"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/ChangeLog" (14 Oct 2020, 364542 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 17.0.0_vs_18.0.0.

    1 CHANGES
    2 =======
    3 
    4 18.0.0
    5 ------
    6 
    7 * [goal] Migrate testing to ubuntu focal
    8 * Fix gate by running l-c job on Bionic
    9 * Write a symptom for checking memcache connections
   10 * Bump pysaml2 requeriment to avoid CVE-2020-5390
   11 * Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal)
   12 * Improve the update description for limits in api-ref
   13 * Follow-up for bug-1891244
   14 * Support format for msgpack < 1.0 in token formatter
   15 * Skip tests to update u-c for PyMySql to 0.10.0
   16 * Spelling Fix
   17 * NIT: Spelling Fix
   18 * Properly handle octet (byte) strings when converting LDAP responses
   19 * Fix invalid assertTrue which should be assertEqual
   20 * Fix api-ref for list endpoints
   21 * Fix lower-constraint for PyMySQL
   22 * Fix doc for package mod\_wsgi on Centos8/RHEL8
   23 * requirements: Drop os-testr
   24 * Fix "allow expired" feature for JWT
   25 * Add ignore\_user\_inactivity user option
   26 * Adding note for create a project without domain info
   27 * Add "explicit\_domain\_id" to api-ref
   28 * Run federation jobs on Ubuntu Focal
   29 * Add an enhanced debug configuration technique to caching guide
   30 * Remove an assignment from domain and project
   31 * Imported Translations from Zanata
   32 * New config option 'user\_limit' in credentials
   33 * ldap: fix config option docs for \*\_tree\_dn
   34 * Port the grenade multinode job to Zuul v3
   35 * Stop to use the \_\_future\_\_ module
   36 * NIT: Fix Spelling in auth\_context.py
   37 * Update caching-layer.rst
   38 * Cap jsonschema 3.2.0 as the minimal version
   39 * Support regexes in whitelists/blacklists
   40 * Switch to newer openstackdocstheme and reno versions
   41 * Update keystone Making an API Change doc
   42 * Update filtering-responsibilities and truncation
   43 * Update doc id-manage.rst
   44 * Update keystone architecture doc
   45 * Disable EC2 credentials access\_id update
   46 * Add service name filter to service list api-ref
   47 * Bump hacking min version to 3.0.1
   48 * Fix UserNotFound exception for expiring groups
   49 * Switch to new grenade job name
   50 * Fix security issues with EC2 credentials
   51 * Ensure OAuth1 authorized roles are respected
   52 * Check timestamp of signed EC2 token request
   53 * Removes info about deleted function should\_cache\_fn
   54 * Correct help for unified\_limits
   55 * Imported Translations from Zanata
   56 * Add Python3 victoria unit tests
   57 * Update master for stable/ussuri
   58 
   59 17.0.0.0rc1
   60 -----------
   61 
   62 * Enable groups testing for K2K scenarios
   63 * Add schema placeholders for Ussuri
   64 * Remove Babel as requirement
   65 * Update hacking for Python3
   66 * Remove a note related to UUID tokens from example configuration
   67 * Update api-ref for federated objects in user
   68 * Expiring Group Memberships API - Allow set idp authorization\_ttl
   69 * Add federated support for updating a user
   70 * Update contributors document keystone
   71 * Add federated support for creating a user
   72 * Stop configuring install\_command in tox
   73 * Cleanup py27 support
   74 * Add federated support for get user
   75 * Add expiring user group memberships on mapped authentication
   76 * Expiring Group Membership Driver - Add, List Groups
   77 * Expiring User Group Membership Model
   78 * Community goal: Adding contributing.rst
   79 * Parse cli args in get\_enforcer
   80 * Add openstack\_groups to assertion
   81 * Change time faking for totp test
   82 * Document the "immutable" resource option
   83 * remove oslo-concurrency from requirements
   84 * drop mock from test-requirements
   85 * Correcting api-ref for users
   86 * NIT: Fix spelling
   87 * Copy shibboleth logs in federation jobs
   88 * Ignore SQLAlchemy RemovedIn20Warning
   89 * Switch from mock to unittest.mock use
   90 * Refactor some ldap code to implement TODOs
   91 * Doc Cleanup
   92 * Tell reno to ignore the kilo branch
   93 * Constraint dependencies for docs build
   94 * Removing tempest-full from gate
   95 * Check if content-type contains http, not equals
   96 * Add docs about bootstrapping immutable roles
   97 * Add domain admin grant test cases
   98 * Default to bootstrapping roles as immutable
   99 * Use inspect instead of Inspector.from\_engine()
  100 * Remove six usage
  101 * Updating tox -e all-plugin command
  102 * Capture output from test run of policy generator
  103 * Cleanup doc/requirements.txt
  104 * Always have username in CADF initiator
  105 * Fix duplicated words issue like "each each user\_id"
  106 * Ensure bootstrap handles multiple roles with the same name
  107 * Fix role\_assignments role.id filter
  108 * Fix release note link formatting
  109 * Fix token auth error if federated\_groups\_id is empty list
  110 * Update OIDC documentation to handle bearer access token flow
  111 * Imported Translations from Zanata
  112 * Add docs for app cred access rules
  113 * Remove python 2.7 specific library
  114 * Add name in GET API of application credentials
  115 * Stop adding entry in local\_user while updating ephemerals
  116 * Fix api-ref roles response description
  117 * Fix credential list for project members
  118 * Fix application credential doc example
  119 * Migrate grenade jobs to py3
  120 * Start README.rst with a better title
  121 * Drop old neutron-grenade job
  122 * Stop testing Python 2
  123 * Remove group deletion for non-sql driver when removing domains
  124 * Refresh "how can I help?" doc
  125 * Re-enable line-length linter
  126 * Fix line-length PEP8 errors for c7fae97
  127 * Add voting k2k tests
  128 * Fix K2K auth flow diagram
  129 * Stop explicitly requiring pycodestyle
  130 * Add Source links to readme
  131 * Switch to opensuse-15 nodeset
  132 * Switch to official Ussuri jobs
  133 * Revert "Resource backend is SQL only now"
  134 * Drop project.id foreign keys
  135 * Fix sql migrate repo prefix check
  136 * Add schema placeholders for Train
  137 * Overhaul the RBAC documentation for administrators
  138 * Fix wrong interface description
  139 * Import LDAP job into project
  140 * Update getting started guide
  141 * Remove legacy protection tests
  142 * Update token definitions
  143 * Remove policy.v3cloudsample.json
  144 * Imported Translations from Zanata
  145 * Fix misspell word
  146 * Update master for stable/train
  147 
  148 16.0.0.0rc1
  149 -----------
  150 
  151 * Remove limit policies from policy.v3cloudsample.json
  152 * Add tests for project users interacting with limits
  153 * Allow domain users to access the limit API
  154 * Use immutable roles in tests
  155 * Add missing ws between words in log messages
  156 * Allow system/domain scope for assignment tree list
  157 * Make policy deprecation reasons less verbose
  158 * Readjust job timeouts
  159 * Implement scope type checking for Project Endpoints
  160 * Federation mapping debug should show direct\_maps values
  161 * Consolidate policy deprecation warnings
  162 * Add default roles and scope checking to project tags
  163 * DRY up credential policies
  164 * Move remaining protection tests
  165 * Fix test case in policy associations
  166 * Fix PostgreSQL specifc issue with credentials encoding
  167 * Fix validation of role assignment subtree list
  168 * Specify keystone is OS user for fernet and credential setup
  169 * Add remote\_id definition in \_perform\_auth
  170 * Use correct repo for initial version check
  171 * Split protection unit tests into its own job
  172 * Remove system EC2 credentials from policy.v3cloudsample.json
  173 * Remove system Domain Config from policy.v3cloudsample.json
  174 * Update API version for access rules
  175 * Add access rules to token validation
  176 * Expose access rules as its own API
  177 * Remove obsolete grant policies from policy.v3cloudsample.json
  178 * Alphabetize removed policies in tests
  179 * Implement system admin for OAUTH1 consumers
  180 * Implement system scope for domain role management
  181 * Make system tokens work with domain-specific drivers
  182 * Implement scope type checking for EC2 credentials
  183 * Increase tox job timeouts to 90 minutes
  184 * Add immutable roles status check
  185 * Remove implied roles policies from v3cloudsample
  186 * Implement system admin for implied roles
  187 * Implement domain admin support for grants
  188 * Implement domain reader support for grants
  189 * Add Project User coverage for domain config API
  190 * Add Domain User for security compliance domain config API
  191 * Implement system admin for domain config API
  192 * Implement system reader & member for domain config API
  193 * Fix timeout Zuul changes
  194 * Generate PDF documentation
  195 * Add --immutable-roles flag to bootstrap command
  196 * Add immutable option for roles and projects
  197 * Bump timeout for lower-constraints job
  198 * Implement resource options for roles and projects
  199 * Implement system reader for OAUTH1 consumers
  200 * Implement system reader for implied roles
  201 * Remove system policy and its association from policy.v3cloudsample.json
  202 * Override tox job timeouts
  203 * Fix federation CI
  204 * Fix oauthlib update errors
  205 * Use raw formatting for mapping\_engine help text
  206 * Add tests for project users for policy association
  207 * Add tests for domain users for policy association
  208 * Implement system admin for policy association
  209 * Implement system reader & member for policy association
  210 * Add tests for project users interacting with policies
  211 * Add notifications for deleting app creds by user
  212 * Add tests for domain users interacting with policies
  213 * Clean up UserGroups target enforcement callback
  214 * Fix relative links
  215 * Add tests for project users interacting with endpoint\_groups
  216 * Add tests for domain users interacting with endpoint\_groups
  217 * Implement system\_admin for endpoint\_groups
  218 * Implement system reader and member for endpoint\_groups
  219 * Add retry for DBDeadlock in credential delete
  220 * Fix translated response
  221 * Implement system admin for trusts API
  222 * Add tests for domain users for trusts
  223 * Add tests for system member for trusts
  224 * Implement system reader role for trusts API
  225 * Move get\_role\_for\_trust enforcement to policies
  226 * Move list\_roles\_for\_trust enforcement to policies
  227 * Move get\_trust enforcement to default policies
  228 * Move delete\_trust enforcement to default policies
  229 * Move list\_trusts enforcement to default policies
  230 * Add protection tests for trusts API
  231 * Update broken link
  232 * Update cli docs
  233 * Implement system admin for policies
  234 * Implement system reader and member for policies
  235 * Add support for previous TOTP windows
  236 * Honor group\_members\_are\_ids for user\_enabled\_emulation
  237 * Update api-ref for revocation list OS-PKI
  238 * Docs: Make robust with using real links
  239 * Clean up irrelevant comment
  240 * Fix list\_mappings deprecation warning message
  241 * Allows to use application credentials through group membership
  242 * Fix missing print format and missing ws between words
  243 * Suppress policy deprecation warnings in unit tests
  244 * Add API changes for app cred access rules
  245 * Add manager support for app cred access rules
  246 * Add user\_id, external\_id to access rules table
  247 * Fix websso auth loop
  248 * Deprecate keystone.conf.memcache socket\_timeout
  249 * Fix typo: RBACKEnforcer -> RBACEnforcer
  250 * Run 'tempest-ipv6-only' job in gate
  251 * Followup for remove signing[config]
  252 * Remove broken api-ref link
  253 * doc: Fix broken links
  254 * Fix python3 compatibility on LDAP search DN from id
  255 * Deprecate identity:revocation\_list policy for removal
  256 * Remove [signing] config
  257 * Update api-ref location
  258 * implement system scope for application credential
  259 * Fixing dn\_to\_id function for cases were id is not in the DN
  260 * Add new attribute to the federation protocol API
  261 * Allow to filter endpoint groups by name
  262 * update documentation for X.509 tokenless auth
  263 * Deprecate [federation] federated\_domain\_name
  264 * Allow JsonBlob to accommodate SQL NULL result sets
  265 * Add exercises for intern applicants
  266 * Fix keystone document
  267 * nit: remove some useless code
  268 * Drop limit columns
  269 * token: consistently decode binary types
  270 * Incorrect behavior of validate\_password method
  271 * Update test cases for os-pki revoke API
  272 * Blacklist sphinx 2.1.0 (autodoc bug)
  273 * Bump openstackdocstheme to 1.20.0
  274 * Remove redundant parameter passed to assertTrue
  275 * Add Python 3 Train unit tests
  276 * Switch order of precedence for unit test deps
  277 * Don't call .c from select() objects
  278 * Update misleading comment about fernet credential encryption
  279 * Fix E731 flake8
  280 * [api-ref] Fix nocatalog description for unscoped token
  281 * Drop use opendev.org for tox deps
  282 * Fix contributor doc of keystone
  283 * Add link to describe Principle of Least Privilege
  284 * Update the meaning of low-hanging-fruit
  285 * Implement system scope and default roles for token API
  286 * Update unified limit documentation
  287 * Add cadf auditing to credentials
  288 * Remove deprecated admin\_endpoint
  289 * Revert "Exclude constants from autodoc"
  290 * Revert "Ignore boilerplate constants in autodoc"
  291 * Ignore boilerplate constants in autodoc
  292 * Exclude constants from autodoc
  293 * Report correct domain in federated user token
  294 * Add flake8 ignore list to fast8 script
  295 * Add application\_credential as a CADF type
  296 * add raw format link to keystone config sample
  297 * Update mission statement and vision reflection
  298 * Add note about application credential ownership
  299 * Revert "Add JSON driver for access rules config"
  300 * Revert "Add manager for access rules config"
  301 * Revert "Add a permissive mode for access rules config"
  302 * Revert "Add manager support for app cred access rules"
  303 * Revert "Add API for /v3/access\_rules\_config"
  304 * Don't throw valueerror on bootstrap
  305 * Remove [token]/ infer\_roles
  306 * Pep8 environment to run on delta code only
  307 * Add clarification for context in install guides
  308 * Adds caching of credentials
  309 * Cap sphinx for py2 to match global requirements
  310 * Revert "Blacklist bandit 1.6.0"
  311 * Fix documentation typo
  312 * Blacklist bandit 1.6.0
  313 * Update Python 3 test runtimes for Train
  314 * [docs] remove deprecated ubuntu package from installation
  315 * Fix for werkzeug > 0.15
  316 * Replace git.openstack.org URLs with opendev.org URLs
  317 * OpenDev Migration Patch
  318 * Pass kwargs to exception to get better format of error message
  319 * Replace support matrix ext with common library
  320 * Uncap jsonschema
  321 * Fix unscoped federated token formatter
  322 * Use openstackdocstheme according to guide
  323 * Make fetching all foreign keys in a join
  324 * Support endpoint updates in bootstrap
  325 * Add missing ws separator between words
  326 * Move redelegation fields out of extras
  327 * Replace dict.iteritems() with dict.items() in keystone
  328 * Add release note for service token documentation
  329 * Fix werkzeug imports for version 0.15.x
  330 * Allow an explicit\_domain\_id parameter when creating a domain
  331 * Update the min version of tox
  332 * Convert user\_id back to string
  333 * Add API for /v3/access\_rules\_config
  334 * Ignore Stein-specific release notes
  335 * Be more verbose in logging role grant on bootstrap
  336 * Replace UUID with id\_generator for Federated users
  337 * DRY: Remove redundant policies from policy.v3cloudsample.json
  338 * Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD
  339 * Remove redundant policies from v3cloudsample
  340 * Add domain scope support for group policies
  341 * Update broken links to dogpile.cache docs
  342 * Add keystone's technical vision reflection
  343 * Add release prelude about changing policies
  344 * Consolidate user protection tests
  345 * Replace URL name to the correct one in Keystone Docs
  346 * Delete shadow users when domain is deleted
  347 * Make system admin policies consistent for grants
  348 * Remove assignment policies from policy.v3cloudsample.json
  349 * Add role assignment testing for project users
  350 * Replace openstack.org git:// URLs with https://
  351 * Implement system reader functionality for grants
  352 * Remove external-dev and consolidate to contributor
  353 * Remove system assignment policies from policy.v3cloudsample.json
  354 * Test domain and project users against group system assignment API
  355 * Add role assignment test coverage for domain admins
  356 * Add role assignment test coverage for domain members
  357 * Implement domain reader for role\_assignments
  358 * Add explicit testing for project users and the user API
  359 * Update group system grant policies for admins
  360 * Update system group assignment policies for reader and member
  361 * Fix typo in docs section header
  362 * Update master for stable/stein
  363 * Test project users against system assignment API
  364 * Test domain users against system assignment API
  365 * Update system grant policies for system admin
  366 * Update system grant policies for system member
  367 * Update system grant policies for system reader
  368 
  369 15.0.0.0rc1
  370 -----------
  371 
  372 * trivial: correct spelling in test names
  373 * Remove project policies from policy.v3cloudsample.json
  374 * Implement domain admin functionality for projects
  375 * Implement domain member functionality for projects
  376 * Only validate tokens once per request
  377 * Pin Werkzeug in lower-constraints
  378 * Implement domain admin functionality for user API
  379 * Implement domain member functionality for user API
  380 * Implement domain reader functionality for user API
  381 * Add documentation for service tokens
  382 * Added keystone identity provider installation to Devstack plugin
  383 * PY3: Ensure LDAP searches use unicode attributes
  384 * Use ForbiddenAction for invalid action instead of Forbidden
  385 * Add schema placeholders for Stein
  386 * Implement domain reader functionality for projects
  387 * Small refactor for create nonlocal user
  388 * Mention allow\_expired\_window in fernet FAQ
  389 * Fix the incorrect release name of project guide
  390 * trivial: fix broken link in trust API reference
  391 * Migrate keystone-dsvm-grenade-multinode job to Ubuntu Bionic
  392 * Remove publish-loci post job
  393 * Add hint for order of keys during distribution
  394 * Add service developer documentation for scopes
  395 * Make system members the same as system readers for credentials
  396 * Drop py35 jobs
  397 * Remove service policies from policy.v3cloudsample.json
  398 * Switch federation check jobs to opensuse
  399 * Add manager support for app cred access rules
  400 * Add driver support for app cred access rules
  401 * Add SQL migrations for app cred access rules
  402 * Add a permissive mode for access rules config
  403 * Add manager for access rules config
  404 * Add JSON driver for access rules config
  405 * Remove protocol policies from v3cloudsample.json
  406 * Add tests for project users interacting with services
  407 * Remove role policies from policy.v3cloudsample.json
  408 * Add tests for project users interacting with roles
  409 * Add tests for domain users interacting with roles
  410 * Remove endpoint policies from policy.v3cloudsample.json
  411 * Remove domain policies from policy.v3cloudsample.json
  412 * Add role assignment test coverage for system admin
  413 * Add role assignment test coverage for system members
  414 * Reorganize role assignment tests for system users
  415 * Implement system reader for role\_assignments
  416 * Remove idp policies from policy.v3cloudsample.json
  417 * Add py37 tox env
  418 * Add tests for domain users interacting with services
  419 * Update service policies for system admin
  420 * Add shibboleth config to log output
  421 * Update introduction of external services doc
  422 * Address follow-up comments in contributor guide for specs
  423 * [api-ref] add domain level limit support
  424 * Release note for domain level limit
  425 * Update project depth check
  426 * Add domain level support for strict-two-level-model
  427 * Add domain level limit support - API
  428 * Add domain level limit support - Manager
  429 * Remove mapping policies from policy.v3cloudsample.json
  430 * Add tests for project users interacting with mappings
  431 * Deprecate cache\_on\_issue configuration option
  432 * Add JWS token provider documentation
  433 * Add OpenSUSE support in devstack federation plugin
  434 * Add experimental job for OpenSUSE
  435 * Fix mock for v2 test
  436 * Add documentation for writing specifications
  437 * Remove unused sample token fixtures
  438 * Fix bindep for SUSE
  439 * add python 3.7 unit test job
  440 * Correcting tests with project\_id
  441 * Add domain\_id column for limit
  442 * [SQLite] Ensure change is addressed for limit table
  443 * Remove region policies from policy.v3cloudsample.json
  444 * Add tests for project users interacting with regions
  445 * Add tests for domain users interacting with regions
  446 * Update region policies to use system admin
  447 * Add region tests for system member role
  448 * Implement system admin role in groups API
  449 * populate request context with X.509 tokenless cred information
  450 * Fix wrong example for direct\_maps
  451 * Fixes incorrect params
  452 * Implement JWS token provider
  453 * Seperated CADF notifications tests for request\_id
  454 * Added request\_id and global\_request\_id to basic notifications
  455 * Converting the API tests to use flask's test\_client
  456 * Implement system admin role in users API
  457 * Implement system member role user test coverage
  458 * Implement system reader role for users
  459 * Replace 'tenant\_id' with 'project\_id'
  460 * Add PyJWT as a requirement
  461 * Add test fixture for the JWS key repository
  462 * Add keystone-manage create\_jws\_keypair functionality
  463 * Add configuration options for JWS provider
  464 * Test case for bad type user in assertion
  465 * Adjust Indents to meet PEP8 E117
  466 * Handle special cases with msgpack and python3
  467 * Add experimental job for CentOS
  468 * Add CentOS support in devstack federation plugin
  469 * Remove service provider policies from v3cloudsample.json
  470 * Add documentation for Auth Receipts and MFA
  471 * bump Keystone version for Stein
  472 * Allow project users to retrieve domains
  473 * Fix wrong urls
  474 * Optimize fernet token and receipts in cli.py
  475 * PY3: switch to using unicode text values
  476 * Expose receipt\_setup and receipt\_rotate command
  477 * Clean up the create\_arguments\_apply methods
  478 * Allow domain users to access the GET domain API
  479 * Update doc for token\_setup and token\_rotate
  480 * Fix nits
  481 * Fix app\_cred schema spell nit
  482 * Update limit policies for system admin
  483 * Do not use self in classmethod
  484 * Add tests for project users interacting with endpoints
  485 * Add tests for domain users interacting with endpoints
  486 * Update endpoint  policies for system admin
  487 * Add endpoint tests for system member role
  488 * Update endpoint policies for system reader
  489 * Add tests for domain users interacting with mappings
  490 * Update mapping policies for system admin
  491 * Add mapping tests for system member role
  492 * Update mapping policies for system reader
  493 * Add tests for project users interacting with idps
  494 * Add tests for domain users interacting with idps
  495 * Update idp policies for system admin
  496 * Add idp tests for system member role
  497 * Update idp policies for system reader
  498 * Add region protection tests for system readers
  499 * Update role policies for system admin
  500 * Reuse common system role definitions for roles API
  501 * Add tests for project users interacting with protocols
  502 * Add tests for domain users interacting with protocols
  503 * Implement system admin role in protocol API
  504 * Add protocol tests for system member role
  505 * Update protocol policies for system reader
  506 * Add limit tests for system member role
  507 * Add limit protection tests
  508 * Remove registered limit policies from policy.v3cloudsample.json
  509 * Add tests for project users interacting with registered limits
  510 * Allow domain users to access the registered limits API
  511 * Remove duplicated TOC in configuration guide
  512 * Implement system admin role in project API
  513 * Implement system member role project test coverage
  514 * Implement system reader role for projects
  515 * Enhance the openidc guide
  516 * Enhance the mellon guide
  517 * Enhance the shibboleth guide
  518 * Consolidate WebSSO guide into SP instructions
  519 * Add section on configuring protected auth paths
  520 * Reorganize guide on configuring a keystone SP
  521 * Clean up keystone-to-keystone section
  522 * Enhance authn sections in federation guide
  523 * correct the description on domain re-enable
  524 * Add tests for project users interacting with sps
  525 * Add tests for domain users interacting with sps
  526 * Update service provider  policies for system admin
  527 * Add prerequisites section to keystone-to-keystone
  528 * Invalidate shadow\_federated\_user cache when deleting protocol
  529 * Remove duplicate RBAC logging from enforcer
  530 * Update federation SP prerequisites section
  531 * Use samltest.id as an example sandbox IdP
  532 * Fix nits in code blocks in federation guide
  533 * Bring SP/IdP URLs closer to style guide guidance
  534 * Restructure federation guide
  535 * Update doc with samltest.id
  536 * Clarify location for HTTPD instructions
  537 * Use common system role definitions for registered limits
  538 * Implement system member test coverage for groups
  539 * Implement system reader role for groups
  540 * Add service provider tests for system member role
  541 * Update service provider policies for system reader
  542 * Add service tests for system member role
  543 * Update service policies for system reader
  544 * Use renamed template 'integrated-gate-py3'
  545 * Add scope checks to common system role definitions
  546 * Remove i18n.enable\_lazy() translation
  547 * Reorganize admin guide
  548 * Consolidate service catalog docs
  549 * Add irrelevant-files for grenade-py3 jobs
  550 * Delete outdated keystonemiddleware doc
  551 * Remove example usage from admin guide
  552 * Split trusts docs between admin and user guide
  553 * Move identity sources doc to admin guide
  554 * Remove message about circular role inferences
  555 * Remove Certificates for PKI guide
  556 * Add introduction section to federation docs
  557 * Fix links to external-authentication
  558 * Move list limit docs to admin guide
  559 * Rename admin guide pages
  560 * Consolidate tokenless X.509 docs
  561 * Update registered limit policies for system admin
  562 * Consolidate Keystone docs: admin/identity-external-authentication.rst
  563 * Implement system admin role in domains API
  564 * Implement system member role domain test coverage
  565 * Implement system reader role in domains API
  566 * Bump oslo.policy and oslo.context versions
  567 * Move supported clients section to user guide
  568 * Use request\_body\_json function
  569 * Move SSL recommendation to installation guide
  570 * Move "Public ID Generators" to relevant docs
  571 * Consolidate Keystone docs: federated-identity.rst
  572 * Add role tests for system member role
  573 * Consolidate catalog management guide
  574 * Update role policies for system reader
  575 * Change openstack-dev to openstack-discuss
  576 * Add registered limit tests for system member role
  577 * Add registered limit protection tests
  578 * Keep federation jobs running on Xenial
  579 * Clarify docstrings for domain flask refactor
  580 * Move test utility to common location
  581 * Add missing translation import to common.auth.py
  582 * Move to password validation schema
  583 * Don't emit a notification for the root domain
  584 * Pass context objects to policy enforcement
  585 * Consolidate identity-domain-specific-config.rst
  586 * Consolidate auth-totp.rst
  587 * Consolidate event\_notifications.rst
  588 * Consolidate endpoint-policy.rst
  589 * Consolidate service-catalog.rst
  590 * Update contributor doc
  591 * Use pycodestyle in place of pep8
  592 * Update api-ref to include user options
  593 * Document user options
  594 * Add scope documentation for service developers
  595 * Remove deprecated secure\_proxy\_ssl\_header config
  596 * Refactor flask domain config resources
  597 * Add missing ws seperator between words
  598 * Add the missing packages when install keystone
  599 * add request\_id and global\_request\_id to cadf notifications
  600 * changed port in tools/sample\_data.sh
  601 * Move irrelevant-files to project definition
  602 * Add tempest-full-py3 job to zuul file
  603 * Remove the repetition words in  identity-fernet-token-faq.rst
  604 * Removing default\_assigment\_driver
  605 * Bump sqlalchemy minimum version to 1.1.0
  606 * Drop the compatibility password column
  607 * Remove "crypt\_strength" option
  608 * Correct HTTP OPTIONS method
  609 * Update api-ref for set registered limits
  610 * Remove deprecated "bind" in token
  611 * Update more info of vhost file
  612 * Refactor directory creation into a common place
  613 * Region update extra support
  614 * Change \_\_all\_\_ list to tuple
  615 * Remove redundant variables from context class
  616 * Refresh admin doc
  617 * Fixing nits
  618 * Add abstract method in trusts base.py
  619 * Switch devstack plugin to samltest.id
  620 * Clean up python3.5 usage in tox.ini
  621 * Add py36 tox environment
  622 * Remove unused lower constraints
  623 * Replace usage of get\_legacy\_facade() with get\_engine()
  624 * Fix uwsgi --http flag
  625 * Fix an issue with double fernet key rotation
  626 * Delete PKI middleware debugging section
  627 * Fix developer config dir flask aftermath
  628 * Documentation fix - Port number
  629 * Use port 5000, keystone-wsgi-public and --http-socket
  630 * Changed the port numbers
  631 * Implement auth receipts spec
  632 * changed port in argument '--bootstrap-admin-url'
  633 * Unregister "Exception" from flask handler
  634 * Add release note for unified limit APIs changing
  635 * Deprecate eventlet related configuration
  636 * Remove compatability shim
  637 * Remove check for disabled v3
  638 * Remove obsolete credential policies
  639 * Delete "Preparing your environment" section
  640 * Implement scope\_type checking for credentials
  641 * Fix spelling 'unnecessary'
  642 * Remove custom auth middleware documentation
  643 * Delete the external auth admin guide
  644 * Remove useless use of :orphan:
  645 * Change port and version on v3 endpoints example
  646 * Provide a Location on HTTP 300
  647 * Set Default and resource limit as defined schema
  648 * Emit CADF notifications on authentication for invalid users
  649 * Delete administrator federation guide
  650 * Update keystone-manage bootstrap port instructions
  651 * Fix api-ref v3.9 release identifier
  652 * Update third endpoint legacy port for Keystone v3 API
  653 * Remove unused logging module
  654 * Remove useless "clean" file
  655 * Trivial: Remove repeated if conditions
  656 * Updating doc of unified limit
  657 * Adding 'date' for trust\_flush
  658 * Add caching on trust role validation to improve performance
  659 * Allow registered limit's region\_id to be None
  660 * Add a test for idp and federated user cascade deleting
  661 * Fix example for getting system scoped token
  662 * Remaining cases of MappingEngineTester
  663 * Set min and max length for resource\_name
  664 * Implement scaffolding for upgrade checks
  665 * Fixing update unified limit api-ref
  666 * Remove deprecated token\_flush
  667 * Invalidate app cred AFTER deletion
  668 * Update API version to 3.11
  669 * Added test case update registered limit with region
  670 * Remove incorrect copyright notice
  671 * Remove paste-ini
  672 * Remove pre-flask legacy code
  673 * Make collection\_key and member\_key raise if unset
  674 * Increment versioning with pbr instruction
  675 * Loosen the assertion for logging scope type warnings
  676 * Expand implied roles in system-scoped tokens
  677 * Add test case for expanding implied roles in system tokens
  678 * Move loadapp to a generic place
  679 * Make policy file support in fixture optional
  680 * Use tempest-pg-full
  681 * Cleanup test\_wsgi
  682 * Flask comment/docstring cleanup
  683 * Move AuthContextMiddleware
  684 * Convert Normalizing filter to flask native Middleware
  685 * Internally defined middleware don't use stevedore
  686 * Make Request Logging a little better
  687 * Register exceptions with a Flask Error Handler
  688 * Cleanup keystone.server.flask.application
  689 * Replace JSON Body middleware with flask-native func
  690 * Convert S3 and EC2 auth to flask native dispatching
  691 * Remove skip for test\_locked\_out\_user\_sends\_notification
  692 * Convert projects API to Flask
  693 * Convert /v3/users to flask native dispatching
  694 * add unit tests for healthcheck
  695 * Replace openSUSE experimental check with newer version
  696 * Auth flask conversion cleanup
  697 * Convert auth to flask native dispatching
  698 * Update notification tests to work with o-m 9.0.0
  699 * Don't mock internal implementation details of oslo
  700 * Update log translation hacking check
  701 * Don't quote {posargs} in tox.ini
  702 * Enable foreign keys for unit test
  703 * Update doc string for transform\_to\_group\_ids
  704 * Follow Zuul job rename
  705 * Add release names to api-ref
  706 * Avoid using dict.get() in assertions
  707 * Clarify group-mapping example in docs
  708 * Purge soft-deleted trusts
  709 * LDAP attribute names non-case-sensitive
  710 * Organize project tag api-ref by route
  711 * Add build\_target arguement to enforcer
  712 * Properly replace flask view args in links
  713 * Adding test case for MappingEngineTester
  714 * Fix command to verify role removal in docs
  715 * Add python3 functional test job
  716 * Convert legacy functional jobs to Zuul-v3-native
  717 * Update auto-provisioning example to use reader
  718 * Enable Foreign keys for sql backend unit test
  719 * Add releasenote for bug fix 1789450
  720 * Comment out un-runnable tests
  721 * Mapped Groups don't exist breaks WebSSO
  722 * Add hint back
  723 * Implement Trust Flush via keystone-manage
  724 * Properly normalize domain ids in flask
  725 * Use templates for cover and lower-constraints
  726 * Make OSA rolling upgrade test experimental
  727 * Rename v3-only functional zuul job
  728 * Remove unused revoke\_by\_user\_and\_project
  729 * Address issues with flask conversion of os-federation
  730 * Convert domains api to flask
  731 * Move use of constraints out of install\_cmd
  732 * Ensure view args is in policy dict
  733 * Rename py35 v3 only check
  734 * Convert OS-INHERIT API to flask native dispatching
  735 * Fix a translation of log
  736 * Convert groups API to flask native dispatching
  737 * Fix RBACEnforcer get\_member\_from\_driver mechanism
  738 * Refactor ProviderAPIs object to better design pattern
  739 * Convert OS-FEDERATION to flask native dispatching
  740 * Update the documentation bug tag
  741 * api-ref: Remove broken link
  742 * Added support for a \`\`description\`\` attribute for Identity Roles
  743 * Update the minimimum required version of oslo.log
  744 * Incorrect use of translation \_()
  745 * Update RDO install guide for v3
  746 * Remove member\_role\_id/name
  747 * Convert policy API to flask
  748 * Fix db model inconsistency for FederatedUser
  749 * add python 3.6 unit test job
  750 * switch documentation job to new PTI
  751 * import zuul job settings from project-config
  752 * Use items() instead of iteritems()
  753 * Add details and clarify examples on casing
  754 * Address nits
  755 * Re-Add scope.system to filters
  756 * Add placeholder migrations for Rocky
  757 * Change unique\_last\_password\_count default to 0
  758 * Trivial: Remove app\_conf kwarg from testing setup
  759 * Trivial: Add missing space in exception
  760 * Move json\_home "extension" rel functions
  761 * Convert system (role) api to flask native dispatching
  762 * Do not log token string
  763 * Convert role\_assignments API to flask native dispatching
  764 * Add safety to the inferred target extraction during enforcement
  765 * Use osc in k2k example
  766 * Fix a bug that issue token with project-scope gets error
  767 * Convert role\_inferences API to flask native dispatching
  768 * Convert Roles API to flask native dispatching
  769 * Convert endpoints api to flask native dispatching
  770 * Convert services api to flask native dispatching
  771 * Convert regions API to flask native dispatching
  772 * Remove unused util function
  773 * Redundant parameters in api-ref:domain-config
  774 * Add callback action back in
  775 * Set initiator id as user\_id for auth events
  776 * Update reno for stable/rocky
  777 * More accurate explanation in api-ref:application credentials
  778 * Imported Translations from Zanata
  779 
  780 14.0.0.0rc1
  781 -----------
  782 
  783 * Allow wrap\_member and wrap\_collection to specify target
  784 * Pass path into full\_url and base\_url
  785 * Allow for more robust config checking with keystone-manage
  786 * Remove redundant get\_project call
  787 * Convert OS-SIMPLE-CERT to flask dispatching
  788 * Migrate OS-EP-FILTER to flask native dispatching
  789 * Convert limits and registered limits to flask dispatching
  790 * Add a release note for bug 1785164
  791 * Error location of parameters in api-ref:project tags
  792 * Code optimization of create application credential
  793 * Do not allow create limits for domain
  794 * Update api-ref for unified limits
  795 * Fix json indentation of notification sample
  796 * Convert OS-AUTH1 paths to flask dispatching
  797 * Clean up token extra code
  798 * Expose a bug that issue token with project-scope gets error
  799 * Remove KeystoneToken object
  800 * Convert OS-REVOKE to flask dispatching
  801 * Address FIXMEs for listing revoked tokens
  802 * Move unenforced\_api decorator to module function
  803 * Remove direct calls to auth.controllers in some tests
  804 * Move validate\_issue\_token\_auth from controllers
  805 * Unified code style nullable description parameter
  806 * Remove get\_catalog from manage layer
  807 * Api-ref: Correct response code
  808 * Adding missing comma in docs
  809 * Expose random uuid bug in cadf notifications
  810 * Boostrap CLI tests no longer call auth controller
  811 * Implement "no-update" test for trusts
  812 * Move trusts to flask native dispatching
  813 * Address nits in strict-two-level implementation
  814 * Remove get\_catalog usage from contrib
  815 
  816 14.0.0.0b3
  817 ----------
  818 
  819 * Deprecate [token] infer\_roles=False
  820 * Reduce duplication in federated auth APIs
  821 * Fix RBACEnforcer Comment
  822 * Mirror self-link trust check from tempest
  823 * Trusts do not implement patch
  824 * Allow for 'extension' rel in json home
  825 * Add pycadf initiator for flask resource
  826 * Use oslo\_serialization.jsonutils
  827 * Correctly pull input data for enforcement
  828 * Delete project limits when deleting project
  829 * Add project hierarchical tree check when Keystone start
  830 * Update project depth check
  831 * Add include\_limits filter
  832 * Bump lower constraint for pysaml2 to 4.5.0
  833 * Allow class-level definition of API URL Prefix
  834 * Move Credentials API to Flask Native
  835 * Add project\_id filter for listing limit
  836 * Strict two level limit model
  837 * Switch to python-ldap
  838 * Add correct self-link
  839 * Properly remove content-type on HTTP 204
  840 * Increase test coverage of entity\_type id mapping query
  841 * Cleanup keystone.token.providers.common
  842 * Remove remnants of token bind
  843 * Simplify the token provider API
  844 * Add serialization for TokenModel object
  845 * Introduce new TokenModel object
  846 * Don't allow legacy and native flask to share paths
  847 * Remove uuid token size check from doctor
  848 * Do not use flask.g imported as g
  849 * Fix keystone.common.rbac\_enforcer.\_\_init\_\_.py exporting
  850 * Make keystone.server.flask more interesting for importing
  851 * Flesh out and add testing for flask\_RESTful scaffolding
  852 * Update pypi url to new url
  853 * Invalidate 'computed assignments' cache when creating a project
  854 * Filter project\_id for list limits
  855 * Expose endpoint to return enforcement model
  856 * Add docs for case-insensitivity in keystone
  857 * Clarifications to API & Scenario Tests
  858 * Remove enable config option of trust feature
  859 * Fix keystone-manage saml\_idp\_metadata under python3
  860 * Only upload SP metadata to testshib.org if IDP id is testshib
  861 * Ignore .eggs dir as well
  862 * Implement enforcement model logic in Manager
  863 * Add registered\_limit\_id column for limit
  864 * Add auto increase primary key for unified limit
  865 * Address minor comments from initial impl RBACEnforcer
  866 * Refactor \_handle\_shadow\_and\_local\_users
  867 * Refactor \_set\_domain\_id\_and\_mapping functions
  868 * Move keystone.server.common to keystone.server
  869 * Add support for enforce\_call to set value on flask.g
  870 * Refactor - remove extra for loop
  871 * Remove token bind capabilities
  872 * Address minor comments to 404 error detection
  873 * Exposing ambiguity bug when querying role assignments
  874 * pycrypto is not used by keystone
  875 * Add new "How Can I Help?" contributor guide
  876 * Added check to avoid keyerror "user['name']"
  877 * Implement base for new RBAC Enforcer
  878 * Refactor trust roles check
  879 * Make it easy to identify a 404 from Flask
  880 * Don't replace the whole app just the wsgi\_app backing
  881 * Add support for before and after request functions
  882 * Convert json\_home and version discovery to Flask
  883 * Keystone adheres to public\_endpoint opt only
  884 * Implement scaffolding for Flask-RESTful use
  885 * Add Flask-RESTful and update flask minimum(s)
  886 * Fix keystone-manage mapping\_purge with --type option
  887 * Override oauthlib docstrings that fail with Sphinx 1.7.5
  888 * Simple usage docs for implied roles
  889 * Fix duplicate role names in trusts bug
  890 * Expose duplicate role names bug in trusts
  891 * Remove unclear wording in parameters
  892 * Filter by entity\_type in get\_domain\_mapping\_list
  893 * Migrate all password hashes to the new location if needed
  894 * Add policy for limit model protection
  895 * Api-ref: Refresh the Update APIs for limits
  896 * Imported Translations from Zanata
  897 * Remove a useless function
  898 * Clarify complicated sentence in docs
  899 * Unified limit update APIs Refactor
  900 * Store JSON Home Resources off the composing router
  901 * Ensure default roles created during bootstrap
  902 * Add release notes link to README
  903 * Remove duplicated test
  904 * Expand on debug\_middleware option
  905 * Update response codes for authentication API reference
  906 * Clarify scope responses in authentication api ref
  907 * fix tox python3 overrides
  908 * Add Flaskification release-note
  909 * Remove pastedeploy
  910 * Flaskification cleanup
  911 * Remove the rest of v2.0 legacy
  912 * Add in ability to load DEBUG middleware
  913 * Revert "Rename fernet\_utils to token\_utils"
  914 * Convert Keystone to use Flask
  915 
  916 14.0.0.0b2
  917 ----------
  918 
  919 * Docs: Remove the TokenAuth middleware
  920 * Correct test\_v3\_oauth1.test\_deleting\_project\_also\_invalidates\_tokens
  921 * Correct test\_v3\_oauth1.test\_change\_user\_password\_also\_deletes\_tokens
  922 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_id
  923 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_name
  924 * Fix warnings in documentation
  925 * fix rally docs url
  926 * Decouple bootstrap from cli module
  927 * Handle empty token key files
  928 * Remove some unused functions
  929 * Update tests to work with WebOb 1.8.1
  930 * Consolidate oauth1.rst
  931 * Remove the TokenAuth middleware
  932 * Remove token driver configuration
  933 * Fix the test for unique IdP
  934 * Consolidate health-check-middleware.rst
  935 * Limit description support
  936 * The migration script to add description for limit
  937 * Update IdP sql model
  938 * Remove dead dependency injection code
  939 * Remove unused assertions from test\_v3.py
  940 * Remove dead code in token provider
  941 * Remove unused exception
  942 * Do not return all the limits for POST request
  943 * Add configuration option for enforcement models
  944 * Use the provider\_api module in limit controller
  945 * Fix the outdated URL
  946 * Remove policy service from architecture.rst
  947 * Invalidate the shadow user cache when deleting a user
  948 * Add conceptual overview of the service catalog
  949 * Trivial: Update pypi url to new url
  950 * Update the RDO installation guide to use port 5000
  951 * Update keystone functional tests
  952 
  953 14.0.0.0b1
  954 ----------
  955 
  956 * Remove the sample .conf file
  957 * Allow blocking users from self-service password change
  958 * Add prerequisite package note to Keystone install guide
  959 * Update auth\_uri option to www\_authenticate\_uri
  960 * Fix json schema nullable to add None to ENUM
  961 * Use consistent role schema in token response validation
  962 * Corrects spelling of MacOS
  963 * Fix 500 error when deleting domain
  964 * Allow cleaning up non-existant group assignments
  965 * Follow the new PTI for document build
  966 * Use the new pysaml2 constraints
  967 * Fix incompatible requirement in lower-constraints
  968 * Update install guides
  969 * Fix mispelling of accommodate in install docs
  970 * Fix list\_limit doesn't work correctly for domain
  971 * Expose a bug that list\_limit doesn't work correctly
  972 * Log warning when using token\_flush
  973 * Removal of deprecated direct driver loading
  974 * Make tags filter match subset rather than exact
  975 * Updated from global requirements
  976 * Update RDO install guide for v3
  977 * Remove admin interface in sample Apache file
  978 * add lower-constraints job
  979 * Fix integer -> method conversion for python3
  980 * Fix user email in federated shadow users
  981 * Remove references to v2.0 from external developer doc
  982 * Remove references to UUID from token documentation
  983 * Add logging for xmlsec1 installation
  984 * Updated from global requirements
  985 * Mark the implied role API as stable
  986 * Add note to keystone-manage bootstrap doc
  987 * Fix assert test error under py3.6
  988 * Fix api-ref for project tag create
  989 * Updated from global requirements
  990 * Fixing multi-region support in templated v3 catalog
  991 * Update links in README
  992 * Use different labels for user and project names
  993 * Imported Translations from Zanata
  994 * Add user documentation for JSON Home
  995 * Fix formatting of ImportError
  996 * Imported Translations from Zanata
  997 * Updated from global requirements
  998 * Imported Translations from Zanata
  999 * Remove @expression from tags
 1000 * Work around deprecations for opportunistic tests
 1001 * Api-ref: fix resource\_limit format
 1002 * Correct typo in identity API reference
 1003 * Imported Translations from Zanata
 1004 * Consolidate identity-token-binding.rst
 1005 * Consolidate identity-service-api-protection.rst
 1006 * Add new setup commands for token keys
 1007 * Consolidate endpoint-filtering.rst
 1008 * Remove unnecessary config overrides from fernet tests
 1009 * Make assertValidFernetKey assertion more robust
 1010 * Update 3.10 versioning to limits and system scope
 1011 * Remove v2.0 policies
 1012 * Populate application credential data in token
 1013 * Imported Translations from Zanata
 1014 * Simplify federation and oauth token callbacks
 1015 * Simplify token persistence callbacks
 1016 * Refactor token cache invalidation callbacks
