting with endpoints
  438 * Add tests for domain users interacting with endpoints
  439 * Update endpoint  policies for system admin
  440 * Add endpoint tests for system member role
  441 * Update endpoint policies for system reader
  442 * Add tests for domain users interacting with mappings
  443 * Update mapping policies for system admin
  444 * Add mapping tests for system member role
  445 * Update mapping policies for system reader
  446 * Add tests for project users interacting with idps
  447 * Add tests for domain users interacting with idps
  448 * Update idp policies for system admin
  449 * Add idp tests for system member role
  450 * Update idp policies for system reader
  451 * Add region protection tests for system readers
  452 * Update role policies for system admin
  453 * Reuse common system role definitions for roles API
  454 * Add tests for project users interacting with protocols
  455 * Add tests for domain users interacting with protocols
  456 * Implement system admin role in protocol API
  457 * Add protocol tests for system member role
  458 * Update protocol policies for system reader
  459 * Add limit tests for system member role
  460 * Add limit protection tests
  461 * Remove registered limit policies from policy.v3cloudsample.json
  462 * Add tests for project users interacting with registered limits
  463 * Allow domain users to access the registered limits API
  464 * Remove duplicated TOC in configuration guide
  465 * Implement system admin role in project API
  466 * Implement system member role project test coverage
  467 * Implement system reader role for projects
  468 * Enhance the openidc guide
  469 * Enhance the mellon guide
  470 * Enhance the shibboleth guide
  471 * Consolidate WebSSO guide into SP instructions
  472 * Add section on configuring protected auth paths
  473 * Reorganize guide on configuring a keystone SP
  474 * Clean up keystone-to-keystone section
  475 * Enhance authn sections in federation guide
  476 * correct the description on domain re-enable
  477 * Add tests for project users interacting with sps
  478 * Add tests for domain users interacting with sps
  479 * Update service provider  policies for system admin
  480 * Add prerequisites section to keystone-to-keystone
  481 * Invalidate shadow\_federated\_user cache when deleting protocol
  482 * Remove duplicate RBAC logging from enforcer
  483 * Update federation SP prerequisites section
  484 * Use samltest.id as an example sandbox IdP
  485 * Fix nits in code blocks in federation guide
  486 * Bring SP/IdP URLs closer to style guide guidance
  487 * Restructure federation guide
  488 * Update doc with samltest.id
  489 * Clarify location for HTTPD instructions
  490 * Use common system role definitions for registered limits
  491 * Implement system member test coverage for groups
  492 * Implement system reader role for groups
  493 * Add service provider tests for system member role
  494 * Update service provider policies for system reader
  495 * Add service tests for system member role
  496 * Update service policies for system reader
  497 * Use renamed template 'integrated-gate-py3'
  498 * Add scope checks to common system role definitions
  499 * Remove i18n.enable\_lazy() translation
  500 * Reorganize admin guide
  501 * Consolidate service catalog docs
  502 * Add irrelevant-files for grenade-py3 jobs
  503 * Delete outdated keystonemiddleware doc
  504 * Remove example usage from admin guide
  505 * Split trusts docs between admin and user guide
  506 * Move identity sources doc to admin guide
  507 * Remove message about circular role inferences
  508 * Remove Certificates for PKI guide
  509 * Add introduction section to federation docs
  510 * Fix links to external-authentication
  511 * Move list limit docs to admin guide
  512 * Rename admin guide pages
  513 * Consolidate tokenless X.509 docs
  514 * Update registered limit policies for system admin
  515 * Consolidate Keystone docs: admin/identity-external-authentication.rst
  516 * Implement system admin role in domains API
  517 * Implement system member role domain test coverage
  518 * Implement system reader role in domains API
  519 * Bump oslo.policy and oslo.context versions
  520 * Move supported clients section to user guide
  521 * Use request\_body\_json function
  522 * Move SSL recommendation to installation guide
  523 * Move "Public ID Generators" to relevant docs
  524 * Consolidate Keystone docs: federated-identity.rst
  525 * Add role tests for system member role
  526 * Consolidate catalog management guide
  527 * Update role policies for system reader
  528 * Change openstack-dev to openstack-discuss
  529 * Add registered limit tests for system member role
  530 * Add registered limit protection tests
  531 * Keep federation jobs running on Xenial
  532 * Clarify docstrings for domain flask refactor
  533 * Move test utility to common location
  534 * Add missing translation import to common.auth.py
  535 * Move to password validation schema
  536 * Don't emit a notification for the root domain
  537 * Pass context objects to policy enforcement
  538 * Consolidate identity-domain-specific-config.rst
  539 * Consolidate auth-totp.rst
  540 * Consolidate event\_notifications.rst
  541 * Consolidate endpoint-policy.rst
  542 * Consolidate service-catalog.rst
  543 * Update contributor doc
  544 * Use pycodestyle in place of pep8
  545 * Update api-ref to include user options
  546 * Document user options
  547 * Add scope documentation for service developers
  548 * Remove deprecated secure\_proxy\_ssl\_header config
  549 * Refactor flask domain config resources
  550 * Add missing ws seperator between words
  551 * Add the missing packages when install keystone
  552 * add request\_id and global\_request\_id to cadf notifications
  553 * changed port in tools/sample\_data.sh
  554 * Move irrelevant-files to project definition
  555 * Add tempest-full-py3 job to zuul file
  556 * Remove the repetition words in  identity-fernet-token-faq.rst
  557 * Removing default\_assigment\_driver
  558 * Bump sqlalchemy minimum version to 1.1.0
  559 * Drop the compatibility password column
  560 * Remove "crypt\_strength" option
  561 * Correct HTTP OPTIONS method
  562 * Update api-ref for set registered limits
  563 * Remove deprecated "bind" in token
  564 * Update more info of vhost file
  565 * Refactor directory creation into a common place
  566 * Region update extra support
  567 * Change \_\_all\_\_ list to tuple
  568 * Remove redundant variables from context class
  569 * Refresh admin doc
  570 * Fixing nits
  571 * Add abstract method in trusts base.py
  572 * Switch devstack plugin to samltest.id
  573 * Clean up python3.5 usage in tox.ini
  574 * Add py36 tox environment
  575 * Remove unused lower constraints
  576 * Replace usage of get\_legacy\_facade() with get\_engine()
  577 * Fix uwsgi --http flag
  578 * Fix an issue with double fernet key rotation
  579 * Delete PKI middleware debugging section
  580 * Fix developer config dir flask aftermath
  581 * Documentation fix - Port number
  582 * Use port 5000, keystone-wsgi-public and --http-socket
  583 * Changed the port numbers
  584 * Implement auth receipts spec
  585 * changed port in argument '--bootstrap-admin-url'
  586 * Unregister "Exception" from flask handler
  587 * Add release note for unified limit APIs changing
  588 * Deprecate eventlet related configuration
  589 * Remove compatability shim
  590 * Remove check for disabled v3
  591 * Remove obsolete credential policies
  592 * Delete "Preparing your environment" section
  593 * Implement scope\_type checking for credentials
  594 * Fix spelling 'unnecessary'
  595 * Remove custom auth middleware documentation
  596 * Delete the external auth admin guide
  597 * Remove useless use of :orphan:
  598 * Change port and version on v3 endpoints example
  599 * Provide a Location on HTTP 300
  600 * Set Default and resource limit as defined schema
  601 * Emit CADF notifications on authentication for invalid users
  602 * Delete administrator federation guide
  603 * Update keystone-manage bootstrap port instructions
  604 * Fix api-ref v3.9 release identifier
  605 * Update third endpoint legacy port for Keystone v3 API
  606 * Remove unused logging module
  607 * Remove useless "clean" file
  608 * Trivial: Remove repeated if conditions
  609 * Updating doc of unified limit
  610 * Adding 'date' for trust\_flush
  611 * Add caching on trust role validation to improve performance
  612 * Allow registered limit's region\_id to be None
  613 * Add a test for idp and federated user cascade deleting
  614 * Fix example for getting system scoped token
  615 * Remaining cases of MappingEngineTester
  616 * Set min and max length for resource\_name
  617 * Implement scaffolding for upgrade checks
  618 * Fixing update unified limit api-ref
  619 * Remove deprecated token\_flush
  620 * Invalidate app cred AFTER deletion
  621 * Update API version to 3.11
  622 * Added test case update registered limit with region
  623 * Remove incorrect copyright notice
  624 * Remove paste-ini
  625 * Remove pre-flask legacy code
  626 * Make collection\_key and member\_key raise if unset
  627 * Increment versioning with pbr instruction
  628 * Loosen the assertion for logging scope type warnings
  629 * Expand implied roles in system-scoped tokens
  630 * Add test case for expanding implied roles in system tokens
  631 * Move loadapp to a generic place
  632 * Make policy file support in fixture optional
  633 * Use tempest-pg-full
  634 * Cleanup test\_wsgi
  635 * Flask comment/docstring cleanup
  636 * Move AuthContextMiddleware
  637 * Convert Normalizing filter to flask native Middleware
  638 * Internally defined middleware don't use stevedore
  639 * Make Request Logging a little better
  640 * Register exceptions with a Flask Error Handler
  641 * Cleanup keystone.server.flask.application
  642 * Replace JSON Body middleware with flask-native func
  643 * Convert S3 and EC2 auth to flask native dispatching
  644 * Remove skip for test\_locked\_out\_user\_sends\_notification
  645 * Convert projects API to Flask
  646 * Convert /v3/users to flask native dispatching
  647 * add unit tests for healthcheck
  648 * Replace openSUSE experimental check with newer version
  649 * Auth flask conversion cleanup
  650 * Convert auth to flask native dispatching
  651 * Update notification tests to work with o-m 9.0.0
  652 * Don't mock internal implementation details of oslo
  653 * Update log translation hacking check
  654 * Don't quote {posargs} in tox.ini
  655 * Enable foreign keys for unit test
  656 * Update doc string for transform\_to\_group\_ids
  657 * Follow Zuul job rename
  658 * Add release names to api-ref
  659 * Avoid using dict.get() in assertions
  660 * Clarify group-mapping example in docs
  661 * Purge soft-deleted trusts
  662 * LDAP attribute names non-case-sensitive
  663 * Organize project tag api-ref by route
  664 * Add build\_target arguement to enforcer
  665 * Properly replace flask view args in links
  666 * Adding test case for MappingEngineTester
  667 * Fix command to verify role removal in docs
  668 * Add python3 functional test job
  669 * Convert legacy functional jobs to Zuul-v3-native
  670 * Update auto-provisioning example to use reader
  671 * Enable Foreign keys for sql backend unit test
  672 * Add releasenote for bug fix 1789450
  673 * Comment out un-runnable tests
  674 * Mapped Groups don't exist breaks WebSSO
  675 * Add hint back
  676 * Implement Trust Flush via keystone-manage
  677 * Properly normalize domain ids in flask
  678 * Use templates for cover and lower-constraints
  679 * Make OSA rolling upgrade test experimental
  680 * Rename v3-only functional zuul job
  681 * Remove unused revoke\_by\_user\_and\_project
  682 * Address issues with flask conversion of os-federation
  683 * Convert domains api to flask
  684 * Move use of constraints out of install\_cmd
  685 * Ensure view args is in policy dict
  686 * Rename py35 v3 only check
  687 * Convert OS-INHERIT API to flask native dispatching
  688 * Fix a translation of log
  689 * Convert groups API to flask native dispatching
  690 * Fix RBACEnforcer get\_member\_from\_driver mechanism
  691 * Refactor ProviderAPIs object to better design pattern
  692 * Convert OS-FEDERATION to flask native dispatching
  693 * Update the documentation bug tag
  694 * api-ref: Remove broken link
  695 * Added support for a \`\`description\`\` attribute for Identity Roles
  696 * Update the minimimum required version of oslo.log
  697 * Incorrect use of translation \_()
  698 * Update RDO install guide for v3
  699 * Remove member\_role\_id/name
  700 * Convert policy API to flask
  701 * Fix db model inconsistency for FederatedUser
  702 * add python 3.6 unit test job
  703 * switch documentation job to new PTI
  704 * import zuul job settings from project-config
  705 * Use items() instead of iteritems()
  706 * Add details and clarify examples on casing
  707 * Address nits
  708 * Re-Add scope.system to filters
  709 * Add placeholder migrations for Rocky
  710 * Change unique\_last\_password\_count default to 0
  711 * Trivial: Remove app\_conf kwarg from testing setup
  712 * Trivial: Add missing space in exception
  713 * Move json\_home "extension" rel functions
  714 * Convert system (role) api to flask native dispatching
  715 * Do not log token string
  716 * Convert role\_assignments API to flask native dispatching
  717 * Add safety to the inferred target extraction during enforcement
  718 * Use osc in k2k example
  719 * Fix a bug that issue token with project-scope gets error
  720 * Convert role\_inferences API to flask native dispatching
  721 * Convert Roles API to flask native dispatching
  722 * Convert endpoints api to flask native dispatching
  723 * Convert services api to flask native dispatching
  724 * Convert regions API to flask native dispatching
  725 * Remove unused util function
  726 * Redundant parameters in api-ref:domain-config
  727 * Add callback action back in
  728 * Set initiator id as user\_id for auth events
  729 * Update reno for stable/rocky
  730 * More accurate explanation in api-ref:application credentials
  731 * Imported Translations from Zanata
  732 
  733 14.0.0.0rc1
  734 -----------
  735 
  736 * Allow wrap\_member and wrap\_collection to specify target
  737 * Pass path into full\_url and base\_url
  738 * Allow for more robust config checking with keystone-manage
  739 * Remove redundant get\_project call
  740 * Convert OS-SIMPLE-CERT to flask dispatching
  741 * Migrate OS-EP-FILTER to flask native dispatching
  742 * Convert limits and registered limits to flask dispatching
  743 * Add a release note for bug 1785164
  744 * Error location of parameters in api-ref:project tags
  745 * Code optimization of create application credential
  746 * Do not allow create limits for domain
  747 * Update api-ref for unified limits
  748 * Fix json indentation of notification sample
  749 * Convert OS-AUTH1 paths to flask dispatching
  750 * Clean up token extra code
  751 * Expose a bug that issue token with project-scope gets error
  752 * Remove KeystoneToken object
  753 * Convert OS-REVOKE to flask dispatching
  754 * Address FIXMEs for listing revoked tokens
  755 * Move unenforced\_api decorator to module function
  756 * Remove direct calls to auth.controllers in some tests
  757 * Move validate\_issue\_token\_auth from controllers
  758 * Unified code style nullable description parameter
  759 * Remove get\_catalog from manage layer
  760 * Api-ref: Correct response code
  761 * Adding missing comma in docs
  762 * Expose random uuid bug in cadf notifications
  763 * Boostrap CLI tests no longer call auth controller
  764 * Implement "no-update" test for trusts
  765 * Move trusts to flask native dispatching
  766 * Address nits in strict-two-level implementation
  767 * Remove get\_catalog usage from contrib
  768 
  769 14.0.0.0b3
  770 ----------
  771 
  772 * Deprecate [token] infer\_roles=False
  773 * Reduce duplication in federated auth APIs
  774 * Fix RBACEnforcer Comment
  775 * Mirror self-link trust check from tempest
  776 * Trusts do not implement patch
  777 * Allow for 'extension' rel in json home
  778 * Add pycadf initiator for flask resource
  779 * Use oslo\_serialization.jsonutils
  780 * Correctly pull input data for enforcement
  781 * Delete project limits when deleting project
  782 * Add project hierarchical tree check when Keystone start
  783 * Update project depth check
  784 * Add include\_limits filter
  785 * Bump lower constraint for pysaml2 to 4.5.0
  786 * Allow class-level definition of API URL Prefix
  787 * Move Credentials API to Flask Native
  788 * Add project\_id filter for listing limit
  789 * Strict two level limit model
  790 * Switch to python-ldap
  791 * Add correct self-link
  792 * Properly remove content-type on HTTP 204
  793 * Increase test coverage of entity\_type id mapping query
  794 * Cleanup keystone.token.providers.common
  795 * Remove remnants of token bind
  796 * Simplify the token provider API
  797 * Add serialization for TokenModel object
  798 * Introduce new TokenModel object
  799 * Don't allow legacy and native flask to share paths
  800 * Remove uuid token size check from doctor
  801 * Do not use flask.g imported as g
  802 * Fix keystone.common.rbac\_enforcer.\_\_init\_\_.py exporting
  803 * Make keystone.server.flask more interesting for importing
  804 * Flesh out and add testing for flask\_RESTful scaffolding
  805 * Update pypi url to new url
  806 * Invalidate 'computed assignments' cache when creating a project
  807 * Filter project\_id for list limits
  808 * Expose endpoint to return enforcement model
  809 * Add docs for case-insensitivity in keystone
  810 * Clarifications to API & Scenario Tests
  811 * Remove enable config option of trust feature
  812 * Fix keystone-manage saml\_idp\_metadata under python3
  813 * Only upload SP metadata to testshib.org if IDP id is testshib
  814 * Ignore .eggs dir as well
  815 * Implement enforcement model logic in Manager
  816 * Add registered\_limit\_id column for limit
  817 * Add auto increase primary key for unified limit
  818 * Address minor comments from initial impl RBACEnforcer
  819 * Refactor \_handle\_shadow\_and\_local\_users
  820 * Refactor \_set\_domain\_id\_and\_mapping functions
  821 * Move keystone.server.common to keystone.server
  822 * Add support for enforce\_call to set value on flask.g
  823 * Refactor - remove extra for loop
  824 * Remove token bind capabilities
  825 * Address minor comments to 404 error detection
  826 * Exposing ambiguity bug when querying role assignments
  827 * pycrypto is not used by keystone
  828 * Add new "How Can I Help?" contributor guide
  829 * Added check to avoid keyerror "user['name']"
  830 * Implement base for new RBAC Enforcer
  831 * Refactor trust roles check
  832 * Make it easy to identify a 404 from Flask
  833 * Don't replace the whole app just the wsgi\_app backing
  834 * Add support for before and after request functions
  835 * Convert json\_home and version discovery to Flask
  836 * Keystone adheres to public\_endpoint opt only
  837 * Implement scaffolding for Flask-RESTful use
  838 * Add Flask-RESTful and update flask minimum(s)
  839 * Fix keystone-manage mapping\_purge with --type option
  840 * Override oauthlib docstrings that fail with Sphinx 1.7.5
  841 * Simple usage docs for implied roles
  842 * Fix duplicate role names in trusts bug
  843 * Expose duplicate role names bug in trusts
  844 * Remove unclear wording in parameters
  845 * Filter by entity\_type in get\_domain\_mapping\_list
  846 * Migrate all password hashes to the new location if needed
  847 * Add policy for limit model protection
  848 * Api-ref: Refresh the Update APIs for limits
  849 * Imported Translations from Zanata
  850 * Remove a useless function
  851 * Clarify complicated sentence in docs
  852 * Unified limit update APIs Refactor
  853 * Store JSON Home Resources off the composing router
  854 * Ensure default roles created during bootstrap
  855 * Add release notes link to README
  856 * Remove duplicated test
  857 * Expand on debug\_middleware option
  858 * Update response codes for authentication API reference
  859 * Clarify scope responses in authentication api ref
  860 * fix tox python3 overrides
  861 * Add Flaskification release-note
  862 * Remove pastedeploy
  863 * Flaskification cleanup
  864 * Remove the rest of v2.0 legacy
  865 * Add in ability to load DEBUG middleware
  866 * Revert "Rename fernet\_utils to token\_utils"
  867 * Convert Keystone to use Flask
  868 
  869 14.0.0.0b2
  870 ----------
  871 
  872 * Docs: Remove the TokenAuth middleware
  873 * Correct test\_v3\_oauth1.test\_deleting\_project\_also\_invalidates\_tokens
  874 * Correct test\_v3\_oauth1.test\_change\_user\_password\_also\_deletes\_tokens
  875 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_id
  876 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_name
  877 * Fix warnings in documentation
  878 * fix rally docs url
  879 * Decouple bootstrap from cli module
  880 * Handle empty token key files
  881 * Remove some unused functions
  882 * Update tests to work with WebOb 1.8.1
  883 * Consolidate oauth1.rst
  884 * Remove the TokenAuth middleware
  885 * Remove token driver configuration
  886 * Fix the test for unique IdP
  887 * Consolidate health-check-middleware.rst
  888 * Limit description support
  889 * The migration script to add description for limit
  890 * Update IdP sql model
  891 * Remove dead dependency injection code
  892 * Remove unused assertions from test\_v3.py
  893 * Remove dead code in token provider
  894 * Remove unused exception
  895 * Do not return all the limits for POST request
  896 * Add configuration option for enforcement models
  897 * Use the provider\_api module in limit controller
  898 * Fix the outdated URL
  899 * Remove policy service from architecture.rst
  900 * Invalidate the shadow user cache when deleting a user
  901 * Add conceptual overview of the service catalog
  902 * Trivial: Update pypi url to new url
  903 * Update the RDO installation guide to use port 5000
  904 * Update keystone functional tests
  905 
  906 14.0.0.0b1
  907 ----------
  908 
  909 * Remove the sample .conf file
  910 * Allow blocking users from self-service password change
  911 * Add prerequisite package note to Keystone install guide
  912 * Update auth\_uri option to www\_authenticate\_uri
  913 * Fix json schema nullable to add None to ENUM
  914 * Use consistent role schema in token response validation
  915 * Corrects spelling of MacOS
  916 * Fix 500 error when deleting domain
  917 * Allow cleaning up non-existant group assignments
  918 * Follow the new PTI for document build
  919 * Use the new pysaml2 constraints
  920 * Fix incompatible requirement in lower-constraints
  921 * Update install guides
  922 * Fix mispelling of accommodate in install docs
  923 * Fix list\_limit doesn't work correctly for domain
  924 * Expose a bug that list\_limit doesn't work correctly
  925 * Log warning when using token\_flush
  926 * Removal of deprecated direct driver loading
  927 * Make tags filter match subset rather than exact
  928 * Updated from global requirements
  929 * Update RDO install guide for v3
  930 * Remove admin interface in sample Apache file
  931 * add lower-constraints job
  932 * Fix integer -> method conversion for python3
  933 * Fix user email in federated shadow users
  934 * Remove references to v2.0 from external developer doc
  935 * Remove references to UUID from token documentation
  936 * Add logging for xmlsec1 installation
  937 * Updated from global requirements
  938 * Mark the implied role API as stable
  939 * Add note to keystone-manage bootstrap doc
  940 * Fix assert test error under py3.6
  941 * Fix api-ref for project tag create
  942 * Updated from global requirements
  943 * Fixing multi-region support in templated v3 catalog
  944 * Update links in README
  945 * Use different labels for user and project names
  946 * Imported Translations from Zanata
  947 * Add user documentation for JSON Home
  948 * Fix formatting of ImportError
  949 * Imported Translations from Zanata
  950 * Updated from global requirements
  951 * Imported Translations from Zanata
  952 * Remove @expression from tags
  953 * Work around deprecations for opportunistic tests
  954 * Api-ref: fix resource\_limit format
  955 * Correct typo in identity API reference
  956 * Imported Translations from Zanata
  957 * Consolidate identity-token-binding.rst
  958 * Consolidate identity-service-api-protection.rst
  959 * Add new setup commands for token keys
  960 * Consolidate endpoint-filtering.rst
  961 * Remove unnecessary config overrides from fernet tests
  962 * Make assertValidFernetKey assertion more robust
  963 * Update 3.10 versioning to limits and system scope
  964 * Remove v2.0 policies
  965 * Populate application credential data in token
  966 * Imported Translations from Zanata
  967 * Simplify federation and oauth token callbacks
  968 * Simplify token persistence callbacks
  969 * Refactor token cache invalidation callbacks
  970 * Remove needs\_persistence property from token providers
  971 * Imported Translations from Zanata
  972 * Use OSC in application credential documentation
  973 * Add docs for application credentials
  974 * Force SQLite to properly deal with foreign keys
  975 * Remove unused class variables from token provider
  976 * Imported Translations from Zanata
  977 * Grant admin a role on the system during bootstrap
  978 * Fix querying role\_assignment with system roles
  979 * Delete system role assignments when deleting groups
  980 * Expose bug in system assignment when deleting groups
  981 * Delete system role assignments when deleting users
  982 * Expose bug in system assignment when deleting users
  983 * Expose bug in /role\_assignments API with system-scope
  984 * Remove the sql token driver and uuid token provider
  985 * Imported Translations from Zanata
  986 * Update reno for stable/queens
  987 * Imported Translations from Zanata
  988 
  989 13.0.0.0rc1
  990 -----------
  991 
  992 * Add placeholder migrations for Queens
  993 * Delete SQL users before deleting domain
  994 * Reorganize api-ref: v3-ext federation mapping.inc
  995 * Update OBS install docs for v2 removal
  996 * Reorganize api-ref: v3-ext federation service-provider
  997 * Reorganize api-ref: v3-ext oauth.inc
  998 * Replace port 35357 with 5000 for ubuntu guide
  999 * Reorganize api-ref: v3 os-pki
 1000 * Reorganize api-ref: v3-ext federation identity-provider
 1001 * Reorganize api-ref: v3-ext trust.inc
 1002 * Remove v2.0 from documentation guides
 1003 * Remove v2.0 extension documentation
 1004 * Update curl request documentation to remove v2.0
 1005 * Remove v2 and v2-admin API documentation
 1006 * Remove all v2.0 APIs except the ec2tokens API
 1007 * Update sample configuration file for Queens
 1008 * Imported Translations from Zanata
 1009 * Finish refactoring self.\*\_api out of tests
 1010 * Add cache invalidation when delete application credential
 1011 * Expose a bug that application credential cache is not invalidated
 1012 * Fix cache invalidation for application credential
 1013 * Expose a bug that cache invalidation doesn't work for application credential
 1014 * Update the base class for application credential
 1015 * Fix list users by name
 1016 * Refactor self.\*\_api out of tests
 1017 * Use keystone.common.provider\_api for auth APIs
 1018 * Fix the wrong description
 1019 * Remove the redundant word
 1020 * Validate identity providers during token validation
 1021 * Update historical context about the removal of v2.0
 1022 * Document flat limit enforcement model
 1023 * add 'tags' in request body of projects
 1024 * Increase MySQL max\_connections for unit tests
 1025 * Add scope\_types for user policies
 1026 * Use native Zuul v3 tox job
 1027 * Update documentation to reflect system-scope
 1028 * Add a release note for application credentials
 1029 * Impose limits on application credentials
 1030 * Enable application\_credential auth by default
 1031 * Add api-ref for application credentials
 1032 * Add application credential auth plugin
 1033 * Add Application Credentials controller
 1034 * Zuul: Remove project name
 1035 * Refresh the admin\_token doc
 1036 * Remove pki\_setup step in doc
 1037 * Add documentation describing unified limits
 1038 * Handle TZ change in iso8601 >=0.1.12
 1039 * Remove PKI/PKIZ token in doc
 1040 * Add api-ref for unified limits
 1041 * Expose unified limit APIs
 1042 * Implement policies for limits
 1043 * Add limit provider
 1044 * Improve limit sql backend
 1045 * Replace Chinese punctuation with English punctuation
 1046 
 1047 13.0.0.0b3
 1048 ----------
 1049 
 1050 * Add release note for system-scope
 1051 * Implement GET /v3/auth/system
 1052 * Updated from global requirements
 1053 * Implement system-scoped tokens
 1054 * Document scope\_types for project policies
 1055 * Add scope\_types to trust policies
 1056 * Add scope\_types to grant policies
 1057 * Add scope\_types to role assignment policies
 1058 * Fix column rename migration for mariadb 10.2
 1059 * Remove foreign key for registered limit
 1060 * Introduce assertions for system-scoped token testing
 1061 * Implement system-scope in the token provider API
 1062 * Teach TokenFormatter how to handle system scope
 1063 * Remove the deprecated "giturl" option
 1064 * Relay system information in RoleAssignmentNotFound
 1065 * Rename application credential restriction column
 1066 * Update token doc
 1067 * Update keystone v2/tokenauth example
 1068 * Reorganize api-ref: v3-ext revoke.inc
 1069 * Reorganize api-ref: v3-ext ep-filter.inc
 1070 * Reorganize api-ref: v3-ext simple-cert.inc
 1071 * Reorganize api-ref: v3-ext federation projects-domains.inc
 1072 * Document scope\_types for credential policies
 1073 * Document scope\_types for ec2 policies
 1074 * Move token\_formatter to token
 1075 * Document fixes needed for token scope\_types
 1076 * Add scope\_types to service provider policies
 1077 * Add scope\_types to group policies
 1078 * Add scope\_types to domain config policies
 1079 * Add system column to app cred table
 1080 * Fix outdated links
 1081 * Add ability to list all system role assignments
 1082 * Add system role assignment documentation
 1083 * Add Application Credentials manager
 1084 * Handle TODO notes for using new\_user\_ref
 1085 * Updated from global requirements
 1086 * Add application credentials driver
 1087 * Make entries in policy\_mapping.rst consistent
 1088 * Add application credentials db migration
 1089 * Fix indentation in docs
 1090 * remove \_append\_null\_domain\_id decorator
 1091 * Fix wrong url in domains-config-v3.inc
 1092 * msgpack-python has been renamed to msgpack
 1093 * adjust response code order in 'regions-v3.inc'
 1094 * Fix wrong url in config-options.rst
 1095 * adjust response code order in 'authenticate-v3.inc'
 1096 * Reorganize api-ref: v3-ext endpoint-policy.inc
 1097 * Imported Translations from Zanata
 1098 * Extract expiration validation to utils
 1099 * Implement controller logic for system group assignments
 1100 * adjust response code order in ''policies.inc''
 1101 * adjust response code order in ''domains-config-v3.inc''
 1102 * put response code in table of ''domains.inc''
 1103 * adjust response code in order of credentials.inc
 1104 * fix wrong url link of User trusts
 1105 * Reorganize api-ref: v3-ext federation assertion.inc
 1106 * Implement controller logic for system user assignments
 1107 * Add schema check for authorize request token
 1108 * Remove whitespace from policy sample file
 1109 * Use keystone.common.provider\_api for trust APIs
 1110 * Add db operation for unified limit
 1111 * Add new tables for unified limits
 1112 * Fix federation unit test
 1113 * add response example and 'extra' info of create user
 1114 * Add scope\_types to domain policies
 1115 * Add scope\_types for policy policies
 1116 * Add scope\_types to oauth policies
 1117 * Add scope\_types to token revocation policies
 1118 * Add scope\_types to endpoint group policies
 1119 * Migrate jobs to zuulV3
 1120 * Add scope\_types to role policies
 1121 * Add scope\_types to implied role policies
 1122 * Add expired\_at\_int column to trusts
 1123 * Add scope\_types for revoke event policies
 1124 * Add scope\_types to protocol policies
 1125 * Add scope\_types to project endpoint policies
 1126 * Add scope\_types to policy association policies
 1127 * Add scope\_types to mapping policies
 1128 * Add scope\_types to identity provider policies
 1129 * Add scope\_types to service policies
 1130 * Handle InvalidScope exception from oslo.policy
 1131 * Use keystone.common.provider\_api directly in assignment
 1132 * Add scope\_types to region policies
 1133 * Add scope\_types to endpoint policies
 1134 * Expose a get\_enforcer method for oslo.policy scripts
 1135 * Reorganize api-ref: v3 project-tags
 1136 * Reorganize api-ref: v3 authenticate-v3
 1137 * Deprecate [trust]/enabled option
 1138 * Use keystone.common.provider\_api for resource APIs
 1139 * Re-organize api-ref: v3 inherit.inc
 1140 * Implement get\_unique\_role\_by\_name
 1141 * Reorganize api-ref: v3-ext federation projects-domains
 1142 * Reorganize api-ref: v3 regions-v3
 1143 * Reorganize api-ref: v3 policies
 1144 * Remove duplicated release note
 1145 * Reorganize api-ref: v3 credentials
 1146 * Reorganize api-ref: v3 domains-config-v3
 1147 * Reorganize api-ref: v3 service-catalog
 1148 * Reorganize api-ref: v3 projects
 1149 * Reorganize api-ref: v3 roles
 1150 * Use keystone.common.provider\_api for identity APIs
 1151 * Use keystone.common.provider\_api for revoke APIs
 1152 * Use keystone.common.provider\_api for policy APIs
 1153 * Use keystone.common.provider\_api for oauth APIs
 1154 * Use keystone.common.provider\_api for federation APIs
 1155 * Use keystone.common.provider\_api for endpoint\_policy APIs
 1156 * Use keystone.common.provider\_api for credential APIs
 1157 * Use keystone.common.provider\_api for catalog APIs
 1158 * Use keystone.common.provider\_api for token APIs
 1159 * modify LOG.error tip message
 1160 * Performance: improve get\_role
 1161 * Add group system grant policies
 1162 * Replace parse\_strtime with datetime.strptime
 1163 * Remove private methods for v2.0 and v3 tokens
 1164 * Ensure building scope is mutually exclusive
 1165 * Add user system grant policies
 1166 * Implement manager logic for group+system roles
 1167 * Implement manager logic for user+system roles
 1168 * Implement backend logic for system roles
 1169 * Add a new table for system role assignments
 1170 * Refactor project tags encoding
 1171 * Expose a bug when authorize request token
 1172 * Bump API version and date to 3.9
 1173 * Create doc/requirements.txt
 1174 * remove some misleading info in Update user API doc
 1175 * Updated from global requirements
 1176 * remove "admin\_token\_auth" related content"
 1177 * Remove rolling\_upgrade\_password\_hash\_compat
 1178 * Deprecate member\_role\_id and member\_role\_name
 1179 * Migrate functional tests to stestr
 1180 * Remove Dependency Injection
 1181 * Rename fernet\_utils to token\_utils
 1182 * Remove extra parameter for token auth
 1183 * Refresh sample\_data.sh
 1184 * Improve exception logging with 500 response
 1185 * Remove dead code for auth\_context
 1186 * Updated from global requirements
 1187 
 1188 13.0.0.0b2
 1189 ----------
 1190 
 1191 * Reorganize api-ref:v3 groups
 1192 * Handle deprecation of inspect.getargspec
 1193 * Enforce policy on oslo-context
 1194 * Correct error message for request token
 1195 * Refresh the Controller list
 1196 * Updated from global requirements
 1197 * Update keystone testing documentation
 1198 * Fix role schema in trust object
 1199 * Validate disabled domains and projects online
 1200 * Add New in Pike note to using db\_sync check
 1201 * Fix 500 error when create trust with invalid role key
 1202 * Expose a bug when create trust with roles
 1203 * Remove member role assignment
 1204 * Fix wrong links in keystone documentation
 1205 * Add schema check for OS-TRUST:trust authentication
 1206 * Expose a bug when authenticating for a trust-scoped token
 1207 * Update the help message for unique\_last\_password\_count
 1208 * Remove apache-httpd related link
 1209 * Populate user, project and domain names from token into context
 1210 * Remove setting of version/release from releasenotes
 1211 * Updated from global requirements
 1212 * Update cache doc
 1213 * Updated from global requirements
 1214 * Fix 500 error when authenticate with "mapped"
 1215 * Updated from global requirements
 1216 * Filter users/groups in ldap with whitespaces
 1217 * Deprecate policies API
 1218 * Change url in middleware test to v3
 1219 * Remove ensure\_default\_domain\_exists
 1220 * Ensure listing projects always returns tags
 1221 * Consolidate V2Controller functionality
 1222 * Remove v2 token value model
 1223 * Add non-voting rolling upgrade test
 1224 * Remove "no auth token" debug log
 1225 * Partially clarify federation auth plugins
 1226 * Handle ldap size limit exeeded exception
 1227 * policy.v3cloudsample.json: remove redundant blank space
 1228 * Remove expired password v2 test
 1229 * Remove v2 token test models
 1230 * Remove/update v2 catalog endpoint tests
 1231 * Remove unnecessary dependency injection
 1232 * Remove identity v2 to v3 test case
 1233 * Reorganize api-ref: v3 domains
 1234 * Correct parameter to follow convention
 1235 
 1236 13.0.0.0b1
 1237 ----------
 1238 
 1239 * Remove v2 schema and validation tests
 1240 * Implement project tags API controller and router
 1241 * Implement project tags logic into manager
 1242 * Implement backend logic for project tags
 1243 * Remove v2.0 assignment schema
 1244 * Add project tags api-ref documentation and reno
 1245 * Deleting an identity provider doesn't invalidate tokens
 1246 * Add policy for project tags
 1247 * Add JSON schema validation for project tags
 1248 * Fix initial mapping example
 1249 * Fix list in caching documentation
 1250 * Updated from global requirements
 1251 * Refactor test\_backend\_ldap tests
 1252 * Emit deprecation warning for federated domain/project APIs
 1253 * Reorganize api-ref: v3-ext federation auth
 1254 * Update the release name in install tutorial
 1255 * Reorganize api-ref: v3 users
 1256 * Add explain of mapping group attribute
 1257 * Remove v2.0 identity API documentation
 1258 * Add database migration for project tags
 1259 * Remove the v2\_deprecated decorator
 1260 * Remove the v3 to v2 resource test case
 1261 * Remove admin\_token\_auth steps from install guide
 1262 * Remove the v2.0 validate path from validate\_token
 1263 * Remove v2.0 test plumbing
 1264 * Remove v2.0 auth APIs
 1265 * Remove v2.0 token APIs
 1266 * Move auth header definitions into authorization
 1267 * Remove v2.0 identity APIs
 1268 * Use stestr directly instead of ostestr
 1269 * Remove middleware reference to PARAMS\_ENV and CONTEXT\_ENV
 1270 * Migrate to stestr
 1271 * Updated from global requirements
 1272 * Add default configuration files to data\_files
 1273 * Add unit tests to mapping\_purge
 1274 * Replace assertRegexpMatches with assertregex
 1275 * Update API reference link in README
 1276 * Refactor removal of duplicate projects/domains
 1277 * Update links in keystone
 1278 * Fix role assignment api-ref docs
 1279 * Update invalid url in admin docs
 1280 * Remove keystone-all doc
 1281 * Fix typos in bootstrap doc
 1282 * Properly normalize protocol in Fedrations update\_protocol
 1283 * Two different API achieve listing role assignments
 1284 * Add backport migrations for Pike
 1285 * Adds Bandit #nosec flag to instances of SHA1
 1286 * Policy exception
 1287 * Remove duplicate code
 1288 *   Fix a typo
 1289 * Increase multi region endpoints test coverage
 1290 * Replace DbMigrationError with DBMigrationError
 1291 * Confusing notes of ephemeral user's domain
 1292 * Confusing log messages in project hierarchy checking
 1293 * Remove vestigate HUDSON\_PUBLISH\_DOCS reference
 1294 * Add test GET for member url in the Assignment API
 1295 * Remove v2.0 resource APIs
 1296 * Remove v2.0 assignment APIs
 1297 * Remove v2.0 service and endpoint APIs
 1298 * Fix endpoint examples in api-ref
 1299 * Copy specific distro pages for install guide
 1300 * Imported Translations from Zanata
 1301 * Log format error
 1302 * Updated from global requirements
 1303 * Ignore release notes for pike and master
 1304 * Clarify documentation for release notes
 1305 * Revert "Fix wrong links"
 1306 * Remove missing release note from previous revert
 1307 * Include a link in release note for bug 1698900
 1308 * Delete redundant code
 1309 * Call methods with kwargs instead of positionals
 1310 * Remove duplicate roles from federated auth
 1311 * Add the step to create a domain
 1312 * Add int storage of datetime for password created/expires
 1313 * Resource backend is SQL only now
 1314 * Assert default project id is not domain
 1315 * Fix wrong links
 1316 * Imported Translations from Zanata
 1317 * Remove deprecation of domain\_config\_upload
 1318 * Update reno for stable/pike
 1319 
 1320 12.0.0.0rc1
 1321 -----------
 1322 
 1323 * Unset project ids for all identity backends
 1324 * Update docs: fernet is the default provider
 1325 * Add description for relationship links in api-ref
 1326 * Updated URLs in docs
 1327 * Cache list projects and domains for user
 1328 * Remove unused hints from assignment APIs
 1329 * Make an error state message more explicit
 1330 * Fill in content in CLI Documentation
 1331 * Except forbidden when clearing default project IDs
 1332 * Update URL in README.rst
 1333 * Document required \`type\` mapping attribute
 1334 * Imported Translations from Zanata
 1335 * Fix man page builds
 1336 * Fill in content in User Documentation
 1337 * Clarify SELinux note in LDAP documentation
 1338 * Remove duplicate sample files
 1339 * Remove policy for self-service password changes
 1340 * Add role\_domain\_id\_request\_body in parameters
 1341 * use the show-policy directive to show policy settings
 1342 * Move credential encryption docs to admin-guide
 1343 * Consolidate LDAP documentation into admin-guide
 1344 * Imported Translations from Zanata
 1345 * Add description of domain\_id in creating user/group
 1346 * Add cli/ directory for documentation
 1347 * Add user/ directory for documentation
 1348 * Add contributor/ directory for docs
 1349 * Removed unnecessary setUp() calls from unit tests
 1350 * Filter users and groups in ldap
 1351 * Move url safe naming docs to admin guide
 1352 * Fix ec2tokens validation in v2 after regression in metadata\_ref removal
 1353 * Add the step to install apache2 libapache2-mod-wsgi
 1354 * Handle auto-generated domains when creating IdPs
 1355 * Updated from global requirements
 1356 * Fix the documentation sample for OS-EP-FILTER
 1357 
 1358 12.0.0.0b3
 1359 ----------
 1360 
 1361 * Clarify documentation on whitelists and blacklists
 1362 * In the devstack plugin, restart keystone after modifying conf
 1363 * Fix typo in index documentation
 1364 * Move performance documentation to admin-guide
 1365 * Consolidate certificate docs to admin-guide
 1366 * Move auth plugin development doc to contrib guide
 1367 * Add missing comma to json sample
 1368 * Added new subsections to developer docs
 1369 * Fix wording of configuration help text
 1370 * Added index.rst in each sub-directory
 1371 * Optional request parameters should be not required
 1372 * Updated from global requirements
 1373 * Move development environment setup to contributor docs
 1374 * Add a hacking rule for string interpolation at logging
 1375 * Make the devstack plugin more configurable for federation
 1376 * Reorganised developer documentation
 1377 * Enable sphinx todo extension
 1378 * Remove duplicate configuration sections
 1379 * Expanded the best practices subsection in devdocs
 1380 * Added new docs to admin section
 1381 * Move bootstrapping documentation to admin-guide
 1382 * Updated from global requirements
 1383 * Add a release note for bug 1687593
 1384 * Reorganised api-ref index page
 1385 * remove default rule
 1386 * Merged the caching subsections in admin docs
 1387 * Move trust to DocumentedRuleDefault
 1388 * Improved the keystone federation image
 1389 * [install] Clarify the paths of the rc files
 1390 * fix identity:get\_identity\_providers typo
 1391 * fix assert\_admin
 1392 * Fixing flushing tokens workflow
 1393 * Replaced policy.json with policy.yaml
 1394 * Added configuration options using oslo.config
 1395 * Added configuration references to documentation
 1396 * Add history behind why keystone has two ports
 1397 * Move upgrade documentation to admin-guide
 1398 * Stop using deprecated 'message' attribute in Exception
 1399 * Move caching docs into admin-guide
 1400 * Gear documentation towards a wider audience
 1401 * Removed apache-httpd guide from docs
 1402 * Update security compliance documentation
 1403 * A simple fix about explicit unscoped string
 1404 * Remove duplicate token docs
 1405 * Update info about logging in admin guide
 1406 * Use log debug instead of warning
 1407 * Added a note for API curl examples
 1408 * Move import down to correct group
 1409 * Switch from oslosphinx to openstackdocstheme
 1410 * Clarify LDAP invalid credentials exception
 1411 * Ensure there isn't duplication in federated auth
 1412 * Remove keystone\_tempest\_plugin from setup.cfg
 1413 * Move implied role policies to DocumentedRuleDefault
 1414 * Remove duplicated list conversion
 1415 * Remove duplicated hacking rule
 1416 * Document and add release note for HEAD APIs
 1417 * Validate rolling upgrade is run in order
 1418 * Remove duplicate logging documentation
 1419 * Migrated docs from devdocs to user docs
 1420 * Updated from global requirements
 1421 * Remove note about kvs from admin-guide
 1422 * Move token flush documentation to admin-guide
 1423 * Remove the revocation api config section
 1424 * Rename Developer docs to Contributor docs
 1425 * Removed unnecessary line breaks from install-guides
 1426 * Added keystone installation guides
 1427 * Implement HEAD for assignment API
 1428 * Make federation documentation consistent
 1429 * Added keystone admin guides to documentation
 1430 * Add annotation about token authenticate
 1431 * Split test\_get\_head\_catalog\_no\_token
 1432 * Move related project information into main doc
 1433 * Move ec2 credential policies to DocumentedRuleDefault
 1434 * Return 400 when trying to create trust with ambiguous role name
 1435 * Reorganised keystone documentation structure
 1436 * Updated the keystone docs to follow the docs theme
 1437 * Fix PCI DSS docs on change\_password\_after\_first\_use
 1438 * Add HEAD API to auth
 1439 * Add HEAD APIs to federated API
 1440 * Ensure the trust API supports HEAD requests
 1441 * Ensure oauth API supports HEAD
 1442 * Ensure the endpoint policy API supports HEAD
 1443 * Improve handling of database migration checks
 1444 * Updated from global requirements
 1445 * Check log output rather than emitting in tests
 1446 * Ensure HEAD is supported with simple cert
 1447 * Ensure the ec2 API supports HEAD
 1448 * Ensure the endpoint filter API supports HEAD
 1449 * Move domain config to DocumentedRuleDefault
 1450 * Add HEAD API to domain config
 1451 * Updated from global requirements
 1452 * Move grant policies to DocumentedRuleDefault
 1453 * Move role policies to DocumentedRuleDefault
 1454 
 1455 12.0.0.0b2
 1456 ----------
 1457 
 1458 * Use DocumentedRuleDefault for token operations
 1459 * Remove the local tempest plugin
 1460 * Add response example in authenticate-v3.inc
 1461 * Addition of "type" optional attribute to list credentials
 1462 * Remove keystone.conf if not used
 1463 * Updated from global requirements
 1464 * Remove assertRaisesRegexp testing function
 1465 * Update DirectMappingError in keystone.exception
 1466 * Remove dependency requires if not used
 1467 * Add role test to test\_consume\_trust\_once in test\_v3\_auth.py
 1468 * Writing API & Scenario Tests docs
 1469 * Handle group NotFound in effective assignment list
 1470 * Updated from global requirements
 1471 * Update doctor warning about caching
 1472 * Basic overview of tempest and devstack plugins
 1473 * Updated from global requirements
 1474 * Updated from global requirements
 1475 * Don't need to contruct data if not need persistence
 1476 * Fix response body of getting role inference rule
 1477 * Quotation marks should be included in http url using curl
 1478 * Updated from global requirements
 1479 * Replace test.attr with decorators.attr
 1480 * Update test case for federation
 1481 * Support new hashing algorithms for securely storing password hashes
 1482 * Remove loading drivers outside of their expected namespaces
 1483 * Change LDAPServerConnectionError
 1484 * Error api about grant collections in policy\_mapping.rst
 1485 * Updated from global requirements
 1486 * Handle NotFound when listing role assignments for deleted users
 1487 * Update sample configuration file for Pike
 1488 * Change url scheme passed to oauth signature verifier
 1489 * Updated from global requirements
 1490 * Role name is unique within the owning domain
 1491 * Remove LDAP delete logic and associated tests
 1492 * Revert change 438035 is\_admin\_project default
 1493 * Trivial fix typo in doc
 1494 * Fix misnamed variable in config
 1495 * Change url passed to oauth signature verifier to request url
 1496 * Expose a bug in domain creation from idps
 1497 * Role name is unique within the owning domain
 1498 * Refactor is\_admin
 1499 * Update fail message to test\_database\_conflicts
 1500 * Fix keystone.tests.unit.test\_v3\_oauth1.MaliciousOAuth1Tests
 1501 * Test config option 'user\_enabled\_default' with string type value
 1502 * Stop using oslotest.mockpatch
 1503 * Remove X-Auth-Token from response parameters
 1504 * Fix test\_minimum\_password\_age\_and\_password\_expires\_days\_deactivated
 1505 * Refactor Authorization:
 1506 * Cleanup policy generation
 1507 * Fix test keystone.tests.unit.test\_token\_bind.BindTest
 1508 * Fix keystone.tests.unit.test\_backend\_ldap.LDAPIdentity
 1509 * Remove test\_metadata\_invalid\_contact\_type
 1510 * Update dead API spec links
 1511 * override config option notification\_opt\_out with list
 1512 * Add filter explain in api ref about parents\_as\_list and subtree\_as\_list
 1513 * use '&' instead of '?' to connect parameters in url
 1514 * Remove usage of enforce\_type
 1515 * Revise doc about python 3.4
 1516 * Update Devstack plugin for uwsgi and mod\_proxy\_uwsgi
 1517 * Add notes in inherit.inc
 1518 * Do not fetch group assignments without groups
 1519 * Readability enhancements to architecture doc
 1520 * Add response examples to OS-OAUTH1 api documentation
 1521 * Correct oauth create\_request\_token documentation
 1522 * Remove unused CONF
 1523 * Remove unused LOG
 1524 * Move policy generator config to config-generator/
 1525 * Include sample policy file in documentation
 1526 * Trivial Fix: fix typo in test comments
 1527 * Move user policies to DocumentedRuleDefault
 1528 * Explicitly set 'builders' option
 1529 * Make flushing tokens more robust
 1530 * Minor corrections in OS-OAUTH1 api documentation
 1531 * Fix-test-of-assertValidRole
 1532 * Small refactoring in tests development docs
 1533 * Move endpoint group to DocumentedRuleDefault
 1534 * Fix doc generation for python 3
 1535 
 1536 12.0.0.0b1
 1537 ----------
 1538 
 1539 * Updated from global requirements
 1540 * Imported Translations from Zanata
 1541 * Updated scope parameter description in v3 API-ref
 1542 * Add Apache License Content in index.rst
 1543 * Address comments from Policy in Code 5
 1544 * Remove unused revocation check in revoke\_models
 1545 * Updated from global requirements
 1546 * Remove unused code in test\_revoke
 1547 * Move group policies to DocumentedRuleDefault
 1548 * Move consumer to DocumentedRuleDefault
 1549 * Move access token to DocumentedRuleDefault
 1550 * Move mapping to DocumentedRuleDefault
 1551 * Move role assignment to DocumentedRuleDefault
 1552 * Move region policies to DocumentedRuleDefault
 1553 * Move project endpoint to DocumentedRuleDefault
 1554 * Remove unnecessary processing when deleting grant
 1555 * Add sem-ver flag so pbr generates correct version
 1556 * Move protocol to DocumentedRuleDefault
 1557 * Move credential policies to DocumentedRuleDefault
 1558 * Move policy association to DocumentedRuleDefault
 1559 * Move and refactor test\_revoke\_by\_audit\_chain\_id
 1560 * Move policy policies to DocumentedRuleDefault
 1561 * Move and refactor project\_and\_user\_and\_role
 1562 * Updated from global requirements
 1563 * Move and refactor test\_by\_domain\_domain
 1564 * Move and refactor test\_by\_domain\_project
 1565 * Move and refactor test\_by\_domain\_user
 1566 * Remove unused method \_sample\_data in test\_revoke
 1567 * Refactor test\_revoke to call check\_token directly
 1568 * Differentiate between dpkg and rpm for libssl-dev
 1569 * Move auth to DocumentedRuleDefault
 1570 * Move service policies to DocumentedRuleDefault
 1571 * Remove unnecessary setUp function in testcase
 1572 * Remove policy file from source and refactor tests
 1573 * Remove revocation API dependency from identity API
 1574 * Remove revocation API dependency from resource API
 1575 * Move project policies to DocumentedRuleDefault
 1576 * Replace wip with skip
 1577 * Removed domain conflict guard in load\_fixtures
 1578 * Updated from global requirements
 1579 * Remove create\_container\_group from tests
 1580 * Add charset to webob.Response
 1581 * Move identity provider to DocumentedRuleDefault
 1582 * Move endpoint policies to DocumentedRuleDefault
 1583 * Move domain policies to DocumentedRuleDefault
 1584 * Move service provider to DocumentedRuleDefault
 1585 * Add policy sample generation
 1586 * Removed the deprecated pki\_setup command
 1587 * Reduce fixture setup in test\_backend\_ldap
 1588 * Consolidate and cleanup test\_backend\_ldap setup
 1589 * Remove conflict guards in load\_fixtures
 1590 * Remove orphaned \_create\_context test helper
 1591 * Remove decorator for asserting validation errors
 1592 * Remove orphaned AuthTestMixin from test\_v3
 1593 * Move revoke events to DocumentedRuleDefault
 1594 * Doc db\_sync --expand incurring downtime in upgrades to Newton
 1595 * Fix some reST field lists in docstrings
 1596 * Remove log translations in keystone
 1597 * Move release note from /keystone/releasenotes to /releasenotes
 1598 * Small fixes for WebOb 1.7 compatibiltity
 1599 * Error messages are not translating with locale
 1600 * Add a note to db\_sync configuration section
 1601 * Remove unused revoke\_by\_domain\_role\_assignment
 1602 * Remove unused revoke\_by\_project\_role\_assignment
 1603 * Remove unnecessary revocation events revoke grant
 1604 * Remove unnecessary revocation events
 1605 * Remove unnecessary revocation events
 1606 * Policy in code (part 5)
 1607 * Policy in code (part 4)
 1608 * Set the correct in-code policy for ec2 operations
 1609 * Don't persist revocation events when deleting a role
 1610 * Policy in code (part 3)
 1611 * Policy in code (part 2)
 1612 * Policy in code
 1613 * Speed up check\_user\_in\_group for LDAP users
 1614 * Don't persist rev event when deleting access token
 1615 * Include the requested URL in authentication errors
 1616 * Remove extra duplicate 'be' in description
 1617 * Add group\_members\_are\_ids to whitelisted options
 1618 * Use HostAddressOpt for opts that accept IP and hostnames
 1619 * Remove x-subject-token in api-ref for v3/auth/catalog
 1620 * Add reno conventions to developer documentation
 1621 * Updated from global requirements
 1622 * Fix description for 204 response
 1623 * Updated from global requirements
 1624 * Remove keystone.common.ldap
 1625 * Fix the typo
 1626 * Add in-code comment to clarify pattern in tests
 1627 * Fix keystone.o.o URL
 1628 * Test for fernet rotation recovery after disk full
 1629 * API-ref return code fix
 1630 * Updated from global requirements
 1631 * Imported Translations from Zanata
 1632 * Fix api-ref building with sphinx 1.5
 1633 * Change is\_admin\_project to False by default
 1634 * Remove pbr warnerrors in favor of sphinx check
 1635 * Move driver loading inside of dict
 1636 * Minor cleanup from patch 429047
 1637 * Remove password\_expires\_ignore\_user\_ids
 1638 * Remove unused variable
 1639 * Revise conf param in releasenotes
 1640 * Modify examples to use v3 URLs
 1641 * Fix duplicate handling for user-specified IDs
 1642 * Removing group role assignments results in overly broad revocation events
 1643 * Typos in the LoadAuthPlugins note
 1644 * Remove domains \*-log-\* from compile\_catalog
 1645 * Add instruction to restart apache
 1646 * Exchange cURL examples for openstackclient
 1647 * Updated from global requirements
 1648 * Remove x-subject-token in api-ref for v3/auth/{projects,domains}
 1649 * Exclusively use restore\_padding method in unpacking fernet tokens
 1650 * Remove EndpointFilterCatalog
 1651 * Give a prospective removal date for all v2 APIs
 1652 * Fix some typo in releasenotes
 1653 * Correct and enhance OpenId Connect docs
 1654 * Imported Translations from Zanata
 1655 * Correct and enhance Mellon federation docs
 1656 * Clear the project ID from user information
 1657 * Fix MFA rule checks for LDAP auth
 1658 * Fix v2 role create schema validation
 1659 * Update reno for stable/ocata
 1660 * Fix the s3tokens endpoint
 1661 * Stop reading local config dirs for domain-specific file config driver
 1662 * Fix typo in config doc
 1663 * Updated from global requirements
 1664 * Fix example response formatting
 1665 * Rename protocol cascade delete migration file
 1666 * Remove logging import unused
 1667 * Address db\_sync check against new install
 1668 * Deprecate (and slate for removal) UUID tokens
 1669 * Remove the file encoding which is unnecessary
 1670 * Correct some typo errors
 1671 * Federated mapping doc improvements
 1672 * Include 'token' in the method list for federated scoped tokens
 1673 * Add --check to keystone-manage db\_sync command
 1674 * Deprecate (and emit message) AdminTokenAuthMiddleware
 1675 * Use ostestr instead of the custom pretty\_tox.sh
 1676 * Fix multiple uuid warnings with pycadf
 1677 * Add unit test for db\_sync run out of order
 1678 * Fixed warning when building keystone docs
 1679 * Ensure migration file names are unique to avoid caching errors
 1680 * use the correct bp link for shadow-mapping rel note
 1681 * Readability/Typo Fixes in Release Notes
 1682 * Remove unused api parameters
 1683 * Make use of Dict-base including extras explicit
 1684 * Add placeholder migrations for Ocata
 1685 * Update hacking version
 1686 * Use httplib constants for http status codes
 1687 * Renaming of api parameters
 1688 * Remove KVS code
 1689 
 1690 11.0.0
 1691 ------
 1692 
 1693 * Modify the spelling mistakes
 1694 * Stop reading local config dirs for domain-specific SQL config driver
 1695 * Prepare for using standard python tests
 1696 * update keystone.conf.sample for ocata-rc
 1697 * Add MFA Rules Release Note
 1698 * Remove de-dupe for MFA Rule parsing
 1699 * Add comment to clarify resource-options jsonschema
 1700 * Cleanup TODO, AuthContext and AuthInfo to auth.core
 1701 * Cleanup TODO about auth.controller code moved to core
 1702 * Add validation that token method isn't needed in MFARules
 1703 * Add validation for mfa rule validator (storage)
 1704 * Process and validate auth methods against MFA rules
 1705 * Update endpoint api for optional region\_id
 1706 * No need to enable infer\_roles setting
 1707 * Fix bad error message from FernetUtils
 1708 * Use https for docs.openstack.org references
 1709 * Update PCI documenation
 1710 * Auth Plugins pass data back via AuthHandlerResponse
 1711 * Auth Method Handlers now return a response object always
 1712 * Add MFA Rules and Enabled User options
 1713 * cleanup release notes from PCI options
 1714 * Create user option \`ignore\_lockout\_failure\_attempts\`
 1715 * Implement better validation for resource options
 1716 * Deprecate [security\_compliance]\password\_expires\_ignore\_user\_ids
 1717 * Fixes deprecations caused by latest oslo.context
 1718 * PCI-DSS Force users to change password upon first use
 1719 * clean up release notes for ocata
 1720 * Reuse already existing groups from upstream tempest config
 1721 * add additional deprecation warnings for KVS options
 1722 * Address follow-up comments from previous patchset
 1723 * Cleanup for resource-specific options
 1724 * Adds tests showing how mapping locals are handled
 1725 
 1726 11.0.0.0b3
 1727 ----------
 1728 
 1729 * Add 'options' as an explicit user schema validation
 1730 * Code-Defined Resource-specific Options
 1731 * Set the domain for federated users
 1732 * Refactor shadow users tests
 1733 * Add domain\_id to the user table
 1734 * Do not call \`to\_dict\` outside of a session context
 1735 * Remove code supporting moving resources between domains
 1736 * Change unit test class to a less generic name
 1737 * Remove dogpile.core dependencies
 1738 * Verbose breakup of method into seperate methods
 1739 * Fixed unraised exception in \_disallow\_write for LDAP
 1740 * Add password expiration queries for PCI-DSS
 1741 * Add missing parentheses
 1742 * Add queries for federated attributes in list\_users
 1743 * update entry points related to paste middleware
 1744 * Remove LDAP write support
 1745 * Remove releated role\_tree\_dn test
 1746 * Add warning about using \`external\` with federation
 1747 * Allow user to change own expired password
 1748 * Fix warnings generated by os-api-ref 1.2.0
 1749 * Improvements to external auth documentation page
 1750 * Test cross domain authentication via implied roles
 1751 * Updates to project mapping documentation
 1752 * Add documentation for auto-provisioning
 1753 * Implement federated auto-provisioning
 1754 * Fix typo in main docs page
 1755 * switch @hybrid\_property to @property
 1756 * Catch potential SyntaxError in federation mapping
 1757 * Fix typo in shibboleth federation docs
 1758 * Handling of 'region' parameter as None
 1759 * Corrected punctuation on multiple exceptions
 1760 * Exclude 'keystone\_tempest\_plugin' in doc build
 1761 * Force use of AuthContext object in .authentcate()
 1762 * Cascade delete federated\_user fk
 1763 * update sample config for ocata release
 1764 * Drop type in filters
 1765 * Add DB operations tracing
 1766 * fix broken links
 1767 * Changed 'Driver' reference to 'TokenDriverBase'
 1768 * Fix keystone-manage mapping\_engine tester
 1769 * Add anonymous bind to get\_connection method
 1770 * Set connection timeout for LDAP configuration
 1771 * Invalid parameter name on interface
 1772 * Bump API version and date
 1773 * listing revoke events should be admin only
 1774 * Adds projects mapping to the mapping engine
 1775 * Updated docstring for test\_sql\_upgrade.py
 1776 * Use public interfaces of pep8 for hacking
 1777 * [api-ref] Clean up OS-EP-FILTER association docs
 1778 * Remove comment from previous migration
 1779 * [api-ref] Clean up OS-EP-FILTER documentation
 1780 * Fixed not in toctree warnings when building docs
 1781 * Remove stevedore warning when building docs
 1782 * Update docs to require domain\_id when registering Identity Providers
 1783 * Retry on deadlock Transactions in backend
 1784 * Fix region\_id responses and requests to be consistent
 1785 * Remove endpoint\_id parameter from EP-FILTER docs
 1786 * [api] fix ep filter example
 1787 * Require domain\_id when registering Identity Providers
 1788 * Fix minor typo
 1789 * Remove references to Python 3.4
 1790 * Improve assertion in test
 1791 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1792 * Correct invalid rst in api docs
 1793 * Fixed 7 tests running twice in v3 identity
 1794 * Fix issues with keystone-dsvm-py35-functional-v3-only on py35
 1795 * Fix the usage of tempest.client.Manager class
 1796 * Correct timestamp format in token responses
 1797 * Remove unused exceptions from CADF notifications
 1798 * Minor improvement in test\_user\_id\_persistence
 1799 * Remove CONF.domain\_id\_immutable
 1800 * Fix test function name with two underscores to have only one
 1801 * Updated from global requirements
 1802 * Fix import ordering in tempest plugins
 1803 * [api] Inconsistency between v3 API and keystone token timestamps
 1804 * Federated authentication via ECP functional tests
 1805 * Removes unnecessary utf-8 encoding
 1806 * Handle disk write failure when doing Fernet key rotation
 1807 * Fix cloud\_admin rule and ensure only project tokens can be cloud admin
 1808 * Updated from global requirements
 1809 * Remove duplicate role assignment in federated setup
 1810 * Remove unused variables from federation tests
 1811 * Remove unused variables from unit test method
 1812 * Add reason to CADF notifications in docs
 1813 * [doc] point release note docs to project team guide
 1814 * [api] set \`is\_admin\_project\` on tokens for admin project
 1815 * Settings for test cases
 1816 * Add reason to notifications for PCI-DSS
 1817 * Fix typo in doc
 1818 * fix one typo
 1819 * Updated from global requirements
 1820 * Wrap invalidation region to context-local cache
 1821 * move common sql test helpers to base class
 1822 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1823 * replace assertTrue with assertIs
 1824 
 1825 11.0.0.0b2
 1826 ----------
 1827 
 1828 * Replace logging with oslo\_log
 1829 * expose v3policy failure with is\_admin\_token
 1830 * Add doctor checks for ldap symptoms
 1831 * Implement password requirements API
 1832 * Fix a typo in comment
 1833 * Add unit tests for doctor token\_fernet symptoms
 1834 * Remove impossible case from \_option\_dict method
 1835 * Make \_option\_dict() a method for domain\_config\_api
 1836 * Add unit tests for doctor tokens symptoms
 1837 * Add checks for doctor credential symptoms
 1838 * Make user to nonlocal\_user a 1:1 relationship
 1839 * Add id to conflict error if caused by duplicate id
 1840 * Refactors \_get\_names\_from\_role\_assignments
 1841 * Do not manually remove /etc/shibboleth folder
 1842 * API Documentation for user password expires
 1843 * Revert "API Documentation for user password expires"
 1844 * API Documentation for user password expires
 1845 * Clean up keystone doc landing page
 1846 * Add doctor tests on security\_compliance and rename
 1847 * Fix typo in api-ref doc
 1848 * Move V2TokenDataHelper to the v2.0 controller
 1849 * Remove exception from v2 validation path
 1850 * Make bootstrap idempotent when it needs to be
 1851 * Add unit tests for doctor's database symptoms
 1852 * Print name with duplicate error on user creation
 1853 * Expose idempotency issue with bootstrap
 1854 * Print domain name in mapping\_populate error message
 1855 * Correct missspellings of secret
 1856 * Trivial indentation corrections in mappings doc
 1857 * Add doctor check for debug mode enabled
 1858 * Fixed multiple warnings in tox -edocs
 1859 * Get assignments with names honors inheritance flag
 1860 * Updated from global requirements
 1861 * Add test to expose bug 1625230
 1862 * Invalidate token cache after token delete
 1863 * Revert "Rename doctor symptom in security\_compliance"
 1864 * Domain included for role in list\_role\_assignment
 1865 * api-ref update for roles assignments with names
 1866 * Rename doctor symptom in security\_compliance
 1867 * Corrects sample-data incorrect credential call
 1868 * Correct minor issues in test schema
 1869 * Add unit tests for doctor federation file
 1870 * Remove CONF.os\_inherit.enabled
 1871 * Add unit tests for doctor's caching symptoms
 1872 * Updated from global requirements
 1873 * Updated from global requirements
 1874 * More info in schema validation error
 1875 * Minor fix in role\_assignments api-ref
 1876 * Include mapped in the default auth methods
 1877 * Validate token issue input
 1878 * Removes unused exceptions
 1879 * Removes unused method from assignment core
 1880 * Removes unused default\_assignment\_driver method
 1881 * Removed unused EXTENSION\_TO\_ADD test declarations
 1882 * Use sha512.hash() instead of .encrypt()
 1883 * Don't invalidate all user tokens of roleless group
 1884 * Upload service provider metadata to testshib
 1885 * Updated from global requirements
 1886 * SAML federation docs refer to old WSGIScriptAlias
 1887 * cache\_on\_issue default to true
 1888 * Make try/except work for passlib 1.6 and 1.7
 1889 * Document token header in federation auth response
 1890 * Refactor Keystone admin-tokens and admin-users v2
 1891 * ignore deprecation warning for .encrypt()
 1892 * Send the identity.deleted.role\_assignment after the deletion
 1893 * Allow fetching an expired token
 1894 * Show team and repo badges on README
 1895 * Remove eventlet-related call to sleep
 1896 * Add a comment about not using assertTrue
 1897 * clean up developer docs
 1898 * Improvements in error messages
 1899 * Remove trailing "d" from -days param of OpenSSL command
 1900 * Swap the notification formats in the docs
 1901 * Normalizes use of ForbiddenAction in trusts
 1902 * Enable CADF notification format by default
 1903 * Remove unused statements in matches
 1904 * Fix doc example
 1905 * Remove extension and auth\_token middleware docs
 1906 * Move docs from key\_terms to architecture
 1907 * move content from configuringservices to configuration
 1908 * Update configuration.rst documentation
 1909 * Verbose 401/403 debug responses
 1910 * Fix the misspelling in \`keystone/tests/unit/test\_cli.py\`
 1911 * refactor notification test to work with either format
 1912 * Clarify the v2.0 validation path
 1913 * Remove metadata from token provider
 1914 * Lockout ignore user list
 1915 * Add developer docs for keystone-manage doctor
 1916 * [api] add changelog from 3.0 -> 3.7
 1917 * Devstack plugin to federate with testshib.org
 1918 * Remove entry\_points to non-existent drivers
 1919 * Fix typo in doc
 1920 
 1921 11.0.0.0b1
 1922 ----------
 1923 
 1924 * remove release note about LDAP write removal
 1925 * Change "Change User Password" request example
 1926 * Fixes remaining nits in endpoint\_policy tests
 1927 * Remove reference to future removal of saml
 1928 * Limits config fixture usage to where it's needed
 1929 * Updated from global requirements
 1930 * Remove format\_token method
 1931 * Remove issue\_v3\_token in favor of issue\_token
 1932 * Remove issue\_v2\_token
 1933 * refactor the token controller
 1934 * Use issue\_v3\_token instead of issue\_v2\_token
 1935 * Updates to the architecture doc
 1936 * Support nested groups in Active Directory
 1937 * Add healthcheck middleware to pipelines
 1938 * Request cache should not update context
 1939 * Change cfg.set\_defaults into cors.set\_defaults
 1940 * Updated from global requirements
 1941 * Updated from global requirements
 1942 * Doc warning for keystone db migration
 1943 * Wording error in upgrading documentation
 1944 * Updated from global requirements
 1945 * fix credentials backend tests
 1946 * Allow running expand & migrate at the same time
 1947 * Add test cases for passing "None" as a hint
 1948 * Fix test\_revoke to run all tests after pki removal
 1949 * Updated from global requirements
 1950 * Switch fernet to be the default token provider
 1951 * Remove support for PKI and PKIz tokens
 1952 * Doc the difference between memcache and cache
 1953 * Doctor ldap check fix for config files
 1954 * Additional logging when authenticating
 1955 * Document OS-SIMPLE-CERT Routes
 1956 * Document v2 Revoked Token Route
 1957 * Add api-ref /auth/tokens/OS-PKI/revoked (v3)
 1958 * Fix broken links in the docs
 1959 * Add structure for Devstack plugin
 1960 * Add bindep environment to tox
 1961 * Pass a request to controllers instead of a context
 1962 * Create default role as a part of bootstrap
 1963 * Updated from global requirements
 1964 * Don't deprecate the LDAP property which is still needed
 1965 * Clarifying on the remove of \`build\_auth\_context\` middleware
 1966 * log.error use \_ of i18n
 1967 * Doctor check for LDAP domain specific configs
 1968 * Updated from global requirements
 1969 * Updated from global requirements
 1970 * Validate mapping exists when creating/updating a protocol
 1971 * Remove new\_id() in test\_revoke
 1972 * Adds warning when no domain configs were uploaded
 1973 * Add release note for fernet tokens
 1974 * Tweak api-ref doc for v3 roles
 1975 * Tweak api-ref doc for v3 roles status codes
 1976 * Reorder APIs in api-ref for v3 groups
 1977 * [api-ref] Remove the duplicated sample
 1978 * Follow-on of memcache token persistence removal
 1979 * changed domain id to name in JSON request
 1980 * More configuration doc edits
 1981 * Remove backend dependencies from token provider
 1982 * Updated from global requirements
 1983 * [api-ref] Fix couple of issues on OS-INHERIT API
 1984 * Code cleanup
 1985 * Replace tenant with project for keystone catalog
 1986 * Imported Translations from Zanata
 1987 * Update, correct, and enhance federation docs
 1988 * Invalidate trust when the related project is deleted
 1989 * Remove unused arg(project and initiator)
 1990 * Drop MANIFEST.in - it's not needed by pbr
 1991 * Ignore unknown arguments to fetch\_token
 1992 * Return password\_expires\_at during auth
 1993 * Move the token abstract base class out of core
 1994 * Add is\_admin\_project to policy dict
 1995 * Fix a typo in token\_formatters.py
 1996 * Improve check\_token validation performance
 1997 * Add revocation event indexes
 1998 * Add docs for PCI-DSS
 1999 * Invalidate trust when the trustor or trustee is deleted
 2000 * Updated from global requirements
 2001 * [api] add a note about project name restrictions
 2002 * One validate method to rule them all..
 2003 * Simplify the KeystoneToken model
 2004 * Remove validate\_v2\_token() method
 2005 * [api] remove \`user\_id\` and \`project\_id\` from policy
 2006 * Remove the decorator where it's not applied
 2007 * Optimize remove unused variable
 2008 * Remove those redundant variable declaration
 2009 * [doc] Correct mapping JSON example
 2010 * Remove no use variable (domain\_id)
 2011 * Remove redundant variable declaration
 2012 * Deprecate \`endpoint\_filter.sql\` backend
 2013 * remove deprecated \`[endpoint\_policy] enable\` option
 2014 * Pass initiator to Manager as a kwarg
 2015 * create release notes for removed functionality
 2016 * Remove driver version specifiers from tests
 2017 * Enable release notes translation
 2018 * Remove driver version from identity backend test names
 2019 * Remove driver version from docs
 2020 * Updated from global requirements
 2021 * Default the assignment backend to SQL
 2022 * remove legacy driver tox target
 2023 * Use validate\_v3\_token instead of validate\_token
 2024 * Ensure all v2.0 tokens are validated the same way
 2025 * Make sure all v3 tokens are validated the same way
 2026 * re-add valid comment about None domain ID
 2027 * Default the resource backend to SQL
 2028 * Make returning is\_domain conditional
 2029 * Move audit initiator creation to request
 2030 * Don't validate token expiry in the persistence backend
 2031 * Add tests for validating expired tokens
 2032 * Fix a typo in \_init\_.py
 2033 * Remove password history validation from admin password resets
 2034 * Updating the document regarding LDAP options
 2035 * Updated from global requirements
 2036 * Remove the unused sdx doc files
 2037 * Updated from global requirements
 2038 * Remove the no use arg (auth=None)
 2039 * Fix typo in docstring
 2040 * Tweak api-ref for v3 groups status codes
 2041 * Updated from global requirements
 2042 * Add Apache 2.0 license to source file
 2043 * Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml
 2044 * Validate password history for self-service password changes
 2045 * Make test\_v3\_auth exercise the whole API
 2046 * Remove stable driver interfaces
 2047 * Updated from global requirements
 2048 * Remove the check for admin token in build\_auth\_context middleware
 2049 * Reorder APIs in api-ref doc for v3 users
 2050 * Fix a docstring typo in test\_v3\_resource.py
 2051 * Using assertIsNone(...) instead of assertIs(None, ...)
 2052 * Updated from global requirements
 2053 * remove deprecated items from contrib
 2054 * Update man page for Ocata release version and date
 2055 * Using assertIsNone() instead of assertIs(None)
 2056 * Remove default=None when set value in config
 2057 * Undeprecate options used for signing
 2058 * Remove unused path in the v2 token controller
 2059 * Fix the belongsTo query parameter
 2060 * Fix 'API Specification for Endpoint Filtering' broken link
 2061 * Add domain check in domain-specific role implication
 2062 * Override credential key repository for null key tests
 2063 * Remove useless method override
 2064 * remove memcache token persistence backends
 2065 * remove keystone/service.py
 2066 * remove saml2 auth plugin
 2067 * remove httpd/keystone.py
 2068 * remove cache backends
 2069 * Revert "Allow compatibility with keystonemiddleware 4.0.0"
 2070 * Consolidate the common code into one method
 2071 * Handle the exception from creating request token properly
 2072 * Fix formatting strings in LOG.debug
 2073 * Fix formatting strings in LOG.warning
 2074 * Handle the exception from creating access token properly
 2075 * Updated from global requirements
 2076 * Tweak status code in api-ref doc for v3 users
 2077 * Fix prameters names in Keystone API v2-ext
 2078 * Refactor Keystone admin-tenant API v2
 2079 * Refactor Keystone admin-endpoint API
 2080 * Fix for unindent warning in doc build
 2081 * add placeholder migrations for newton
 2082 * Remove  default=None for config options
 2083 * Ensure the sqla-migrate scripts cache is cleared
 2084 * Move test\_sql\_upgrade.MigrationRepository into keystone.common
 2085 * Rename sql.migration\_helpers to sql.upgrades
 2086 * Give domain admin rights to domain specific implied roles
 2087 * Update reno for stable/newton
 2088 * Refactor find\_migrate\_repo(): require caller to specify repo
 2089 * Fixes password created\_at errors due to the server\_default
 2090 * Move the responsibility for stdout to the CLI module
 2091 * Use a read-only DB session to retrieve schema version
 2092 * Move rolling upgrade repo names into constants
 2093 
 2094 10.0.0.0rc1
 2095 -----------
 2096 
 2097 * Removal of imports within functions
 2098 * Trivial fixes in the ldap common functions
 2099 * Test that rolling upgrade repos are in lockstep
 2100 * Add unit tests for isotime()
 2101 * Remove unused \_convert\_to\_integers() method
 2102 * Adds tests for verify\_length\_and\_trunc\_password()
 2103 * Remove unused read\_cached\_file method from utils
 2104 * Allow compatibility with keystonemiddleware 4.0.0
 2105 * Fix links on configure\_federation documentation
 2106 * Add edge case tests for disabling a trustee
 2107 * Fix prameters name and response codes in Keystone API v2
 2108 * Tweak api-ref doc for services/endpoints
 2109 * Use issued\_at in fernet token provider
 2110 * Remove unused method from keystone.common.utils
 2111 * Use ConfigParser instead of SafeConfigParser
 2112 * Consistently round down timestamps
 2113 * Remove the APIs from doc that is not supported yet
 2114 * TrivialFix: Merge imports in code
 2115 * Fix the nit on how to deploy keystone with \`mod\_proxy\_uwsgi\`
 2116 * Tweak api-ref doc for projects
 2117 * Remove the dead link in schema migration doc
 2118 * Updated from global requirements
 2119 * Fix order of arguments in assertIs
 2120 * New notes on advanced upgrade/fallback for cluster
 2121 * standardize release note page ordering
 2122 * [api-ref] Correct response code status
 2123 * Replace six iteration methods with standard ones
 2124 * Fixes a nit in a comment
 2125 * Updates configuration doc with latest changes
 2126 * Use freezegun for change password tests
 2127 * Update sample keystone.conf for Newton
 2128 * Project domain must match role domain for assignment
 2129 * Add docs for the null key
 2130 * Log warning if null key is used for encryption
 2131 * Introduce null key for credential encryption
 2132 * More nit doc fixes
 2133 * Keep the order of passwords in tests
 2134 * EndpointPolicy driver doesn't inherit interface
 2135 * [api-ref] Stop supporting os-api-ref 1.0.0
 2136 * Fix up some doc nits
 2137 * Only cache callables in the base manager
 2138 * [api-ref] Correcting parameter's type
 2139 * Correct link type
 2140 * Fix problems in service api doc
 2141 * Raise NotImplementedError instead of NotImplemented
 2142 * Add the deprecated\_since to deprecated options
 2143 * Add doctor checks for credential fernet keys
 2144 * Few new commands missing from docs
 2145 * Emit log message for fernet tokens only
 2146 * Implement encryption of credentials at rest
 2147 * Typo: key\_manger\_factory to key\_mangler\_factory
 2148 
 2149 10.0.0.0b3
 2150 ----------
 2151 
 2152 * Fixes spelling mistakes
 2153 * Fixes migration where password created\_at is nullable
 2154 * Block global roles implying domain specific roles
 2155 * Correct typo in mapping\_populate command's help
 2156 * Relax the requirement for mappings to result in group memberships
 2157 * Document credential encryption
 2158 * Update sample uwsgi config for lazy-apps
 2159 * Add documentation on how to set a user's tenant
 2160 * Pre-cache new tokens
 2161 * Config logABug feature for Keystone api-ref
 2162 * Fix nits in db migration dev docs
 2163 * Disallow new migrations in the legacy migration repository
 2164 * Updated from global requirements
 2165 * Update developer docs for new rolling upgrade repos
 2166 * Add man page info for credential setup command
 2167 * Remove unnecessary try/except from token provider
 2168 * Fixes small grammar mistake in docstring
 2169 * Add a feature support matrix for identity sources
 2170 * Fix wrong response codes in 'groups' APIs
 2171 * Make token\_id a required parameter in v3\_to\_v2\_token
 2172 * Distributed cache namespace to invalidate regions
 2173 * Fix formatting strings when using multiple variables
 2174 * Add credential setup command
 2175 * Add Response Example for 'Create credential' API
 2176 * Add Response Example for 'Passwd auth with unscoped authorization'
 2177 * Remove mapping schema from the doc
 2178 * Impose a min and a max on time values in CONF.token
 2179 * Repair link in Keystone documentation
 2180 * Faster id mapping lookup
 2181 * Fix some typos in comments
 2182 * Cleaning imports in code
 2183 * Updated from global requirements
 2184 * TrivialFix: Remove logging import unused
 2185 * Removes old, unused code
 2186 * Reduce log level of Fernet key count message
 2187 * Updated from global requirements
 2188 * Adds password regular expression checks to doctor
 2189 * Let upgrade tests control all 4 repositories at once
 2190 * Adds check that minimum password age is less than password expires days
 2191 * Remove unused global variable from unit tests
 2192 * Modify sql banned operations for each of the new repos
 2193 * Use egg form of osprofiler in paste pipeline
 2194 * api-ref: Splitting status lines in API v3-ext
 2195 * api-ref: Splitting status lines in API v3
 2196 * Remove mox from test-requirements
 2197 * TrivialFix: Remove logging import unused
 2198 * [api-ref]: Outdated link reference
 2199 * Remove unnecessary \_\_init\_\_
 2200 * Add mapping\_populate command
 2201 * Doc fix: license rendered in published doc
 2202 * Doc fix: "keystone-manage upgrade" is not a thing
 2203 * Fix credential update to ec2 type
 2204 * Add key repository uniqueness check to doctor
 2205 * Update \`href\` for keystone extensions
 2206 * Updated from global requirements
 2207 * Fix the wrong URI for the OAuth1 extension in api-ref
 2208 * Shadowing a nonlocal\_user incorrectly creates a local\_user
 2209 * Add entrypoint for mapped auth method
 2210 * Get ready for os-api-ref sphinx theme change
 2211 * Add rolling upgrade documentation
 2212 * Add create and update methods to credential Manager
 2213 * Create a fernet credential provider
 2214 * Make KeyRepository shareable
 2215 * Add conf to support credential encryption
 2216 * Password expires ignore user list
 2217 * Add expand, data migration and contract logic to keystone-manage
 2218 * [api] add relationship links to v3-ext
 2219 * Removes use of freezegun in test\_auth tests
 2220 * Removes a redundant test from FernetAuthWithTrust
 2221 * api-ref: Fix parameters attributes
 2222 * Set default value for [saml]/idp\_contact\_surname
 2223 * Tidy up for late-breaking review comments on keystone-manage
 2224 * PCI-DSS Minimum password age requirements
 2225 * api-ref: Document domain specific roles
 2226 * Revert "Add debug logging to revocation event checking"
 2227 * Replace the content type with correct one
 2228 * Add credential encryption exception
 2229 * Pass key\_repository and max\_active\_keys to FernetUtils
 2230 * Make a FernetUtils class
 2231 * Move fernet utils into keystone/common/
 2232 * Add support for rolling upgrades to keystone-manage
 2233 * api-ref: Document implied roles API
 2234 * Support new osprofiler API
 2235 * api-ref: Correcting V3 OS-INHERIT APIs
 2236 * Fix typo in the file
 2237 * Add debug logging to revocation event checking
 2238 * Detail Federation Service Provider APIs in api-ref
 2239 * Detail Fed Projects and Domains APIs in api-ref
 2240 * add a header for the federation APIs
 2241 * Detail Federation Mapping APIs in api-ref docs
 2242 * Detail Federation Auth APIs in api-ref docs
 2243 * Detail Federation Assertion APIs in api-ref docs
 2244 * Move other-requirements.txt to bindep.txt
 2245 * Detail IdP APIs in api-ref docs
 2246 * api-ref: Add default domain config documentation
 2247 * Constraints are ready to be used for tox.ini
 2248 * Updated from global requirements
 2249 * [api] add relationship links to v3
 2250 * Refactor revoke matcher
 2251 * Document get auth/catalog,projects,domains
 2252 * api-ref: Renaming parameters of V3-ext APIs
 2253 * api-ref: Correcting V3 Credentials APIs
 2254 * api-ref: Correcting V3 Policies APIs
 2255 * api-ref: Correcting V3 Authentication APIs
 2256 * api-ref: Correcting V3 Domain config APIs
 2257 * Use international logging message
 2258 * Updates Development Environment Docs
 2259 * Create unit tests for endpoint policy drivers
 2260 * api-ref: Add query options to GET /projects API documentation
 2261 * Updated from global requirements
 2262 * api-ref: Add missing parameter tables to tenant
 2263 * Create unit tests for the policy drivers
 2264 * api-ref: Correcting V3 Endpoints APIs
 2265 * api-ref: Correcting V3 Services APIs
 2266 * api-ref: Add "nocatalog" option to GET /v3/auth/tokens
 2267 * Fix warning when running tox -e api-ref
 2268 * Add basic upgrade documentation
 2269 * Document query option (is\_domain) for projects
 2270 * remove test utilities related to adding extensions
 2271 * Update etc/keystone.conf.sample
 2272 * Make hash\_algorithms order deterministic
 2273 * PCI-DSS Password expires validation
 2274 * Report v2.0 as deprecated in version discovery
 2275 * Update the api-ref to mark the v2 API as deprecated
 2276 * Add schema validation to create user v2
 2277 * Fix the spelling of a test name
 2278 * Remove mention of db\_sync per backend
 2279 * Trust controller refactoring
 2280 * Use more specific asserts in tests
 2281 * Updated from global requirements
 2282 * Add debug logging for RevokeEvent deserialize problem
 2283 * Make all token provider behave the same with trusts
 2284 * Use URIOpt for endpoint URL options
 2285 * Clean up the introductory text in the docs
 2286 * Retry revocation on MySQL deadlock
 2287 * Add schema validation to update user v2
 2288 * PCI-DSS Lockout requirements
 2289 * Improve domain configuration API docs
 2290 * Skip middleware request processing for admin token
 2291 * Move Assertion API to its own file
 2292 * Bump API version number and date
 2293 * Move Federation Auth API to its own file
 2294 * Move List Projects and Domains API to its own file
 2295 * Move Service Provider API to its own file
 2296 * Move Mapping API to its own file
 2297 * Use %()d for integer substitution
 2298 * Don't include openstack/common in flake8 exclude list
 2299 * Added postgresql libs to developer docs
 2300 * Add schema validation to create service in v2
 2301 * Remove the redundant verification in OAuth1 authorization
 2302 * Add schema validation to v2 update tenant
 2303 * refactor idp to its own file
 2304 * Updated from global requirements
 2305 * PCI-DSS Password history requirements
 2306 * Move Identity Provider API to its own file
 2307 * Add dummy domain\_id column to cached role
 2308 * Allow attributes other than \`enabled\` in schema
 2309 * Remove the extensions repos
 2310 * Document the domain config API as stable
 2311 * Remove configuration references to eventlet
 2312 * Adds a custom deepcopy handler
 2313 * Add token feature support matrix to documentation
 2314 * Test number of queries on list\_users
 2315 * No need the redundant validation in manager level
 2316 * Add the missing testcases for \`name\` and \`enabled\`
 2317 * Adds test for SecurityError's translation behavior
 2318 * TOTP auth not functional in python3
 2319 * Invalid tls\_req\_cert constant as default
 2320 * Add schema validation to v2 create tenant
 2321 * Use quotes consistently in token controller
 2322 * Add performance tuning documentation
 2323 * Allow V2TestCase to be tested against fernet and uuid
 2324 * Make AuthWithTrust testable against uuid and fernet
 2325 * Improve os-federation docs
 2326 * Fix v2-ext API enabled documentation
 2327 * PCI-DSS Adds password\_expires\_at to API docs
 2328 * Make it so federated tokens are validated on v2.0
 2329 * Use freezegun in AssignmentInheritanceTestCase
 2330 * Only run KvsTokenCacheInvalidation against uuid
 2331 * Use freezegun in OSRevokeTests
 2332 * refactor: make TestFetchRevocationList test uuid
 2333 * refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz
 2334 * refactor: make TestAuthKerberos test pki/pkiz/uuid
 2335 * Add schema validation to create role
 2336 * Replace OpenStack LLC with OpenStack Foundation
 2337 * refactor: inherit AuthWithRemoteUser for other providers
 2338 * Run AuthWithToken against all token providers
 2339 * Don't run TokenCacheInvalidation with Fernet
 2340 * Refactor TestAuthExternalDomain to not inherit tests
 2341 * Use freezegun to increment clock in test\_v3\_assignment
 2342 * Add schema for enabling a user
 2343 * Fix up the api-ref request/response parameters for projects
 2344 * \`password\` is not required for updating a user
 2345 * Clarify V2 API for enabling or disabling user
 2346 * Removed duplicate parameter in v2-admin api-ref
 2347 * Fix the errors in params in api-ref for V3 region
 2348 * Fix the errors in params in api-ref for V3 user
 2349 * Added cache for id mapping manager
 2350 * Updated from global requirements
 2351 * Add Python 3.5 classifier
 2352 * Handle Py35 fix of ast.node.col\_offset bug
 2353 * deprecate a few more LDAP config options
 2354 * Clean up api-ref for domains
 2355 * keystone-manage doctor
 2356 * v2 api: add APIs for setting a user's password
 2357 * Update os-inherit API reference
 2358 * Updated from global requirements
 2359 * Run AuthTokenTests against fernet and uuid
 2360 * Use freezegun to increment the clock in test\_v3\_filters
 2361 * Prevent error when duplicate mapping is created
 2362 * Fix the wrong check condition
 2363 * Clean up the api-ref for groups
 2364 * Updated from global requirements
 2365 * Improve introdcution to api-ref projects
 2366 * Migrate OS-FEDERATION from specs repo
 2367 * v2 api: remove APIs for global roles
 2368 * v2 api: group and order the v2-ext APIs
 2369 * v2 api: remove duplicated delete user API
 2370 * v2 api: add missing /roles in role CRUD APIs
 2371 * v2 api: list user roles is defined twice
 2372 * v2 api: add OS-KSADM to service API routes
 2373 * v2 api: add tenant APIs
 2374 * v2 api: delete user is defined twice
 2375 * v2 api: change update user
 2376 * v2 api: correct user list
 2377 * Update Identity endpoint in v2 samples
 2378 * Fix up numerous errors in params in api-ref for roles
 2379 * Fix up the api-ref for role query paramaters
 2380 * Fix the username value in federated tokens
 2381 * Improve readability of the api-ref roles section
 2382 * Use constraints for coverage job
 2383 * clean up OAUTH API
 2384 * Add relationship links to OAUTH APIs
 2385 * Remove \`name\` property from \`endpoint\` create/update API
 2386 * Add v2.0 /endpoints/ api-ref
 2387 * Update identity endpoint in v3 and v3-ext samples
 2388 * Pass request to v2 token authenticate
 2389 * Remove unused context from AuthInfo
 2390 * Correct normal response codes for v2.0 extensions
 2391 * Improve user experience involving token flush
 2392 * Add "v2 overview" docs to APIs
 2393 * add OS-OAUTH1/authorize/{request\_token\_id} API
 2394 * Move OS-INHERIT api-ref from extensions to core
 2395 * re-order the oauth APIs
 2396 * Copy the preamble / summary of OAuth1 from the specs repo
 2397 * Correct normal response codes in trust documentation
 2398 * Add OS-EP-FILTER to api-ref
 2399 
 2400 10.0.0.0b2
 2401 ----------
 2402 
 2403 * PCI-DSS Password strength requirements
 2404 * Variables in URL path should be required
 2405 * Remove get\_trust\_id\_for\_request function
 2406 * Pass request to normalize\_domain\_id
 2407 * Remove a validate\_token\_bind call
 2408 * Remove get\_user\_id in trust controller
 2409 * Cleanup trusts controller
 2410 * Trivial spacing and comma corrections
 2411 * Add OS-KSCRUD api-ref
 2412 * Disable warnerrors in setup.cfg temporarily
 2413 * Add is\_domain to project example responses
 2414 * Add is\_domain to scope token response examples
 2415 * Improve keystone.conf [security\_compliance] documentation
 2416 * Improve keystone.conf [signing] documentation
 2417 * Correct normal response codes in OS-INHERIT docs
 2418 * Fix python{3,}-all-dev depends in deb based
 2419 * Correct normal status codes for v2.0 admin docs
 2420 * Improve keystone.conf [shadow\_users] documentation
 2421 * Correct normal response codes for region docs
 2422 * Correct normal response codes for auth docs
 2423 * Correct normal response codes for credential docs
 2424 * Correct normal response codes for project docs
 2425 * Correct normal response codes for policy docs
 2426 * Correct normal response codes for v2.0 versions doc
 2427 * Correct normal response codes in v2.0 versions doc
 2428 * Correct normal response codes in v2.0 tenant docs
 2429 * Use URIOpt instead of StrOpt for SAML config
 2430 * Correct normal response codes for role docs
 2431 * Correct normal response codes in v2.0 token docs
 2432 * Correct normal response codes in service catalog doc
 2433 * Correct normal response codes in oauth docs
 2434 * Correct normal response codes in v2.0 admin user docs
 2435 * Improve keystone.conf [token] documentation
 2436 * Correct normal response codes in endpoint policy docs
 2437 * Validate SAML keyfile & certfile options
 2438 * Improve keystone.conf [tokenless\_auth] documentation
 2439 * Complete OS-TRUST API documentation
 2440 * Fixes response codes in endpoint policy api-ref
 2441 * List 20X status codes as Normal in domain docs
 2442 * Improve the API documentation for groups
 2443 * Create APIs for OS-REVOKE
 2444 * Clean up token binding validation code
 2445 * Reorder request params in endpoint policy api-ref
 2446 * Adds missing parameter to endpoint policy api-ref
 2447 * Adds missing docs to endpoint policy api-ref
 2448 * Reorders API calls to match precedence rules
 2449 * Improve keystone.conf [saml] documentation
 2450 * Handle more auth information via context
 2451 * Require auth\_context middleware in the pipeline
 2452 * Updated from global requirements
 2453 * Improve keystone.conf [trust] documentation
 2454 * Improve keystone.conf [role] documentation
 2455 * Improve keystone.conf [ldap] documentation
 2456 * Improve keystone.conf [os\_inherit] documentation
 2457 * Improve keystone.conf [revoke] documentation
 2458 * Improve keystone.conf [resource] documentation
 2459 * Move logic for catalog driver differences to manager
 2460 * Minor docstring cleanup for domain\_id mapping
 2461 * Remove unnecessary stable attribute value for status
 2462 * Updated from global requirements
 2463 * Mark the domain config via API as stable
 2464 * Remove validated decorator
 2465 * Move request validation inline
 2466 * Invalidate token cache on domain disablement
 2467 * Isolate token caching into its own region
 2468 * Doc update on enabled external auth and federation
 2469 * keystone recommend deprecated memcache backend
 2470 * Use request object in policy enforcement
 2471 * Use the context's is\_admin property
 2472 * Add the oslo\_context to the environment and request
 2473 * Use http\_client constants instead of hardcoding
 2474 * Increase test coverage for token APIs
 2475 * Ensure status code is always passed as int
 2476 * Fix fernet token validate for disabled domains/trusts
 2477 * Doc update for moving abstract base classes out of core
 2478 * Fix \_populate\_token\_dates method signature
 2479 * Move the trust abstract base class out of core
 2480 * Move the credential abstract base class out of core
 2481 * Move the auth plugins abstract base class out of core
 2482 * Expose bug with Fernet tokens and trusts
 2483 * Remove last parts of query\_string from context
 2484 * Remove get\_auth\_context
 2485 * Correct reraising of exception
 2486 * Pass request to build\_driver\_hints
 2487 * Remove headers from context
 2488 * Use request.environ through auth and federation
 2489 * Remove accept\_header from context
 2490 * Fixed a Typo
 2491 * Docs: Fix the query params in role\_assignments example
 2492 * [doc/api]Remove space within word
 2493 * Remove unused LOG
 2494 * Make assert\_admin work with a request
 2495 * Add missing preamble for v3 and v3-ext
 2496 * move OAUTH1 API to extensions
 2497 * generate separate index files for each api-ref
 2498 * Migrate identity /v2-admin docs from api-ref repo
 2499 * Use request instead of context in v2 auth
 2500 * Handle catalog backends that don't support all functions
 2501 * Refactoring: remove the duplicate method
 2502 * Return \`revoked\_at\` for list revoke events
 2503 * Use skip\_test\_overrides everywhere we feature skip
 2504 * Improve keystone.conf [fernet\_tokens] documentation
 2505 * Improve keystone.conf [catalog] documentation
 2506 * Refactor: [ldap] suffix should not be an instance attribute
 2507 * Grammar fix: will -> can
 2508 * Fixes hacking's handling of log hints
 2509 * Improve keystone.conf [paste\_deploy] documentation
 2510 * Improve keystone.conf [kvs] documentation
 2511 * Improve keystone.conf [identity] documentation
 2512 * Improve keystone.conf [endpoint\_filter] documentation
 2513 * Improve keystone.conf [oauth1] documentation
 2514 * Verify domain\_id when get\_domain is being called
 2515 * Updated from global requirements
 2516 * Include doc directory in pep8 checks
 2517 * Do not register options on import
 2518 * Improve keystone.conf [policy] documentation
 2519 * Improve keystone.conf [memcache] documentation
 2520 * Use min to avoid checking < 1 max fernet keys
 2521 * Improve keystone.conf [identity\_mapping] documentation