 1017 * Remove needs\_persistence property from token providers
 1018 * Imported Translations from Zanata
 1019 * Use OSC in application credential documentation
 1020 * Add docs for application credentials
 1021 * Force SQLite to properly deal with foreign keys
 1022 * Remove unused class variables from token provider
 1023 * Imported Translations from Zanata
 1024 * Grant admin a role on the system during bootstrap
 1025 * Fix querying role\_assignment with system roles
 1026 * Delete system role assignments when deleting groups
 1027 * Expose bug in system assignment when deleting groups
 1028 * Delete system role assignments when deleting users
 1029 * Expose bug in system assignment when deleting users
 1030 * Expose bug in /role\_assignments API with system-scope
 1031 * Remove the sql token driver and uuid token provider
 1032 * Imported Translations from Zanata
 1033 * Update reno for stable/queens
 1034 * Imported Translations from Zanata
 1035 
 1036 13.0.0.0rc1
 1037 -----------
 1038 
 1039 * Add placeholder migrations for Queens
 1040 * Delete SQL users before deleting domain
 1041 * Reorganize api-ref: v3-ext federation mapping.inc
 1042 * Update OBS install docs for v2 removal
 1043 * Reorganize api-ref: v3-ext federation service-provider
 1044 * Reorganize api-ref: v3-ext oauth.inc
 1045 * Replace port 35357 with 5000 for ubuntu guide
 1046 * Reorganize api-ref: v3 os-pki
 1047 * Reorganize api-ref: v3-ext federation identity-provider
 1048 * Reorganize api-ref: v3-ext trust.inc
 1049 * Remove v2.0 from documentation guides
 1050 * Remove v2.0 extension documentation
 1051 * Update curl request documentation to remove v2.0
 1052 * Remove v2 and v2-admin API documentation
 1053 * Remove all v2.0 APIs except the ec2tokens API
 1054 * Update sample configuration file for Queens
 1055 * Imported Translations from Zanata
 1056 * Finish refactoring self.\*\_api out of tests
 1057 * Add cache invalidation when delete application credential
 1058 * Expose a bug that application credential cache is not invalidated
 1059 * Fix cache invalidation for application credential
 1060 * Expose a bug that cache invalidation doesn't work for application credential
 1061 * Update the base class for application credential
 1062 * Fix list users by name
 1063 * Refactor self.\*\_api out of tests
 1064 * Use keystone.common.provider\_api for auth APIs
 1065 * Fix the wrong description
 1066 * Remove the redundant word
 1067 * Validate identity providers during token validation
 1068 * Update historical context about the removal of v2.0
 1069 * Document flat limit enforcement model
 1070 * add 'tags' in request body of projects
 1071 * Increase MySQL max\_connections for unit tests
 1072 * Add scope\_types for user policies
 1073 * Use native Zuul v3 tox job
 1074 * Update documentation to reflect system-scope
 1075 * Add a release note for application credentials
 1076 * Impose limits on application credentials
 1077 * Enable application\_credential auth by default
 1078 * Add api-ref for application credentials
 1079 * Add application credential auth plugin
 1080 * Add Application Credentials controller
 1081 * Zuul: Remove project name
 1082 * Refresh the admin\_token doc
 1083 * Remove pki\_setup step in doc
 1084 * Add documentation describing unified limits
 1085 * Handle TZ change in iso8601 >=0.1.12
 1086 * Remove PKI/PKIZ token in doc
 1087 * Add api-ref for unified limits
 1088 * Expose unified limit APIs
 1089 * Implement policies for limits
 1090 * Add limit provider
 1091 * Improve limit sql backend
 1092 * Replace Chinese punctuation with English punctuation
 1093 
 1094 13.0.0.0b3
 1095 ----------
 1096 
 1097 * Add release note for system-scope
 1098 * Implement GET /v3/auth/system
 1099 * Updated from global requirements
 1100 * Implement system-scoped tokens
 1101 * Document scope\_types for project policies
 1102 * Add scope\_types to trust policies
 1103 * Add scope\_types to grant policies
 1104 * Add scope\_types to role assignment policies
 1105 * Fix column rename migration for mariadb 10.2
 1106 * Remove foreign key for registered limit
 1107 * Introduce assertions for system-scoped token testing
 1108 * Implement system-scope in the token provider API
 1109 * Teach TokenFormatter how to handle system scope
 1110 * Remove the deprecated "giturl" option
 1111 * Relay system information in RoleAssignmentNotFound
 1112 * Rename application credential restriction column
 1113 * Update token doc
 1114 * Update keystone v2/tokenauth example
 1115 * Reorganize api-ref: v3-ext revoke.inc
 1116 * Reorganize api-ref: v3-ext ep-filter.inc
 1117 * Reorganize api-ref: v3-ext simple-cert.inc
 1118 * Reorganize api-ref: v3-ext federation projects-domains.inc
 1119 * Document scope\_types for credential policies
 1120 * Document scope\_types for ec2 policies
 1121 * Move token\_formatter to token
 1122 * Document fixes needed for token scope\_types
 1123 * Add scope\_types to service provider policies
 1124 * Add scope\_types to group policies
 1125 * Add scope\_types to domain config policies
 1126 * Add system column to app cred table
 1127 * Fix outdated links
 1128 * Add ability to list all system role assignments
 1129 * Add system role assignment documentation
 1130 * Add Application Credentials manager
 1131 * Handle TODO notes for using new\_user\_ref
 1132 * Updated from global requirements
 1133 * Add application credentials driver
 1134 * Make entries in policy\_mapping.rst consistent
 1135 * Add application credentials db migration
 1136 * Fix indentation in docs
 1137 * remove \_append\_null\_domain\_id decorator
 1138 * Fix wrong url in domains-config-v3.inc
 1139 * msgpack-python has been renamed to msgpack
 1140 * adjust response code order in 'regions-v3.inc'
 1141 * Fix wrong url in config-options.rst
 1142 * adjust response code order in 'authenticate-v3.inc'
 1143 * Reorganize api-ref: v3-ext endpoint-policy.inc
 1144 * Imported Translations from Zanata
 1145 * Extract expiration validation to utils
 1146 * Implement controller logic for system group assignments
 1147 * adjust response code order in ''policies.inc''
 1148 * adjust response code order in ''domains-config-v3.inc''
 1149 * put response code in table of ''domains.inc''
 1150 * adjust response code in order of credentials.inc
 1151 * fix wrong url link of User trusts
 1152 * Reorganize api-ref: v3-ext federation assertion.inc
 1153 * Implement controller logic for system user assignments
 1154 * Add schema check for authorize request token
 1155 * Remove whitespace from policy sample file
 1156 * Use keystone.common.provider\_api for trust APIs
 1157 * Add db operation for unified limit
 1158 * Add new tables for unified limits
 1159 * Fix federation unit test
 1160 * add response example and 'extra' info of create user
 1161 * Add scope\_types to domain policies
 1162 * Add scope\_types for policy policies
 1163 * Add scope\_types to oauth policies
 1164 * Add scope\_types to token revocation policies
 1165 * Add scope\_types to endpoint group policies
 1166 * Migrate jobs to zuulV3
 1167 * Add scope\_types to role policies
 1168 * Add scope\_types to implied role policies
 1169 * Add expired\_at\_int column to trusts
 1170 * Add scope\_types for revoke event policies
 1171 * Add scope\_types to protocol policies
 1172 * Add scope\_types to project endpoint policies
 1173 * Add scope\_types to policy association policies
 1174 * Add scope\_types to mapping policies
 1175 * Add scope\_types to identity provider policies
 1176 * Add scope\_types to service policies
 1177 * Handle InvalidScope exception from oslo.policy
 1178 * Use keystone.common.provider\_api directly in assignment
 1179 * Add scope\_types to region policies
 1180 * Add scope\_types to endpoint policies
 1181 * Expose a get\_enforcer method for oslo.policy scripts
 1182 * Reorganize api-ref: v3 project-tags
 1183 * Reorganize api-ref: v3 authenticate-v3
 1184 * Deprecate [trust]/enabled option
 1185 * Use keystone.common.provider\_api for resource APIs
 1186 * Re-organize api-ref: v3 inherit.inc
 1187 * Implement get\_unique\_role\_by\_name
 1188 * Reorganize api-ref: v3-ext federation projects-domains
 1189 * Reorganize api-ref: v3 regions-v3
 1190 * Reorganize api-ref: v3 policies
 1191 * Remove duplicated release note
 1192 * Reorganize api-ref: v3 credentials
 1193 * Reorganize api-ref: v3 domains-config-v3
 1194 * Reorganize api-ref: v3 service-catalog
 1195 * Reorganize api-ref: v3 projects
 1196 * Reorganize api-ref: v3 roles
 1197 * Use keystone.common.provider\_api for identity APIs
 1198 * Use keystone.common.provider\_api for revoke APIs
 1199 * Use keystone.common.provider\_api for policy APIs
 1200 * Use keystone.common.provider\_api for oauth APIs
 1201 * Use keystone.common.provider\_api for federation APIs
 1202 * Use keystone.common.provider\_api for endpoint\_policy APIs
 1203 * Use keystone.common.provider\_api for credential APIs
 1204 * Use keystone.common.provider\_api for catalog APIs
 1205 * Use keystone.common.provider\_api for token APIs
 1206 * modify LOG.error tip message
 1207 * Performance: improve get\_role
 1208 * Add group system grant policies
 1209 * Replace parse\_strtime with datetime.strptime
 1210 * Remove private methods for v2.0 and v3 tokens
 1211 * Ensure building scope is mutually exclusive
 1212 * Add user system grant policies
 1213 * Implement manager logic for group+system roles
 1214 * Implement manager logic for user+system roles
 1215 * Implement backend logic for system roles
 1216 * Add a new table for system role assignments
 1217 * Refactor project tags encoding
 1218 * Expose a bug when authorize request token
 1219 * Bump API version and date to 3.9
 1220 * Create doc/requirements.txt
 1221 * remove some misleading info in Update user API doc
 1222 * Updated from global requirements
 1223 * remove "admin\_token\_auth" related content"
 1224 * Remove rolling\_upgrade\_password\_hash\_compat
 1225 * Deprecate member\_role\_id and member\_role\_name
 1226 * Migrate functional tests to stestr
 1227 * Remove Dependency Injection
 1228 * Rename fernet\_utils to token\_utils
 1229 * Remove extra parameter for token auth
 1230 * Refresh sample\_data.sh
 1231 * Improve exception logging with 500 response
 1232 * Remove dead code for auth\_context
 1233 * Updated from global requirements
 1234 
 1235 13.0.0.0b2
 1236 ----------
 1237 
 1238 * Reorganize api-ref:v3 groups
 1239 * Handle deprecation of inspect.getargspec
 1240 * Enforce policy on oslo-context
 1241 * Correct error message for request token
 1242 * Refresh the Controller list
 1243 * Updated from global requirements
 1244 * Update keystone testing documentation
 1245 * Fix role schema in trust object
 1246 * Validate disabled domains and projects online
 1247 * Add New in Pike note to using db\_sync check
 1248 * Fix 500 error when create trust with invalid role key
 1249 * Expose a bug when create trust with roles
 1250 * Remove member role assignment
 1251 * Fix wrong links in keystone documentation
 1252 * Add schema check for OS-TRUST:trust authentication
 1253 * Expose a bug when authenticating for a trust-scoped token
 1254 * Update the help message for unique\_last\_password\_count
 1255 * Remove apache-httpd related link
 1256 * Populate user, project and domain names from token into context
 1257 * Remove setting of version/release from releasenotes
 1258 * Updated from global requirements
 1259 * Update cache doc
 1260 * Updated from global requirements
 1261 * Fix 500 error when authenticate with "mapped"
 1262 * Updated from global requirements
 1263 * Filter users/groups in ldap with whitespaces
 1264 * Deprecate policies API
 1265 * Change url in middleware test to v3
 1266 * Remove ensure\_default\_domain\_exists
 1267 * Ensure listing projects always returns tags
 1268 * Consolidate V2Controller functionality
 1269 * Remove v2 token value model
 1270 * Add non-voting rolling upgrade test
 1271 * Remove "no auth token" debug log
 1272 * Partially clarify federation auth plugins
 1273 * Handle ldap size limit exeeded exception
 1274 * policy.v3cloudsample.json: remove redundant blank space
 1275 * Remove expired password v2 test
 1276 * Remove v2 token test models
 1277 * Remove/update v2 catalog endpoint tests
 1278 * Remove unnecessary dependency injection
 1279 * Remove identity v2 to v3 test case
 1280 * Reorganize api-ref: v3 domains
 1281 * Correct parameter to follow convention
 1282 
 1283 13.0.0.0b1
 1284 ----------
 1285 
 1286 * Remove v2 schema and validation tests
 1287 * Implement project tags API controller and router
 1288 * Implement project tags logic into manager
 1289 * Implement backend logic for project tags
 1290 * Remove v2.0 assignment schema
 1291 * Add project tags api-ref documentation and reno
 1292 * Deleting an identity provider doesn't invalidate tokens
 1293 * Add policy for project tags
 1294 * Add JSON schema validation for project tags
 1295 * Fix initial mapping example
 1296 * Fix list in caching documentation
 1297 * Updated from global requirements
 1298 * Refactor test\_backend\_ldap tests
 1299 * Emit deprecation warning for federated domain/project APIs
 1300 * Reorganize api-ref: v3-ext federation auth
 1301 * Update the release name in install tutorial
 1302 * Reorganize api-ref: v3 users
 1303 * Add explain of mapping group attribute
 1304 * Remove v2.0 identity API documentation
 1305 * Add database migration for project tags
 1306 * Remove the v2\_deprecated decorator
 1307 * Remove the v3 to v2 resource test case
 1308 * Remove admin\_token\_auth steps from install guide
 1309 * Remove the v2.0 validate path from validate\_token
 1310 * Remove v2.0 test plumbing
 1311 * Remove v2.0 auth APIs
 1312 * Remove v2.0 token APIs
 1313 * Move auth header definitions into authorization
 1314 * Remove v2.0 identity APIs
 1315 * Use stestr directly instead of ostestr
 1316 * Remove middleware reference to PARAMS\_ENV and CONTEXT\_ENV
 1317 * Migrate to stestr
 1318 * Updated from global requirements
 1319 * Add default configuration files to data\_files
 1320 * Add unit tests to mapping\_purge
 1321 * Replace assertRegexpMatches with assertregex
 1322 * Update API reference link in README
 1323 * Refactor removal of duplicate projects/domains
 1324 * Update links in keystone
 1325 * Fix role assignment api-ref docs
 1326 * Update invalid url in admin docs
 1327 * Remove keystone-all doc
 1328 * Fix typos in bootstrap doc
 1329 * Properly normalize protocol in Fedrations update\_protocol
 1330 * Two different API achieve listing role assignments
 1331 * Add backport migrations for Pike
 1332 * Adds Bandit #nosec flag to instances of SHA1
 1333 * Policy exception
 1334 * Remove duplicate code
 1335 *   Fix a typo
 1336 * Increase multi region endpoints test coverage
 1337 * Replace DbMigrationError with DBMigrationError
 1338 * Confusing notes of ephemeral user's domain
 1339 * Confusing log messages in project hierarchy checking
 1340 * Remove vestigate HUDSON\_PUBLISH\_DOCS reference
 1341 * Add test GET for member url in the Assignment API
 1342 * Remove v2.0 resource APIs
 1343 * Remove v2.0 assignment APIs
 1344 * Remove v2.0 service and endpoint APIs
 1345 * Fix endpoint examples in api-ref
 1346 * Copy specific distro pages for install guide
 1347 * Imported Translations from Zanata
 1348 * Log format error
 1349 * Updated from global requirements
 1350 * Ignore release notes for pike and master
 1351 * Clarify documentation for release notes
 1352 * Revert "Fix wrong links"
 1353 * Remove missing release note from previous revert
 1354 * Include a link in release note for bug 1698900
 1355 * Delete redundant code
 1356 * Call methods with kwargs instead of positionals
 1357 * Remove duplicate roles from federated auth
 1358 * Add the step to create a domain
 1359 * Add int storage of datetime for password created/expires
 1360 * Resource backend is SQL only now
 1361 * Assert default project id is not domain
 1362 * Fix wrong links
 1363 * Imported Translations from Zanata
 1364 * Remove deprecation of domain\_config\_upload
 1365 * Update reno for stable/pike
 1366 
 1367 12.0.0.0rc1
 1368 -----------
 1369 
 1370 * Unset project ids for all identity backends
 1371 * Update docs: fernet is the default provider
 1372 * Add description for relationship links in api-ref
 1373 * Updated URLs in docs
 1374 * Cache list projects and domains for user
 1375 * Remove unused hints from assignment APIs
 1376 * Make an error state message more explicit
 1377 * Fill in content in CLI Documentation
 1378 * Except forbidden when clearing default project IDs
 1379 * Update URL in README.rst
 1380 * Document required \`type\` mapping attribute
 1381 * Imported Translations from Zanata
 1382 * Fix man page builds
 1383 * Fill in content in User Documentation
 1384 * Clarify SELinux note in LDAP documentation
 1385 * Remove duplicate sample files
 1386 * Remove policy for self-service password changes
 1387 * Add role\_domain\_id\_request\_body in parameters
 1388 * use the show-policy directive to show policy settings
 1389 * Move credential encryption docs to admin-guide
 1390 * Consolidate LDAP documentation into admin-guide
 1391 * Imported Translations from Zanata
 1392 * Add description of domain\_id in creating user/group
 1393 * Add cli/ directory for documentation
 1394 * Add user/ directory for documentation
 1395 * Add contributor/ directory for docs
 1396 * Removed unnecessary setUp() calls from unit tests
 1397 * Filter users and groups in ldap
 1398 * Move url safe naming docs to admin guide
 1399 * Fix ec2tokens validation in v2 after regression in metadata\_ref removal
 1400 * Add the step to install apache2 libapache2-mod-wsgi
 1401 * Handle auto-generated domains when creating IdPs
 1402 * Updated from global requirements
 1403 * Fix the documentation sample for OS-EP-FILTER
 1404 
 1405 12.0.0.0b3
 1406 ----------
 1407 
 1408 * Clarify documentation on whitelists and blacklists
 1409 * In the devstack plugin, restart keystone after modifying conf
 1410 * Fix typo in index documentation
 1411 * Move performance documentation to admin-guide
 1412 * Consolidate certificate docs to admin-guide
 1413 * Move auth plugin development doc to contrib guide
 1414 * Add missing comma to json sample
 1415 * Added new subsections to developer docs
 1416 * Fix wording of configuration help text
 1417 * Added index.rst in each sub-directory
 1418 * Optional request parameters should be not required
 1419 * Updated from global requirements
 1420 * Move development environment setup to contributor docs
 1421 * Add a hacking rule for string interpolation at logging
 1422 * Make the devstack plugin more configurable for federation
 1423 * Reorganised developer documentation
 1424 * Enable sphinx todo extension
 1425 * Remove duplicate configuration sections
 1426 * Expanded the best practices subsection in devdocs
 1427 * Added new docs to admin section
 1428 * Move bootstrapping documentation to admin-guide
 1429 * Updated from global requirements
 1430 * Add a release note for bug 1687593
 1431 * Reorganised api-ref index page
 1432 * remove default rule
 1433 * Merged the caching subsections in admin docs
 1434 * Move trust to DocumentedRuleDefault
 1435 * Improved the keystone federation image
 1436 * [install] Clarify the paths of the rc files
 1437 * fix identity:get\_identity\_providers typo
 1438 * fix assert\_admin
 1439 * Fixing flushing tokens workflow
 1440 * Replaced policy.json with policy.yaml
 1441 * Added configuration options using oslo.config
 1442 * Added configuration references to documentation
 1443 * Add history behind why keystone has two ports
 1444 * Move upgrade documentation to admin-guide
 1445 * Stop using deprecated 'message' attribute in Exception
 1446 * Move caching docs into admin-guide
 1447 * Gear documentation towards a wider audience
 1448 * Removed apache-httpd guide from docs
 1449 * Update security compliance documentation
 1450 * A simple fix about explicit unscoped string
 1451 * Remove duplicate token docs
 1452 * Update info about logging in admin guide
 1453 * Use log debug instead of warning
 1454 * Added a note for API curl examples
 1455 * Move import down to correct group
 1456 * Switch from oslosphinx to openstackdocstheme
 1457 * Clarify LDAP invalid credentials exception
 1458 * Ensure there isn't duplication in federated auth
 1459 * Remove keystone\_tempest\_plugin from setup.cfg
 1460 * Move implied role policies to DocumentedRuleDefault
 1461 * Remove duplicated list conversion
 1462 * Remove duplicated hacking rule
 1463 * Document and add release note for HEAD APIs
 1464 * Validate rolling upgrade is run in order
 1465 * Remove duplicate logging documentation
 1466 * Migrated docs from devdocs to user docs
 1467 * Updated from global requirements
 1468 * Remove note about kvs from admin-guide
 1469 * Move token flush documentation to admin-guide
 1470 * Remove the revocation api config section
 1471 * Rename Developer docs to Contributor docs
 1472 * Removed unnecessary line breaks from install-guides
 1473 * Added keystone installation guides
 1474 * Implement HEAD for assignment API
 1475 * Make federation documentation consistent
 1476 * Added keystone admin guides to documentation
 1477 * Add annotation about token authenticate
 1478 * Split test\_get\_head\_catalog\_no\_token
 1479 * Move related project information into main doc
 1480 * Move ec2 credential policies to DocumentedRuleDefault
 1481 * Return 400 when trying to create trust with ambiguous role name
 1482 * Reorganised keystone documentation structure
 1483 * Updated the keystone docs to follow the docs theme
 1484 * Fix PCI DSS docs on change\_password\_after\_first\_use
 1485 * Add HEAD API to auth
 1486 * Add HEAD APIs to federated API
 1487 * Ensure the trust API supports HEAD requests
 1488 * Ensure oauth API supports HEAD
 1489 * Ensure the endpoint policy API supports HEAD
 1490 * Improve handling of database migration checks
 1491 * Updated from global requirements
 1492 * Check log output rather than emitting in tests
 1493 * Ensure HEAD is supported with simple cert
 1494 * Ensure the ec2 API supports HEAD
 1495 * Ensure the endpoint filter API supports HEAD
 1496 * Move domain config to DocumentedRuleDefault
 1497 * Add HEAD API to domain config
 1498 * Updated from global requirements
 1499 * Move grant policies to DocumentedRuleDefault
 1500 * Move role policies to DocumentedRuleDefault
 1501 
 1502 12.0.0.0b2
 1503 ----------
 1504 
 1505 * Use DocumentedRuleDefault for token operations
 1506 * Remove the local tempest plugin
 1507 * Add response example in authenticate-v3.inc
 1508 * Addition of "type" optional attribute to list credentials
 1509 * Remove keystone.conf if not used
 1510 * Updated from global requirements
 1511 * Remove assertRaisesRegexp testing function
 1512 * Update DirectMappingError in keystone.exception
 1513 * Remove dependency requires if not used
 1514 * Add role test to test\_consume\_trust\_once in test\_v3\_auth.py
 1515 * Writing API & Scenario Tests docs
 1516 * Handle group NotFound in effective assignment list
 1517 * Updated from global requirements
 1518 * Update doctor warning about caching
 1519 * Basic overview of tempest and devstack plugins
 1520 * Updated from global requirements
 1521 * Updated from global requirements
 1522 * Don't need to contruct data if not need persistence
 1523 * Fix response body of getting role inference rule
 1524 * Quotation marks should be included in http url using curl
 1525 * Updated from global requirements
 1526 * Replace test.attr with decorators.attr
 1527 * Update test case for federation
 1528 * Support new hashing algorithms for securely storing password hashes
 1529 * Remove loading drivers outside of their expected namespaces
 1530 * Change LDAPServerConnectionError
 1531 * Error api about grant collections in policy\_mapping.rst
 1532 * Updated from global requirements
 1533 * Handle NotFound when listing role assignments for deleted users
 1534 * Update sample configuration file for Pike
 1535 * Change url scheme passed to oauth signature verifier
 1536 * Updated from global requirements
 1537 * Role name is unique within the owning domain
 1538 * Remove LDAP delete logic and associated tests
 1539 * Revert change 438035 is\_admin\_project default
 1540 * Trivial fix typo in doc
 1541 * Fix misnamed variable in config
 1542 * Change url passed to oauth signature verifier to request url
 1543 * Expose a bug in domain creation from idps
 1544 * Role name is unique within the owning domain
 1545 * Refactor is\_admin
 1546 * Update fail message to test\_database\_conflicts
 1547 * Fix keystone.tests.unit.test\_v3\_oauth1.MaliciousOAuth1Tests
 1548 * Test config option 'user\_enabled\_default' with string type value
 1549 * Stop using oslotest.mockpatch
 1550 * Remove X-Auth-Token from response parameters
 1551 * Fix test\_minimum\_password\_age\_and\_password\_expires\_days\_deactivated
 1552 * Refactor Authorization:
 1553 * Cleanup policy generation
 1554 * Fix test keystone.tests.unit.test\_token\_bind.BindTest
 1555 * Fix keystone.tests.unit.test\_backend\_ldap.LDAPIdentity
 1556 * Remove test\_metadata\_invalid\_contact\_type
 1557 * Update dead API spec links
 1558 * override config option notification\_opt\_out with list
 1559 * Add filter explain in api ref about parents\_as\_list and subtree\_as\_list
 1560 * use '&' instead of '?' to connect parameters in url
 1561 * Remove usage of enforce\_type
 1562 * Revise doc about python 3.4
 1563 * Update Devstack plugin for uwsgi and mod\_proxy\_uwsgi
 1564 * Add notes in inherit.inc
 1565 * Do not fetch group assignments without groups
 1566 * Readability enhancements to architecture doc
 1567 * Add response examples to OS-OAUTH1 api documentation
 1568 * Correct oauth create\_request\_token documentation
 1569 * Remove unused CONF
 1570 * Remove unused LOG
 1571 * Move policy generator config to config-generator/
 1572 * Include sample policy file in documentation
 1573 * Trivial Fix: fix typo in test comments
 1574 * Move user policies to DocumentedRuleDefault
 1575 * Explicitly set 'builders' option
 1576 * Make flushing tokens more robust
 1577 * Minor corrections in OS-OAUTH1 api documentation
 1578 * Fix-test-of-assertValidRole
 1579 * Small refactoring in tests development docs
 1580 * Move endpoint group to DocumentedRuleDefault
 1581 * Fix doc generation for python 3
 1582 
 1583 12.0.0.0b1
 1584 ----------
 1585 
 1586 * Updated from global requirements
 1587 * Imported Translations from Zanata
 1588 * Updated scope parameter description in v3 API-ref
 1589 * Add Apache License Content in index.rst
 1590 * Address comments from Policy in Code 5
 1591 * Remove unused revocation check in revoke\_models
 1592 * Updated from global requirements
 1593 * Remove unused code in test\_revoke
 1594 * Move group policies to DocumentedRuleDefault
 1595 * Move consumer to DocumentedRuleDefault
 1596 * Move access token to DocumentedRuleDefault
 1597 * Move mapping to DocumentedRuleDefault
 1598 * Move role assignment to DocumentedRuleDefault
 1599 * Move region policies to DocumentedRuleDefault
 1600 * Move project endpoint to DocumentedRuleDefault
 1601 * Remove unnecessary processing when deleting grant
 1602 * Add sem-ver flag so pbr generates correct version
 1603 * Move protocol to DocumentedRuleDefault
 1604 * Move credential policies to DocumentedRuleDefault
 1605 * Move policy association to DocumentedRuleDefault
 1606 * Move and refactor test\_revoke\_by\_audit\_chain\_id
 1607 * Move policy policies to DocumentedRuleDefault
 1608 * Move and refactor project\_and\_user\_and\_role
 1609 * Updated from global requirements
 1610 * Move and refactor test\_by\_domain\_domain
 1611 * Move and refactor test\_by\_domain\_project
 1612 * Move and refactor test\_by\_domain\_user
 1613 * Remove unused method \_sample\_data in test\_revoke
 1614 * Refactor test\_revoke to call check\_token directly
 1615 * Differentiate between dpkg and rpm for libssl-dev
 1616 * Move auth to DocumentedRuleDefault
 1617 * Move service policies to DocumentedRuleDefault
 1618 * Remove unnecessary setUp function in testcase
 1619 * Remove policy file from source and refactor tests
 1620 * Remove revocation API dependency from identity API
 1621 * Remove revocation API dependency from resource API
 1622 * Move project policies to DocumentedRuleDefault
 1623 * Replace wip with skip
 1624 * Removed domain conflict guard in load\_fixtures
 1625 * Updated from global requirements
 1626 * Remove create\_container\_group from tests
 1627 * Add charset to webob.Response
 1628 * Move identity provider to DocumentedRuleDefault
 1629 * Move endpoint policies to DocumentedRuleDefault
 1630 * Move domain policies to DocumentedRuleDefault
 1631 * Move service provider to DocumentedRuleDefault
 1632 * Add policy sample generation
 1633 * Removed the deprecated pki\_setup command
 1634 * Reduce fixture setup in test\_backend\_ldap
 1635 * Consolidate and cleanup test\_backend\_ldap setup
 1636 * Remove conflict guards in load\_fixtures
 1637 * Remove orphaned \_create\_context test helper
 1638 * Remove decorator for asserting validation errors
 1639 * Remove orphaned AuthTestMixin from test\_v3
 1640 * Move revoke events to DocumentedRuleDefault
 1641 * Doc db\_sync --expand incurring downtime in upgrades to Newton
 1642 * Fix some reST field lists in docstrings
 1643 * Remove log translations in keystone
 1644 * Move release note from /keystone/releasenotes to /releasenotes
 1645 * Small fixes for WebOb 1.7 compatibiltity
 1646 * Error messages are not translating with locale
 1647 * Add a note to db\_sync configuration section
 1648 * Remove unused revoke\_by\_domain\_role\_assignment
 1649 * Remove unused revoke\_by\_project\_role\_assignment
 1650 * Remove unnecessary revocation events revoke grant
 1651 * Remove unnecessary revocation events
 1652 * Remove unnecessary revocation events
 1653 * Policy in code (part 5)
 1654 * Policy in code (part 4)
 1655 * Set the correct in-code policy for ec2 operations
 1656 * Don't persist revocation events when deleting a role
 1657 * Policy in code (part 3)
 1658 * Policy in code (part 2)
 1659 * Policy in code
 1660 * Speed up check\_user\_in\_group for LDAP users
 1661 * Don't persist rev event when deleting access token
 1662 * Include the requested URL in authentication errors
 1663 * Remove extra duplicate 'be' in description
 1664 * Add group\_members\_are\_ids to whitelisted options
 1665 * Use HostAddressOpt for opts that accept IP and hostnames
 1666 * Remove x-subject-token in api-ref for v3/auth/catalog
 1667 * Add reno conventions to developer documentation
 1668 * Updated from global requirements
 1669 * Fix description for 204 response
 1670 * Updated from global requirements
 1671 * Remove keystone.common.ldap
 1672 * Fix the typo
 1673 * Add in-code comment to clarify pattern in tests
 1674 * Fix keystone.o.o URL
 1675 * Test for fernet rotation recovery after disk full
 1676 * API-ref return code fix
 1677 * Updated from global requirements
 1678 * Imported Translations from Zanata
 1679 * Fix api-ref building with sphinx 1.5
 1680 * Change is\_admin\_project to False by default
 1681 * Remove pbr warnerrors in favor of sphinx check
 1682 * Move driver loading inside of dict
 1683 * Minor cleanup from patch 429047
 1684 * Remove password\_expires\_ignore\_user\_ids
 1685 * Remove unused variable
 1686 * Revise conf param in releasenotes
 1687 * Modify examples to use v3 URLs
 1688 * Fix duplicate handling for user-specified IDs
 1689 * Removing group role assignments results in overly broad revocation events
 1690 * Typos in the LoadAuthPlugins note
 1691 * Remove domains \*-log-\* from compile\_catalog
 1692 * Add instruction to restart apache
 1693 * Exchange cURL examples for openstackclient
 1694 * Updated from global requirements
 1695 * Remove x-subject-token in api-ref for v3/auth/{projects,domains}
 1696 * Exclusively use restore\_padding method in unpacking fernet tokens
 1697 * Remove EndpointFilterCatalog
 1698 * Give a prospective removal date for all v2 APIs
 1699 * Fix some typo in releasenotes
 1700 * Correct and enhance OpenId Connect docs
 1701 * Imported Translations from Zanata
 1702 * Correct and enhance Mellon federation docs
 1703 * Clear the project ID from user information
 1704 * Fix MFA rule checks for LDAP auth
 1705 * Fix v2 role create schema validation
 1706 * Update reno for stable/ocata
 1707 * Fix the s3tokens endpoint
 1708 * Stop reading local config dirs for domain-specific file config driver
 1709 * Fix typo in config doc
 1710 * Updated from global requirements
 1711 * Fix example response formatting
 1712 * Rename protocol cascade delete migration file
 1713 * Remove logging import unused
 1714 * Address db\_sync check against new install
 1715 * Deprecate (and slate for removal) UUID tokens
 1716 * Remove the file encoding which is unnecessary
 1717 * Correct some typo errors
 1718 * Federated mapping doc improvements
 1719 * Include 'token' in the method list for federated scoped tokens
 1720 * Add --check to keystone-manage db\_sync command
 1721 * Deprecate (and emit message) AdminTokenAuthMiddleware
 1722 * Use ostestr instead of the custom pretty\_tox.sh
 1723 * Fix multiple uuid warnings with pycadf
 1724 * Add unit test for db\_sync run out of order
 1725 * Fixed warning when building keystone docs
 1726 * Ensure migration file names are unique to avoid caching errors
 1727 * use the correct bp link for shadow-mapping rel note
 1728 * Readability/Typo Fixes in Release Notes
 1729 * Remove unused api parameters
 1730 * Make use of Dict-base including extras explicit
 1731 * Add placeholder migrations for Ocata
 1732 * Update hacking version
 1733 * Use httplib constants for http status codes
 1734 * Renaming of api parameters
 1735 * Remove KVS code
 1736 
 1737 11.0.0
 1738 ------
 1739 
 1740 * Modify the spelling mistakes
 1741 * Stop reading local config dirs for domain-specific SQL config driver
 1742 * Prepare for using standard python tests
 1743 * update keystone.conf.sample for ocata-rc
 1744 * Add MFA Rules Release Note
 1745 * Remove de-dupe for MFA Rule parsing
 1746 * Add comment to clarify resource-options jsonschema
 1747 * Cleanup TODO, AuthContext and AuthInfo to auth.core
 1748 * Cleanup TODO about auth.controller code moved to core
 1749 * Add validation that token method isn't needed in MFARules
 1750 * Add validation for mfa rule validator (storage)
 1751 * Process and validate auth methods against MFA rules
 1752 * Update endpoint api for optional region\_id
 1753 * No need to enable infer\_roles setting
 1754 * Fix bad error message from FernetUtils
 1755 * Use https for docs.openstack.org references
 1756 * Update PCI documenation
 1757 * Auth Plugins pass data back via AuthHandlerResponse
 1758 * Auth Method Handlers now return a response object always
 1759 * Add MFA Rules and Enabled User options
 1760 * cleanup release notes from PCI options
 1761 * Create user option \`ignore\_lockout\_failure\_attempts\`
 1762 * Implement better validation for resource options
 1763 * Deprecate [security\_compliance]\password\_expires\_ignore\_user\_ids
 1764 * Fixes deprecations caused by latest oslo.context
 1765 * PCI-DSS Force users to change password upon first use
 1766 * clean up release notes for ocata
 1767 * Reuse already existing groups from upstream tempest config
 1768 * add additional deprecation warnings for KVS options
 1769 * Address follow-up comments from previous patchset
 1770 * Cleanup for resource-specific options
 1771 * Adds tests showing how mapping locals are handled
 1772 
 1773 11.0.0.0b3
 1774 ----------
 1775 
 1776 * Add 'options' as an explicit user schema validation
 1777 * Code-Defined Resource-specific Options
 1778 * Set the domain for federated users
 1779 * Refactor shadow users tests
 1780 * Add domain\_id to the user table
 1781 * Do not call \`to\_dict\` outside of a session context
 1782 * Remove code supporting moving resources between domains
 1783 * Change unit test class to a less generic name
 1784 * Remove dogpile.core dependencies
 1785 * Verbose breakup of method into seperate methods
 1786 * Fixed unraised exception in \_disallow\_write for LDAP
 1787 * Add password expiration queries for PCI-DSS
 1788 * Add missing parentheses
 1789 * Add queries for federated attributes in list\_users
 1790 * update entry points related to paste middleware
 1791 * Remove LDAP write support
 1792 * Remove releated role\_tree\_dn test
 1793 * Add warning about using \`external\` with federation
 1794 * Allow user to change own expired password
 1795 * Fix warnings generated by os-api-ref 1.2.0
 1796 * Improvements to external auth documentation page
 1797 * Test cross domain authentication via implied roles
 1798 * Updates to project mapping documentation
 1799 * Add documentation for auto-provisioning
 1800 * Implement federated auto-provisioning
 1801 * Fix typo in main docs page
 1802 * switch @hybrid\_property to @property
 1803 * Catch potential SyntaxError in federation mapping
 1804 * Fix typo in shibboleth federation docs
 1805 * Handling of 'region' parameter as None
 1806 * Corrected punctuation on multiple exceptions
 1807 * Exclude 'keystone\_tempest\_plugin' in doc build
 1808 * Force use of AuthContext object in .authentcate()
 1809 * Cascade delete federated\_user fk
 1810 * update sample config for ocata release
 1811 * Drop type in filters
 1812 * Add DB operations tracing
 1813 * fix broken links
 1814 * Changed 'Driver' reference to 'TokenDriverBase'
 1815 * Fix keystone-manage mapping\_engine tester
 1816 * Add anonymous bind to get\_connection method
 1817 * Set connection timeout for LDAP configuration
 1818 * Invalid parameter name on interface
 1819 * Bump API version and date
 1820 * listing revoke events should be admin only
 1821 * Adds projects mapping to the mapping engine
 1822 * Updated docstring for test\_sql\_upgrade.py
 1823 * Use public interfaces of pep8 for hacking
 1824 * [api-ref] Clean up OS-EP-FILTER association docs
 1825 * Remove comment from previous migration
 1826 * [api-ref] Clean up OS-EP-FILTER documentation
 1827 * Fixed not in toctree warnings when building docs
 1828 * Remove stevedore warning when building docs
 1829 * Update docs to require domain\_id when registering Identity Providers
 1830 * Retry on deadlock Transactions in backend
 1831 * Fix region\_id responses and requests to be consistent
 1832 * Remove endpoint\_id parameter from EP-FILTER docs
 1833 * [api] fix ep filter example
 1834 * Require domain\_id when registering Identity Providers
 1835 * Fix minor typo
 1836 * Remove references to Python 3.4
 1837 * Improve assertion in test
 1838 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1839 * Correct invalid rst in api docs
 1840 * Fixed 7 tests running twice in v3 identity
 1841 * Fix issues with keystone-dsvm-py35-functional-v3-only on py35
 1842 * Fix the usage of tempest.client.Manager class
 1843 * Correct timestamp format in token responses
 1844 * Remove unused exceptions from CADF notifications
 1845 * Minor improvement in test\_user\_id\_persistence
 1846 * Remove CONF.domain\_id\_immutable
 1847 * Fix test function name with two underscores to have only one
 1848 * Updated from global requirements
 1849 * Fix import ordering in tempest plugins
 1850 * [api] Inconsistency between v3 API and keystone token timestamps
 1851 * Federated authentication via ECP functional tests
 1852 * Removes unnecessary utf-8 encoding
 1853 * Handle disk write failure when doing Fernet key rotation
 1854 * Fix cloud\_admin rule and ensure only project tokens can be cloud admin
 1855 * Updated from global requirements
 1856 * Remove duplicate role assignment in federated setup
 1857 * Remove unused variables from federation tests
 1858 * Remove unused variables from unit test method
 1859 * Add reason to CADF notifications in docs
 1860 * [doc] point release note docs to project team guide
 1861 * [api] set \`is\_admin\_project\` on tokens for admin project
 1862 * Settings for test cases
 1863 * Add reason to notifications for PCI-DSS
 1864 * Fix typo in doc
 1865 * fix one typo
 1866 * Updated from global requirements
 1867 * Wrap invalidation region to context-local cache
 1868 * move common sql test helpers to base class
 1869 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1870 * replace assertTrue with assertIs
 1871 
 1872 11.0.0.0b2
 1873 ----------
 1874 
 1875 * Replace logging with oslo\_log
 1876 * expose v3policy failure with is\_admin\_token
 1877 * Add doctor checks for ldap symptoms
 1878 * Implement password requirements API
 1879 * Fix a typo in comment
 1880 * Add unit tests for doctor token\_fernet symptoms
 1881 * Remove impossible case from \_option\_dict method
 1882 * Make \_option\_dict() a method for domain\_config\_api
 1883 * Add unit tests for doctor tokens symptoms
 1884 * Add checks for doctor credential symptoms
 1885 * Make user to nonlocal\_user a 1:1 relationship
 1886 * Add id to conflict error if caused by duplicate id
 1887 * Refactors \_get\_names\_from\_role\_assignments
 1888 * Do not manually remove /etc/shibboleth folder
 1889 * API Documentation for user password expires
 1890 * Revert "API Documentation for user password expires"
 1891 * API Documentation for user password expires
 1892 * Clean up keystone doc landing page
 1893 * Add doctor tests on security\_compliance and rename
 1894 * Fix typo in api-ref doc
 1895 * Move V2TokenDataHelper to the v2.0 controller
 1896 * Remove exception from v2 validation path
 1897 * Make bootstrap idempotent when it needs to be
 1898 * Add unit tests for doctor's database symptoms
 1899 * Print name with duplicate error on user creation
 1900 * Expose idempotency issue with bootstrap
 1901 * Print domain name in mapping\_populate error message
 1902 * Correct missspellings of secret
 1903 * Trivial indentation corrections in mappings doc
 1904 * Add doctor check for debug mode enabled
 1905 * Fixed multiple warnings in tox -edocs
 1906 * Get assignments with names honors inheritance flag
 1907 * Updated from global requirements
 1908 * Add test to expose bug 1625230
 1909 * Invalidate token cache after token delete
 1910 * Revert "Rename doctor symptom in security\_compliance"
 1911 * Domain included for role in list\_role\_assignment
 1912 * api-ref update for roles assignments with names
 1913 * Rename doctor symptom in security\_compliance
 1914 * Corrects sample-data incorrect credential call
 1915 * Correct minor issues in test schema
 1916 * Add unit tests for doctor federation file
 1917 * Remove CONF.os\_inherit.enabled
 1918 * Add unit tests for doctor's caching symptoms
 1919 * Updated from global requirements
 1920 * Updated from global requirements
 1921 * More info in schema validation error
 1922 * Minor fix in role\_assignments api-ref
 1923 * Include mapped in the default auth methods
 1924 * Validate token issue input
 1925 * Removes unused exceptions
 1926 * Removes unused method from assignment core
 1927 * Removes unused default\_assignment\_driver method
 1928 * Removed unused EXTENSION\_TO\_ADD test declarations
 1929 * Use sha512.hash() instead of .encrypt()
 1930 * Don't invalidate all user tokens of roleless group
 1931 * Upload service provider metadata to testshib
 1932 * Updated from global requirements
 1933 * SAML federation docs refer to old WSGIScriptAlias
 1934 * cache\_on\_issue default to true
 1935 * Make try/except work for passlib 1.6 and 1.7
 1936 * Document token header in federation auth response
 1937 * Refactor Keystone admin-tokens and admin-users v2
 1938 * ignore deprecation warning for .encrypt()
 1939 * Send the identity.deleted.role\_assignment after the deletion
 1940 * Allow fetching an expired token
 1941 * Show team and repo badges on README
 1942 * Remove eventlet-related call to sleep
 1943 * Add a comment about not using assertTrue
 1944 * clean up developer docs
 1945 * Improvements in error messages
 1946 * Remove trailing "d" from -days param of OpenSSL command
 1947 * Swap the notification formats in the docs
 1948 * Normalizes use of ForbiddenAction in trusts
 1949 * Enable CADF notification format by default
 1950 * Remove unused statements in matches
 1951 * Fix doc example
 1952 * Remove extension and auth\_token middleware docs
 1953 * Move docs from key\_terms to architecture
 1954 * move content from configuringservices to configuration
 1955 * Update configuration.rst documentation
 1956 * Verbose 401/403 debug responses
 1957 * Fix the misspelling in \`keystone/tests/unit/test\_cli.py\`
 1958 * refactor notification test to work with either format
 1959 * Clarify the v2.0 validation path
 1960 * Remove metadata from token provider
 1961 * Lockout ignore user list
 1962 * Add developer docs for keystone-manage doctor
 1963 * [api] add changelog from 3.0 -> 3.7
 1964 * Devstack plugin to federate with testshib.org
 1965 * Remove entry\_points to non-existent drivers
 1966 * Fix typo in doc
 1967 
 1968 11.0.0.0b1
 1969 ----------
 1970 
 1971 * remove release note about LDAP write removal
 1972 * Change "Change User Password" request example
 1973 * Fixes remaining nits in endpoint\_policy tests
 1974 * Remove reference to future removal of saml
 1975 * Limits config fixture usage to where it's needed
 1976 * Updated from global requirements
 1977 * Remove format\_token method
 1978 * Remove issue\_v3\_token in favor of issue\_token
 1979 * Remove issue\_v2\_token
 1980 * refactor the token controller
 1981 * Use issue\_v3\_token instead of issue\_v2\_token
 1982 * Updates to the architecture doc
 1983 * Support nested groups in Active Directory
 1984 * Add healthcheck middleware to pipelines
 1985 * Request cache should not update context
 1986 * Change cfg.set\_defaults into cors.set\_defaults
 1987 * Updated from global requirements
 1988 * Updated from global requirements
 1989 * Doc warning for keystone db migration
 1990 * Wording error in upgrading documentation
 1991 * Updated from global requirements
 1992 * fix credentials backend tests
 1993 * Allow running expand & migrate at the same time
 1994 * Add test cases for passing "None" as a hint
 1995 * Fix test\_revoke to run all tests after pki removal
 1996 * Updated from global requirements
 1997 * Switch fernet to be the default token provider
 1998 * Remove support for PKI and PKIz tokens
 1999 * Doc the difference between memcache and cache
 2000 * Doctor ldap check fix for config files
 2001 * Additional logging when authenticating
 2002 * Document OS-SIMPLE-CERT Routes
 2003 * Document v2 Revoked Token Route
 2004 * Add api-ref /auth/tokens/OS-PKI/revoked (v3)
 2005 * Fix broken links in the docs
 2006 * Add structure for Devstack plugin
 2007 * Add bindep environment to tox
 2008 * Pass a request to controllers instead of a context
 2009 * Create default role as a part of bootstrap
 2010 * Updated from global requirements
 2011 * Don't deprecate the LDAP property which is still needed
 2012 * Clarifying on the remove of \`build\_auth\_context\` middleware
 2013 * log.error use \_ of i18n
 2014 * Doctor check for LDAP domain specific configs
 2015 * Updated from global requirements
 2016 * Updated from global requirements
 2017 * Validate mapping exists when creating/updating a protocol
 2018 * Remove new\_id() in test\_revoke
 2019 * Adds warning when no domain configs were uploaded
 2020 * Add release note for fernet tokens
 2021 * Tweak api-ref doc for v3 roles
 2022 * Tweak api-ref doc for v3 roles status codes
 2023 * Reorder APIs in api-ref for v3 groups
 2024 * [api-ref] Remove the duplicated sample
 2025 * Follow-on of memcache token persistence removal
 2026 * changed domain id to name in JSON request
 2027 * More configuration doc edits
 2028 * Remove backend dependencies from token provider
 2029 * Updated from global requirements
 2030 * [api-ref] Fix couple of issues on OS-INHERIT API
 2031 * Code cleanup
 2032 * Replace tenant with project for keystone catalog
 2033 * Imported Translations from Zanata
 2034 * Update, correct, and enhance federation docs
 2035 * Invalidate trust when the related project is deleted
 2036 * Remove unused arg(project and initiator)
 2037 * Drop MANIFEST.in - it's not needed by pbr
 2038 * Ignore unknown arguments to fetch\_token
 2039 * Return password\_expires\_at during auth
 2040 * Move the token abstract base class out of core
 2041 * Add is\_admin\_project to policy dict
 2042 * Fix a typo in token\_formatters.py
 2043 * Improve check\_token validation performance
 2044 * Add revocation event indexes
 2045 * Add docs for PCI-DSS
 2046 * Invalidate trust when the trustor or trustee is deleted
 2047 * Updated from global requirements
 2048 * [api] add a note about project name restrictions
 2049 * One validate method to rule them all..