 2522 * Improve keystone.conf [federation] documentation
 2523 * Updated tests that claimed to be blocked by bugs
 2524 * Use skip\_test\_overrides in test\_backend\_ldap
 2525 * Adds a skip method to identify useless skips
 2526 * Update the nosetests test regex for legacy tests
 2527 * update a config option deprecation message
 2528 * Improve keystone.conf [eventlet\_server] documentation
 2529 * Improve keystone.conf [endpoint\_policy] documentation
 2530 * Improve keystone.conf [credential] documentation
 2531 * Improve keystone.conf [domain\_config] documentation
 2532 * Rename [DEFAULT] keystone.conf module to keystone.conf.default
 2533 * Improve keystone.conf [DEFAULT] documentation
 2534 * Remove test\_backend\_ldap skips for missing tests
 2535 * Removes duplicate ldap test setup
 2536 * Extracted common ldap setup and use in the filter tests
 2537 * Reduce domain specific config setup duplication
 2538 * API Change Tutorial doc code modify
 2539 * Update other-requirements for Xenial
 2540 * Concrete role assignments for federated users
 2541 * PCI-DSS Disable inactive users requirements
 2542 * Migrate identity /v3-ext docs from api-ref repo
 2543 * Migrate identity /v2-ext docs from api-ref repo
 2544 * Migrate identity /v2 docs from api-ref repo
 2545 * Use request.params instead of context['query\_string']
 2546 * Config: no need to set default=None
 2547 * Do not spam the log with uncritical stacktraces
 2548 * Improve keystone.conf [auth] documentation
 2549 * Improve keystone.conf [assignment] documentation
 2550 * Group test\_backend\_ldap skips for readability
 2551 * Adds a backend test fixture
 2552 * Remove unused test code
 2553 * Moves auth plugin test setup closer to its use
 2554 * Add security\_compliance group back to config
 2555 * Fix nits related to the new keystone.conf package
 2556 * Fixes failure when password is null
 2557 * Allow auth plugins to be setup more than once
 2558 * Removes outdate comment from a test
 2559 * Replace keystone.common.config with keystone.conf package
 2560 * Updated from global requirements
 2561 * Fix a few spelling mistakes
 2562 * Allow user to get themself and their domain
 2563 * PCI-DSS Password SQL model changes
 2564 * Fix argument order for assertEqual to (expected, observed)
 2565 * Use the ldap fixture to simplify tests
 2566 * Change the remaining conf setup to use the fixture
 2567 * Reduce setup overhead in auth\_plugin tests
 2568 * /services?name=<name> API fails when using list\_limit
 2569 * Updated from global requirements
 2570 * Make sure to use InnoDB as the DB engine
 2571 * Remove TestAuth
 2572 * Move last few TestAuth tests to TokenAPITests
 2573 * Move external auth and bind test to TokenAPITests
 2574 * Refactor test\_validate\_v2\_scoped\_token\_with\_v3\_api
 2575 * Remove test\_validate\_v2\_unscoped\_token\_with\_v3\_api
 2576 * Move more project scoped token behavior to TokenAPITests
 2577 * Validate impersonation in trust redelegation
 2578 * Correct domain\_id and name constraint dropping
 2579 * Integration tests cleanup
 2580 * Use http\_proxy\_to\_wsgi from oslo.middleware
 2581 * Use request object in auth plugins
 2582 * Move cross domain/group/project auth tests
 2583 * Move negative token tests to TokenAPITests
 2584 * Move unscoped token test to TokenAPITests
 2585 * Move negative domain scope test to TokenAPITests
 2586 * Consolidate domain token tests into TokenAPITests
 2587 * Move more project scoped behavior tests to TokenAPITests
 2588 * Move project scoped catalog tests to TokenAPITests
 2589 * Update driver versioning documentation
 2590 * Move project scoped tests to TokenAPITests
 2591 * Move TestAuth unscoped token tests to TokenAPITests
 2592 * Add cache invalidation for service providers
 2593 * Updated from global requirements
 2594 * Add 'links' to implied roles response
 2595 * Updated from global requirements
 2596 * fix ldap delete\_user group member cleanup
 2597 * exception sensitive cache/audit changes
 2598 * Fix TOTP transient test failure
 2599 * Change LocalUser sql model to eager loading
 2600 * Shadow LDAP and custom driver users
 2601 * Refactor shadow users
 2602 * Fix ValidationError exception name in docstring
 2603 * Add docstring to delete\_project
 2604 * Updated from global requirements
 2605 * Revert to caching fernet tokens the same way we do UUID
 2606 * Honor ldap\_filter on filtered group list
 2607 * Pass a request to controllers instead of a context
 2608 * Update the keystone-manage man page options
 2609 * clean up test\_resource\_uuid
 2610 * Return 404 instead of 401 for tokens w/o roles
 2611 * Updating sample configuration file
 2612 * Revert "Install necessary files in etc/"
 2613 * Keystone uwsgi performance tuning
 2614 * Add caching config for federation
 2615 * Updated from global requirements
 2616 * Updating sample configuration file
 2617 * Updating sample configuration file
 2618 * Bootstrap: enable and reset password for existing users
 2619 * PEP257: Ignore D203 because it was deprecated
 2620 * Cache service providers on token validation
 2621 * Refactor revoke\_model to remove circular dependency
 2622 * Update man page for Newton release
 2623 * Move stray notification options into config module
 2624 * Adding role assignment lists unit tests
 2625 * Add protocols integration tests
 2626 * Add mapping rules integration tests
 2627 * Add service providers integration tests
 2628 * Imported Translations from Zanata
 2629 * Updated from global requirements
 2630 
 2631 10.0.0.0b1
 2632 ----------
 2633 
 2634 * Simplify & fix configuration file copy in setup.cfg
 2635 * Config settings to support PCI-DSS
 2636 * Fix credentials\_factory method call
 2637 * Allow domain admins to list users in groups with v3 policy
 2638 * Updating sample configuration file
 2639 * Updated from global requirements
 2640 * Honor ldap\_filter on filtered user list
 2641 * Install necessary files in etc/
 2642 * Replace revoke tree with linear search
 2643 * Migrate identity /v3 docs from api-ref repo
 2644 * Updated from global requirements
 2645 * Add new functionality to @wip
 2646 * remove deprecated revoke\_by\_expiration function
 2647 * Isolate common ldap code to the identity backend
 2648 * Updated from global requirements
 2649 * Remove helper script for py34
 2650 * Include project\_id in the validation error on default project is domain
 2651 * Add python 3 release note
 2652 * Add comment to test case helper function
 2653 * Add Python 3 classification
 2654 * Py3 oauth tests
 2655 * Enable py3 tests for test\_v3\_auth
 2656 * make sure default\_project\_id is not domain on user creation and update
 2657 * Let setup.py compile\_catalog process all language files
 2658 * Fix broken link of federation docs
 2659 * Add new line in keystone/common/request.py
 2660 * Move identity.backends.sql model code to sql\_model.py
 2661 * Add .mo files to MANIFEST.in
 2662 * Replace context building with a request object
 2663 * Enable py3 testing for Fernet token provider
 2664 * Enable py3 for credential tests
 2665 * reorganize mitaka release notes
 2666 * enable ldap tests for py3
 2667 * Updated from global requirements
 2668 * Add the validation rules when create token
 2669 * Use PyLDAP instead of python-ldap
 2670 * Fix config path for running wsgi in developer mode
 2671 * Move the revoke abstract base class out of core
 2672 * Updated from global requirements
 2673 * Port test\_v2 unit test to Python 3
 2674 * Move the oauth1 abstract base class out of core
 2675 * Drop the (unused) domain table
 2676 * Don't set None for ldap.OPT\_X\_TLS\_CACERTFILE
 2677 * Add API Change Tutorial
 2678 * Deprecate keystone.common.kvs
 2679 * Updating sample configuration file
 2680 * Add is\_domain in token response
 2681 * Switch to use \`new\_domain\_ref\` for testcases
 2682 * Move the assignment abstract base class out of core
 2683 * Add identity providers integration tests
 2684 * Update documentation to remove keystone-all
 2685 * Updating sample configuration file
 2686 * Updated from global requirements
 2687 * replace logging with oslo.log
 2688 * Move the federation abstract base class out of core
 2689 * Separate protocol schema
 2690 * Updated from global requirements
 2691 * Move the catalog abstract base class and common code out of core
 2692 * Enhance federation group mapping validation
 2693 * Add mapping validation tests
 2694 * Fixes example in the mapping combinations docs
 2695 * do not search file on real environment
 2696 * Allow 'domain' property for local.group
 2697 * Add conflict validation for idp update
 2698 * Always add is\_admin\_project if admin project defined
 2699 * Make keystone exit when fernet keys don't exist
 2700 * Fix fernet audit ids for v2.0
 2701 * Revert "Revert "Unit test for checking cross-version migrations compatibility""
 2702 * Make all fixture project\_ids into uuids
 2703 * Fixing D105, D203, and D205 PEP257
 2704 * Remove test\_invalid\_policy\_raises\_error
 2705 * switch to tempest instead of deprecated tempest-lib
 2706 * Move the resource abstract base class out of core
 2707 * Correct RST syntax for a code block
 2708 * Restructure policy abstract driver
 2709 * Updated from global requirements
 2710 * Add test for authentication when project and domain name clash
 2711 * Fix doc build if git is absent
 2712 * Restructure endpoint policy abstract driver
 2713 * Clean up test\_receive\_identityId
 2714 * Fix typos
 2715 * Fixes incorrect deprecation warning for IdentityDriverV8
 2716 * Add other-requirements.txt
 2717 * Fix D400 PEP257
 2718 * Imported Translations from Zanata
 2719 * Updating sample configuration file
 2720 * Customize config file location when run as wsgi app
 2721 * Updated from global requirements
 2722 * Updating sample configuration file
 2723 * Updated from global requirements
 2724 * Bump the required tox version to 2.3.1
 2725 * Add set\_config\_defaults() call to tests
 2726 * update deprecation warning for falling back to default domain
 2727 * Tests clean up global ldap settings
 2728 * Define identity interface - easy cases
 2729 * add missing deprecation reason for eventlet option
 2730 * Remove comments mentioning eventlet
 2731 * Remove support for generating ssl certs
 2732 * Updating sample configuration file
 2733 * Remove eventlet support
 2734 * Default caching to on for request-local caching
 2735 * Typo in sysctl command example Edit
 2736 * Typo fix in tests
 2737 * Add logging to cli if keystone.conf is not found
 2738 * Fix post jobs
 2739 * Refactor domain config upload
 2740 * Keystone jobs should honor upper-constraints.txt
 2741 * Fix confusing naming in ldap EnableEmuMixin
 2742 * Updating sample configuration file
 2743 * Deprecation reason for domain\_id\_immutable
 2744 * Test list project hierarchy is correct for a large tree
 2745 * Fix D401 PEP8 violation
 2746 * OSprofiler release notes
 2747 * Updating sample configuration file
 2748 * Updated from global requirements
 2749 * Add keystone service ID to observer audit
 2750 * group federated identity docs together
 2751 * Change Role/Region to role/region in keystone-manage bootstrap
 2752 * Use mockpatch fixtures from fixtures
 2753 * Set the values for the request\_local\_cache
 2754 * Add missing backslash to keystone-manage bootstrap command in documentation
 2755 * fix typo
 2756 * Fix KeyError when rename to a name is already in use
 2757 * Improve project name conflict message
 2758 * Imported Translations from Zanata
 2759 * Updating sample configuration file
 2760 * Dev doc update for moving abstract base classes out of core
 2761 * Simplify chained comparison
 2762 * Update the description of the role driver option
 2763 * Integrate OSprofiler in Keystone
 2764 * Update the Administrator guide link
 2765 * Clean up test case for shadow users
 2766 * Fixes bug where the updated federated display\_name is not returned
 2767 * Make AuthContext depend on auth\_token middleware
 2768 * Fix totp test fails randomly
 2769 
 2770 9.0.0
 2771 -----
 2772 
 2773 * Update federated user display name with shadow\_users\_api
 2774 * Update federated user display name with shadow\_users\_api
 2775 * Remove comment from D202 rule
 2776 * Remove backend interface and common code out of identity.core
 2777 * Use messaging notifications transport instead of default
 2778 * Run federation tests under Python 3
 2779 * Bandit test results
 2780 * create a new \`advanced topics\` section in the docs
 2781 
 2782 9.0.0.0rc2
 2783 ----------
 2784 
 2785 * Correct \`role\_name\` constraint dropping
 2786 * Correct \`role\_name\` constraint dropping
 2787 * Base for keystone tempest plugin
 2788 * Random project should return positive numbers
 2789 * Imported Translations from Zanata
 2790 * Improve error message for schema validation
 2791 * Imported Translations from Zanata
 2792 * The name can be just white character except project and user
 2793 * Fix typos in Keystone files
 2794 * Add \`patch\_cover\` to keystone
 2795 * Fix keystone-manage config file path
 2796 * Cleanup LDAP models
 2797 * Correct test to support changing N release name
 2798 * Correct \_populate\_default\_domain in tests
 2799 * Imported Translations from Zanata
 2800 * Removing redundant words
 2801 * Imported Translations from Zanata
 2802 * Correct test to support changing N release name
 2803 * Fix keystone-manage config file path
 2804 * Opportunistic testing with different DBs
 2805 * Correct test\_implied\_roles\_fk\_on\_delete\_cascade
 2806 * Fix table row counting SQL for MySQL and Postgresql
 2807 * Switch migration tests to oslo.db DbTestCase
 2808 * Correct test\_migrate\_data\_to\_local\_user\_and\_password\_tables
 2809 * Fix test\_add\_int\_pkey\_to\_revocation\_event\_table for MySQL
 2810 * Imported Translations from Zanata
 2811 * Implement HEAD method for all v3 GET actions
 2812 * Avoid name repetition in equality comparisons
 2813 * Simplify repetitive unequal checks
 2814 * Imported Translations from Zanata
 2815 * Add test for domains list filtering and limiting
 2816 * Imported Translations from Zanata
 2817 * remove endpoint\_policy from contrib
 2818 * Moved name formatting (clean) out of the driver
 2819 * Add py3 debugging
 2820 * Add release note for list\_limit support
 2821 * Add release note for list\_limit support
 2822 * Cleanup migration tests
 2823 * Imported Translations from Zanata
 2824 * Imported Translations from Zanata
 2825 * Update dev docs and sample script for v3/bootstrap
 2826 * add placeholder migrations for mitaka
 2827 * Enables the notification tests in py3
 2828 * Update reno for stable/mitaka
 2829 * Update .gitreview for stable/mitaka
 2830 
 2831 9.0.0.0rc1
 2832 ----------
 2833 
 2834 * Support \`id\` and \`enabled\` attributes when listing service providers
 2835 * Check for already present user without inserting in Bootstrap
 2836 * Mapping which yield no identities should result in ValidationError
 2837 * Make backend filter testing more comprehensive
 2838 * Move region configuration to a critical section
 2839 * Change xrange to range for python3 compatibility
 2840 * Remove reference to keystoneclient CLI
 2841 * Document running in uwsgi proxied by apache
 2842 * Updating sample configuration file
 2843 * Imported Translations from Zanata
 2844 * Correct Hints class filter documentation
 2845 * Release note cleanup
 2846 * Update reported version for Mitaka
 2847 * Add docs for additional bootstrap endpoint parameters
 2848 * Remove unused notification method and class
 2849 * Consolidate @notifications.internal into Audit
 2850 * Imported Translations from Zanata
 2851 * Remove some translations
 2852 * Imported Translations from Zanata
 2853 * Fixed user in group participance
 2854 * register the config generator default hook with the right name
 2855 * Imported Translations from Zanata
 2856 * Rename v2 token schema used for validation
 2857 * Migrate\_repo init version helper
 2858 * Remove TestFernetTokenProvider
 2859 * Refactor TestFernetTokenProvider trust-scoped tests
 2860 * Refactor TestFernetTokenProvider project-scoped tests
 2861 * Refactor TestFernetTokenProvider domain-scoped tests
 2862 * Refactor TestFernetTokenProvider unscoped token tests
 2863 * Fixing mapping schema to allow local user
 2864 * Fix keystone-manage example command path
 2865 * Make modifications to domain config atomic
 2866 * Add auto-increment int primary key to revoke.backends.sql
 2867 * Add PKIZ coverage to trust tests
 2868 * Consolidate TestTrustRedelegation and TestTrustAuth tests
 2869 * Expose not clearing of user default project on project delete
 2870 * Split out domain config driver and manager tests
 2871 * Add notifications to user/group membership
 2872 * Add ability to send notifications for actors
 2873 * Updated from global requirements
 2874 * Remove foreign assignments when deleting a domain
 2875 * Correct create\_project driver versioning
 2876 * Explicitly exclude tests from bandit scan
 2877 * Move role backend tests
 2878 * v2 tokens validated on the v3 API are missing timezones
 2879 * Move domain config backend tests
 2880 * Validate v2 fernet token returns extra attributes
 2881 * Clarify virtualenv setup in developer docs
 2882 * Fixes a few LDAP tests to actually run
 2883 * Imported Translations from Zanata
 2884 * Un-wrap function
 2885 * Fix warning when running tox
 2886 * Race condition in keystone domain config
 2887 * Adding 'domain\_id' filter to list\_user\_projects()
 2888 * Add identity endpoint creation to bootstrap
 2889 * Updated from global requirements
 2890 * Remove \_disable\_domain from the resource API
 2891 * Remove \_disable\_project from the resource API
 2892 * Remove the notification.disabled decorator
 2893 * Remove unused notification decorators
 2894 * Cleanup from from split of token backend tests
 2895 * Split identity backend tests
 2896 * Split policy backend tests
 2897 * Split catalog backend tests
 2898 * Split trust backend tests
 2899 * Split token backend tests
 2900 * Split resource backend tests
 2901 * Split assignment backend tests
 2902 * Updated from global requirements
 2903 * Consolidate configuration default overrides
 2904 * Updating sample configuration file
 2905 * IPV6 test unblacklist
 2906 * Fix trust chain tests
 2907 
 2908 9.0.0.0b3
 2909 ---------
 2910 
 2911 * Minor edits to the developing doc
 2912 * Add release notes for projects acting as domains
 2913 * Fix keystone.common.wsgi to explicitly use bytes
 2914 * fix sample config link that 404s
 2915 * add hints to list\_services for templated backend
 2916 * Fixes hacking for Py3 tests
 2917 * Fixes to get cert tests running in Py3
 2918 * Fixes the templated backend tests for Python3
 2919 * remove pyc files before running tests
 2920 * Stop using oslotest.BaseTestCase
 2921 * Return 404 instead of 401 for tokens w/o roles
 2922 * Remove unused domain driver method in legacy wrapper
 2923 * Deprecate domain driver interface methods
 2924 * Fix the migration issue for the user doesn't have a password
 2925 * Add driver details in architecture doc
 2926 * Shadow users - Shadow federated users
 2927 * Projects acting as domains
 2928 * Update developer docs for ubuntu 15.10
 2929 * Moved CORS middleware configuration into oslo-config-generator
 2930 * V2 operations create default domain on demand
 2931 * Make keystone tests work on leap years
 2932 * Updating sample configuration file
 2933 * Fix doc build warnings
 2934 * Enable LDAP connection pooling by default
 2935 * Delay using threading.local() to fix check job failure
 2936 * Minor edits to the installation doc
 2937 * Minor edits to the configuration doc
 2938 * Minor community doc edits
 2939 * Updated from global requirements
 2940 * Followup for LDAP removal
 2941 * Remove get\_session and get\_engine
 2942 * No more legacy engine facade in tests
 2943 * Use requst local in-process cache per request
 2944 * Move admin\_token\_auth before build\_auth\_context in sample paste.ini
 2945 * Update default domain's description
 2946 * Reference config values at runtime
 2947 * Use the new enginefacade from oslo.db
 2948 * Updated from global requirements
 2949 * Fix incorrect assumption when deleting assignments
 2950 * Remove migration\_helpers.get\_default\_domain
 2951 * db\_sync doesn't create default domain
 2952 * Implied roles index with cascading delete
 2953 * Fix project-related forbidden response messages
 2954 * Fixes a bug when setting a user's password to null
 2955 * Renamed TOTP passcode generation function
 2956 * Updates TOTP release note
 2957 * Simplify use of secure\_proxy\_ssl\_header
 2958 * Shadow users - Separate user identities
 2959 * Switch to configless bandit
 2960 * Parameter to return audit ids only in revocation list
 2961 * Add tests for fetching the revocation list
 2962 * Updating sample configuration file
 2963 * Deprecate logger.WritableLogger
 2964 * Removing H405 violations from keystone
 2965 * Updated from global requirements
 2966 * Updated from global requirements
 2967 * Updating sample configuration file
 2968 * Remove useless {} from \_\_table\_args\_\_
 2969 * Time-based One-time Password
 2970 * Fix inconsistencies between Oauth1DriverV8 interface and driver
 2971 * Oauth1 manager sets consumer secret
 2972 * Remove setting class variable
 2973 * Allow user list without specifying domain
 2974 * Adds user\_description\_attribute mapping support to the LDAP backend
 2975 * encode user id for notifications
 2976 * Add back a bandit tox job
 2977 * Enable support for posixGroups in LDAP
 2978 * Add is\_domain filter to v3 list\_projects
 2979 * Add tests in preparation of projects acting as a domain
 2980 * Avoid using \`len(x)\` to check if x is empty
 2981 * Use the driver to get limits
 2982 * Fallback to list\_limit from default config
 2983 * Add list\_limit to the white list for configs in db
 2984 * Updating sample configuration file
 2985 * handle unicode names for federated users
 2986 * Verify project unique constraints for projects acting as domains
 2987 * wsgi: fix base\_url finding
 2988 * Disable Admin tokens set to None
 2989 * Modify rules for domain specific role assignments
 2990 * Modify implied roles to honor domain specific roles
 2991 * Modify rules in the v3 policy sample for domain specifc roles
 2992 * Re-enable and undeprecate admin\_token\_auth
 2993 * Don't describe trusts as an extension in configuration doc
 2994 * Tidy up configuration documentation for inherited assignments
 2995 * Clean up configuration documentataion on v2 user CRUD
 2996 * Allow project domain\_id to be nullable at the manager level
 2997 * Trivial: Cleanup unused conf variables
 2998 * Updating sample configuration file
 2999 * Updating sample configuration file
 3000 * Fixes parameter in duplicate project name creation
 3001 * Fix terms from patch 275706
 3002 * sensible default for secure\_proxy\_ssl\_header
 3003 * Restricting domain\_id update
 3004 * Allow project\_id in catalog substitutions
 3005 * Avoid \`None\` as a redundant argument to dict.get()
 3006 * Avoid "non-Pythonic" method names
 3007 * Manager support for project cascade update
 3008 * Updating sample configuration file
 3009 * Expand implied roles in trust tokens
 3010 * add a test that uses trusts and implies roles
 3011 * Updating sample configuration file
 3012 * Convert assignment.root\_role config option to list of strings
 3013 * Avoid wrong deletion of domain assignments
 3014 * Manager support for project cascade delete
 3015 * AuthContextMiddleware admin token handling
 3016 * Deprecate admin\_token\_auth
 3017 * Adds better logging to the domain config finder
 3018 * Extracts logic for finding domain configs
 3019 * Fix nits from domain specific roles CRUD support
 3020 * Change get\_project permission
 3021 * Updated from global requirements
 3022 * Enables token\_data\_helper tests for Python3
 3023 * Stop using nose as a Python3 test runner
 3024 * Fix release note of removal of v2.0 trusts support
 3025 * Remove PostParams middleware
 3026 * Updated from global requirements
 3027 * Moves policy setup into a fixture
 3028 * Make pep8 \*the\* linting interface
 3029 * Added tokenless auth headers to CORS middleware
 3030 * Add backend support for deleting a projects list
 3031 * Make fernet work with oauth1 authentication
 3032 * Consolidate the fernet provider validate\_v2\_token()
 3033 * Remove support for trusts in v2.0
 3034 * Add CRUD support for domain specific roles
 3035 * Added CORS support to Keystone
 3036 * Deprecate Saml2 auth plugin
 3037 * Uses open context manager for templated catalogs
 3038 * Disable the ipv6 tests in py34
 3039 * Missing 'region' in service and 'name' in endpoint for EndpointFilterCatalog
 3040 * Small typos on the ldap.url config option help
 3041 * Replace exit() with sys.exit()
 3042 * include sample config file in docs
 3043 * Fixes a language issue in a release note
 3044 * Imported Translations from Zanata
 3045 * Updated from global requirements
 3046 * Support multiple URLs for LDAP server
 3047 * Set deprecated\_reason on deprecated config options
 3048 * Move user and admin crud to core
 3049 * squash migrations - kilo
 3050 * Adds validation negative unit tests
 3051 * Use oslo.log specified method to set log levels
 3052 * Add RENO update for simple\_cert\_extension deprecation
 3053 * Opt-out certain Keystone Notifications
 3054 * Update the home page
 3055 * Release notes for implied roles
 3056 * deprecate pki\_setup from keystone-manage
 3057 * test\_credential.py work with python34
 3058 * Consolidate \`test\_contrib\_ec2.py\` into \`test\_credential.py\`
 3059 * Reinitialize the policy engine where it is needed
 3060 * Provide an error message if downgrading schema
 3061 * Updated from global requirements
 3062 * Consolidate the fernet provider issue\_v2\_token()
 3063 * Consolidate the fernet provider validate\_v3\_token()
 3064 * Add tests for role management with v3policy file
 3065 * Fix some word spellings
 3066 * Make WebSSO trusted\_dashboard hostname case-insensitive
 3067 * Deprecate simple\_cert extension
 3068 * Do not assign admin to service users
 3069 * Add in TRACE logging for the manager
 3070 * Add schema for OAuth1 consumer API
 3071 * Correct docstrings
 3072 * Remove un-used test code
 3073 * Raise more precise exception on keyword mapping errors
 3074 * Allow '\_' character in mapping\_id value
 3075 * Implied Roles API
 3076 * Revert "Unit test for checking cross-version migrations compatibility"
 3077 * replace tenant with project in cli.py
 3078 * Fix schema validation to use JSONSchema for empty entity
 3079 * Replace tenant for project in resource files
 3080 * Reuse project scoped token check for trusts
 3081 * Add checks for project scoped data creep to tests
 3082 * Add checks for domain scoped data creep
 3083 * Use the oslo.utils.reflection to extract the class name
 3084 * Test hyphens instead of underscores in request attributes
 3085 * Simplify admin\_required policy
 3086 * Add caching to role assignments
 3087 * Enable bandit tests
 3088 * Update bandit.yaml
 3089 * Enhance manager list\_role\_assignments to support group listing
 3090 * remove KVS backend for keystone.contrib.revoke
 3091 * Fix trust redelegation and associated test
 3092 * use self.skipTest instead of self.skip
 3093 * Removed deprecated revoke KVS backend
 3094 * Revert "skip test\_get\_token\_id\_error\_handling to get gate passing"
 3095 * Updated from global requirements
 3096 * Updated from global requirements
 3097 * skip test\_get\_token\_id\_error\_handling to get gate passing
 3098 * Ensure pycadf initiator IDs are UUID
 3099 * Check for circular references when expanding implied roles
 3100 * Improves domain name case sensitivity tests
 3101 * Fixes style issues in a v2 controller tests
 3102 * Prevents creating is\_domain=True projects in v2
 3103 * Refactors validation tests to better see the cases
 3104 * Remove keystone/common/cache/\_memcache\_pool.py
 3105 * Update mod\_wsgi + cache config docs
 3106 * Address comments from Implied Role manager patch
 3107 * Fix nits in include names patch
 3108 * Unit test for checking cross-version migrations compatibility
 3109 * Online schema migration documentation
 3110 * Updated from global requirements
 3111 * Remove additional references to ldap role attribs
 3112 * Remove duplicate LDAP test class
 3113 * Remove more ldap project references
 3114 
 3115 9.0.0.0b2
 3116 ---------
 3117 
 3118 * Add testcases to check cache invalidation
 3119 * Fix typo abstact in comments
 3120 * deprecate write support for identity LDAP
 3121 * Deprecate \`hash\_algorithm\` config option
 3122 * Mark memcache and memcache\_pool token deprecated
 3123 * List assignments with names
 3124 * Remove LDAP Role Backend
 3125 * Remove LDAP Resource and LDAP Assignment backends
 3126 * Removes KVS catalog backend
 3127 * Fix docstring
 3128 * Strengthen Mapping Validation in Federation Mappings
 3129 * Add checks for token data creep using jsonschema
 3130 * Deprecating API v2.0
 3131 * Implied roles driver and manager
 3132 * Add support for strict url safe option on new projects and domains
 3133 * Remove bandit tox environment
 3134 * Add linters environment, keep pep8 as alias
 3135 * Make sure the assignment creation use the right arguments
 3136 * Fix indentation for oauth context
 3137 * Imported Translations from Zanata
 3138 * document the bootstrapping process
 3139 * Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10
 3140 * Updated from global requirements
 3141 * Enable \`id\`, \`enabled\` attributes filtering for list IdP API
 3142 * Improve Conflict error message in IdP creation
 3143 * Fedora link is too old and so updated with newer version
 3144 * Support the reading of default values of domain configuration options
 3145 * Correct docstrings for federation driver interface
 3146 * Update v3policysample tests to use admin\_project not special domain\_id
 3147 * Enable limiting in ldap for groups
 3148 * Enable limiting in ldap for users
 3149 * Doc FIX
 3150 * Store config in drivers and use it to get list\_limit
 3151 * Add asserts for service providers
 3152 * Fix incorrect signature in federation legacy V8 wrapper
 3153 * Tidy up release notes for V9 drivers
 3154 * Adds an explicit utils import in test\_v3\_protection.py
 3155 * Refactor test auth\_plugin config into fixture
 3156 * Create V9 version of resource driver interface
 3157 * Updated from global requirements
 3158 * Separate trust crud tests from trust auth tests
 3159 * Delete checks for default domain delete
 3160 * correct help text for bootstrap command
 3161 * Replace unicode with six.text\_type
 3162 * Escape DN in enabled query
 3163 * Test enabled emulation with special user\_tree\_dn
 3164 * SQL migrations for implied roles
 3165 * Revert "Validate domain ownership for v2 tokens"
 3166 * Use assertIn to check if collection contains value
 3167 * Updated from global requirements
 3168 * Perform middleware tests with webtest
 3169 * De-duplicate fernet payload tests
 3170 * Reference driver methods through the Manager
 3171 * Fix users in group and groups for user exact filters
 3172 * Expose defect in users\_in\_group, groups\_for\_user exact filters
 3173 * Replace deprecated library function os.popen() with subprocess
 3174 * OAuth1 driver doesnt inherit its interface
 3175 * Update man pages with Mitaka version and dates
 3176 * Fixes hacking logger test cases to use same base
 3177 * Adds a hacking check looking for Logger.warn usage
 3178 * Change LOG.warn to LOG.warning
 3179 * Remove redundant check after enforcing schema validation
 3180 * Updating sample configuration file
 3181 * Create V9 version of federation driver interface
 3182 * Do not use \_\_builtin\_\_ in python3
 3183 * Define paste entrypoints
 3184 * Add schema for federation protocol
 3185 * Expose method list inconsistency in federation api
 3186 * remove irrelevant parenthesis
 3187 * Add return value
 3188 * Test: make enforce\_type=True in CONF.set\_override
 3189 * Updated from global requirements
 3190 * Add schema for identity provider
 3191 * Updating sample configuration file
 3192 * Use six.moves.reload\_module instead of builtin reload
 3193 * Fix the incompatible issue in response header
 3194 * Wrong usage of "an"
 3195 * Correct fernet provider reference
 3196 * Correct DN/encoding in test
 3197 * Support url safe restriction on new projects and domains
 3198 * Correct the class name of the V9 LDAP role driver
 3199 * Wrong usage of "a/an"
 3200 * Trival: Remove unused logging import
 3201 * Updating sample configuration file
 3202 * Fix pep8 job
 3203 * Fix some inconsistency in docstrings
 3204 * Fix 500 error when no fernet token is passed
 3205 * Cleanup tox.ini py34 test list
 3206 * Fixes kvs cache key mangling issue for Py3
 3207 * Some small improvements on fernet uuid handling
 3208 * Updated from global requirements
 3209 * Updating sample configuration file
 3210 * Fix key\_repository\_signature method for python3
 3211 * Add audit IDs to revocation events
 3212 * Enable os\_inherit of Keystone v3 API
 3213 * Use pip (and DevStack) instead of setuptools in docs
 3214 * Correct developer documentation on venv creation
 3215 * Updating sample configuration file
 3216 * Updated from global requirements
 3217 * Validate domain for DB-based domain config. CRUD
 3218 * fix up release notes, file deprecations under right title
 3219 * Updated Cloudsample
 3220 * Update \`developing.rst\` to remove extensions stuff
 3221 * Verify that user is trustee only on issuing token
 3222 * Adds a base class for functional tests
 3223 * Make \`bootstrap\` idempotent
 3224 * Add \`keystone-manage bootstrap\` command
 3225 * Changed the key repo validation to allow read only
 3226 * Deprecated tox -downloadcache option removed
 3227 * Fix defect in list\_user\_ids that only lists direct user assignments
 3228 * Show defect in list\_user\_ids that only lists direct user assignments
 3229 * Add API route for list role assignments for tree
 3230 * Use list\_role\_assignments to get projects/domains for user
 3231 * Add \`type' filter for list\_credentials\_for\_user
 3232 * Clean up new\_credential\_ref usage and surrounding code
 3233 * Create neutron service in sample\_data.sh
 3234 * Updating sample configuration file
 3235 * Updated from global requirements
 3236 * Limiting for fake LDAP
 3237 * Make @truncated common for all backends
 3238 * Fix exposition of bug about limiting with ldap
 3239 * Use assertDictEqual instead of assertEqualPolicies
 3240 * refactor: Remove unused test method
 3241 * Remove unfixable FIXME
 3242 * Use new\_policy\_ref consistently
 3243 * fix reuse of variables
 3244 * Remove comments on enforcing endpoints for trust
 3245 * refactor: move the common code to manager layer
 3246 * Create V9 Role Driver
 3247 * Create new version of assignment driver interface
 3248 * Remove keystoneclient tests
 3249 * Verify that attribute \`enabled\` equals True
 3250 * Remove invalid comment about LDAP domain support
 3251 * Pass dict into update() rather than \*\*kwargs
 3252 * Refactor test use of new\_\*\_ref
 3253 * Cleans up code for \`is\_admin\` in tokens
 3254 * Deprecate ldap Role
 3255 * Update extensions links
 3256 * Improve comments in test\_catalog
 3257 * Fix for GET project by project admin
 3258 * Fix multiline strings with missing spaces
 3259 * Updating sample configuration file
 3260 * Remove invalid TODO in extensions
 3261 * Updated from global requirements
 3262 * Refactor: Remove use of self where not needed
 3263 * Refactor: Move uncommon entities from setUp
 3264 * Split resource tests from assignment tests
 3265 * Remove invalid TODO related to bug 1265071
 3266 * Fix test\_crud\_user\_project\_role\_grants
 3267 * Deprecate the pki and pkiz token providers
 3268 * Remove invalid FIXME note
 3269 * Refactor: Use Federation constants where possible
 3270 * Remove exposure of routers at package level
 3271 * Update API version info for Liberty
 3272 * remove version from setup.cfg
 3273 * Ensure endpoints returned is filtered correctly
 3274 * Put py34 first in the env order of tox
 3275 
 3276 9.0.0.0b1
 3277 ---------
 3278 
 3279 * Add release notes for mitaka-1
 3280 * set \`is\_admin\` on tokens for admin project
 3281 * Use unit.new\_project\_ref consistently
 3282 * Reference environment close to use
 3283 * refactor: move variable to where it's needed
 3284 * Needn't care about the sequence for cache validation
 3285 * Updated from global requirements
 3286 * Fix a typo in notifications function doc
 3287 * Remove RequestBodySizeLimiter from middleware
 3288 * Optimize "open" method with context manager
 3289 * eventlet: handle system that misses TCP\_KEEPIDLE
 3290 * force releasenotes warnings to be treated as errors
 3291 * Cleanup region refs
 3292 * Remove \`extras\` from token data
 3293 * Use subprocess.check\_output instead of Popen
 3294 * Remove deprecated notification event\_type
 3295 * Remove check\_role\_for\_trust
 3296 * Correct RoleNotFound usage
 3297 * Remove example extension
 3298 * Updating sample configuration file
 3299 * Correct docstring warnings
 3300 * Using the right format to render the docstring correctly
 3301 * Add release notes for mitaka thus far
 3302 * Accepts Group IDs from the IdP without domain
 3303 * Cleanup use of service refs
 3304 * Update docs for legacy keystone extensions
 3305 * Correct SecurityError with unicode args
 3306 * Updated from global requirements
 3307 * Use idp\_id and protocol\_id in jsonhome
 3308 * Use standard credential\_id parameter in jsonhome
 3309 * Remove core module from the legacy endpoint\_filter extension
 3310 * Minor cleanups for usage of group refs
 3311 * Reject user creation using admin token without domain
 3312 * Add Trusts unique constraint to remove duplicates
 3313 * deprecate \`enabled\` option for endpoint-policy extension
 3314 * remove useless config option in endpoint filter
 3315 * Use [] where a field is required
 3316 * Manager support for projects acting as domains
 3317 * Config option for insecure responses
 3318 * Add missing colon separators to inline comments
 3319 * Simplify LimitTests
 3320 * Rationalize list role assignment routing
 3321 * Enable listing of role assignments in a project hierarchy
 3322 * Capital letters
 3323 * remove use of magic numbers in sql migrate extension tests
 3324 * Use new\_trust\_ref consistently
 3325 * Updating sample configuration file
 3326 * Move endpoint\_filter migrations into keystone core
 3327 * Move endpoint filter into keystone core
 3328 * Move revoke sql migrations to common
 3329 * Move revoke extension into core
 3330 * Move oauth1 sql migrations to common
 3331 * Move oauth1 extension into core
 3332 * Move federation sql migrations to common
 3333 * Move federation extension into keystone core
 3334 * Fix string conversion in s3 handler for python 2
 3335 * Fix inaccurate debug mode response
 3336 * Use unit.new\_user\_ref consistently
 3337 * Imported Translations from Zanata
 3338 * Updated from global requirements
 3339 * Add testcases to check cache invalidation in endpoint filter extension
 3340 * Fix the wrong method name
 3341 * Updating sample configuration file
 3342 * change some punctuation marks
 3343 * Updated from global requirements
 3344 * Remove hardcoded LDAP group schema from emulated enabled mix-in
 3345 * Exclude old Shibboleth options from docs
 3346 * Updated from global requirements
 3347 * Use new\_domain\_ref instead of manually created ref
 3348 * Use new\_region\_ref instead of manually created dict
 3349 * Document release notes process
 3350 * Use new\_service\_ref instead of manually created dict
 3351 * Use unit.new\_group\_ref consistently
 3352 * Use unit.new\_role\_ref consistently
 3353 * Use unit.new\_domain\_ref consistently
 3354 * Use unit.new\_region\_ref() consistently
 3355 * Use unit.new\_service\_ref() consistently
 3356 * Move AuthContext middleware into its own file
 3357 * Use unit.new\_endpoint\_ref consistently
 3358 * Use list\_role\_assignments to get assignments by role\_id
 3359 * Pass kwargs when using revoke\_api.list\_events()
 3360 * Add reno for release notes management
 3361 * Make K2K Mapping Attribute Examples more visible
 3362 * Add S3 signature v4 checking
 3363 * Fix some nits inside validation/config.py
 3364 * Add Mapping Combinations for Keystone to Keystone Federation
 3365 * Remove manager-driver assignment metadata construct
 3366 * Correct description in Keystone key\_terms
 3367 * Imported Translations from Zanata
 3368 * Handle fernet payload timestamp differences
 3369 * Fix fernet padding for python 3
 3370 * More useful message when using direct driver import
 3371 * Get user role without project id is not implemented
 3372 * Update sample catalog templates
 3373 * update mailmap with gyee's new email
 3374 * Revert "Added CORS support to Keystone"
 3375 * Updated from global requirements
 3376 * test\_backend\_sql work with python34
 3377 * Use assertTrue/False instead of assertEqual(T/F)
 3378 * Fix the issues found with local conf
 3379 * Add test for security error with no message
 3380 * Add exception unit tests with different message types
 3381 * Cleanup message handling in test\_exception
 3382 * Normalize fernet payload disassembly
 3383 * Common arguments for fernet payloads assembly
 3384 * Capitalize a Few Words
 3385 * I18n safe exceptions
 3386 * Keystone Spelling Errors in docstrings and comments
 3387 * [rally] remove deprecated arg
 3388 * Move endpoint\_policy migrations into keystone core
 3389 * Promote an arbitrary string to be a docstring
 3390 * Fix D204: blank line required after class docstring (PEP257)
 3391 * Fix D202: No blank lines after function docstring (PEP257)
 3392 * Update Configuring Keystone doc for consistency
 3393 * Comment spelling error in assignment.core file
 3394 * Fix exceptions to use correct titles
 3395 * Fix UnexpectedError exceptions to use debug\_message\_format
 3396 * Fix punctuation in doc strings
 3397 * Fix docstring
 3398 * Updating sample configuration file
 3399 * Explain default domain in docs for other services
 3400 * Correct bashate issues in gen\_pki.sh
 3401 * Fix incorrect federated mapping example
 3402 * change stackforge url to openstack url
 3403 * Updated from global requirements
 3404 * Adds already passing tests to py34 run
 3405 * Wrong usage of "an"
 3406 * Allow the PBR\_VERSION env to pass through tox
 3407 * Fix D200: 1 line docstrings should fit with quotes (PEP257)
 3408 * Fix D210: No whitespaces allowed surrounding docstring text (PEP257)
 3409 * Fix D300: Use """triple double quotes""" (PEP257)
 3410 * Fix D402: First line should not be the function's "signature" (PEP257)
 3411 * Fix D208: Docstring over indented. (PEP257)
 3412 * Add docstring validation
 3413 * Add caching to get\_catalog
 3414 * Fix fernet key writing for python 3
 3415 * Update test modules passing on py34
 3416 * Updated from global requirements
 3417 * Forbid non-stripped endpoint urls
 3418 * fix deprecation warnings in cache backends
 3419 * Create tests for set\_default\_is\_domain in LDAP
 3420 * Enable try\_except\_pass Bandit test
 3421 * Enable subprocess\_without\_shell\_equals\_true Bandit test
 3422 * Correct typo in copyright
 3423 * Updated from global requirements
 3424 * switch to oslo.cache
 3425 * Updating sample configuration file
 3426 * Updated from global requirements
 3427 * keystone-paste.ini docs for deployers are out of date
 3428 * Correct the filename
 3429 * More info in RequestContext
 3430 * Fix some nits in \`configure\_federation.rst\`
 3431 * add placeholder migrations for liberty
 3432 * Remove bas64utils and tests
 3433 * Create a version package
 3434 * Remove oslo.policy implementation tests from keystone
 3435 * Refactor: Don't hard code 409 Conflict error codes
 3436 * Fix use of TokenNotFound
 3437 * Refactor: change 403 status codes in test names
 3438 * Refactor: change 410 status codes in test names
 3439 * Refactor: change 400 status codes in test names
 3440 * Refactor: change 404 status codes in test names
 3441 * Updated from global requirements
 3442 * Imported Translations from Zanata
 3443 * add initiator to v2 calls for additional auditing
 3444 * Fixed missed translatable string inside exception
 3445 * Handle 16-char non-uuid user IDs in payload
 3446 * Additional documentation for services
 3447 * Rename fernet methods to match expiration timestamp
 3448 * Updated from global requirements
 3449 * Enable password\_config\_option\_not\_marked\_secret Bandit test
 3450 * Enable hardcoded\_bind\_all\_interfaces Bandit test
 3451 * Documentation for other services
 3452 * Reclassify get\_project\_by\_name() controller method
 3453 * Trivial fix of some typos found
 3454 * Filters is\_domain=True in v2 get\_project\_by\_name
 3455 * Add test case passing is\_domain flag as False
 3456 
 3457 8.0.0
 3458 -----
 3459 
 3460 * Ensure token validation works irrespective of padding
 3461 * Ensure token validation works irrespective of padding
 3462 * Imported Translations from Zanata
 3463 * Rename RestfulTestCase.v3\_authenticate\_token() to v3\_create\_token()
 3464 * Improving domain\_id update tests
 3465 * Show v3 endpoints in v2 endpoint list
 3466 * Expose 1501698 bug
 3467 * Replace sqlalchemy-migrate occurences from code.google to github
 3468 * Fix unreachable code in test\_v3 module
 3469 * Imported Translations from Zanata
 3470 * Use deepcopy of mapping fixtures in tests
 3471 * Show v3 endpoints in v2 endpoint list
 3472 * Enable Bandit 0.13.2 tests
 3473 * Update bandit blacklist\_imports config
 3474 * Cleanup \_build\_federated\_info
 3475 * Add LimitRequestBody to sample httpd config
 3476 * Make \_\_all\_\_ immutable
 3477 * Skip rows with empty remote\_ids
 3478 * Includes server\_default option in is\_domain column
 3479 * Remove unused get\_user\_projects()
 3480 * Deprecate httpd/keystone.py
 3481 * Skip rows with empty remote\_ids
 3482 * Fix order of arguments in assertDictEqual
 3483 * Cleanup fernet validate\_v3\_token
 3484 * Update bandit blacklist\_calls config
 3485 * Add unit test for creating RequestContext
 3486 * Add user\_domain\_id, project\_domain\_id to auth context
 3487 * Add user domain info to federated fernet tokens
 3488 * Unit tests for fernet validate\_v3\_token
 3489 * Fix order of arguments in assertEqual
 3490 * Updating sample configuration file
 3491 * Cleanup of Translations
 3492 * Imported Translations from Zanata
 3493 * Uses constants for 5XX http status codes in tests
 3494 * Fixes v3\_authenticate\_token calls - no default
 3495 * Fixes the way v3\_admin is called to match its def
 3496 * Declares expected\_status in method signatures
 3497 * Refactor: Don't hard code the error code
 3498 * Correct docstrings
 3499 * Correct comment to not be driver-specific
 3500 * Move development environment setup instructions to standard location
 3501 * Fix typo in config help
 3502 * Use the correct import for range
 3503 * Adds interface tests for timeutils
 3504 * Add unit tests for token\_to\_auth\_context
 3505 * Updating sample configuration file
 3506 
 3507 8.0.0.0rc1
 3508 ----------
 3509 
 3510 * Open Mitaka development
 3511 * Bring bandit config up-to-date
 3512 * Update the examples used for the trusted\_dashboard option
 3513 * Log message when debug is enabled
 3514 * Clean up bandit profiles
 3515 * federation.idp use correct subprocess
 3516 * Change ignore-errors to ignore\_errors
 3517 * Imported Translations from Zanata
 3518 * Remove unused code in domain config checking
 3519 * Relax newly imposed sql driver restriction for domain config
 3520 * Add documentation for configuring IdP WebSSO
 3521 * Updated from global requirements
 3522 * check if tokenless auth is configured before validating
 3523 * Fix the referred [app:app\_v3] into [pipeline:api\_v3]
 3524 * Updated from global requirements
 3525 * Issue deprecation warning if domain\_id not specified in create call
 3526 * functional tests for keystone on subpaths
 3527 * Removed the extra http:// from JSON schema link
 3528 * Document httpd for accept on /identity, /identity\_admin
 3529 * Updated from global requirements
 3530 * Update federation router with missing call
 3531 * Reject rule if assertion type unset
 3532 * Update man pages with liberty version and dates
 3533 * Refactor: Don't hard code the error code
 3534 * Move TestClient to test\_versions
 3535 * Use oslo.log fixture
 3536 * Update apache-httpd.rst
 3537 * Updated from global requirements
 3538 * Remove padding from Fernet tokens
 3539 * Imported Translations from Transifex
 3540 * Updated from global requirements
 3541 * Fixed typos in 'developing\_drivers' doc
 3542 * Stop using deprecated keystoneclient function
 3543 * Change tests to use common name for keystone.tests.unit
 3544 * Removes py3 test import hacks
 3545 * Updating sample configuration file
 3546 * Fixes confusing deprecation message
 3547 
 3548 8.0.0.0b3
 3549 ---------
 3550 
 3551 * Add methods for checking scoped tokens
 3552 * Build oslo.context RequestContext
 3553 * Correct docstring for common.authorization
 3554 * Deprecate LDAP Resource Backend
 3555 * Added CORS support to Keystone
 3556 * List credentials by type
 3557 * Fixes a typo in a comment
 3558 * Tokenless authz with X.509 SSL client certificate
 3559 * Support project hierarchies in data driver tests
 3560 * Stable Keystone Driver Interfaces
 3561 * Initial support for versioned driver classes
 3562 * Add federated auth for idp specific websso
 3563 * Adds caching to paste deploy's egg lookup
 3564 * Fix grammar in doc string
 3565 * Test list\_role\_assignment in standard inheritance tests
 3566 * Broaden domain-group testing of list\_role\_assignments
 3567 * Add support for group membership to data driven assignment tests
 3568 * Add support for effective & inherited mode in data driven tests
 3569 * Add support for data-driven backend assignment testing
 3570 * Updated from global requirements
 3571 * Change JSON Home for OS-FEDERATION to use /auth/projects|domains
 3572 * Unit tests for is\_domain field in project's table
 3573 * Group tox optional dependencies
 3574 * Provide new\_xyz\_ref functions in tests.core
 3575 * Refactor mapping rule engine tests to not create servers
 3576 * Updating sample configuration file
 3577 * Correct docstrings in resource/core.py
 3578 * Validate Mapped User object
 3579 * Set max on max\_password\_length to passlib max
 3580 * Simplify federated\_domain\_name processing
 3581 * Get method's class name in a python3-compatible way
 3582 * Stop reading local config for domain-specific SQL config driver
 3583 * Enforce .config\_overrides is called exactly once
 3584 * Use /auth/projects in tests
 3585 * Remove keystone/openstack/\* from coveragerc
 3586 * Rationalize unfiltered list role assignment test
 3587 * Change mongodb extras to lowercase
 3588 * Refactor: Provider.\_rebuild\_federated\_info()
 3589 * Refactor: rename Fernet's unscoped federated payload
 3590 * Fernet payloads for federated scoped tokens
 3591 * No More .reload\_backends() or .reload\_backend()
 3592 * Ensure ephemeral user's user\_id is url-safe
 3593 * Use min and max on IntOpt option types
 3594 * Adds a notification testcase for unbound methods
 3595 * Do not revoke all of a user's tokens when a role assignment is deleted
 3596 * Handle tokens created and quickly revoked with insufficient timestamp precision
 3597 * Show that unscoped tokens are revoked when deleting role assignments
 3598 * Prevent exception due to missing id of LDAP entity
 3599 * Expose exception due to missing id of LDAP entity
 3600 * Add testcase to test invalid region id in request
 3601 * Add region\_id filter for List Endpoints API
 3602 * Remove references to keystone.openstack.common
 3603 * Remove all traces of oslo incubator
 3604 * Updating sample configuration file
 3605 * Test v2 tokens being deleted by v3
 3606 * Use entrypoints for paste middleware and apps
 3607 * update links in http-api to point to specs repo
 3608 * Add necessary executable permission
 3609 * Refactor: use fixtures.TempDir more
 3610 * Add is\_domain field in Project Table
 3611 * Prevent exception for invalidly encoded parameters
 3612 * Extras for bandit
 3613 * Use extras for memcache and MongoDB packages
 3614 * Use wsgi\_scripts to create admin and public httpd files
 3615 * Update Httpd configuration docs for sites-available/enabled
 3616 * Remove unnecessary check
 3617 * Update 'doc/source/setup.rst'
 3618 * Remove unnecessary load\_backends from TestKeystoneTokenModel
 3619 * Updated from global requirements
 3620 * Imported Translations from Transifex
 3621 * Updated from global requirements
 3622 * Show helpful message when request body is not provided
 3623 * Fix logging in federation/idp.py
 3624 * Enhance tests for saml2 signing exception logging
 3625 * Remove deprecated methods from assignment.Manager
 3626 * Stop using deprecated assignment manager methods
 3627 * EndpointFilter driver doesnt inherit its interface
 3628 * Hardens the validated decorator's implementation
 3629 * Updating sample configuration file
 3630 * Simplify rule in sample v3 policy file
 3631 * Improve a few random docstrings
 3632 * Maintain datatypes when loading configs from DB
 3633 * Remove "tenants" from user\_attribute\_ignore default
 3634 * Use oslo\_config PortOpt support
 3635 * Updated from global requirements
 3636 * Updated from global requirements
 3637 * Fix the misspelling
 3638 * When validating a V3 token as V2, use the v3\_to\_v2 conversion
 3639 * Do not require the token\_id for converting v3 to v2 tokens
 3640 * Maintain the expiry of v2 fernet tokens
 3641 * Fix typo in doc-string
 3642 * Validate domain ownership for v2 tokens
 3643 * Fix docstring in mapped plugin
 3644 * Updated from global requirements
 3645 * Minor grammar fixes to connection pooling section
 3646 * Creates a fixture representing as LDAP database
 3647 * Sample config help for supplied drivers
 3648 * Improve List Role Assignments Filters Performance
 3649 * Update docs for stevedore drivers
 3650 * Fixes an incorrect docstring in notifications
 3651 * Stop calling deprecated assignment manager methods
 3652 * Updated from global requirements
 3653 * Updating sample configuration file
 3654 * Adds backend check to setup of LDAP tests
 3655 * Improve a few random docstrings (H405)
 3656 * Remove excessive transformation to list
 3657 * Stop calling deprecated assignment manager methods
 3658 * Remove reference of old endpoint\_policy in paste file
 3659 * Fernet 'expires' value loses 'ms' after validation
 3660 * Correct enabled emulation query to request no attributes
 3661 * NotificationsTestCase running in isolation
 3662 * Adds/updates notifications test cases
 3663 * Fix duplicate-key pylint issue
 3664 * Fix explicit line joining with backslash
 3665 * Fixes an issue with data ordering in the tests
 3666 * Imported Translations from Transifex
 3667 * Allow Domain Admin to get domain details
 3668 * Assignment driver cleaning
 3669 * Cleanup tearDown in unit tests
 3670 * Fix unbound error in federation \_sign\_assertion
 3671 * Fix typos of RoleAssignmentV3.\_format\_entity doc
 3672 * Updating sample configuration file
 3673 * Updated from global requirements
 3674 * Remove unnecessary check from notifications.py
 3675 * Remove oslo import hacking check
 3676 * Use dict.items() rather than six.iteritems()
 3677 * Cleanup use of iteritems
 3678 * Imported Translations from Transifex
 3679 * Missing ADMIN\_USER in sample\_data.sh
 3680 * Update exported variables for openstack client
 3681 * Use extras for ldap dependencies
 3682 * Add better user feedback when bind is not implemented
 3683 * Test to ensure fernet key rotation results in new key sets
 3684 * Better error message when unable to map user
 3685 * Refactor \_populate\_roles\_for\_groups()
 3686 * Add groups in scoped federated tokens
 3687 * Adds missing list\_endpoints tests
 3688 * Reject create endpoint with invalid urls
 3689 * Explain the "or None" on eventlet's client\_socket\_timeout
 3690 * Reduce number of Fernet log messages
 3691 * Fix test\_admin to expect admin endpoint
 3692 * Fixes a docstring to reflect actual return values
 3693 * Give some message when an invalid token is in use
 3694 
 3695 8.0.0.0b2
 3696 ---------
 3697 
 3698 * Updated from global requirements
 3699 * Ensure database options registered for tests
 3700 * Document sample config updated automatically
 3701 * Test function call result, not function object
 3702 * Test admin app in test\_admin\_version\_v3
 3703 * Updating sample configuration file
 3704 * Handle non-numeric files in key\_repository
 3705 * Fix remaining mention of KLWT
 3706 * Updated from global requirements
 3707 * Replace 401 to 404 when token is invalid
 3708 * Assign different values to public and admin ports
 3709 * Fix four typos and Add one space on keystone document
 3710 * Reuse token\_ref fetched in AuthContextMiddleware
 3711 * Refactor: clean up TokenAPITests
 3712 * pemutils isn't used anymore
 3713 * Imported Translations from Transifex
 3714 * Fix test\_exception.py for py34
 3715 * Fix s3.core for py34
 3716 * Updating sample configuration file
 3717 * Fix test\_utils for py34
 3718 * test\_base64utils works with py34
 3719 * Minor fix in the \`configuration.rst\`
 3720 * Correct spacing in \`\`mapping\_combinations.rst\`\`
 3721 * add federation docs for mod\_auth\_mellon
 3722 * Avoid the hard coding of admin token
 3723 * Adding Documentation for Mapping Combinations
 3724 * Clean up docs before creating new ones
 3725 * Document policy target for operation
 3726 * Fix docs in federation.routers
 3727 * Fix docstrings in contrib
 3728 * Additional Fernet test coverage
 3729 * Refactor websso \`\`origin\`\` validation
 3730 * Docs link to ACTIONS
 3731 * Clean up code to use .items()
 3732 * Document default value for tree\_dn options
 3733 * Remove unnecessary ldap imports
 3734 * Move backends.py to keystone.server
 3735 * move clean.py into keystone/common
 3736 * Updated from global requirements
 3737 * Remove unnecessary executable permission
 3738 * Move cli.py into keystone.cmd
 3739 * Do not remove expired revocation events on "get"
 3740 * Clean up notifications type checking
 3741 * Federation API provides method to evaluate rules
 3742 * Move constants out of federation.core
 3743 * Implement backend filtering on membership queries
 3744 * Moves keystone.hacking into keystone.tests
 3745 * Add missing "raise" when throwing exception
 3746 * Log xmlsec1 output if it fails
 3747 * Fix test method examining scoped federation tokens
 3748 * Spelling correction
 3749 * Fixes grammar in setup.rst in doc source
 3750 * Updated from global requirements
 3751 * Deprecate LDAP assignment driver options
 3752 * Register fatal\_deprecations before use
 3753 * Use oslo.utils instead of home brewed tempfile
 3754 * Updating sample configuration file
 3755 * Add testcases for list\_role\_assignments of v3 domains
 3756 * Centralizing build\_role\_assignment\_\* functions
 3757 * Replace reference of ksc with osc
 3758 * Updated from global requirements
 3759 * Changing exception type to ValidationError instead of Forbidden
 3760 * Standardize documentation at Service Managers
 3761 * Fixes grammar in the httpd README
 3762 * Fix the incorrect format for docstring
 3763 * Imported Translations from Transifex
 3764 * Fixes docstring to make it more precise
 3765 * Removed optional dependency support
 3766 * Decouple notifications from DI
 3767 * Adds proper isolation to templated catalog tests
 3768 * Fix log message in one of the v3 create call methods
 3769 * Catch exception.Unauthorized when checking for admin
 3770 * Remove convert\_to\_sqlite.sh
 3771 * Fix for LDAP filter on group search by name
 3772 * Remove fileutils from oslo-incubator
 3773 * Remove comment for doc building bug 1260495
 3774 * Fix code-block in federation documentation
 3775 * Modified command used to run keystone-all
 3776 * Delete extra parentheses in assertEqual message
 3777 * Fix the invalid testcase
 3778 * Updating sample configuration file
 3779 * Add unit test for fernet provider
 3780 * Update federation docstring
 3781 * Do not specify 'objectClass' twice in LDAP filter string
 3782 * Fix tox -e py34
 3783 * Change mapping model so rules is dict
 3784 * Add test case for deleting endpoint with space in url
 3785 * Update requirements by hand
 3786 * Consolidate the fernet provider issue\_v3\_token()
 3787 * Group role revocation invalidates all user tokens
 3788 * OS-FEDERATION no longer extension in docs
 3789 * Switch from deprecated oslo\_utils.timeutils.strtime
 3790 * Remove unused setUp for RevokeTests
 3791 * Update MANIFEST.in
 3792 * Update sample config file
 3793 * Disable migration sanity check
 3794 * Updated from global requirements
 3795 * Use oslo.service ServiceBase when loading from eventlet
 3796 * Document use of wip up to developer
 3797 * Simplify fernet rotation code
 3798 * Tests for correct key removed
 3799 * Relax the formats of accepted mapping rules for keystone-manage
 3800 * Python 3: Use range instead of xrange for py3 compatibility
 3801 
 3802 8.0.0.0b1
 3803 ---------
 3804 
 3805 * Document entrypoint namespaces
 3806 * Short names for auth plugins
 3807 * Update sample configuration file
 3808 * Switch to oslo.service
 3809 * Update sample configuration file
 3810 * Remove redundant config
 3811 * Don't try to drop FK constraints for sqlite
 3812 * Remove unused requirements
 3813 * Add missing keystone-manage commands to doc
 3814 * Mask passwords in debug log on user password operations
 3815 * Add test showing password logged
 3816 * Adds some debugging statements
 3817 * Imported Translations from Transifex
 3818 * Use stevedore for auth drivers
 3819 * Refactor extract function load\_auth\_method
 3820 * Add unit test to exercise key rotation
 3821 * Fix Fernet key rotation
 3822 * Update version for Liberty
 3823 
 3824 8.0.0a0
 3825 -------
 3826 
 3827 * Refactor: move PKI-specific tests into the appropriate class
 3828 * Needn't load fernet keys twice
 3829 * Pass environment variables of proxy to tox
 3830 * Fix tests failing on slower system
 3831 * Mapping Engine CLI
 3832 * Imported Translations from Transifex
 3833 * Fix spelling in configuration comment
 3834 * Switch keystone over to oslo\_log versionutils
 3835 * Updated from global requirements
 3836 * Use lower default value for sha512\_crypt rounds
 3837 * Updated from global requirements
 3838 * Add more Rally scenarios
 3839 * Remove unnecessary dependencies from KerberosDomain
 3840 * Remove deprecated external authentication plugins
 3841 * Remove unnecessary code for default suffix
 3842 * Remove custom assertions for python2.6
 3843 * Avoid using the interactive interpreter for a one-liner
 3844 * Add validity check of 'expires\_at' in trust creation
 3845 * Revocation engine refactoring
 3846 * Updated from global requirements
 3847 * Rename directory with rally jobs files
 3848 * Fix req.environ[SCRIPT\_NAME] value
 3849 * Don't query db if criteria longer than col length
 3850 * Updated from global requirements
 3851 * Run WSGI with group=keystone
 3852 * Consolidate test-requirements files
 3853 * Switch from deprecated isotime
 3854 * Fix the wrong order of parameters when using assertEqual
 3855 * Add testcases to test DefaultDomain
 3856 * Remove the deprecated ec2 token middleware
 3857 * Replace blacklist\_functions with blacklist\_calls
 3858 * updates sample\_data script to use the new openstack commands
 3859 * Log info for Fernet tokens over 255 chars
 3860 * Update functional tox env requirements
 3861 * Update sample config file
 3862 * Correct oauth1 driver help text
 3863 * Rename driver to backend and fix the inaccurate docstring
 3864 * Add "enabled" to create service provider example
 3865 * Update testing keystone2keystone doc
 3866 * Removes unused database setup code
 3867 * Refactor: use \_\_getitem\_\_ when the key will exists
 3868 * Refactor: create the lookup object once
 3869 * Order routes so most frequent requests are first
 3870 * \`api\_curl\_examples.rst\` is out of date
 3871 * Don't assume project IDs are UUID format
 3872 * Don't assume group IDs are UUID format
 3873 * Don't fail on converting user ids to bytes
 3874 * Move endpoint policy into keystone core
 3875 * Update sample config file
 3876 * Tests don't override default auth methods/plugins
 3877 * Tests consistently use auth\_plugin\_config\_override
 3878 * Test use config\_overrides for configs
 3879 * Correct tests setting auth methods to a non-list
 3880 * Make sure LDAP filter is constructed correctly
 3881 * basestring no longer exists in Python3
 3882 * Add mocking for memcache for Python3 tests
 3883 * Fix xmldsig import
 3884 * Refactor deprecations tests
 3885 * Switch from MySQL-python to PyMySQL
 3886 * Improve websso documentation
 3887 * Remove the deprecated compute\_port option
 3888 * Workflow documentation is now in infra-manual
 3889 * Remove XML middleware stub
 3890 * Rename sample\_config to genconfig
 3891 * Imported Translations from Transifex
 3892 * Replace ci.o.o links with docs.o.o/infra
 3893 * Sync oslo-incubator cc19617
 3894 * Use single connection in get\_all function
 3895 * Removes temporary fix for doc generation
 3896 * Improve error message when tenant ID does not exist
 3897 * Updated from global requirements
 3898 * Add missing part for \`token\` object
 3899 * Remove identity\_api from AuthInfo dependencies
 3900 * Move bandit requirement to test-requirements-bandit.txt
 3901 * Adds inherited column to RoleAssignment PK
 3902 * Update dev setup requirements for Python 3.4
 3903 * Update sample config file
 3904 * Remove support for loading auth plugin by class
 3905 * Use [] where a value is required
 3906 * De-duplicate auth methods
 3907 * Remove unnecessary oauth\_api check
 3908 * Use short names for drivers
 3909 * Fixes deprecations test for Python3
 3910 * Add mocking for ldappool for Python3 tests
 3911 * Fixes a whitespace issue
 3912 * Handles modules that moved in Python3
 3913 * Handles Python3 builtin changes
 3914 * Fixes use of dict methods for Python3
 3915 * Updated from global requirements
 3916 * Replace github reference by git.openstack.org and change a doc link
 3917 * Refactor \_create\_attribute\_statement IdP method
 3918 * Revert "Loosen validation on matching trusted dashboard"
 3919 * Updated from global requirements
 3920 * Use correct LOG translation indicator for errors
 3921 * Add openstack\_user\_domain to assertion
 3922 * Pass-in domain when testing saml signing
 3923 * Fixes test nits from a previous review
 3924 * Implement validation on the Identity V3 API
 3925 * Fix tiny typo in comment message
 3926 * Updates the \*py3 requirements files
 3927 * Fixes mocking of oslo messaging for Python3
 3928 * pycadf now supports Python3
 3929 * eventlet now supports Python3
 3930 * Updated from global requirements
 3931 * Add openstack\_project\_domain to assertion
 3932 * Use stevedore for backend drivers
 3933 * Prohibit invalid ids in subtree and parents list
 3934 * Update sample config
 3935 * Fix sample policy to allow user to check own token
 3936 * Replaced filter with a list comprehension
 3937 * Ignore multiple imports per line for six.moves
 3938 * Fixes order of imports for pep8
 3939 * pep8 whitespace changes
 3940 * Remove randomness from test\_client\_socket\_timeout
 3941 * Allow wsgiref to reconstruct URIs per the WSGI spec
 3942 * Fix the misuse of \`versionutils.deprecated\`
 3943 * Updated from global requirements
 3944 * Update openid connect docs to include other distros
 3945 
 3946 2015.1.0
 3947 --------
 3948 
 3949 * Updated from global requirements
 3950 * Remove pysqlite test-requirement dependency
 3951 * Fixes tests to use the config fixture
 3952 * Isolate injection tests
 3953 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 3954 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 3955 * Fixes cyclic ref detection in project subtree
 3956 * Updated from global requirements
 3957 * Updated from global requirements
 3958 * Release Import of Translations from Transifex
 3959 * Make memcache client reusable across threads
 3960 * Imported Translations from Transifex
 3961 * Remove project association before removing endpoint group
 3962 * Loosen validation on matching trusted dashboard
 3963 * adds a tox target for functional tests
 3964 * Adds an initial functional test
 3965 * Fix the incorrect comment
 3966 * Set default branch to stable/kilo
 3967 * Remove assigned protocol before removing IdP
 3968 * Expose domain\_name in the context for policy.json
 3969 * Update developer doc to reference Ubuntu 14
 3970 * Make memcache client reusable across threads
 3971 * Update Get API version Curl example
 3972 * Remove unused policy rule for get\_trust
 3973 * backend\_argument should be marked secret
 3974 * Update man pages for the Kilo release
 3975 * make sure we properly initialize the backends before using the drivers
 3976 * WebSSO should use remote\_id\_attribute by protocol
 3977 * Work with pymongo 3.0
 3978 * Fix incorrect setting in WebSSO documentation
 3979 * Stops injecting revoke\_api into TestCase
 3980 * Checking if Trust exists should be DRY
 3981 * Use correct LOG translation indicator for warnings
 3982 * backend\_argument should be marked secret
 3983 * Fix signed\_saml2\_assertion.xml tests fixture
 3984 * Don't provide backends from \_\_all\_\_ in persistence
 3985 * Add domain\_id checking in create\_project
 3986 * Update keystone.sample.conf
 3987 * Use choices in config.py
 3988 * make sure we properly initialize the backends before using the drivers
 3989 * WebSSO should use remote\_id\_attribute by protocol
 3990 * Refactor common function for loading drivers
 3991 * Tests don't override default config with default
 3992 * Refactor MemcachedBackend to not be a Manager
 3993 * Update openstack-common reference in openstack/common/README
 3994 * Exposes bug on role assignments creation
 3995 * Removes discover from test-reqs
 3996 * Work with pymongo 3.0
 3997 
 3998 2015.1.0rc1
 3999 -----------
 4000 
 4001 * Update man pages for the Kilo release
 4002 * Add placeholders for reserved migrations
 4003 * Redundant events on group grant revocation
 4004 * Open Liberty development
 4005 * Improved policy setting in the 'v3 filter' tests
 4006 * Handle NULL value for service.extra in migration 066
 4007 * Skip SSL tests because some platforms do not enable SSLv3
 4008 * Fix the typo in \`token/providers/fernet/core.py\`
 4009 * Fix index name the assignment.actor\_id table
 4010 * Add index to the revocation\_event.revoked\_at
 4011 * Document websso setup
 4012 * Allow identity provider to be created with remote\_ids set to None
 4013 * Update testing docs
 4014 * Import fernet providers only if used in keystone-manage
 4015 * Imported Translations from Transifex
 4016 * Fix multiple SQL backend usage validation error
 4017 * Expose multiple SQL backend usage validation error
 4018 * Fix for notifications for v2 role grant/delete
 4019 * Update sample config file
 4020 * Fix errors in ec2 signature logic checking
 4021 * Don't add unformatted project-specific endpoints to catalog
 4022 * Reload drivers when their domain config is updated
 4023 * Correcting the name of directory holding dev docs
 4024 * Fixes bug in Federation list projects endpoint
 4025 * Exposes bug in Federation list projects endpoint
 4026 * Updated from global requirements
 4027 * Refactor assignment driver internal clean-up method names
 4028 * Remove unnecessary .driver. references in assignment manager
 4029 * Rename notification for create/delete grants
 4030 * Drop sql.transaction() usage in migration
 4031 * Update configuration documentation for domain config
 4032 * Fix for migration 062 on MySQL
 4033 * Bump advertised API version to 3.4
 4034 * Extract response headers to private method
 4035 * Deprecate eventlet config options
 4036 * Imported Translations from Transifex
 4037 * remove useless nocatalog tests of endpoint\_filter
 4038 * Add API to create ecp wrapped saml assertion
 4039 * Add relay\_state\_prefix to Service Provider
 4040 * Change the way values are migrated for 007\_add\_remote\_id\_table
 4041 * Add routing for list\_endpoint\_groups\_for\_project
 4042 * Use ORM in upgrade test instead of manual query construction
 4043 * Remove empty request bodies
 4044 * Remove unnecessary import that was not checked
 4045 * IdP ID registration and validation
 4046 * Imported Translations from Transifex
 4047 * add test of /v3/auth/catalog for endpoint\_filter
 4048 * Entrypoints for commands
 4049 * More content in the guide for core components' migration
 4050 * Make trust manager raise formatted message exception
 4051 * Revert "Document mapping of policy action to operation"
 4052 * Remove SQL Downgrades
 4053 * Add caching to getting of the fully substituted domain config
 4054 * Refactor \_create\_projects\_hierarchy in tests
 4055 * Fixes bug when getting hierarchy on Project API
 4056 * Exposes bug when getting hierarchy on Project API
 4057 * Move common checks into base testcase
 4058 * Tests use common base class
 4059 * use tokens returned by delete\_tokens to invalidate cache
 4060 * Loosen the validation schema used for trustee/trustor ids
 4061 * region.description is optional and can be null
 4062 * Update access control configuration in httpd config
 4063 * Document mapping of policy action to operation
 4064 * Update install.rst for Fedora
 4065 * Update sample config file
 4066 * Remove parent\_id in v2 tenant response
 4067 * Tox env for Bandit
 4068 * Refactor: extract and rename unique\_id method
 4069 * create \_member\_ role as specified in CONF
 4070 * Fix sample policy to allow user to revoke own token
 4071 * Add unit tests for sample policy token operations
 4072 * Mark some strings for translation
 4073 * Add fernet to test\_supported\_token\_providers
 4074 * Fix up token provider help text
 4075 * Tests use Database fixture
 4076 * Remove parent\_id in v2 token response
 4077 * Update ServiceProviderModel attributes
 4078 * Add docstrings to keystone.notifications functions
 4079 * Remove unused metadata parameter from get\_catalog methods
 4080 * Imported Translations from Transifex
 4081 * Cleanup use of .driver
 4082 * Specify time units for default\_lock\_timeout
 4083 * Remove stevedore from test-requirements
 4084 * Lookup identity provider by remote\_id for websso
 4085 * Deal with PEP-0476 certificate chaining checking
 4086 * Distinguish between unset and empty black and white lists
 4087 * Remove unused domain config method paramters
 4088 * Correct path in request logging
 4089 * Correct request logging query parameters separator
 4090 * Fix setting default log levels
 4091 * On creation default service name to empty string
 4092 * Needn't workaround when invoking \`app.request()\`
 4093 
 4094 2015.1.0b3
 4095 ----------
 4096 
 4097 * Imported Translations from Transifex
 4098 * Support upload domain config files to database
 4099 * Update sample httpd config file
 4100 * Update Apache httpd config docs for token persistence
 4101 * Cleanup Fernet testcases and add comments
 4102 * Add inline comment and docstrings fixes for Fernet
 4103 * Fix nullable constraints in service provider table
 4104 * Move backend LDAP role testing to the new backend testing module
 4105 * URL quote Fernet tokens
 4106 * Use existing token test for Fernet tokens
 4107 * Implement Fernet tokens for v2.0 tokens
 4108 * Refactor code supporting status in JSON Home
 4109 * remove expected backtrace from logs
 4110 * Log when no external auth plugin registered
 4111 * Adds test for federation mapping list order issues
 4112 * Updated from global requirements
 4113 * Enable sensitive substitutions into whitelisted domain configs
 4114 * Imported Translations from Transifex
 4115 * Create a fixture for key repository
 4116 * Ignore unknown groups in lists for Federation
 4117 * Remove RestfulTestCase.admin\_request
 4118 * Remove SSL configuration instructions from HTTPd docs
 4119 * Wrap apache-httpd.rst
 4120 * Remove fix for migration 37
 4121 * Cleanup for credentials schema test
 4122 * Refactor sql filter code for clarity
 4123 * Prefer . to setattr()/getattr()
 4124 * Build domain scope for Fernet tokens
 4125 * Mark the domain config API as experimental
 4126 * Imported Translations from Transifex
 4127 * Allow methods to be carried in Fernet tokens
 4128 * Federated token formatter
 4129 * Refactor: make Fernet token creation/validation API agnostic
 4130 * Convert audit\_ids to bytes
 4131 * Drop Fernet token prefixes & add domain-scoped Fernet tokens
 4132 * Add JSON schema validation for service providers
 4133 * Implements whitelist and blacklist mapping rules
 4134 * Adding utf8 to federation tables
 4135 * Eventlet green threads not released back to pool
 4136 * Abstract the direct map concept into an object
 4137 * Remove redundant creation timestamp from fernet tokens
 4138 * Fix deprecated group for eventlet\_server options
 4139 * Sync oslo-incubator to f2cfbba
 4140 * Cleanup test keeping unnecessary fixture references
 4141 * Fix typo in name of variable in resource router
 4142 * Add test to list projects by the parent\_id
 4143 * Fixes minor spelling issue
 4144 * Crosslink to other sites that are owned by Keystone
 4145 * Imported Translations from Transifex
 4146 * move region and service exist checks into manager layer
 4147 * make credential policy check ownership of credential
 4148 * Remove unused threads argument
 4149 * Refactor: remove dep on trust\_api / v3 token helper
 4150 * Enable use of database domain config
 4151 * add oauth authentication to config file
 4152 * Prevent calling waitall() inside a GreenPool's greenthread
 4153 * Rename get\_events to list\_events on the Revoke API
 4154 * Address nits for default cache time more explicit
 4155 * add cadf notifications for oauth
 4156 * Add scope info to initiator data for CADF notifications
 4157 * Removed maxDiff attribute from TestCase
 4158 * Refactoring: use BaseTestCase instead of TestCase
 4159 * Moved sys.exit mocking into BaseTestClass
 4160 * Refactor: move initiator test to cadf specific section
 4161 * Refactor: create a common base for notification tests
 4162 * Migrations squash
 4163 * Consistently use oslo\_config.cfg.CONF
 4164 * Removes logging code that supported Python <2.7
 4165 * Refactoring: removed client method from TestCase
 4166 * Refactoring: remove self.\_config\_file\_list from TestCase
 4167 * Deprecate passing "extras" in token data
 4168 * 'Assignment' has no attr 'get\_domain\_by\_name'
 4169 * Refactor: make extras optional in v3 get\_token\_data
 4170 * Remove extra semicolon from mapping fixtures
 4171 * Imported Translations from Transifex
 4172 * Fix seconds since epoch use in fernet tokens
 4173 * Add API support for domain config
 4174 * Remove unused checkout\_vendor
 4175 * Move test\_core to keysteone.tests.unit.tests
 4176 * Fixes the SQL model tests
 4177 * Add documentation for key terms and basic authenticating
 4178 * Remove useless comment from requirements.txt
 4179 * Move pysaml to requirements.txt for py3
 4180 * Docstring fixes in fernet.token\_formatters
 4181 * Made project\_id required for ec2 credential
 4182 * Add Federation mixin for setting up data
 4183 * Refactor: remove token formatters dep on 'token\_data' on create()
 4184 * Refactor: rename the "standard" token formatter to "scoped"
 4185 * Add unscoped token formatter for Fernet tokens
 4186 * Fix the wrong order of parameters when using assertEqual
 4187 * Imported Translations from Transifex
 4188 * Spelling and grammar cleanup
 4189 * Fixes bug in SQL/LDAP when honoring driver\_hints
 4190 * Remove policy parsing exception
 4191 * Cleanup policy related tests
 4192 * Remove incubated version of oslo policy
 4193 * Use oslo.policy instead of incubated version
 4194 * Fixes minor whitespace issues
 4195 * Updated from global requirements
 4196 * Add checking for existing group/option to update domain config
 4197 * Stop debug logging of Ldap while running unit tests
 4198 * Exposes bug in SQL/LDAP when honoring driver\_hints
 4199 * Updated from global requirements
 4200 * Fix typos in tests/unit/core.py
 4201 * Remove unnecessary import
 4202 * Update developer docs landing page
 4203 * Add support for whitelisting and partial domain configs
 4204 * Change headers to be byte string friendly
 4205 * fix import order in federation controller
 4206 * Imported Translations from Transifex
 4207 * Fix a minor coding nit in Fernet testing
 4208 * Move install of cryptography before six
 4209 * refactor: extract and document audit ID generation
 4210 * Update sample config file
 4211 * log query string instead of openstack.params and request args
 4212 * Cleanup docstrings in test\_v3\_federation.py
 4213 * refactor: consistently refer to "unpacked tokens" as the token's "payload"
 4214 * refactor: extract fernet packing & unpacking methods
 4215 * Fix nits from 157495
 4216 * Deprecate Eventlet Deployment in favor of wsgi containers
 4217 * remove old docstr referring to keyczar
 4218 * Implement backend driver support for domain config
 4219 * Use revocation events for lightweight tokens
 4220 * Avoid multiple instances for a provider
 4221 * Always load revocation manager
 4222 * Cleanup comments from 159865
 4223 * Updated from global requirements
 4224 * Rename "Keystone LightWeight Tokens" (KLWT) to "Fernet" tokens
 4225 * Make the default cache time more explicit in code
 4226 * Keystone Lightweight Tokens (KLWT)
 4227 * Refactor and provide scaffolding for domain specific loading
 4228 * Populate token with service providers
 4229 * Add CADF notifications for trusts
 4230 * Get initiator from manager and send to controller
 4231 * Add in non-decorator notifiers
 4232 * Implemented caching in identity layer
 4233 * Imported Translations from Transifex
 4234 * Use dict comprehensions instead of dict constructor
 4235 * Remove deprecated methods and functions in token subsystem
 4236 * Authenticate local users via federated workflow
 4237 * Move UserAuthInfo to a separate file
 4238 * Make RuleProcessor.\_UserType class public
 4239 * Enhance user identification in mapping engine
 4240 * Remove conditional check (and test) for oauth\_api
 4241 * Fixes test\_multiple\_filters filters definition
 4242 * Remove conditionals that check for revoke\_api
 4243 * Use correct dependency decorator
 4244 * Add minimum release support notes for federation
 4245 * Update \`os service create\` examples in config services
 4246 * Reference OSC docs in CLI examples
 4247 * Chain a trust with a role specified by name
 4248 * Add parent\_id to test\_project\_model
 4249 * Revamp the documentation surrounding notifications
 4250 * Remove unused tmp directory in tests
 4251 * Correct initialization order for logging to use eventlet locks
 4252 * add missing links for v3 OS-EC2 API response
 4253 * Remove explicit mentions of JSON from test\_v2
 4254 * Rename test\_keystoneclient\*
 4255 * Rename test\_content\_types
 4256 * Fix for KVS cache backend incompatible with redis-py
 4257 * Enable endpoint\_policy, endpoint\_filter and oauth by default
 4258 * Add links to extensions that point to api specs
 4259 * Classifying extensions and defining process
 4260 * Imported Translations from Transifex
 4261 * Add oslo request id middleware to keystone paste pipeline
 4262 * Uses SQL catalog driver for v2 REST tests
 4263 * Fixed skip msg in templated catalog test
 4264 * Remove invalid comment/statement at role manager
 4265 * Standardize notifications types as constants
 4266 * Change use of random to random.SystemRandom
 4267 * Remove extra call to oauth manager from tests
 4268 * Remove an extra call to create federation manager
 4269 * Updated from global requirements
 4270 * Imported Translations from Transifex
 4271 * Improve List Role Assignment Tests
 4272 * Enable filtering in LDAP backend for listing entities
 4273 * Refactor filter and sensitivity tests in prepartion for LDAP support
 4274 * Imported Translations from Transifex
 4275 * Provide additional detail if OAuth headers are missing
 4276 * Add WebSSO support for federation
 4277 * Check consumer and project id before creating request token
 4278 * Regenerate sample config file
 4279 * Move eventlet server options to a config section
 4280 * refactor: use \_get\_project\_endpoint\_group\_url() where applicable
 4281 * Update sample config file
 4282 * Consistently use oslo\_config.cfg.CONF
 4283 * Imported Translations from Transifex
 4284 * Removes unnecessary checks when cleaning a domain
 4285 * Remove check\_role\_for\_trust from sample policies
 4286 * Remove duplicated test for get\_role
 4287 * Add a test for create\_domain in notifications
 4288 * Add CADF notification handling for policy/region/service/endpoint
 4289 * Publicize region/endpoint/policy/service events
 4290 * Add CADF notifications for most resources
 4291 * Updated from global requirements
 4292 * Drop foreign key (domain\_id) from user and group tables
 4293 * Make federated domain configurable
 4294 * Imported Translations from Transifex
 4295 * Move backend role tests into their own module
 4296 * Fix nits from patch #110858
 4297 * Fix invalid super() usage in memcache pool
 4298 * Add a domain to federated users
 4299 * Wrap dependency registry
 4300 * Remove unnecessary code setting provider
 4301 * Fix tests to not load federation manager twice
 4302 * Fix places where role API calls still called assignment\_api
 4303 * fix a small issue in test\_v3\_auth.py
 4304 * Imported Translations from Transifex
 4305 * rename cls in get\_auth\_context to self
 4306 * make tests of endpoint\_filter check endpoints num
 4307 * remove the Conf.signing.token\_format option support
 4308 * Remove list\_endpoint\_groups\_for\_project from sample policies
 4309 * Add get\_endpoint\_group\_in\_project to sample policy files
 4310 * Check for invalid filtering on v3/role\_assignments
 4311 * Remove duplicate token revocation check
 4312 * Remove incubator version of log and local
 4313 * Use oslo.log instead of incubator
 4314 * Move existing tests to unit
 4315 * Cleanup tests to not set multiple workers
 4316 * Use subunit-trace from tempest-lib
 4317 * Log exceptions safely
 4318 * Imported Translations from Transifex
 4319 * Refactor \_send\_audit\_notification
 4320 * Updated from global requirements
 4321 * Remove excess brackets in exception creation
 4322 * Update policy doc to use new rule format
 4323 * remove the unused variables in indentity/core.py
 4324 * fix assertTableColumns
 4325 * Imported Translations from Transifex
 4326 * make federation part of keystone core
 4327 * Small cleanup of cloudsample policy
 4328 * Fix error message on check on RoleV3
 4329 * Improve creation of expected assignments in tests
 4330 * Add a check to see if a federation token is being used for v2 auth
 4331 * Adds a fork of python-ldap for Py3 testing
 4332 * Updates Python3 requirements
 4333 * Sync with oslo-incubator
 4334 * Add local rules in the federation mapping tests
 4335 * Don't try to convert LDAP attributes to boolean
 4336 * Add schema for endpoint group
 4337 * Split the assignments controller
 4338 * Use \_VersionsEqual for a few more version tests
 4339 * Remove test PYTHONHASHSEED setting
 4340 * Correct version tests for result ordering
 4341 * Correct a v3 auth test for result ordering
 4342 * Correct catalog response checker for result ordering
 4343 * Correct test\_get\_v3\_catalog test for result ordering
 4344 * Correct test\_auth\_unscoped\_token\_project for result ordering
 4345 * Fix the syntax issue on creating table \`endpoint\_group\`
 4346 * Change hacking check to verify all oslo imports
 4347 * Change oslo.i18n to oslo\_i18n
 4348 * Change oslo.config to oslo\_config
 4349 * Change oslo.db to oslo\_db
 4350 * Remove XMLEquals from tests
 4351 * Remove unused test case
 4352 * Don't coerce port config values
 4353 * Make identity id mapping handle unicode
 4354 * Improve testing of unicode id mapping
 4355 * Add new "RoleAssignment" exception
 4356 * Imported Translations from Transifex
 4357 * log wsgi requests at INFO level
 4358 * Fix race on default role creation
 4359 * Imported Translations from Transifex
 4360 * Unscoped to Scoped only
 4361 * Refactor federation SQL backend
 4362 
 4363 2015.1.0b2
 4364 ----------
 4365 
 4366 * Set initiators ID to user\_id
 4367 * Updated from global requirements
 4368 * Change oslo.messaging to oslo\_messaging
 4369 * Change oslo.serialization to oslo\_serialization
 4370 * Handle SSL termination proxies for version list
 4371 * Imported Translations from Transifex
 4372 * Update federation config to use Service Providers
 4373 * Drop URL field from region table
 4374 * Create K2K SAML assertion from Service Provider
 4375 * Service Providers API for OS-FEDERATION
 4376 * Implements subtree\_as\_ids query param
 4377 * Refactor role assignment assertions
 4378 * Fixes 'OS-INHERIT:inherited\_to' info in tests
 4379 * During authentication validate if IdP is enabled
 4380 * Fix typo in Patch #142743
 4381 * Make the LDAP dependency clear between identity, resource & assignment
 4382 * Implements parents\_as\_ids query param
 4383 * Internal notifications for cleanup domain
 4384 * Multiple IDP authentication URL
 4385 * Change oslo.utils to oslo\_utils
 4386 * Imported Translations from Transifex
 4387 * Regenerate sample config file
 4388 * Make unit tests call the new resource manager
 4389 * Make controllers and managers reference new resource manager
 4390 * Remove unused pointer to assignment in identity driver
 4391 * Move projects and domains to their own backend
 4392 * Make role manager refer to role cache config options
 4393 * Documentation fix for Keystone Architecture
 4394 * Imported Translations from Transifex
 4395 * Fix evaluation logic of federation mapping rules
 4396 * Deprecate LDAP Assignment Backend
 4397 * Fix up \_ldap\_res\_to\_model for ldap identity backend
 4398 * Remove local conf information from paste-ini
 4399 * Use RequestBodySizeLimiter from oslo.middleware
 4400 * Adds a wip decorator for tests
 4401 * Remove list\_user\_projects method from assignment
 4402 * Updated from global requirements
 4403 * Remove unnecessary code block of exception handling
 4404 * Updated from global requirements
 4405 * Add library oslo.concurrency in config-generator config file
 4406 * Updated from global requirements
 4407 * Explicit Unscoped
 4408 * add missing API in docstring of EndpointFilterExtension
 4409 * fix test\_ec2\_list\_credentials
 4410 * Assignment sql backend create\_grant refactoring
 4411 * Updated from global requirements
 4412 * Imported Translations from Transifex
 4413 * Remove TODO comment which has been addressed
 4414 * Refactor keystone-all and http/keystone
 4415 * Updated from global requirements
 4416 * Identify groups by name/domain in mapping rules
 4417 * do parameter check before updating endpoint\_group
 4418 * Move sql specific filter test code into test\_backend\_sql
 4419 * Fix incorrect filter test name
 4420 * Update the keystone sample config
 4421 * Minor fix in RestfulTestCase
 4422 * Scope federated token with 'token' identity method
 4423 * Correct comment about circular dependency
 4424 * Refactor assignment manager/driver methods
 4425 * Make unit tests call the new, split out, role manager
 4426 * Make controllers call the new, split out, role manager
 4427 * Correct doc string for grant driver methods
 4428 * Split roles into their own backend within assignments
 4429 * correct the help text of os\_inherit
 4430 * Update Inherited Role Assignment Extension section
 4431 * Limit lines length on configuration doc
 4432 * Fixes spacing in sentences on configuration doc
 4433 * Fixes several typos on configuration doc
 4434 * Trust redelegation
 4435 * add missing parent\_id parameter check in project schema
 4436 * Fix incorrect session usage in tests
 4437 * Fix migration 42 downgrade
 4438 * Updated from global requirements
 4439 * Additional test coverage for password changes
 4440 * Fix downgrade test for migration 61 on non-sqlite
 4441 * Fix transaction issue in migration 44 downgrade
 4442 * Correct failures for H238
 4443 * Move to hacking 0.10
 4444 * Updated from global requirements
 4445 * Remove unused fields in base TestCase
 4446 * Keystoneclient tests from venv-installed client
 4447 * Fix downgrade from migration 61 on non-sqlite
 4448 * explicit namespace prefixes for SAML2 assertion
 4449 * Remove requirements not needed by oslo-incubator modules anymore
 4450 * Remove unused testscenarios requirement
 4451 * Cleanup test-requirements for keystoneclient
 4452 * Fix tests using extension drivers
 4453 * Ensure manager grant methods throw exception if role\_id is invalid
 4454 * update sample conf using latest oslo.conf
 4455 * Remove unnecessary oslo incubator bits
 4456 * let endpoint\_filter sql backend return dict data
 4457 * Tests fail only on deprecation warnings from keystone
 4458 * switch from sample\_config.sh to oslo-config-generator
 4459 * Add positive test case for content types
 4460 * Update the keystone.conf sample
 4461 * remove invalid note
 4462 * invalidate cache when updating catalog objects
 4463 * Enable hacking rule H302
 4464 * fix wrong self link in the response of endpoint\_groups API
 4465 * Imported Translations from Transifex
 4466 * improve the EP-FILTER catalog length check in test\_v3.py
 4467 * Don't allow deprecations during testing
 4468 * Fix to not use deprecated Exception.message
 4469 * Integrate logging with the warnings module
 4470 * rename oslo.concurrency to oslo\_concurrency
 4471 * Fix to not use empty IN clause
 4472 * Be more precise with flake8 filename matches
 4473 * Use bashate to run\_tests.sh
 4474 * Move test\_utils to keystone/tests/unit/
 4475 * add circular check when updating region
 4476 * fix the wrong update logic of catalog kvs driver
 4477 * Removes a Py2.6 version of assertSetEqual
 4478 * Removes a Py2.6 version of inspect.getcallargs
 4479 * Removes a bit of WSGI code converts unicode to str
 4480 * Expanded mutable hacking checks
 4481 * Make the mutable default arg check very strict
 4482 * sync to oslo commit 1cf2c6
 4483 * Update federation docs to point to specs.o.org
 4484 * Memcache connection pool excess check
 4485 * Always return the service name in the catalog
 4486 * Update docs to no longer show XML support
 4487 
 4488 2015.1.0b1
 4489 ----------
 4490 
 4491 * Check and delete for policy\_association\_for\_region\_and\_service
 4492 * Remove unnecessary ldap import
 4493 * Rename \`removeEvent\` to be more pythonic
 4494 * Fix the way migration helpers check FK names
 4495 * Remove XML support
 4496 * Fix modifying a role with same name using LDAP
 4497 * Add a test for modifying a role to set the name the same
 4498 * Fix disabling entities when enabled is ignored
 4499 * Add tests for enabled attribute ignored
 4500 * Cleanup eventlet use in tests
 4501 * Fix update role without name using LDAP
 4502 * Add test for update role without name
 4503 * Inherited role assignments to projects
 4504 * Updated from global requirements
 4505 * Fix inherited user role test docstring
 4506 * Fixes links in Shibboleth configuration docs
 4507 * Updated from global requirements
 4508 * fix wrong indentation in contrib/federation/utils.py
 4509 * Adds openSUSE support for developer documentation
 4510 * User ids that begin with 0 cannot authenticate through ldap
 4511 * Typo in policy call
 4512 * Updated from global requirements
 4513 * Remove endpoint\_substitution\_whitelist config option
 4514 * Correct max\_project\_tree\_depth config help text
 4515 * Adds correct checks in LDAP backend tests
 4516 * Updated from global requirements
 4517 * Add an identity backend method to get group by name
 4518 * Create, update and delete hierarchical projects
 4519 * drop developer support for OS X
 4520 * Ignore H302 - bug 1398472
 4521 * Remove irrelative comment
 4522 * remove deprecated access log middleware
 4523 * Multiple IdPs problem
 4524 * Fixes docstring at eventlet\_server
 4525 * Fix the copy-pasted help info for db\_version
 4526 * Updated from global requirements
 4527 * TestAuthPlugin doesn't use test\_auth\_plugin.conf
 4528 * Add missing translation marker for dependency
 4529 * Use \_ definition from keystone.i18n
 4530 * Remove Python 2.6 classifier
 4531 * Correct token flush logging
 4532 * Speed up memcache lock
 4533 * Moves hacking tests to unit directory
 4534 * Fixes create\_saml\_assertion() return
 4535 * Add import i18n to federation/controllers.py
 4536 * Correct use of config fixture
 4537 * Extends hacking check for logging to verify i18n hints
 4538 * Adds missing log hints for level E/I/W
 4539 * make sample\_data.sh account for the default options in keystone.conf
 4540 * Adds dynamic checking for mapped tokens
 4541 * Updated from global requirements
 4542 * Enable cloud\_admin to list projects in all domains
 4543 * Remove string from URL in list\_revoke\_events()
 4544 * Configuring Keystone edits
 4545 * Update keystone readme to point to specs.o.org
 4546 * Imported Translations from Transifex
 4547 * Add WSGIPassAuthorization to OAuth docs
 4548 * Increase test coverage of test\_versions.py
 4549 * Move test\_pemutils.py to unit test directory
 4550 * Don't return \`\`user\_name\`\` in mapped.Mapped class
 4551 * Increase test coverage of test\_base64utils.py
 4552 * Move base64 unit tests to keystone/tests/unit dir
 4553 * Move injection unit tests to keystone/tests/unit
 4554 * Move notification unit tests to unit test dir
 4555 * Allow for REMOTE\_USER name in federation mapping
 4556 * Doc about specifying domains in domains specific backends
 4557 * Remove useless field passed into SQLAlchemy "distinct" statement
 4558 * Exclude domains with inherited roles from user domain list
 4559 * Improve testing of exclusion of inherited roles
 4560 * Fix project federation tokens for inherited roles
 4561 * Improve testing of project federation tokens for inherited roles
 4562 * Fix domain federation tokens for inherited roles
 4563 * Improve testing of domain federation tokens for inherited roles
 4564 * Fix misspelling at configuration.rst file
 4565 * Remove duplicate setup logic in federation tests
 4566 * Imported Translations from Transifex
 4567 * Enable hacking rule H904
 4568 * Move shib specific documentation
 4569 * Additional debug logs for federation flows
 4570 * Add openid connect support
 4571 * Imported Translations from Transifex
 4572 * Enable hacking rule H104 File contains nothing but comments
 4573 * Rename \_handle\_saml2\_tokens() method
 4574 * Updated from global requirements
 4575 * Update references to auth\_token middleware
 4576 * Use true() rather than variable/singleton
 4577 * Change ca to uppercase in keystone.conf
 4578 * default revoke driver should be the non-deprecated driver
 4579 * Prevent infinite loop in token\_flush
 4580 * Adds IPv6 url validation support
 4581 * Provide useful info when parsing policy file
 4582 * Doc about deleting a domain specific backend domain
 4583 * Updated from global requirements
 4584 * Remove token persistence proxy
 4585 * Correct use of noqa
 4586 * Use oslo.concurrency instead of sync'ed version
 4587 * revise error message for keystone.token.persistence pkg
 4588 * Change config option examples to v3
 4589 * Sync modules from oslo-incubator
 4590 * test\_utils use jsonutils from oslo.serialization
 4591 * Add fileutils module
 4592 * Move check\_output and git() to test utils