 2050 * Simplify the KeystoneToken model
 2051 * Remove validate\_v2\_token() method
 2052 * [api] remove \`user\_id\` and \`project\_id\` from policy
 2053 * Remove the decorator where it's not applied
 2054 * Optimize remove unused variable
 2055 * Remove those redundant variable declaration
 2056 * [doc] Correct mapping JSON example
 2057 * Remove no use variable (domain\_id)
 2058 * Remove redundant variable declaration
 2059 * Deprecate \`endpoint\_filter.sql\` backend
 2060 * remove deprecated \`[endpoint\_policy] enable\` option
 2061 * Pass initiator to Manager as a kwarg
 2062 * create release notes for removed functionality
 2063 * Remove driver version specifiers from tests
 2064 * Enable release notes translation
 2065 * Remove driver version from identity backend test names
 2066 * Remove driver version from docs
 2067 * Updated from global requirements
 2068 * Default the assignment backend to SQL
 2069 * remove legacy driver tox target
 2070 * Use validate\_v3\_token instead of validate\_token
 2071 * Ensure all v2.0 tokens are validated the same way
 2072 * Make sure all v3 tokens are validated the same way
 2073 * re-add valid comment about None domain ID
 2074 * Default the resource backend to SQL
 2075 * Make returning is\_domain conditional
 2076 * Move audit initiator creation to request
 2077 * Don't validate token expiry in the persistence backend
 2078 * Add tests for validating expired tokens
 2079 * Fix a typo in \_init\_.py
 2080 * Remove password history validation from admin password resets
 2081 * Updating the document regarding LDAP options
 2082 * Updated from global requirements
 2083 * Remove the unused sdx doc files
 2084 * Updated from global requirements
 2085 * Remove the no use arg (auth=None)
 2086 * Fix typo in docstring
 2087 * Tweak api-ref for v3 groups status codes
 2088 * Updated from global requirements
 2089 * Add Apache 2.0 license to source file
 2090 * Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml
 2091 * Validate password history for self-service password changes
 2092 * Make test\_v3\_auth exercise the whole API
 2093 * Remove stable driver interfaces
 2094 * Updated from global requirements
 2095 * Remove the check for admin token in build\_auth\_context middleware
 2096 * Reorder APIs in api-ref doc for v3 users
 2097 * Fix a docstring typo in test\_v3\_resource.py
 2098 * Using assertIsNone(...) instead of assertIs(None, ...)
 2099 * Updated from global requirements
 2100 * remove deprecated items from contrib
 2101 * Update man page for Ocata release version and date
 2102 * Using assertIsNone() instead of assertIs(None)
 2103 * Remove default=None when set value in config
 2104 * Undeprecate options used for signing
 2105 * Remove unused path in the v2 token controller
 2106 * Fix the belongsTo query parameter
 2107 * Fix 'API Specification for Endpoint Filtering' broken link
 2108 * Add domain check in domain-specific role implication
 2109 * Override credential key repository for null key tests
 2110 * Remove useless method override
 2111 * remove memcache token persistence backends
 2112 * remove keystone/service.py
 2113 * remove saml2 auth plugin
 2114 * remove httpd/keystone.py
 2115 * remove cache backends
 2116 * Revert "Allow compatibility with keystonemiddleware 4.0.0"
 2117 * Consolidate the common code into one method
 2118 * Handle the exception from creating request token properly
 2119 * Fix formatting strings in LOG.debug
 2120 * Fix formatting strings in LOG.warning
 2121 * Handle the exception from creating access token properly
 2122 * Updated from global requirements
 2123 * Tweak status code in api-ref doc for v3 users
 2124 * Fix prameters names in Keystone API v2-ext
 2125 * Refactor Keystone admin-tenant API v2
 2126 * Refactor Keystone admin-endpoint API
 2127 * Fix for unindent warning in doc build
 2128 * add placeholder migrations for newton
 2129 * Remove  default=None for config options
 2130 * Ensure the sqla-migrate scripts cache is cleared
 2131 * Move test\_sql\_upgrade.MigrationRepository into keystone.common
 2132 * Rename sql.migration\_helpers to sql.upgrades
 2133 * Give domain admin rights to domain specific implied roles
 2134 * Update reno for stable/newton
 2135 * Refactor find\_migrate\_repo(): require caller to specify repo
 2136 * Fixes password created\_at errors due to the server\_default
 2137 * Move the responsibility for stdout to the CLI module
 2138 * Use a read-only DB session to retrieve schema version
 2139 * Move rolling upgrade repo names into constants
 2140 
 2141 10.0.0.0rc1
 2142 -----------
 2143 
 2144 * Removal of imports within functions
 2145 * Trivial fixes in the ldap common functions
 2146 * Test that rolling upgrade repos are in lockstep
 2147 * Add unit tests for isotime()
 2148 * Remove unused \_convert\_to\_integers() method
 2149 * Adds tests for verify\_length\_and\_trunc\_password()
 2150 * Remove unused read\_cached\_file method from utils
 2151 * Allow compatibility with keystonemiddleware 4.0.0
 2152 * Fix links on configure\_federation documentation
 2153 * Add edge case tests for disabling a trustee
 2154 * Fix prameters name and response codes in Keystone API v2
 2155 * Tweak api-ref doc for services/endpoints
 2156 * Use issued\_at in fernet token provider
 2157 * Remove unused method from keystone.common.utils
 2158 * Use ConfigParser instead of SafeConfigParser
 2159 * Consistently round down timestamps
 2160 * Remove the APIs from doc that is not supported yet
 2161 * TrivialFix: Merge imports in code
 2162 * Fix the nit on how to deploy keystone with \`mod\_proxy\_uwsgi\`
 2163 * Tweak api-ref doc for projects
 2164 * Remove the dead link in schema migration doc
 2165 * Updated from global requirements
 2166 * Fix order of arguments in assertIs
 2167 * New notes on advanced upgrade/fallback for cluster
 2168 * standardize release note page ordering
 2169 * [api-ref] Correct response code status
 2170 * Replace six iteration methods with standard ones
 2171 * Fixes a nit in a comment
 2172 * Updates configuration doc with latest changes
 2173 * Use freezegun for change password tests
 2174 * Update sample keystone.conf for Newton
 2175 * Project domain must match role domain for assignment
 2176 * Add docs for the null key
 2177 * Log warning if null key is used for encryption
 2178 * Introduce null key for credential encryption
 2179 * More nit doc fixes
 2180 * Keep the order of passwords in tests
 2181 * EndpointPolicy driver doesn't inherit interface
 2182 * [api-ref] Stop supporting os-api-ref 1.0.0
 2183 * Fix up some doc nits
 2184 * Only cache callables in the base manager
 2185 * [api-ref] Correcting parameter's type
 2186 * Correct link type
 2187 * Fix problems in service api doc
 2188 * Raise NotImplementedError instead of NotImplemented
 2189 * Add the deprecated\_since to deprecated options
 2190 * Add doctor checks for credential fernet keys
 2191 * Few new commands missing from docs
 2192 * Emit log message for fernet tokens only
 2193 * Implement encryption of credentials at rest
 2194 * Typo: key\_manger\_factory to key\_mangler\_factory
 2195 
 2196 10.0.0.0b3
 2197 ----------
 2198 
 2199 * Fixes spelling mistakes
 2200 * Fixes migration where password created\_at is nullable
 2201 * Block global roles implying domain specific roles
 2202 * Correct typo in mapping\_populate command's help
 2203 * Relax the requirement for mappings to result in group memberships
 2204 * Document credential encryption
 2205 * Update sample uwsgi config for lazy-apps
 2206 * Add documentation on how to set a user's tenant
 2207 * Pre-cache new tokens
 2208 * Config logABug feature for Keystone api-ref
 2209 * Fix nits in db migration dev docs
 2210 * Disallow new migrations in the legacy migration repository
 2211 * Updated from global requirements
 2212 * Update developer docs for new rolling upgrade repos
 2213 * Add man page info for credential setup command
 2214 * Remove unnecessary try/except from token provider
 2215 * Fixes small grammar mistake in docstring
 2216 * Add a feature support matrix for identity sources
 2217 * Fix wrong response codes in 'groups' APIs
 2218 * Make token\_id a required parameter in v3\_to\_v2\_token
 2219 * Distributed cache namespace to invalidate regions
 2220 * Fix formatting strings when using multiple variables
 2221 * Add credential setup command
 2222 * Add Response Example for 'Create credential' API
 2223 * Add Response Example for 'Passwd auth with unscoped authorization'
 2224 * Remove mapping schema from the doc
 2225 * Impose a min and a max on time values in CONF.token
 2226 * Repair link in Keystone documentation
 2227 * Faster id mapping lookup
 2228 * Fix some typos in comments
 2229 * Cleaning imports in code
 2230 * Updated from global requirements
 2231 * TrivialFix: Remove logging import unused
 2232 * Removes old, unused code
 2233 * Reduce log level of Fernet key count message
 2234 * Updated from global requirements
 2235 * Adds password regular expression checks to doctor
 2236 * Let upgrade tests control all 4 repositories at once
 2237 * Adds check that minimum password age is less than password expires days
 2238 * Remove unused global variable from unit tests
 2239 * Modify sql banned operations for each of the new repos
 2240 * Use egg form of osprofiler in paste pipeline
 2241 * api-ref: Splitting status lines in API v3-ext
 2242 * api-ref: Splitting status lines in API v3
 2243 * Remove mox from test-requirements
 2244 * TrivialFix: Remove logging import unused
 2245 * [api-ref]: Outdated link reference
 2246 * Remove unnecessary \_\_init\_\_
 2247 * Add mapping\_populate command
 2248 * Doc fix: license rendered in published doc
 2249 * Doc fix: "keystone-manage upgrade" is not a thing
 2250 * Fix credential update to ec2 type
 2251 * Add key repository uniqueness check to doctor
 2252 * Update \`href\` for keystone extensions
 2253 * Updated from global requirements
 2254 * Fix the wrong URI for the OAuth1 extension in api-ref
 2255 * Shadowing a nonlocal\_user incorrectly creates a local\_user
 2256 * Add entrypoint for mapped auth method
 2257 * Get ready for os-api-ref sphinx theme change
 2258 * Add rolling upgrade documentation
 2259 * Add create and update methods to credential Manager
 2260 * Create a fernet credential provider
 2261 * Make KeyRepository shareable
 2262 * Add conf to support credential encryption
 2263 * Password expires ignore user list
 2264 * Add expand, data migration and contract logic to keystone-manage
 2265 * [api] add relationship links to v3-ext
 2266 * Removes use of freezegun in test\_auth tests
 2267 * Removes a redundant test from FernetAuthWithTrust
 2268 * api-ref: Fix parameters attributes
 2269 * Set default value for [saml]/idp\_contact\_surname
 2270 * Tidy up for late-breaking review comments on keystone-manage
 2271 * PCI-DSS Minimum password age requirements
 2272 * api-ref: Document domain specific roles
 2273 * Revert "Add debug logging to revocation event checking"
 2274 * Replace the content type with correct one
 2275 * Add credential encryption exception
 2276 * Pass key\_repository and max\_active\_keys to FernetUtils
 2277 * Make a FernetUtils class
 2278 * Move fernet utils into keystone/common/
 2279 * Add support for rolling upgrades to keystone-manage
 2280 * api-ref: Document implied roles API
 2281 * Support new osprofiler API
 2282 * api-ref: Correcting V3 OS-INHERIT APIs
 2283 * Fix typo in the file
 2284 * Add debug logging to revocation event checking
 2285 * Detail Federation Service Provider APIs in api-ref
 2286 * Detail Fed Projects and Domains APIs in api-ref
 2287 * add a header for the federation APIs
 2288 * Detail Federation Mapping APIs in api-ref docs
 2289 * Detail Federation Auth APIs in api-ref docs
 2290 * Detail Federation Assertion APIs in api-ref docs
 2291 * Move other-requirements.txt to bindep.txt
 2292 * Detail IdP APIs in api-ref docs
 2293 * api-ref: Add default domain config documentation
 2294 * Constraints are ready to be used for tox.ini
 2295 * Updated from global requirements
 2296 * [api] add relationship links to v3
 2297 * Refactor revoke matcher
 2298 * Document get auth/catalog,projects,domains
 2299 * api-ref: Renaming parameters of V3-ext APIs
 2300 * api-ref: Correcting V3 Credentials APIs
 2301 * api-ref: Correcting V3 Policies APIs
 2302 * api-ref: Correcting V3 Authentication APIs
 2303 * api-ref: Correcting V3 Domain config APIs
 2304 * Use international logging message
 2305 * Updates Development Environment Docs
 2306 * Create unit tests for endpoint policy drivers
 2307 * api-ref: Add query options to GET /projects API documentation
 2308 * Updated from global requirements
 2309 * api-ref: Add missing parameter tables to tenant
 2310 * Create unit tests for the policy drivers
 2311 * api-ref: Correcting V3 Endpoints APIs
 2312 * api-ref: Correcting V3 Services APIs
 2313 * api-ref: Add "nocatalog" option to GET /v3/auth/tokens
 2314 * Fix warning when running tox -e api-ref
 2315 * Add basic upgrade documentation
 2316 * Document query option (is\_domain) for projects
 2317 * remove test utilities related to adding extensions
 2318 * Update etc/keystone.conf.sample
 2319 * Make hash\_algorithms order deterministic
 2320 * PCI-DSS Password expires validation
 2321 * Report v2.0 as deprecated in version discovery
 2322 * Update the api-ref to mark the v2 API as deprecated
 2323 * Add schema validation to create user v2
 2324 * Fix the spelling of a test name
 2325 * Remove mention of db\_sync per backend
 2326 * Trust controller refactoring
 2327 * Use more specific asserts in tests
 2328 * Updated from global requirements
 2329 * Add debug logging for RevokeEvent deserialize problem
 2330 * Make all token provider behave the same with trusts
 2331 * Use URIOpt for endpoint URL options
 2332 * Clean up the introductory text in the docs
 2333 * Retry revocation on MySQL deadlock
 2334 * Add schema validation to update user v2
 2335 * PCI-DSS Lockout requirements
 2336 * Improve domain configuration API docs
 2337 * Skip middleware request processing for admin token
 2338 * Move Assertion API to its own file
 2339 * Bump API version number and date
 2340 * Move Federation Auth API to its own file
 2341 * Move List Projects and Domains API to its own file
 2342 * Move Service Provider API to its own file
 2343 * Move Mapping API to its own file
 2344 * Use %()d for integer substitution
 2345 * Don't include openstack/common in flake8 exclude list
 2346 * Added postgresql libs to developer docs
 2347 * Add schema validation to create service in v2
 2348 * Remove the redundant verification in OAuth1 authorization
 2349 * Add schema validation to v2 update tenant
 2350 * refactor idp to its own file
 2351 * Updated from global requirements
 2352 * PCI-DSS Password history requirements
 2353 * Move Identity Provider API to its own file
 2354 * Add dummy domain\_id column to cached role
 2355 * Allow attributes other than \`enabled\` in schema
 2356 * Remove the extensions repos
 2357 * Document the domain config API as stable
 2358 * Remove configuration references to eventlet
 2359 * Adds a custom deepcopy handler
 2360 * Add token feature support matrix to documentation
 2361 * Test number of queries on list\_users
 2362 * No need the redundant validation in manager level
 2363 * Add the missing testcases for \`name\` and \`enabled\`
 2364 * Adds test for SecurityError's translation behavior
 2365 * TOTP auth not functional in python3
 2366 * Invalid tls\_req\_cert constant as default
 2367 * Add schema validation to v2 create tenant
 2368 * Use quotes consistently in token controller
 2369 * Add performance tuning documentation
 2370 * Allow V2TestCase to be tested against fernet and uuid
 2371 * Make AuthWithTrust testable against uuid and fernet
 2372 * Improve os-federation docs
 2373 * Fix v2-ext API enabled documentation
 2374 * PCI-DSS Adds password\_expires\_at to API docs
 2375 * Make it so federated tokens are validated on v2.0
 2376 * Use freezegun in AssignmentInheritanceTestCase
 2377 * Only run KvsTokenCacheInvalidation against uuid
 2378 * Use freezegun in OSRevokeTests
 2379 * refactor: make TestFetchRevocationList test uuid
 2380 * refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz
 2381 * refactor: make TestAuthKerberos test pki/pkiz/uuid
 2382 * Add schema validation to create role
 2383 * Replace OpenStack LLC with OpenStack Foundation
 2384 * refactor: inherit AuthWithRemoteUser for other providers
 2385 * Run AuthWithToken against all token providers
 2386 * Don't run TokenCacheInvalidation with Fernet
 2387 * Refactor TestAuthExternalDomain to not inherit tests
 2388 * Use freezegun to increment clock in test\_v3\_assignment
 2389 * Add schema for enabling a user
 2390 * Fix up the api-ref request/response parameters for projects
 2391 * \`password\` is not required for updating a user
 2392 * Clarify V2 API for enabling or disabling user
 2393 * Removed duplicate parameter in v2-admin api-ref
 2394 * Fix the errors in params in api-ref for V3 region
 2395 * Fix the errors in params in api-ref for V3 user
 2396 * Added cache for id mapping manager
 2397 * Updated from global requirements
 2398 * Add Python 3.5 classifier
 2399 * Handle Py35 fix of ast.node.col\_offset bug
 2400 * deprecate a few more LDAP config options
 2401 * Clean up api-ref for domains
 2402 * keystone-manage doctor
 2403 * v2 api: add APIs for setting a user's password
 2404 * Update os-inherit API reference
 2405 * Updated from global requirements
 2406 * Run AuthTokenTests against fernet and uuid
 2407 * Use freezegun to increment the clock in test\_v3\_filters
 2408 * Prevent error when duplicate mapping is created
 2409 * Fix the wrong check condition
 2410 * Clean up the api-ref for groups
 2411 * Updated from global requirements
 2412 * Improve introdcution to api-ref projects
 2413 * Migrate OS-FEDERATION from specs repo
 2414 * v2 api: remove APIs for global roles
 2415 * v2 api: group and order the v2-ext APIs
 2416 * v2 api: remove duplicated delete user API
 2417 * v2 api: add missing /roles in role CRUD APIs
 2418 * v2 api: list user roles is defined twice
 2419 * v2 api: add OS-KSADM to service API routes
 2420 * v2 api: add tenant APIs
 2421 * v2 api: delete user is defined twice
 2422 * v2 api: change update user
 2423 * v2 api: correct user list
 2424 * Update Identity endpoint in v2 samples
 2425 * Fix up numerous errors in params in api-ref for roles
 2426 * Fix up the api-ref for role query paramaters
 2427 * Fix the username value in federated tokens
 2428 * Improve readability of the api-ref roles section
 2429 * Use constraints for coverage job
 2430 * clean up OAUTH API
 2431 * Add relationship links to OAUTH APIs
 2432 * Remove \`name\` property from \`endpoint\` create/update API
 2433 * Add v2.0 /endpoints/ api-ref
 2434 * Update identity endpoint in v3 and v3-ext samples
 2435 * Pass request to v2 token authenticate
 2436 * Remove unused context from AuthInfo
 2437 * Correct normal response codes for v2.0 extensions
 2438 * Improve user experience involving token flush
 2439 * Add "v2 overview" docs to APIs
 2440 * add OS-OAUTH1/authorize/{request\_token\_id} API
 2441 * Move OS-INHERIT api-ref from extensions to core
 2442 * re-order the oauth APIs
 2443 * Copy the preamble / summary of OAuth1 from the specs repo
 2444 * Correct normal response codes in trust documentation
 2445 * Add OS-EP-FILTER to api-ref
 2446 
 2447 10.0.0.0b2
 2448 ----------
 2449 
 2450 * PCI-DSS Password strength requirements
 2451 * Variables in URL path should be required
 2452 * Remove get\_trust\_id\_for\_request function
 2453 * Pass request to normalize\_domain\_id
 2454 * Remove a validate\_token\_bind call
 2455 * Remove get\_user\_id in trust controller
 2456 * Cleanup trusts controller
 2457 * Trivial spacing and comma corrections
 2458 * Add OS-KSCRUD api-ref
 2459 * Disable warnerrors in setup.cfg temporarily
 2460 * Add is\_domain to project example responses
 2461 * Add is\_domain to scope token response examples
 2462 * Improve keystone.conf [security\_compliance] documentation
 2463 * Improve keystone.conf [signing] documentation
 2464 * Correct normal response codes in OS-INHERIT docs
 2465 * Fix python{3,}-all-dev depends in deb based
 2466 * Correct normal status codes for v2.0 admin docs
 2467 * Improve keystone.conf [shadow\_users] documentation
 2468 * Correct normal response codes for region docs
 2469 * Correct normal response codes for auth docs
 2470 * Correct normal response codes for credential docs
 2471 * Correct normal response codes for project docs
 2472 * Correct normal response codes for policy docs
 2473 * Correct normal response codes for v2.0 versions doc
 2474 * Correct normal response codes in v2.0 versions doc
 2475 * Correct normal response codes in v2.0 tenant docs
 2476 * Use URIOpt instead of StrOpt for SAML config
 2477 * Correct normal response codes for role docs
 2478 * Correct normal response codes in v2.0 token docs
 2479 * Correct normal response codes in service catalog doc
 2480 * Correct normal response codes in oauth docs
 2481 * Correct normal response codes in v2.0 admin user docs
 2482 * Improve keystone.conf [token] documentation
 2483 * Correct normal response codes in endpoint policy docs
 2484 * Validate SAML keyfile & certfile options
 2485 * Improve keystone.conf [tokenless\_auth] documentation
 2486 * Complete OS-TRUST API documentation
 2487 * Fixes response codes in endpoint policy api-ref
 2488 * List 20X status codes as Normal in domain docs
 2489 * Improve the API documentation for groups
 2490 * Create APIs for OS-REVOKE
 2491 * Clean up token binding validation code
 2492 * Reorder request params in endpoint policy api-ref
 2493 * Adds missing parameter to endpoint policy api-ref
 2494 * Adds missing docs to endpoint policy api-ref
 2495 * Reorders API calls to match precedence rules
 2496 * Improve keystone.conf [saml] documentation
 2497 * Handle more auth information via context
 2498 * Require auth\_context middleware in the pipeline
 2499 * Updated from global requirements
 2500 * Improve keystone.conf [trust] documentation
 2501 * Improve keystone.conf [role] documentation
 2502 * Improve keystone.conf [ldap] documentation
 2503 * Improve keystone.conf [os\_inherit] documentation
 2504 * Improve keystone.conf [revoke] documentation
 2505 * Improve keystone.conf [resource] documentation
 2506 * Move logic for catalog driver differences to manager
 2507 * Minor docstring cleanup for domain\_id mapping
 2508 * Remove unnecessary stable attribute value for status
 2509 * Updated from global requirements
 2510 * Mark the domain config via API as stable
 2511 * Remove validated decorator
 2512 * Move request validation inline
 2513 * Invalidate token cache on domain disablement
 2514 * Isolate token caching into its own region
 2515 * Doc update on enabled external auth and federation
 2516 * keystone recommend deprecated memcache backend
 2517 * Use request object in policy enforcement
 2518 * Use the context's is\_admin property
 2519 * Add the oslo\_context to the environment and request
 2520 * Use http\_client constants instead of hardcoding
 2521 * Increase test coverage for token APIs
 2522 * Ensure status code is always passed as int
 2523 * Fix fernet token validate for disabled domains/trusts
 2524 * Doc update for moving abstract base classes out of core
 2525 * Fix \_populate\_token\_dates method signature
 2526 * Move the trust abstract base class out of core
 2527 * Move the credential abstract base class out of core
 2528 * Move the auth plugins abstract base class out of core
 2529 * Expose bug with Fernet tokens and trusts
 2530 * Remove last parts of query\_string from context
 2531 * Remove get\_auth\_context
 2532 * Correct reraising of exception
 2533 * Pass request to build\_driver\_hints
 2534 * Remove headers from context
 2535 * Use request.environ through auth and federation
 2536 * Remove accept\_header from context
 2537 * Fixed a Typo
 2538 * Docs: Fix the query params in role\_assignments example
 2539 * [doc/api]Remove space within word
 2540 * Remove unused LOG
 2541 * Make assert\_admin work with a request
 2542 * Add missing preamble for v3 and v3-ext
 2543 * move OAUTH1 API to extensions
 2544 * generate separate index files for each api-ref
 2545 * Migrate identity /v2-admin docs from api-ref repo
 2546 * Use request instead of context in v2 auth
 2547 * Handle catalog backends that don't support all functions
 2548 * Refactoring: remove the duplicate method
 2549 * Return \`revoked\_at\` for list revoke events
 2550 * Use skip\_test\_overrides everywhere we feature skip
 2551 * Improve keystone.conf [fernet\_tokens] documentation
 2552 * Improve keystone.conf [catalog] documentation
 2553 * Refactor: [ldap] suffix should not be an instance attribute
 2554 * Grammar fix: will -> can
 2555 * Fixes hacking's handling of log hints
 2556 * Improve keystone.conf [paste\_deploy] documentation
 2557 * Improve keystone.conf [kvs] documentation
 2558 * Improve keystone.conf [identity] documentation
 2559 * Improve keystone.conf [endpoint\_filter] documentation
 2560 * Improve keystone.conf [oauth1] documentation
 2561 * Verify domain\_id when get\_domain is being called
 2562 * Updated from global requirements
 2563 * Include doc directory in pep8 checks
 2564 * Do not register options on import
 2565 * Improve keystone.conf [policy] documentation
 2566 * Improve keystone.conf [memcache] documentation
 2567 * Use min to avoid checking < 1 max fernet keys
 2568 * Improve keystone.conf [identity\_mapping] documentation
 2569 * Improve keystone.conf [federation] documentation
 2570 * Updated tests that claimed to be blocked by bugs
 2571 * Use skip\_test\_overrides in test\_backend\_ldap
 2572 * Adds a skip method to identify useless skips
 2573 * Update the nosetests test regex for legacy tests
 2574 * update a config option deprecation message
 2575 * Improve keystone.conf [eventlet\_server] documentation
 2576 * Improve keystone.conf [endpoint\_policy] documentation
 2577 * Improve keystone.conf [credential] documentation
 2578 * Improve keystone.conf [domain\_config] documentation
 2579 * Rename [DEFAULT] keystone.conf module to keystone.conf.default
 2580 * Improve keystone.conf [DEFAULT] documentation
 2581 * Remove test\_backend\_ldap skips for missing tests
 2582 * Removes duplicate ldap test setup
 2583 * Extracted common ldap setup and use in the filter tests
 2584 * Reduce domain specific config setup duplication
 2585 * API Change Tutorial doc code modify
 2586 * Update other-requirements for Xenial
 2587 * Concrete role assignments for federated users
 2588 * PCI-DSS Disable inactive users requirements
 2589 * Migrate identity /v3-ext docs from api-ref repo
 2590 * Migrate identity /v2-ext docs from api-ref repo
 2591 * Migrate identity /v2 docs from api-ref repo
 2592 * Use request.params instead of context['query\_string']
 2593 * Config: no need to set default=None
 2594 * Do not spam the log with uncritical stacktraces
 2595 * Improve keystone.conf [auth] documentation
 2596 * Improve keystone.conf [assignment] documentation
 2597 * Group test\_backend\_ldap skips for readability
 2598 * Adds a backend test fixture
 2599 * Remove unused test code
 2600 * Moves auth plugin test setup closer to its use
 2601 * Add security\_compliance group back to config
 2602 * Fix nits related to the new keystone.conf package
 2603 * Fixes failure when password is null
 2604 * Allow auth plugins to be setup more than once
 2605 * Removes outdate comment from a test
 2606 * Replace keystone.common.config with keystone.conf package
 2607 * Updated from global requirements
 2608 * Fix a few spelling mistakes
 2609 * Allow user to get themself and their domain
 2610 * PCI-DSS Password SQL model changes
 2611 * Fix argument order for assertEqual to (expected, observed)
 2612 * Use the ldap fixture to simplify tests
 2613 * Change the remaining conf setup to use the fixture
 2614 * Reduce setup overhead in auth\_plugin tests
 2615 * /services?name=<name> API fails when using list\_limit
 2616 * Updated from global requirements
 2617 * Make sure to use InnoDB as the DB engine
 2618 * Remove TestAuth
 2619 * Move last few TestAuth tests to TokenAPITests
 2620 * Move external auth and bind test to TokenAPITests
 2621 * Refactor test\_validate\_v2\_scoped\_token\_with\_v3\_api
 2622 * Remove test\_validate\_v2\_unscoped\_token\_with\_v3\_api
 2623 * Move more project scoped token behavior to TokenAPITests
 2624 * Validate impersonation in trust redelegation
 2625 * Correct domain\_id and name constraint dropping
 2626 * Integration tests cleanup
 2627 * Use http\_proxy\_to\_wsgi from oslo.middleware
 2628 * Use request object in auth plugins
 2629 * Move cross domain/group/project auth tests
 2630 * Move negative token tests to TokenAPITests
 2631 * Move unscoped token test to TokenAPITests
 2632 * Move negative domain scope test to TokenAPITests
 2633 * Consolidate domain token tests into TokenAPITests
 2634 * Move more project scoped behavior tests to TokenAPITests
 2635 * Move project scoped catalog tests to TokenAPITests
 2636 * Update driver versioning documentation
 2637 * Move project scoped tests to TokenAPITests
 2638 * Move TestAuth unscoped token tests to TokenAPITests
 2639 * Add cache invalidation for service providers
 2640 * Updated from global requirements
 2641 * Add 'links' to implied roles response
 2642 * Updated from global requirements
 2643 * fix ldap delete\_user group member cleanup
 2644 * exception sensitive cache/audit changes
 2645 * Fix TOTP transient test failure
 2646 * Change LocalUser sql model to eager loading
 2647 * Shadow LDAP and custom driver users
 2648 * Refactor shadow users
 2649 * Fix ValidationError exception name in docstring
 2650 * Add docstring to delete\_project
 2651 * Updated from global requirements
 2652 * Revert to caching fernet tokens the same way we do UUID
 2653 * Honor ldap\_filter on filtered group list
 2654 * Pass a request to controllers instead of a context
 2655 * Update the keystone-manage man page options
 2656 * clean up test\_resource\_uuid
 2657 * Return 404 instead of 401 for tokens w/o roles
 2658 * Updating sample configuration file
 2659 * Revert "Install necessary files in etc/"
 2660 * Keystone uwsgi performance tuning
 2661 * Add caching config for federation
 2662 * Updated from global requirements
 2663 * Updating sample configuration file
 2664 * Updating sample configuration file
 2665 * Bootstrap: enable and reset password for existing users
 2666 * PEP257: Ignore D203 because it was deprecated
 2667 * Cache service providers on token validation
 2668 * Refactor revoke\_model to remove circular dependency
 2669 * Update man page for Newton release
 2670 * Move stray notification options into config module
 2671 * Adding role assignment lists unit tests
 2672 * Add protocols integration tests
 2673 * Add mapping rules integration tests
 2674 * Add service providers integration tests
 2675 * Imported Translations from Zanata
 2676 * Updated from global requirements
 2677 
 2678 10.0.0.0b1
 2679 ----------
 2680 
 2681 * Simplify & fix configuration file copy in setup.cfg
 2682 * Config settings to support PCI-DSS
 2683 * Fix credentials\_factory method call
 2684 * Allow domain admins to list users in groups with v3 policy
 2685 * Updating sample configuration file
 2686 * Updated from global requirements
 2687 * Honor ldap\_filter on filtered user list
 2688 * Install necessary files in etc/
 2689 * Replace revoke tree with linear search
 2690 * Migrate identity /v3 docs from api-ref repo
 2691 * Updated from global requirements
 2692 * Add new functionality to @wip
 2693 * remove deprecated revoke\_by\_expiration function
 2694 * Isolate common ldap code to the identity backend
 2695 * Updated from global requirements
 2696 * Remove helper script for py34
 2697 * Include project\_id in the validation error on default project is domain
 2698 * Add python 3 release note
 2699 * Add comment to test case helper function
 2700 * Add Python 3 classification
 2701 * Py3 oauth tests
 2702 * Enable py3 tests for test\_v3\_auth
 2703 * make sure default\_project\_id is not domain on user creation and update
 2704 * Let setup.py compile\_catalog process all language files
 2705 * Fix broken link of federation docs
 2706 * Add new line in keystone/common/request.py
 2707 * Move identity.backends.sql model code to sql\_model.py
 2708 * Add .mo files to MANIFEST.in
 2709 * Replace context building with a request object
 2710 * Enable py3 testing for Fernet token provider
 2711 * Enable py3 for credential tests
 2712 * reorganize mitaka release notes
 2713 * enable ldap tests for py3
 2714 * Updated from global requirements
 2715 * Add the validation rules when create token
 2716 * Use PyLDAP instead of python-ldap
 2717 * Fix config path for running wsgi in developer mode
 2718 * Move the revoke abstract base class out of core
 2719 * Updated from global requirements
 2720 * Port test\_v2 unit test to Python 3
 2721 * Move the oauth1 abstract base class out of core
 2722 * Drop the (unused) domain table
 2723 * Don't set None for ldap.OPT\_X\_TLS\_CACERTFILE
 2724 * Add API Change Tutorial
 2725 * Deprecate keystone.common.kvs
 2726 * Updating sample configuration file
 2727 * Add is\_domain in token response
 2728 * Switch to use \`new\_domain\_ref\` for testcases
 2729 * Move the assignment abstract base class out of core
 2730 * Add identity providers integration tests
 2731 * Update documentation to remove keystone-all
 2732 * Updating sample configuration file
 2733 * Updated from global requirements
 2734 * replace logging with oslo.log
 2735 * Move the federation abstract base class out of core
 2736 * Separate protocol schema
 2737 * Updated from global requirements
 2738 * Move the catalog abstract base class and common code out of core
 2739 * Enhance federation group mapping validation
 2740 * Add mapping validation tests
 2741 * Fixes example in the mapping combinations docs
 2742 * do not search file on real environment
 2743 * Allow 'domain' property for local.group
 2744 * Add conflict validation for idp update
 2745 * Always add is\_admin\_project if admin project defined
 2746 * Make keystone exit when fernet keys don't exist
 2747 * Fix fernet audit ids for v2.0
 2748 * Revert "Revert "Unit test for checking cross-version migrations compatibility""
 2749 * Make all fixture project\_ids into uuids
 2750 * Fixing D105, D203, and D205 PEP257
 2751 * Remove test\_invalid\_policy\_raises\_error
 2752 * switch to tempest instead of deprecated tempest-lib
 2753 * Move the resource abstract base class out of core
 2754 * Correct RST syntax for a code block
 2755 * Restructure policy abstract driver
 2756 * Updated from global requirements
 2757 * Add test for authentication when project and domain name clash
 2758 * Fix doc build if git is absent
 2759 * Restructure endpoint policy abstract driver
 2760 * Clean up test\_receive\_identityId
 2761 * Fix typos
 2762 * Fixes incorrect deprecation warning for IdentityDriverV8
 2763 * Add other-requirements.txt
 2764 * Fix D400 PEP257
 2765 * Imported Translations from Zanata
 2766 * Updating sample configuration file
 2767 * Customize config file location when run as wsgi app
 2768 * Updated from global requirements
 2769 * Updating sample configuration file
 2770 * Updated from global requirements
 2771 * Bump the required tox version to 2.3.1
 2772 * Add set\_config\_defaults() call to tests
 2773 * update deprecation warning for falling back to default domain
 2774 * Tests clean up global ldap settings
 2775 * Define identity interface - easy cases
 2776 * add missing deprecation reason for eventlet option
 2777 * Remove comments mentioning eventlet
 2778 * Remove support for generating ssl certs
 2779 * Updating sample configuration file
 2780 * Remove eventlet support
 2781 * Default caching to on for request-local caching
 2782 * Typo in sysctl command example Edit
 2783 * Typo fix in tests
 2784 * Add logging to cli if keystone.conf is not found
 2785 * Fix post jobs
 2786 * Refactor domain config upload
 2787 * Keystone jobs should honor upper-constraints.txt
 2788 * Fix confusing naming in ldap EnableEmuMixin
 2789 * Updating sample configuration file
 2790 * Deprecation reason for domain\_id\_immutable
 2791 * Test list project hierarchy is correct for a large tree
 2792 * Fix D401 PEP8 violation
 2793 * OSprofiler release notes
 2794 * Updating sample configuration file
 2795 * Updated from global requirements
 2796 * Add keystone service ID to observer audit
 2797 * group federated identity docs together
 2798 * Change Role/Region to role/region in keystone-manage bootstrap
 2799 * Use mockpatch fixtures from fixtures
 2800 * Set the values for the request\_local\_cache
 2801 * Add missing backslash to keystone-manage bootstrap command in documentation
 2802 * fix typo
 2803 * Fix KeyError when rename to a name is already in use
 2804 * Improve project name conflict message
 2805 * Imported Translations from Zanata
 2806 * Updating sample configuration file
 2807 * Dev doc update for moving abstract base classes out of core
 2808 * Simplify chained comparison
 2809 * Update the description of the role driver option
 2810 * Integrate OSprofiler in Keystone
 2811 * Update the Administrator guide link
 2812 * Clean up test case for shadow users
 2813 * Fixes bug where the updated federated display\_name is not returned
 2814 * Make AuthContext depend on auth\_token middleware
 2815 * Fix totp test fails randomly
 2816 
 2817 9.0.0
 2818 -----
 2819 
 2820 * Update federated user display name with shadow\_users\_api
 2821 * Update federated user display name with shadow\_users\_api
 2822 * Remove comment from D202 rule
 2823 * Remove backend interface and common code out of identity.core
 2824 * Use messaging notifications transport instead of default
 2825 * Run federation tests under Python 3
 2826 * Bandit test results
 2827 * create a new \`advanced topics\` section in the docs
 2828 
 2829 9.0.0.0rc2
 2830 ----------
 2831 
 2832 * Correct \`role\_name\` constraint dropping
 2833 * Correct \`role\_name\` constraint dropping
 2834 * Base for keystone tempest plugin
 2835 * Random project should return positive numbers
 2836 * Imported Translations from Zanata
 2837 * Improve error message for schema validation
 2838 * Imported Translations from Zanata
 2839 * The name can be just white character except project and user
 2840 * Fix typos in Keystone files
 2841 * Add \`patch\_cover\` to keystone
 2842 * Fix keystone-manage config file path
 2843 * Cleanup LDAP models
 2844 * Correct test to support changing N release name
 2845 * Correct \_populate\_default\_domain in tests
 2846 * Imported Translations from Zanata
 2847 * Removing redundant words
 2848 * Imported Translations from Zanata
 2849 * Correct test to support changing N release name
 2850 * Fix keystone-manage config file path
 2851 * Opportunistic testing with different DBs
 2852 * Correct test\_implied\_roles\_fk\_on\_delete\_cascade
 2853 * Fix table row counting SQL for MySQL and Postgresql
 2854 * Switch migration tests to oslo.db DbTestCase
 2855 * Correct test\_migrate\_data\_to\_local\_user\_and\_password\_tables
 2856 * Fix test\_add\_int\_pkey\_to\_revocation\_event\_table for MySQL
 2857 * Imported Translations from Zanata
 2858 * Implement HEAD method for all v3 GET actions
 2859 * Avoid name repetition in equality comparisons
 2860 * Simplify repetitive unequal checks
 2861 * Imported Translations from Zanata
 2862 * Add test for domains list filtering and limiting
 2863 * Imported Translations from Zanata
 2864 * remove endpoint\_policy from contrib
 2865 * Moved name formatting (clean) out of the driver
 2866 * Add py3 debugging
 2867 * Add release note for list\_limit support
 2868 * Add release note for list\_limit support
 2869 * Cleanup migration tests
 2870 * Imported Translations from Zanata
 2871 * Imported Translations from Zanata
 2872 * Update dev docs and sample script for v3/bootstrap
 2873 * add placeholder migrations for mitaka
 2874 * Enables the notification tests in py3