 4593 * Remove nonexistant param from docstring
 4594 * Fixes aggressive use of translation hints
 4595 * PKI and PKIZ tokens unnecessary whitespace removed
 4596 * Move unit tests from test\_backend\_ldap
 4597 * Use correct name of oslo debugger script
 4598 * Updated from global requirements
 4599 * Imported Translations from Transifex
 4600 * Change /POST to /ECP at federation config
 4601 * Base methods to handle hierarchical projects
 4602 * use expected\_length parameter to assert expected length
 4603 * fix the wrong order of assertEqual args in test\_v3
 4604 * sys.exit mock cleanup
 4605 * Tests raise exception if logging problem
 4606 * Correct the code path of implementation for the abstract method
 4607 * Use newer python-ldap paging control API
 4608 * Add xmlsec1 dependency comments
 4609 * Add parent\_id field to projects
 4610 * Add max-complexity to pep8 for Keystone
 4611 * Remove check\_password() in identity.backend.ldap
 4612 * Restrict certain APIs to cloud admin in domain-aware policy
 4613 * Remove unused ec2 driver option
 4614 * Extract Assignment tests from IdentityTestCase
 4615 * Clean up federated identity audit code
 4616 * obsolete deployment docs
 4617 * Remove database setup duplication
 4618 * Fixes endpoint\_filter tests
 4619 * Fixes a spelling error in hacking tests
 4620 * Fixes docstrings to be more accurate
 4621 * Update the feature/hierarchical-multitenancy branch
 4622 * Updated from global requirements
 4623 
 4624 2014.2
 4625 ------
 4626 
 4627 * updated translations
 4628 * Remove deprecated KVS trust backend
 4629 * Imported Translations from Transifex
 4630 * Ensure sql upgrade tests can run with non-sqlite databases
 4631 * Ensure sql upgrade tests can run with non-sqlite databases
 4632 * Validates controller methods exist when specified
 4633 * Fixes an error deleting an endpoint group project
 4634 * Add v3 openstackclient CLI examples
 4635 * Update the CLI examples to also use openstackclient
 4636 * Replace an instance of keystone/openstack/common/timeutils
 4637 * Use importutils from oslo.utils
 4638 * Use jsonutils from oslo.serialization
 4639 * Update 'Configuring Services' documentation
 4640 * Use openstackclient examples in configuration documentation
 4641 * Validates controller methods exist when specified
 4642 * Fixes an error deleting an endpoint group project
 4643 * Switch LdapIdentitySqlAssignment to use oslo.mockpatch
 4644 * Fix tests comparing tokens
 4645 * Remove deprecated TemplatedCatalog class
 4646 * Remove images directory from docs
 4647 * Remove OS-STATS monitoring
 4648 * Remove identity and assignment kvs backends
 4649 * Add an XML code directive to a shibboleth example
 4650 * revise docs on default \_member\_ role
 4651 * Convert unicode to UTF8 when calling ldap.str2dn()
 4652 * Fix tests comparing tokens
 4653 * Fix parsing of emulated enabled DN
 4654 * Handle default string values when using user\_enabled\_invert
 4655 * Handle default string values when using user\_enabled\_invert
 4656 * Convert unicode to UTF8 when calling ldap.str2dn()
 4657 * Fix parsing of emulated enabled DN
 4658 * Add test for getting a token with inherited role
 4659 * wrong logic in assertValidRoleAssignmentListResponse method
 4660 * Open Kilo development
 4661 
 4662 2014.2.rc1
 4663 ----------
 4664 
 4665 * Enhance FakeLdap to require base entry for subtree search
 4666 * Imported Translations from Transifex
 4667 * Uses session in migration to stop DB locking
 4668 * Address some late comments for memcache clients
 4669 * Set issuer value to CONF.saml.idp\_entity\_id
 4670 * Updated from global requirements
 4671 * Add placeholders for reserved migrations
 4672 * Mark k2k as experimental
 4673 * Add version attribute to the SAML2 Assertion object
 4674 * New section for CLI examples in docs
 4675 * Fix failure of delete domain group grant when identity is LDAP
 4676 * Clean up the Configuration documentation
 4677 * Adding an index on token.user\_id and token.trust\_id
 4678 * Update architecture documentation
 4679 * Fix a spelling mistake in keystone/common/utils.py
 4680 * Imported Translations from Transifex
 4681 * Prevent infinite recursion on persistence core on init
 4682 * Read idp\_metadata\_path value from CONF.saml
 4683 * Remove duplicated assertion
 4684 * Fix create and user-role-add in LDAP backend
 4685 * Fix minor spelling issues in comments
 4686 * Add a pool of memcached clients
 4687 * Update URLs for keystone federation configuration docs
 4688 * add --rebuild option for ssl/pki\_setup
 4689 * Mock doesn't have assert\_called\_once()
 4690 * Do not run git-cloned ksc master tests when local client specified
 4691 * Add info about pysaml2 into federation docs
 4692 * Imported Translations from Transifex
 4693 * Remove unused cache functions from token.core
 4694 * Updated from global requirements
 4695 * Safer check for enabled in trusts
 4696 * Set the default number of workers when running under eventlet
 4697 * Add the processutils from oslo-incubator
 4698 * Update 'Configure Federation' documentation
 4699 * Ensure identity sql driver supports domain-specific configuration
 4700 * Allow users to clean up role assignments
 4701 * Adds a whitelist for endpoint catalog substitution
 4702 * Revoke the tokens of group members when a group role is revoked
 4703 * Change pysaml2 comment in test-requrements.txt
 4704 * Document Keystone2Keystone federation
 4705 * Set LDAP certificate trust options for LDAPS and TLS
 4706 * Fail on empty userId/username before query
 4707 * Refactor FakeLdap to share delete code
 4708 * ldap/core deleteTree not always supported
 4709 * Reduce unit test log level for notifications
 4710 * Fix delete group cleans up role assignments with LDAP
 4711 * Refactor LDAP backend using context manager for connection
 4712 * Fix fakeldap search\_s documentation
 4713 * Add delete notification to endpoint grouping
 4714 * Fix using local ID to clean up user/group assignments
 4715 * Add characterization test for cleanup role assignments for group
 4716 * Fix LDAP group role assignment listing
 4717 * Correct typos in keystone/common/base64utils.py docstrings
 4718 * Add V3 JSON Home support to GET /
 4719 * Ensure a consistent transactional context is used
 4720 * Adds hint about filter placement to extension docs
 4721 * Adds pipeline hints to the example paste config
 4722 * Make the extension docs a top level entry in the landing page
 4723 * LDAP: refactor use of "1.1" OID
 4724 * Fix Policy backend driver documentation
 4725 * improve dependency injection doc strings
 4726 * Document mod\_wsgi doesn't support chunked encoding
 4727 * Making KvsInheritanceTests use backend KVS
 4728 * Keystone local authenticate has an unnecessary pending audit record
 4729 * Use id attribute map for read-only LDAP
 4730 * Stop skipping LDAP tests
 4731 * Update the revocation configuration docs
 4732 * Fixes formatting error in debug log statement
 4733 * Remove trailing space from string
 4734 * Update paste pipelines in configuration docs
 4735 * Update man pages
 4736 * Updates package comment to be more accurate
 4737 * Fixed typo 'in sane manner' to 'in a sane manner'
 4738 * Enable filtering of services by name
 4739 * correct typos
 4740 * Fixes code comment to be more accurate
 4741 * Prevent domains creation for the default LDAP+SQL
 4742 * Add testcase for coverage of 002\_add\_endpoint\_groups
 4743 * Fix oauth sqlite migration downgrade failure
 4744 * Sync jsonutils from oslo-incubator 32e7f0b5
 4745 * Imported Translations from Transifex
 4746 * Avoid conversion of binary LDAP values
 4747 * Remove unused variable TIME\_FORMAT
 4748 * Add characterization test for group role assignment listing
 4749 * Fix dn\_startswith
 4750 * Use oslo\_debug\_helper and remove our own version
 4751 * Fixes a mock cleanup issue caused by oslotest
 4752 * Add rst code-blocks to a bunch of missing examples
 4753 * Capitalize all instances of Keystone in the docs
 4754 
 4755 2014.2.b3
 4756 ---------
 4757 
 4758 * Update the docs that list sections in keystone.conf
 4759 * Fixed spelling mistakes in comments
 4760 * use one indentation style
 4761 * Fix admin server doesn't report v2 support in Apache httpd
 4762 * Add test for single app loaded version response
 4763 * Work toward Python 3.4 support and testing
 4764 * Update the federation configuration docs for saml2
 4765 * Add docs for enabling endpoint policy
 4766 * warn against sorting requirements
 4767 * Adds region back into the catalog endpoint
 4768 * Remove extra V3 version router
 4769 * Implementation of Endpoint Grouping
 4770 * Fix minor nits for token2saml generation
 4771 * Routes for Keystone-IdP metadata endpoint
 4772 * Generate IdP Metadata with keystone-manage
 4773 * IdP SAML Metadata generator
 4774 * Implement validation on Trust V3 API
 4775 * Create SAML generation route and controller
 4776 * trustor\_user\_id not available in v2 trust token
 4777 * Transform a Keystone token to a SAML assertion
 4778 * Remove TODO that was done
 4779 * Fix region schema comment
 4780 * Remove unused \_validate\_endpoint
 4781 * Fix follow up review issues with endpoint policy backend patch
 4782 * controller for the endpoint policy extension
 4783 * Mark the revoke kvs backend deprecated, for removal in Kilo
 4784 * Fix logging config twice
 4785 * Implement validation on the Catalog V3 API
 4786 * General logging cleanup in keystone.notifications
 4787 * Lower log level for notification registration
 4788 * backend for policy endpoint extension
 4789 * Implement validation on Credential V3
 4790 * Implement validation on Policy V3 API
 4791 * Fix token flush fails with recursion depth exception
 4792 * Spelling errors fixed in the comments
 4793 * Add index for actor\_id in assignments table
 4794 * Endpoint table is missing reference to region table
 4795 * add missing log hints for level C/E/I/W
 4796 * Add audit support to keystone federation
 4797 * Add string id type validation
 4798 * Implement validation on Assignment V3 API
 4799 * Adds tests that show how update with validation works
 4800 * Mark the trust kvs backend deprecated, for removal in Kilo
 4801 * Test cleanup: do not leak FDs during test runs
 4802 * Do not load auth plugins by class in tests
 4803 * JSON Home data is required
 4804 * Cleanup superfluous string comprehension and coersion
 4805 * Add commas for ease of maintenance
 4806 * Comments to docstrings for notification emit methods
 4807 * Notification cleanup: namespace actions
 4808 * Mark kvs backends as deprecated, for removal in Kilo
 4809 * Add bash code style to some portions of configuration.rst
 4810 * Update sample config
 4811 * Update tests to not use token\_api
 4812 * Make persistence manager in token\_provider\_api private
 4813 * Enhance GET /v3 to handle Accept header
 4814 * Enhance V3 extensions to provide JSON Home data
 4815 * Enhance V3 extension class to integrate JSON Home data
 4816 * Change OS-INHERIT extension to provide JSON Home data
 4817 * Change the sub-routers to provide JSON Home data
 4818 * Change V3 router classes to provide JSON Home data
 4819 * Create additional docs for role assignment events
 4820 * Add libxmlsec1 as external package dependency on OS X
 4821 * Add \_\_repr\_\_ to KeystoneToken model
 4822 * Add extra guarding to revoke\_by\_audit\_id methods
 4823 * Mark methods on token\_api deprecated
 4824 * Remove SAML2 plugin dependency on token\_api
 4825 * Remove oauth controller dependency on token\_api
 4826 * Remove assignment\_api dependency on token\_api
 4827 * Notification Constant Cleanup and internal notify type
 4828 * Remove wsgi and base controller dependency on token\_api
 4829 * Remove identity\_api dependency on token\_api
 4830 * Remove trust dependency on token\_api
 4831 * Update AuthContextMiddleware to not use token\_api
 4832 * Revoke by Audit Id / Audit Id Chain instead of expires
 4833 * assignment controller error path fix
 4834 * Make SQL the default backend for Identity & Assignment unit tests
 4835 * Add CADF notifications for role assignment create and delete
 4836 * Add notifications for policy, region, service and endpoint
 4837 * Enhance V3 version controller to provide JSON Home response
 4838 * Provide the V3 routers to the V3 extension controller
 4839 * Enhance V3 routers to store basic resource description
 4840 * Correct the signature for some catalog abstract method signatures
 4841 * Convert to urlsafe base64 audit ids
 4842 * Sync Py2 and Py3 requirements files
 4843 * Sync with oslo-incubator
 4844 * Add audit ids to tokens
 4845 * Fixing simple type in comment
 4846 * Create authentication specific routes
 4847 * Standardizing the Federation Process
 4848 * Enable filtering of credentials by user ID
 4849 * Expose context to create grant and delete grant
 4850 * Redirect stdout and stderr when using subprocess
 4851 * Back off initial migration to 34
 4852 * Back off initial migration to 35
 4853 * Use python convention for function names in test\_notifications
 4854 * Use mail for the default LDAP email attribute name
 4855 * Bump hacking to 0.9.x series
 4856 * Fixes an issue with the XMLEquals matcher
 4857 * Do not require method attribute on plugins
 4858 * Remove \_BaseFederationExtension
 4859 * Add a URL field to region table
 4860 * Remove unnecessary declaration of CONF
 4861 * Remove trailing space in tox.ini
 4862 * Rename bash8 requirement
 4863 * Updates the sample config
 4864 * remove unused import
 4865 * Clean whitespace off token
 4866 * Support the hints mechanism in list\_credentials()
 4867 * Keystone service throws error on receiving SIGHUP
 4868 * Remove strutils and timeutils from openstack-common.conf
 4869 * Use functions in oslo.utils
 4870 * Add an OS-FEDERATION section to scoped federation tokens
 4871 * Ensure roles created by unit tests have correct attributes
 4872 * Update control\_exchange value in keystone.conf
 4873 * swap import order of lxml
 4874 * add i18n to lxml error
 4875 * Check for empty string value in REMOTE\_USER
 4876 * Refactor names in catalog backends
 4877 * Update CADF auditing example to show non-payload information
 4878 * Remove ec2 contrib dependency on token\_api
 4879 * Expose token revocation list via token\_provider\_api
 4880 * Remove assignment controller dependency on token\_api
 4881 * Refactor serializer import to XmlBodyMiddleware
 4882 * Delete intersphinx mappings
 4883 * Fix documentation link
 4884 * Make token\_provider\_api contain token persistence
 4885 * Remove S3 middleware tests from tox.ini
 4886 * Remove unused function
 4887 * Add oslo.utils requirement
 4888 * Surround REMOTE\_USER variable name with quotes
 4889 * Remove \`with\_lockmode\` use from Trust SQL backend
 4890 * Allow LDAP lock attributes to be used as enable attributes
 4891 * Improve instructions about federation
 4892 * Do not override venvs
 4893 * Imported Translations from Transifex
 4894 * Remove debug CADF payload for every authN request
 4895 * Don't override tox envdir for pep8 and cover jobs
 4896 * Change V3 extensions to use resources
 4897 * Enhance V3 extension class to use resources
 4898 * V3 Extension class
 4899 * Change V3 router classes to use resources
 4900 * Enhance V3 router class for resources
 4901 * Class for V3 router packages
 4902 * Filter List Regions by 'parent\_region\_id'
 4903 * Refactor existing endpoint filter tests
 4904 * Trust unit tests should target additional threat scenarios
 4905 * Update the config file
 4906 * Fix revocation event handling with MySQL
 4907 * Set default token provider to UUID
 4908 * Add filters to the collections 'self' link
 4909 * Issue multiple SQL statements in separate engine.execute() calls
 4910 * Remove fixture from openstack-common.conf
 4911 * Use config fixture from oslo.config
 4912 * Fix revoking a scoped token from an unscoped token
 4913 * Updated from global requirements
 4914 * KeyError instead of exception.KeyError
 4915 * Catch correct oslo.db exception
 4916 * Update setup docs with Fedora 19+ dependencies
 4917 * Add a test for revoking a scoped token from an unscoped
 4918 * Fix revoking domain-scoped tokens
 4919 * Correct revocation event test for domain\_id
 4920 * Add pluggable range functions for token flush
 4921 * Configurable python-keystoneclient repo
 4922 * Fix invalid self link in get access token
 4923 * Add workaround to support tox 1.7.2
 4924 * Fixes a capitalization issue
 4925 * Do not consume trust uses when create token fails
 4926 * Refactor set domain-id and mapping code
 4927 * Remove duplicated asserts
 4928 * Fix for V2 token issued\_at time changing
 4929 * Add tests related to V2 token issued\_at time changing
 4930 * Sample config update
 4931 * Add the new Keystone TokenModel
 4932 * Add X-Auth-Token header in federation examples
 4933 * Check url is in the 'self' link in list responses
 4934 * Clean up EP-Filter after delete project/endpoint
 4935 * add internal delete notification for endpoint
 4936 * remove static files from docs
 4937 * Move token persistence classes to token.persistence module
 4938 * cache the catalog
 4939 * Disable a domain will revoke tokens under the same domain
 4940 * Sqlite files excluded from the repo
 4941 * Adding support for ldap connection pooling
 4942 * Details the proper way to call a callable
 4943 
 4944 2014.2.b2
 4945 ---------
 4946 
 4947 * Add the new oslo.i18n as a dependency for Python 3
 4948 * Fixes test\_exceptions.py for Python3
 4949 * Fixes test\_wsgi for Python3
 4950 * Adds several more test modules that pass on Py3
 4951 * Reduces the amount of mocked imports for Python 3
 4952 * Disables LDAP unit tests
 4953 * Updated from global requirements
 4954 * Initial implementation of validator
 4955 * Mark the 'check\_vX\_token' methods deprecated
 4956 * Extracting get group roles for project logic to drivers
 4957 * implement GET /v3/catalog
 4958 * Adds coverage report to py33 test runs
 4959 * Fixed tox cover environment to share venv
 4960 * Regenerate sample config file
 4961 * Check that region ID is not an empty string
 4962 * auth tests should not require admin token
 4963 * Example JSON files should be human-readable
 4964 * Consolidate \`assert\_XXX\_enabled\` type calls to managers
 4965 * Move keystone.token.default\_expire\_time to token.provider
 4966 * Move token\_api.unique\_id to token\_provider\_api
 4967 * Capitalize a few project names in configuring services doc
 4968 * Fixes a Python3 syntax error
 4969 * Introduce pragma no cover to asbtract classes
 4970 * Update middleware that was moved to keystonemiddleware
 4971 * Sync with oslo-incubator
 4972 * project disabled/deleted notification recommendations
 4973 * render json examples with syntax highlighting
 4974 * Use oslo.i18n
 4975 * Make sure unit tests set the correct log levels
 4976 * Clean up the endpoint filtering configuration docs
 4977 * Avoid loading a ref from SQL to delete the ref
 4978 * Add revocation extension to default pipeline
 4979 * multi-backend support for identity
 4980 * Update docs to reflect new db\_sync behaviour
 4981 * Migrate default extensions
 4982 * Add oslo.i18n as dependency
 4983 * Do not use lazy translation for keystone-manage
 4984 * Update the configuration docs for the revocation extension
 4985 * Remove deprecated token\_api.list\_tokens
 4986 * Imported Translations from Transifex
 4987 * Add keystonemiddleware to requirements
 4988 * Add \_BaseFederationExtension class
 4989 * Correct the region table to be InnoDB and UTF8
 4990 * HEAD responses should return same status as GET
 4991 * Updated from global requirements
 4992 * Sync with oslo-incubator e9bb0b59
 4993 * Add schema check for OS-FEDERATION mapping table
 4994 * Make OS-FEDERATION core.Driver methods abstract
 4995 * update example with a status code we actually use
 4996 * Correct docstring for assertResponseSuccessful
 4997 * Fix the section name in CONTRIBUTING.rst
 4998 * Fix OAuth1 to not JSON-encode create access token response
 4999 * Ending periods in exception messages deleted
 5000 * Ensure that in v2 auth tenant\_id matches trust
 5001 * Add identity mapping capability
 5002 * Do not use keystone's config for nova's port
 5003 * Fix docs and scripts for pki\_setup and ssl\_setup
 5004 * LDAP: Added documentation for debug\_level option
 5005 * Updated from global requirements
 5006 * Fixes the order of assertEqual arguments
 5007 * remove default=None for config options
 5008 * Fix test for get\_\*\_by\_name invalidation
 5009 * Do not support toggling key\_manglers in cache layer
 5010 * Implicitly ignore attributes that are mapped to None in LDAP
 5011 * Move bash8 to run under pep8 tox env
 5012 * Remove db, db.sqlalchemy from openstack-common.conf
 5013 * Remove backend\_entities from backend\_ldap.conf
 5014 * Consolidate provider calls to token\_api.create\_token
 5015 * Adds hacking check for debug logging translations
 5016 * Updates Python3 requirements to match Python2
 5017 * Adds oslo.db support for Python 3 tests
 5018 * Do not leak SQL queries in HTTP 409 (conflict)
 5019 * Imported Translations from Transifex
 5020 * Do not log 14+ INFO lines on a broken pipe error (eventlet)
 5021 * Regenerate sample config file
 5022 * deprecate LDAP config options for 'tenants'
 5023 * the user\_tenant\_membership table was replaced by "assignment"
 5024 * Corrects minor spelling mistakes
 5025 * Ignoring order of user list in TenantTestCase
 5026 * Make gen\_pki.sh & debug\_helper.sh bash8 compliant
 5027 * TestAuthInfo class in test\_v3\_auth made more efficient
 5028 * Update docs to reference #openstack-keystone
 5029 * Don't set sqlite\_db default
 5030 * Migrate ID generation for users/groups from controller to manager
 5031 * oslo.db implementation
 5032 * Test \`common.sql\` initialization
 5033 * Kerberos as method name
 5034 * test REMOTE\_USER  does not authenticate
 5035 * Document pkiz as provider in config
 5036 * Only emit disable notifications for project/domain on disable
 5037 * Fix the typo and reformat the comments for the added option
 5038 * Updated from global requirements
 5039 * fix flake8 issues
 5040 * Update sample keystone.conf file
 5041 * Fix 500 error if request body is not JSON object
 5042 * Default to PKIZ tokens
 5043 * Fix a few typos in the shibboleth doc
 5044 * pkiz String conversion
 5045 * Fixes catalog URL formatting to never return None
 5046 * Updates keystone.catalog.core.format\_url tests
 5047 * Ignore broken endpoints in get\_catalog
 5048 * Allow for multiple PKI Style Providers
 5049 * Add instructions for removing pyc files to docs
 5050 * Password trunction makes password insecure
 5051 * enable multiple keystone-all worker processes
 5052 * Add cloud auditing notification documentation
 5053 * Block delegation escalation of privilege
 5054 * Fixes typo error in Keystone
 5055 * Add missing docstrings and 1 unittest for LDAP utf-8 fixes
 5056 * Properly invalidate cache for get\_\*\_by\_name methods
 5057 * Make sure domains are enabled by default
 5058 * Convert explicit session get/begin to transaction context
 5059 
 5060 2014.2.b1
 5061 ---------
 5062 
 5063 * remove unnecessary word in docs: 'an'
 5064 * add docs on v2 & v3 support in the service catalog
 5065 * Add v3 curl examples
 5066 * Use code-block for curl examples
 5067 * Sync service module from oslo-incubator
 5068 * remove unneeded definitions of Python Source Code Encoding
 5069 * gitignore etc/keystone/
 5070 * Enforce \`\`saml2\`\` protocol in Apache config
 5071 * install gettext on OS X for msgfmt
 5072 * Use translation hints
 5073 * Add v2 & v3 API documentation
 5074 * Make sure all the auth plugins agree on the shared identity attributes
 5075 * update release support warning for domain-specific drivers
 5076 * Catalog driver generates v3 catalog from v2 catalog
 5077 * Compressed Token Provider
 5078 * document keystone-specs instead of LP blueprints in README
 5079 * fixed several pep8 issues
 5080 * Invalid command referenced in federation documentation
 5081 * Fix curl example refs in docs
 5082 * pep8: do not test locale files
 5083 * Consistenly use jsonutils instead of json
 5084 * Fix type error message in format\_url
 5085 * Updated from global requirements
 5086 * remove out of date docs for Fedora 15
 5087 * Make sure scoping to the project of a disabled domain result in 401
 5088 * document pki\_setup and ssl\_setup in keystone.conf.sample
 5089 * Fixed wrong behavior when updating tenant or user with LDAP backends
 5090 * Cleanup openstack-common.conf and sync from olso
 5091 * recommend excluding 35357 from ephemeral ports
 5092 * Fixes duplicated DELETE queries on SQL backends
 5093 * Refactor tests regarding required attributes
 5094 * Suggest users to remove REMOTE\_USER from shibd conf
 5095 * Refactor driver\_hints
 5096 * Imported Translations from Transifex
 5097 * Code which gets and deletes elements of tree was moved to one method
 5098 * indicate that sensitive messages can be disabled
 5099 * Check that the user is dumb moved to the common method
 5100 * Fix spelling mistakes in docs
 5101 * Replace magic value 'service/security' in CadfNotificationWrapper
 5102 * Replace assertTrue and assertFalse with more suitable asserts
 5103 * replaced unicode() with six.text\_type()
 5104 * Remove obsolete note from ldap
 5105 * install from source docs never actually install the keystone service
 5106 * LDAP fix for get\_roles\_for\_user\_and\_project user=group ID
 5107 * Cleanup of ldap assignment backend
 5108 * Remove all mostly untranslated PO files
 5109 * Mapping engine does not handle regex properly
 5110 * SQL fix for get\_roles\_for\_user\_and\_project user=group ID
 5111 * Unimplemented get roles by group for project list
 5112 * sql migration: ensure using innodb utf8 for assignment table
 5113 * Update mailmap entry for Brant
 5114 * Reduce log noise on expired tokens
 5115 * Add note for v3 API clients using auth plugin docs
 5116 * Refactor test\_auth trust related tests
 5117 * Add detailed federation configuration docs
 5118 * remove a few backslash line continuations
 5119 * Reduce excess LDAP searches
 5120 * Regenerate sample config
 5121 * Fix version links to docs.openstack.org
 5122 * Add mailmap entry
 5123 * Refactor create\_trust for readability
 5124 * Adds several more tests to the Python 3 test run
 5125 * Fixed the policy tests in Python 3
 5126 * Fixed the size limit tests in Python 3
 5127 * fixed typos found by RETF rules in RST files
 5128 * Remove the configure portion of extension docs
 5129 * Ensure token is a string
 5130 * Fixed some typos throughout the codebase
 5131 * Allow 'description' in V3 Regions to be optional
 5132 * More random values for oAuth1 verifier
 5133 * Add rally performance gate job for keystone
 5134 * Set proper DB\_INIT\_VERSION on db\_version command
 5135 * Escape values in LDAP search filters
 5136 * Migration DB\_INIT\_VERSION in common place
 5137 * Redundant unique constraint
 5138 * Correct \`nullable\` values in models and migrations
 5139 * Move hacking code to a separate fixture
 5140 * Some methods in ldap were moved to superclass
 5141 * Sync with oslo-incubator 28fba9c
 5142 * Use oslo.test mockpatch
 5143 * Check that all po/pot files are valid
 5144 * No longer allow listing users by email
 5145 * Refactor notifications
 5146 * Add localized response test
 5147 * Refactor service readiness notification
 5148 * Make test\_revoke expiry times distinct
 5149 * Removed duplication with list\_user\_ids\_for\_project
 5150 * Fix cache configuration checks
 5151 * setUp must be called on a fixture's parent first
 5152 * First real Python 3 tests
 5153 * Make the py33 Jenkins job happy
 5154 * Fix the "search for sql.py" files for db models
 5155 * Sync with oslo-incubator 74ae271
 5156 * no one uses macports
 5157 * Updated from global requirements
 5158 * Compatible server default value in the models
 5159 * Explicit foreign key indexes
 5160 * Added statement for ... if ... else
 5161 * Imported Translations from Transifex
 5162 * Ignore broken endpoints in get\_v3\_catalog
 5163 * Fix typo on cache backend module
 5164 * Fix sql\_upgrade tests run by themselves
 5165 * Discourage use of pki\_setup
 5166 * add dependencies of keystone dev-enviroment
 5167 * More efficient DN list for LDAP role delete
 5168 * Stronger assertion for test\_user\_extra\_attribute\_mapping
 5169 * Refactor test\_password\_hashed to the backend testers
 5170 * Remove LDAP password hashing code
 5171 * More notification unit tests
 5172 * Add missing import, remove trailing ":" in middleware example
 5173 * Fixes for in-code documentation
 5174 * Isolate backend loading
 5175 * Sync with oslo-incubator 2fd457b
 5176 * Adding one more check on project\_id
 5177 * Moves test database setup/teardown into a fixture
 5178 * Make the LDAP debug option a configurable setting
 5179 * Remove unnecessary dict copy
 5180 * More debug output for test
 5181 * Code which gets elements of tree in ldap moved to a common method
 5182 * Removed unused code
 5183 * Don't re-raise instance
 5184 * Fix catalog Driver signatures
 5185 * Include extra attributes in list results
 5186 * Allow any attributes in mapping
 5187 * Enhance tests for user extra attribute mapping
 5188 * Fix typo of ANS1 to ASN1
 5189 * Updated from global requirements
 5190 * Refactor: moved flatten function to utils
 5191 * Collapse SQL Migrations
 5192 * Treat LDAP attribute names as case-insensitive
 5193 * replace word 'by' with 'be'
 5194 * Configurable token hash algorithm
 5195 * Adds style checks to ease reviewer burden
 5196 * Adding more descriptive error message
 5197 * Fixed wrong behavior in method search\_s in BaseLdap class
 5198 * Fix response for missing attributes in trust
 5199 * Refactor: move federation functions to federation utils
 5200 * List all forbidden attributes in the request body
 5201 * Convert test\_backend\_ldap to config fixture
 5202 * Add tests for user ID with comma
 5203 * Fix invalid LDAP filter for user ID with comma
 5204 * Remove assignment proxy methods/controllers
 5205 * Remove legacy\_endpoint\_id and enabled from service catalog
 5206 * Replace all use of mox with mock
 5207 * Fix assertEqual arguments order(catalog, cert\_setup, etc)
 5208 * Remove common.V3Controller.check\_required\_params() method
 5209 * Fix parallel unit tests keystoneclient partial checkout
 5210 * Sync from oslo db.sqlalchemy.migration
 5211 * Removes unused db\_sync methods
 5212 * Removes useless wrapper from manager base class
 5213 * Cleanup of test\_cert\_setup tests
 5214 * Sanitizes authentication methods received in requests
 5215 * Fix create\_region\_with\_id raise 500 Error bug
 5216 * For ldap, API wrongly reports user is in group
 5217 * support conventional domain name with one or more dot
 5218 * Remove \_delete\_tokens function from federation controller
 5219 * Keystone doesn't use pam
 5220 * Fixed small capitalization issue
 5221 * Fix Jenkins translation jobs
 5222 * Removes some duplicate setup from a testcase
 5223 * Updated from global requirements
 5224 * Enable concurrent testing by default
 5225 * Cleanup ldap tests (mox and reset values)
 5226 * Check domain\_id with equality in assignment kvs
 5227 * Moves database setup/teardown closer to its usage
 5228 * Cleanup config.py
 5229 * Clean up config help text
 5230 * Imported Translations from Transifex
 5231 * test\_v3\_token\_id correctly hash token
 5232 * Safer noqa handling
 5233 * Remove noqa form import \_s
 5234 * Fix assertEqual arguments order(auth\_plugin, backend, backend\_sql, etc)
 5235 * Expand the use of non-ascii values in ldap test
 5236 * Properly handle unicode & utf-8 in LDAP
 5237 * Refactor LDAP API
 5238 * Use in-memory SQLite for sql migration tests
 5239 * Use in-memory SQLite for testing
 5240 * Remove extraenous instantiations of managers
 5241 * Make service catalog include service name
 5242 * Add placeholders for reserved migrations
 5243 
 5244 2014.1.rc1
 5245 ----------
 5246 
 5247 * Open Juno development
 5248 * Enable lazy translations in httpd/keystone.py
 5249 * Avoid using .values() on the indexed columns
 5250 * Imported Translations from Transifex
 5251 * revert deprecation of v2 API
 5252 * Remove unnecessary test setUps
 5253 * code hygiene; use six.text\_type, escape regexp's, use key function
 5254 * Use CMS to generate sample tokens
 5255 * Allows override of stdout/stderr/log capturing
 5256 * exclude disabled services from the catalog
 5257 * refactor AuthCatalog tests
 5258 * Rename keystone.tests.fixtures
 5259 * Change the default version discovery URLs
 5260 * Remove extra cache layer debugging
 5261 * Updated from global requirements
 5262 * Fix doc build errors with SQLAlchemy 0.9
 5263 * Sync oslo-incubator db.sqlalchemy b9e2499
 5264 * Create TMPDIR for tests recursively
 5265 * Always include 'enabled' field in service response
 5266 * test tcp\_keepidle only if it's available on the current platform
 5267 * Add dedicated URL for issuing unscoped federation tokens
 5268 * Cleanup revocation query
 5269 * Reduce environment logging
 5270 * Use assertIsNone when comparing against None
 5271 * Removes the use of mutables as default args
 5272 * Add a space after the hash for block comments
 5273 * Filter SAML2 assertion parameters with certain prefix
 5274 * Use assertIn in test\_v3\_catalog
 5275 * Add support for parallel testr workers in Keystone
 5276 * is\_revoked check all viable subtrees
 5277 * update sample conf
 5278 * explicitly import gettext function
 5279 * expires\_at should be in a tuple not turned into one
 5280 * Comparisons should account for instantaneous test execution
 5281 * Start using to oslotest
 5282 * Uses generator expressions instead of filter
 5283 * Remove unused db\_sync from extensions
 5284 * Ability to turn off ldap referral chasing
 5285 * Add user\_id when calling populate\_roles\_for\_groups
 5286 * Store groups ids objects list in the OS-FEDERATION object
 5287 * Make domain\_id immutable by default
 5288 * Do not expose internal data on UnexpectedError
 5289 * Use oslo db.sqlalchemy.session.EngineFacade.from\_config
 5290 * Uses explicit imports for \_
 5291 * Rename scope\_to\_bad\_project() to test\_scope\_to\_bad\_project()
 5292 * Make LIVE Tests configurable with ENV
 5293 * Filter out nonstring environment variables before rules mapping
 5294 * Provide option to make domain\_id immutable
 5295 * Replace httplib.HTTPSConnection in ec2\_token
 5296 * Move test .conf files to keystone/tests/config\_files
 5297 * Removal of test .conf files
 5298 * Don't automatically enable revocation events
 5299 * Ensure v3policysample correctly limits domain\_admin access
 5300 * Sync db, db.sqlalchemy from oslo-incubator 0a3436f
 5301 * Do not use keystone.conf.sample in tests
 5302 * Filter LDAP dumb member when listing role assignments
 5303 * Updated from global requirements
 5304 * Remove unnecessary oauth1.Manager constructions
 5305 * Enforce groups presence for federated authn
 5306 * Update sample config
 5307 * Very minor cleanup to default\_fixtures
 5308 * Cleanup keystoneclient tests
 5309 * Cleanup fixture data added to test instances
 5310 * Cleans up test data from limit tests
 5311 * Cleanup of instance attrs in core tests
 5312 * Cleanup backends after each test
 5313 * Fixup region description uniqueness
 5314 * Add slowest output to tox runs (testr)
 5315 * Add missing documentation for enabling oauth1 auth plugin
 5316 * Add missing documentation for enabling federation auth plugin
 5317 * Use class attribute to represent 'user' and 'group'
 5318 * Configurable temporary directory for tests
 5319 * Call an existing method in sync cache for revoke events
 5320 * Remove unnecessary calls to self.config()
 5321 * remove the unused variable in test\_sql\_upgrade
 5322 * remove hardcoded SQL queries in tests
 5323 * Fix db\_version failed with wrong arguments
 5324 * Use config fixture
 5325 * Fix docstrings in federation related modules
 5326 * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd
 5327 * V3 xml responses should use v3 namespace
 5328 * trust creation allowed with empty roles list
 5329 * Fix test\_provider\_token\_expiration\_validation transient failure
 5330 * Fix include only enabled endpoints in catalog
 5331 * Add unit tests for disabled endpoints in catalog
 5332 
 5333 2014.1.b3
 5334 ---------
 5335 
 5336 * Update ADMIN\_TOKEN description in docs
 5337 * Mark revoke as experimental
 5338 * Import order is fixed
 5339 * Remove unused function from tests
 5340 * Add OS-OAUTH1 to consumers links section
 5341 * Don't need session.flush in context managed by session
 5342 * Imported Translations from Transifex
 5343 * allow create credential with the system admin token
 5344 * Stop gating on up-to-date sample config file
 5345 * Always include 'enabled' field in endpoint response
 5346 * Add the last of the outstanding helpstrings to config
 5347 * Token Revocation Extension
 5348 * Remove vim headers
 5349 * Removes use of timeutils.set\_time\_override
 5350 * drop key distribution from icehouse
 5351 * Limited use trusts
 5352 * Update curl api example to specify tenant
 5353 * Update Oslo wiki link in README
 5354 * Properly configure OS-EP-FILTER test backend
 5355 * Add tests for endpoint enabled
 5356 * Remove the un-used and non-maintained PAM identity backend
 5357 * Remove paste\_deploy from test\_overrides.conf
 5358 * SQLAlchemy Change to support more strict dialect checking
 5359 * Remove "test-only" pam config options
 5360 * Imported Translations from Transifex
 5361 * Fix get project users when no user exists
 5362 * deprecate XML support in favor of JSON
 5363 * Lazy gettextutils behavior
 5364 * Fix the order of assertEqual arguments(keystoneclient, kvs, etc)
 5365 * Update Oslo wiki link in README
 5366 * Removes a redundant test
 5367 * Remove unused variable
 5368 * Implement V3 Specific Version of EC2 Contrib
 5369 * revocation\_list only call isotime on datetime objects
 5370 * Support authentication via SAML 2.0 assertions
 5371 * Fix table name typo in test\_sql\_upgrade
 5372 * Cleanup and add more config help strings
 5373 * Ensure v2 API only returns projects in the default domain
 5374 * Support for mongo as dogpile cache backend
 5375 * v3 endpoint create should require url
 5376 * Fix issue with DB upgrade to assignment table
 5377 * Remove duplicated cms file
 5378 * oauth1 extension migration fails with DB2
 5379 * Handle exception messages with six.text\_type
 5380 * Remove common.sql.migration
 5381 * Unimplemented error on V3 get token
 5382 * Updated from global requirements
 5383 * Replace assertEqual(None, \*) with assertIsNone in tests
 5384 * Fix keystone-manage db\_version
 5385 * Fix assertEqual arguments order(\_ldap\_tls\_livetest, backend\_kvs, etc)
 5386 * Fix assertEqual arguments order(backend\_ldap, cache, v3\_protection)
 5387 * Fix the order of assertEqual arguments(v3\_auth, v3\_identity)
 5388 * Move \_BaseController to common/controllers.py
 5389 * Remove oslo rpc
 5390 * Fix webob.exc.HTTPForbidden parameter miss
 5391 * Remove redundant default value None for dict.get
 5392 * Remove oslo notifier
 5393 * Uses the venv virtualenv for the pep8 command
 5394 * Sync db.exception from Oslo
 5395 * Update oslo-incubator log.py to a01f79c
 5396 * Update man pages
 5397 * Add tests for create grant when no group
 5398 * Add tests for create grant when no user
 5399 * Correct a docstring in keystone.common.config
 5400 * Enable pep8 test against auto-generated configuration
 5401 * Update config options with helpstrings and generate sample
 5402 * Keystone doc has wrong keystone-manage command
 5403 * Fix assertEqual arguments order
 5404 * strengthen assertion for unscoped tokens
 5405 * Remove sql.Base
 5406 * Always hash passwords on their way into the DB
 5407 * bad config user\_enable\_emulation in mask test
 5408 * Convert Token Memcache backend to new KeyValueStore Impl
 5409 * Implement mechanism to provide non-expiring keys in KVS
 5410 * Rationalize the Assignment Grant Tables
 5411 * Add version routes to KDS
 5412 * Keystone team uses #openstack-keystone now
 5413 * Adds model mixin for {to,from}\_dict functionality
 5414 * Adds Cloud Audit (CADF) Support for keystone authentication
 5415 * Use class attribute to represent 'project'
 5416 * Switch over to oslosphinx
 5417 * Replace notifier with oslo.messaging
 5418 * Clean StatsController unnecesary members
 5419 * Use global to represent OS-TRUST:trust
 5420 * Additional notifications for revocations
 5421 * add policy entries for /v3/regions
 5422 * Use Oslo.db migration
 5423 * \`find\_migrate\_repo\` improvement
 5424 * Variable 'domain\_ref' referenced before assignment
 5425 * Cleanup Dogpile KVS Memcache backend support
 5426 * Fix test\_provider\_token\_expiration\_validation transient failure
 5427 * Restructure KDS options to be more like Keystone's options
 5428 * Setup code for auto-config sample generation
 5429 * Correct \`find\_migrate\_repo\` usage
 5430 * Make live LDAP user DN match the default from devstack
 5431 * Set sensible default for keystone's paste
 5432 * Treat sphinx warnings as errors
 5433 * Use WebOb directly in ec2\_token middleware
 5434 * Add lockfile and kombu as requirements for keystone
 5435 * Move filter\_limit\_query out of sql.Base
 5436 * List trusts, incorrect self link
 5437 * LDAP: document enabled\_emulation
 5438 * Remove s3\_token functional tests
 5439 * Provide clearer error when deleting enabled domain
 5440 * Remove copyright from empty files
 5441 * Syncing policy engine from oslo-incubator
 5442 * Rename Openstack to OpenStack
 5443 * Refactor get role for trust
 5444 * KDS fix documented exception
 5445 * Cleanup oauth tests
 5446 * Correctly normalize consumer fields on update
 5447 * Add tests for oauth consumer normalize fields
 5448 * Adds a fixture for setting up the cache
 5449 * Clean up database fixtures
 5450 * Fixes bug in exception message generation
 5451 * reverse my preferred mailmap
 5452 * Notifications upon disable
 5453 * Move identity logic from controller to manager
 5454 * Changing testcase name to match our terminology
 5455 * Allow specifying region ID when creating region
 5456 * explicitly expect hints in the @truncated signature
 5457 * list limit doc cleanup
 5458 * Correct error class in find\_migrate\_repo
 5459 * Remove unnecessary check to see if trustee exists
 5460 * Enforce current certificate retrieval behaviour
 5461 * Use WebOb directly for locale testing
 5462 * Cleanup KDS doc build errors
 5463 * Adds rule processing for mapping
 5464 * Add in functionality to set key\_mangler on dogpile backends
 5465 * Fix indentation issue
 5466 * Cleanup invalid token exception text
 5467 * Limit calls to memcache backend as user token index increases in size
 5468 * Style the code examples in docs as python
 5469 * Fixes a misspelling
 5470 * Doc - Keystone configuration - moving RBAC section
 5471 * Doc - Detailing  objects' attributes available for policy.json
 5472 * Do not use auth\_info objects for accessing the API
 5473 * Remove unused method \_get\_domain\_id\_from\_auth
 5474 * Remove unused method \_get\_domain\_conf
 5475 * Remove unused method \_store\_protocol
 5476 * Remove tox locale overrides
 5477 * Remove unused methods from AuthInfo
 5478 * Remove unused method \_create\_metadata
 5479 * Add test for list project users when no user
 5480 * Fix assignment KVS backend to not use identity
 5481 * Update kvs assignment backend docs
 5482 * Don't skip tests for some bugs
 5483 * Update oslo-incubator fixture to 81c478
 5484 * Remove vim header
 5485 * revise example extension directory structure
 5486 * Deprecate s3\_token middleware
 5487 * Update requirements to 661e6
 5488 * Implement list limiting support in driver backends
 5489 * Fix misspellings in keystone
 5490 * Removes use of fake\_notify and fixes notify test
 5491 * Remove host from per notification options
 5492 * Document priority level on Keystone notifications
 5493 * Remove default\_notification\_level from conf
 5494 * Mock sys.exit in testing
 5495 * Remove auth\_token middleware doc
 5496 * Move v3\_to\_v2\_user from manager to controller
 5497 * Update db.sqlalchemy.session from oslo-incubator 018138
 5498 * Adds tcp\_keepalive and tcp\_keepidle config options
 5499 * Ensure mapping rule has only local and remote properties
 5500 * clean up keystone-manage man page
 5501 * Refactor tests move assertValidErrorResponse
 5502 * fix grammar error in keystone-manage.rst
 5503 * Add rules to be a required field for mapping schema
 5504 * Cleanup docstrings
 5505 * Do not call deprecated functions
 5506 * Removes useless string
 5507 * Removes duplicate key from test fixtures
 5508 * Fixes a Python3 syntax error using raise
 5509 * Uses six.text\_type instead of unicode
 5510 * Uses six.iteritems for Python3 compat
 5511 * Add tests to ensure additional remote properties are not validated
 5512 * Removes xrange for Python3 compat
 5513 * Cleanup sample config
 5514 * Change 'oauth\_extension' to 'oauth1\_extension'
 5515 * Modified keystone endpoint-create default region
 5516 * Load the federation manager
 5517 * Fix indentation errors found by Pep8 1.4.6+
 5518 * Mark strings for translation in ldap backends
 5519 * Remove unused variable assignment
 5520 * Sync oslo's policy module
 5521 * Replace urllib/urlparse with six.moves.\*
 5522 * Change Continuous Integration Project link
 5523 * Remove legacy diablo and essex test cruft
 5524 * Refactor Auth plugin configuration options
 5525 * Use self.opt\_in\_group overrides
 5526 * Federation IdentityProvider filter fields on update response
 5527 * Remove unnecessary test methods
 5528 * Refactor federation controller class hierarchy
 5529 * Refactor mutable parameter handling
 5530 * Avoid use of str() with exceptions
 5531 * Use message when creating Unauthorized exception
 5532 * Make error strings translatable
 5533 * Enhancing tests to check project deletion in Active Directory
 5534 * Add required properties field to rules schema
 5535 * Fix assignment to not require user or group existence
 5536 * deprecate access log middleware
 5537 * remove access log middleware from the default paste pipeline
 5538 * deprecate v2.0 API in multiple choice response
 5539 * cleaned up extension development docs
 5540 * Add a docstring and rename mapping tests
 5541 * Remove versionId, versionInfo, versionList from examples
 5542 * Tests initialize database
 5543 * Don't set default for a nullable column
 5544 * Remove autoincrement from String column
 5545 * Fix docstrings in federation controller
 5546 * Change assertTrue(isinstance()) by optimal assert
 5547 * sync oslo-incubator log.py
 5548 * turn off eventlet.wsgi debug
 5549 * Make boolean query filter "False" argument work
 5550 * Fix list\_projects\_for\_endpoint failed bug
 5551 * Introduce database functionality into KDS
 5552 * Update the default\_log\_levels defaults
 5553 * Correct sample config default log levels
 5554 * deprecate stats middleware
 5555 * Use passed filter dict param in core sql filtering
 5556 * Fix federation documentation reference
 5557 * build auth context from middleware
 5558 * correct the document links in man documents
 5559 * Use six.text\_type to replace unicode
 5560 * Don't mask the filter built-in
 5561 * Move sql.Base.transaction
 5562 * Remove sql.Base.get\_session
 5563 * renamed extensions development doc
 5564 * Implement filter support in driver backends
 5565 * append extension name to trust notifications
 5566 * Allow event callback registration for arbitrary resource types
 5567 * Fix test\_auth isolation
 5568 * Policy sample - Identity v3 resources management
 5569 * Tests use setUp rather than init
 5570 * Improve forbidden checks
 5571 * Tests remove useless config list cleanup code
 5572 * use assertEqual instead of assertIs for string comparison
 5573 * Don't configure on import
 5574 * Fix reading cache-time before configured
 5575 * Cleanup eventlet setup
 5576 * Remove unused variables from common.config
 5577 * Reference dogpile.cache.memcached backend properly
 5578 * Unify StringIO usage with six.StringIO
 5579 * Fix typos in documents and comments
 5580 * Sync oslo strutils.py
 5581 * Use six.string\_types instead of basestring
 5582 
 5583 2014.1.b2
 5584 ---------
 5585 
 5586 * Use six to make dict work in Python 2 and Python 3
 5587 * initialize environment for tests that call popen
 5588 * Don't duplicate the existing config file list
 5589 * Implement notifications for trusts
 5590 * Remove kwargs from trust\_api.create\_trust
 5591 * Fixup incorrect comment
 5592 * Simple Certificate Extension
 5593 * Add mapping function to keystone
 5594 * Switch from 400 to 403 on ImmutableAttributeError
 5595 * Identity Providers CRUD operations
 5596 * Move KDS paths file
 5597 * Update comments in test\_v3\_protection.py
 5598 * description is wrong in endpoint filter rst doc
 5599 * Drop unsused "extras" dependency
 5600 * LDAP Assignment does not support grant v3 API
 5601 * Adds run\_tests.sh cli option to stop on failure
 5602 * Removes option to delete test DB from run\_tests.sh
 5603 * Removes deprecation warning from run\_tests.sh
 5604 * v3 credentials, ensure blob response is json
 5605 * Store ec2 credentials blob as json
 5606 * remove unused LOG
 5607 * Store trust\_id for v3/credentials ec2 keypairs
 5608 * Refactor context trust\_id check to wsgi.Application base class
 5609 * Implementation of internal notification callbacks within Keystone
 5610 * Replacing python-oauth2 by oauthlib
 5611 * Fix using non-default default\_domain\_id
 5612 * Enhance auth tests for non-default default\_domain\_id
 5613 * KVS support domain as namespace for users
 5614 * Remove unused member from KVS assignment
 5615 * Enhance tests for non-default default\_domain\_id
 5616 * rename templated.TemplatedCatalog to templated.Catalog
 5617 * Sync with global requirements
 5618 * Implements regions resource in 3.2 Catalog API
 5619 * Reduces memory utilization during test runs
 5620 * reduce default token duration to one hour
 5621 * Document running with pdb
 5622 * Restructure developing.rst
 5623 * Enable lazy translation
 5624 * Sync gettextutils from oslo-incubator 997ab277
 5625 * derive custom exceptions directly from Exception
 5626 * Do not append to messages with +
 5627 * Convert Token KVS backend to new KeyValueStore Impl
 5628 * Fix sample config external default doc
 5629 * Documentation cleanup
 5630 * Make common log import consistent
 5631 * Remove unused variables
 5632 * Safe command handling for openssl
 5633 * Fix external auth (REMOTE\_USER) plugin support
 5634 * Cleanup test\_no\_admin\_token\_auth cleanup code
 5635 * Subclasses of TestCase don't need to reset conf
 5636 * Cleanup test\_associate\_project\_endpoint\_extension
 5637 * Tests use cleanUp rather than tearDown
 5638 * Remove netifaces requirement
 5639 * Clean up fakeldap logging
 5640 * Resolve oauth dependency after paste pipeline is loaded
 5641 * Change ListOpt default value from str or None to list
 5642 * Sync oslo-incubator rpc	module
 5643 * Cleanup from business logic refactor
 5644 * Introduce basic Pecan/WSME framework for KDS
 5645 * Don't need session.flush in context managed by session
 5646 * races cause 404 when removing user from project
 5647 * initialize eventlet for tests
 5648 * Flush tokens in batches with DB2
 5649 * Remove unnecessary line in test\_auth
 5650 * Clean up docstrings in contrib.oauth1.core
 5651 * Remove unused test function
 5652 * Remove 'disable user' logic from \_delete\_domain\_contents
 5653 * Break dependency of base V3Controller on V2Controller
 5654 * Move deletion business logic out of controllers
 5655 * Do not update password when updating grants in Assignment KVS
 5656 * Cleanup of new credential\_api delete methods
 5657 * Enhance list\_group\_users in GroupApi
 5658 * Remove noop code
 5659 * Remove unused imports
 5660 * Fix typo in test
 5661 * Fix IPv6 check
 5662 * Remove unused code in contrib/ec2/controllers.py
 5663 * Fix use the fact that empty sequences are false
 5664 * Imported Translations from Transifex
 5665 * Synchronized with oslo db and db.sqlalchemy
 5666 * Fix variable passed to driver module
 5667 * Updated Keystone development install instructions for Ubuntu
 5668 * Stops file descriptor leaking in tests
 5669 * Re-write comment for ADMIN\_TOKEN
 5670 * Reduced parameters not used in \_populate\_user()
 5671 * Sync several modules from oslo-incubator
 5672 * Use oslo.db sessions
 5673 * Switch to oslo-incubator mask\_password
 5674 * Replace xrange in for loop with range
 5675 * Move Assignment Controllers and Routers to be First Class
 5676 * Remove Identity and Assignment controller interdependancies
 5677 * Policy based domain isolation can't be defined
 5678 * Moves keystoneclient master tests in a new class
 5679 * Makes the test git checkout info more declaritive
 5680 * trustee unable to perform role based operations on trust
 5681 * Cleanup backend loading
 5682 * Uses oslo's deprecated decorator; removes ours
 5683 * Move endpoint\_filter extension documentation
 5684 * Refactor setup\_logging
 5685 * Fixes documentation building
 5686 * Create user returns 400 without a password
 5687 * Fixes the v2 GET /extensions curl example in the documentation
 5688 * Add assertSetEqual to base test class
 5689 * Base Implementation of KVS Dogpile Refactor
 5690 * Sync db.sqlalchemy from oslo-incubator
 5691 * Fix errors for create\_endpoint api in version2
 5692 * Fix issues handling trust tokens via ec2tokens API
 5693 * Fix typo in identity:list\_role\_assignments policy
 5694 * Debug env for tox
 5695 * Updated from global requirements
 5696 * Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2
 5697 * Add ABCMeta metaclass to token provider
 5698 * token provider cleanup
 5699 * Sync versionutils from oslo
 5700 * Cleanup duplication in test\_backend
 5701 * replace "global" roles var names with "all" roles
 5702 * Remove unused token.valid index
 5703 * Narrow columns used in list\_revoked\_tokens sql
 5704 * Remove roles from OS-TRUST list responses
 5705 * Remove deprecated code
 5706 * Sync rpc fix from oslo-incubator
 5707 * Don't run non-tests
 5708 * Formalize deprecation of token\_api.list\_tokens
 5709 * Add index to cover revoked token list
 5710 
 5711 2014.1.b1
 5712 ---------
 5713 
 5714 * Refactor assertEqualXML into a testtools matcher
 5715 * Adds support for username to match the v2 spec
 5716 * One transaction per call to sql assignment backend
 5717 * Allow caching to be disabled and tests still pass
 5718 * Sync From OSLO
 5719 * Updated from global requirements
 5720 * Revert "Return a descriptive error message for controllers"
 5721 * Adds a resource for changing a user's password
 5722 * Deprecates V2 controllers
 5723 * Updates .gitignore
 5724 * Ensure the sample policy file won't diverge
 5725 * Add pycrypto as a test-requirement
 5726 * Imported Translations from Transifex
 5727 * Fix typo in keystone
 5728 * Added documentation to keystone.common.dependency
 5729 * Make HACKING.rst DRYer
 5730 * Allow downgrade for extensions
 5731 * Try decoding string to UTF-8 on error message fail
 5732 * Import strutils from oslo
 5733 * Capture debug logging in tests
 5734 * Easy testing with alternate keystoneclient
 5735 * Sync log\_handler module from Oslo
 5736 * refactor test\_catalog
 5737 * PasteConfigNotFound also raised when keystone.conf not found
 5738 * Style improvements to logging format strings
 5739 * Sync the DB2 communication error code change from olso
 5740 * Skip test\_arbitrary\_attributes\_\* in \_ldap\_livetest
 5741 * Add documentation for Read Only LDAP configuration option
 5742 * Remove deprecated auth\_token middleware
 5743 * Role NoneType object has no attribute setdefault
 5744 * Utilites for manipulating base64 & PEM
 5745 * Add memcache options to sample config
 5746 * UUID vs PKI docs
 5747 * RST fix for os\_inherit example
 5748 * Rewrites the serveapp method into a fixture
 5749 * Allow use of rules Policy driver
 5750 * Return a descriptive error message for controllers
 5751 * Proxy Assignment from Identity Deprecated
 5752 * Remove obsolete redhat-eventlet.patch
 5753 * AuthInfo use dependency injection
 5754 * Issue unscoped token if user's default project is invalid
 5755 * Detangle v3 RestfulTestCase setup
 5756 * Do not name variables as builtins
 5757 * Updated from global requirements
 5758 * Removes unused paste appserver instances from tests
 5759 * Add WSGI environment to context
 5760 * trusts raise validation error if expires\_at is invalid
 5761 * Fix newly discovered H302
 5762 * test attribute update edge cases
 5763 * Return an error when a non-existing tenant is added to a user
 5764 * use different bind addresses for admin and public
 5765 * Sync log module from oslo
 5766 * Change deprecated CLI arguments
 5767 * UserAuthInfo use dependency injection
 5768 * fix unparseable JSON
 5769 * Duplicate delete the user\_project\_metadata
 5770 * Skip test\_create\_update\_delete\_unicode\_project in \_ldap\_livetest
 5771 * don't rebind stdlib's os.chdir function
 5772 * Dependency cleanup
 5773 * Moves common RestfulTestCase to it's own module
 5774 * proxy removed from identity and changed to assignment
 5775 * Uses fixtures for mox and stubs
 5776 * Adds fixture package from oslo
 5777 * Fix KVS create\_grant to not raise NotFound if no user/group
 5778 * Enhance tests for assignment create\_grant when no user or group
 5779 * Clean up duplicate exceptions in docs for assignment.Driver
 5780 * Remove obsolete driver test module
 5781 * Change sample policy files to use policy language
 5782 * Documentation on how-to develop Keystone Extensions
 5783 * Allow delete user or group at same time as role
 5784 * Enhance tests for delete\_grant no user/group
 5785 * Fix issue deleting ec2-credentials as non-admin user
 5786 * Remove duplicated code on test\_v3\_auth
 5787 * Removes NoModule from the base testcase
 5788 * Fixes tox coverage command
 5789 * Update mailmap for Joe Gordon
 5790 * Add WWW-Authenticate header in 401 responses
 5791 * Use abstract base class for endpoint\_filter driver
 5792 * Use abstract base class for oauth driver
 5793 * Use abstract base class for policy driver
 5794 * Use abstract base class for token driver
 5795 * Document tox instead of run\_tests.sh
 5796 * Update my mailmap
 5797 * remove 8888 port in sample\_data.sh
 5798 * Adds decorator to deprecate functions and methods
 5799 * Move fakeldap to tests
 5800 * Fix remove role assignment adds role using LDAP assignment
 5801 * Enhance tests for deleting a role not assigned
 5802 * Implementation of opt-out from catalog data during token validation
 5803 * Add external.Base class to external plugins
 5804 * Add notifications for groups and roles
 5805 * add IRC channel & wiki link to README
 5806 * Add python-six to requirements
 5807 * Fix v2 token user ref with trust impersonation=True
 5808 * Changes to testr as the test runner
 5809 * Fixes error messaging
 5810 * Handle unicode at the caching layer more elegantly
 5811 * set user\_update policy to admin\_required
 5812 * Remove unused DEFAULT\_DOMAIN variable
 5813 * Remove unused config option auth\_admin\_prefix
 5814 * Remove unused member
 5815 * Adds tests for user extra attribute behavior
 5816 * Adds identity v2 tests to show extra behavior
 5817 * Treats OS-KSADM:password as password in v2 APIs
 5818 * Adds more uniformity to identity update\_user calls
 5819 * Don't use default value in LimitingReader
 5820 * Use abstract base class for auth handler
 5821 * Use abstract base class for catalog driver
 5822 * Use abstract base class for credential driver
 5823 * Use abstract base class for assignment driver
 5824 * Use abstract base class for trust driver
 5825 * Use abstract base class for identity driver
 5826 * remove the nova dependency in the ec2\_token middleware
 5827 * Catch the socket exception and log it
 5828 * Fixes broken doc references
 5829 * Sync db.sqlalchemy
 5830 * Handle DB2 disconnect
 5831 * Fix mysql checkout handler AttributeError
 5832 * Disable lazy gettext
 5833 
 5834 2013.2.rc1
 5835 ----------
 5836 
 5837 * Open Icehouse development
 5838 * Imported Translations from Transifex
 5839 * Sync with global requirements
 5840 * Add tests dir to the coverage omit list
 5841 * Update tox config
 5842 * Close the cursor for SQLite for 034 upgrade/downgrade on select
 5843 * Imports oslo policy to fix test issues
 5844 * Fixes errors logging in as a user with no password
 5845 * Fix live LDAP tests
 5846 * Eliminate type error on search\_s
 5847 * Fix error when create user with LDAP backend
 5848 * assertEquals is deprecated, use assertEqual (H602)
 5849 * Validate token calls return 404 on invalid tokens
 5850 * Protect oauth controller calls and update policy.json
 5851 * Fix updating attributes with ldap backend
 5852 * sync oslo policy
 5853 * Changes v1.1 to v2 for Compute endpoint in sample\_data.sh
 5854 * Update man pages
 5855 * Update man page version
 5856 * Sync gettextutils from oslo
 5857 * only run flake8 once (bug 1223023)
 5858 * upgrade to oslo.config 1.2 final
 5859 * Add user to project if project ID is changed
 5860 * Ensure any relevant tokens are revoked when a role is deleted
 5861 * Check token\_format for default token providers only
 5862 * Modify oauth1 tests to use generated keystone token in a call
 5863 * Test for backend case sensitivity
 5864 * Remove ldap identity domain attribute options
 5865 * Cleanup of tenantId, tenant\_id, and default\_project\_id
 5866 * Add extra test coverage for unscoped token invalidation
 5867 * Monkey patch select in environment
 5868 * Rewrite README.rst
 5869 * Enclose command args in with\_venv.sh
 5870 * check for domain existence before doing any ID work
 5871 * Ensure v2 tokens are correctly invalidated when using BelongsTo
 5872 * Sync gettextutils from oslo
 5873 * Use localisation for logged warnings
 5874 * Fix misused assertTrue in unit tests
 5875 * oauth using optional dependencies
 5876 * Rationalize list\_user\_projects and get\_projects\_for\_user
 5877 * Optional dependency injection
 5878 * Include new notification options in sample config
 5879 * fix rst syntax in database schema migrations docs
 5880 * Ignore H803 from Hacking
 5881 * Test upgrade migration 16->17
 5882 * test token revocation list API (bug 1202952)
 5883 * Imported Translations from Transifex
 5884 * gate on H304: no relative imports
 5885 * Move gettextutils installation in tests to core
 5886 * Cleanup tests imports so not relative
 5887 * Tests use "from keystone import tests"
 5888 * Reduce churn of cache on revocation\_list
 5889 * domain-specific drivers experimental in havana
 5890 * Fixes for user response with LDAP user\_enabled\_mask
 5891 * Close each LDAP connection after it is used, following python-ldap docs
 5892 * Remove CA key password from cert setup
 5893 * Import core.\* in keystone.tests
 5894 * Fix incorrect test for list\_users
 5895 * Changed header from LLC to Foundation based on trademark policies
 5896 * Changes template header for translation catalogs
 5897 * Support timezone in memcached token backend
 5898 
 5899 2013.2.b3
 5900 ---------
 5901 
 5902 * Imported Translations from Transifex
 5903 * Move CA key from certs directory to private directory
 5904 * OAuth authorizing user should propose roles to delegate
 5905 * Need to use \_() to handle i18n string messages
 5906 * Fix the code miss to show the correct error messages
 5907 * Move \_generate\_paste\_config to tests.core
 5908 * add 'project' notifications to docs
 5909 * Implement basic caching around assignment CRUD
 5910 * Update keystone wsgi httpd script for oslo logging
 5911 * Utilities to create directores, set ownership & permissions
 5912 * Modify default file/directory permissions
 5913 * Add a oauth1-configuration.rst and extension section to docs
 5914 * Update keystone-all man page
 5915 * Cleanup cache layer tests
 5916 * Implement caching for Tokens and Token Validation
 5917 * Document usage notifications
 5918 * Imported Translations from Transifex
 5919 * Remove kvs backend from oauth1 extension
 5920 * Use joins instead of multiple lookups in groups sql
 5921 * Add project CRUD to assignment\_api Manager
 5922 * Add Memory Isolating Cache Proxy
 5923 * Enable SQL tests for oauth
 5924 * Implement decorator-based notifications for users
 5925 * Use common db model class from Oslo
 5926 * Add common code from Oslo for work with database
 5927 * Use testtools as base test class
 5928 * Bump hacking to 0.7
 5929 * Removes KVS references from the documentation
 5930 * Add notifications module
 5931 * Drop support for diablo to essex migrations
 5932 * Add 'cn' to attribute\_list for enabled\_users/tenants query
 5933 * Implement API protection on target entities
 5934 * Refactor Token Provider to be aware of expired tokens
 5935 * Implement Caching for Token Revocation List
 5936 * Keystone Caching Layer for Manager Calls
 5937 * Create associations between projects and endpoints
 5938 * Fixes a link in the documentation
 5939 * Use correct filename for index & serial file when setting permissions
 5940 * remove flake8 option from run\_tests.sh
 5941 * Fix role lookup for Active Directory
 5942 * Clean up keystone-manage man page
 5943 * change oauth.consumer description into nullable
 5944 * Use system locale when Accept-Language header is not provided
 5945 * Fix translate static messages in response
 5946 * Migrating ec2 credentials to credential
 5947 * Fix error where consumer is not deleted from sql
 5948 * add foreign key constraint on oauth tables
 5949 * Remove a useless arg in range()
 5950 * Remove enumerate calls
 5951 * filter in ldap list\_groups\_for\_user
 5952 * Delete file TODO
 5953 * use provider to validate tokens
 5954 * Fix isEnabledFor for compatibility with logging
 5955 * Ensure username passed by REMOTE\_USER can contain '@'
 5956 * fix the default values for token and password auth
 5957 * Remove an enumerate call
 5958 * Add defense in ldap:get\_roles\_for\_user\_and\_project
 5959 * remove unused function
 5960 * Remove Keystone specific logging module
 5961 * remove refs to keystone.common.logging
 5962 * Remove User Check from Assignments
 5963 * Refactor Token Providers for better version interfaces
 5964 * Remove kwargs from manager calls / general cleanup
 5965 * Store hash of access as primary key for ec2 type
 5966 * Add delegated\_auth support for keystone
 5967 * Fix LDAP Identity get user with user\_enabled\_mask
 5968 * Fix LDAP Identity with non-zero user\_enabled\_default
 5969 * More validation in test\_user\_enable\_attribute\_mask
 5970 * Add test test\_deleting\_project\_delete\_grants
 5971 * Cleaned up a few old crufties from README
 5972 * Clean hacking errors in advance of hacking update
 5973 * Add unit test to check non-string password support
 5974 * Assignment to reserved built-in symbol: filter
 5975 * Implement domain specific Identity backends
 5976 * Increase length of username in DB
 5977 * Cleaned up pluggable auth docs
 5978 * Fix test\_user\_enable\_attribute\_mask so it actually tests
 5979 * Do not skip test\_user\_enable\_attribute\_mask in \_ldap\_livetest
 5980 * Skip test\_create\_unicode\_user\_name in \_ldap\_livetest
 5981 * Refactor Keystone to use unified logging from Oslo
 5982 * Revoke user tokens when disabling/delete a project
 5983 * Move affirm\_unique() in create() to BaseLdap
 5984 * Move some logic from update() to BaseLdap
 5985 * Add support for API message localization
 5986 * Remove unused import
 5987 * Assignment to reserved built-in symbol: dir
 5988 * Move 'tests' directory into 'keystone' package
 5989 * Initial implementation of unified-logging
 5990 * Sync notifier module from Oslo
 5991 * Move Babel dependency from test-req to req
 5992 * Ignore flake issues in build/ directory
 5993 * update usage in run\_test.sh for flake8
 5994 * Drop extra credential indexes
 5995 * Sync models with migrations
 5996 * Add memcache to httpd doc
 5997 * Sync unified logging solution from Oslo
 5998 * Configurable max password length (bug 1175906)
 5999 * Fix select n+1 issue in keystone catalog
 6000 * Make pki\_setup work with OpenSSL 0.9.x
 6001 * extension migrations
 6002 * Create default role on demand
 6003 * Set wsgi startup log level to INFO
 6004 * Abstract out attribute\_ignore assigning in LDAP driver
 6005 * Abstract out attribute\_mapping filling in LDAP driver
 6006 * Imported Translations from Transifex
 6007 * remove swift dependency of s3 middleware
 6008 * Raise max header size to accommodate large tokens
 6009 * Clean up use of token\_provider manager in tests
 6010 * add OS-TRUST to links
 6011 * Run test\_mask\_password once
 6012 * Remove kwargs from manager calls where not needed
 6013 * V3 API need to check mandatory field when creating resources
 6014 * Use dependency injection for assignment and identity
 6015 * Handle circular dependencies
 6016 * Clear out the dependency registry between tests
 6017 * .gitignore eggs
 6018 * Handle json data when migrating role metadata
 6019 * Sync DB models and migrations in keystone.assignment.backends.sql
 6020 * Remove passwords from LDAP queries
 6021 * use 'exc\_info=True' instead of import traceback
 6022 * Fix typo: Tenents -> Tenants
 6023 * Use keystone.wsgi.Request for RequestClass
 6024 * Update references with new Mailing List location
 6025 * Scipped tests don't render as ERROR's
 6026 * Implement exception module i18n support
 6027 * Remove vestiges of Assignments from LDAP Identity Backend
 6028 * Load backends before deploy app in client tests
 6029 * default token format/provider handling
 6030 * Fixing broken credential schema in sqlite
 6031 * Use assignment\_api rather than assignment
 6032 * Deprecate kvs token backend
 6033 * Ec2 credentials table not created during testing
 6034 * Correct Spelling Mistake
 6035 * Remove an enumerate call
 6036 * Load app before loading legacy client in tests
 6037 * Add [assignment].driver to sample config
 6038 * Deprecation warning for [signing] token\_format
 6039 * Support token\_format for backward compatibility
 6040 * sql.Driver:authenticate() signatures should match
 6041 * update requires to prevent version cap
 6042 * Return correct link for effective group roles in GET /role\_assignments
 6043 * Implement Token Binding
 6044 * Implemented token creation without catalog response
 6045 * Fix XML rendering with empty auth payload
 6046 * Pluggable Remote User
 6047 * grammar fixes in error messages
 6048 * Implement role assignment inheritance (OS-INHERIT extension)
 6049 * Implements Pluggable V2 Token Provider
 6050 * Register Extensions
 6051 * Implements Pluggable V3 Token Provider
 6052 * Mixed LDAP/SQL Backend
 6053 * Clear cached engine when global engine changes
 6054 * python3: Introduce py33 to tox.ini
 6055 * Add version so that pre-release versioning works
 6056 * Sync-up crypto from oslo-incubator
 6057 * Add crypto dependency
 6058 * Imported Translations from Transifex
 6059 * Change domain component value to org from com
 6060 * Move temporary test files into tests/tmp
 6061 * Use InnoDB for MySQL
 6062 * Rationalize how we get roles after authentication in the controllers
 6063 * Python 3.x compatible use of print
 6064 * Regenerate example PKI after change of defaults
 6065 * assignment backend
 6066 * wsgi.BaseApplication and wsgi.Router factories should use \*\*kwargs
 6067 * Add unittest for keystone.identity.backends.sql Models
 6068 * Imported Translations from Transifex
 6069 * Do not create LDAP Domains sub tree
 6070 * Use oslo.sphinx and remove local copy of doc theme
 6071 * Move comments in front of dependencies
 6072 * Remove context from get\_token call in normalize\_domain\_id
 6073 * Fix issue with v3 tokens and group membership roles
 6074 * Sync install\_venv\_common from oslo
 6075 * Remove a useless arg in range()
 6076 * Remove an enumerate call
 6077 * Update paths to pem files in keystone.conf.sample
 6078 * Don't use deprecated BaseException.message
 6079 * Add callbacks for set\_global\_engine
 6080 * Work without admin\_token\_auth middleware
 6081 * Implement GET /role\_assignment API call
 6082 * rename quantum to neutron in docs
 6083 * Install locales for httpd
 6084 * DB2 migration support
 6085 * Use event.listen() instead of deprecated listeners kwarg
 6086 * Add 'application' to keystone.py for WSGI
 6087 * Remove hard tabs and trailing whitespace
 6088 * Manager instead of direct driver
 6089 * check for constraint before dropping
 6090 * Stop passing context to managers (bug 1194938)
 6091 * \`tox -ecover\` failure. Missing entry in tox.ini
 6092 * Clean up keystone-all.rst
 6093 * Fix up some trivial license mismatches
 6094 * Revert environment module usage in middleware
 6095 * LDAP list group users not fail if user entry deleted
 6096 * Do not raise NEW exceptions
 6097 * Move identity ldap backend from directory to file
 6098 * wsgi.Middleware factory should use \*\*kwargs
 6099 * Removing LDAP API Shim
 6100 * Consolidate admin\_or\_owner rule
 6101 * Isolate eventlet code into environment
 6102 * Set default 'ou' name for LDAP projects to Projects
 6103 * Imported Translations from Transifex
 6104 * Imported Translations from Transifex
 6105 * Move user fileds type check to identity.Manager
 6106 * Http 400 when project enabled is not a boolean
 6107 * Imported Translations from Transifex
 6108 * Correct the resolving api logic in stat middleware
 6109 * Remove a stat warning log
 6110 * Using sql as default driver for tokens
 6111 * Correct LDAP configuration doc
 6112 * Force simple Bind for authentication
 6113 * Initialize logging from HTTPD
 6114 * LDAP get\_project\_users should not return password
 6115 * Add checks to test if enabled is bool
 6116 * Fix link typo in Sphinx doc
 6117 * python WebOb dependency made unpinned
 6118 * Remove explicit distribute depend
 6119 * Version response compatible with Folsom
 6120 * Adds tests for XML version response
 6121 * Replace openstack-common with oslo in docs
 6122 * drop user and group constraints
 6123 * Correct the default name attribute for role
 6124 * Allow request headers access in app context
 6125 * Remove how to contribute section in favor of CONTRIBUTING.rst
 6126 * Fix token purging for memcache for user token index
 6127 * add ca\_key to sample configuration
 6128 * Commit transaction in migration
 6129 * Fix internal doc links (bug 1176211)
 6130 * Missing contraction: Its -> It's (bug 1176213)
 6131 * Pass on arguments on Base.get\_session
 6132 * Remove bufferedhttp
 6133 * Move coverage output dir for Jenkins
 6134 * Check schema when dropping constraints
 6135 * Import eventlet patch from oslo
 6136 * Raise key length defaults
 6137 * Base.get\_engine honor allow\_global\_engine=False
 6138 * run\_tests.sh should use flake8 (bug 1180609)
 6139 * Ignore the .update-venv directory
 6140 * Ignore conflict on v2 auto role assignment (bug 1161963)
 6141 * remove\_role\_from\_user\_and\_project affecting all users (bug 1170649)
 6142 * Maintain tokens after role assignments (bug 1170186)
 6143 * split authenticate call
 6144 * Add db\_version command to keystone-manage
 6145 * Live SQL migration tests
 6146 * Fix incorrect role assignment in migration
 6147 * typo in 'import pydev' statement
 6148 * Fixes a typo
 6149 * Imported Translations from Transifex
 6150 * Improve the performance of tokens deletion for user
 6151 * Revert "Set EVENTLET\_NO\_GREENDNS=yes in tox.ini."
 6152 * Disable eventlet monkey-patching of DNS
 6153 * Fix the debug statement
 6154 * Document size limits
 6155 * Add index on valid column of the SQL token Backend
 6156 * Add KEYSTONE\_LOCALEDIR env variable
 6157 * Add <version> arg to keystone-manage db\_sync
 6158 
 6159 2013.2.b1
 6160 ---------
 6161 
 6162 * Add index on expires column of the SQL token Backend
 6163 * fix error default policy for create\_project
 6164 * Require keystone-user/-group for pki\_setup
 6165 * Replace assertDictContainsSubset with stdlib ver
 6166 * separate paste-deploy configuration from parameters
 6167 * Add missing oslo module
 6168 * Convert openstack-common.conf to the nicer multiline format
 6169 *    Rename requires files to standard names
 6170 * Cleanup docstrings (flake8 H401, H402, H403, H404)
 6171 * imports not in alphabetical order (flake8 H306)
 6172 * import only modules (flake8 H302)
 6173 * one import per line (flake8 H301)
 6174 * eliminate 'except:' (flake8 H201)
 6175 * consistent i18n placeholders (flake8 H701, H702, H703)
 6176 * use the 'not in' operator (flake8 H902)
 6177 * Use TODO(NAME) (flake8 H101)
 6178 * Remove unnecessary commented out code
 6179 * Enumerate ignored flake8 H\* rules
 6180 * Migrate to pbr
 6181 * Remove unused variables (flake8 F841)
 6182 * Satisfy flake8 import rules F401 and F403
 6183 * Test 403 error title
 6184 * Imported Translations from Transifex
 6185 * Remove useless private method
 6186 * Consolidate eventlet code
 6187 * Use webtest for v2 and v3 API testing
 6188 * Add missing space to error msg
 6189 * Imported Translations from Transifex
 6190 * Read-only default domain for LDAP (bug 1168726)
 6191 * Add assertNotEmpty to tests and use it
 6192 * Implement Token Flush via keystone-manage
 6193 * get SQL refs from session (bp sql-query-get)
 6194 * extracting credentials
 6195 * Move auth\_token middleware from admin user to an RBAC policy
 6196 * Accept env variables to override default passwords
 6197 * Http 400 when user enabled is not a boolean
 6198 * Migrate to flake8
 6199 * Fix pyflakes and pep8 in prep for flake8
 6200 * Allow backend & client SQL tests on mysql and pg
 6201 * Revert "Disable eventlet monkey-patching of DNS"
 6202 * Set EVENTLET\_NO\_GREENDNS=yes in tox.ini
 6203 * Disable eventlet monkey-patching of DNS
 6204 * Revoke tokens on user delete (bug 1166670)
 6205 * A minor refactor in wsgi.py
 6206 * Skip IPv6 tests for eventlet dns
 6207 * LDAP list groups with missing member entry
 6208 * Fix 403 status response
 6209 * Remove unused CONF.pam.url
 6210 * Mark LDAP password and admin\_token secret
 6211 * HACKING LDAP
 6212 * Make migration tests postgres & mysql friendly
 6213 * Documentation about the initial configuration file and sample data
 6214 * Add rule for list\_groups\_for\_user in policy.json
 6215 * Test listing of tokens with a null tenant
 6216 * fix duplicate option error
 6217 * Delete extra dict in token controller
 6218 * What is this for?
 6219 * Removed unused imports
 6220 * Remove non-production middleware from sample pipelines
 6221 * Replace password to "\*\*\*" in the debug message
 6222 * Fixed logging usage instead of LOG
 6223 * Remove new constraint from migration downgrade
 6224 * Allow additional attribute mappings in ldap
 6225 * Enable unicode error message
 6226 * Sync with oslo-incubator copy of setup.py
 6227 * Set empty element to ""
 6228 * Fixed unicode username user creation error
 6229 * Fix token ids for memcached
 6230 * Use is\_enabled() in folsom->grizzly upgrade (bug 1167421)
 6231 * Generate HTTPS certificates with ssl\_setup
 6232 * Fix for configuring non-default auth plugins properly
 6233 * test duplicate name
 6234 * Add TLS Support for LDAP
 6235 * fix undefined variable
 6236 * clean up invalid variable reference
 6237 * Clean up duplicate methods
 6238 * stop using time.sleep in tests
 6239 * don't migrate as often
 6240 * use the openstack test runner
 6241 * Fix 401 status response
 6242 * Fix example in documentation
 6243 * Fix IBM copyright strings
 6244 * Share one engine for more than just sqlite in-memory
 6245 * Add missing colon for documentation build steps
 6246 * Mark sql connection with secret flag
 6247 
 6248 2013.1.rc2
 6249 ----------
 6250 
 6251 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6252 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6253 * close db migration session
 6254 * Use string for port in default endpoints (bug 1160573)
 6255 * keystone commands don't print any version information
 6256 * bug 1159888 broken links in rst doc
 6257 * use the roles in the token when recreating
 6258 * Sync with oslo-incubator
 6259 * Rename trust extension (bug 1158980)
 6260 * Rename trust extension
 6261 * keystone commands don't print any version information
 6262 * Imported Translations from Transifex
 6263 
 6264 2013.1.rc1
 6265 ----------
 6266 
 6267 * Add a dereference option for ldap
 6268 * Make versions aware of enabled pipelines
 6269 * Move trusts to extension
 6270 * Move trusts to extension
 6271 * Version bump to 2013.2
 6272 * Add a dereference option for ldap
 6273 * Allow trusts to be optional
 6274 * Enable emulation for domains
 6275 * Wrap config module and require manual setup (bug 1143998)
 6276 * Correct spacing in warning msg
 6277 * Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430)
 6278 * Properly handle emulated ldap enablement
 6279 * Support for LDAP groups (bug #1092187)
 6280 * Validate domains unconditionally (bug 1130236)
 6281 * Fix live ldap tests
 6282 * V2, V3 token intermix for unscoped tokens (bug 1156913)
 6283 * Pass project membership as dict in migration 015
 6284 * Ensure delete domain removes all owned entities
 6285 * Utilize legacy\_endpoint\_id column (bug 1154918)
 6286 * Test default\_project\_id scoping (bug 1023502)
 6287 * Fix XML handling of member links (bug 1156594)
 6288 * Discard null endpoints (bug 1152632)
 6289 * extracting user and trust ids into normalized fields
 6290 * No parent exception to wrap
 6291 * Remove duplicate password/token opts
 6292 * xml\_body returns backtrace on XMLSyntaxError
 6293 * duplicated trust tests
 6294 * Migrate roles from metadata to user\_project\_metadata
 6295 * Fixes bug 1151747: broken XML translation for resource collections
 6296 * Revise docs to use keystoneclient.middleware.auth\_token
 6297 * quiet route logging on skipped tests
 6298 * Ensure tokens are revoked for relevant v3 api calls
 6299 * Remove un-needed LimitingReader read() function
 6300 * Catch and log server exceptions
 6301 * Added test cases to improve LDAP project testing
 6302 * Switch to final 1.1.0 oslo.config release
 6303 * Filter out legacy\_endpoint\_id (bug 1152635)
 6304 * Improve tests for api protection and filtering
 6305 * add belongs\_to check
 6306 * Revert "update tests/\_\_init\_\_.py to verify openssl version"
 6307 * Revert "from tests import"
 6308 * Make Keystone return v3 as part of the version api
 6309 * Run keystone server in debug mode
 6310 * remove spurious roles check
 6311 * bug 1133526
 6312 * Fix folsom -> grizzly role table migration issues (bug 1119789)
 6313 * Delete tokens for user
 6314 * from tests import
 6315 * v3 endpoints won't have legacy ID's (bug 1150930)
 6316 * return 201 Created on POST request (bug1131119)
 6317 * add missing attributes for group/project tables (bug1126021)
 6318 * Remove unused methods from LDAP backed
 6319 * Move get\_by\_name to LdapBase
 6320 * fix typo in kvs backend
 6321 * mark 2.0 API as stable
 6322 * unable to load certificate should abort request
 6323 * Move auth plugins to 'keystone.auth.plugins' (bug 1136967)
 6324 * Change exception raised to Forbidden on trust\_id
 6325 * cleanup trusts in controllers
 6326 * remove unused import
 6327 * ports should be ints in config (bug 1137696)
 6328 * Expand v3 trust test coverage
 6329 * Trusts
 6330 * bug 1134802: fix inconsistent format for expires\_at and issued\_at
 6331 * Sync timeutils with oslo
 6332 * Straighten out NotFound raising in LDAP backend
 6333 * residual grants after delete action (bug1125637)
 6334 * Remove TODO that didn't land in grizzly
 6335 * Make getting user-domain roles backend independant
 6336 * Explain LDAP page\_size & default value
 6337 * Imported Translations from Transifex
 6338 * Enable a parameters on ldap to allow paged\_search of ldap queries This fixes bug 1083463
 6339 * update tests/\_\_init\_\_.py to verify openssl version
 6340 * command line switch for short pep8 output
 6341 * Convert api to controller
 6342 * bug 1131840: fix auth and token data for XML translation
 6343 * flatten payload for policy
 6344 * Unpin pam dependency version
 6345 * keystone : Use Ec2Signer utility class from keystoneclient
 6346 * Move handle\_conflicts decorator into sql
 6347 * domain\_id\_attributes in config.py have wrong default value
 6348 * Rework S3Token middleware tests
 6349 * Remove obsolete \*page[\_marker] methods from LDAP backend
 6350 * Setup logging in keystone-manage command
 6351 * Ensure keystone unittests do not leave CONF.policyfile in bad state
 6352 * catch errors in wsgi.Middleware
 6353 * Fix id\_to\_dn for creating objects
 6354 * Tests for domain-scoped tokens
 6355 * domain-scoping
 6356 * Pass query filter attributes to policy engine
 6357 * Removed redundant assertion
 6358 * v3 token API
 6359 * Update oslo-config version
 6360 * Correct SQL migration 017 column name
 6361 * merging in fix from oslo upstream
 6362 * enabled attribute emulation support
 6363 * Change the default LDAP mapping for description
 6364 * Ensure user and tenant enabled in EC2
 6365 * Disable XML entity parsing
 6366 * Remove old, outdated keystone devref docs
 6367 * Update the Keystone policy engine to the latest openstack common
 6368 * Implement name space for domains
 6369 * Update sample\_data.sh to match docs
 6370 * project membership to role conversion
 6371 * Remove test\_auth\_token\_middleware
 6372 * Workaround Migration issue with PostgreSQL
 6373 * make LDAP query scope configurable
 6374 * make fakeldap.\_match\_query work for an arbitrary number of groups
 6375 * Use oslo-config-2013.1b3
 6376 * Remove usage of UserRoleAssociation.id in LDAP
 6377 * Add an update option to run\_tests.sh
 6378 * Add pysqlite as explicit test dep
 6379 * fix unit test when memcache middleware is not configured
 6380 * add missing kvs functionality (bug1119770)
 6381 * Update to oslo version code
 6382 * adding additional backend tests (bug1101244)
 6383 * Fix spelling mistakes
 6384 * Cleaned up keystone-all --help output
 6385 * Keystone backend preparation for domain-scoping
 6386 * Use install\_venv\_common.py from oslo
 6387 * Spell accommodate correctly
 6388 * Missed import for IPv6 tests skip
 6389 * Add missing log\_format, log\_file, log\_dir opts
 6390 * Fix normalize identity sql ugrade for Mysql and postgresql
 6391 * remove duplicate model declaration/attribution
 6392 * simplify query building logic
 6393 * Fix test\_contrib\_s3\_core unit test
 6394 * Expand dependency injection test coverage
 6395 * remove unneeded config reloading (it's already done during setUp)
 6396 * allow unauthenticated connections to an LDAP server
 6397 * Relational API links
 6398 * return 400 Bad Request if invalid params supplied (bug1061738)
 6399 * UserApi.update not to require all fields in arg
 6400 * Tenant update on LDAP breaks if there is no update to apply
 6401 * Query only attributes strictly required for keystone when using it with existing LDAP servers
 6402 * Update .coveragerc
 6403 * Add size validations to token controller
 6404 * add check for config-dir parameter (bug1101129)
 6405 * Silence routes internal debug logging
 6406 * Imported Translations from Transifex
 6407 * Delete Roles for User and Project LDAP
 6408 * Why .pop()'ing urls first is important
 6409 * don't create a new, copied list in get\_project\_users
 6410 * Fixes 'not in' operator usage
 6411 * Add --keystone-user/group to keystone-manage pki\_setup
 6412 * Adds png versions of all svg image files. Changes reference
 6413 * Updates migration 008 to work on PostgreSQL
 6414 * Create a default domain (bp default-domain)
 6415 * Generate apache-style common access logs
 6416 * import tools/flakes from oslo
 6417 * tenant to project in the apis
 6418 * Tenant to Project in Back ends
 6419 * Fix bugs with set ldap password
 6420 * Enable/disable domains (bug 1100145)
 6421 * Readme: use 'doc' directory not 'docs'
 6422 * rename tenant to project in sql
 6423 * Update to requests>=1.0.0 for keystoneclient
 6424 * Fix pep8 error
 6425 * Document user group LDAP options
 6426 * Sync latest cfg from oslo-incubator
 6427 * Limit the size of HTTP requests
 6428 * Fix role delete method in LDAP backend
 6429 * public\_endpoint & admin\_endpoint configuration
 6430 * Skip IPv6 tests if IPv6 is not supported
 6431 * Allow running of sql against the live DB
 6432 * Test that you can undo & re-apply all migrations
 6433 * downgrade user and tenant normalized tables downgraded such that sqlite is supported, too
 6434 * Auto-detect max SQL migration
 6435 * Safer data migrations
 6436 * Sync base identity Driver defs with SQL driver
 6437 * Fix i18n of string templates
 6438 * Enhance wsgi to listen on ipv6 address
 6439 * add database string field length check
 6440 * Autoload schema before creating FK's (bug 1098174)
 6441 * Enable exception format checking in the tests
 6442 * reorder tables for delete
 6443 * Validated URLs in v2 endpoint creation API
 6444 * Fixes import order nits
 6445 * Cleanup keystoneclient testing requirements
 6446 * Fix issue in test\_forbidden\_action\_exposure
 6447 * Correct spelling errors / typos in test names
 6448 * Update ldap exceptions to pass correct kwargs
 6449 * Add \_FATAL\_EXCEPTION\_FORMAT\_ERRORS global
 6450 * Keystone server support for user groups
 6451 * Add missing .po files to tarball
 6452 * Imported Translations from Transifex
 6453 * adds keyring to test-requires
 6454 * Revert "shorten pep8 output"
 6455 * Upgrade WebOb to 1.2.3
 6456 * il8n some strings
 6457 * Imported Translations from Transifex
 6458 * Removed unused variables
 6459 * Removed unused imports
 6460 * Add pyflakes to tox.ini
 6461 * Fix spelling typo
 6462 * shorten pep8 output
 6463 * Driver registry
 6464 * Adding a means to connect back to a pydevd debugger
 6465 * add in pip requires for requests
 6466 * Split endpoint records in SQL by interface
 6467 * Fix typo s/interalurl/internalurl/
 6468 * module refactoring
 6469 * Test for content-type appropriate 404 (bug 1089987)
 6470 * Imported Translations from Transifex
 6471 * fixing bug 1046862
 6472 * Expand default time delta (bug 1089988)
 6473 * Add tests for contrib.s3.core
 6474 * Test drivers return HTTP 501 Not Implemented
 6475 * Support non-default role\_id\_attribute
 6476 * Remove swift auth
 6477 * Move token controller into keystone.token
 6478 * Import pysqlite2 if sqlite3 is not available
 6479 * Remove mentions of essex in docs (bug 1085247)
 6480 * Ensure serviceCatalog is list when empty, not dict
 6481 * Adding downgrade steps for migration scripts
 6482 * Port to argparse based cfg
 6483 * Only 'import \*' from 'core' modules
 6484 * use keystone test and change config during setUp
 6485 * Bug 1075090 -- Fixing log messages in python source code to support internationalization
 6486 * Added documentation for the external auth support
 6487 * check the redirected path on the request, not the response
 6488 * Validate password type (bug 1081861)
 6489 * split identities module into logical parts remove unneeded imports from core
 6490 * Ensure token expiration is maintained (bug 1079216)
 6491 * normalize identity
 6492 * Fixes typo in keystone setup doc
 6493 * Imported Translations from Transifex
 6494 * Stop using cfg's internal implementation details
 6495 * syncing run\_tests to match tox
 6496 * Expose auth failure details in debug mode
 6497 * Utilize policy.json by default (bug 1043758)
 6498 * Wrap v3 API with RBAC (bug 1023943)
 6499 * v3 Identity
 6500 * v3 Catalog
 6501 * v3 Policies
 6502 * Import auth\_token middleware from keystoneclient
 6503 * Imported Translations from Transifex
 6504 * Refix transient test failures
 6505 * Make the controller addresses configurable
 6506 * Expose authn/z failure info to API in debug mode
 6507 * Refactor TokenController.authenticate() method
 6508 * Fix error un fixtures
 6509 * Ensures User is member of tenant in ec2 validation
 6510 * Properly list tokens with a null tenant
 6511 * Reduce total number of fixtures
 6512 * Provide config file fields for enable users in LDAP backend (bug1067516)
 6513 * populate table check
 6514 * Run test\_keystoneclient\_sql in-memory
 6515 * Make tox.ini run pep8 checks on bin
 6516 * tweaking docs to fix link to wiki Keystone page
 6517 * Various pep8 fixes for keystone
 6518 * Use the right subprocess based on os monkeypatch
 6519 * Fix transient test failures (bug 1077065, bug 1045962)
 6520 * Rewrite initial migration
 6521 * Fix default port for identity.internalURL
 6522 * Improve feedback on test failure
 6523 * fixes bug 1074172
 6524 * SQL upgrade test
 6525 * Include 'extra' attributes twice (bug 1076120)
 6526 * Return non-indexed attrs, not 'extra' (bug 1075376)
 6527 * bug 1069945: generate certs for the tests in one place
 6528 * monkeypatch cms Popen
 6529 * HACKING compliance: consistent use of 'except'
 6530 * auth\_token hash pki key PKI tokens on hash in memcached when accessed by auth\_token middelware
 6531 * key all backends off of hash of pki token
 6532 * don't import filter\_user name, use it from the identity module
 6533 * don't modify the passed in dict to from\_dict
 6534 * move hashing user password functions to common/utils
 6535 * ignore .tox directory for pep8 in runtests
 6536 * Imported Translations from Transifex
 6537 * Implements REMOTE\_USER authentication support
 6538 * pin sqlalchemy to 0.7
 6539 * Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi
 6540 * Removes duplicate flag for token\_format
 6541 * Raise exception if openssl stderr indicates one
 6542 * Ignore keystone.openstack for PEP8
 6543 * Fixed typo in log message
 6544 * Fixes 500 err on authentication for invalid body
 6545 * Enable Deletion of Services with Endpoints
 6546 * Exception.message deprecated in py26 (bug 1070890)
 6547 * Utilize logging instead of print()
 6548 * stop LdapIdentity.create\_user from returning the user's password
 6549 * Compare token expiry without seconds
 6550 * Moved SQL backend tests into memory
 6551 * Add trove classifiers for PyPI
 6552 * Adding handling for get user/tenant by name
 6553 * Fixed bug 1068851. Refreshed new crypto for the SSL tests
 6554 * move filter\_user function to keystone.identity.core
 6555 * Fixes response for missing credentials in auth
 6556 * making PKI default token type
 6557 * Fixes Bug 1063852
 6558 * bug 1068674
 6559 * Update common
 6560 * Extract hardcoded configuration in ldap backend (bug 1052111)
 6561 * Fix Not Found error, when router not match
 6562 * add --config-dir=DIR  for keystone-all option
 6563 * Add  --config-dir=DIR in OPTIONS
 6564 * Delete role does not delete role assignments in tenants (bug 1057436)
 6565 * replacing PKI token detection from content length to content prefix. (bug 1060389)
 6566 * Document PKI configuration and management
 6567 * Raise if we see incorrect keyword args "condition" or "methods"
 6568 * Filter users in LDAP backend (bug 1052925)
 6569 * Use setup.py develop to insert code into venv
 6570 * Raise 400 if credentials not provided (bug 1044032)
 6571 * Fix catalog when services have no URL
 6572 * Unparseable endpoint URL's should raise friendly error
 6573 * Configurable actions on LDAP backend in users Active Directory (bug 1052929)
 6574 * Unable to delete tenant if contains roles in LDAP backend (bug 1057407)
 6575 * Replaced underscores with dashes
 6576 * fixes bug 1058429
 6577 * Command line switch for standard threads
 6578 * Remove run\_test.py in favor of stock nose
 6579 * utf-8 encode user keys in memcache (bug 1056373)
 6580 * Convert database schemas to use utf8 character set
 6581 * Return a meaningful Error when token\_id is missing
 6582 * Backslash continuation cleanup
 6583 * notify calling process we are ready to serve
 6584 * add Swift endpoint in sample data
 6585 * Updated Fix for duplicated entries on LDAP backend for get\_tenant\_users
 6586 * Fix wsgi config file access for HTTPD
 6587 * Bump version to 2013.1
 6588 * Limit token revocation to tenant (bug 1050025)
 6589 * Fixed trivally true tests (bug 983304)
 6590 * add Quantum endpoint in sample data
 6591 * Add XML namespace support for OSADM service api
 6592 * Delete user tokens after role grant/revoke
 6593 * LDAP backend attribute fixes
 6594 * Document memcached host system time configuration
 6595 * Implementation of tenant,user,role list functions for ldap
 6596 * Initialize Metadata variable
 6597 * Cleanup PEP8 errors from Common
 6598 * List tokens for memcached backend
 6599 * Implement token endpoint list (bug 1006777)
 6600 * Ignore eclipse files
 6601 * Identity API v3 Config, Routers, Controllers
 6602 * Sync some misc changes from openstack-common
 6603 * Sync latest cfg from openstack-common
 6604 * Remove id\_hash column
 6605 * LOG.warn all exception.Unauthorized authentication failures
 6606 * Fixed: test\_default\_tenant\_uuid\_token not running
 6607 * Upgrade PEP8 to 1.3.3 (bug 1037303)
 6608 * Expand PEP8 coverage to include docs & tests
 6609 * Removed/fixed unused variable references
 6610 * HACKING compliance & staticly init module vars
 6611 * PEP8 fix E251
 6612 * PEP8 fix
 6613 * Removed unused imports
 6614 * Check for expected cfg impl (bug 1043479)
 6615 * Fixed typos in comment
 6616 * HACKING: Import by full module path
 6617 * HACKING: Use single quotes
 6618 * mistake in doc string
 6619 * pep8 1.3.3 cleanup removing unused imports
 6620 * Removed dead code
 6621 * Fix auth\_token middleware to fetch revocation list as admin
 6622 * Require authz to update user's tenant (bug 1040626)
 6623 * Code cleanup in doc/source/conf.py
 6624 * Typo fix in keystone: existant => existent
 6625 * allow middleware configuration from app config
 6626 * PEP8 fix for PAM test
 6627 * change verbose and debug to Fasle in keystone.conf.sample
 6628 * add token\_format=UUID to keystone.conf.sample
 6629 * Demonstrate that authenticate() returns roles
 6630 * Add nosehtmloutput as a test dependency
 6631 * Less information returned with IntegrityError
 6632 * Support running the tests in the debugger
 6633 * Removed stray print statement (bug 1038131)
 6634 * Remove unused variables
 6635 * PKI Token revocation
 6636 * Remove unused imports
 6637 * Adding missing files to MANIFEST.in
 6638 * Simplify the sql backend deletion of users and tenants
 6639 * Add tests for PAM authentication
 6640 * Allow overloading of username and tenant name in the config files
 6641 * Enabling SQL Catalog tests (bug 958950)
 6642 * Use user home dir as default for cache
 6643 * Set example key\_size to 1024
 6644 * Log errors when signing/verifying
 6645 * Implement python version of migration 002
 6646 * Set default signing\_dir based on os USER
 6647 * Assert adminness on token validation (bug 1030968)
 6648 * Test for Cert by name
 6649 * Typo error in keystone/doc/source/configuration.rst
 6650 * fix broken link
 6651 * Cryptographically Signed tokens
 6652 * Sync jsonutils from openstack-common
 6653 * Added user name validation. Fixes bug 966251
 6654 * Import ec2 credentials from old keystone db
 6655 * Debug output may include passwords (bug 1004114)
 6656 * Raise unauthorized if tenant disabled (bug 988920)
 6657 * Files for  Apache-HTTPD
 6658 * Implementation of LDAP functions
 6659 * Fix the wrong infomation in keystone-manage.rst
 6660 * Webob needs body to calc Content-Length (bug 1016171)
 6661 * Prevent service catalog injection in auth\_token
 6662 * Admin Auth URI prefix
 6663 * updating testing documentation
 6664 * adding keystoneclient test
 6665 * Removed redundant / excessively verbose debug
 6666 * Making docs pretty!