 2875 * Update reno for stable/mitaka
 2876 * Update .gitreview for stable/mitaka
 2877 
 2878 9.0.0.0rc1
 2879 ----------
 2880 
 2881 * Support \`id\` and \`enabled\` attributes when listing service providers
 2882 * Check for already present user without inserting in Bootstrap
 2883 * Mapping which yield no identities should result in ValidationError
 2884 * Make backend filter testing more comprehensive
 2885 * Move region configuration to a critical section
 2886 * Change xrange to range for python3 compatibility
 2887 * Remove reference to keystoneclient CLI
 2888 * Document running in uwsgi proxied by apache
 2889 * Updating sample configuration file
 2890 * Imported Translations from Zanata
 2891 * Correct Hints class filter documentation
 2892 * Release note cleanup
 2893 * Update reported version for Mitaka
 2894 * Add docs for additional bootstrap endpoint parameters
 2895 * Remove unused notification method and class
 2896 * Consolidate @notifications.internal into Audit
 2897 * Imported Translations from Zanata
 2898 * Remove some translations
 2899 * Imported Translations from Zanata
 2900 * Fixed user in group participance
 2901 * register the config generator default hook with the right name
 2902 * Imported Translations from Zanata
 2903 * Rename v2 token schema used for validation
 2904 * Migrate\_repo init version helper
 2905 * Remove TestFernetTokenProvider
 2906 * Refactor TestFernetTokenProvider trust-scoped tests
 2907 * Refactor TestFernetTokenProvider project-scoped tests
 2908 * Refactor TestFernetTokenProvider domain-scoped tests
 2909 * Refactor TestFernetTokenProvider unscoped token tests
 2910 * Fixing mapping schema to allow local user
 2911 * Fix keystone-manage example command path
 2912 * Make modifications to domain config atomic
 2913 * Add auto-increment int primary key to revoke.backends.sql
 2914 * Add PKIZ coverage to trust tests
 2915 * Consolidate TestTrustRedelegation and TestTrustAuth tests
 2916 * Expose not clearing of user default project on project delete
 2917 * Split out domain config driver and manager tests
 2918 * Add notifications to user/group membership
 2919 * Add ability to send notifications for actors
 2920 * Updated from global requirements
 2921 * Remove foreign assignments when deleting a domain
 2922 * Correct create\_project driver versioning
 2923 * Explicitly exclude tests from bandit scan
 2924 * Move role backend tests
 2925 * v2 tokens validated on the v3 API are missing timezones
 2926 * Move domain config backend tests
 2927 * Validate v2 fernet token returns extra attributes
 2928 * Clarify virtualenv setup in developer docs
 2929 * Fixes a few LDAP tests to actually run
 2930 * Imported Translations from Zanata
 2931 * Un-wrap function
 2932 * Fix warning when running tox
 2933 * Race condition in keystone domain config
 2934 * Adding 'domain\_id' filter to list\_user\_projects()
 2935 * Add identity endpoint creation to bootstrap
 2936 * Updated from global requirements
 2937 * Remove \_disable\_domain from the resource API
 2938 * Remove \_disable\_project from the resource API
 2939 * Remove the notification.disabled decorator
 2940 * Remove unused notification decorators
 2941 * Cleanup from from split of token backend tests
 2942 * Split identity backend tests
 2943 * Split policy backend tests
 2944 * Split catalog backend tests
 2945 * Split trust backend tests
 2946 * Split token backend tests
 2947 * Split resource backend tests
 2948 * Split assignment backend tests
 2949 * Updated from global requirements
 2950 * Consolidate configuration default overrides
 2951 * Updating sample configuration file
 2952 * IPV6 test unblacklist
 2953 * Fix trust chain tests
 2954 
 2955 9.0.0.0b3
 2956 ---------
 2957 
 2958 * Minor edits to the developing doc
 2959 * Add release notes for projects acting as domains
 2960 * Fix keystone.common.wsgi to explicitly use bytes
 2961 * fix sample config link that 404s
 2962 * add hints to list\_services for templated backend
 2963 * Fixes hacking for Py3 tests
 2964 * Fixes to get cert tests running in Py3
 2965 * Fixes the templated backend tests for Python3
 2966 * remove pyc files before running tests
 2967 * Stop using oslotest.BaseTestCase
 2968 * Return 404 instead of 401 for tokens w/o roles
 2969 * Remove unused domain driver method in legacy wrapper
 2970 * Deprecate domain driver interface methods
 2971 * Fix the migration issue for the user doesn't have a password
 2972 * Add driver details in architecture doc
 2973 * Shadow users - Shadow federated users
 2974 * Projects acting as domains
 2975 * Update developer docs for ubuntu 15.10
 2976 * Moved CORS middleware configuration into oslo-config-generator
 2977 * V2 operations create default domain on demand
 2978 * Make keystone tests work on leap years
 2979 * Updating sample configuration file
 2980 * Fix doc build warnings
 2981 * Enable LDAP connection pooling by default
 2982 * Delay using threading.local() to fix check job failure
 2983 * Minor edits to the installation doc
 2984 * Minor edits to the configuration doc
 2985 * Minor community doc edits
 2986 * Updated from global requirements
 2987 * Followup for LDAP removal
 2988 * Remove get\_session and get\_engine
 2989 * No more legacy engine facade in tests
 2990 * Use requst local in-process cache per request
 2991 * Move admin\_token\_auth before build\_auth\_context in sample paste.ini
 2992 * Update default domain's description
 2993 * Reference config values at runtime
 2994 * Use the new enginefacade from oslo.db
 2995 * Updated from global requirements
 2996 * Fix incorrect assumption when deleting assignments
 2997 * Remove migration\_helpers.get\_default\_domain
 2998 * db\_sync doesn't create default domain
 2999 * Implied roles index with cascading delete
 3000 * Fix project-related forbidden response messages
 3001 * Fixes a bug when setting a user's password to null
 3002 * Renamed TOTP passcode generation function
 3003 * Updates TOTP release note
 3004 * Simplify use of secure\_proxy\_ssl\_header
 3005 * Shadow users - Separate user identities
 3006 * Switch to configless bandit
 3007 * Parameter to return audit ids only in revocation list
 3008 * Add tests for fetching the revocation list
 3009 * Updating sample configuration file
 3010 * Deprecate logger.WritableLogger
 3011 * Removing H405 violations from keystone
 3012 * Updated from global requirements
 3013 * Updated from global requirements
 3014 * Updating sample configuration file
 3015 * Remove useless {} from \_\_table\_args\_\_
 3016 * Time-based One-time Password
 3017 * Fix inconsistencies between Oauth1DriverV8 interface and driver
 3018 * Oauth1 manager sets consumer secret
 3019 * Remove setting class variable
 3020 * Allow user list without specifying domain
 3021 * Adds user\_description\_attribute mapping support to the LDAP backend
 3022 * encode user id for notifications
 3023 * Add back a bandit tox job
 3024 * Enable support for posixGroups in LDAP
 3025 * Add is\_domain filter to v3 list\_projects
 3026 * Add tests in preparation of projects acting as a domain
 3027 * Avoid using \`len(x)\` to check if x is empty
 3028 * Use the driver to get limits
 3029 * Fallback to list\_limit from default config
 3030 * Add list\_limit to the white list for configs in db
 3031 * Updating sample configuration file
 3032 * handle unicode names for federated users
 3033 * Verify project unique constraints for projects acting as domains
 3034 * wsgi: fix base\_url finding
 3035 * Disable Admin tokens set to None
 3036 * Modify rules for domain specific role assignments
 3037 * Modify implied roles to honor domain specific roles
 3038 * Modify rules in the v3 policy sample for domain specifc roles
 3039 * Re-enable and undeprecate admin\_token\_auth
 3040 * Don't describe trusts as an extension in configuration doc
 3041 * Tidy up configuration documentation for inherited assignments
 3042 * Clean up configuration documentataion on v2 user CRUD
 3043 * Allow project domain\_id to be nullable at the manager level
 3044 * Trivial: Cleanup unused conf variables
 3045 * Updating sample configuration file
 3046 * Updating sample configuration file
 3047 * Fixes parameter in duplicate project name creation
 3048 * Fix terms from patch 275706
 3049 * sensible default for secure\_proxy\_ssl\_header
 3050 * Restricting domain\_id update
 3051 * Allow project\_id in catalog substitutions
 3052 * Avoid \`None\` as a redundant argument to dict.get()
 3053 * Avoid "non-Pythonic" method names
 3054 * Manager support for project cascade update
 3055 * Updating sample configuration file
 3056 * Expand implied roles in trust tokens
 3057 * add a test that uses trusts and implies roles
 3058 * Updating sample configuration file
 3059 * Convert assignment.root\_role config option to list of strings
 3060 * Avoid wrong deletion of domain assignments
 3061 * Manager support for project cascade delete
 3062 * AuthContextMiddleware admin token handling
 3063 * Deprecate admin\_token\_auth
 3064 * Adds better logging to the domain config finder
 3065 * Extracts logic for finding domain configs
 3066 * Fix nits from domain specific roles CRUD support
 3067 * Change get\_project permission
 3068 * Updated from global requirements
 3069 * Enables token\_data\_helper tests for Python3
 3070 * Stop using nose as a Python3 test runner
 3071 * Fix release note of removal of v2.0 trusts support
 3072 * Remove PostParams middleware
 3073 * Updated from global requirements
 3074 * Moves policy setup into a fixture
 3075 * Make pep8 \*the\* linting interface
 3076 * Added tokenless auth headers to CORS middleware
 3077 * Add backend support for deleting a projects list
 3078 * Make fernet work with oauth1 authentication
 3079 * Consolidate the fernet provider validate\_v2\_token()
 3080 * Remove support for trusts in v2.0
 3081 * Add CRUD support for domain specific roles
 3082 * Added CORS support to Keystone
 3083 * Deprecate Saml2 auth plugin
 3084 * Uses open context manager for templated catalogs
 3085 * Disable the ipv6 tests in py34
 3086 * Missing 'region' in service and 'name' in endpoint for EndpointFilterCatalog
 3087 * Small typos on the ldap.url config option help
 3088 * Replace exit() with sys.exit()
 3089 * include sample config file in docs
 3090 * Fixes a language issue in a release note
 3091 * Imported Translations from Zanata
 3092 * Updated from global requirements
 3093 * Support multiple URLs for LDAP server
 3094 * Set deprecated\_reason on deprecated config options
 3095 * Move user and admin crud to core
 3096 * squash migrations - kilo
 3097 * Adds validation negative unit tests
 3098 * Use oslo.log specified method to set log levels
 3099 * Add RENO update for simple\_cert\_extension deprecation
 3100 * Opt-out certain Keystone Notifications
 3101 * Update the home page
 3102 * Release notes for implied roles
 3103 * deprecate pki\_setup from keystone-manage
 3104 * test\_credential.py work with python34
 3105 * Consolidate \`test\_contrib\_ec2.py\` into \`test\_credential.py\`
 3106 * Reinitialize the policy engine where it is needed
 3107 * Provide an error message if downgrading schema
 3108 * Updated from global requirements
 3109 * Consolidate the fernet provider issue\_v2\_token()
 3110 * Consolidate the fernet provider validate\_v3\_token()
 3111 * Add tests for role management with v3policy file
 3112 * Fix some word spellings
 3113 * Make WebSSO trusted\_dashboard hostname case-insensitive
 3114 * Deprecate simple\_cert extension
 3115 * Do not assign admin to service users
 3116 * Add in TRACE logging for the manager
 3117 * Add schema for OAuth1 consumer API
 3118 * Correct docstrings
 3119 * Remove un-used test code
 3120 * Raise more precise exception on keyword mapping errors
 3121 * Allow '\_' character in mapping\_id value
 3122 * Implied Roles API
 3123 * Revert "Unit test for checking cross-version migrations compatibility"
 3124 * replace tenant with project in cli.py
 3125 * Fix schema validation to use JSONSchema for empty entity
 3126 * Replace tenant for project in resource files
 3127 * Reuse project scoped token check for trusts
 3128 * Add checks for project scoped data creep to tests
 3129 * Add checks for domain scoped data creep
 3130 * Use the oslo.utils.reflection to extract the class name
 3131 * Test hyphens instead of underscores in request attributes
 3132 * Simplify admin\_required policy
 3133 * Add caching to role assignments
 3134 * Enable bandit tests
 3135 * Update bandit.yaml
 3136 * Enhance manager list\_role\_assignments to support group listing
 3137 * remove KVS backend for keystone.contrib.revoke
 3138 * Fix trust redelegation and associated test
 3139 * use self.skipTest instead of self.skip
 3140 * Removed deprecated revoke KVS backend
 3141 * Revert "skip test\_get\_token\_id\_error\_handling to get gate passing"
 3142 * Updated from global requirements
 3143 * Updated from global requirements
 3144 * skip test\_get\_token\_id\_error\_handling to get gate passing
 3145 * Ensure pycadf initiator IDs are UUID
 3146 * Check for circular references when expanding implied roles
 3147 * Improves domain name case sensitivity tests
 3148 * Fixes style issues in a v2 controller tests
 3149 * Prevents creating is\_domain=True projects in v2
 3150 * Refactors validation tests to better see the cases
 3151 * Remove keystone/common/cache/\_memcache\_pool.py
 3152 * Update mod\_wsgi + cache config docs
 3153 * Address comments from Implied Role manager patch
 3154 * Fix nits in include names patch
 3155 * Unit test for checking cross-version migrations compatibility
 3156 * Online schema migration documentation
 3157 * Updated from global requirements
 3158 * Remove additional references to ldap role attribs
 3159 * Remove duplicate LDAP test class
 3160 * Remove more ldap project references
 3161 
 3162 9.0.0.0b2
 3163 ---------
 3164 
 3165 * Add testcases to check cache invalidation
 3166 * Fix typo abstact in comments
 3167 * deprecate write support for identity LDAP
 3168 * Deprecate \`hash\_algorithm\` config option
 3169 * Mark memcache and memcache\_pool token deprecated
 3170 * List assignments with names
 3171 * Remove LDAP Role Backend
 3172 * Remove LDAP Resource and LDAP Assignment backends
 3173 * Removes KVS catalog backend
 3174 * Fix docstring
 3175 * Strengthen Mapping Validation in Federation Mappings
 3176 * Add checks for token data creep using jsonschema
 3177 * Deprecating API v2.0
 3178 * Implied roles driver and manager
 3179 * Add support for strict url safe option on new projects and domains
 3180 * Remove bandit tox environment
 3181 * Add linters environment, keep pep8 as alias
 3182 * Make sure the assignment creation use the right arguments
 3183 * Fix indentation for oauth context
 3184 * Imported Translations from Zanata
 3185 * document the bootstrapping process
 3186 * Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10
 3187 * Updated from global requirements
 3188 * Enable \`id\`, \`enabled\` attributes filtering for list IdP API
 3189 * Improve Conflict error message in IdP creation
 3190 * Fedora link is too old and so updated with newer version
 3191 * Support the reading of default values of domain configuration options
 3192 * Correct docstrings for federation driver interface
 3193 * Update v3policysample tests to use admin\_project not special domain\_id
 3194 * Enable limiting in ldap for groups
 3195 * Enable limiting in ldap for users
 3196 * Doc FIX
 3197 * Store config in drivers and use it to get list\_limit
 3198 * Add asserts for service providers
 3199 * Fix incorrect signature in federation legacy V8 wrapper
 3200 * Tidy up release notes for V9 drivers
 3201 * Adds an explicit utils import in test\_v3\_protection.py
 3202 * Refactor test auth\_plugin config into fixture
 3203 * Create V9 version of resource driver interface
 3204 * Updated from global requirements
 3205 * Separate trust crud tests from trust auth tests
 3206 * Delete checks for default domain delete
 3207 * correct help text for bootstrap command
 3208 * Replace unicode with six.text\_type
 3209 * Escape DN in enabled query
 3210 * Test enabled emulation with special user\_tree\_dn
 3211 * SQL migrations for implied roles
 3212 * Revert "Validate domain ownership for v2 tokens"
 3213 * Use assertIn to check if collection contains value
 3214 * Updated from global requirements
 3215 * Perform middleware tests with webtest
 3216 * De-duplicate fernet payload tests
 3217 * Reference driver methods through the Manager
 3218 * Fix users in group and groups for user exact filters
 3219 * Expose defect in users\_in\_group, groups\_for\_user exact filters
 3220 * Replace deprecated library function os.popen() with subprocess
 3221 * OAuth1 driver doesnt inherit its interface
 3222 * Update man pages with Mitaka version and dates
 3223 * Fixes hacking logger test cases to use same base
 3224 * Adds a hacking check looking for Logger.warn usage
 3225 * Change LOG.warn to LOG.warning
 3226 * Remove redundant check after enforcing schema validation
 3227 * Updating sample configuration file
 3228 * Create V9 version of federation driver interface
 3229 * Do not use \_\_builtin\_\_ in python3
 3230 * Define paste entrypoints
 3231 * Add schema for federation protocol
 3232 * Expose method list inconsistency in federation api
 3233 * remove irrelevant parenthesis
 3234 * Add return value
 3235 * Test: make enforce\_type=True in CONF.set\_override
 3236 * Updated from global requirements
 3237 * Add schema for identity provider
 3238 * Updating sample configuration file
 3239 * Use six.moves.reload\_module instead of builtin reload
 3240 * Fix the incompatible issue in response header
 3241 * Wrong usage of "an"
 3242 * Correct fernet provider reference
 3243 * Correct DN/encoding in test
 3244 * Support url safe restriction on new projects and domains
 3245 * Correct the class name of the V9 LDAP role driver
 3246 * Wrong usage of "a/an"
 3247 * Trival: Remove unused logging import
 3248 * Updating sample configuration file
 3249 * Fix pep8 job
 3250 * Fix some inconsistency in docstrings
 3251 * Fix 500 error when no fernet token is passed
 3252 * Cleanup tox.ini py34 test list
 3253 * Fixes kvs cache key mangling issue for Py3
 3254 * Some small improvements on fernet uuid handling
 3255 * Updated from global requirements
 3256 * Updating sample configuration file
 3257 * Fix key\_repository\_signature method for python3
 3258 * Add audit IDs to revocation events
 3259 * Enable os\_inherit of Keystone v3 API
 3260 * Use pip (and DevStack) instead of setuptools in docs
 3261 * Correct developer documentation on venv creation
 3262 * Updating sample configuration file
 3263 * Updated from global requirements
 3264 * Validate domain for DB-based domain config. CRUD
 3265 * fix up release notes, file deprecations under right title
 3266 * Updated Cloudsample
 3267 * Update \`developing.rst\` to remove extensions stuff
 3268 * Verify that user is trustee only on issuing token
 3269 * Adds a base class for functional tests
 3270 * Make \`bootstrap\` idempotent
 3271 * Add \`keystone-manage bootstrap\` command
 3272 * Changed the key repo validation to allow read only
 3273 * Deprecated tox -downloadcache option removed
 3274 * Fix defect in list\_user\_ids that only lists direct user assignments
 3275 * Show defect in list\_user\_ids that only lists direct user assignments
 3276 * Add API route for list role assignments for tree
 3277 * Use list\_role\_assignments to get projects/domains for user
 3278 * Add \`type' filter for list\_credentials\_for\_user
 3279 * Clean up new\_credential\_ref usage and surrounding code
 3280 * Create neutron service in sample\_data.sh
 3281 * Updating sample configuration file
 3282 * Updated from global requirements
 3283 * Limiting for fake LDAP
 3284 * Make @truncated common for all backends
 3285 * Fix exposition of bug about limiting with ldap
 3286 * Use assertDictEqual instead of assertEqualPolicies
 3287 * refactor: Remove unused test method
 3288 * Remove unfixable FIXME
 3289 * Use new\_policy\_ref consistently
 3290 * fix reuse of variables
 3291 * Remove comments on enforcing endpoints for trust
 3292 * refactor: move the common code to manager layer
 3293 * Create V9 Role Driver
 3294 * Create new version of assignment driver interface
 3295 * Remove keystoneclient tests
 3296 * Verify that attribute \`enabled\` equals True
 3297 * Remove invalid comment about LDAP domain support
 3298 * Pass dict into update() rather than \*\*kwargs
 3299 * Refactor test use of new\_\*\_ref
 3300 * Cleans up code for \`is\_admin\` in tokens
 3301 * Deprecate ldap Role
 3302 * Update extensions links
 3303 * Improve comments in test\_catalog
 3304 * Fix for GET project by project admin
 3305 * Fix multiline strings with missing spaces
 3306 * Updating sample configuration file
 3307 * Remove invalid TODO in extensions
 3308 * Updated from global requirements
 3309 * Refactor: Remove use of self where not needed
 3310 * Refactor: Move uncommon entities from setUp
 3311 * Split resource tests from assignment tests
 3312 * Remove invalid TODO related to bug 1265071
 3313 * Fix test\_crud\_user\_project\_role\_grants
 3314 * Deprecate the pki and pkiz token providers
 3315 * Remove invalid FIXME note
 3316 * Refactor: Use Federation constants where possible
 3317 * Remove exposure of routers at package level
 3318 * Update API version info for Liberty
 3319 * remove version from setup.cfg
 3320 * Ensure endpoints returned is filtered correctly
 3321 * Put py34 first in the env order of tox
 3322 
 3323 9.0.0.0b1
 3324 ---------
 3325 
 3326 * Add release notes for mitaka-1
 3327 * set \`is\_admin\` on tokens for admin project
 3328 * Use unit.new\_project\_ref consistently
 3329 * Reference environment close to use
 3330 * refactor: move variable to where it's needed
 3331 * Needn't care about the sequence for cache validation
 3332 * Updated from global requirements
 3333 * Fix a typo in notifications function doc
 3334 * Remove RequestBodySizeLimiter from middleware
 3335 * Optimize "open" method with context manager
 3336 * eventlet: handle system that misses TCP\_KEEPIDLE
 3337 * force releasenotes warnings to be treated as errors
 3338 * Cleanup region refs
 3339 * Remove \`extras\` from token data
 3340 * Use subprocess.check\_output instead of Popen
 3341 * Remove deprecated notification event\_type
 3342 * Remove check\_role\_for\_trust
 3343 * Correct RoleNotFound usage
 3344 * Remove example extension
 3345 * Updating sample configuration file
 3346 * Correct docstring warnings
 3347 * Using the right format to render the docstring correctly
 3348 * Add release notes for mitaka thus far
 3349 * Accepts Group IDs from the IdP without domain
 3350 * Cleanup use of service refs
 3351 * Update docs for legacy keystone extensions
 3352 * Correct SecurityError with unicode args
 3353 * Updated from global requirements
 3354 * Use idp\_id and protocol\_id in jsonhome
 3355 * Use standard credential\_id parameter in jsonhome
 3356 * Remove core module from the legacy endpoint\_filter extension
 3357 * Minor cleanups for usage of group refs
 3358 * Reject user creation using admin token without domain
 3359 * Add Trusts unique constraint to remove duplicates
 3360 * deprecate \`enabled\` option for endpoint-policy extension
 3361 * remove useless config option in endpoint filter
 3362 * Use [] where a field is required
 3363 * Manager support for projects acting as domains
 3364 * Config option for insecure responses
 3365 * Add missing colon separators to inline comments
 3366 * Simplify LimitTests
 3367 * Rationalize list role assignment routing
 3368 * Enable listing of role assignments in a project hierarchy
 3369 * Capital letters
 3370 * remove use of magic numbers in sql migrate extension tests
 3371 * Use new\_trust\_ref consistently
 3372 * Updating sample configuration file
 3373 * Move endpoint\_filter migrations into keystone core
 3374 * Move endpoint filter into keystone core
 3375 * Move revoke sql migrations to common
 3376 * Move revoke extension into core
 3377 * Move oauth1 sql migrations to common
 3378 * Move oauth1 extension into core
 3379 * Move federation sql migrations to common
 3380 * Move federation extension into keystone core
 3381 * Fix string conversion in s3 handler for python 2
 3382 * Fix inaccurate debug mode response
 3383 * Use unit.new\_user\_ref consistently
 3384 * Imported Translations from Zanata
 3385 * Updated from global requirements
 3386 * Add testcases to check cache invalidation in endpoint filter extension
 3387 * Fix the wrong method name
 3388 * Updating sample configuration file
 3389 * change some punctuation marks
 3390 * Updated from global requirements
 3391 * Remove hardcoded LDAP group schema from emulated enabled mix-in
 3392 * Exclude old Shibboleth options from docs
 3393 * Updated from global requirements
 3394 * Use new\_domain\_ref instead of manually created ref
 3395 * Use new\_region\_ref instead of manually created dict
 3396 * Document release notes process
 3397 * Use new\_service\_ref instead of manually created dict
 3398 * Use unit.new\_group\_ref consistently
 3399 * Use unit.new\_role\_ref consistently
 3400 * Use unit.new\_domain\_ref consistently
 3401 * Use unit.new\_region\_ref() consistently
 3402 * Use unit.new\_service\_ref() consistently
 3403 * Move AuthContext middleware into its own file
 3404 * Use unit.new\_endpoint\_ref consistently
 3405 * Use list\_role\_assignments to get assignments by role\_id
 3406 * Pass kwargs when using revoke\_api.list\_events()
 3407 * Add reno for release notes management
 3408 * Make K2K Mapping Attribute Examples more visible
 3409 * Add S3 signature v4 checking
 3410 * Fix some nits inside validation/config.py
 3411 * Add Mapping Combinations for Keystone to Keystone Federation
 3412 * Remove manager-driver assignment metadata construct
 3413 * Correct description in Keystone key\_terms
 3414 * Imported Translations from Zanata
 3415 * Handle fernet payload timestamp differences
 3416 * Fix fernet padding for python 3
 3417 * More useful message when using direct driver import
 3418 * Get user role without project id is not implemented
 3419 * Update sample catalog templates
 3420 * update mailmap with gyee's new email
 3421 * Revert "Added CORS support to Keystone"
 3422 * Updated from global requirements
 3423 * test\_backend\_sql work with python34
 3424 * Use assertTrue/False instead of assertEqual(T/F)
 3425 * Fix the issues found with local conf
 3426 * Add test for security error with no message
 3427 * Add exception unit tests with different message types
 3428 * Cleanup message handling in test\_exception
 3429 * Normalize fernet payload disassembly
 3430 * Common arguments for fernet payloads assembly
 3431 * Capitalize a Few Words
 3432 * I18n safe exceptions
 3433 * Keystone Spelling Errors in docstrings and comments
 3434 * [rally] remove deprecated arg
 3435 * Move endpoint\_policy migrations into keystone core
 3436 * Promote an arbitrary string to be a docstring
 3437 * Fix D204: blank line required after class docstring (PEP257)
 3438 * Fix D202: No blank lines after function docstring (PEP257)
 3439 * Update Configuring Keystone doc for consistency
 3440 * Comment spelling error in assignment.core file
 3441 * Fix exceptions to use correct titles
 3442 * Fix UnexpectedError exceptions to use debug\_message\_format
 3443 * Fix punctuation in doc strings
 3444 * Fix docstring
 3445 * Updating sample configuration file
 3446 * Explain default domain in docs for other services
 3447 * Correct bashate issues in gen\_pki.sh
 3448 * Fix incorrect federated mapping example
 3449 * change stackforge url to openstack url
 3450 * Updated from global requirements
 3451 * Adds already passing tests to py34 run
 3452 * Wrong usage of "an"
 3453 * Allow the PBR\_VERSION env to pass through tox
 3454 * Fix D200: 1 line docstrings should fit with quotes (PEP257)
 3455 * Fix D210: No whitespaces allowed surrounding docstring text (PEP257)
 3456 * Fix D300: Use """triple double quotes""" (PEP257)
 3457 * Fix D402: First line should not be the function's "signature" (PEP257)
 3458 * Fix D208: Docstring over indented. (PEP257)
 3459 * Add docstring validation
 3460 * Add caching to get\_catalog
 3461 * Fix fernet key writing for python 3
 3462 * Update test modules passing on py34
 3463 * Updated from global requirements
 3464 * Forbid non-stripped endpoint urls
 3465 * fix deprecation warnings in cache backends
 3466 * Create tests for set\_default\_is\_domain in LDAP
 3467 * Enable try\_except\_pass Bandit test
 3468 * Enable subprocess\_without\_shell\_equals\_true Bandit test
 3469 * Correct typo in copyright
 3470 * Updated from global requirements
 3471 * switch to oslo.cache
 3472 * Updating sample configuration file
 3473 * Updated from global requirements
 3474 * keystone-paste.ini docs for deployers are out of date
 3475 * Correct the filename
 3476 * More info in RequestContext
 3477 * Fix some nits in \`configure\_federation.rst\`
 3478 * add placeholder migrations for liberty
 3479 * Remove bas64utils and tests
 3480 * Create a version package
 3481 * Remove oslo.policy implementation tests from keystone
 3482 * Refactor: Don't hard code 409 Conflict error codes
 3483 * Fix use of TokenNotFound
 3484 * Refactor: change 403 status codes in test names
 3485 * Refactor: change 410 status codes in test names
 3486 * Refactor: change 400 status codes in test names
 3487 * Refactor: change 404 status codes in test names
 3488 * Updated from global requirements
 3489 * Imported Translations from Zanata
 3490 * add initiator to v2 calls for additional auditing
 3491 * Fixed missed translatable string inside exception
 3492 * Handle 16-char non-uuid user IDs in payload
 3493 * Additional documentation for services
 3494 * Rename fernet methods to match expiration timestamp
 3495 * Updated from global requirements
 3496 * Enable password\_config\_option\_not\_marked\_secret Bandit test
 3497 * Enable hardcoded\_bind\_all\_interfaces Bandit test
 3498 * Documentation for other services
 3499 * Reclassify get\_project\_by\_name() controller method
 3500 * Trivial fix of some typos found
 3501 * Filters is\_domain=True in v2 get\_project\_by\_name
 3502 * Add test case passing is\_domain flag as False
 3503 
 3504 8.0.0
 3505 -----
 3506 
 3507 * Ensure token validation works irrespective of padding
 3508 * Ensure token validation works irrespective of padding
 3509 * Imported Translations from Zanata
 3510 * Rename RestfulTestCase.v3\_authenticate\_token() to v3\_create\_token()
 3511 * Improving domain\_id update tests
 3512 * Show v3 endpoints in v2 endpoint list
 3513 * Expose 1501698 bug
 3514 * Replace sqlalchemy-migrate occurences from code.google to github
 3515 * Fix unreachable code in test\_v3 module
 3516 * Imported Translations from Zanata
 3517 * Use deepcopy of mapping fixtures in tests
 3518 * Show v3 endpoints in v2 endpoint list
 3519 * Enable Bandit 0.13.2 tests
 3520 * Update bandit blacklist\_imports config
 3521 * Cleanup \_build\_federated\_info
 3522 * Add LimitRequestBody to sample httpd config
 3523 * Make \_\_all\_\_ immutable
 3524 * Skip rows with empty remote\_ids
 3525 * Includes server\_default option in is\_domain column
 3526 * Remove unused get\_user\_projects()
 3527 * Deprecate httpd/keystone.py
 3528 * Skip rows with empty remote\_ids
 3529 * Fix order of arguments in assertDictEqual
 3530 * Cleanup fernet validate\_v3\_token
 3531 * Update bandit blacklist\_calls config
 3532 * Add unit test for creating RequestContext
 3533 * Add user\_domain\_id, project\_domain\_id to auth context
 3534 * Add user domain info to federated fernet tokens
 3535 * Unit tests for fernet validate\_v3\_token
 3536 * Fix order of arguments in assertEqual
 3537 * Updating sample configuration file
 3538 * Cleanup of Translations
 3539 * Imported Translations from Zanata
 3540 * Uses constants for 5XX http status codes in tests
 3541 * Fixes v3\_authenticate\_token calls - no default
 3542 * Fixes the way v3\_admin is called to match its def
 3543 * Declares expected\_status in method signatures
 3544 * Refactor: Don't hard code the error code
 3545 * Correct docstrings
 3546 * Correct comment to not be driver-specific
 3547 * Move development environment setup instructions to standard location
 3548 * Fix typo in config help
 3549 * Use the correct import for range
 3550 * Adds interface tests for timeutils
 3551 * Add unit tests for token\_to\_auth\_context
 3552 * Updating sample configuration file
 3553 
 3554 8.0.0.0rc1
 3555 ----------
 3556 
 3557 * Open Mitaka development
 3558 * Bring bandit config up-to-date
 3559 * Update the examples used for the trusted\_dashboard option
 3560 * Log message when debug is enabled
 3561 * Clean up bandit profiles
 3562 * federation.idp use correct subprocess
 3563 * Change ignore-errors to ignore\_errors
 3564 * Imported Translations from Zanata
 3565 * Remove unused code in domain config checking
 3566 * Relax newly imposed sql driver restriction for domain config
 3567 * Add documentation for configuring IdP WebSSO
 3568 * Updated from global requirements
 3569 * check if tokenless auth is configured before validating
 3570 * Fix the referred [app:app\_v3] into [pipeline:api\_v3]
 3571 * Updated from global requirements
 3572 * Issue deprecation warning if domain\_id not specified in create call
 3573 * functional tests for keystone on subpaths
 3574 * Removed the extra http:// from JSON schema link
 3575 * Document httpd for accept on /identity, /identity\_admin
 3576 * Updated from global requirements
 3577 * Update federation router with missing call
 3578 * Reject rule if assertion type unset
 3579 * Update man pages with liberty version and dates
 3580 * Refactor: Don't hard code the error code
 3581 * Move TestClient to test\_versions
 3582 * Use oslo.log fixture
 3583 * Update apache-httpd.rst
 3584 * Updated from global requirements
 3585 * Remove padding from Fernet tokens
 3586 * Imported Translations from Transifex
 3587 * Updated from global requirements
 3588 * Fixed typos in 'developing\_drivers' doc
 3589 * Stop using deprecated keystoneclient function
 3590 * Change tests to use common name for keystone.tests.unit
 3591 * Removes py3 test import hacks
 3592 * Updating sample configuration file
 3593 * Fixes confusing deprecation message
 3594 
 3595 8.0.0.0b3
 3596 ---------
 3597 
 3598 * Add methods for checking scoped tokens
 3599 * Build oslo.context RequestContext
 3600 * Correct docstring for common.authorization
 3601 * Deprecate LDAP Resource Backend
 3602 * Added CORS support to Keystone
 3603 * List credentials by type
 3604 * Fixes a typo in a comment
 3605 * Tokenless authz with X.509 SSL client certificate
 3606 * Support project hierarchies in data driver tests
 3607 * Stable Keystone Driver Interfaces
 3608 * Initial support for versioned driver classes
 3609 * Add federated auth for idp specific websso
 3610 * Adds caching to paste deploy's egg lookup
 3611 * Fix grammar in doc string
 3612 * Test list\_role\_assignment in standard inheritance tests
 3613 * Broaden domain-group testing of list\_role\_assignments
 3614 * Add support for group membership to data driven assignment tests
 3615 * Add support for effective & inherited mode in data driven tests
 3616 * Add support for data-driven backend assignment testing
 3617 * Updated from global requirements
 3618 * Change JSON Home for OS-FEDERATION to use /auth/projects|domains
 3619 * Unit tests for is\_domain field in project's table
 3620 * Group tox optional dependencies
 3621 * Provide new\_xyz\_ref functions in tests.core
 3622 * Refactor mapping rule engine tests to not create servers
 3623 * Updating sample configuration file
 3624 * Correct docstrings in resource/core.py
 3625 * Validate Mapped User object
 3626 * Set max on max\_password\_length to passlib max
 3627 * Simplify federated\_domain\_name processing
 3628 * Get method's class name in a python3-compatible way
 3629 * Stop reading local config for domain-specific SQL config driver
 3630 * Enforce .config\_overrides is called exactly once
 3631 * Use /auth/projects in tests
 3632 * Remove keystone/openstack/\* from coveragerc
 3633 * Rationalize unfiltered list role assignment test
 3634 * Change mongodb extras to lowercase
 3635 * Refactor: Provider.\_rebuild\_federated\_info()
 3636 * Refactor: rename Fernet's unscoped federated payload
 3637 * Fernet payloads for federated scoped tokens
 3638 * No More .reload\_backends() or .reload\_backend()
 3639 * Ensure ephemeral user's user\_id is url-safe
 3640 * Use min and max on IntOpt option types
 3641 * Adds a notification testcase for unbound methods
 3642 * Do not revoke all of a user's tokens when a role assignment is deleted
 3643 * Handle tokens created and quickly revoked with insufficient timestamp precision
 3644 * Show that unscoped tokens are revoked when deleting role assignments
 3645 * Prevent exception due to missing id of LDAP entity
 3646 * Expose exception due to missing id of LDAP entity
 3647 * Add testcase to test invalid region id in request
 3648 * Add region\_id filter for List Endpoints API
 3649 * Remove references to keystone.openstack.common
 3650 * Remove all traces of oslo incubator
 3651 * Updating sample configuration file
 3652 * Test v2 tokens being deleted by v3
 3653 * Use entrypoints for paste middleware and apps
 3654 * update links in http-api to point to specs repo
 3655 * Add necessary executable permission
 3656 * Refactor: use fixtures.TempDir more
 3657 * Add is\_domain field in Project Table
 3658 * Prevent exception for invalidly encoded parameters
 3659 * Extras for bandit
 3660 * Use extras for memcache and MongoDB packages
 3661 * Use wsgi\_scripts to create admin and public httpd files
 3662 * Update Httpd configuration docs for sites-available/enabled
 3663 * Remove unnecessary check
 3664 * Update 'doc/source/setup.rst'
 3665 * Remove unnecessary load\_backends from TestKeystoneTokenModel
 3666 * Updated from global requirements
 3667 * Imported Translations from Transifex
 3668 * Updated from global requirements
 3669 * Show helpful message when request body is not provided
 3670 * Fix logging in federation/idp.py
 3671 * Enhance tests for saml2 signing exception logging
 3672 * Remove deprecated methods from assignment.Manager
 3673 * Stop using deprecated assignment manager methods
 3674 * EndpointFilter driver doesnt inherit its interface
 3675 * Hardens the validated decorator's implementation
 3676 * Updating sample configuration file
 3677 * Simplify rule in sample v3 policy file
 3678 * Improve a few random docstrings
 3679 * Maintain datatypes when loading configs from DB
 3680 * Remove "tenants" from user\_attribute\_ignore default
 3681 * Use oslo\_config PortOpt support
 3682 * Updated from global requirements
 3683 * Updated from global requirements
 3684 * Fix the misspelling
 3685 * When validating a V3 token as V2, use the v3\_to\_v2 conversion
 3686 * Do not require the token\_id for converting v3 to v2 tokens
 3687 * Maintain the expiry of v2 fernet tokens
 3688 * Fix typo in doc-string
 3689 * Validate domain ownership for v2 tokens
 3690 * Fix docstring in mapped plugin
 3691 * Updated from global requirements
 3692 * Minor grammar fixes to connection pooling section
 3693 * Creates a fixture representing as LDAP database
 3694 * Sample config help for supplied drivers
 3695 * Improve List Role Assignments Filters Performance
 3696 * Update docs for stevedore drivers
 3697 * Fixes an incorrect docstring in notifications
 3698 * Stop calling deprecated assignment manager methods
 3699 * Updated from global requirements
 3700 * Updating sample configuration file
 3701 * Adds backend check to setup of LDAP tests
 3702 * Improve a few random docstrings (H405)
 3703 * Remove excessive transformation to list
 3704 * Stop calling deprecated assignment manager methods
 3705 * Remove reference of old endpoint\_policy in paste file
 3706 * Fernet 'expires' value loses 'ms' after validation
 3707 * Correct enabled emulation query to request no attributes
 3708 * NotificationsTestCase running in isolation