 6667 * Adding user password setting api call
 6668 * Fixing pep8 errors in tests/\*py
 6669 * Make sure user dict has id key before checking against it
 6670 * pep8 for openssl
 6671 * Run pep8 for tests
 6672 * Move monkey patch to keystone-all startup
 6673 * Use sdist tarball instead of zipball
 6674 * Return a 409 error when adding a second time a role to user/tenant
 6675 * notify calling process we are ready to serve
 6676 * Set iso8601 module as default dependence
 6677 * Fixed user-only role deletion error
 6678 * Use PyPI for keystoneclient
 6679 * keystone\_manage certificate generation
 6680 * documenting models
 6681 * Reorder test imports by full import path
 6682 * pep8 v1.3.3 compliance (bug 1019498)
 6683 * Correct Tree DN
 6684 * don't assume that the LDAP server require authentication
 6685 * fix variable names to coincide with the ones in common.ldap
 6686 * Keystone should use openstack.common.timeutils
 6687 * Fixed marker & limit computation (bug 1006055)
 6688 * Do not crash when trying to remove a user role (without a tenant)
 6689 * Keystone should use openstack.common.jsonutils
 6690 * Refactor 404's into managers & drivers (bug 968519)
 6691 * fix sphinx warnings
 6692 * fix man page build
 6693 * Utilize newer changes in openstack-common
 6694 * Add .mailmap file
 6695 * setting up babel for i18n work blueprint start-keystone-i18n
 6696 * Removed unused import
 6697 * Fix order of returned tuple elements in pam authenticate
 6698 * Reorder imports by full module path
 6699 * Pass serviceCatalog in auth\_token middleware
 6700 * Fixed typo in routing conditions (bug 1006793)
 6701 * 400 on unrecognized content type (bug 1012282)
 6702 * Basic request stats monitoring & reporting
 6703 * Monkey patching 'thread'
 6704 * Speed up SQL unit tests
 6705 * PEP8 fixes
 6706 * Clean up test requires a bit
 6707 * Use cfg's new global CONF object
 6708 * Add s3 extension in keystone.conf sample
 6709 * Tweak for easier, safer subclassing
 6710 * Revert file mode to be non-executable
 6711 * fix importing of optional modules in auth\_token
 6712 * Carrying over token expiry time when token chaining
 6713 * Keystone should use openstack.common.importutils
 6714 * Require authz for user role list (bug 1006815)
 6715 * Require authz for service CRUD (bug 1006822)
 6716 * PEP8 fixes
 6717 * Use cfg's new behavior of reset() clearing overrides
 6718 * Use cfg's new group autocreation feature
 6719 * Sync with latest version of openstack.common.cfg
 6720 * blueprint 2-way-ssl
 6721 * Fixes some pep8 warning/errors
 6722 * Update swift\_auth documentation
 6723 * Add ACL check using <tenant\_id>:<user> format
 6724 * Use X\_USER\_NAME and X\_ROLES headers
 6725 * Allow other middleware overriding authentication
 6726 * Backslash continuation removal (Keystone folsom-1)
 6727 * Remove service\_\* from authtoken examples
 6728 * Nail prettytable test dependency at 0.5.0
 6729 * Invalidate user tokens when a user is disabled
 6730 * Fix depricated /users/{user-id}/roles
 6731 * Changed arguments in keystone CLI for consistency
 6732 * Add validations of 'name' field for roles, users and tenants
 6733 * Added 'NormalizingFilter' middleware
 6734 * One 'ctrl-c' kills keystone
 6735 * Make sure we parse delay\_auth\_decision as boolean
 6736 * Flush tenant membership deletion before user
 6737 * notify calling process we are ready to serve
 6738 * Invalidate user tokens when password is changed
 6739 * Added tenant name validation. Fixes bug 966249
 6740 * Corrects url conversion in export\_legacy\_catalog
 6741 * Truly handle mailmap entries for all combinations
 6742 * fix pam admin user case
 6743 * Improve the sample keystone.conf
 6744 * Add defaults for ldap options
 6745 * Sync to newer openstack-common
 6746 * Set defaults for sql options
 6747 * Set defaults for port options
 6748 * Add defaults for driver options
 6749 * Use ConfigOpts.find\_file() to locate catalog template
 6750 * Use ConfigOpts.find\_file() to locate policy.json
 6751 * Policy doc updates; RST syntax consistency
 6752 * Removed SimpleMatch 'shim'; updated readme
 6753 * Removed old sections; improved syntax consistency
 6754 * cleanup dependent data upon user/tenant deletion
 6755 * Update tests to run servers on 127.0.0.1
 6756 * Switch to 1000 rounds during unit tests
 6757 * Fix argument name referred in the document
 6758 * Exit on error in a S3 way
 6759 * Auto generate AUTHORS file for keystone component
 6760 * Misnamed exception attribute (bug 991936)
 6761 * Avoid ValueError in 12.04 essex pkg (bug 988523)
 6762 * Non-nullable User, Tenant, Role names (bug 987121)
 6763 * Fix expired token tests
 6764 * Make run\_tests.py non-executable
 6765 * Add distribute to test-requires
 6766 * Makes the ldap backend return proper role metadata
 6767 * cleanup no\_meta user in live LDAP test
 6768 * Add ChangeLog to tarball
 6769 * Fix "it's" grammar errors
 6770 * Rename keystone.conf to .sample
 6771 * Import latest openstack-common
 6772 * Stub out swift log configuration during testing
 6773 * Remove tenant membership during user deletion
 6774 * Add a \_ at the end of reseller\_prefix default
 6775 * additional logging to support debugging auth issue
 6776 * Add support to swift\_auth for tokenless authz
 6777 * Make import\_nova\_auth only create roles which don't already exist
 6778 * don't duplicate the extra dict in extra
 6779 * Fix looking for config files
 6780 * endpoint-crud 404 (bug 963056)
 6781 * user-role-crud 404 (bug 963056)
 6782 * ec2-credential-crud 404 (bug 963056)
 6783 * service-crud 404 (bug 963056)
 6784 * user-crud 404 (bug 963056)
 6785 * tenant-crud 404 (bug 963056)
 6786 * Add build artifacts missing from .gitignore
 6787 * Switch keystone.test.TestCase to use unittest2
 6788 * Raise keystone.exception for HTTP 401 (bug 962563)
 6789 * Fixed misc errors in configuration.rst
 6790 * Docs: SQL-based vs File-based Service Catalog
 6791 * Improve service CRUD test coverage
 6792 * Change default catalog driver to SQL; doc the options
 6793 * Replace tabs with spaces
 6794 * role-crud 404 (bug 963056)
 6795 * Improve swift\_auth test coverage + Minor fixes
 6796 * Open Folsom
 6797 * S3 tokens cleanups
 6798 * Check values for EC2
 6799 * Fix critical typo in endpoint\_create (bug 961412)
 6800 * updating docs to include creating service accts
 6801 * unique role name constraint
 6802 * Add test for swift middleware
 6803 * Spring cleaning, fix PEP8 violations
 6804 * Rename tokenauth to authtoken
 6805 * pass the arguments in when starting keystone-all
 6806 * fix keystone-all's usage of options vs conf
 6807 * Wrapped unexpected exceptions (bug 955411)
 6808 * Changing belongsTo validation back to ID
 6809 * Clean up sql connection args
 6810 * Improved file logging example (bug 959610)
 6811 * Swift middleware doc update
 6812 * Fixes LP #954089 - Service list templated catalog
 6813 * Remove nova-specific middlewares
 6814 * Add check for MAX\_PASSWORD\_LENGTH to utils
 6815 * Remove glance\_auth\_token middleware
 6816 * Support PyPAM in pam backend, update to latest API
 6817 * Fix default port for identity.internalURL
 6818 * Installing keystone docs
 6819 * Update username -> name in token response
 6820 * Refactor keystone.common.logging use (bug 948224)
 6821 * Add automatically generated code docs
 6822 * Properly return 501 for unsupported Catalog calls
 6823 * docstring cleanup to remove sphinx warnings
 6824 * updating documentation for rewrite of auth\_token
 6825 * Allow connect to another tenant
 6826 * Update docs for keystone client cli args
 6827 * Raising unauthorized instead of 500 (bug 954547)
 6828 * Failing to update tenants (bug 953678, bug 954673)
 6829 * added LDAP section to architecture and architecture
 6830 * Bug #943031 MySQL Server has gone away added docnotes of error messages caught for mysql and reference
 6831 * making all use of time follow datetime.utcnow() fixes bug 954057
 6832 * Improved legacy tenancy resolution (bug 951933)
 6833 * sample\_data.sh: check file paths for packaged installations
 6834 * Fix iso8601 import/use and date comparaison
 6835 * Fix double-quoted service names
 6836 * Remove Nova Diablo reference from migrate docs
 6837 * Fixes the cli documentation of user/tenant/roles
 6838 * Add simple set of tests for auth\_token middleware
 6839 * update documention on changing user password
 6840 * enables run\_test option to skip integration
 6841 * Add token caching via memcache
 6842 * Update get\_metadata to return {}
 6843 * Diablo to Essex migration docs (bug 934328)
 6844 * Added license header (bug 929663)
 6845 * Add AUTHORS to the tarball
 6846 * create service endpoints in sample data
 6847 * Fix EC2 credentials crud after policy backend change
 6848 * port common policy code to keystone
 6849 * rename belongs\_to to belongsTo as per the API spec
 6850 * Make sure we have a port number before int it
 6851 * fixes lp#949648 change belongsTo validate to name
 6852 * HTTP\_AUTHORIZATION was used in proxy mode
 6853 * fix Nova Volume Service in sample data
 6854 * fixes bug lp#948439 belongs\_to and serviceCatalog behavior \* removing belongs\_to as a kwarg and getting from the context \* adding a serviceCatalog for belongs\_to calls to tokens \* adding test to validate belongs\_to behavior in tokens
 6855 * Make bind host configurable
 6856 * add more default catalog templates
 6857 * Fix coverage jobs for Jenkins
 6858 * Improve auth\_str\_equal()
 6859 * Set default identity driver to sql (bug 934332)
 6860 * Renamed sqlite files (bug 944951)
 6861 * Isolating backtraces to DEBUG (bug 947060)
 6862 * updating readme to point to developer setup docs \* fixes bug 945274
 6863 * Add reseller admin capability
 6864 * Remove trailing whitespaces in regular file
 6865 * LDAP get\_user\_by\_name
 6866 * Added missing import (bug 944905)
 6867 * add git commit date / sha1 to sphinx html docs
 6868 * gitignore follow up for docs/ rename
 6869 * improve auth\_token middleware
 6870 * Add service accounts to sample\_data.sh
 6871 * standardize ldap and related tests
 6872 * Align with project configs
 6873 * Fixes doc typo s/SERVIVE/SERVICE/
 6874 * Use constant time string comparisons for auth
 6875 * Unpythonic code in redux in auth\_token.py
 6876 * fix pep8
 6877 * GET /v2.0 (bug 930321)
 6878 * LDAP member defaults
 6879 * Handle KeyError in \_get\_admin\_auth\_token
 6880 * Align tox jobs with project standards
 6881 * renaming pip-requires-test to test-requires
 6882 * Provide request to Middleware.process\_response()
 6883 * Add Vary header (bug 928057)
 6884 * Implement a Catalog SQL backend
 6885 * Set tenantName to 'admin' in get\_admin\_auth\_token
 6886 * LDAP Identity backend
 6887 * Implements extension discovery (bug 928054)
 6888 * Support unicode in the keystone database
 6889 * Add HEAD /tokens/{token\_id} (bug 933587)
 6890 * XML de/serialization (bug 928058)
 6891 * fleshing out architecture docs
 6892 * Update auth\_token middleware so it sets X\_USER\_ID
 6893 * Adds AUTHORS file generated from git log (and de-duplicated)
 6894 * The default nova compute port is 8774
 6895 * Fix case of admin role in middleware
 6896 * Fix MANIFEST.in to include missing files
 6897 * Remove extraneous \_validate\_claims() arg
 6898 * Create tools/sample\_data.sh
 6899 * Backslash continuations (Keystone)
 6900 * Correct config name for max\_pool\_size
 6901 * Use cfg's new print\_help() method
 6902 * Move cfg to keystone.openstack.common
 6903 * Remove cfg dict mixin
 6904 * Update cfg from openstack-common
 6905 * Fix copyright dates and remove duplicate Apache licenses
 6906 * some additional style bits
 6907 * Add migration path for Nova auth
 6908 * fix the style guide to match the code
 6909 * Re-adds admin\_pass/user to auth\_tok middleware
 6910 * Fix thinko in keystone-all sys.path hack
 6911 * Removing broken & redundant code (bug 933555)
 6912 * Return HTTP 401 bad user/password is specified
 6913 * cli now returns an exit status cmd is invalid
 6914 * Ignore sqlite.db files
 6915 * Implements admin logic for tenant\_list call
 6916 * Implemented get\_tenant\_users. Fixed bug 933721
 6917 * Removing unused imports from keystone.cli
 6918 * Set include\_package\_data=True in setup.py
 6919 * Remove data\_files section from setup.py
 6920 * Update Manifest.in
 6921 * Add migrate.cfg to data\_files in setup.py
 6922 * Should return 300 Multiple Choice (bug 925548)
 6923 * Admin version pipeline not utilized (bug 925548)
 6924 * fixes #934459
 6925 * Fix logging.config import
 6926 * backport some asserts
 6927 * remove pycli
 6928 * Adds missing argument to add\_user\_to\_tenant in create\_user
 6929 * Fixes a failure caused by a recent change to user update in the client
 6930 * remove executable bit from setup.py
 6931 * Raising 'NotImplmented' results in TypeError
 6932 * Update docs for Swift and S3 middlewares
 6933 * Added Apache 2.0 License information
 6934 * Add docs on keystone\_old -> ksl migration
 6935 * Add token expiration
 6936 * Update docs to for current keystone-manage usage
 6937 * add catalog export
 6938 * Handle unicode keys in memcache token backend
 6939 * make sure passwords work after migration
 6940 * add legacy diablo import tests
 6941 * change password hash
 6942 * add essex test as well
 6943 * add sql for import legacy tests
 6944 * add import legacy cli command
 6945 * add migration from legacy db
 6946 * remove keystoneclient-based manage commands
 6947 * Remove executable bit from auth\_token.py
 6948 * Update swift token middleware
 6949 * Add s3\_token
 6950 * Add pagination to GET /tokens
 6951 * Fixes role checking for admin check
 6952 * Fix webob exceptions in test\_middlware
 6953 * Add tests for core middleware
 6954 * Add version description to root path
 6955 * Add TokenNotFound exception
 6956 * remove diablo tests, they aren't doing much
 6957 * Fix largest memory leak in ksl tests
 6958 * Add memcache token backend
 6959 * Friendly JSON exceptions (bug 928061, bug 928062)
 6960 * Fix comment on bcrypt and avoid hard-coding 29 as the salt length
 6961 * Add SQL token backend
 6962 * Add content-type to responses
 6963 * Cope with unicode passwords or None
 6964 * Add auth checks to ec2 credential crud operations
 6965 * termie all the things
 6966 * example in hacking was incorrect
 6967 * Ensures duplicate users and tenants can't be made
 6968 * make pip requires match nova
 6969 * fixes lp:925721 adds .gitreview for redux branch
 6970 * remove novaclient, fix python syntax
 6971 * We don't need all the deps to check pep8
 6972 * remove extra line
 6973 * Make ec2 auth actually work
 6974 * fixing grammar, noting broken enable, adding hacking with prefs for project
 6975 * Removed unused reference
 6976 * adding a token service Driver to define the interface
 6977 * Added support for DELETE /tokens/{token\_id}
 6978 * Fixes bug 924391
 6979 * ran through all commands to verify keywords against current (master) keystonelight
 6980 * updating docs:
 6981 * Fix "KeyError: 'service-header-mappings'"
 6982 * updating tox.ini with test pip requirements
 6983 * use our own logging module
 6984 * Update auth\_token middleware to support creds
 6985 * Removes nova middleware and config from keystone
 6986 * minor docstring update for new locations
 6987 * Missed one more keystone-server
 6988 * Renamed keystone-server to keystone-all based on comments in LP: #910484
 6989 * be more safe with getting json aprams
 6990 * skip the two tests where testing code is failing
 6991 * accept POST or PUT for tenant update
 6992 * deal with reparsing the config files
 6993 * don't automatically parse sys.argv for cfg
 6994 * deal with tags in git checkout
 6995 * fix keystoneclient tests
 6996 * add tests for essex and fix the testing framework
 6997 * Update docs/source/developing.rst
 6998 * Change the name of keystone to keystone-server so the binaries dont conflict with python-keystoneclient
 6999 * Normalize build files with current jenkins
 7000 * Use gerrit instead of github
 7001 * Fix pep8 violations
 7002 * Add .gitreview file
 7003 * Added keystone-manage list\_role\_grants (bug 923933)
 7004 * removing unused images, cleaning up RST in docstrings from sphinx warnings
 7005 * pep8 cleanup
 7006 * shifting contents from \_static to static
 7007 * adding in testing details
 7008 * moved notes from README.rst into docs/architecture.rst
 7009 * updating formating for configuration page
 7010 * format tweaks and moving old docs
 7011 * shifting older docs into old/ directory
 7012 * doc updates
 7013 * moving in all the original docs from keystone
 7014 * adding python keystoneclient to setup.py deps
 7015 * fixing up PIP requirements for testing and virtualenv
 7016 * indents
 7017 * Make it as a subclass
 7018 * Added shortcut for id=NULL queries (bug 916386)
 7019 * fix style and termie's comments about comments
 7020 * invalid params for roles.delete
 7021 * initial stab at requiring adminness
 7022 * Simplify code
 7023 * add tests that auth with tenant user isn't member of
 7024 * Add s3tokens validation
 7025 * Test coverage for issue described in bug 919335
 7026 * Removing \_\_init\_\_ from non-packages (bug 921054)
 7027 * add instructions for setting up a devenv on openSUSE 11.4 and 12.1
 7028 * Documented race condition (bug 921634)
 7029 * Fix race in TestCreateTokenCommand (bug 921634)
 7030 * Forgot to update models (bug 885426)
 7031 * Updating example glance paste config
 7032 * add a bunch of basic tests for the cli
 7033 * Migrated 'enabled' int columns to bool for postgres (bug 885426)
 7034 * remove this useless catalog
 7035 * move cli code into a module for testing
 7036 * Updated bp keystone-configuration for bp keystone-manage2
 7037 * Return Version and Tenant in Endpoints
 7038 * Updated error message for keystone-manage2
 7039 * allow class names to be different from attr names
 7040 * add ec2 credentials to the cli
 7041 * fix middleware
 7042 * Added: "UserWithPassword" Added: "UserWithOnlyEnabled" Removed: "UserWithOnlyPassword"
 7043 * Update Extended Credentials (EC2, S3)
 7044 * Fix for bug 921126
 7045 * Adds keystone auth-n/auth-z for Swift S3 API
 7046 * Implement cfg.py
 7047 * bcrypt the passwords
 7048 * fix token vs auth\_token
 7049 * Implement Secure Token Auth
 7050 * some quick fixes to cli, tests incoming
 7051 * fix pep8
 7052 * fix some more pass-by-reference bugs
 7053 * strip password before checking output
 7054 * flip actual and expected to match common api
 7055 * don't allow disabled users to authenticate
 7056 * turn off echo
 7057 * fix invalid\_password, skip ec2 tests
 7058 * Suppressed backtraces in tests causes sweaty eyes
 7059 * strip password from sql backend
 7060 * raise and catch correct authenticate error
 7061 * rely on internal \_get\_user for update calls
 7062 * Fixed: Inserting URLs into endpoint version attr
 7063 * strip password from kvs backend
 7064 * fix user\_get/user\_list tests
 7065 * Release Notes for E3
 7066 * Addresses bug 918608
 7067 * Restore Console Info Logging - bp keystone-logging
 7068 * removing the sphinx\_build from setup.py, adding how to run the docs into the README
 7069 * Added Vary header to support caching (bug 913895)
 7070 * Implemented subparsers (bp keystone-manage2)
 7071 * Handle EC2 Credentials on /tokens
 7072 * ec2 docs
 7073 * simple docstrings for ec2 crud
 7074 * Fixed PEP8 violations and disallowed them
 7075 * Implemented bp keystone-manage2
 7076 * Fixes 918535: time not properly parsed in auth\_token middleware
 7077 * Use dateutil 1.5
 7078 * get docs working
 7079 * some cli improvements
 7080 * add checks for no password attribute
 7081 * Prestage fix - fixed requirement name; python-dateutil, not dateutil
 7082 * users with correct credentials but disabled are forbidden not unauthorized
 7083 * Pre-staging pip requires
 7084 * shimming in basics from original keystone
 7085 * test login fails with invalid password or disabled user
 7086 * doctry
 7087 * use token\_client in token tests
 7088 * remove duplicate pycli from pip-requires
 7089 * fix ec2 sql config
 7090 * get\_client lets you send user and tenant
 7091 * update how user is specified in tests
 7092 * rename ec2 tests to be more explicit
 7093 * use the sql backend for ec2 tests
 7094 * more failing ec2 tests
 7095 * add METADATA for boo
 7096 * add (failing) tests for scoping ec2 crud
 7097 * add some docs that got overwritten last night
 7098 * Bug #916199: keystone-manage service list fails with AttributeError on Service.description
 7099 * Exception raise error
 7100 * Updates to middleware to deprecate X\_USER
 7101 * Revert "Exception raise error"
 7102 * fix pep8
 7103 * update tests
 7104 * update some names
 7105 * fix some imports
 7106 * split up sql backends too
 7107 * split up the services and kvs backends
 7108 * establish basic structure
 7109 * add docs for various service managers
 7110 * expect sphinx sources to be autogenned
 7111 * some tiny docs
 7112 * fix sphinx
 7113 * testing rst on github
 7114 * updating dependencies for ksl
 7115 * needed to do more for cli opts
 7116 * make a main in keystone-manage
 7117 * fix pep8 error
 7118 * rename apidoc to autodoc
 7119 * Fix typo
 7120 * Fix LDAP Schema Syntax (bug 904380)
 7121 * return to starting directory after git work
 7122 * spacing
 7123 * tests for ec2 crud
 7124 * add keystoneclient expected format
 7125 * add sql backend, too
 7126 * add an ec2 extension
 7127 * update readme
 7128 * Exception raise error
 7129 * re-indent
 7130 * re-indent
 7131 * re-indent
 7132 * re-indent kvs.py
 7133 * re-indent test.py
 7134 * remove models.py
 7135 * add some docs to manager
 7136 * dynamic manager classes for now
 7137 * add a couple more tests
 7138 * Bug #915544: keystone-manage version 1 commands broken when using flags
 7139 * add some more todos
 7140 * strip newlines
 7141 * TODO
 7142 * add role refs to validate token
 7143 * fix token auth
 7144 * check for membership
 7145 * flush that sht
 7146 * add more middleware
 7147 * fixing WatchedFileHandler
 7148 * logging to debugging by default for now
 7149 * add a noop controller
 7150 * woops
 7151 * add glance middleware ??
 7152 * add legacy middleware
 7153 * fix setup.py
 7154 * adding #vim to file with changed indent
 7155 * add id-only flag to return IDs
 7156 * rename ks to keystone-manage
 7157 * fixing imports for syslog handlers and gettext
 7158 * adding gettext
 7159 * adding logging from configuration files, default logging per common
 7160 * cli using keystoneclient
 7161 * add a db\_sync command to bin/ks, remove others
 7162 * merge test and default configs
 7163 * adding project to keystone config to find default config files
 7164 * some more config in bin/keystone
 7165 * in the bin config too
 7166 * rename many service parts to public
 7167 * keystone\_compat -> service
 7168 * remove keystone from names, remove service
 7169 * remove default configuration
 7170 * basic service running again
 7171 * rename extras to metadata
 7172 * version number in setup.py
 7173 * add basic sphinx doc bits
 7174 * remove references to keystone light
 7175 * renaming keystonelight to keystone
 7176 * keystoneclient tests working against sql backend
 7177 * run all teh keystoneclient tests against sql too
 7178 * move everything over to the default config
 7179 * config system overhaul
 7180 * add nova's cfg framework
 7181 * fix pep8
 7182 * missed a file
 7183 * most tests working again
 7184 * still wip, got migration mostly working
 7185 * get the sql ball rolling, still wip
 7186 * add sql backend, WIP
 7187 * Show useful traceback if manage command fails
 7188 * Fix minor typo
 7189 * Add 'tenants' to Auth & Validate Response
 7190 * Fixed Test Coverage Handling
 7191 * Adding prettytable dependency
 7192 * Front-end logging
 7193 * tweaking for running regular tests in jenkins
 7194 * Implement Role Model
 7195 * xsd fixes
 7196 * Added decorators for admin and service\_admin checks
 7197 * Initial keystone-manage rewrite (bp keystone-manage2)
 7198 * Correct endpoint template URLs in docs
 7199 * fix bug lp:843064
 7200 * finished up services stuff
 7201 * add the various role tests
 7202 * add list users
 7203 * get user tests working
 7204 * Remove install\_requires processing
 7205 * get endpoints test working
 7206 * get tenant\_add\_and\_remove\_user test working
 7207 * tenant test working again
 7208 * copy over the os-ksadm extension
 7209 * Implement Endpoint, Endpoint Template, and Credential Managers
 7210 * PEP8 keystone cleanup
 7211 * Changes run\_tests.sh to also run pep8 by default
 7212 * example crud extension for create\_tenant
 7213 * Updates to Tests/Testing
 7214 * Un-pythonic methods lp:911311 Fixed pep8 problems Changed comments to docstrings
 7215 * get some tests working again
 7216 * merge fixes
 7217 * fixup
 7218 * Made tests use both service and admin endpoints
 7219 * All tests but create\_tenant pass
 7220 * Split keystone compat by admin and service endpoints
 7221 * Install a good version of pip in the venv
 7222 * fix bug lp:910491 option "service\_host" in keystone.conf not works
 7223 * Added broken tests to show compatibility gaps
 7224 * Added tox.ini file
 7225 * Split keystone compat by admin and service endpoints
 7226 * Implement Service Manager
 7227 * Implement Tenant Manager
 7228 * Fixes bug lp:910169 - Tests are using too much memory Added super() call to tearDown() method
 7229 * Changed the call to create the KeystoneContextMiddleware object to pass the correct glance ConfigOpts object
 7230 * Added logging on core modules
 7231 * Adding logging to Auth-Token Middleware
 7232 * Implement Role Manager
 7233 * Refactor models and backends
 7234 * Add HP-IDM extension to fix Bug 890411
 7235 * Move URL Normalizer to Frontends
 7236 * move novaclient tests over also
 7237 * clean up test\_identity\_api
 7238 * clean up keystoneclient setup
 7239 * Move Global Role variables out of backendutils
 7240 * Bug #909255: Endpoint handling broken on SQL backend by portable-identifiers changes
 7241 * add role crud
 7242 * speed up tests
 7243 * add basic fixture functionality
 7244 * documentation driven development
 7245 * novaclient now requires prettytable
 7246 * Return Endpoint IDs
 7247 * Correct Handling of Default Tenant
 7248 * Fix duplicate logging
 7249 * Added global endpoints response in XML as well
 7250 * Fix: Client and Unit Tests not correctly failing a build
 7251 *  Bug #907521.     Changes to support get roles by service
 7252 * Always Return Global Endpoints
 7253 * Added release notes
 7254 * Fixed error with database initialization
 7255 * Tests use free TCP/IP ports
 7256 * Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here:   https://github.com/ziadsawalha/keystone/commits/tests
 7257 * Added HP-IDM documentation artifacts
 7258 * whitespace
 7259 * whitespace
 7260 * make create\_tenant work for keystone api
 7261 * common ks client creation
 7262 * Fixed version response (bug 891555 and bug 843052)
 7263 * Implement Multiple Choices Response (bug 843051)
 7264 * updating of docs
 7265 * Fix LDAP schema (bug 904815)
 7266 * working on a tenant\_create test
 7267 * standardize spacing
 7268 * novaclient uses password instead of apikey
 7269 * update to use the correct repo for python-novaclient
 7270 * fix tenant auth tests
 7271 * Updated namespace
 7272 * Fixes the catalog return in d5\_compat calls
 7273 * Added: ./keystone-manage database goto <version>
 7274 * Added databased version check on startup w/ docs
 7275 * Revised in-memory sql connection path for sqlalchemy
 7276 * Clarify 'test not found' error message
 7277 * Contract fix: change IDs from xsd:ID to xsd:string
 7278 * Tenants - asserted all the things (bug 887844)
 7279 * Support for unscoped admin tokens
 7280 * LDAP: fix to keystone.ldif
 7281 * Contract fix: IDs are not Ints, they are ID or string types
 7282 * Contract fix: description optional
 7283 * Update tracer excludes for Linux
 7284 * Fixed bug 905422. Swift caching should work again.  Also fixed a few other minor syntactical stuff
 7285 * Update test\_keystone\_manage to use unittest2
 7286 * Python 2.6 subprocess.check\_output doesn't exist
 7287 * No more python path changes
 7288 * Clarified language on migration instructions
 7289 * Refactor: Workaround for python build\_sphinx failure
 7290 * Fixed some skipped tests
 7291 * Format keystone-manage output better
 7292 * Added instructions to git clone from github
 7293 * Refactor: Computing api/model module paths dynamically
 7294 * Introduces UID's & domain models (bp portable-identifiers)
 7295 * Improved test coverage of d5 compat
 7296 * Fixed: Tests returning successful (0) on failure
 7297 * D5 Compatibility Support
 7298 * Added original tenants blueprint to docs
 7299 * Fixed broken import of version info (bug 902316)
 7300 * Added missing import preventing keystone from starting (bug 901453)
 7301 * Fix some issues with new version module
 7302 * quantum\_auth\_token.py middleware fails on roles
 7303 * Removed Server class from \_\_init\_\_.py
 7304 * Fix auth\_token middleware: make \_verify\_claims not static. Fixes bug #901049
 7305 * Pylint fixes to auth\_token.py
 7306 * Split version code into its own file
 7307 * Change is\_global == 1 to is\_global == True
 7308 * Bug 897496: Remove tenant id from Glance URLs
 7309 * Refactor: move initialization code to class
 7310 * Add missing json validation
 7311 * Refactor: get rid of keystone/config.py
 7312 * Fixes missed tests and subsequently introduced bugs
 7313 * Rename .keystone-venv to .venv
 7314 * Refactor: Rename auth controller to token controller
 7315 * Added documentation
 7316 * Added SSL and memcache sample config files
 7317 * Updated auth\_token middleware caching to support memcache
 7318 * Deprecating RAX-KEY middleware
 7319 * Added argparse to support python 2.3 - 2.6
 7320 * Make bin/keystone use port settings in the config file. Fixes bug #898935
 7321 * Bug#899116: use correct module when building docs
 7322 * Minor RST changes
 7323 * Revised extension documentation
 7324 * Added documentation for SQL tables
 7325 * Remove pysqlite deps. Fixes bug #898343
 7326 * Pretty-printed JSON samples
 7327 * Added option to pretty-print JSON
 7328 * Implements blueprint keystone-swift-acls
 7329 * Updated docstring to match auth\_token.py (bug 898211)
 7330 * Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from  additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file
 7331 * Added JSON validator; fixed samples (bug 898353)
 7332 * Fixes a number of configuration/startup bugs
 7333 * Fixed RST syntax (bug 898211)
 7334 * Revised schema migration docs
 7335 * Improved doc formatting consistency (bug 898211)
 7336 * Fixed RST syntax in doc strings (bug 898211)
 7337 * Added ssl docs to index; fixed rst syntax (bug 898211)
 7338 * Bug-897724: Added method to list endpoints specific to a service and related tests
 7339 * Eliminated debug output from sphinx\_build (bug 898211)
 7340 * Updated testing
 7341 * Fixes bug lp:897819
 7342 * Check that endpointTemplate ID is valid in endpoint add cmd (#897749)
 7343 * Added Endpoint and Endpoint Template documentation
 7344 * Bug #854104   - Changes to allow admin url to be shown only for admin users.   - Additional test asserts to verify
 7345 * Fixed memcache tests
 7346 * Update documentation and examples following API 1.1 removal
 7347 * Fixes bug 843065
 7348 * Additional middleware test coverage
 7349 * Enforce service ownership
 7350 * Add keystone\_tenant\_user\_admin option and fixes
 7351 * Make owner the user named same as tenant/account
 7352 * Restored developer default log dir
 7353 * Add default for log directory and log filenames
 7354 * Added wadls, pdfs, samples and functional test confs (bug 891093)
 7355 * Additional documentation
 7356 * ./keystone-manage endpointTemplates list missing arg (bug 891843)
 7357 * Bug #890399
 7358 * Bug #891451: Changes to support update endpointTemplates call in the WADL
 7359 * add an example for capability rbac
 7360 * make readme use code style
 7361 * add the policy code
 7362 * describe and add a policy backend
 7363 * policty stub
 7364 * re-indent
 7365 * Added timeout to bufferedhttp class and timeout setting for middleware - bug 891687
 7366 * Refactoring master to match stable/diablo fix for bug 891710
 7367 * Refactor auth\_token.py to only call out to Keystone once
 7368 * Added files missing from dist packaging (bug 891093)
 7369 * pylintrc should not be hidden (bug 891093)
 7370 * Simplified gitignore (in pursuit of bug 891093)
 7371 * Fixes typo in setup document
 7372 * Adding middleware tests
 7373 * Remove executable bit on template
 7374 * change array syntax
 7375 * updates to make compatible with middleware
 7376 * mergeish dolph's port change
 7377 * fix tests
 7378 * handle unscoped requests
 7379 * adjust default port
 7380 * Revised version status response (bug 890807)
 7381 * Refactored headers produced by middleware (bug 835087)
 7382 * move noop to identity controller
 7383 * Ignoring db migrate mgmt module to workaround bug 889287
 7384 * 'text/json' should be 'application/json' (bug 843226)
 7385 * Revised curl examples (bug 884789)
 7386 * allow setting user\_id on create
 7387 * users require a name
 7388 * pep8
 7389 * update test conf too
 7390 * cli for adding users, tenants, extras
 7391 * adjust paths and use composite apps
 7392 * add tests for extras
 7393 * add tenant crud
 7394 * oops, forgot update in crud
 7395 * add crud tests
 7396 * add crud tests
 7397 * add crud tests
 7398 * add test for create user and get user
 7399 * add test for create user and get user
 7400 * re-indent identity.py
 7401 * don't pep8 swp files
 7402 * accept data as kwargs for crud
 7403 * use the keystone app in the conf
 7404 * reorg
 7405 * re-indent service.py
 7406 * Bug 888448: - Changes to allow validate token call return user name as per contract. - Additional test assertions to test the same. - Changes to middleware
 7407 * more dyanmic client
 7408 * get some initial identity api tests working
 7409 * update service to middleware in confs
 7410 * move around middleware
 7411 * make a composite app
 7412 * add crud methods to identity manager
 7413 * Add a new swift auth middleware
 7414 * Use TENANT\_ID if it exists, but still support X\_TENANT
 7415 * cli beginnings
 7416 * Bug 888170: Fixing references to incorrect schema
 7417 * add admin port
 7418 * add an etc dir
 7419 * Bug #888210: Changes to fix calls to use the right path
 7420 * bug 878431: Minor changes to auth\_token middleware
 7421 * add a default handler for /
 7422 * Bug #886046 Add Quantum auth middleware to Keystone source code tree
 7423 * add a stubby setup.py
 7424 * use paste for the binary
 7425 * add a trivial admin-only middleware
 7426 * update keystone sample tests, skip one
 7427 * Bug #887236: - Changes to allow extensions to be configured. - Introduced a new property that holds list of extensions that are to be enabled
 7428 * add crud info to readme
 7429 * get novaclient tests working
 7430 * add novaclient, intermediate
 7431 * add run\_tests.sh and pep8 stuff
 7432 * remove italics on Light
 7433 * modify requirements
 7434 * link diagrams
 7435 * Track post-Diablo database evolution using migrations (BP: database-migrations)
 7436 * Changed blatant hack (fixed spelling also) to 5 second timout as tests were not completing
 7437 * Use TENANT\_ID instead of TENANT for project\_id
 7438 * X.509 client authentication with Keystone.  Implements blueprint 2-way-ssl
 7439 * whitespace
 7440 * added catalog tests
 7441 * added tests for tokens
 7442 * test the other methods too
 7443 * add some tests and get others to pass
 7444 * add some failing tests
 7445 * add a default conf
 7446 * minor whitespace cleanup
 7447 * add some todo
 7448 * fixed the output message error on granting user a role
 7449 * Bug #884930 Support/Remove additional calls for for Tenant. - Supported call to get users for a tenant for a specific role. - Removed calls to get specific role for a user and to get all the roles for a specific tenant as they are not useful. - Fixed LDAP backend call to get users for a tenant. - Disabling Invalid pylint check
 7450 * adding docs to test classes, updating run\_tests.sh to match reality adding debug middleware factory adding docs on enabling debug middleware resolving pep8 issues
 7451 * Fixes LP Bug#885434 - Documentation showing multiple tenants misleading
 7452 * add example
 7453 * rst blah blah
 7454 * updated readme
 7455 * authenticate and tenants working
 7456 * working authenticate in keystoneclient
 7457 * remove test\_keystone\_compat's catalog tests
 7458 * add templated catalog backend
 7459 * Use pure version number ("2012.1") in tarball name
 7460 * Set run\_tests.sh so pep8 runs in the virtualenv
 7461 * bug 885364
 7462 * bug:884518 Changes to support passwordcredentials calls as per API contract. Minor LDAP code change to support tests
 7463 * Fixed spelling of 'Resources' (Resoruces)
 7464 * pep8 cleanup
 7465 * everything but the catalog
 7466 * Remove execute bit on keystone.conf
 7467 * Fixes LP882760.Changes to return TenantId properly as part of roles.Additional tests to support the same
 7468 * Moving contributor docs into rst (bug #843056)
 7469 * fixing search sequence to not include directory structure from os.walk()
 7470 * bug lp:882371 Standardize Json pagination structures
 7471 * get a checkout of keystoneclient
 7472 * bug lp:882233 Code changes to support API calls to fetch services/roles by name
 7473 * Removed contributor doc build info from project README (bug #843056)
 7474 * Revised documentation build process (bug #843056)
 7475 * updates to keystone documentation - install & conf bug 843056 blueprint keystone-documentation
 7476 * Specific LDAP version causing hiccups installing on latest ubuntu & fedora
 7477 * Adding the concept of creating a Keystone HTTP client in Python which can be used in Keystone and imported from Keystone to allow for easier Keystone integration
 7478 * Add .gitreview config file for gerrit
 7479 * updating keystone developer documentation updating docstrings to remove errors in automodule generation updating setup.py to generate source documentation blueprint keystone-documentation bug 843056
 7480 * Changes to support getuser by name and gettenant by name calls
 7481 * Changes to support get endpoints for token call
 7482 * Additional changes to support endpointtemplates operations.Disabling pylint msgs that dont fit
 7483 * Github markdown doens't seem to like irc:// links
 7484 * Removed 'under construction' docs provided elsewhere
 7485 * Updated self-documentation to point to docs.openstack.org
 7486 * Revised documentation
 7487 * Changes to endpoint operations as per OSKSCATALOG contract. Adding couple of pylint fixes
 7488 * Refactored version attributes
 7489 * Changes to support endpointTemplate operations as per new API.Fixed issues with command line manage stuff
 7490 * Updated Secret Q&A to extend CredentialType
 7491 * Changes to support API calls as per OS-KSCATALOG extension
 7492 * Improved CLI error feedback (bug 877504)
 7493 * authenticate working, too
 7494 * base tests on keystone-diablo/stable
 7495 * get tenants passing, yay
 7496 * flow working, added debugging
 7497 * add context to calls
 7498 * move diagram into docs dir
 7499 * refactor keystone compat and add catalog service
 7500 * added sequence diagrams for keystone compat
 7501 * Resubmitting change. Fixing issue #843226. Changes to throw appropriate faults during token validation
 7502 * bug lp:865448 change abspath to dirname in controllers/version.py to correct path problems
 7503 * Moving non core users and tenants calls to appropriate extensions
 7504 * Fix issues in the ec2 middleware
 7505 * Adding calls to get roles for user as per new format.Cleaning references to old code
 7506 * Fixes LP844959, typo in Authors file
 7507 * Changes to support roles and services calls via extensions. Change-Id: I1316633b30c2be07353dacdffb321791a4e2e231
 7508 * Simplified README
 7509 * First commit for Secret Question and Answer Extension: RAX-KSQA
 7510 * Fixing issue 854425.ie chaning token table name to tokens. Fixing issue 863667.Changes to support updation of user/tenant name as well using api calls. Fixing LDAP backend to have id independent of name.Fixing getuser call to also return name
 7511 *  Fixing bug 859937.  Removing incorrect atom feed references from roles.xsd
 7512 * Minor corrections to the middleware and wadl
 7513 * Changes to show name also for the user list
 7514 * Changes to show admin URL also as a part of json in endpoints listing
 7515 * getting closer, need to match api now
 7516 * tests running through, still failing
 7517 * add a test client
 7518 * added a test, need to get it working now
 7519 * Use the tenant name for X\_TENANT
 7520 * Fix possible\_topdir computing
 7521 * Change roleId to role.id for swift middleware
 7522 * adding in doc and setup to cover existing scripts adding doc around credentials command usage (for EC2)
 7523 
 7524 2011.3
 7525 ------
 7526 
 7527 * Updating legacy auth translation to 2.0 (bug #863661)
 7528 * Shouldn't look in /etc/init/ for config files
 7529 * Changing default admin port from 5001 to 35357, per IANA/IETF (bug #843054)
 7530 * Organizing and documenting pypi requirements
 7531 * sample data updates to remove -service from image and identity
 7532 * Refactor and unit test json auth parsing
 7533 * Error message expecting 'e' in local scope
 7534 * Do not return identical error messages twice
 7535 * Update auth examples in README
 7536 * README.md changes to point to openstack repo
 7537 * updating docs for Mac source install, no docs for mac package install relevant
 7538 * POST /tokens: Added tenant id & name to scoped tokens in XML (#862752)
 7539 * Updated guides.Have recompiled to use the latest examples
 7540 * Fix bug 861546
 7541 * Fix swift middleware with regard to latest changes
 7542 * Changes to support getTenants to behave differntly for admin users when invoked as a service api or admin api
 7543 * Changes to stored hashed password in backends. Using passlib a password hashing library. Using sha512. Setting hashing to be the default behavior
 7544 * Changes to WADLs to refer actual types
 7545 * Revised docstring
 7546 * Added /etc/init/keystone.conf to list of known configuration paths
 7547 * Revising tenant IDs & Names in samples (#854228)
 7548 * Authenticating against non-existent tenant (fixed #859927)
 7549 * Adds list of dependencies to dev install
 7550 * Fixed Anne's email address & list position (alphabetical)
 7551 * Added support for scoping by tenantName
 7552 * Changes to return groups as a part of RAXKSGRP extension.Also fixed incorrect schema version references in wadls and examples
 7553 * Changes to support authenticate call to accept token as per agreed format
 7554 * Minor changes to wadl
 7555 * Making type mandatory as per sandy's request and minor fixes to wadl examples. Adding Ann as an author
 7556 * Changes to structures to support authenticate using token. Minor wadl fixes. Adding Anne as an author
 7557 * Removing token element from token.xsd
 7558 * Update to token.xsd to allow element token as a root element in relation tu bug: https://bugs.launchpad.net/keystone/+bug/855216 - apiKeyCredentials Samples casing apiKey update
 7559 * Changes to support endpoint template addition/listing by service names. Changes to list service details as well
 7560 * Modified apiKeyCredentials to extend single entity and use restriction
 7561 * Reorder params in User() constructor
 7562 * Fix for bug 856857 - add user.name to User() constructor to re-align param
 7563 * Fix for bug 856846 - cast ints to string in users\_get\_by\_tenant\_get\_page so that they can be joined
 7564 * POST /tokens: A chronicle of missing features
 7565 * Fixes issues with ldap tests
 7566 * Get Service Catalog from token
 7567 * Fixes auth\_token middleware to allow admin users in nova
 7568 * Initial set of changes to move role operations to extensions
 7569 * Updating guide wrt wadl changes
 7570 * Minor Changes to extension WADL
 7571 * Changes to support auth catalog as per new format
 7572 * Changes to docs
 7573 * Adding tenantid to user roles and endpoints
 7574 * Fixes bug 855823
 7575 * Add code removed in https://code.launchpad.net/~vishvananda/nova/remove-keystone-middleware/+merge/76297 to keystone
 7576 * Added support for HEAD /tokens/{token\_id} Changed POST /tokens response container from 'auth' to 'access'
 7577 * Making identity-admin.wadl well-formed
 7578 * Converting to new doc format for included code samples
 7579 * Changing authenticate request content xml as well as json
 7580 * GET /tokens/{token\_id}: Exposing both role ID's and Name's
 7581 * Renaming 'roleRef' container to 'role'
 7582 * Renaming 'roleRefs' container to 'roles'
 7583 * Renaming GET /tokens/{token\_id} response container to 'access'
 7584 * Revised samples
 7585 * Fixed path issues with keystone-import
 7586 * Update validate\_service\_or\_keystone\_admin\_token so that it doesn't cause exceptions if the admin or service admin haven't been configured
 7587 * Changing/introducing actual extension json/xml snippets. Adding updated documents
 7588 * Backend-managed role & service ID's (bug #834683)
 7589 * Initial Changes to move service operations to extensions
 7590 * Docs,wadls,samples,initial code to support RAX-KSKEY and OS-KSEC2 extensions. Removed tenant id from being part of endpoints
 7591 * Glance Auth Token Middleware fix
 7592 * Sorted AUTHORS list
 7593 * adding imports from Nova for roles, tenants, users and credentials
 7594 * Update keystone-manage commands to convert tenant name to id. Fixes #lp849007
 7595 * 1.Changed all Json paginated collection structure. 2.Introduced a type for credential type (path param) and change wadls and xsds. 3.Added List Users call. 4.Changed Endpoint creation example
 7596 * Don't import keystone.test unless we are in testing. Fixes #lp848267
 7597 * Add toggle to run tests in-process, w/ realtime progress feedback
 7598 * Add ability to run fakeldap in memory
 7599 * Added backend-managed primary key to User and Tenant model
 7600 * Introducing doc to support OS-KSCATALOG extensions.Adding new calls to OS-KSADM extension document
 7601 * Adding initial document for OS-KSADM-admin extension.Related changes on wadl,json,xsd etc
 7602 * Fixing sample content
 7603 * Adding new doc.Changes to sample xmls and jsons
 7604 * Validation content and relavant changes
 7605 * Minor fixes on xsds and sample xmls
 7606 * Fixing existing wadl.Completing wadl for extension OS-KSADM
 7607 * Fix invocations of TemplateError.  This exception takes precisely three parameters, so I've added a fake location (0, 0) to keep it happy
 7608 * Adding wadl for OS-KSCATALOG extension.Fixing existing xsds.Fixing service wadls. Merging changes. Change-Id: Id29dc19cbc89f47e21329e531fc33bd66c14cf61
 7609 * Update Nova and Glance paste config examples
 7610 * Various documentation-related changes
 7611 * Consolidating xsds. Splitting contrib to admin and service
 7612 * Adding guides for groups extension
 7613 * Fix host/port split code in authenticate\_ec2. Resolves an AttributeError: 'Ec2Credentials' object has no attribute 'partition' exception that can occur for EC2 auth validations
 7614 * Adding guide for RAX-KSKEY-service extension. Adding guide for OS-KSEC2-service extension
 7615 * Fix NameError exceptions in add\_credentials. Adds test case on creating credentials
 7616 * Redefining credential types. Defining additional extensions and renaming extensions. Removed wadls that are not needed
 7617 * Fix for duplicate <any> tag on credentials.xsd
 7618 * Move tools/tracer into the keystone code. Fixes ImportError's when running keystone as a .deb package
 7619 * Fixed error where endpoints returned for tenant instead of token
 7620 * Updated the AUTHORS file to test the new rpc script and workflow
 7621 * Update rfc.sh to use 'true'
 7622 * Made it possible to integrate with external LDAP
 7623 *     Dev guide rebuild and minor fixes
 7624 * Updates to samples, XSDs, and WADLs
 7625 * Added AUTHORS, .mailmap and generate\_authors.sh
 7626 * Changes to support endpoint template updates
 7627 * Fixes bug 831574. Adds missing sys import
 7628 * Updated schema to reflect id and name changes to Users and Tenants
 7629 * Updated guides and samples
 7630 * Additional contract changes
 7631 * Sample changes
 7632 * Atom links on Token
 7633 * Cleanup service it endpoint catalog
 7634 * Removed redundant function from base user api
 7635 * Updated samples
 7636 * Fixed reference to unassigned variable
 7637 * Reworked XSDs and WADL to support auth and access elements
 7638 * Remove more group stuff
 7639 * Removed OSX files that shouldn't be in git
 7640 * Documentation cleanups
 7641 * Banished .DS\_Store
 7642 * Add rfc.sh for git review
 7643 * Wrong common namespace
 7644 * XSD & sample updates
 7645 * Added more missing files to MANIFEST.in
 7646 * hanges to allow test to work on python 2.6.\*
 7647 * Cleaned up come issues with python2.6
 7648 * Refactored manage.py to be both testable and useful for testing
 7649 * Sample changes to support v2.0 api
 7650 * Sample changes to support v2.0 api
 7651 * Admin WADL Revisions
 7652 * Add the files in keystone/test/etc
 7653 * Add run\_tests.\* to the MANIFEST.in
 7654 * Keystone manage.py cleanup
 7655 * Tests running on in-memory sqlite db
 7656 * Additional changes to fix minor service support stuff and increase test coverage. Also making validate token call available using service admin tokens
 7657 * Made all sample data loading in one script
 7658 * Minor fix to run\_tests
 7659 * Contract changes
 7660 * Admin WADL updates
 7661 * Port of glance-control to keystone.  This will make writing certain keystone integration functional tests a little easier to do
 7662 * Updates to XML and JSON changes for validateToken
 7663 * Added pylint message count as run\_tests.sh -l
 7664 * Added reponse handling for xsd static file rendering III Extra extension tests (for RS-KEY)
 7665 * Creating an artificial whitespace merge conflict
 7666 * Moved run\_test logic into abstract class
 7667 * Git-ignore python coverage data
 7668 * Added reponse handling for xsd static file rendering
 7669 * Additional tests and minor changes to support services CRUD
 7670 * Added reponse handling for xsd static file rendering
 7671 * Schema updates. Split WADLs and extensions and got xsds to compile
 7672 * Ziads changes and fixes for them
 7673 * Added check\_password to abstract backend user API
 7674 * Doc changes, including service catalog xsd
 7675 * Fixed service-bound roles implementation in LDAP backend
 7676 * Removed ldap names import from fakeldap module
 7677 * fix ec2 and add keystone-manage command for creating credentials
 7678 * Legacy auth fix and doc, wadl, and xsd updates
 7679 * Replacing tokens with the dummy tokens from sampledata.sh
 7680 * Add option for running coverage with unit2
 7681 * Adding curl documentation and additional installation doc. Also updated man documentation for keystone-manage
 7682 * Changes to improve performance
 7683 * Removed the need to set PYTHONPATH before tests
 7684 * Back to zero PEP8 violations
 7685 * Schema and WADL updates
 7686 * Adding documentation to WADL
 7687 * Correct 401, 305, and www-authenticate responses
 7688 * Correct 401, 305, and www-authenticate responses
 7689 * Correct 401, 305, and www-authenticate responses
 7690 * Added xsd content, update static controller, and static tests
 7691 * Updated wadl
 7692 * Fix LDAP requires to compatible version
 7693 * Moved password check logic to backend
 7694 * Changes to delete dependencies when services,endpoint\_templates,roles are being deleted. PEP8 and Pylint fixes.Also do ldap related changes
 7695 * Add LDAP schema
 7696 * Add wrapper for real LDAP connection with logging and type converting
 7697 * Fix console and debug logging
 7698 * Redux: Add proper simple\_bind\_s to fakeldap
 7699 * Adds support for authenticating via ec2 signatures
 7700 * Changes to allow additional calls to support endpoint template CRUD and additional checks on existing method
 7701 *  Committer: Joe Savak <joe3963@joe3963-VirtualBox.(none)>
 7702 * Refactoring business logic behind GET /tenants to make it less convoluted
 7703 * Moved run\_tests.py to match other projects
 7704 * Revert "Add proper simple\_bind\_s to fakeldap, removed all imports from ldap."
 7705 * Add proper simple\_bind\_s to fakeldap, removed all imports from ldap
 7706 * Gets Keystone a bit more inline with the way that other OpenStack projects run tests. Basically, adds the standard run\_tests.sh script, modifies the run\_tests.py script to do the following:
 7707 * Changes to support CRUD on services/roles
 7708 * Issue #115: Added support for testing multiple keystone configurations (sql-only, memcache, ldap)
 7709 * Added automatic test discovery to unit tests  and removed all dead tests
 7710 * PEP8 fixes... all of them
 7711 * Small licensing change to test Gerrit
 7712 * Small change to test Gerrit
 7713 * Fix brain-o--we may not need project\_ref, but we do need to create the project!
 7714 * updated README with more accurate swift info
 7715 * Determine is\_admin based on 'Admin' role; remove dead project\_ref code; pass auth\_token into request context; pass user\_id/project\_id into request context instead of their refs
 7716 * Added support for versioned openstack MIME types
 7717 *  #16 Changes to remove unused group clls
 7718 * Add unittest2 to pip requires for testing
 7719 * #66 Change in variable cases
 7720 * #66 Change in variable cases
 7721 * Changes to make cache time configurable
 7722 * Changes to store tokens using memcache #66
 7723 * Changes suggested by Ziad.Adding validateToken operation
 7724 * Flow diagram to support keystone service registration
 7725 * Restored identity.wadl w/ system test
 7726 * pylint fixes for role api
 7727 * Removing attribute duplicated from superclass; causes an issue in py 2.7
 7728 * pylint fixes for tenant-group unit tests
 7729 * pylint fixes for server unit tests
 7730 * Making the API version configurable per API request
 7731 * PEP8 fixes for system tests
 7732 * Issue #13: Added support for Accept-appropriate 404 responses w/ tests for json & xml
 7733 * Simple change to test gerrit
 7734 * Document how to allow anonymous access
 7735 * Sigh. Proofreading..
 7736 * Update README with instructions to fix segfault
 7737 * These changes make no sense--I didn't do them, and I'm in sync!
 7738 * Add middleware for glance integration
 7739 * #3 Preventing creation of users with empty user id and pwds
 7740 * Fixing naming conflict with builtin function next()
 7741 * This makes the use of set\_enabled more clear
 7742 * Fixes failing test introduced after disabled check remove
 7743 * Changes to allow password updates even when the user is disabled.Also fixed failing tests
 7744 * Disabled users should now be returned by GET /users/{user\_id}
 7745 * Updating a disabled user (via xml) should now succeed
 7746 * Updating a disabled user should now succeed
 7747 * Noted potential issue, but I'm not sure if this is dead code or not anyway?
 7748 * Assigned Base API classes so downstream code knows what to expect
 7749 * Adding missing class variable declaration
 7750 * Cleaning up unit tests
 7751 * Removes disabled checks from get\_user and update\_user
 7752 * Fixing module-level variable naming issues
 7753 * Improving variable naming consistency
 7754 * Avoiding overloading of built-in: type()
 7755 * Fixing indentation
 7756 * Specified python-ldap version, which appears to avoid the packaging issues we've experienced
 7757 * Added missing import
 7758 * More LDAP tweaks
 7759 * LDAP backend updates
 7760 * More test fixes
 7761 * Fixed deprecation warning
 7762 * Updated test to allow for additional role
 7763 * Restored UnauthorizedFaults to token validation requests
 7764 * Fix for issue #85
 7765 * - System test framework can now assert specific response codes automatically - Revised system test for issue #85 based on clarification from Ziad - Added system test to attempt admin action using a service token
 7766 * Adds the member role to sampledata, gives it to joeuser
 7767 * PEP8 fixes
 7768 * Formatting
 7769 * Merged duplicate code
 7770 * Add first implementation of LDAP backend
 7771 * Added (failing) system test for issue #13
 7772 * Minor cleanup
 7773 * Made all API methods raise NotImplementedError if they are not implemented in backend
 7774 * Made delete\_all\_endpoint calm if there is nothing to do
 7775 * Fixed bug causing request body setting to fail
 7776 * Add check to sqlalchemy backed to prevent loud crush
 7777 * Tweaked import\_module to clearly import module if it can
 7778 * Removed hardcoded references to sql backends
 7779 * Add exception throwing and logging to keystone-manage
 7780 * Merging keystone.auth\_protocols package into keystone.middleware
 7781 * - Added 'automatic' admin authentication to KeystoneTestCase using bootstrapped user - Added system tests for admin & service authentication - Abstracted '/v2.0' path prefix away from system tests - Added simple uuid function to generate data for system tests (random number gen w/ seeds might work better?) - Refactored issue #85 tests with setUp & tearDown methods
 7782 * Clarifying test case
 7783 * Fixed minor pylint issues
 7784 * Removed tenant id from admin user
 7785 * Move dev guide to OpenStack
 7786 * Commented out failing request, until it's review
 7787 * Wrote test case for github issue #85
 7788 * Formatting change
 7789 * Was this a typo or an incredibly lame joke?
 7790 * Added missing imports and fixed a few pylint issues
 7791 * Improved dict formatting
 7792 * Improved readability a bit
 7793 * Abstracted underlying HTTP behavior away from RestfulTestCase Added 'automatic' JSON body encoding (TODO: automatic XML encoding) Improved user-feedback on automatic response status assertion
 7794 * Added run\_tests.py to keystone.test.system, which uses bootstrap db script
 7795 * Added bootstrap configuration script (with admin user assigned an Admin role)
 7796 * Added 'automatic' token auth for each API
 7797 * Refactored port configuration strategy to allow a single test case to address both the admin and service API's
 7798 * Added automatic json/xml parsing to system test framework
 7799 * Added system test discovery to run\_tests.py
 7800 * Added system tests for content type handling and url rewriting
 7801 * Updated tests to reflect last bug fix
 7802 * Extracted sample test from framework and moved system test framework into \_\_init\_\_
 7803 * Converted system test framework to use httplib
 7804 * Initial system test approach, using urllib2
 7805 * Fixed bug: traceback thrown when the path '/' is requested
 7806 * Updated \*unused\* tests to reflect refactored API's
 7807 * Removed some useless/dead code
 7808 * Cleaned up authentication tests
 7809 * Improved readability slightly
 7810 * Moved db imports to config module Removed useless try/except blocks
 7811 * Organized imports
 7812 * Simplified a few util functions
 7813 * Fixed line length
 7814 * Renamed service API configuration options
 7815 * Renamed ServiceApi router module
 7816 * Renamed ServiceApi router
 7817 * Cleaned up keystone.logic
 7818 * Removed unused logger
 7819 * Refactored routers and controllers into their own modules (issue #44)
 7820 * Fixed doc string
 7821 * Improved PEP8 compliance
 7822 * Fixed spelling
 7823 * Removed unused import
 7824 * Slightly simplified base wsgi router
 7825 * Added note about run\_tests.py to readme
 7826 * Organized imports
 7827 * Improved readme consistency
 7828 * pep8
 7829 * Pylint an pep8 fixes
 7830 * Fixing bug reported using with swift
 7831 * Fixed default content type behavior (was defaulting to XML)
 7832 * Removed redundant action mappings (for version controller)
 7833 * Renamed exthandler to urlrewritefilter to better illustrate it's purpose
 7834 * Minor comment change
 7835 * Refactored URL extensions handling (for .json/.xml) Added universal support for optional trailing slashes
 7836 * Return users in a tenant as part of a many-to-many relationship
 7837 * Added import, autoformatting
 7838 * Removed unused imports
 7839 * Moved exthandler to keystone.middleware
 7840 * \*\* keystone.conf refactoring \*\*
 7841 * Fixed 'is\_xml\_response' function, which had no clear intention
 7842 * Removed unused function
 7843 * Rewrote .json/.xml extension handler with additional unit test
 7844 * Added links to readme
 7845 * Added python-ldap to pip-requires
 7846 * Initialized LDAP backend
 7847 * Various fixes for test running
 7848 * Commented out suspicious unit tests.....
 7849 * Added test automation script
 7850 * Cleaned up file
 7851 * Added missing test files to test collection
 7852 * Made unit tests executable from the cmd line
 7853 * Added test\_auth to list of unit tests
 7854 * Update auth test to account for generic service names
 7855 * Changes to make Admin for keystone configurable.#27
 7856 * Remove old initializers
 7857 * Changes to introduce BaseAPI to support multiple back ends
 7858 * Changes to support dynamic loading of models
 7859 * Adding list of todos
 7860 * Initial changes to support multiple backends
 7861 * Fixed identity.wadl response - issue #71#
 7862 * Recompiled devguide with endpoints and templates
 7863 * Removed unnecessary symlink
 7864 * Changes to support endpoints and endpointemplates (renaming BaseUrls and BaseURLRefs)
 7865 * Make swift middleware live where it should
 7866 * Remove swift-y bits from generic token auth
 7867 * Changes on Sample data
 7868 * Code changes to support global endpointTemplates
 7869 * Swift-specific middleware
 7870 * Issue 31: Switching default ports to 5000/5001 (public/admin)
 7871 * Fixed readme instructions for Nova - Issue #55
 7872 * Fixed requires for development and in readme
 7873 * Bringing back the changes to support endpointTemplates and endpoints
 7874 * Readme fix
 7875 * Edited keystone/auth\_protocols/nova\_auth\_token.py via GitHub
 7876 * Issue 32: Updated readme to reflect fix for issue 32 (removed 'cd bin' prefixes before several commands)
 7877 * (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/
 7878 * Issue 32: ./bin/keystone cannot be executed outside of bin/
 7879 * Issue 31: Reverted ports to 8080/8081 while the issue is under discussion
 7880 * Adding endpoint related files
 7881 * Updated readme to reflect docs/ -> doc/ change Added tools/pip-requires-dev for depelopment dependencies
 7882 * Basic authorization for swift
 7883 * Republished developer guide for Jun 21, 2011
 7884 * Updated token validation sample xml (dev guide)
 7885 * Updated dev guide publish date
 7886 * Added developer guide build folder to git ignore list
 7887 * Auto-formatted and syntacically validated every JSON example in the doc guide
 7888 * working with dashboard
 7889 * add get\_tenants
 7890 * rudimentary login working
 7891 * most bits working
 7892 * initial
 7893 * Reverting change thats not needed
 7894 * Fixing some of the failing tests
 7895 * Merging changes from trunk
 7896 * demo of membership using keystone in sampledata
 7897 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7898 * Fixed formatting, imports
 7899 * Issue 31: Updated docs and examples
 7900 * Committing unit test configuration for issue 31
 7901 * Issue 31: Changed default ports to 80/8080
 7902 * Issue #8: Renamed primary key of Token to 'id'
 7903 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7904 * Changes to hash password
 7905 * Restored tools.tracer to bin/ scripts; included fix for empty frames
 7906 * Merging changes
 7907 * Removed unused import
 7908 * Removed redundant sentence in dev guide
 7909 * Removed unused imports in bin/
 7910 * Fix for keystone issue 41: https://github.com/rackspace/keystone/issues/41
 7911 * Merging changes from rackspace
 7912 * Fixed spelling error
 7913 * Changes to include support for paginations
 7914 * Fixing existing methods on wadl
 7915 * Fixed broken unit test code
 7916 * Refactored api function names to avoid redundancy with new module names
 7917 * Changes to wadl to support user operations
 7918 * Refactored DB API into modules by model
 7919 * Pep8 changes
 7920 * Changes to allow user creation without a tenant
 7921 * for got to change a 1.1 to 1.0
 7922 * dash needs both 1.0 and 1.1 compatability - need to fix that!
 7923 * nova needs 1.0 api currently
 7924 * Some field validations
 7925 * Merged docs
 7926 * make sampledata executable again
 7927 * Admin for nova doesn't take a tenant
 7928 * add keystone to its own service catalog
 7929 * Fixed error on UrlExtensionFilterTest
 7930 * Fixed imports; improved PEP8 formatting compliance
 7931 * Fixed imports in keystone.common
 7932 * Removed unused imports and denoted unused variables
 7933 * Fixed imports in auth\_protocols
 7934 * Removed duplicated function
 7935 * Added coverage to pip development requirements
 7936 * Fixed relative & unused imports
 7937 * Adding py init to functional tests
 7938 * Created pip requirements file for development env (added sphinx python doc generation to start)
 7939 * Added pydev files to gitignore
 7940 * Added py init files to directories already being referenced as modules
 7941 * Users must have tenants or nova breaks
 7942 * Doc updates and dev requires
 7943 * Resolved conflicts
 7944 * To PUT or to POST
 7945 * Fixed v1.0 auth test to account for cdn baseURL order
 7946 * Support for GET /v2.0/users and add cdn back to sampledata for v1.0 support
 7947 * Update the baseURL data pushed into glance
 7948 * Fix symlinks after docs -> doc rename
 7949 * Adding call to modify tenant.Adding more tests and fixing minor issue
 7950 * Added pip requirements file for testing environments
 7951 * Grammar corrections
 7952 * Adds Sphinx build ability and RST documentation
 7953 * Removing unused references to UserTenantAssociation
 7954 * Introduced a method to get all users @Users resource.Also moved the method to get user groups out of tenant scope
 7955 * Changed BaseURLs to OpenStack names
 7956 * Test fixes
 7957 * Seperating user calls from tenants
 7958 * Improved README formatting/consistency
 7959 * Updated paths to unit/function tests in README
 7960 * Updated docs: sampledata.sh can't be executed outside of bin/
 7961 * Added Routes and httplib2 to production dependencies
 7962 * Correcting typo
 7963 * Setup.py fix
 7964 * Readd test folder
 7965 * Forgot to add doc file
 7966 * Moved tests to keystone folder and removed old management tools - issue #26
 7967 * Updated SWIFT endpoint default
 7968 * Update to dev guide explaining admin call auth requirements
 7969 * Update sample data and keystone-manage for local install of OpenStack
 7970 * Put updated Swift Quickstart into README.md
 7971 * API v2.0 Proposal
 7972 * Doc updates.Minor keyston-manage changes
 7973 * Doc updates
 7974 * Doc updates
 7975 * set nova admin role if keystone user has "Admin" role
 7976 * keystone repo is now at github.com/rackspace/keystone
 7977 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 7978 * Add Admin API tests for v2 authentication
 7979 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 7980 * Rename file.Ziad suggestion
 7981 * Name changes suggested by Ziad
 7982 * Minor fixes
 7983 * Code cleanup
 7984 * PEP8 changes
 7985 * Removing redundant files
 7986 * Changing to legacy auth to standard wsgi middleware.Name change of some of the files
 7987 * Changing to legacy auth to standard wsgi middleware
 7988 * Introducing new frontend component to handle rackspace legacy calls
 7989 * Introducing new frontend component to handle rackspace legacy calls
 7990 * keystone repo is now at github.com/rackspace/keystone
 7991 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 7992 * Add Admin API tests for v2 authentication
 7993 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 7994 * Removing debug print
 7995 * Changes to return service urls for Auth1.0 style calls
 7996 * Changes to return service urls for Auth1.0 style calls
 7997 * Updating tests and sample data
 7998 * Merging changes from rackspace
 7999 * Changes to support service catalog
 8000 * pep8
 8001 * Added URLs to sampledata
 8002 * Support for listing BaseURL refs in keystone-manage
 8003 * Support transforming service catalog
 8004 * Removing remerged comments
 8005 * Adding roles as comma seperated values on a single header
 8006 * Changes to support getTenants call for user with admin privelage and regular user
 8007 * Add more test cases for v2 authentication for bad requests and unauthorized results
 8008 * Add test case for verifying GET /v2.0/tokens returns 404 Not Found
 8009 * It's possible to authenticate through the Admin API
 8010 * Changes on auth basic middleware component to return roles.Also changes on the application to return roles not tied to a tenant
 8011 * Update the sample to reflect some minor enhancements to the base framework
 8012 * Add test for validate\_token
 8013 * Save expiration data for later comparison
 8014 * Don't need to fiddle around with user tokens here, just admin tokens
 8015 * Get and revoke both admin and user tokens..
 8016 * Merging changes
 8017 * Bah, somehow my sample data failed to include Admin as admin's role
 8018 * Merging changes
 8019 * Merging changes
 8020 * Merging changes
 8021 * Meging changes
 8022 * Changes to also return role references as a part of user when get token call is made for a specific tenant
 8023 * Use un-spaced exception names..
 8024 * Try to use an admin credential to revoke the token
 8025 * Split the Keystone service from the Admin service so we can test both
 8026 * The API is a moving target; update the test
 8027 * Support for listing roles in keystone-manage
 8028 * Adds unit testing base class that takes care of much of the tedium around setting up test fixtures. This first commit just demoes the new test case functionality with a new test case /test/unit/test\_authn\_v2.py
 8029 * pep8
 8030 * Fixed issue #6
 8031 * Support POST /tokens only - issue #5
 8032 * Added quick start guide to integrating Swift and Keystone; fixed setup.py tokenauth filter installation
 8033 * Added role and user data to sampledata.sh
 8034 * Additional unit tests for base url refs.Minor code refactorings
 8035 * Changes to support baseurlrefs operations
 8036 * MD cleanup
 8037 * md futzing
 8038 * More readme cleanup
 8039 * Merged DTest tests and moved ini file to examples/paste
 8040 * moved paste example to examples
 8041 * Readme updates
 8042 * Just making sure leading whitespace is stripped if automated
 8043 * to->too
 8044 * Updated dev guide
 8045 * Add a sample to document how to create tests
 8046 * Add a test for authenticate/revoke\_token
 8047 * Ensure that --username, --password, and --keystone are given
 8048 * Build base classes for tests
 8049 * Documentation fixes to versions
 8050 * Build the skeleton necessary to run tests
 8051 * Add x\_auth\_token header to most methods
 8052 * Make sure we don't lose the body completely if we can't json.load() it
 8053 * Add debugging messages
 8054 * Add a property to get the RESTClient instance
 8055 * Fix up get()/put()/post()/delete() calls to make\_req()
 8056 * Deal with the case that no headers are provided
 8057 * Deal more intelligently with empty strings
 8058 * Listing technologies to integrate
 8059 * Um, queries are supposed to be optional, all others required
 8060 * Properly join relative paths
 8061 * Apparently "/token" is actually spelled "/tokens"
 8062 * Accidentally left out the reqwrapper argument
 8063 * Sketch in a basis for the Keystone API 2.0
 8064 * Make argument order a little more natural
 8065 * Fixing unit tests.Introduced support for global roles
 8066 * Don't let self.\_path be the empty string
 8067 * self.\_scheme isn't set yet
 8068 * Don't add a field if there isn't one..
 8069 * Create a simple means of building a REST-based API
 8070 * Fixing unit tests for user and groups
 8071 * Docs
 8072 * Link fix
 8073 * API Spec updates
 8074 * More /token -> /tokens fixes
 8075 * /tokens instead of /token
 8076 * Prep for move to git@github.com:rackspace/keystone.git
 8077 * Made URL relative
 8078 * pep-8 and minor mapping fix
 8079 * Dev guide update - BaseURLs and Roles
 8080 * Update docs on how to use nova.sh to deploy openstack on cloud servers
 8081 * Changes to support calls to getBaseUrls
 8082 * Changes to support /tokens on docbook and minor roleref changes
 8083 * Changes to support roleref calls
 8084 * Updated to use X\_USER as decided in Issue 49
 8085 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8086 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8087 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8088 * user should be what keystone returns
 8089 * Fixed issue #54
 8090 * Updated to use X\_USER as decided in Issue 49
 8091 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8092 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8093 * Minor changes to the document
 8094 * Changes to unique relationship definition
 8095 * Adding more tests for roleref operations
 8096 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8097 * Changes to support /tokens on docbook and minor roleref changes
 8098 * Changes to support roleref calls
 8099 * user should be what keystone returns
 8100 * midnight typo
 8101 * Added examples readme
 8102 * Fixed issue #54
 8103 * Link to latest dev guide in readme
 8104 * Instructions to run with Nova
 8105 * Documentation update and new API spec
 8106 * Updates to README
 8107 * Updates to README
 8108 * Updates to README
 8109 * Updates to README
 8110 * Updates to README
 8111 * Updates to README
 8112 * Fix up broken setup.py scripts list
 8113 * -Removed .project file from project and added it to .gitignore -Moved pylintrc -> .pylintrc, personal preference that this file should be available, but not seen -Moved echo to examples directory, seemed a bit odd to be in the top level -Moved management directory to tools, seemed a bit odd to be in the top level -Moved pip-requires to tools/, and updated the reference to it in README.md
 8114 * Fix the identity.wadl symlink
 8115 * keystone src directory needs symlinked
 8116 * remove copy&paste ware from nova\_auth\_token and use auth\_token middleware
 8117 * Flow diagrams
 8118 * simple flow diagrams
 8119 * Multi-tenant token fixes
 8120 * Fixed invalid tenant authentication
 8121 * Fix error in tenant\_is\_empty (model has changed)
 8122 * Fixed debug/verbose flag processing
 8123 * update readme
 8124 * keep nova\_auth\_token in keystone
 8125 * Changes to support /Roles calls.Removing create call from being exposed as of now
 8126 * Changes to support /Roles calls.Description included
 8127 * Changes to support /Roles calls
 8128 * Readme merge
 8129 * Readme updaes for load testing
 8130 * hack nova\_auth\_token to work
 8131 * removing unused library
 8132 * Changes to support roles and baseurls on wadl
 8133 * Changes to support roles and baseurls on wadl
 8134 * Changes to support roles and baseURLs
 8135 * missed some nova reqs
 8136 * information on using nova\_auth\_token
 8137 * lazy provisioning for nova
 8138 * readme fixes
 8139 * Merged in anotherjesse's changes
 8140 * New model working with echo\_client.py
 8141 * Missed a file
 8142 * Added tracing and modified model
 8143 * echo\_client should be executable
 8144 * move nova's path injection to management scripts
 8145 * server.py/version.py shouldn't be executable while cli tools should
 8146 * spacing for readme
 8147 * Add keystone-manage to support bootstrapping Keystone with add user command
 8148 * Setup.py update
 8149 * Updated logging and parameterization for bin scripts
 8150 * Minor readme fixes
 8151 * Simplified running Keystone and Updated readme
 8152 * v1 compatibility and Service/Admin API split
 8153 * DocBook Changes
 8154 * Merging HCL changes - pull 40
 8155 * Changes to support baseurls and roles on the document.Adding sample files
 8156 * Changes to support baseurls and roles on the document
 8157 * Adding xsds to support roles and baseurls
 8158 * More version fixes
 8159 * Initial commit
 8160 * Make config compatible with legacy
 8161 * Move to v2.0
 8162 * Changes to move the db settings to conf file
 8163 * removing bottle
 8164 * Adding Accept header to is\_xml\_response logic
 8165 * Removing bottle dependencies
 8166 * Mae Pylintrc, reordered imports made pep8 of the  files
 8167 * Foundation for some server and auth unit tests
 8168 * Added as per HACKING  Files
 8169 * pylint fixes
 8170 * fixes
 8171 * fixed test cases
 8172 * Merged api,service,server,test\_common
 8173 * Added test cases for add user to a tenanat
 8174 * multi token test cases and bug fixes
 8175 * Moved all Server functions to utils.py
 8176 * Fixed failing test - bug introduced in cleanup
 8177 * Added pylint and cleanup from last commit
 8178 * Merged pull 37. Removes bottle, adds configuration, and adds daemonization
 8179 * fixed pylint
 8180 * fixed bugs
 8181 * fixes
 8182 * fixes
 8183 * removed backslashes
 8184 * Added functionality add user to a tenant
 8185 * fixes
 8186 * Pep8 test\_users.py
 8187 * checking SSLv3 problems
 8188 * checking SSLv3 problems
 8189 * checking SSLv3 problems
 8190 * checking git push problems
 8191 * Optimised test\_users.py
 8192 * Modified the README and README.md
 8193 * fixed bug raised when included exthandler
 8194 * Removed unwanted file
 8195 * removed unused run method
 8196 * Added PEP8 to test cases
 8197 * Removed importing objects from keystone
 8198 * pylintrc optimization
 8199 * optimization of test cases and handling multi token
 8200 * fixes
 8201 * Nochanges
 8202 * Modified the README for keystone-control issue
 8203 * Modified the README
 8204 * Added PEP8 for remaining test cases
 8205 * PEP8 for test cases by praveena
 8206 * renamed test\_identity.py to test\_keystone
 8207 * added pidfile and removed print statement from test\_common
 8208 * fixes
 8209 * removed print statement
 8210 * Added keystone.log to ignore list
 8211 * Modified  server.py tenant group URL to fix failing test cases
 8212 * Added \*.log to gitignore
 8213 * neglect changes
 8214 * Added new script to run all tests
 8215 * Modified and tests. Tests groups throwing some minor errors still
 8216 * Modified and commented the code
 8217 * Split the test cases into individual files Fixed Bugs of api
 8218 * Made PEP8 of server
 8219 * Too much of duplication and incomplete conflict resolution in test\_identity.py
 8220 * Sisirhs changes
 8221 * Sai and Praveena's Changes
 8222 * Added missing tests,  mad e enable and disable password work
 8223 * merged conflicts
 8224 * test cases modfications and bug fixes
 8225 * Renamed  to server.py and added  top dir in config
 8226 * Added the keystone  top dir in configuration
 8227 * Modified the README
 8228 * latest updates
 8229 * latest updates
 8230 * new merge with installation fixes
 8231 * A brief README for the auth-server
 8232 * Added keystone-control
 8233 * chasing tenant group bug
 8234 * Added tests for the URL extension middleware
 8235 * modified keystone-control and reshuffling of file names
 8236 * Adding unit test for the URL extension handler
 8237 * Modified test cases
 8238 * Yes, I modified, but I wont commit
 8239 * merged Sai changes
 8240 * Installation of keystone done
 8241 * corrects charset=utf=8
 8242 * Working on echo server
 8243 * one more push
 8244 * move the template code from bottle into a separate file:
 8245 * modified auth\_server.py
 8246 * Added echod and renamed echo.py to server.py
 8247 * Minor cleanup + pep8
 8248 * merging changes from sai branch
 8249 * saving changes to auth\_server.py
 8250 * get version implementation s Please enter the commit message for your changes. Lines starting
 8251 * get\_version\_info is still not working
 8252 * in the middle of get\_version\_info
 8253 * Modified test\_identity
 8254 * removed .auth.serve.py.swp
 8255 * Added some more functions through Routes and mapper
 8256 * Update for Abdul
 8257 * My Changes part 2
 8258 * modified Resposne to resp=Response()
 8259 * My Changes
 8260 * minor tweak
 8261 * Some more cleaning up of git merges
 8262 * Cleaning up of git merges
 8263 * Added glance type of eventlet, because of its plug and play which meets the need of running everything independently if needed
 8264 * pep8 and fixes
 8265 * Readme updates
 8266 * Removed keystone.db - should be generated by ORM
 8267 * Removed extra files from last commit
 8268 * Removed Global groups tests, which still needs to be tested. Updated README on how to run unit test
 8269 * Deleted keystone.db
 8270 * Merged pagination
 8271 * Git problems - lingering commit
 8272 * Renamed identity.py to server.py and added bin directory
 8273 * Adding router to requires. Updating standards in HACKING. Removing schema (generated from ORM)
 8274 * Added pagination functionality and tenant\_group functionality with unit tests
 8275 * Removing unused imports
 8276 * Removing unused function
 8277 * unwanted file
 8278 * added the code that would go to hussein repo
 8279 * Added tenant groups in identity, created test cases for tenant groups
 8280 * Added latest changes to sirish branch with pagination for get tenants
 8281 * Annotate TODOs
 8282 * argument handling in echo.py
 8283 * getting pep8-y with it
 8284 * Merged conflicts
 8285 * Basic auth and refactor
 8286 * more pep8
 8287 * testing merging
 8288 * get \_tenants pagination updates
 8289 * Merging keystone code
 8290 * Basic Auth support
 8291 * 17: query extension works
 8292 * Issue 17: Adding tests
 8293 * removed \r chararcter from unit directory
 8294 * removed windows newline characters from management folder
 8295 * removed unwanted files
 8296 * Adding First kestone repo
 8297 * Add Description File
 8298 * sai added by sai
 8299 * Foo2
 8300 * Foo
 8301 * Initial
 8302 * Minor changes + call using WSGI instead of bottle
 8303 * Restored remoteauth
 8304 * Reverted accidental(?) WADL deletion >:-(
 8305 * Renamed protocol modules to auth\_[type] Renamed PAPIAuth to RemoteAuth - better documented it and added redirect to auth\_token (to stop using this) Cleaned up ini files and ini file handling (removed hard-coded defaults)
 8306 * simple json cleanups for tests
 8307 * pep8-ize
 8308 * Added protocol stubs (openid and basic auth)
 8309 * Renamed delegated to 'delay\_auth\_decision' Remove PAPIAuth Rename folder to Auth\_protocols (that is where we add protocol components)Get\_request -> get\_content Make protocol module more generic (prepare for superclassing and multiple protocol support Refactor Auth\_protocol\_token If no token, bail out quick (clearer) same with if app Break out headers: - here is what is coming in - here is what we add - explain the X in headers: extended header
 8310 * Updated Readme, and added TODO
 8311 * Added XML/Json tests to the identity and updated the README
 8312 * Fixed issue with standalone install
 8313 * Updated readme
 8314 * Fixed remote proxy issue
 8315 * draft remote proxy: needs fixing
 8316 * Updated readme and echo\_client
 8317 * Adding remote echo ini file
 8318 * Fixes to middleware, ini parameters, and support for running echo remotely
 8319 * replaced localhost with config
 8320 * modifide middleware; echo\_client works
 8321 * Fixing and documenting middleware
 8322 * Merged pull request #30 from cloudbuilders/master
 8323 * Updated management scripts to use SQLAlchemy
 8324 * Fixed SQLAlchemy db location to keystone directory
 8325 * Added unit tests and updated the README.md on how to run it
 8326 * made echo test work
 8327 * get\_request is actually init model from request contents
 8328 * missed simplejson assumption
 8329 * finish removing simplejson
 8330 * pythonizing
 8331 * update fault to be pythonic
 8332 * remove unpythonic properties from atom and tenant
 8333 * error decorator and logging unhandled errors
 8334 * missed auth\_data
 8335 * fix typos
 8336 * more pythonic
 8337 * we don't need properties yet
 8338 * use string formating
 8339 * use relative import in init
 8340 * fixed paste configs to run without eggs
 8341 * Fixed mistake in port for echo service
 8342 * Added echo\_client.py
 8343 * keystone.db should be in keystone dir
 8344 * pep8 / whitespace
 8345 * gitignore pyc files
 8346 * split out running and installing sections in readme
 8347 * allow apps to be run without setup.py
 8348 * add command for test database to readme
 8349 * echo has a separate setup.py
 8350 * httplib2 isn't used
 8351 * spacing
 8352 * add httplib2 to deps and sort them
 8353 * Added pip-requires and updated readme to include missing deps
 8354 * explict installs for python libraries
 8355 * update readme formating
 8356 * update readme to be markdown
 8357 * Updated readme
 8358 * Doc fixes
 8359 * Friendly error message if a user is not associated with a tenant
 8360 * Ensure schema complience assertion is on in all tests
 8361 * Whoops, details element is optional in faults
 8362 * Remove identity (1) stuff and renamed identity2 to identity
 8363 * Added wadl and xsd contract links
 8364 * Adjust reletive links in schema
 8365 * Comment seperators
 8366 * Init version links
 8367 * Initial version support
 8368 * Initial extensions support
 8369 * Initial update tenant
 8370 * Make sure we don't delete non-empty tenants
 8371 * Initial delete tenant
 8372 * Initial getTenant
 8373 * Minor updates to tests
 8374 * Initial implementation of get tenants
 8375 * added unit tests in test/unit/test\_keystone.py
 8376 * Initial create tenant
 8377 * Minor bug when serializing tenant to JSON
 8378 * Schema update
 8379 * Whoops forgot 409 in JSON as well!
 8380 * Whoops missed 409 on create tenant
 8381 * setup.py fix
 8382 * Minor fixes
 8383 * pep-8 cleanup of model
 8384 * More pep-8 cleanup
 8385 * Minor fixes
 8386 * Some pep-8 cleanup
 8387 * Initial revoke token
 8388 * Initial support for authenticate
 8389 * Whoops, bad user data
 8390 * Initial working validate token
 8391 * Whoops need to convert datetimes to iso format
 8392 * Test updates
 8393 * tokenId should not be a string!
 8394 * Cleaned up validate token call
 8395 * Full check admin token with soap ui tests
 8396 * Some SQL testing scripts
 8397 * Initial check admin token from db
 8398 * made identity.py pep8 compliant
 8399 * Better error handling
 8400 * Initial full response to authenticate token, still having issues with errors
 8401 * Stubb for token calls
 8402 * Initial prototype of default token based auth protocol
 8403 * Initial deserialization of tenant
 8404 * Initial deserialization of password credentials
 8405 * SQL Alchemy additions: Token
 8406 * SQL Alchemy additions
 8407 * Whoops pep8
 8408 * Output serialization of faults
 8409 * XML and JSON rendering on tenant/s
 8410 * Translations of auth to XML and JSON
 8411 * Sample service.py with sqlalchemy
 8412 * Fixed relative path issue
 8413 * sqlalchemy draft
 8414 * Initial service.py
 8415 * Cleaned up setup.py
 8416 * Added collections
 8417 * Initial atom link type
 8418 * Initial fault type
 8419 * Initial tenant type
 8420 * PEP-8 for echo.py
 8421 * Initial auth types
 8422 * Readme update
 8423 * Fixed identity.py and some styling
 8424 * Minor updates
 8425 * Keystone WSGI and eventlet
 8426 * Corrected how to run echo service
 8427 * Replaced paster with eventlet for echo service
 8428 * Added create tables in README and modified keystone.db to reflect the new schema
 8429 * Merged identity functions second time
 8430 * Sync
 8431 * Whoops should have never checked this in
 8432 * all management files except user add and delete from group
 8433 * Management files except for add/delete user from group
 8434 * Updated README
 8435 * Setup PasteDeploy and configured PAPIAuth
 8436 * reorganization of files
 8437 * Add SOAPUI projects
 8438 * Resolved Conflicts
 8439 * Removed Conflicts
 8440 * dos2unix
 8441 * Deleted IDE files
 8442 * Importing from DevTeam
 8443 * Import from DevTeam
 8444 * updates DevTeam
 8445 * Code by Dev Team
 8446 * Added Power API Auth Middleware
 8447 * removed unused libraries
 8448 * Dev Team: validate\_token , create\_user ( created for test purpose) and update\_tenant
 8449 * Added to README
 8450 * Fixed bug in echo.py
 8451 * Whoops forgot auth header
 8452 * Instructions for soapUI
 8453 * Add WADL links for convenience
 8454 * Initial work into paste deploy...commen out for now
 8455 * Added echo.wadl
 8456 * Fixed for case with missing accept header
 8457 * Added content nagotiation
 8458 * Use XSL to convert
 8459 * Better quote handling
 8460 * Add JSON transform
 8461 * Whoops samples don't match
 8462 * XSD for echo service
 8463 * Initial echo service
 8464 * Updates to identity.py and README
 8465 * Added X-Auth-Token
 8466 * Added extensions
 8467 * Updated errors for extension requests
 8468 * Added getTenant, updateTenant, deleteTenant
 8469 * Added get and create tenants
 8470 * Initial WADL with token operations
 8471 * Added faults
 8472 * Remove refrences to usernameConflict and groupConflict
 8473 * Added common extensions
 8474 * Added api.xsd schema index
 8475 * Added XSD 1.1 and atom linking support
 8476 * Made the tenant xsd extensible
 8477 * Initial tenant xsd
 8478 * Made the token schema extensible
 8479 * Initial token schema
 8480 * Groups should have ids instead of names?
 8481 * Added Creating Tenants, JSON only
 8482 * Remove mention of service catalog
 8483 * Updated samples
 8484 * Updated pubdate
 8485 * Updates to intro section
 8486 * Updated concepts
 8487 * Better entities in document
 8488 * Removed init section from docs, we'll get to them later
 8489 * Added Dependencies section
 8490 * Added License & Create/Delete user management CLI
 8491 * Initial docs import
 8492 * Created DB with users table, simple schema
 8493 * first commit