 3709 * Adds/updates notifications test cases
 3710 * Fix duplicate-key pylint issue
 3711 * Fix explicit line joining with backslash
 3712 * Fixes an issue with data ordering in the tests
 3713 * Imported Translations from Transifex
 3714 * Allow Domain Admin to get domain details
 3715 * Assignment driver cleaning
 3716 * Cleanup tearDown in unit tests
 3717 * Fix unbound error in federation \_sign\_assertion
 3718 * Fix typos of RoleAssignmentV3.\_format\_entity doc
 3719 * Updating sample configuration file
 3720 * Updated from global requirements
 3721 * Remove unnecessary check from notifications.py
 3722 * Remove oslo import hacking check
 3723 * Use dict.items() rather than six.iteritems()
 3724 * Cleanup use of iteritems
 3725 * Imported Translations from Transifex
 3726 * Missing ADMIN\_USER in sample\_data.sh
 3727 * Update exported variables for openstack client
 3728 * Use extras for ldap dependencies
 3729 * Add better user feedback when bind is not implemented
 3730 * Test to ensure fernet key rotation results in new key sets
 3731 * Better error message when unable to map user
 3732 * Refactor \_populate\_roles\_for\_groups()
 3733 * Add groups in scoped federated tokens
 3734 * Adds missing list\_endpoints tests
 3735 * Reject create endpoint with invalid urls
 3736 * Explain the "or None" on eventlet's client\_socket\_timeout
 3737 * Reduce number of Fernet log messages
 3738 * Fix test\_admin to expect admin endpoint
 3739 * Fixes a docstring to reflect actual return values
 3740 * Give some message when an invalid token is in use
 3741 
 3742 8.0.0.0b2
 3743 ---------
 3744 
 3745 * Updated from global requirements
 3746 * Ensure database options registered for tests
 3747 * Document sample config updated automatically
 3748 * Test function call result, not function object
 3749 * Test admin app in test\_admin\_version\_v3
 3750 * Updating sample configuration file
 3751 * Handle non-numeric files in key\_repository
 3752 * Fix remaining mention of KLWT
 3753 * Updated from global requirements
 3754 * Replace 401 to 404 when token is invalid
 3755 * Assign different values to public and admin ports
 3756 * Fix four typos and Add one space on keystone document
 3757 * Reuse token\_ref fetched in AuthContextMiddleware
 3758 * Refactor: clean up TokenAPITests
 3759 * pemutils isn't used anymore
 3760 * Imported Translations from Transifex
 3761 * Fix test\_exception.py for py34
 3762 * Fix s3.core for py34
 3763 * Updating sample configuration file
 3764 * Fix test\_utils for py34
 3765 * test\_base64utils works with py34
 3766 * Minor fix in the \`configuration.rst\`
 3767 * Correct spacing in \`\`mapping\_combinations.rst\`\`
 3768 * add federation docs for mod\_auth\_mellon
 3769 * Avoid the hard coding of admin token
 3770 * Adding Documentation for Mapping Combinations
 3771 * Clean up docs before creating new ones
 3772 * Document policy target for operation
 3773 * Fix docs in federation.routers
 3774 * Fix docstrings in contrib
 3775 * Additional Fernet test coverage
 3776 * Refactor websso \`\`origin\`\` validation
 3777 * Docs link to ACTIONS
 3778 * Clean up code to use .items()
 3779 * Document default value for tree\_dn options
 3780 * Remove unnecessary ldap imports
 3781 * Move backends.py to keystone.server
 3782 * move clean.py into keystone/common
 3783 * Updated from global requirements
 3784 * Remove unnecessary executable permission
 3785 * Move cli.py into keystone.cmd
 3786 * Do not remove expired revocation events on "get"
 3787 * Clean up notifications type checking
 3788 * Federation API provides method to evaluate rules
 3789 * Move constants out of federation.core
 3790 * Implement backend filtering on membership queries
 3791 * Moves keystone.hacking into keystone.tests
 3792 * Add missing "raise" when throwing exception
 3793 * Log xmlsec1 output if it fails
 3794 * Fix test method examining scoped federation tokens
 3795 * Spelling correction
 3796 * Fixes grammar in setup.rst in doc source
 3797 * Updated from global requirements
 3798 * Deprecate LDAP assignment driver options
 3799 * Register fatal\_deprecations before use
 3800 * Use oslo.utils instead of home brewed tempfile
 3801 * Updating sample configuration file
 3802 * Add testcases for list\_role\_assignments of v3 domains
 3803 * Centralizing build\_role\_assignment\_\* functions
 3804 * Replace reference of ksc with osc
 3805 * Updated from global requirements
 3806 * Changing exception type to ValidationError instead of Forbidden
 3807 * Standardize documentation at Service Managers
 3808 * Fixes grammar in the httpd README
 3809 * Fix the incorrect format for docstring
 3810 * Imported Translations from Transifex
 3811 * Fixes docstring to make it more precise
 3812 * Removed optional dependency support
 3813 * Decouple notifications from DI
 3814 * Adds proper isolation to templated catalog tests
 3815 * Fix log message in one of the v3 create call methods
 3816 * Catch exception.Unauthorized when checking for admin
 3817 * Remove convert\_to\_sqlite.sh
 3818 * Fix for LDAP filter on group search by name
 3819 * Remove fileutils from oslo-incubator
 3820 * Remove comment for doc building bug 1260495
 3821 * Fix code-block in federation documentation
 3822 * Modified command used to run keystone-all
 3823 * Delete extra parentheses in assertEqual message
 3824 * Fix the invalid testcase
 3825 * Updating sample configuration file
 3826 * Add unit test for fernet provider
 3827 * Update federation docstring
 3828 * Do not specify 'objectClass' twice in LDAP filter string
 3829 * Fix tox -e py34
 3830 * Change mapping model so rules is dict
 3831 * Add test case for deleting endpoint with space in url
 3832 * Update requirements by hand
 3833 * Consolidate the fernet provider issue\_v3\_token()
 3834 * Group role revocation invalidates all user tokens
 3835 * OS-FEDERATION no longer extension in docs
 3836 * Switch from deprecated oslo\_utils.timeutils.strtime
 3837 * Remove unused setUp for RevokeTests
 3838 * Update MANIFEST.in
 3839 * Update sample config file
 3840 * Disable migration sanity check
 3841 * Updated from global requirements
 3842 * Use oslo.service ServiceBase when loading from eventlet
 3843 * Document use of wip up to developer
 3844 * Simplify fernet rotation code
 3845 * Tests for correct key removed
 3846 * Relax the formats of accepted mapping rules for keystone-manage
 3847 * Python 3: Use range instead of xrange for py3 compatibility
 3848 
 3849 8.0.0.0b1
 3850 ---------
 3851 
 3852 * Document entrypoint namespaces
 3853 * Short names for auth plugins
 3854 * Update sample configuration file
 3855 * Switch to oslo.service
 3856 * Update sample configuration file
 3857 * Remove redundant config
 3858 * Don't try to drop FK constraints for sqlite
 3859 * Remove unused requirements
 3860 * Add missing keystone-manage commands to doc
 3861 * Mask passwords in debug log on user password operations
 3862 * Add test showing password logged
 3863 * Adds some debugging statements
 3864 * Imported Translations from Transifex
 3865 * Use stevedore for auth drivers
 3866 * Refactor extract function load\_auth\_method
 3867 * Add unit test to exercise key rotation
 3868 * Fix Fernet key rotation
 3869 * Update version for Liberty
 3870 
 3871 8.0.0a0
 3872 -------
 3873 
 3874 * Refactor: move PKI-specific tests into the appropriate class
 3875 * Needn't load fernet keys twice
 3876 * Pass environment variables of proxy to tox
 3877 * Fix tests failing on slower system
 3878 * Mapping Engine CLI
 3879 * Imported Translations from Transifex
 3880 * Fix spelling in configuration comment
 3881 * Switch keystone over to oslo\_log versionutils
 3882 * Updated from global requirements
 3883 * Use lower default value for sha512\_crypt rounds
 3884 * Updated from global requirements
 3885 * Add more Rally scenarios
 3886 * Remove unnecessary dependencies from KerberosDomain
 3887 * Remove deprecated external authentication plugins
 3888 * Remove unnecessary code for default suffix
 3889 * Remove custom assertions for python2.6
 3890 * Avoid using the interactive interpreter for a one-liner
 3891 * Add validity check of 'expires\_at' in trust creation
 3892 * Revocation engine refactoring
 3893 * Updated from global requirements
 3894 * Rename directory with rally jobs files
 3895 * Fix req.environ[SCRIPT\_NAME] value
 3896 * Don't query db if criteria longer than col length
 3897 * Updated from global requirements
 3898 * Run WSGI with group=keystone
 3899 * Consolidate test-requirements files
 3900 * Switch from deprecated isotime
 3901 * Fix the wrong order of parameters when using assertEqual
 3902 * Add testcases to test DefaultDomain
 3903 * Remove the deprecated ec2 token middleware
 3904 * Replace blacklist\_functions with blacklist\_calls
 3905 * updates sample\_data script to use the new openstack commands
 3906 * Log info for Fernet tokens over 255 chars
 3907 * Update functional tox env requirements
 3908 * Update sample config file
 3909 * Correct oauth1 driver help text
 3910 * Rename driver to backend and fix the inaccurate docstring
 3911 * Add "enabled" to create service provider example
 3912 * Update testing keystone2keystone doc
 3913 * Removes unused database setup code
 3914 * Refactor: use \_\_getitem\_\_ when the key will exists
 3915 * Refactor: create the lookup object once
 3916 * Order routes so most frequent requests are first
 3917 * \`api\_curl\_examples.rst\` is out of date
 3918 * Don't assume project IDs are UUID format
 3919 * Don't assume group IDs are UUID format
 3920 * Don't fail on converting user ids to bytes
 3921 * Move endpoint policy into keystone core
 3922 * Update sample config file
 3923 * Tests don't override default auth methods/plugins
 3924 * Tests consistently use auth\_plugin\_config\_override
 3925 * Test use config\_overrides for configs
 3926 * Correct tests setting auth methods to a non-list
 3927 * Make sure LDAP filter is constructed correctly
 3928 * basestring no longer exists in Python3
 3929 * Add mocking for memcache for Python3 tests
 3930 * Fix xmldsig import
 3931 * Refactor deprecations tests
 3932 * Switch from MySQL-python to PyMySQL
 3933 * Improve websso documentation
 3934 * Remove the deprecated compute\_port option
 3935 * Workflow documentation is now in infra-manual
 3936 * Remove XML middleware stub
 3937 * Rename sample\_config to genconfig
 3938 * Imported Translations from Transifex
 3939 * Replace ci.o.o links with docs.o.o/infra
 3940 * Sync oslo-incubator cc19617
 3941 * Use single connection in get\_all function
 3942 * Removes temporary fix for doc generation
 3943 * Improve error message when tenant ID does not exist
 3944 * Updated from global requirements
 3945 * Add missing part for \`token\` object
 3946 * Remove identity\_api from AuthInfo dependencies
 3947 * Move bandit requirement to test-requirements-bandit.txt
 3948 * Adds inherited column to RoleAssignment PK
 3949 * Update dev setup requirements for Python 3.4
 3950 * Update sample config file
 3951 * Remove support for loading auth plugin by class
 3952 * Use [] where a value is required
 3953 * De-duplicate auth methods
 3954 * Remove unnecessary oauth\_api check
 3955 * Use short names for drivers
 3956 * Fixes deprecations test for Python3
 3957 * Add mocking for ldappool for Python3 tests
 3958 * Fixes a whitespace issue
 3959 * Handles modules that moved in Python3
 3960 * Handles Python3 builtin changes
 3961 * Fixes use of dict methods for Python3
 3962 * Updated from global requirements
 3963 * Replace github reference by git.openstack.org and change a doc link
 3964 * Refactor \_create\_attribute\_statement IdP method
 3965 * Revert "Loosen validation on matching trusted dashboard"
 3966 * Updated from global requirements
 3967 * Use correct LOG translation indicator for errors
 3968 * Add openstack\_user\_domain to assertion
 3969 * Pass-in domain when testing saml signing
 3970 * Fixes test nits from a previous review
 3971 * Implement validation on the Identity V3 API
 3972 * Fix tiny typo in comment message
 3973 * Updates the \*py3 requirements files
 3974 * Fixes mocking of oslo messaging for Python3
 3975 * pycadf now supports Python3
 3976 * eventlet now supports Python3
 3977 * Updated from global requirements
 3978 * Add openstack\_project\_domain to assertion
 3979 * Use stevedore for backend drivers
 3980 * Prohibit invalid ids in subtree and parents list
 3981 * Update sample config
 3982 * Fix sample policy to allow user to check own token
 3983 * Replaced filter with a list comprehension
 3984 * Ignore multiple imports per line for six.moves
 3985 * Fixes order of imports for pep8
 3986 * pep8 whitespace changes
 3987 * Remove randomness from test\_client\_socket\_timeout
 3988 * Allow wsgiref to reconstruct URIs per the WSGI spec
 3989 * Fix the misuse of \`versionutils.deprecated\`
 3990 * Updated from global requirements
 3991 * Update openid connect docs to include other distros
 3992 
 3993 2015.1.0
 3994 --------
 3995 
 3996 * Updated from global requirements
 3997 * Remove pysqlite test-requirement dependency
 3998 * Fixes tests to use the config fixture
 3999 * Isolate injection tests
 4000 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 4001 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 4002 * Fixes cyclic ref detection in project subtree
 4003 * Updated from global requirements
 4004 * Updated from global requirements
 4005 * Release Import of Translations from Transifex
 4006 * Make memcache client reusable across threads
 4007 * Imported Translations from Transifex
 4008 * Remove project association before removing endpoint group
 4009 * Loosen validation on matching trusted dashboard
 4010 * adds a tox target for functional tests
 4011 * Adds an initial functional test
 4012 * Fix the incorrect comment
 4013 * Set default branch to stable/kilo
 4014 * Remove assigned protocol before removing IdP
 4015 * Expose domain\_name in the context for policy.json
 4016 * Update developer doc to reference Ubuntu 14
 4017 * Make memcache client reusable across threads
 4018 * Update Get API version Curl example
 4019 * Remove unused policy rule for get\_trust
 4020 * backend\_argument should be marked secret
 4021 * Update man pages for the Kilo release
 4022 * make sure we properly initialize the backends before using the drivers
 4023 * WebSSO should use remote\_id\_attribute by protocol
 4024 * Work with pymongo 3.0
 4025 * Fix incorrect setting in WebSSO documentation
 4026 * Stops injecting revoke\_api into TestCase
 4027 * Checking if Trust exists should be DRY
 4028 * Use correct LOG translation indicator for warnings
 4029 * backend\_argument should be marked secret
 4030 * Fix signed\_saml2\_assertion.xml tests fixture
 4031 * Don't provide backends from \_\_all\_\_ in persistence
 4032 * Add domain\_id checking in create\_project
 4033 * Update keystone.sample.conf
 4034 * Use choices in config.py
 4035 * make sure we properly initialize the backends before using the drivers
 4036 * WebSSO should use remote\_id\_attribute by protocol
 4037 * Refactor common function for loading drivers
 4038 * Tests don't override default config with default
 4039 * Refactor MemcachedBackend to not be a Manager
 4040 * Update openstack-common reference in openstack/common/README
 4041 * Exposes bug on role assignments creation
 4042 * Removes discover from test-reqs
 4043 * Work with pymongo 3.0
 4044 
 4045 2015.1.0rc1
 4046 -----------
 4047 
 4048 * Update man pages for the Kilo release
 4049 * Add placeholders for reserved migrations
 4050 * Redundant events on group grant revocation
 4051 * Open Liberty development
 4052 * Improved policy setting in the 'v3 filter' tests
 4053 * Handle NULL value for service.extra in migration 066
 4054 * Skip SSL tests because some platforms do not enable SSLv3
 4055 * Fix the typo in \`token/providers/fernet/core.py\`
 4056 * Fix index name the assignment.actor\_id table
 4057 * Add index to the revocation\_event.revoked\_at
 4058 * Document websso setup
 4059 * Allow identity provider to be created with remote\_ids set to None
 4060 * Update testing docs
 4061 * Import fernet providers only if used in keystone-manage
 4062 * Imported Translations from Transifex
 4063 * Fix multiple SQL backend usage validation error
 4064 * Expose multiple SQL backend usage validation error
 4065 * Fix for notifications for v2 role grant/delete
 4066 * Update sample config file
 4067 * Fix errors in ec2 signature logic checking
 4068 * Don't add unformatted project-specific endpoints to catalog
 4069 * Reload drivers when their domain config is updated
 4070 * Correcting the name of directory holding dev docs
 4071 * Fixes bug in Federation list projects endpoint
 4072 * Exposes bug in Federation list projects endpoint
 4073 * Updated from global requirements
 4074 * Refactor assignment driver internal clean-up method names
 4075 * Remove unnecessary .driver. references in assignment manager
 4076 * Rename notification for create/delete grants
 4077 * Drop sql.transaction() usage in migration
 4078 * Update configuration documentation for domain config
 4079 * Fix for migration 062 on MySQL
 4080 * Bump advertised API version to 3.4
 4081 * Extract response headers to private method
 4082 * Deprecate eventlet config options
 4083 * Imported Translations from Transifex
 4084 * remove useless nocatalog tests of endpoint\_filter
 4085 * Add API to create ecp wrapped saml assertion
 4086 * Add relay\_state\_prefix to Service Provider
 4087 * Change the way values are migrated for 007\_add\_remote\_id\_table
 4088 * Add routing for list\_endpoint\_groups\_for\_project
 4089 * Use ORM in upgrade test instead of manual query construction
 4090 * Remove empty request bodies
 4091 * Remove unnecessary import that was not checked
 4092 * IdP ID registration and validation
 4093 * Imported Translations from Transifex
 4094 * add test of /v3/auth/catalog for endpoint\_filter
 4095 * Entrypoints for commands
 4096 * More content in the guide for core components' migration
 4097 * Make trust manager raise formatted message exception
 4098 * Revert "Document mapping of policy action to operation"
 4099 * Remove SQL Downgrades
 4100 * Add caching to getting of the fully substituted domain config
 4101 * Refactor \_create\_projects\_hierarchy in tests
 4102 * Fixes bug when getting hierarchy on Project API
 4103 * Exposes bug when getting hierarchy on Project API
 4104 * Move common checks into base testcase
 4105 * Tests use common base class
 4106 * use tokens returned by delete\_tokens to invalidate cache
 4107 * Loosen the validation schema used for trustee/trustor ids
 4108 * region.description is optional and can be null
 4109 * Update access control configuration in httpd config
 4110 * Document mapping of policy action to operation
 4111 * Update install.rst for Fedora
 4112 * Update sample config file
 4113 * Remove parent\_id in v2 tenant response
 4114 * Tox env for Bandit
 4115 * Refactor: extract and rename unique\_id method
 4116 * create \_member\_ role as specified in CONF
 4117 * Fix sample policy to allow user to revoke own token
 4118 * Add unit tests for sample policy token operations
 4119 * Mark some strings for translation
 4120 * Add fernet to test\_supported\_token\_providers
 4121 * Fix up token provider help text
 4122 * Tests use Database fixture
 4123 * Remove parent\_id in v2 token response
 4124 * Update ServiceProviderModel attributes
 4125 * Add docstrings to keystone.notifications functions
 4126 * Remove unused metadata parameter from get\_catalog methods
 4127 * Imported Translations from Transifex
 4128 * Cleanup use of .driver
 4129 * Specify time units for default\_lock\_timeout
 4130 * Remove stevedore from test-requirements
 4131 * Lookup identity provider by remote\_id for websso
 4132 * Deal with PEP-0476 certificate chaining checking
 4133 * Distinguish between unset and empty black and white lists
 4134 * Remove unused domain config method paramters
 4135 * Correct path in request logging
 4136 * Correct request logging query parameters separator
 4137 * Fix setting default log levels
 4138 * On creation default service name to empty string
 4139 * Needn't workaround when invoking \`app.request()\`
 4140 
 4141 2015.1.0b3
 4142 ----------
 4143 
 4144 * Imported Translations from Transifex
 4145 * Support upload domain config files to database
 4146 * Update sample httpd config file
 4147 * Update Apache httpd config docs for token persistence
 4148 * Cleanup Fernet testcases and add comments
 4149 * Add inline comment and docstrings fixes for Fernet
 4150 * Fix nullable constraints in service provider table
 4151 * Move backend LDAP role testing to the new backend testing module
 4152 * URL quote Fernet tokens
 4153 * Use existing token test for Fernet tokens
 4154 * Implement Fernet tokens for v2.0 tokens
 4155 * Refactor code supporting status in JSON Home
 4156 * remove expected backtrace from logs
 4157 * Log when no external auth plugin registered
 4158 * Adds test for federation mapping list order issues
 4159 * Updated from global requirements
 4160 * Enable sensitive substitutions into whitelisted domain configs
 4161 * Imported Translations from Transifex
 4162 * Create a fixture for key repository
 4163 * Ignore unknown groups in lists for Federation
 4164 * Remove RestfulTestCase.admin\_request
 4165 * Remove SSL configuration instructions from HTTPd docs
 4166 * Wrap apache-httpd.rst
 4167 * Remove fix for migration 37
 4168 * Cleanup for credentials schema test
 4169 * Refactor sql filter code for clarity
 4170 * Prefer . to setattr()/getattr()
 4171 * Build domain scope for Fernet tokens
 4172 * Mark the domain config API as experimental
 4173 * Imported Translations from Transifex
 4174 * Allow methods to be carried in Fernet tokens
 4175 * Federated token formatter
 4176 * Refactor: make Fernet token creation/validation API agnostic
 4177 * Convert audit\_ids to bytes
 4178 * Drop Fernet token prefixes & add domain-scoped Fernet tokens
 4179 * Add JSON schema validation for service providers
 4180 * Implements whitelist and blacklist mapping rules
 4181 * Adding utf8 to federation tables
 4182 * Eventlet green threads not released back to pool
 4183 * Abstract the direct map concept into an object
 4184 * Remove redundant creation timestamp from fernet tokens
 4185 * Fix deprecated group for eventlet\_server options
 4186 * Sync oslo-incubator to f2cfbba
 4187 * Cleanup test keeping unnecessary fixture references
 4188 * Fix typo in name of variable in resource router
 4189 * Add test to list projects by the parent\_id
 4190 * Fixes minor spelling issue
 4191 * Crosslink to other sites that are owned by Keystone
 4192 * Imported Translations from Transifex
 4193 * move region and service exist checks into manager layer
 4194 * make credential policy check ownership of credential
 4195 * Remove unused threads argument
 4196 * Refactor: remove dep on trust\_api / v3 token helper
 4197 * Enable use of database domain config
 4198 * add oauth authentication to config file
 4199 * Prevent calling waitall() inside a GreenPool's greenthread
 4200 * Rename get\_events to list\_events on the Revoke API
 4201 * Address nits for default cache time more explicit
 4202 * add cadf notifications for oauth
 4203 * Add scope info to initiator data for CADF notifications
 4204 * Removed maxDiff attribute from TestCase
 4205 * Refactoring: use BaseTestCase instead of TestCase
 4206 * Moved sys.exit mocking into BaseTestClass
 4207 * Refactor: move initiator test to cadf specific section
 4208 * Refactor: create a common base for notification tests
 4209 * Migrations squash
 4210 * Consistently use oslo\_config.cfg.CONF
 4211 * Removes logging code that supported Python <2.7
 4212 * Refactoring: removed client method from TestCase
 4213 * Refactoring: remove self.\_config\_file\_list from TestCase
 4214 * Deprecate passing "extras" in token data
 4215 * 'Assignment' has no attr 'get\_domain\_by\_name'
 4216 * Refactor: make extras optional in v3 get\_token\_data
 4217 * Remove extra semicolon from mapping fixtures
 4218 * Imported Translations from Transifex
 4219 * Fix seconds since epoch use in fernet tokens
 4220 * Add API support for domain config
 4221 * Remove unused checkout\_vendor
 4222 * Move test\_core to keysteone.tests.unit.tests
 4223 * Fixes the SQL model tests
 4224 * Add documentation for key terms and basic authenticating
 4225 * Remove useless comment from requirements.txt
 4226 * Move pysaml to requirements.txt for py3
 4227 * Docstring fixes in fernet.token\_formatters
 4228 * Made project\_id required for ec2 credential
 4229 * Add Federation mixin for setting up data
 4230 * Refactor: remove token formatters dep on 'token\_data' on create()
 4231 * Refactor: rename the "standard" token formatter to "scoped"
 4232 * Add unscoped token formatter for Fernet tokens
 4233 * Fix the wrong order of parameters when using assertEqual
 4234 * Imported Translations from Transifex
 4235 * Spelling and grammar cleanup
 4236 * Fixes bug in SQL/LDAP when honoring driver\_hints
 4237 * Remove policy parsing exception
 4238 * Cleanup policy related tests
 4239 * Remove incubated version of oslo policy
 4240 * Use oslo.policy instead of incubated version
 4241 * Fixes minor whitespace issues
 4242 * Updated from global requirements
 4243 * Add checking for existing group/option to update domain config
 4244 * Stop debug logging of Ldap while running unit tests
 4245 * Exposes bug in SQL/LDAP when honoring driver\_hints
 4246 * Updated from global requirements
 4247 * Fix typos in tests/unit/core.py
 4248 * Remove unnecessary import
 4249 * Update developer docs landing page
 4250 * Add support for whitelisting and partial domain configs
 4251 * Change headers to be byte string friendly
 4252 * fix import order in federation controller
 4253 * Imported Translations from Transifex
 4254 * Fix a minor coding nit in Fernet testing
 4255 * Move install of cryptography before six
 4256 * refactor: extract and document audit ID generation
 4257 * Update sample config file
 4258 * log query string instead of openstack.params and request args
 4259 * Cleanup docstrings in test\_v3\_federation.py
 4260 * refactor: consistently refer to "unpacked tokens" as the token's "payload"
 4261 * refactor: extract fernet packing & unpacking methods
 4262 * Fix nits from 157495
 4263 * Deprecate Eventlet Deployment in favor of wsgi containers
 4264 * remove old docstr referring to keyczar
 4265 * Implement backend driver support for domain config
 4266 * Use revocation events for lightweight tokens
 4267 * Avoid multiple instances for a provider
 4268 * Always load revocation manager
 4269 * Cleanup comments from 159865
 4270 * Updated from global requirements
 4271 * Rename "Keystone LightWeight Tokens" (KLWT) to "Fernet" tokens
 4272 * Make the default cache time more explicit in code
 4273 * Keystone Lightweight Tokens (KLWT)
 4274 * Refactor and provide scaffolding for domain specific loading
 4275 * Populate token with service providers
 4276 * Add CADF notifications for trusts
 4277 * Get initiator from manager and send to controller
 4278 * Add in non-decorator notifiers
 4279 * Implemented caching in identity layer
 4280 * Imported Translations from Transifex
 4281 * Use dict comprehensions instead of dict constructor
 4282 * Remove deprecated methods and functions in token subsystem
 4283 * Authenticate local users via federated workflow
 4284 * Move UserAuthInfo to a separate file
 4285 * Make RuleProcessor.\_UserType class public
 4286 * Enhance user identification in mapping engine
 4287 * Remove conditional check (and test) for oauth\_api
 4288 * Fixes test\_multiple\_filters filters definition
 4289 * Remove conditionals that check for revoke\_api
 4290 * Use correct dependency decorator
 4291 * Add minimum release support notes for federation
 4292 * Update \`os service create\` examples in config services
 4293 * Reference OSC docs in CLI examples
 4294 * Chain a trust with a role specified by name
 4295 * Add parent\_id to test\_project\_model
 4296 * Revamp the documentation surrounding notifications
 4297 * Remove unused tmp directory in tests
 4298 * Correct initialization order for logging to use eventlet locks
 4299 * add missing links for v3 OS-EC2 API response
 4300 * Remove explicit mentions of JSON from test\_v2
 4301 * Rename test\_keystoneclient\*
 4302 * Rename test\_content\_types
 4303 * Fix for KVS cache backend incompatible with redis-py
 4304 * Enable endpoint\_policy, endpoint\_filter and oauth by default
 4305 * Add links to extensions that point to api specs
 4306 * Classifying extensions and defining process
 4307 * Imported Translations from Transifex
 4308 * Add oslo request id middleware to keystone paste pipeline
 4309 * Uses SQL catalog driver for v2 REST tests
 4310 * Fixed skip msg in templated catalog test
 4311 * Remove invalid comment/statement at role manager
 4312 * Standardize notifications types as constants
 4313 * Change use of random to random.SystemRandom
 4314 * Remove extra call to oauth manager from tests
 4315 * Remove an extra call to create federation manager
 4316 * Updated from global requirements
 4317 * Imported Translations from Transifex
 4318 * Improve List Role Assignment Tests
 4319 * Enable filtering in LDAP backend for listing entities
 4320 * Refactor filter and sensitivity tests in prepartion for LDAP support
 4321 * Imported Translations from Transifex
 4322 * Provide additional detail if OAuth headers are missing
 4323 * Add WebSSO support for federation
 4324 * Check consumer and project id before creating request token
 4325 * Regenerate sample config file
 4326 * Move eventlet server options to a config section
 4327 * refactor: use \_get\_project\_endpoint\_group\_url() where applicable
 4328 * Update sample config file
 4329 * Consistently use oslo\_config.cfg.CONF
 4330 * Imported Translations from Transifex
 4331 * Removes unnecessary checks when cleaning a domain
 4332 * Remove check\_role\_for\_trust from sample policies
 4333 * Remove duplicated test for get\_role
 4334 * Add a test for create\_domain in notifications
 4335 * Add CADF notification handling for policy/region/service/endpoint
 4336 * Publicize region/endpoint/policy/service events
 4337 * Add CADF notifications for most resources
 4338 * Updated from global requirements
 4339 * Drop foreign key (domain\_id) from user and group tables
 4340 * Make federated domain configurable
 4341 * Imported Translations from Transifex
 4342 * Move backend role tests into their own module
 4343 * Fix nits from patch #110858
 4344 * Fix invalid super() usage in memcache pool
 4345 * Add a domain to federated users
 4346 * Wrap dependency registry
 4347 * Remove unnecessary code setting provider
 4348 * Fix tests to not load federation manager twice
 4349 * Fix places where role API calls still called assignment\_api
 4350 * fix a small issue in test\_v3\_auth.py
 4351 * Imported Translations from Transifex
 4352 * rename cls in get\_auth\_context to self
 4353 * make tests of endpoint\_filter check endpoints num
 4354 * remove the Conf.signing.token\_format option support
 4355 * Remove list\_endpoint\_groups\_for\_project from sample policies
 4356 * Add get\_endpoint\_group\_in\_project to sample policy files
 4357 * Check for invalid filtering on v3/role\_assignments
 4358 * Remove duplicate token revocation check
 4359 * Remove incubator version of log and local
 4360 * Use oslo.log instead of incubator
 4361 * Move existing tests to unit
 4362 * Cleanup tests to not set multiple workers
 4363 * Use subunit-trace from tempest-lib
 4364 * Log exceptions safely
 4365 * Imported Translations from Transifex
 4366 * Refactor \_send\_audit\_notification
 4367 * Updated from global requirements
 4368 * Remove excess brackets in exception creation
 4369 * Update policy doc to use new rule format
 4370 * remove the unused variables in indentity/core.py
 4371 * fix assertTableColumns
 4372 * Imported Translations from Transifex
 4373 * make federation part of keystone core
 4374 * Small cleanup of cloudsample policy
 4375 * Fix error message on check on RoleV3
 4376 * Improve creation of expected assignments in tests
 4377 * Add a check to see if a federation token is being used for v2 auth
 4378 * Adds a fork of python-ldap for Py3 testing
 4379 * Updates Python3 requirements
 4380 * Sync with oslo-incubator
 4381 * Add local rules in the federation mapping tests
 4382 * Don't try to convert LDAP attributes to boolean
 4383 * Add schema for endpoint group
 4384 * Split the assignments controller
 4385 * Use \_VersionsEqual for a few more version tests
 4386 * Remove test PYTHONHASHSEED setting
 4387 * Correct version tests for result ordering
 4388 * Correct a v3 auth test for result ordering
 4389 * Correct catalog response checker for result ordering
 4390 * Correct test\_get\_v3\_catalog test for result ordering
 4391 * Correct test\_auth\_unscoped\_token\_project for result ordering
 4392 * Fix the syntax issue on creating table \`endpoint\_group\`
 4393 * Change hacking check to verify all oslo imports
 4394 * Change oslo.i18n to oslo\_i18n
 4395 * Change oslo.config to oslo\_config
 4396 * Change oslo.db to oslo\_db
 4397 * Remove XMLEquals from tests
 4398 * Remove unused test case
 4399 * Don't coerce port config values
 4400 * Make identity id mapping handle unicode
 4401 * Improve testing of unicode id mapping
 4402 * Add new "RoleAssignment" exception
 4403 * Imported Translations from Transifex
 4404 * log wsgi requests at INFO level
 4405 * Fix race on default role creation
 4406 * Imported Translations from Transifex
 4407 * Unscoped to Scoped only
 4408 * Refactor federation SQL backend
 4409 
 4410 2015.1.0b2
 4411 ----------
 4412 
 4413 * Set initiators ID to user\_id
 4414 * Updated from global requirements
 4415 * Change oslo.messaging to oslo\_messaging
 4416 * Change oslo.serialization to oslo\_serialization
 4417 * Handle SSL termination proxies for version list
 4418 * Imported Translations from Transifex
 4419 * Update federation config to use Service Providers
 4420 * Drop URL field from region table
 4421 * Create K2K SAML assertion from Service Provider
 4422 * Service Providers API for OS-FEDERATION
 4423 * Implements subtree\_as\_ids query param
 4424 * Refactor role assignment assertions
 4425 * Fixes 'OS-INHERIT:inherited\_to' info in tests
 4426 * During authentication validate if IdP is enabled
 4427 * Fix typo in Patch #142743
 4428 * Make the LDAP dependency clear between identity, resource & assignment
 4429 * Implements parents\_as\_ids query param
 4430 * Internal notifications for cleanup domain
 4431 * Multiple IDP authentication URL
 4432 * Change oslo.utils to oslo\_utils
 4433 * Imported Translations from Transifex
 4434 * Regenerate sample config file
 4435 * Make unit tests call the new resource manager
 4436 * Make controllers and managers reference new resource manager
 4437 * Remove unused pointer to assignment in identity driver
 4438 * Move projects and domains to their own backend
 4439 * Make role manager refer to role cache config options
 4440 * Documentation fix for Keystone Architecture
 4441 * Imported Translations from Transifex
 4442 * Fix evaluation logic of federation mapping rules
 4443 * Deprecate LDAP Assignment Backend
 4444 * Fix up \_ldap\_res\_to\_model for ldap identity backend
 4445 * Remove local conf information from paste-ini
 4446 * Use RequestBodySizeLimiter from oslo.middleware
 4447 * Adds a wip decorator for tests
 4448 * Remove list\_user\_projects method from assignment
 4449 * Updated from global requirements
 4450 * Remove unnecessary code block of exception handling
 4451 * Updated from global requirements
 4452 * Add library oslo.concurrency in config-generator config file
 4453 * Updated from global requirements
 4454 * Explicit Unscoped
 4455 * add missing API in docstring of EndpointFilterExtension
 4456 * fix test\_ec2\_list\_credentials
 4457 * Assignment sql backend create\_grant refactoring
 4458 * Updated from global requirements
 4459 * Imported Translations from Transifex
 4460 * Remove TODO comment which has been addressed
 4461 * Refactor keystone-all and http/keystone
 4462 * Updated from global requirements
 4463 * Identify groups by name/domain in mapping rules
 4464 * do parameter check before updating endpoint\_group
 4465 * Move sql specific filter test code into test\_backend\_sql
 4466 * Fix incorrect filter test name
 4467 * Update the keystone sample config
 4468 * Minor fix in RestfulTestCase
 4469 * Scope federated token with 'token' identity method
 4470 * Correct comment about circular dependency
 4471 * Refactor assignment manager/driver methods
 4472 * Make unit tests call the new, split out, role manager
 4473 * Make controllers call the new, split out, role manager
 4474 * Correct doc string for grant driver methods
 4475 * Split roles into their own backend within assignments
 4476 * correct the help text of os\_inherit
 4477 * Update Inherited Role Assignment Extension section
 4478 * Limit lines length on configuration doc
 4479 * Fixes spacing in sentences on configuration doc
 4480 * Fixes several typos on configuration doc
 4481 * Trust redelegation
 4482 * add missing parent\_id parameter check in project schema
 4483 * Fix incorrect session usage in tests
 4484 * Fix migration 42 downgrade
 4485 * Updated from global requirements
 4486 * Additional test coverage for password changes
 4487 * Fix downgrade test for migration 61 on non-sqlite
 4488 * Fix transaction issue in migration 44 downgrade
 4489 * Correct failures for H238
 4490 * Move to hacking 0.10
 4491 * Updated from global requirements
 4492 * Remove unused fields in base TestCase
 4493 * Keystoneclient tests from venv-installed client
 4494 * Fix downgrade from migration 61 on non-sqlite
 4495 * explicit namespace prefixes for SAML2 assertion
 4496 * Remove requirements not needed by oslo-incubator modules anymore
 4497 * Remove unused testscenarios requirement
 4498 * Cleanup test-requirements for keystoneclient
 4499 * Fix tests using extension drivers
 4500 * Ensure manager grant methods throw exception if role\_id is invalid
 4501 * update sample conf using latest oslo.conf
 4502 * Remove unnecessary oslo incubator bits
 4503 * let endpoint\_filter sql backend return dict data
 4504 * Tests fail only on deprecation warnings from keystone
 4505 * switch from sample\_config.sh to oslo-config-generator
 4506 * Add positive test case for content types
 4507 * Update the keystone.conf sample
 4508 * remove invalid note
 4509 * invalidate cache when updating catalog objects
 4510 * Enable hacking rule H302
 4511 * fix wrong self link in the response of endpoint\_groups API
 4512 * Imported Translations from Transifex
 4513 * improve the EP-FILTER catalog length check in test\_v3.py
 4514 * Don't allow deprecations during testing
 4515 * Fix to not use deprecated Exception.message
 4516 * Integrate logging with the warnings module
 4517 * rename oslo.concurrency to oslo\_concurrency
 4518 * Fix to not use empty IN clause
 4519 * Be more precise with flake8 filename matches
 4520 * Use bashate to run\_tests.sh
 4521 * Move test\_utils to keystone/tests/unit/
 4522 * add circular check when updating region
 4523 * fix the wrong update logic of catalog kvs driver
 4524 * Removes a Py2.6 version of assertSetEqual
 4525 * Removes a Py2.6 version of inspect.getcallargs
 4526 * Removes a bit of WSGI code converts unicode to str
 4527 * Expanded mutable hacking checks
 4528 * Make the mutable default arg check very strict
 4529 * sync to oslo commit 1cf2c6
 4530 * Update federation docs to point to specs.o.org
 4531 * Memcache connection pool excess check
 4532 * Always return the service name in the catalog
 4533 * Update docs to no longer show XML support
 4534 
 4535 2015.1.0b1
 4536 ----------
 4537 
 4538 * Check and delete for policy\_association\_for\_region\_and\_service
 4539 * Remove unnecessary ldap import
 4540 * Rename \`removeEvent\` to be more pythonic
 4541 * Fix the way migration helpers check FK names
 4542 * Remove XML support
 4543 * Fix modifying a role with same name using LDAP
 4544 * Add a test for modifying a role to set the name the same
 4545 * Fix disabling entities when enabled is ignored
 4546 * Add tests for enabled attribute ignored
 4547 * Cleanup eventlet use in tests
 4548 * Fix update role without name using LDAP
 4549 * Add test for update role without name
 4550 * Inherited role assignments to projects
 4551 * Updated from global requirements
 4552 * Fix inherited user role test docstring
 4553 * Fixes links in Shibboleth configuration docs
 4554 * Updated from global requirements
 4555 * fix wrong indentation in contrib/federation/utils.py
 4556 * Adds openSUSE support for developer documentation
 4557 * User ids that begin with 0 cannot authenticate through ldap
 4558 * Typo in policy call
 4559 * Updated from global requirements
 4560 * Remove endpoint\_substitution\_whitelist config option
 4561 * Correct max\_project\_tree\_depth config help text
 4562 * Adds correct checks in LDAP backend tests
 4563 * Updated from global requirements
 4564 * Add an identity backend method to get group by name
 4565 * Create, update and delete hierarchical projects
 4566 * drop developer support for OS X
 4567 * Ignore H302 - bug 1398472
 4568 * Remove irrelative comment
 4569 * remove deprecated access log middleware
 4570 * Multiple IdPs problem
 4571 * Fixes docstring at eventlet\_server
 4572 * Fix the copy-pasted help info for db\_version
 4573 * Updated from global requirements
 4574 * TestAuthPlugin doesn't use test\_auth\_plugin.conf
 4575 * Add missing translation marker for dependency
 4576 * Use \_ definition from keystone.i18n
 4577 * Remove Python 2.6 classifier
 4578 * Correct token flush logging
 4579 * Speed up memcache lock
 4580 * Moves hacking tests to unit directory
 4581 * Fixes create\_saml\_assertion() return
 4582 * Add import i18n to federation/controllers.py
 4583 * Correct use of config fixture
 4584 * Extends hacking check for logging to verify i18n hints
 4585 * Adds missing log hints for level E/I/W
 4586 * make sample\_data.sh account for the default options in keystone.conf
 4587 * Adds dynamic checking for mapped tokens
 4588 * Updated from global requirements
 4589 * Enable cloud\_admin to list projects in all domains
 4590 * Remove string from URL in list\_revoke\_events()
 4591 * Configuring Keystone edits
 4592 * Update keystone readme to point to specs.o.org
 4593 * Imported Translations from Transifex
 4594 * Add WSGIPassAuthorization to OAuth docs
 4595 * Increase test coverage of test\_versions.py
 4596 * Move test\_pemutils.py to unit test directory
 4597 * Don't return \`\`user\_name\`\` in mapped.Mapped class
 4598 * Increase test coverage of test\_base64utils.py
 4599 * Move base64 unit tests to keystone/tests/unit dir
 4600 * Move injection unit tests to keystone/tests/unit
 4601 * Move notification unit tests to unit test dir
 4602 * Allow for REMOTE\_USER name in federation mapping
 4603 * Doc about specifying domains in domains specific backends
 4604 * Remove useless field passed into SQLAlchemy "distinct" statement
 4605 * Exclude domains with inherited roles from user domain list
 4606 * Improve testing of exclusion of inherited roles
 4607 * Fix project federation tokens for inherited roles
 4608 * Improve testing of project federation tokens for inherited roles
 4609 * Fix domain federation tokens for inherited roles
 4610 * Improve testing of domain federation tokens for inherited roles
 4611 * Fix misspelling at configuration.rst file
 4612 * Remove duplicate setup logic in federation tests
 4613 * Imported Translations from Transifex
 4614 * Enable hacking rule H904
 4615 * Move shib specific documentation
 4616 * Additional debug logs for federation flows
 4617 * Add openid connect support
 4618 * Imported Translations from Transifex
 4619 * Enable hacking rule H104 File contains nothing but comments
 4620 * Rename \_handle\_saml2\_tokens() method
 4621 * Updated from global requirements
 4622 * Update references to auth\_token middleware
 4623 * Use true() rather than variable/singleton
 4624 * Change ca to uppercase in keystone.conf
 4625 * default revoke driver should be the non-deprecated driver
 4626 * Prevent infinite loop in token\_flush
 4627 * Adds IPv6 url validation support
 4628 * Provide useful info when parsing policy file
 4629 * Doc about deleting a domain specific backend domain
 4630 * Updated from global requirements
 4631 * Remove token persistence proxy
 4632 * Correct use of noqa
 4633 * Use oslo.concurrency instead of sync'ed version
 4634 * revise error message for keystone.token.persistence pkg
 4635 * Change config option examples to v3
 4636 * Sync modules from oslo-incubator
 4637 * test\_utils use jsonutils from oslo.serialization
 4638 * Add fileutils module
 4639 * Move check\_output and git() to test utils
 4640 * Remove nonexistant param from docstring
 4641 * Fixes aggressive use of translation hints
 4642 * PKI and PKIZ tokens unnecessary whitespace removed
 4643 * Move unit tests from test\_backend\_ldap
 4644 * Use correct name of oslo debugger script
 4645 * Updated from global requirements
 4646 * Imported Translations from Transifex
 4647 * Change /POST to /ECP at federation config
 4648 * Base methods to handle hierarchical projects
 4649 * use expected\_length parameter to assert expected length
 4650 * fix the wrong order of assertEqual args in test\_v3
 4651 * sys.exit mock cleanup
 4652 * Tests raise exception if logging problem
 4653 * Correct the code path of implementation for the abstract method
 4654 * Use newer python-ldap paging control API
 4655 * Add xmlsec1 dependency comments
 4656 * Add parent\_id field to projects
 4657 * Add max-complexity to pep8 for Keystone
 4658 * Remove check\_password() in identity.backend.ldap
 4659 * Restrict certain APIs to cloud admin in domain-aware policy
 4660 * Remove unused ec2 driver option
 4661 * Extract Assignment tests from IdentityTestCase
 4662 * Clean up federated identity audit code
 4663 * obsolete deployment docs
 4664 * Remove database setup duplication
 4665 * Fixes endpoint\_filter tests
 4666 * Fixes a spelling error in hacking tests
 4667 * Fixes docstrings to be more accurate
 4668 * Update the feature/hierarchical-multitenancy branch
 4669 * Updated from global requirements
 4670 
 4671 2014.2
 4672 ------
 4673 
 4674 * updated translations
 4675 * Remove deprecated KVS trust backend
 4676 * Imported Translations from Transifex
 4677 * Ensure sql upgrade tests can run with non-sqlite databases
 4678 * Ensure sql upgrade tests can run with non-sqlite databases
 4679 * Validates controller methods exist when specified
 4680 * Fixes an error deleting an endpoint group project
 4681 * Add v3 openstackclient CLI examples
 4682 * Update the CLI examples to also use openstackclient
 4683 * Replace an instance of keystone/openstack/common/timeutils
 4684 * Use importutils from oslo.utils
 4685 * Use jsonutils from oslo.serialization
 4686 * Update 'Configuring Services' documentation
 4687 * Use openstackclient examples in configuration documentation
 4688 * Validates controller methods exist when specified
 4689 * Fixes an error deleting an endpoint group project
 4690 * Switch LdapIdentitySqlAssignment to use oslo.mockpatch
 4691 * Fix tests comparing tokens
 4692 * Remove deprecated TemplatedCatalog class
 4693 * Remove images directory from docs
 4694 * Remove OS-STATS monitoring
 4695 * Remove identity and assignment kvs backends
 4696 * Add an XML code directive to a shibboleth example
 4697 * revise docs on default \_member\_ role
 4698 * Convert unicode to UTF8 when calling ldap.str2dn()
 4699 * Fix tests comparing tokens
 4700 * Fix parsing of emulated enabled DN
 4701 * Handle default string values when using user\_enabled\_invert
 4702 * Handle default string values when using user\_enabled\_invert
 4703 * Convert unicode to UTF8 when calling ldap.str2dn()
 4704 * Fix parsing of emulated enabled DN
 4705 * Add test for getting a token with inherited role
 4706 * wrong logic in assertValidRoleAssignmentListResponse method
 4707 * Open Kilo development
 4708 
 4709 2014.2.rc1
 4710 ----------
 4711 
 4712 * Enhance FakeLdap to require base entry for subtree search
 4713 * Imported Translations from Transifex
 4714 * Uses session in migration to stop DB locking
 4715 * Address some late comments for memcache clients
 4716 * Set issuer value to CONF.saml.idp\_entity\_id
 4717 * Updated from global requirements
 4718 * Add placeholders for reserved migrations
 4719 * Mark k2k as experimental
 4720 * Add version attribute to the SAML2 Assertion object
 4721 * New section for CLI examples in docs
 4722 * Fix failure of delete domain group grant when identity is LDAP
 4723 * Clean up the Configuration documentation
 4724 * Adding an index on token.user\_id and token.trust\_id
 4725 * Update architecture documentation
 4726 * Fix a spelling mistake in keystone/common/utils.py
 4727 * Imported Translations from Transifex
 4728 * Prevent infinite recursion on persistence core on init
 4729 * Read idp\_metadata\_path value from CONF.saml
 4730 * Remove duplicated assertion
 4731 * Fix create and user-role-add in LDAP backend
 4732 * Fix minor spelling issues in comments
 4733 * Add a pool of memcached clients
 4734 * Update URLs for keystone federation configuration docs
 4735 * add --rebuild option for ssl/pki\_setup
 4736 * Mock doesn't have assert\_called\_once()
 4737 * Do not run git-cloned ksc master tests when local client specified
 4738 * Add info about pysaml2 into federation docs
 4739 * Imported Translations from Transifex
 4740 * Remove unused cache functions from token.core
 4741 * Updated from global requirements
 4742 * Safer check for enabled in trusts
 4743 * Set the default number of workers when running under eventlet
 4744 * Add the processutils from oslo-incubator
 4745 * Update 'Configure Federation' documentation
 4746 * Ensure identity sql driver supports domain-specific configuration
 4747 * Allow users to clean up role assignments
 4748 * Adds a whitelist for endpoint catalog substitution
 4749 * Revoke the tokens of group members when a group role is revoked
 4750 * Change pysaml2 comment in test-requrements.txt
 4751 * Document Keystone2Keystone federation
 4752 * Set LDAP certificate trust options for LDAPS and TLS
 4753 * Fail on empty userId/username before query
 4754 * Refactor FakeLdap to share delete code
 4755 * ldap/core deleteTree not always supported
 4756 * Reduce unit test log level for notifications
 4757 * Fix delete group cleans up role assignments with LDAP
 4758 * Refactor LDAP backend using context manager for connection
 4759 * Fix fakeldap search\_s documentation
 4760 * Add delete notification to endpoint grouping
 4761 * Fix using local ID to clean up user/group assignments
 4762 * Add characterization test for cleanup role assignments for group
 4763 * Fix LDAP group role assignment listing
 4764 * Correct typos in keystone/common/base64utils.py docstrings
 4765 * Add V3 JSON Home support to GET /
 4766 * Ensure a consistent transactional context is used
 4767 * Adds hint about filter placement to extension docs
 4768 * Adds pipeline hints to the example paste config
 4769 * Make the extension docs a top level entry in the landing page
 4770 * LDAP: refactor use of "1.1" OID
 4771 * Fix Policy backend driver documentation
 4772 * improve dependency injection doc strings
 4773 * Document mod\_wsgi doesn't support chunked encoding
 4774 * Making KvsInheritanceTests use backend KVS
 4775 * Keystone local authenticate has an unnecessary pending audit record
 4776 * Use id attribute map for read-only LDAP
 4777 * Stop skipping LDAP tests
 4778 * Update the revocation configuration docs
 4779 * Fixes formatting error in debug log statement
 4780 * Remove trailing space from string
 4781 * Update paste pipelines in configuration docs
 4782 * Update man pages
 4783 * Updates package comment to be more accurate
 4784 * Fixed typo 'in sane manner' to 'in a sane manner'
 4785 * Enable filtering of services by name
 4786 * correct typos
 4787 * Fixes code comment to be more accurate
 4788 * Prevent domains creation for the default LDAP+SQL
 4789 * Add testcase for coverage of 002\_add\_endpoint\_groups
 4790 * Fix oauth sqlite migration downgrade failure
 4791 * Sync jsonutils from oslo-incubator 32e7f0b5
 4792 * Imported Translations from Transifex
 4793 * Avoid conversion of binary LDAP values
 4794 * Remove unused variable TIME\_FORMAT
 4795 * Add characterization test for group role assignment listing
 4796 * Fix dn\_startswith
 4797 * Use oslo\_debug\_helper and remove our own version
 4798 * Fixes a mock cleanup issue caused by oslotest
 4799 * Add rst code-blocks to a bunch of missing examples
 4800 * Capitalize all instances of Keystone in the docs
 4801 
 4802 2014.2.b3
 4803 ---------
 4804 
 4805 * Update the docs that list sections in keystone.conf
 4806 * Fixed spelling mistakes in comments
 4807 * use one indentation style
 4808 * Fix admin server doesn't report v2 support in Apache httpd
 4809 * Add test for single app loaded version response
 4810 * Work toward Python 3.4 support and testing
 4811 * Update the federation configuration docs for saml2
 4812 * Add docs for enabling endpoint policy
 4813 * warn against sorting requirements
 4814 * Adds region back into the catalog endpoint
 4815 * Remove extra V3 version router
 4816 * Implementation of Endpoint Grouping
 4817 * Fix minor nits for token2saml generation
 4818 * Routes for Keystone-IdP metadata endpoint
 4819 * Generate IdP Metadata with keystone-manage
 4820 * IdP SAML Metadata generator
 4821 * Implement validation on Trust V3 API
 4822 * Create SAML generation route and controller
 4823 * trustor\_user\_id not available in v2 trust token
 4824 * Transform a Keystone token to a SAML assertion
 4825 * Remove TODO that was done
 4826 * Fix region schema comment
 4827 * Remove unused \_validate\_endpoint
 4828 * Fix follow up review issues with endpoint policy backend patch
 4829 * controller for the endpoint policy extension
 4830 * Mark the revoke kvs backend deprecated, for removal in Kilo
 4831 * Fix logging config twice
 4832 * Implement validation on the Catalog V3 API
 4833 * General logging cleanup in keystone.notifications
 4834 * Lower log level for notification registration
 4835 * backend for policy endpoint extension
 4836 * Implement validation on Credential V3
 4837 * Implement validation on Policy V3 API
 4838 * Fix token flush fails with recursion depth exception
 4839 * Spelling errors fixed in the comments
 4840 * Add index for actor\_id in assignments table
 4841 * Endpoint table is missing reference to region table
 4842 * add missing log hints for level C/E/I/W
 4843 * Add audit support to keystone federation
 4844 * Add string id type validation
 4845 * Implement validation on Assignment V3 API
 4846 * Adds tests that show how update with validation works
 4847 * Mark the trust kvs backend deprecated, for removal in Kilo
 4848 * Test cleanup: do not leak FDs during test runs
 4849 * Do not load auth plugins by class in tests
 4850 * JSON Home data is required
 4851 * Cleanup superfluous string comprehension and coersion
 4852 * Add commas for ease of maintenance
 4853 * Comments to docstrings for notification emit methods
 4854 * Notification cleanup: namespace actions
 4855 * Mark kvs backends as deprecated, for removal in Kilo
 4856 * Add bash code style to some portions of configuration.rst
 4857 * Update sample config
 4858 * Update tests to not use token\_api
 4859 * Make persistence manager in token\_provider\_api private
 4860 * Enhance GET /v3 to handle Accept header
 4861 * Enhance V3 extensions to provide JSON Home data
 4862 * Enhance V3 extension class to integrate JSON Home data
 4863 * Change OS-INHERIT extension to provide JSON Home data
 4864 * Change the sub-routers to provide JSON Home data
 4865 * Change V3 router classes to provide JSON Home data
 4866 * Create additional docs for role assignment events
 4867 * Add libxmlsec1 as external package dependency on OS X
 4868 * Add \_\_repr\_\_ to KeystoneToken model
 4869 * Add extra guarding to revoke\_by\_audit\_id methods
 4870 * Mark methods on token\_api deprecated
 4871 * Remove SAML2 plugin dependency on token\_api
 4872 * Remove oauth controller dependency on token\_api
 4873 * Remove assignment\_api dependency on token\_api
 4874 * Notification Constant Cleanup and internal notify type
 4875 * Remove wsgi and base controller dependency on token\_api
 4876 * Remove identity\_api dependency on token\_api
 4877 * Remove trust dependency on token\_api
 4878 * Update AuthContextMiddleware to not use token\_api
 4879 * Revoke by Audit Id / Audit Id Chain instead of expires
 4880 * assignment controller error path fix
 4881 * Make SQL the default backend for Identity & Assignment unit tests
 4882 * Add CADF notifications for role assignment create and delete
 4883 * Add notifications for policy, region, service and endpoint
 4884 * Enhance V3 version controller to provide JSON Home response
 4885 * Provide the V3 routers to the V3 extension controller
 4886 * Enhance V3 routers to store basic resource description
 4887 * Correct the signature for some catalog abstract method signatures
 4888 * Convert to urlsafe base64 audit ids
 4889 * Sync Py2 and Py3 requirements files
 4890 * Sync with oslo-incubator
 4891 * Add audit ids to tokens
 4892 * Fixing simple type in comment
 4893 * Create authentication specific routes
 4894 * Standardizing the Federation Process
 4895 * Enable filtering of credentials by user ID
 4896 * Expose context to create grant and delete grant
 4897 * Redirect stdout and stderr when using subprocess
 4898 * Back off initial migration to 34
 4899 * Back off initial migration to 35
 4900 * Use python convention for function names in test\_notifications
 4901 * Use mail for the default LDAP email attribute name
 4902 * Bump hacking to 0.9.x series
 4903 * Fixes an issue with the XMLEquals matcher
 4904 * Do not require method attribute on plugins
 4905 * Remove \_BaseFederationExtension
 4906 * Add a URL field to region table
 4907 * Remove unnecessary declaration of CONF
 4908 * Remove trailing space in tox.ini
 4909 * Rename bash8 requirement
 4910 * Updates the sample config
 4911 * remove unused import
 4912 * Clean whitespace off token
 4913 * Support the hints mechanism in list\_credentials()
 4914 * Keystone service throws error on receiving SIGHUP
 4915 * Remove strutils and timeutils from openstack-common.conf
 4916 * Use functions in oslo.utils
 4917 * Add an OS-FEDERATION section to scoped federation tokens
 4918 * Ensure roles created by unit tests have correct attributes
 4919 * Update control\_exchange value in keystone.conf
 4920 * swap import order of lxml
 4921 * add i18n to lxml error
 4922 * Check for empty string value in REMOTE\_USER
 4923 * Refactor names in catalog backends
 4924 * Update CADF auditing example to show non-payload information
 4925 * Remove ec2 contrib dependency on token\_api
 4926 * Expose token revocation list via token\_provider\_api
 4927 * Remove assignment controller dependency on token\_api
 4928 * Refactor serializer import to XmlBodyMiddleware
 4929 * Delete intersphinx mappings
 4930 * Fix documentation link
 4931 * Make token\_provider\_api contain token persistence
 4932 * Remove S3 middleware tests from tox.ini
 4933 * Remove unused function
 4934 * Add oslo.utils requirement
 4935 * Surround REMOTE\_USER variable name with quotes
 4936 * Remove \`with\_lockmode\` use from Trust SQL backend
 4937 * Allow LDAP lock attributes to be used as enable attributes
 4938 * Improve instructions about federation
 4939 * Do not override venvs
 4940 * Imported Translations from Transifex
 4941 * Remove debug CADF payload for every authN request
 4942 * Don't override tox envdir for pep8 and cover jobs
 4943 * Change V3 extensions to use resources
 4944 * Enhance V3 extension class to use resources
 4945 * V3 Extension class
 4946 * Change V3 router classes to use resources
 4947 * Enhance V3 router class for resources
 4948 * Class for V3 router packages
 4949 * Filter List Regions by 'parent\_region\_id'
 4950 * Refactor existing endpoint filter tests
 4951 * Trust unit tests should target additional threat scenarios
 4952 * Update the config file
 4953 * Fix revocation event handling with MySQL
 4954 * Set default token provider to UUID
 4955 * Add filters to the collections 'self' link
 4956 * Issue multiple SQL statements in separate engine.execute() calls
 4957 * Remove fixture from openstack-common.conf
 4958 * Use config fixture from oslo.config
 4959 * Fix revoking a scoped token from an unscoped token
 4960 * Updated from global requirements
 4961 * KeyError instead of exception.KeyError
 4962 * Catch correct oslo.db exception
 4963 * Update setup docs with Fedora 19+ dependencies
 4964 * Add a test for revoking a scoped token from an unscoped
 4965 * Fix revoking domain-scoped tokens
 4966 * Correct revocation event test for domain\_id
 4967 * Add pluggable range functions for token flush
 4968 * Configurable python-keystoneclient repo
 4969 * Fix invalid self link in get access token
 4970 * Add workaround to support tox 1.7.2
 4971 * Fixes a capitalization issue
 4972 * Do not consume trust uses when create token fails
 4973 * Refactor set domain-id and mapping code
 4974 * Remove duplicated asserts
 4975 * Fix for V2 token issued\_at time changing
 4976 * Add tests related to V2 token issued\_at time changing
 4977 * Sample config update
 4978 * Add the new Keystone TokenModel
 4979 * Add X-Auth-Token header in federation examples
 4980 * Check url is in the 'self' link in list responses
 4981 * Clean up EP-Filter after delete project/endpoint
 4982 * add internal delete notification for endpoint
 4983 * remove static files from docs
 4984 * Move token persistence classes to token.persistence module
 4985 * cache the catalog
 4986 * Disable a domain will revoke tokens under the same domain
 4987 * Sqlite files excluded from the repo
 4988 * Adding support for ldap connection pooling
 4989 * Details the proper way to call a callable
 4990 
 4991 2014.2.b2
 4992 ---------
 4993 
 4994 * Add the new oslo.i18n as a dependency for Python 3
 4995 * Fixes test\_exceptions.py for Python3
 4996 * Fixes test\_wsgi for Python3
 4997 * Adds several more test modules that pass on Py3
 4998 * Reduces the amount of mocked imports for Python 3
 4999 * Disables LDAP unit tests
 5000 * Updated from global requirements
 5001 * Initial implementation of validator
 5002 * Mark the 'check\_vX\_token' methods deprecated
 5003 * Extracting get group roles for project logic to drivers
 5004 * implement GET /v3/catalog
 5005 * Adds coverage report to py33 test runs
 5006 * Fixed tox cover environment to share venv
 5007 * Regenerate sample config file
 5008 * Check that region ID is not an empty string
 5009 * auth tests should not require admin token
 5010 * Example JSON files should be human-readable
 5011 * Consolidate \`assert\_XXX\_enabled\` type calls to managers
 5012 * Move keystone.token.default\_expire\_time to token.provider
 5013 * Move token\_api.unique\_id to token\_provider\_api
 5014 * Capitalize a few project names in configuring services doc
 5015 * Fixes a Python3 syntax error
 5016 * Introduce pragma no cover to asbtract classes
 5017 * Update middleware that was moved to keystonemiddleware
 5018 * Sync with oslo-incubator
 5019 * project disabled/deleted notification recommendations
 5020 * render json examples with syntax highlighting
 5021 * Use oslo.i18n
 5022 * Make sure unit tests set the correct log levels
 5023 * Clean up the endpoint filtering configuration docs
 5024 * Avoid loading a ref from SQL to delete the ref
 5025 * Add revocation extension to default pipeline
 5026 * multi-backend support for identity
 5027 * Update docs to reflect new db\_sync behaviour
 5028 * Migrate default extensions
 5029 * Add oslo.i18n as dependency
 5030 * Do not use lazy translation for keystone-manage
 5031 * Update the configuration docs for the revocation extension
 5032 * Remove deprecated token\_api.list\_tokens
 5033 * Imported Translations from Transifex
 5034 * Add keystonemiddleware to requirements
 5035 * Add \_BaseFederationExtension class
 5036 * Correct the region table to be InnoDB and UTF8
 5037 * HEAD responses should return same status as GET
 5038 * Updated from global requirements
 5039 * Sync with oslo-incubator e9bb0b59
 5040 * Add schema check for OS-FEDERATION mapping table
 5041 * Make OS-FEDERATION core.Driver methods abstract
 5042 * update example with a status code we actually use
 5043 * Correct docstring for assertResponseSuccessful
 5044 * Fix the section name in CONTRIBUTING.rst
 5045 * Fix OAuth1 to not JSON-encode create access token response
 5046 * Ending periods in exception messages deleted
 5047 * Ensure that in v2 auth tenant\_id matches trust
 5048 * Add identity mapping capability
 5049 * Do not use keystone's config for nova's port
 5050 * Fix docs and scripts for pki\_setup and ssl\_setup
 5051 * LDAP: Added documentation for debug\_level option
 5052 * Updated from global requirements
 5053 * Fixes the order of assertEqual arguments
 5054 * remove default=None for config options
 5055 * Fix test for get\_\*\_by\_name invalidation
 5056 * Do not support toggling key\_manglers in cache layer
 5057 * Implicitly ignore attributes that are mapped to None in LDAP
 5058 * Move bash8 to run under pep8 tox env
 5059 * Remove db, db.sqlalchemy from openstack-common.conf
 5060 * Remove backend\_entities from backend\_ldap.conf
 5061 * Consolidate provider calls to token\_api.create\_token
 5062 * Adds hacking check for debug logging translations
 5063 * Updates Python3 requirements to match Python2
 5064 * Adds oslo.db support for Python 3 tests
 5065 * Do not leak SQL queries in HTTP 409 (conflict)
 5066 * Imported Translations from Transifex
 5067 * Do not log 14+ INFO lines on a broken pipe error (eventlet)
 5068 * Regenerate sample config file
 5069 * deprecate LDAP config options for 'tenants'
 5070 * the user\_tenant\_membership table was replaced by "assignment"
 5071 * Corrects minor spelling mistakes
 5072 * Ignoring order of user list in TenantTestCase
 5073 * Make gen\_pki.sh & debug\_helper.sh bash8 compliant
 5074 * TestAuthInfo class in test\_v3\_auth made more efficient
 5075 * Update docs to reference #openstack-keystone
 5076 * Don't set sqlite\_db default
 5077 * Migrate ID generation for users/groups from controller to manager
 5078 * oslo.db implementation
 5079 * Test \`common.sql\` initialization
 5080 * Kerberos as method name
 5081 * test REMOTE\_USER  does not authenticate
 5082 * Document pkiz as provider in config
 5083 * Only emit disable notifications for project/domain on disable
 5084 * Fix the typo and reformat the comments for the added option
 5085 * Updated from global requirements
 5086 * fix flake8 issues
 5087 * Update sample keystone.conf file
 5088 * Fix 500 error if request body is not JSON object
 5089 * Default to PKIZ tokens
 5090 * Fix a few typos in the shibboleth doc
 5091 * pkiz String conversion
 5092 * Fixes catalog URL formatting to never return None
 5093 * Updates keystone.catalog.core.format\_url tests
 5094 * Ignore broken endpoints in get\_catalog
 5095 * Allow for multiple PKI Style Providers
 5096 * Add instructions for removing pyc files to docs
 5097 * Password trunction makes password insecure
 5098 * enable multiple keystone-all worker processes
 5099 * Add cloud auditing notification documentation
 5100 * Block delegation escalation of privilege
 5101 * Fixes typo error in Keystone
 5102 * Add missing docstrings and 1 unittest for LDAP utf-8 fixes
 5103 * Properly invalidate cache for get\_\*\_by\_name methods
 5104 * Make sure domains are enabled by default
 5105 * Convert explicit session get/begin to transaction context
 5106 
 5107 2014.2.b1
 5108 ---------
 5109 
 5110 * remove unnecessary word in docs: 'an'
 5111 * add docs on v2 & v3 support in the service catalog
 5112 * Add v3 curl examples
 5113 * Use code-block for curl examples
 5114 * Sync service module from oslo-incubator
 5115 * remove unneeded definitions of Python Source Code Encoding
 5116 * gitignore etc/keystone/
 5117 * Enforce \`\`saml2\`\` protocol in Apache config
 5118 * install gettext on OS X for msgfmt
 5119 * Use translation hints
 5120 * Add v2 & v3 API documentation
 5121 * Make sure all the auth plugins agree on the shared identity attributes
 5122 * update release support warning for domain-specific drivers
 5123 * Catalog driver generates v3 catalog from v2 catalog
 5124 * Compressed Token Provider
 5125 * document keystone-specs instead of LP blueprints in README
 5126 * fixed several pep8 issues
 5127 * Invalid command referenced in federation documentation
 5128 * Fix curl example refs in docs
 5129 * pep8: do not test locale files
 5130 * Consistenly use jsonutils instead of json
 5131 * Fix type error message in format\_url
 5132 * Updated from global requirements
 5133 * remove out of date docs for Fedora 15
 5134 * Make sure scoping to the project of a disabled domain result in 401
 5135 * document pki\_setup and ssl\_setup in keystone.conf.sample
 5136 * Fixed wrong behavior when updating tenant or user with LDAP backends
 5137 * Cleanup openstack-common.conf and sync from olso
 5138 * recommend excluding 35357 from ephemeral ports
 5139 * Fixes duplicated DELETE queries on SQL backends
 5140 * Refactor tests regarding required attributes
 5141 * Suggest users to remove REMOTE\_USER from shibd conf
 5142 * Refactor driver\_hints
 5143 * Imported Translations from Transifex
 5144 * Code which gets and deletes elements of tree was moved to one method
 5145 * indicate that sensitive messages can be disabled
 5146 * Check that the user is dumb moved to the common method
 5147 * Fix spelling mistakes in docs
 5148 * Replace magic value 'service/security' in CadfNotificationWrapper
 5149 * Replace assertTrue and assertFalse with more suitable asserts
 5150 * replaced unicode() with six.text\_type()
 5151 * Remove obsolete note from ldap
 5152 * install from source docs never actually install the keystone service
 5153 * LDAP fix for get\_roles\_for\_user\_and\_project user=group ID
 5154 * Cleanup of ldap assignment backend
 5155 * Remove all mostly untranslated PO files
 5156 * Mapping engine does not handle regex properly
 5157 * SQL fix for get\_roles\_for\_user\_and\_project user=group ID
 5158 * Unimplemented get roles by group for project list
 5159 * sql migration: ensure using innodb utf8 for assignment table
 5160 * Update mailmap entry for Brant
 5161 * Reduce log noise on expired tokens
 5162 * Add note for v3 API clients using auth plugin docs
 5163 * Refactor test\_auth trust related tests
 5164 * Add detailed federation configuration docs
 5165 * remove a few backslash line continuations
 5166 * Reduce excess LDAP searches
 5167 * Regenerate sample config
 5168 * Fix version links to docs.openstack.org
 5169 * Add mailmap entry
 5170 * Refactor create\_trust for readability
 5171 * Adds several more tests to the Python 3 test run
 5172 * Fixed the policy tests in Python 3
 5173 * Fixed the size limit tests in Python 3
 5174 * fixed typos found by RETF rules in RST files
 5175 * Remove the configure portion of extension docs
 5176 * Ensure token is a string
 5177 * Fixed some typos throughout the codebase
 5178 * Allow 'description' in V3 Regions to be optional
 5179 * More random values for oAuth1 verifier
 5180 * Add rally performance gate job for keystone
 5181 * Set proper DB\_INIT\_VERSION on db\_version command
 5182 * Escape values in LDAP search filters
 5183 * Migration DB\_INIT\_VERSION in common place
 5184 * Redundant unique constraint
 5185 * Correct \`nullable\` values in models and migrations
 5186 * Move hacking code to a separate fixture
 5187 * Some methods in ldap were moved to superclass
 5188 * Sync with oslo-incubator 28fba9c
 5189 * Use oslo.test mockpatch
 5190 * Check that all po/pot files are valid
 5191 * No longer allow listing users by email
 5192 * Refactor notifications
 5193 * Add localized response test
 5194 * Refactor service readiness notification
 5195 * Make test\_revoke expiry times distinct
 5196 * Removed duplication with list\_user\_ids\_for\_project
 5197 * Fix cache configuration checks
 5198 * setUp must be called on a fixture's parent first
 5199 * First real Python 3 tests
 5200 * Make the py33 Jenkins job happy
 5201 * Fix the "search for sql.py" files for db models
 5202 * Sync with oslo-incubator 74ae271
 5203 * no one uses macports
 5204 * Updated from global requirements
 5205 * Compatible server default value in the models
 5206 * Explicit foreign key indexes
 5207 * Added statement for ... if ... else
 5208 * Imported Translations from Transifex
 5209 * Ignore broken endpoints in get\_v3\_catalog
 5210 * Fix typo on cache backend module
 5211 * Fix sql\_upgrade tests run by themselves
 5212 * Discourage use of pki\_setup
 5213 * add dependencies of keystone dev-enviroment
 5214 * More efficient DN list for LDAP role delete
 5215 * Stronger assertion for test\_user\_extra\_attribute\_mapping
 5216 * Refactor test\_password\_hashed to the backend testers
 5217 * Remove LDAP password hashing code
 5218 * More notification unit tests
 5219 * Add missing import, remove trailing ":" in middleware example
 5220 * Fixes for in-code documentation
 5221 * Isolate backend loading
 5222 * Sync with oslo-incubator 2fd457b
 5223 * Adding one more check on project\_id
 5224 * Moves test database setup/teardown into a fixture
 5225 * Make the LDAP debug option a configurable setting
 5226 * Remove unnecessary dict copy
 5227 * More debug output for test
 5228 * Code which gets elements of tree in ldap moved to a common method
 5229 * Removed unused code
 5230 * Don't re-raise instance
 5231 * Fix catalog Driver signatures
 5232 * Include extra attributes in list results
 5233 * Allow any attributes in mapping
 5234 * Enhance tests for user extra attribute mapping
 5235 * Fix typo of ANS1 to ASN1
 5236 * Updated from global requirements
 5237 * Refactor: moved flatten function to utils
 5238 * Collapse SQL Migrations
 5239 * Treat LDAP attribute names as case-insensitive
 5240 * replace word 'by' with 'be'
 5241 * Configurable token hash algorithm
 5242 * Adds style checks to ease reviewer burden
 5243 * Adding more descriptive error message
 5244 * Fixed wrong behavior in method search\_s in BaseLdap class
 5245 * Fix response for missing attributes in trust
 5246 * Refactor: move federation functions to federation utils
 5247 * List all forbidden attributes in the request body
 5248 * Convert test\_backend\_ldap to config fixture
 5249 * Add tests for user ID with comma
 5250 * Fix invalid LDAP filter for user ID with comma
 5251 * Remove assignment proxy methods/controllers
 5252 * Remove legacy\_endpoint\_id and enabled from service catalog
 5253 * Replace all use of mox with mock
 5254 * Fix assertEqual arguments order(catalog, cert\_setup, etc)
 5255 * Remove common.V3Controller.check\_required\_params() method
 5256 * Fix parallel unit tests keystoneclient partial checkout
 5257 * Sync from oslo db.sqlalchemy.migration
 5258 * Removes unused db\_sync methods
 5259 * Removes useless wrapper from manager base class
 5260 * Cleanup of test\_cert\_setup tests
 5261 * Sanitizes authentication methods received in requests
 5262 * Fix create\_region\_with\_id raise 500 Error bug
 5263 * For ldap, API wrongly reports user is in group
 5264 * support conventional domain name with one or more dot
 5265 * Remove \_delete\_tokens function from federation controller
 5266 * Keystone doesn't use pam
 5267 * Fixed small capitalization issue
 5268 * Fix Jenkins translation jobs
 5269 * Removes some duplicate setup from a testcase
 5270 * Updated from global requirements
 5271 * Enable concurrent testing by default
 5272 * Cleanup ldap tests (mox and reset values)
 5273 * Check domain\_id with equality in assignment kvs
 5274 * Moves database setup/teardown closer to its usage
 5275 * Cleanup config.py
 5276 * Clean up config help text
 5277 * Imported Translations from Transifex
 5278 * test\_v3\_token\_id correctly hash token
 5279 * Safer noqa handling
 5280 * Remove noqa form import \_s
 5281 * Fix assertEqual arguments order(auth\_plugin, backend, backend\_sql, etc)
 5282 * Expand the use of non-ascii values in ldap test
 5283 * Properly handle unicode & utf-8 in LDAP
 5284 * Refactor LDAP API
 5285 * Use in-memory SQLite for sql migration tests
 5286 * Use in-memory SQLite for testing
 5287 * Remove extraenous instantiations of managers
 5288 * Make service catalog include service name
 5289 * Add placeholders for reserved migrations
 5290 
 5291 2014.1.rc1
 5292 ----------
 5293 
 5294 * Open Juno development
 5295 * Enable lazy translations in httpd/keystone.py
 5296 * Avoid using .values() on the indexed columns
 5297 * Imported Translations from Transifex
 5298 * revert deprecation of v2 API
 5299 * Remove unnecessary test setUps
 5300 * code hygiene; use six.text\_type, escape regexp's, use key function
 5301 * Use CMS to generate sample tokens
 5302 * Allows override of stdout/stderr/log capturing
 5303 * exclude disabled services from the catalog
 5304 * refactor AuthCatalog tests
 5305 * Rename keystone.tests.fixtures
 5306 * Change the default version discovery URLs
 5307 * Remove extra cache layer debugging
 5308 * Updated from global requirements
 5309 * Fix doc build errors with SQLAlchemy 0.9
 5310 * Sync oslo-incubator db.sqlalchemy b9e2499
 5311 * Create TMPDIR for tests recursively
 5312 * Always include 'enabled' field in service response
 5313 * test tcp\_keepidle only if it's available on the current platform
 5314 * Add dedicated URL for issuing unscoped federation tokens
 5315 * Cleanup revocation query
 5316 * Reduce environment logging
 5317 * Use assertIsNone when comparing against None
 5318 * Removes the use of mutables as default args
 5319 * Add a space after the hash for block comments
 5320 * Filter SAML2 assertion parameters with certain prefix
 5321 * Use assertIn in test\_v3\_catalog
 5322 * Add support for parallel testr workers in Keystone
 5323 * is\_revoked check all viable subtrees
 5324 * update sample conf
 5325 * explicitly import gettext function
 5326 * expires\_at should be in a tuple not turned into one
 5327 * Comparisons should account for instantaneous test execution
 5328 * Start using to oslotest
 5329 * Uses generator expressions instead of filter
 5330 * Remove unused db\_sync from extensions
 5331 * Ability to turn off ldap referral chasing
 5332 * Add user\_id when calling populate\_roles\_for\_groups
 5333 * Store groups ids objects list in the OS-FEDERATION object
 5334 * Make domain\_id immutable by default
 5335 * Do not expose internal data on UnexpectedError
 5336 * Use oslo db.sqlalchemy.session.EngineFacade.from\_config
 5337 * Uses explicit imports for \_
 5338 * Rename scope\_to\_bad\_project() to test\_scope\_to\_bad\_project()
 5339 * Make LIVE Tests configurable with ENV
 5340 * Filter out nonstring environment variables before rules mapping
 5341 * Provide option to make domain\_id immutable
 5342 * Replace httplib.HTTPSConnection in ec2\_token
 5343 * Move test .conf files to keystone/tests/config\_files
 5344 * Removal of test .conf files
 5345 * Don't automatically enable revocation events
 5346 * Ensure v3policysample correctly limits domain\_admin access
 5347 * Sync db, db.sqlalchemy from oslo-incubator 0a3436f
 5348 * Do not use keystone.conf.sample in tests
 5349 * Filter LDAP dumb member when listing role assignments
 5350 * Updated from global requirements
 5351 * Remove unnecessary oauth1.Manager constructions
 5352 * Enforce groups presence for federated authn
 5353 * Update sample config
 5354 * Very minor cleanup to default\_fixtures
 5355 * Cleanup keystoneclient tests
 5356 * Cleanup fixture data added to test instances
 5357 * Cleans up test data from limit tests
 5358 * Cleanup of instance attrs in core tests
 5359 * Cleanup backends after each test
 5360 * Fixup region description uniqueness
 5361 * Add slowest output to tox runs (testr)
 5362 * Add missing documentation for enabling oauth1 auth plugin
 5363 * Add missing documentation for enabling federation auth plugin
 5364 * Use class attribute to represent 'user' and 'group'
 5365 * Configurable temporary directory for tests
 5366 * Call an existing method in sync cache for revoke events
 5367 * Remove unnecessary calls to self.config()
 5368 * remove the unused variable in test\_sql\_upgrade
 5369 * remove hardcoded SQL queries in tests
 5370 * Fix db\_version failed with wrong arguments
 5371 * Use config fixture
 5372 * Fix docstrings in federation related modules
 5373 * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd
 5374 * V3 xml responses should use v3 namespace
 5375 * trust creation allowed with empty roles list
 5376 * Fix test\_provider\_token\_expiration\_validation transient failure
 5377 * Fix include only enabled endpoints in catalog
 5378 * Add unit tests for disabled endpoints in catalog
 5379 
 5380 2014.1.b3
 5381 ---------
 5382 
 5383 * Update ADMIN\_TOKEN description in docs
 5384 * Mark revoke as experimental
 5385 * Import order is fixed
 5386 * Remove unused function from tests
 5387 * Add OS-OAUTH1 to consumers links section
 5388 * Don't need session.flush in context managed by session
 5389 * Imported Translations from Transifex
 5390 * allow create credential with the system admin token
 5391 * Stop gating on up-to-date sample config file
 5392 * Always include 'enabled' field in endpoint response
 5393 * Add the last of the outstanding helpstrings to config
 5394 * Token Revocation Extension
 5395 * Remove vim headers
 5396 * Removes use of timeutils.set\_time\_override
 5397 * drop key distribution from icehouse
 5398 * Limited use trusts
 5399 * Update curl api example to specify tenant
 5400 * Update Oslo wiki link in README
 5401 * Properly configure OS-EP-FILTER test backend
 5402 * Add tests for endpoint enabled
 5403 * Remove the un-used and non-maintained PAM identity backend
 5404 * Remove paste\_deploy from test\_overrides.conf
 5405 * SQLAlchemy Change to support more strict dialect checking
 5406 * Remove "test-only" pam config options
 5407 * Imported Translations from Transifex
 5408 * Fix get project users when no user exists
 5409 * deprecate XML support in favor of JSON
 5410 * Lazy gettextutils behavior
 5411 * Fix the order of assertEqual arguments(keystoneclient, kvs, etc)
 5412 * Update Oslo wiki link in README
 5413 * Removes a redundant test
 5414 * Remove unused variable
 5415 * Implement V3 Specific Version of EC2 Contrib
 5416 * revocation\_list only call isotime on datetime objects
 5417 * Support authentication via SAML 2.0 assertions
 5418 * Fix table name typo in test\_sql\_upgrade
 5419 * Cleanup and add more config help strings
 5420 * Ensure v2 API only returns projects in the default domain
 5421 * Support for mongo as dogpile cache backend
 5422 * v3 endpoint create should require url
 5423 * Fix issue with DB upgrade to assignment table
 5424 * Remove duplicated cms file
 5425 * oauth1 extension migration fails with DB2
 5426 * Handle exception messages with six.text\_type
 5427 * Remove common.sql.migration
 5428 * Unimplemented error on V3 get token
 5429 * Updated from global requirements
 5430 * Replace assertEqual(None, \*) with assertIsNone in tests
 5431 * Fix keystone-manage db\_version
 5432 * Fix assertEqual arguments order(\_ldap\_tls\_livetest, backend\_kvs, etc)
 5433 * Fix assertEqual arguments order(backend\_ldap, cache, v3\_protection)
 5434 * Fix the order of assertEqual arguments(v3\_auth, v3\_identity)
 5435 * Move \_BaseController to common/controllers.py
 5436 * Remove oslo rpc
 5437 * Fix webob.exc.HTTPForbidden parameter miss
 5438 * Remove redundant default value None for dict.get
 5439 * Remove oslo notifier
 5440 * Uses the venv virtualenv for the pep8 command
 5441 * Sync db.exception from Oslo
 5442 * Update oslo-incubator log.py to a01f79c
 5443 * Update man pages
 5444 * Add tests for create grant when no group
 5445 * Add tests for create grant when no user
 5446 * Correct a docstring in keystone.common.config
 5447 * Enable pep8 test against auto-generated configuration
 5448 * Update config options with helpstrings and generate sample
 5449 * Keystone doc has wrong keystone-manage command
 5450 * Fix assertEqual arguments order
 5451 * strengthen assertion for unscoped tokens
 5452 * Remove sql.Base
 5453 * Always hash passwords on their way into the DB
 5454 * bad config user\_enable\_emulation in mask test
 5455 * Convert Token Memcache backend to new KeyValueStore Impl
 5456 * Implement mechanism to provide non-expiring keys in KVS
 5457 * Rationalize the Assignment Grant Tables
 5458 * Add version routes to KDS
 5459 * Keystone team uses #openstack-keystone now
 5460 * Adds model mixin for {to,from}\_dict functionality
 5461 * Adds Cloud Audit (CADF) Support for keystone authentication
 5462 * Use class attribute to represent 'project'
 5463 * Switch over to oslosphinx
 5464 * Replace notifier with oslo.messaging
 5465 * Clean StatsController unnecesary members
 5466 * Use global to represent OS-TRUST:trust
 5467 * Additional notifications for revocations
 5468 * add policy entries for /v3/regions
 5469 * Use Oslo.db migration
 5470 * \`find\_migrate\_repo\` improvement
 5471 * Variable 'domain\_ref' referenced before assignment
 5472 * Cleanup Dogpile KVS Memcache backend support
 5473 * Fix test\_provider\_token\_expiration\_validation transient failure
 5474 * Restructure KDS options to be more like Keystone's options
 5475 * Setup code for auto-config sample generation
 5476 * Correct \`find\_migrate\_repo\` usage
 5477 * Make live LDAP user DN match the default from devstack
 5478 * Set sensible default for keystone's paste
 5479 * Treat sphinx warnings as errors
 5480 * Use WebOb directly in ec2\_token middleware
 5481 * Add lockfile and kombu as requirements for keystone
 5482 * Move filter\_limit\_query out of sql.Base
 5483 * List trusts, incorrect self link
 5484 * LDAP: document enabled\_emulation
 5485 * Remove s3\_token functional tests
 5486 * Provide clearer error when deleting enabled domain
 5487 * Remove copyright from empty files
 5488 * Syncing policy engine from oslo-incubator
 5489 * Rename Openstack to OpenStack
 5490 * Refactor get role for trust
 5491 * KDS fix documented exception
 5492 * Cleanup oauth tests
 5493 * Correctly normalize consumer fields on update
 5494 * Add tests for oauth consumer normalize fields
 5495 * Adds a fixture for setting up the cache
 5496 * Clean up database fixtures
 5497 * Fixes bug in exception message generation
 5498 * reverse my preferred mailmap
 5499 * Notifications upon disable
 5500 * Move identity logic from controller to manager
 5501 * Changing testcase name to match our terminology
 5502 * Allow specifying region ID when creating region
 5503 * explicitly expect hints in the @truncated signature
 5504 * list limit doc cleanup
 5505 * Correct error class in find\_migrate\_repo
 5506 * Remove unnecessary check to see if trustee exists
 5507 * Enforce current certificate retrieval behaviour
 5508 * Use WebOb directly for locale testing
 5509 * Cleanup KDS doc build errors
 5510 * Adds rule processing for mapping
 5511 * Add in functionality to set key\_mangler on dogpile backends
 5512 * Fix indentation issue
 5513 * Cleanup invalid token exception text
 5514 * Limit calls to memcache backend as user token index increases in size
 5515 * Style the code examples in docs as python
 5516 * Fixes a misspelling
 5517 * Doc - Keystone configuration - moving RBAC section
 5518 * Doc - Detailing  objects' attributes available for policy.json
 5519 * Do not use auth\_info objects for accessing the API
 5520 * Remove unused method \_get\_domain\_id\_from\_auth
 5521 * Remove unused method \_get\_domain\_conf
 5522 * Remove unused method \_store\_protocol
 5523 * Remove tox locale overrides
 5524 * Remove unused methods from AuthInfo
 5525 * Remove unused method \_create\_metadata
 5526 * Add test for list project users when no user
 5527 * Fix assignment KVS backend to not use identity
 5528 * Update kvs assignment backend docs
 5529 * Don't skip tests for some bugs
 5530 * Update oslo-incubator fixture to 81c478
 5531 * Remove vim header
 5532 * revise example extension directory structure
 5533 * Deprecate s3\_token middleware
 5534 * Update requirements to 661e6
 5535 * Implement list limiting support in driver backends
 5536 * Fix misspellings in keystone
 5537 * Removes use of fake\_notify and fixes notify test
 5538 * Remove host from per notification options
 5539 * Document priority level on Keystone notifications
 5540 * Remove default\_notification\_level from conf
 5541 * Mock sys.exit in testing
 5542 * Remove auth\_token middleware doc
 5543 * Move v3\_to\_v2\_user from manager to controller
 5544 * Update db.sqlalchemy.session from oslo-incubator 018138
 5545 * Adds tcp\_keepalive and tcp\_keepidle config options
 5546 * Ensure mapping rule has only local and remote properties
 5547 * clean up keystone-manage man page
 5548 * Refactor tests move assertValidErrorResponse
 5549 * fix grammar error in keystone-manage.rst
 5550 * Add rules to be a required field for mapping schema
 5551 * Cleanup docstrings
 5552 * Do not call deprecated functions
 5553 * Removes useless string
 5554 * Removes duplicate key from test fixtures
 5555 * Fixes a Python3 syntax error using raise
 5556 * Uses six.text\_type instead of unicode
 5557 * Uses six.iteritems for Python3 compat
 5558 * Add tests to ensure additional remote properties are not validated
 5559 * Removes xrange for Python3 compat
 5560 * Cleanup sample config
 5561 * Change 'oauth\_extension' to 'oauth1\_extension'
 5562 * Modified keystone endpoint-create default region
 5563 * Load the federation manager
 5564 * Fix indentation errors found by Pep8 1.4.6+
 5565 * Mark strings for translation in ldap backends
 5566 * Remove unused variable assignment
 5567 * Sync oslo's policy module
 5568 * Replace urllib/urlparse with six.moves.\*
 5569 * Change Continuous Integration Project link
 5570 * Remove legacy diablo and essex test cruft
 5571 * Refactor Auth plugin configuration options
 5572 * Use self.opt\_in\_group overrides
 5573 * Federation IdentityProvider filter fields on update response
 5574 * Remove unnecessary test methods
 5575 * Refactor federation controller class hierarchy
 5576 * Refactor mutable parameter handling
 5577 * Avoid use of str() with exceptions
 5578 * Use message when creating Unauthorized exception
 5579 * Make error strings translatable
 5580 * Enhancing tests to check project deletion in Active Directory
 5581 * Add required properties field to rules schema
 5582 * Fix assignment to not require user or group existence
 5583 * deprecate access log middleware
 5584 * remove access log middleware from the default paste pipeline
 5585 * deprecate v2.0 API in multiple choice response
 5586 * cleaned up extension development docs
 5587 * Add a docstring and rename mapping tests
 5588 * Remove versionId, versionInfo, versionList from examples
 5589 * Tests initialize database
 5590 * Don't set default for a nullable column
 5591 * Remove autoincrement from String column
 5592 * Fix docstrings in federation controller
 5593 * Change assertTrue(isinstance()) by optimal assert
 5594 * sync oslo-incubator log.py
 5595 * turn off eventlet.wsgi debug
 5596 * Make boolean query filter "False" argument work
 5597 * Fix list\_projects\_for\_endpoint failed bug
 5598 * Introduce database functionality into KDS
 5599 * Update the default\_log\_levels defaults
 5600 * Correct sample config default log levels
 5601 * deprecate stats middleware
 5602 * Use passed filter dict param in core sql filtering
 5603 * Fix federation documentation reference
 5604 * build auth context from middleware
 5605 * correct the document links in man documents
 5606 * Use six.text\_type to replace unicode
 5607 * Don't mask the filter built-in
 5608 * Move sql.Base.transaction
 5609 * Remove sql.Base.get\_session
 5610 * renamed extensions development doc
 5611 * Implement filter support in driver backends
 5612 * append extension name to trust notifications
 5613 * Allow event callback registration for arbitrary resource types
 5614 * Fix test\_auth isolation
 5615 * Policy sample - Identity v3 resources management
 5616 * Tests use setUp rather than init
 5617 * Improve forbidden checks
 5618 * Tests remove useless config list cleanup code
 5619 * use assertEqual instead of assertIs for string comparison
 5620 * Don't configure on import
 5621 * Fix reading cache-time before configured
 5622 * Cleanup eventlet setup
 5623 * Remove unused variables from common.config
 5624 * Reference dogpile.cache.memcached backend properly
 5625 * Unify StringIO usage with six.StringIO
 5626 * Fix typos in documents and comments
 5627 * Sync oslo strutils.py
 5628 * Use six.string\_types instead of basestring
 5629 
 5630 2014.1.b2
 5631 ---------
 5632 
 5633 * Use six to make dict work in Python 2 and Python 3
 5634 * initialize environment for tests that call popen
 5635 * Don't duplicate the existing config file list
 5636 * Implement notifications for trusts
 5637 * Remove kwargs from trust\_api.create\_trust
 5638 * Fixup incorrect comment
 5639 * Simple Certificate Extension
 5640 * Add mapping function to keystone
 5641 * Switch from 400 to 403 on ImmutableAttributeError
 5642 * Identity Providers CRUD operations
 5643 * Move KDS paths file
 5644 * Update comments in test\_v3\_protection.py
 5645 * description is wrong in endpoint filter rst doc
 5646 * Drop unsused "extras" dependency
 5647 * LDAP Assignment does not support grant v3 API
 5648 * Adds run\_tests.sh cli option to stop on failure
 5649 * Removes option to delete test DB from run\_tests.sh
 5650 * Removes deprecation warning from run\_tests.sh
 5651 * v3 credentials, ensure blob response is json
 5652 * Store ec2 credentials blob as json
 5653 * remove unused LOG
 5654 * Store trust\_id for v3/credentials ec2 keypairs
 5655 * Refactor context trust\_id check to wsgi.Application base class
 5656 * Implementation of internal notification callbacks within Keystone
 5657 * Replacing python-oauth2 by oauthlib
 5658 * Fix using non-default default\_domain\_id
 5659 * Enhance auth tests for non-default default\_domain\_id
 5660 * KVS support domain as namespace for users
 5661 * Remove unused member from KVS assignment
 5662 * Enhance tests for non-default default\_domain\_id
 5663 * rename templated.TemplatedCatalog to templated.Catalog
 5664 * Sync with global requirements
 5665 * Implements regions resource in 3.2 Catalog API
 5666 * Reduces memory utilization during test runs
 5667 * reduce default token duration to one hour
 5668 * Document running with pdb
 5669 * Restructure developing.rst
 5670 * Enable lazy translation
 5671 * Sync gettextutils from oslo-incubator 997ab277
 5672 * derive custom exceptions directly from Exception
 5673 * Do not append to messages with +
 5674 * Convert Token KVS backend to new KeyValueStore Impl
 5675 * Fix sample config external default doc
 5676 * Documentation cleanup
 5677 * Make common log import consistent
 5678 * Remove unused variables
 5679 * Safe command handling for openssl
 5680 * Fix external auth (REMOTE\_USER) plugin support
 5681 * Cleanup test\_no\_admin\_token\_auth cleanup code
 5682 * Subclasses of TestCase don't need to reset conf
 5683 * Cleanup test\_associate\_project\_endpoint\_extension
 5684 * Tests use cleanUp rather than tearDown
 5685 * Remove netifaces requirement
 5686 * Clean up fakeldap logging
 5687 * Resolve oauth dependency after paste pipeline is loaded
 5688 * Change ListOpt default value from str or None to list
 5689 * Sync oslo-incubator rpc	module
 5690 * Cleanup from business logic refactor
 5691 * Introduce basic Pecan/WSME framework for KDS
 5692 * Don't need session.flush in context managed by session
 5693 * races cause 404 when removing user from project
 5694 * initialize eventlet for tests
 5695 * Flush tokens in batches with DB2
 5696 * Remove unnecessary line in test\_auth
 5697 * Clean up docstrings in contrib.oauth1.core
 5698 * Remove unused test function
 5699 * Remove 'disable user' logic from \_delete\_domain\_contents
 5700 * Break dependency of base V3Controller on V2Controller
 5701 * Move deletion business logic out of controllers
 5702 * Do not update password when updating grants in Assignment KVS
 5703 * Cleanup of new credential\_api delete methods
 5704 * Enhance list\_group\_users in GroupApi
 5705 * Remove noop code
 5706 * Remove unused imports
 5707 * Fix typo in test
 5708 * Fix IPv6 check
 5709 * Remove unused code in contrib/ec2/controllers.py
 5710 * Fix use the fact that empty sequences are false
 5711 * Imported Translations from Transifex
 5712 * Synchronized with oslo db and db.sqlalchemy
 5713 * Fix variable passed to driver module
 5714 * Updated Keystone development install instructions for Ubuntu
 5715 * Stops file descriptor leaking in tests
 5716 * Re-write comment for ADMIN\_TOKEN
 5717 * Reduced parameters not used in \_populate\_user()
 5718 * Sync several modules from oslo-incubator
 5719 * Use oslo.db sessions
 5720 * Switch to oslo-incubator mask\_password
 5721 * Replace xrange in for loop with range
 5722 * Move Assignment Controllers and Routers to be First Class
 5723 * Remove Identity and Assignment controller interdependancies
 5724 * Policy based domain isolation can't be defined
 5725 * Moves keystoneclient master tests in a new class
 5726 * Makes the test git checkout info more declaritive
 5727 * trustee unable to perform role based operations on trust
 5728 * Cleanup backend loading
 5729 * Uses oslo's deprecated decorator; removes ours
 5730 * Move endpoint\_filter extension documentation
 5731 * Refactor setup\_logging
 5732 * Fixes documentation building
 5733 * Create user returns 400 without a password
 5734 * Fixes the v2 GET /extensions curl example in the documentation
 5735 * Add assertSetEqual to base test class
 5736 * Base Implementation of KVS Dogpile Refactor
 5737 * Sync db.sqlalchemy from oslo-incubator
 5738 * Fix errors for create\_endpoint api in version2
 5739 * Fix issues handling trust tokens via ec2tokens API
 5740 * Fix typo in identity:list\_role\_assignments policy
 5741 * Debug env for tox
 5742 * Updated from global requirements
 5743 * Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2
 5744 * Add ABCMeta metaclass to token provider
 5745 * token provider cleanup
 5746 * Sync versionutils from oslo
 5747 * Cleanup duplication in test\_backend
 5748 * replace "global" roles var names with "all" roles
 5749 * Remove unused token.valid index
 5750 * Narrow columns used in list\_revoked\_tokens sql
 5751 * Remove roles from OS-TRUST list responses
 5752 * Remove deprecated code
 5753 * Sync rpc fix from oslo-incubator
 5754 * Don't run non-tests
 5755 * Formalize deprecation of token\_api.list\_tokens
 5756 * Add index to cover revoked token list
 5757 
 5758 2014.1.b1
 5759 ---------
 5760 
 5761 * Refactor assertEqualXML into a testtools matcher
 5762 * Adds support for username to match the v2 spec
 5763 * One transaction per call to sql assignment backend
 5764 * Allow caching to be disabled and tests still pass
 5765 * Sync From OSLO
 5766 * Updated from global requirements
 5767 * Revert "Return a descriptive error message for controllers"
 5768 * Adds a resource for changing a user's password
 5769 * Deprecates V2 controllers
 5770 * Updates .gitignore
 5771 * Ensure the sample policy file won't diverge
 5772 * Add pycrypto as a test-requirement
 5773 * Imported Translations from Transifex
 5774 * Fix typo in keystone
 5775 * Added documentation to keystone.common.dependency
 5776 * Make HACKING.rst DRYer
 5777 * Allow downgrade for extensions
 5778 * Try decoding string to UTF-8 on error message fail
 5779 * Import strutils from oslo
 5780 * Capture debug logging in tests
 5781 * Easy testing with alternate keystoneclient
 5782 * Sync log\_handler module from Oslo
 5783 * refactor test\_catalog
 5784 * PasteConfigNotFound also raised when keystone.conf not found
 5785 * Style improvements to logging format strings
 5786 * Sync the DB2 communication error code change from olso
 5787 * Skip test\_arbitrary\_attributes\_\* in \_ldap\_livetest
 5788 * Add documentation for Read Only LDAP configuration option
 5789 * Remove deprecated auth\_token middleware
 5790 * Role NoneType object has no attribute setdefault
 5791 * Utilites for manipulating base64 & PEM
 5792 * Add memcache options to sample config
 5793 * UUID vs PKI docs
 5794 * RST fix for os\_inherit example
 5795 * Rewrites the serveapp method into a fixture
 5796 * Allow use of rules Policy driver
 5797 * Return a descriptive error message for controllers
 5798 * Proxy Assignment from Identity Deprecated
 5799 * Remove obsolete redhat-eventlet.patch
 5800 * AuthInfo use dependency injection
 5801 * Issue unscoped token if user's default project is invalid
 5802 * Detangle v3 RestfulTestCase setup
 5803 * Do not name variables as builtins
 5804 * Updated from global requirements
 5805 * Removes unused paste appserver instances from tests
 5806 * Add WSGI environment to context
 5807 * trusts raise validation error if expires\_at is invalid
 5808 * Fix newly discovered H302
 5809 * test attribute update edge cases
 5810 * Return an error when a non-existing tenant is added to a user
 5811 * use different bind addresses for admin and public
 5812 * Sync log module from oslo
 5813 * Change deprecated CLI arguments
 5814 * UserAuthInfo use dependency injection
 5815 * fix unparseable JSON
 5816 * Duplicate delete the user\_project\_metadata
 5817 * Skip test\_create\_update\_delete\_unicode\_project in \_ldap\_livetest
 5818 * don't rebind stdlib's os.chdir function
 5819 * Dependency cleanup
 5820 * Moves common RestfulTestCase to it's own module
 5821 * proxy removed from identity and changed to assignment
 5822 * Uses fixtures for mox and stubs
 5823 * Adds fixture package from oslo
 5824 * Fix KVS create\_grant to not raise NotFound if no user/group
 5825 * Enhance tests for assignment create\_grant when no user or group
 5826 * Clean up duplicate exceptions in docs for assignment.Driver
 5827 * Remove obsolete driver test module
 5828 * Change sample policy files to use policy language
 5829 * Documentation on how-to develop Keystone Extensions
 5830 * Allow delete user or group at same time as role
 5831 * Enhance tests for delete\_grant no user/group
 5832 * Fix issue deleting ec2-credentials as non-admin user
 5833 * Remove duplicated code on test\_v3\_auth
 5834 * Removes NoModule from the base testcase
 5835 * Fixes tox coverage command
 5836 * Update mailmap for Joe Gordon
 5837 * Add WWW-Authenticate header in 401 responses
 5838 * Use abstract base class for endpoint\_filter driver
 5839 * Use abstract base class for oauth driver
 5840 * Use abstract base class for policy driver
 5841 * Use abstract base class for token driver
 5842 * Document tox instead of run\_tests.sh
 5843 * Update my mailmap
 5844 * remove 8888 port in sample\_data.sh
 5845 * Adds decorator to deprecate functions and methods
 5846 * Move fakeldap to tests
 5847 * Fix remove role assignment adds role using LDAP assignment
 5848 * Enhance tests for deleting a role not assigned
 5849 * Implementation of opt-out from catalog data during token validation
 5850 * Add external.Base class to external plugins
 5851 * Add notifications for groups and roles
 5852 * add IRC channel & wiki link to README
 5853 * Add python-six to requirements
 5854 * Fix v2 token user ref with trust impersonation=True
 5855 * Changes to testr as the test runner
 5856 * Fixes error messaging
 5857 * Handle unicode at the caching layer more elegantly
 5858 * set user\_update policy to admin\_required
 5859 * Remove unused DEFAULT\_DOMAIN variable
 5860 * Remove unused config option auth\_admin\_prefix
 5861 * Remove unused member
 5862 * Adds tests for user extra attribute behavior
 5863 * Adds identity v2 tests to show extra behavior
 5864 * Treats OS-KSADM:password as password in v2 APIs
 5865 * Adds more uniformity to identity update\_user calls
 5866 * Don't use default value in LimitingReader
 5867 * Use abstract base class for auth handler
 5868 * Use abstract base class for catalog driver
 5869 * Use abstract base class for credential driver
 5870 * Use abstract base class for assignment driver
 5871 * Use abstract base class for trust driver
 5872 * Use abstract base class for identity driver
 5873 * remove the nova dependency in the ec2\_token middleware
 5874 * Catch the socket exception and log it
 5875 * Fixes broken doc references
 5876 * Sync db.sqlalchemy
 5877 * Handle DB2 disconnect
 5878 * Fix mysql checkout handler AttributeError
 5879 * Disable lazy gettext
 5880 
 5881 2013.2.rc1
 5882 ----------
 5883 
 5884 * Open Icehouse development
 5885 * Imported Translations from Transifex
 5886 * Sync with global requirements
 5887 * Add tests dir to the coverage omit list
 5888 * Update tox config
 5889 * Close the cursor for SQLite for 034 upgrade/downgrade on select
 5890 * Imports oslo policy to fix test issues
 5891 * Fixes errors logging in as a user with no password
 5892 * Fix live LDAP tests
 5893 * Eliminate type error on search\_s
 5894 * Fix error when create user with LDAP backend
 5895 * assertEquals is deprecated, use assertEqual (H602)
 5896 * Validate token calls return 404 on invalid tokens
 5897 * Protect oauth controller calls and update policy.json
 5898 * Fix updating attributes with ldap backend
 5899 * sync oslo policy
 5900 * Changes v1.1 to v2 for Compute endpoint in sample\_data.sh
 5901 * Update man pages
 5902 * Update man page version
 5903 * Sync gettextutils from oslo
 5904 * only run flake8 once (bug 1223023)
 5905 * upgrade to oslo.config 1.2 final
 5906 * Add user to project if project ID is changed
 5907 * Ensure any relevant tokens are revoked when a role is deleted
 5908 * Check token\_format for default token providers only
 5909 * Modify oauth1 tests to use generated keystone token in a call
 5910 * Test for backend case sensitivity
 5911 * Remove ldap identity domain attribute options
 5912 * Cleanup of tenantId, tenant\_id, and default\_project\_id
 5913 * Add extra test coverage for unscoped token invalidation
 5914 * Monkey patch select in environment
 5915 * Rewrite README.rst
 5916 * Enclose command args in with\_venv.sh
 5917 * check for domain existence before doing any ID work
 5918 * Ensure v2 tokens are correctly invalidated when using BelongsTo
 5919 * Sync gettextutils from oslo
 5920 * Use localisation for logged warnings
 5921 * Fix misused assertTrue in unit tests
 5922 * oauth using optional dependencies
 5923 * Rationalize list\_user\_projects and get\_projects\_for\_user
 5924 * Optional dependency injection
 5925 * Include new notification options in sample config
 5926 * fix rst syntax in database schema migrations docs
 5927 * Ignore H803 from Hacking
 5928 * Test upgrade migration 16->17
 5929 * test token revocation list API (bug 1202952)
 5930 * Imported Translations from Transifex
 5931 * gate on H304: no relative imports
 5932 * Move gettextutils installation in tests to core
 5933 * Cleanup tests imports so not relative
 5934 * Tests use "from keystone import tests"
 5935 * Reduce churn of cache on revocation\_list
 5936 * domain-specific drivers experimental in havana
 5937 * Fixes for user response with LDAP user\_enabled\_mask
 5938 * Close each LDAP connection after it is used, following python-ldap docs
 5939 * Remove CA key password from cert setup
 5940 * Import core.\* in keystone.tests
 5941 * Fix incorrect test for list\_users
 5942 * Changed header from LLC to Foundation based on trademark policies
 5943 * Changes template header for translation catalogs
 5944 * Support timezone in memcached token backend
 5945 
 5946 2013.2.b3
 5947 ---------
 5948 
 5949 * Imported Translations from Transifex
 5950 * Move CA key from certs directory to private directory
 5951 * OAuth authorizing user should propose roles to delegate
 5952 * Need to use \_() to handle i18n string messages
 5953 * Fix the code miss to show the correct error messages
 5954 * Move \_generate\_paste\_config to tests.core
 5955 * add 'project' notifications to docs
 5956 * Implement basic caching around assignment CRUD
 5957 * Update keystone wsgi httpd script for oslo logging
 5958 * Utilities to create directores, set ownership & permissions
 5959 * Modify default file/directory permissions
 5960 * Add a oauth1-configuration.rst and extension section to docs
 5961 * Update keystone-all man page
 5962 * Cleanup cache layer tests
 5963 * Implement caching for Tokens and Token Validation
 5964 * Document usage notifications
 5965 * Imported Translations from Transifex
 5966 * Remove kvs backend from oauth1 extension
 5967 * Use joins instead of multiple lookups in groups sql
 5968 * Add project CRUD to assignment\_api Manager
 5969 * Add Memory Isolating Cache Proxy
 5970 * Enable SQL tests for oauth
 5971 * Implement decorator-based notifications for users
 5972 * Use common db model class from Oslo
 5973 * Add common code from Oslo for work with database
 5974 * Use testtools as base test class
 5975 * Bump hacking to 0.7
 5976 * Removes KVS references from the documentation
 5977 * Add notifications module
 5978 * Drop support for diablo to essex migrations
 5979 * Add 'cn' to attribute\_list for enabled\_users/tenants query
 5980 * Implement API protection on target entities
 5981 * Refactor Token Provider to be aware of expired tokens
 5982 * Implement Caching for Token Revocation List
 5983 * Keystone Caching Layer for Manager Calls
 5984 * Create associations between projects and endpoints
 5985 * Fixes a link in the documentation
 5986 * Use correct filename for index & serial file when setting permissions
 5987 * remove flake8 option from run\_tests.sh
 5988 * Fix role lookup for Active Directory
 5989 * Clean up keystone-manage man page
 5990 * change oauth.consumer description into nullable
 5991 * Use system locale when Accept-Language header is not provided
 5992 * Fix translate static messages in response
 5993 * Migrating ec2 credentials to credential
 5994 * Fix error where consumer is not deleted from sql
 5995 * add foreign key constraint on oauth tables
 5996 * Remove a useless arg in range()
 5997 * Remove enumerate calls
 5998 * filter in ldap list\_groups\_for\_user
 5999 * Delete file TODO
 6000 * use provider to validate tokens
 6001 * Fix isEnabledFor for compatibility with logging
 6002 * Ensure username passed by REMOTE\_USER can contain '@'
 6003 * fix the default values for token and password auth
 6004 * Remove an enumerate call
 6005 * Add defense in ldap:get\_roles\_for\_user\_and\_project
 6006 * remove unused function
 6007 * Remove Keystone specific logging module
 6008 * remove refs to keystone.common.logging
 6009 * Remove User Check from Assignments
 6010 * Refactor Token Providers for better version interfaces
 6011 * Remove kwargs from manager calls / general cleanup
 6012 * Store hash of access as primary key for ec2 type
 6013 * Add delegated\_auth support for keystone
 6014 * Fix LDAP Identity get user with user\_enabled\_mask
 6015 * Fix LDAP Identity with non-zero user\_enabled\_default
 6016 * More validation in test\_user\_enable\_attribute\_mask
 6017 * Add test test\_deleting\_project\_delete\_grants
 6018 * Cleaned up a few old crufties from README
 6019 * Clean hacking errors in advance of hacking update
 6020 * Add unit test to check non-string password support
 6021 * Assignment to reserved built-in symbol: filter
 6022 * Implement domain specific Identity backends
 6023 * Increase length of username in DB
 6024 * Cleaned up pluggable auth docs
 6025 * Fix test\_user\_enable\_attribute\_mask so it actually tests
 6026 * Do not skip test\_user\_enable\_attribute\_mask in \_ldap\_livetest
 6027 * Skip test\_create\_unicode\_user\_name in \_ldap\_livetest
 6028 * Refactor Keystone to use unified logging from Oslo
 6029 * Revoke user tokens when disabling/delete a project
 6030 * Move affirm\_unique() in create() to BaseLdap
 6031 * Move some logic from update() to BaseLdap
 6032 * Add support for API message localization
 6033 * Remove unused import
 6034 * Assignment to reserved built-in symbol: dir
 6035 * Move 'tests' directory into 'keystone' package
 6036 * Initial implementation of unified-logging
 6037 * Sync notifier module from Oslo
 6038 * Move Babel dependency from test-req to req
 6039 * Ignore flake issues in build/ directory
 6040 * update usage in run\_test.sh for flake8
 6041 * Drop extra credential indexes
 6042 * Sync models with migrations
 6043 * Add memcache to httpd doc
 6044 * Sync unified logging solution from Oslo
 6045 * Configurable max password length (bug 1175906)
 6046 * Fix select n+1 issue in keystone catalog
 6047 * Make pki\_setup work with OpenSSL 0.9.x
 6048 * extension migrations
 6049 * Create default role on demand
 6050 * Set wsgi startup log level to INFO
 6051 * Abstract out attribute\_ignore assigning in LDAP driver
 6052 * Abstract out attribute\_mapping filling in LDAP driver
 6053 * Imported Translations from Transifex
 6054 * remove swift dependency of s3 middleware
 6055 * Raise max header size to accommodate large tokens
 6056 * Clean up use of token\_provider manager in tests
 6057 * add OS-TRUST to links
 6058 * Run test\_mask\_password once
 6059 * Remove kwargs from manager calls where not needed
 6060 * V3 API need to check mandatory field when creating resources
 6061 * Use dependency injection for assignment and identity
 6062 * Handle circular dependencies
 6063 * Clear out the dependency registry between tests
 6064 * .gitignore eggs
 6065 * Handle json data when migrating role metadata
 6066 * Sync DB models and migrations in keystone.assignment.backends.sql
 6067 * Remove passwords from LDAP queries
 6068 * use 'exc\_info=True' instead of import traceback
 6069 * Fix typo: Tenents -> Tenants
 6070 * Use keystone.wsgi.Request for RequestClass
 6071 * Update references with new Mailing List location
 6072 * Scipped tests don't render as ERROR's
 6073 * Implement exception module i18n support
 6074 * Remove vestiges of Assignments from LDAP Identity Backend
 6075 * Load backends before deploy app in client tests
 6076 * default token format/provider handling
 6077 * Fixing broken credential schema in sqlite
 6078 * Use assignment\_api rather than assignment
 6079 * Deprecate kvs token backend
 6080 * Ec2 credentials table not created during testing
 6081 * Correct Spelling Mistake
 6082 * Remove an enumerate call
 6083 * Load app before loading legacy client in tests
 6084 * Add [assignment].driver to sample config
 6085 * Deprecation warning for [signing] token\_format
 6086 * Support token\_format for backward compatibility
 6087 * sql.Driver:authenticate() signatures should match
 6088 * update requires to prevent version cap
 6089 * Return correct link for effective group roles in GET /role\_assignments
 6090 * Implement Token Binding
 6091 * Implemented token creation without catalog response
 6092 * Fix XML rendering with empty auth payload
 6093 * Pluggable Remote User
 6094 * grammar fixes in error messages
 6095 * Implement role assignment inheritance (OS-INHERIT extension)
 6096 * Implements Pluggable V2 Token Provider
 6097 * Register Extensions
 6098 * Implements Pluggable V3 Token Provider
 6099 * Mixed LDAP/SQL Backend
 6100 * Clear cached engine when global engine changes
 6101 * python3: Introduce py33 to tox.ini
 6102 * Add version so that pre-release versioning works
 6103 * Sync-up crypto from oslo-incubator
 6104 * Add crypto dependency
 6105 * Imported Translations from Transifex
 6106 * Change domain component value to org from com
 6107 * Move temporary test files into tests/tmp
 6108 * Use InnoDB for MySQL
 6109 * Rationalize how we get roles after authentication in the controllers
 6110 * Python 3.x compatible use of print
 6111 * Regenerate example PKI after change of defaults
 6112 * assignment backend
 6113 * wsgi.BaseApplication and wsgi.Router factories should use \*\*kwargs
 6114 * Add unittest for keystone.identity.backends.sql Models
 6115 * Imported Translations from Transifex
 6116 * Do not create LDAP Domains sub tree
 6117 * Use oslo.sphinx and remove local copy of doc theme
 6118 * Move comments in front of dependencies
 6119 * Remove context from get\_token call in normalize\_domain\_id
 6120 * Fix issue with v3 tokens and group membership roles
 6121 * Sync install\_venv\_common from oslo
 6122 * Remove a useless arg in range()
 6123 * Remove an enumerate call
 6124 * Update paths to pem files in keystone.conf.sample
 6125 * Don't use deprecated BaseException.message
 6126 * Add callbacks for set\_global\_engine
 6127 * Work without admin\_token\_auth middleware
 6128 * Implement GET /role\_assignment API call
 6129 * rename quantum to neutron in docs
 6130 * Install locales for httpd
 6131 * DB2 migration support
 6132 * Use event.listen() instead of deprecated listeners kwarg
 6133 * Add 'application' to keystone.py for WSGI
 6134 * Remove hard tabs and trailing whitespace
 6135 * Manager instead of direct driver
 6136 * check for constraint before dropping
 6137 * Stop passing context to managers (bug 1194938)
 6138 * \`tox -ecover\` failure. Missing entry in tox.ini
 6139 * Clean up keystone-all.rst
 6140 * Fix up some trivial license mismatches
 6141 * Revert environment module usage in middleware
 6142 * LDAP list group users not fail if user entry deleted
 6143 * Do not raise NEW exceptions
 6144 * Move identity ldap backend from directory to file
 6145 * wsgi.Middleware factory should use \*\*kwargs
 6146 * Removing LDAP API Shim
 6147 * Consolidate admin\_or\_owner rule
 6148 * Isolate eventlet code into environment
 6149 * Set default 'ou' name for LDAP projects to Projects
 6150 * Imported Translations from Transifex
 6151 * Imported Translations from Transifex
 6152 * Move user fileds type check to identity.Manager
 6153 * Http 400 when project enabled is not a boolean
 6154 * Imported Translations from Transifex
 6155 * Correct the resolving api logic in stat middleware
 6156 * Remove a stat warning log
 6157 * Using sql as default driver for tokens
 6158 * Correct LDAP configuration doc
 6159 * Force simple Bind for authentication
 6160 * Initialize logging from HTTPD
 6161 * LDAP get\_project\_users should not return password
 6162 * Add checks to test if enabled is bool
 6163 * Fix link typo in Sphinx doc
 6164 * python WebOb dependency made unpinned
 6165 * Remove explicit distribute depend
 6166 * Version response compatible with Folsom
 6167 * Adds tests for XML version response
 6168 * Replace openstack-common with oslo in docs
 6169 * drop user and group constraints
 6170 * Correct the default name attribute for role
 6171 * Allow request headers access in app context
 6172 * Remove how to contribute section in favor of CONTRIBUTING.rst
 6173 * Fix token purging for memcache for user token index
 6174 * add ca\_key to sample configuration
 6175 * Commit transaction in migration
 6176 * Fix internal doc links (bug 1176211)
 6177 * Missing contraction: Its -> It's (bug 1176213)
 6178 * Pass on arguments on Base.get\_session
 6179 * Remove bufferedhttp
 6180 * Move coverage output dir for Jenkins
 6181 * Check schema when dropping constraints
 6182 * Import eventlet patch from oslo
 6183 * Raise key length defaults
 6184 * Base.get\_engine honor allow\_global\_engine=False
 6185 * run\_tests.sh should use flake8 (bug 1180609)
 6186 * Ignore the .update-venv directory
 6187 * Ignore conflict on v2 auto role assignment (bug 1161963)
 6188 * remove\_role\_from\_user\_and\_project affecting all users (bug 1170649)
 6189 * Maintain tokens after role assignments (bug 1170186)
 6190 * split authenticate call
 6191 * Add db\_version command to keystone-manage
 6192 * Live SQL migration tests
 6193 * Fix incorrect role assignment in migration
 6194 * typo in 'import pydev' statement
 6195 * Fixes a typo
 6196 * Imported Translations from Transifex
 6197 * Improve the performance of tokens deletion for user
 6198 * Revert "Set EVENTLET\_NO\_GREENDNS=yes in tox.ini."
 6199 * Disable eventlet monkey-patching of DNS
 6200 * Fix the debug statement
 6201 * Document size limits
 6202 * Add index on valid column of the SQL token Backend
 6203 * Add KEYSTONE\_LOCALEDIR env variable
 6204 * Add <version> arg to keystone-manage db\_sync
 6205 
 6206 2013.2.b1
 6207 ---------
 6208 
 6209 * Add index on expires column of the SQL token Backend
 6210 * fix error default policy for create\_project
 6211 * Require keystone-user/-group for pki\_setup
 6212 * Replace assertDictContainsSubset with stdlib ver
 6213 * separate paste-deploy configuration from parameters
 6214 * Add missing oslo module
 6215 * Convert openstack-common.conf to the nicer multiline format
 6216 *    Rename requires files to standard names
 6217 * Cleanup docstrings (flake8 H401, H402, H403, H404)
 6218 * imports not in alphabetical order (flake8 H306)
 6219 * import only modules (flake8 H302)
 6220 * one import per line (flake8 H301)
 6221 * eliminate 'except:' (flake8 H201)
 6222 * consistent i18n placeholders (flake8 H701, H702, H703)
 6223 * use the 'not in' operator (flake8 H902)
 6224 * Use TODO(NAME) (flake8 H101)
 6225 * Remove unnecessary commented out code
 6226 * Enumerate ignored flake8 H\* rules
 6227 * Migrate to pbr
 6228 * Remove unused variables (flake8 F841)
 6229 * Satisfy flake8 import rules F401 and F403
 6230 * Test 403 error title
 6231 * Imported Translations from Transifex
 6232 * Remove useless private method
 6233 * Consolidate eventlet code
 6234 * Use webtest for v2 and v3 API testing
 6235 * Add missing space to error msg
 6236 * Imported Translations from Transifex
 6237 * Read-only default domain for LDAP (bug 1168726)
 6238 * Add assertNotEmpty to tests and use it
 6239 * Implement Token Flush via keystone-manage
 6240 * get SQL refs from session (bp sql-query-get)
 6241 * extracting credentials
 6242 * Move auth\_token middleware from admin user to an RBAC policy
 6243 * Accept env variables to override default passwords
 6244 * Http 400 when user enabled is not a boolean
 6245 * Migrate to flake8
 6246 * Fix pyflakes and pep8 in prep for flake8
 6247 * Allow backend & client SQL tests on mysql and pg
 6248 * Revert "Disable eventlet monkey-patching of DNS"
 6249 * Set EVENTLET\_NO\_GREENDNS=yes in tox.ini
 6250 * Disable eventlet monkey-patching of DNS
 6251 * Revoke tokens on user delete (bug 1166670)
 6252 * A minor refactor in wsgi.py
 6253 * Skip IPv6 tests for eventlet dns
 6254 * LDAP list groups with missing member entry
 6255 * Fix 403 status response
 6256 * Remove unused CONF.pam.url
 6257 * Mark LDAP password and admin\_token secret
 6258 * HACKING LDAP
 6259 * Make migration tests postgres & mysql friendly
 6260 * Documentation about the initial configuration file and sample data
 6261 * Add rule for list\_groups\_for\_user in policy.json
 6262 * Test listing of tokens with a null tenant
 6263 * fix duplicate option error
 6264 * Delete extra dict in token controller
 6265 * What is this for?
 6266 * Removed unused imports
 6267 * Remove non-production middleware from sample pipelines
 6268 * Replace password to "\*\*\*" in the debug message
 6269 * Fixed logging usage instead of LOG
 6270 * Remove new constraint from migration downgrade
 6271 * Allow additional attribute mappings in ldap
 6272 * Enable unicode error message
 6273 * Sync with oslo-incubator copy of setup.py
 6274 * Set empty element to ""
 6275 * Fixed unicode username user creation error
 6276 * Fix token ids for memcached
 6277 * Use is\_enabled() in folsom->grizzly upgrade (bug 1167421)
 6278 * Generate HTTPS certificates with ssl\_setup
 6279 * Fix for configuring non-default auth plugins properly
 6280 * test duplicate name
 6281 * Add TLS Support for LDAP
 6282 * fix undefined variable
 6283 * clean up invalid variable reference
 6284 * Clean up duplicate methods
 6285 * stop using time.sleep in tests
 6286 * don't migrate as often
 6287 * use the openstack test runner
 6288 * Fix 401 status response
 6289 * Fix example in documentation
 6290 * Fix IBM copyright strings
 6291 * Share one engine for more than just sqlite in-memory
 6292 * Add missing colon for documentation build steps
 6293 * Mark sql connection with secret flag
 6294 
 6295 2013.1.rc2
 6296 ----------
 6297 
 6298 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6299 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6300 * close db migration session
 6301 * Use string for port in default endpoints (bug 1160573)
 6302 * keystone commands don't print any version information
 6303 * bug 1159888 broken links in rst doc
 6304 * use the roles in the token when recreating
 6305 * Sync with oslo-incubator
 6306 * Rename trust extension (bug 1158980)
 6307 * Rename trust extension
 6308 * keystone commands don't print any version information
 6309 * Imported Translations from Transifex
 6310 
 6311 2013.1.rc1
 6312 ----------
 6313 
 6314 * Add a dereference option for ldap
 6315 * Make versions aware of enabled pipelines
 6316 * Move trusts to extension
 6317 * Move trusts to extension
 6318 * Version bump to 2013.2
 6319 * Add a dereference option for ldap
 6320 * Allow trusts to be optional
 6321 * Enable emulation for domains
 6322 * Wrap config module and require manual setup (bug 1143998)
 6323 * Correct spacing in warning msg
 6324 * Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430)
 6325 * Properly handle emulated ldap enablement
 6326 * Support for LDAP groups (bug #1092187)
 6327 * Validate domains unconditionally (bug 1130236)
 6328 * Fix live ldap tests
 6329 * V2, V3 token intermix for unscoped tokens (bug 1156913)
 6330 * Pass project membership as dict in migration 015
 6331 * Ensure delete domain removes all owned entities
 6332 * Utilize legacy\_endpoint\_id column (bug 1154918)
 6333 * Test default\_project\_id scoping (bug 1023502)
 6334 * Fix XML handling of member links (bug 1156594)
 6335 * Discard null endpoints (bug 1152632)
 6336 * extracting user and trust ids into normalized fields
 6337 * No parent exception to wrap
 6338 * Remove duplicate password/token opts
 6339 * xml\_body returns backtrace on XMLSyntaxError
 6340 * duplicated trust tests
 6341 * Migrate roles from metadata to user\_project\_metadata
 6342 * Fixes bug 1151747: broken XML translation for resource collections
 6343 * Revise docs to use keystoneclient.middleware.auth\_token
 6344 * quiet route logging on skipped tests
 6345 * Ensure tokens are revoked for relevant v3 api calls
 6346 * Remove un-needed LimitingReader read() function
 6347 * Catch and log server exceptions
 6348 * Added test cases to improve LDAP project testing
 6349 * Switch to final 1.1.0 oslo.config release
 6350 * Filter out legacy\_endpoint\_id (bug 1152635)
 6351 * Improve tests for api protection and filtering
 6352 * add belongs\_to check
 6353 * Revert "update tests/\_\_init\_\_.py to verify openssl version"
 6354 * Revert "from tests import"
 6355 * Make Keystone return v3 as part of the version api
 6356 * Run keystone server in debug mode
 6357 * remove spurious roles check
 6358 * bug 1133526
 6359 * Fix folsom -> grizzly role table migration issues (bug 1119789)
 6360 * Delete tokens for user
 6361 * from tests import
 6362 * v3 endpoints won't have legacy ID's (bug 1150930)
 6363 * return 201 Created on POST request (bug1131119)
 6364 * add missing attributes for group/project tables (bug1126021)
 6365 * Remove unused methods from LDAP backed
 6366 * Move get\_by\_name to LdapBase
 6367 * fix typo in kvs backend
 6368 * mark 2.0 API as stable
 6369 * unable to load certificate should abort request
 6370 * Move auth plugins to 'keystone.auth.plugins' (bug 1136967)
 6371 * Change exception raised to Forbidden on trust\_id
 6372 * cleanup trusts in controllers
 6373 * remove unused import
 6374 * ports should be ints in config (bug 1137696)
 6375 * Expand v3 trust test coverage
 6376 * Trusts
 6377 * bug 1134802: fix inconsistent format for expires\_at and issued\_at
 6378 * Sync timeutils with oslo
 6379 * Straighten out NotFound raising in LDAP backend
 6380 * residual grants after delete action (bug1125637)
 6381 * Remove TODO that didn't land in grizzly
 6382 * Make getting user-domain roles backend independant
 6383 * Explain LDAP page\_size & default value
 6384 * Imported Translations from Transifex
 6385 * Enable a parameters on ldap to allow paged\_search of ldap queries This fixes bug 1083463
 6386 * update tests/\_\_init\_\_.py to verify openssl version
 6387 * command line switch for short pep8 output
 6388 * Convert api to controller
 6389 * bug 1131840: fix auth and token data for XML translation
 6390 * flatten payload for policy
 6391 * Unpin pam dependency version
 6392 * keystone : Use Ec2Signer utility class from keystoneclient
 6393 * Move handle\_conflicts decorator into sql
 6394 * domain\_id\_attributes in config.py have wrong default value
 6395 * Rework S3Token middleware tests
 6396 * Remove obsolete \*page[\_marker] methods from LDAP backend
 6397 * Setup logging in keystone-manage command
 6398 * Ensure keystone unittests do not leave CONF.policyfile in bad state
 6399 * catch errors in wsgi.Middleware
 6400 * Fix id\_to\_dn for creating objects
 6401 * Tests for domain-scoped tokens
 6402 * domain-scoping
 6403 * Pass query filter attributes to policy engine
 6404 * Removed redundant assertion
 6405 * v3 token API
 6406 * Update oslo-config version
 6407 * Correct SQL migration 017 column name
 6408 * merging in fix from oslo upstream
 6409 * enabled attribute emulation support
 6410 * Change the default LDAP mapping for description
 6411 * Ensure user and tenant enabled in EC2
 6412 * Disable XML entity parsing
 6413 * Remove old, outdated keystone devref docs
 6414 * Update the Keystone policy engine to the latest openstack common
 6415 * Implement name space for domains
 6416 * Update sample\_data.sh to match docs
 6417 * project membership to role conversion
 6418 * Remove test\_auth\_token\_middleware
 6419 * Workaround Migration issue with PostgreSQL
 6420 * make LDAP query scope configurable
 6421 * make fakeldap.\_match\_query work for an arbitrary number of groups
 6422 * Use oslo-config-2013.1b3
 6423 * Remove usage of UserRoleAssociation.id in LDAP
 6424 * Add an update option to run\_tests.sh
 6425 * Add pysqlite as explicit test dep
 6426 * fix unit test when memcache middleware is not configured
 6427 * add missing kvs functionality (bug1119770)
 6428 * Update to oslo version code
 6429 * adding additional backend tests (bug1101244)
 6430 * Fix spelling mistakes
 6431 * Cleaned up keystone-all --help output
 6432 * Keystone backend preparation for domain-scoping
 6433 * Use install\_venv\_common.py from oslo
 6434 * Spell accommodate correctly
 6435 * Missed import for IPv6 tests skip
 6436 * Add missing log\_format, log\_file, log\_dir opts
 6437 * Fix normalize identity sql ugrade for Mysql and postgresql
 6438 * remove duplicate model declaration/attribution
 6439 * simplify query building logic
 6440 * Fix test\_contrib\_s3\_core unit test
 6441 * Expand dependency injection test coverage
 6442 * remove unneeded config reloading (it's already done during setUp)
 6443 * allow unauthenticated connections to an LDAP server
 6444 * Relational API links
 6445 * return 400 Bad Request if invalid params supplied (bug1061738)
 6446 * UserApi.update not to require all fields in arg
 6447 * Tenant update on LDAP breaks if there is no update to apply
 6448 * Query only attributes strictly required for keystone when using it with existing LDAP servers
 6449 * Update .coveragerc
 6450 * Add size validations to token controller
 6451 * add check for config-dir parameter (bug1101129)
 6452 * Silence routes internal debug logging
 6453 * Imported Translations from Transifex
 6454 * Delete Roles for User and Project LDAP
 6455 * Why .pop()'ing urls first is important
 6456 * don't create a new, copied list in get\_project\_users
 6457 * Fixes 'not in' operator usage
 6458 * Add --keystone-user/group to keystone-manage pki\_setup
 6459 * Adds png versions of all svg image files. Changes reference
 6460 * Updates migration 008 to work on PostgreSQL
 6461 * Create a default domain (bp default-domain)
 6462 * Generate apache-style common access logs
 6463 * import tools/flakes from oslo
 6464 * tenant to project in the apis
 6465 * Tenant to Project in Back ends
 6466 * Fix bugs with set ldap password
 6467 * Enable/disable domains (bug 1100145)
 6468 * Readme: use 'doc' directory not 'docs'
 6469 * rename tenant to project in sql
 6470 * Update to requests>=1.0.0 for keystoneclient
 6471 * Fix pep8 error
 6472 * Document user group LDAP options
 6473 * Sync latest cfg from oslo-incubator
 6474 * Limit the size of HTTP requests
 6475 * Fix role delete method in LDAP backend
 6476 * public\_endpoint & admin\_endpoint configuration
 6477 * Skip IPv6 tests if IPv6 is not supported
 6478 * Allow running of sql against the live DB
 6479 * Test that you can undo & re-apply all migrations
 6480 * downgrade user and tenant normalized tables downgraded such that sqlite is supported, too
 6481 * Auto-detect max SQL migration
 6482 * Safer data migrations
 6483 * Sync base identity Driver defs with SQL driver
 6484 * Fix i18n of string templates
 6485 * Enhance wsgi to listen on ipv6 address
 6486 * add database string field length check
 6487 * Autoload schema before creating FK's (bug 1098174)
 6488 * Enable exception format checking in the tests
 6489 * reorder tables for delete
 6490 * Validated URLs in v2 endpoint creation API
 6491 * Fixes import order nits
 6492 * Cleanup keystoneclient testing requirements
 6493 * Fix issue in test\_forbidden\_action\_exposure
 6494 * Correct spelling errors / typos in test names
 6495 * Update ldap exceptions to pass correct kwargs
 6496 * Add \_FATAL\_EXCEPTION\_FORMAT\_ERRORS global
 6497 * Keystone server support for user groups
 6498 * Add missing .po files to tarball
 6499 * Imported Translations from Transifex
 6500 * adds keyring to test-requires
 6501 * Revert "shorten pep8 output"
 6502 * Upgrade WebOb to 1.2.3
 6503 * il8n some strings
 6504 * Imported Translations from Transifex
 6505 * Removed unused variables
 6506 * Removed unused imports
 6507 * Add pyflakes to tox.ini
 6508 * Fix spelling typo
 6509 * shorten pep8 output
 6510 * Driver registry
 6511 * Adding a means to connect back to a pydevd debugger
 6512 * add in pip requires for requests
 6513 * Split endpoint records in SQL by interface
 6514 * Fix typo s/interalurl/internalurl/
 6515 * module refactoring
 6516 * Test for content-type appropriate 404 (bug 1089987)
 6517 * Imported Translations from Transifex
 6518 * fixing bug 1046862
 6519 * Expand default time delta (bug 1089988)
 6520 * Add tests for contrib.s3.core
 6521 * Test drivers return HTTP 501 Not Implemented
 6522 * Support non-default role\_id\_attribute
 6523 * Remove swift auth
 6524 * Move token controller into keystone.token
 6525 * Import pysqlite2 if sqlite3 is not available
 6526 * Remove mentions of essex in docs (bug 1085247)
 6527 * Ensure serviceCatalog is list when empty, not dict
 6528 * Adding downgrade steps for migration scripts
 6529 * Port to argparse based cfg
 6530 * Only 'import \*' from 'core' modules
 6531 * use keystone test and change config during setUp
 6532 * Bug 1075090 -- Fixing log messages in python source code to support internationalization
 6533 * Added documentation for the external auth support
 6534 * check the redirected path on the request, not the response
 6535 * Validate password type (bug 1081861)
 6536 * split identities module into logical parts remove unneeded imports from core
 6537 * Ensure token expiration is maintained (bug 1079216)
 6538 * normalize identity
 6539 * Fixes typo in keystone setup doc
 6540 * Imported Translations from Transifex
 6541 * Stop using cfg's internal implementation details
 6542 * syncing run\_tests to match tox
 6543 * Expose auth failure details in debug mode
 6544 * Utilize policy.json by default (bug 1043758)
 6545 * Wrap v3 API with RBAC (bug 1023943)
 6546 * v3 Identity
 6547 * v3 Catalog
 6548 * v3 Policies
 6549 * Import auth\_token middleware from keystoneclient
 6550 * Imported Translations from Transifex
 6551 * Refix transient test failures
 6552 * Make the controller addresses configurable
 6553 * Expose authn/z failure info to API in debug mode
 6554 * Refactor TokenController.authenticate() method
 6555 * Fix error un fixtures
 6556 * Ensures User is member of tenant in ec2 validation
 6557 * Properly list tokens with a null tenant
 6558 * Reduce total number of fixtures
 6559 * Provide config file fields for enable users in LDAP backend (bug1067516)
 6560 * populate table check
 6561 * Run test\_keystoneclient\_sql in-memory
 6562 * Make tox.ini run pep8 checks on bin
 6563 * tweaking docs to fix link to wiki Keystone page
 6564 * Various pep8 fixes for keystone
 6565 * Use the right subprocess based on os monkeypatch
 6566 * Fix transient test failures (bug 1077065, bug 1045962)
 6567 * Rewrite initial migration
 6568 * Fix default port for identity.internalURL
 6569 * Improve feedback on test failure
 6570 * fixes bug 1074172
 6571 * SQL upgrade test
 6572 * Include 'extra' attributes twice (bug 1076120)
 6573 * Return non-indexed attrs, not 'extra' (bug 1075376)
 6574 * bug 1069945: generate certs for the tests in one place
 6575 * monkeypatch cms Popen
 6576 * HACKING compliance: consistent use of 'except'
 6577 * auth\_token hash pki key PKI tokens on hash in memcached when accessed by auth\_token middelware
 6578 * key all backends off of hash of pki token
 6579 * don't import filter\_user name, use it from the identity module
 6580 * don't modify the passed in dict to from\_dict
 6581 * move hashing user password functions to common/utils
 6582 * ignore .tox directory for pep8 in runtests
 6583 * Imported Translations from Transifex
 6584 * Implements REMOTE\_USER authentication support
 6585 * pin sqlalchemy to 0.7
 6586 * Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi
 6587 * Removes duplicate flag for token\_format
 6588 * Raise exception if openssl stderr indicates one
 6589 * Ignore keystone.openstack for PEP8
 6590 * Fixed typo in log message
 6591 * Fixes 500 err on authentication for invalid body
 6592 * Enable Deletion of Services with Endpoints
 6593 * Exception.message deprecated in py26 (bug 1070890)
 6594 * Utilize logging instead of print()
 6595 * stop LdapIdentity.create\_user from returning the user's password
 6596 * Compare token expiry without seconds
 6597 * Moved SQL backend tests into memory
 6598 * Add trove classifiers for PyPI
 6599 * Adding handling for get user/tenant by name
 6600 * Fixed bug 1068851. Refreshed new crypto for the SSL tests
 6601 * move filter\_user function to keystone.identity.core
 6602 * Fixes response for missing credentials in auth
 6603 * making PKI default token type
 6604 * Fixes Bug 1063852
 6605 * bug 1068674
 6606 * Update common
 6607 * Extract hardcoded configuration in ldap backend (bug 1052111)
 6608 * Fix Not Found error, when router not match
 6609 * add --config-dir=DIR  for keystone-all option
 6610 * Add  --config-dir=DIR in OPTIONS
 6611 * Delete role does not delete role assignments in tenants (bug 1057436)
 6612 * replacing PKI token detection from content length to content prefix. (bug 1060389)
 6613 * Document PKI configuration and management
 6614 * Raise if we see incorrect keyword args "condition" or "methods"
 6615 * Filter users in LDAP backend (bug 1052925)
 6616 * Use setup.py develop to insert code into venv
 6617 * Raise 400 if credentials not provided (bug 1044032)
 6618 * Fix catalog when services have no URL
 6619 * Unparseable endpoint URL's should raise friendly error
 6620 * Configurable actions on LDAP backend in users Active Directory (bug 1052929)
 6621 * Unable to delete tenant if contains roles in LDAP backend (bug 1057407)
 6622 * Replaced underscores with dashes
 6623 * fixes bug 1058429
 6624 * Command line switch for standard threads
 6625 * Remove run\_test.py in favor of stock nose
 6626 * utf-8 encode user keys in memcache (bug 1056373)
 6627 * Convert database schemas to use utf8 character set
 6628 * Return a meaningful Error when token\_id is missing
 6629 * Backslash continuation cleanup
 6630 * notify calling process we are ready to serve
 6631 * add Swift endpoint in sample data
 6632 * Updated Fix for duplicated entries on LDAP backend for get\_tenant\_users
 6633 * Fix wsgi config file access for HTTPD
 6634 * Bump version to 2013.1
 6635 * Limit token revocation to tenant (bug 1050025)
 6636 * Fixed trivally true tests (bug 983304)
 6637 * add Quantum endpoint in sample data
 6638 * Add XML namespace support for OSADM service api
 6639 * Delete user tokens after role grant/revoke
 6640 * LDAP backend attribute fixes
 6641 * Document memcached host system time configuration
 6642 * Implementation of tenant,user,role list functions for ldap
 6643 * Initialize Metadata variable
 6644 * Cleanup PEP8 errors from Common
 6645 * List tokens for memcached backend
 6646 * Implement token endpoint list (bug 1006777)
 6647 * Ignore eclipse files
 6648 * Identity API v3 Config, Routers, Controllers
 6649 * Sync some misc changes from openstack-common
 6650 * Sync latest cfg from openstack-common
 6651 * Remove id\_hash column
 6652 * LOG.warn all exception.Unauthorized authentication failures
 6653 * Fixed: test\_default\_tenant\_uuid\_token not running
 6654 * Upgrade PEP8 to 1.3.3 (bug 1037303)
 6655 * Expand PEP8 coverage to include docs & tests
 6656 * Removed/fixed unused variable references
 6657 * HACKING compliance & staticly init module vars
 6658 * PEP8 fix E251
 6659 * PEP8 fix
 6660 * Removed unused imports
 6661 * Check for expected cfg impl (bug 1043479)
 6662 * Fixed typos in comment
 6663 * HACKING: Import by full module path
 6664 * HACKING: Use single quotes
 6665 * mistake in doc string
 6666 * pep8 1.3.3 cleanup removing unused imports
 6667 * Removed dead code
 6668 * Fix auth\_token middleware to fetch revocation list as admin
 6669 * Require authz to update user's tenant (bug 1040626)
 6670 * Code cleanup in doc/source/conf.py
 6671 * Typo fix in keystone: existant => existent
 6672 * allow middleware configuration from app config
 6673 * PEP8 fix for PAM test
 6674 * change verbose and debug to Fasle in keystone.conf.sample
 6675 * add token\_format=UUID to keystone.conf.sample
 6676 * Demonstrate that authenticate() returns roles
 6677 * Add nosehtmloutput as a test dependency
 6678 * Less information returned with IntegrityError
 6679 * Support running the tests in the debugger
 6680 * Removed stray print statement (bug 1038131)
 6681 * Remove unused variables
 6682 * PKI Token revocation
 6683 * Remove unused imports
 6684 * Adding missing files to MANIFEST.in
 6685 * Simplify the sql backend deletion of users and tenants
 6686 * Add tests for PAM authentication
 6687 * Allow overloading of username and tenant name in the config files
 6688 * Enabling SQL Catalog tests (bug 958950)
 6689 * Use user home dir as default for cache
 6690 * Set example key\_size to 1024
 6691 * Log errors when signing/verifying
 6692 * Implement python version of migration 002
 6693 * Set default signing\_dir based on os USER
 6694 * Assert adminness on token validation (bug 1030968)
 6695 * Test for Cert by name
 6696 * Typo error in keystone/doc/source/configuration.rst
 6697 * fix broken link
 6698 * Cryptographically Signed tokens
 6699 * Sync jsonutils from openstack-common
 6700 * Added user name validation. Fixes bug 966251
 6701 * Import ec2 credentials from old keystone db
 6702 * Debug output may include passwords (bug 1004114)
 6703 * Raise unauthorized if tenant disabled (bug 988920)
 6704 * Files for  Apache-HTTPD
 6705 * Implementation of LDAP functions
 6706 * Fix the wrong infomation in keystone-manage.rst
 6707 * Webob needs body to calc Content-Length (bug 1016171)
 6708 * Prevent service catalog injection in auth\_token
 6709 * Admin Auth URI prefix
 6710 * updating testing documentation
 6711 * adding keystoneclient test
 6712 * Removed redundant / excessively verbose debug
 6713 * Making docs pretty!
 6714 * Adding user password setting api call
 6715 * Fixing pep8 errors in tests/\*py
 6716 * Make sure user dict has id key before checking against it
 6717 * pep8 for openssl
 6718 * Run pep8 for tests
 6719 * Move monkey patch to keystone-all startup
 6720 * Use sdist tarball instead of zipball
 6721 * Return a 409 error when adding a second time a role to user/tenant
 6722 * notify calling process we are ready to serve
 6723 * Set iso8601 module as default dependence
 6724 * Fixed user-only role deletion error
 6725 * Use PyPI for keystoneclient
 6726 * keystone\_manage certificate generation
 6727 * documenting models
 6728 * Reorder test imports by full import path
 6729 * pep8 v1.3.3 compliance (bug 1019498)
 6730 * Correct Tree DN
 6731 * don't assume that the LDAP server require authentication
 6732 * fix variable names to coincide with the ones in common.ldap
 6733 * Keystone should use openstack.common.timeutils
 6734 * Fixed marker & limit computation (bug 1006055)
 6735 * Do not crash when trying to remove a user role (without a tenant)
 6736 * Keystone should use openstack.common.jsonutils
 6737 * Refactor 404's into managers & drivers (bug 968519)
 6738 * fix sphinx warnings
 6739 * fix man page build
 6740 * Utilize newer changes in openstack-common
 6741 * Add .mailmap file
 6742 * setting up babel for i18n work blueprint start-keystone-i18n
 6743 * Removed unused import
 6744 * Fix order of returned tuple elements in pam authenticate
 6745 * Reorder imports by full module path
 6746 * Pass serviceCatalog in auth\_token middleware
 6747 * Fixed typo in routing conditions (bug 1006793)
 6748 * 400 on unrecognized content type (bug 1012282)
 6749 * Basic request stats monitoring & reporting
 6750 * Monkey patching 'thread'
 6751 * Speed up SQL unit tests
 6752 * PEP8 fixes
 6753 * Clean up test requires a bit
 6754 * Use cfg's new global CONF object
 6755 * Add s3 extension in keystone.conf sample
 6756 * Tweak for easier, safer subclassing
 6757 * Revert file mode to be non-executable
 6758 * fix importing of optional modules in auth\_token
 6759 * Carrying over token expiry time when token chaining
 6760 * Keystone should use openstack.common.importutils
 6761 * Require authz for user role list (bug 1006815)
 6762 * Require authz for service CRUD (bug 1006822)
 6763 * PEP8 fixes
 6764 * Use cfg's new behavior of reset() clearing overrides
 6765 * Use cfg's new group autocreation feature
 6766 * Sync with latest version of openstack.common.cfg
 6767 * blueprint 2-way-ssl
 6768 * Fixes some pep8 warning/errors
 6769 * Update swift\_auth documentation
 6770 * Add ACL check using <tenant\_id>:<user> format
 6771 * Use X\_USER\_NAME and X\_ROLES headers
 6772 * Allow other middleware overriding authentication
 6773 * Backslash continuation removal (Keystone folsom-1)
 6774 * Remove service\_\* from authtoken examples
 6775 * Nail prettytable test dependency at 0.5.0
 6776 * Invalidate user tokens when a user is disabled
 6777 * Fix depricated /users/{user-id}/roles
 6778 * Changed arguments in keystone CLI for consistency
 6779 * Add validations of 'name' field for roles, users and tenants
 6780 * Added 'NormalizingFilter' middleware
 6781 * One 'ctrl-c' kills keystone
 6782 * Make sure we parse delay\_auth\_decision as boolean
 6783 * Flush tenant membership deletion before user
 6784 * notify calling process we are ready to serve
 6785 * Invalidate user tokens when password is changed
 6786 * Added tenant name validation. Fixes bug 966249
 6787 * Corrects url conversion in export\_legacy\_catalog
 6788 * Truly handle mailmap entries for all combinations
 6789 * fix pam admin user case
 6790 * Improve the sample keystone.conf
 6791 * Add defaults for ldap options
 6792 * Sync to newer openstack-common
 6793 * Set defaults for sql options
 6794 * Set defaults for port options
 6795 * Add defaults for driver options
 6796 * Use ConfigOpts.find\_file() to locate catalog template
 6797 * Use ConfigOpts.find\_file() to locate policy.json
 6798 * Policy doc updates; RST syntax consistency
 6799 * Removed SimpleMatch 'shim'; updated readme
 6800 * Removed old sections; improved syntax consistency
 6801 * cleanup dependent data upon user/tenant deletion
 6802 * Update tests to run servers on 127.0.0.1
 6803 * Switch to 1000 rounds during unit tests
 6804 * Fix argument name referred in the document
 6805 * Exit on error in a S3 way
 6806 * Auto generate AUTHORS file for keystone component
 6807 * Misnamed exception attribute (bug 991936)
 6808 * Avoid ValueError in 12.04 essex pkg (bug 988523)
 6809 * Non-nullable User, Tenant, Role names (bug 987121)
 6810 * Fix expired token tests
 6811 * Make run\_tests.py non-executable
 6812 * Add distribute to test-requires
 6813 * Makes the ldap backend return proper role metadata
 6814 * cleanup no\_meta user in live LDAP test
 6815 * Add ChangeLog to tarball
 6816 * Fix "it's" grammar errors
 6817 * Rename keystone.conf to .sample
 6818 * Import latest openstack-common
 6819 * Stub out swift log configuration during testing
 6820 * Remove tenant membership during user deletion
 6821 * Add a \_ at the end of reseller\_prefix default
 6822 * additional logging to support debugging auth issue
 6823 * Add support to swift\_auth for tokenless authz
 6824 * Make import\_nova\_auth only create roles which don't already exist
 6825 * don't duplicate the extra dict in extra
 6826 * Fix looking for config files
 6827 * endpoint-crud 404 (bug 963056)
 6828 * user-role-crud 404 (bug 963056)
 6829 * ec2-credential-crud 404 (bug 963056)
 6830 * service-crud 404 (bug 963056)
 6831 * user-crud 404 (bug 963056)
 6832 * tenant-crud 404 (bug 963056)
 6833 * Add build artifacts missing from .gitignore
 6834 * Switch keystone.test.TestCase to use unittest2
 6835 * Raise keystone.exception for HTTP 401 (bug 962563)
 6836 * Fixed misc errors in configuration.rst
 6837 * Docs: SQL-based vs File-based Service Catalog
 6838 * Improve service CRUD test coverage
 6839 * Change default catalog driver to SQL; doc the options
 6840 * Replace tabs with spaces
 6841 * role-crud 404 (bug 963056)
 6842 * Improve swift\_auth test coverage + Minor fixes
 6843 * Open Folsom
 6844 * S3 tokens cleanups
 6845 * Check values for EC2
 6846 * Fix critical typo in endpoint\_create (bug 961412)
 6847 * updating docs to include creating service accts
 6848 * unique role name constraint
 6849 * Add test for swift middleware
 6850 * Spring cleaning, fix PEP8 violations
 6851 * Rename tokenauth to authtoken
 6852 * pass the arguments in when starting keystone-all
 6853 * fix keystone-all's usage of options vs conf
 6854 * Wrapped unexpected exceptions (bug 955411)
 6855 * Changing belongsTo validation back to ID
 6856 * Clean up sql connection args
 6857 * Improved file logging example (bug 959610)
 6858 * Swift middleware doc update
 6859 * Fixes LP #954089 - Service list templated catalog
 6860 * Remove nova-specific middlewares
 6861 * Add check for MAX\_PASSWORD\_LENGTH to utils
 6862 * Remove glance\_auth\_token middleware
 6863 * Support PyPAM in pam backend, update to latest API
 6864 * Fix default port for identity.internalURL
 6865 * Installing keystone docs
 6866 * Update username -> name in token response
 6867 * Refactor keystone.common.logging use (bug 948224)
 6868 * Add automatically generated code docs
 6869 * Properly return 501 for unsupported Catalog calls
 6870 * docstring cleanup to remove sphinx warnings
 6871 * updating documentation for rewrite of auth\_token
 6872 * Allow connect to another tenant
 6873 * Update docs for keystone client cli args
 6874 * Raising unauthorized instead of 500 (bug 954547)
 6875 * Failing to update tenants (bug 953678, bug 954673)
 6876 * added LDAP section to architecture and architecture
 6877 * Bug #943031 MySQL Server has gone away added docnotes of error messages caught for mysql and reference
 6878 * making all use of time follow datetime.utcnow() fixes bug 954057
 6879 * Improved legacy tenancy resolution (bug 951933)
 6880 * sample\_data.sh: check file paths for packaged installations
 6881 * Fix iso8601 import/use and date comparaison
 6882 * Fix double-quoted service names
 6883 * Remove Nova Diablo reference from migrate docs
 6884 * Fixes the cli documentation of user/tenant/roles
 6885 * Add simple set of tests for auth\_token middleware
 6886 * update documention on changing user password
 6887 * enables run\_test option to skip integration
 6888 * Add token caching via memcache
 6889 * Update get\_metadata to return {}
 6890 * Diablo to Essex migration docs (bug 934328)
 6891 * Added license header (bug 929663)
 6892 * Add AUTHORS to the tarball
 6893 * create service endpoints in sample data
 6894 * Fix EC2 credentials crud after policy backend change
 6895 * port common policy code to keystone
 6896 * rename belongs\_to to belongsTo as per the API spec
 6897 * Make sure we have a port number before int it
 6898 * fixes lp#949648 change belongsTo validate to name
 6899 * HTTP\_AUTHORIZATION was used in proxy mode
 6900 * fix Nova Volume Service in sample data
 6901 * fixes bug lp#948439 belongs\_to and serviceCatalog behavior \* removing belongs\_to as a kwarg and getting from the context \* adding a serviceCatalog for belongs\_to calls to tokens \* adding test to validate belongs\_to behavior in tokens
 6902 * Make bind host configurable
 6903 * add more default catalog templates
 6904 * Fix coverage jobs for Jenkins
 6905 * Improve auth\_str\_equal()
 6906 * Set default identity driver to sql (bug 934332)
 6907 * Renamed sqlite files (bug 944951)
 6908 * Isolating backtraces to DEBUG (bug 947060)
 6909 * updating readme to point to developer setup docs \* fixes bug 945274
 6910 * Add reseller admin capability
 6911 * Remove trailing whitespaces in regular file
 6912 * LDAP get\_user\_by\_name
 6913 * Added missing import (bug 944905)
 6914 * add git commit date / sha1 to sphinx html docs
 6915 * gitignore follow up for docs/ rename
 6916 * improve auth\_token middleware
 6917 * Add service accounts to sample\_data.sh
 6918 * standardize ldap and related tests
 6919 * Align with project configs
 6920 * Fixes doc typo s/SERVIVE/SERVICE/
 6921 * Use constant time string comparisons for auth
 6922 * Unpythonic code in redux in auth\_token.py
 6923 * fix pep8
 6924 * GET /v2.0 (bug 930321)
 6925 * LDAP member defaults
 6926 * Handle KeyError in \_get\_admin\_auth\_token
 6927 * Align tox jobs with project standards
 6928 * renaming pip-requires-test to test-requires
 6929 * Provide request to Middleware.process\_response()
 6930 * Add Vary header (bug 928057)
 6931 * Implement a Catalog SQL backend
 6932 * Set tenantName to 'admin' in get\_admin\_auth\_token
 6933 * LDAP Identity backend
 6934 * Implements extension discovery (bug 928054)
 6935 * Support unicode in the keystone database
 6936 * Add HEAD /tokens/{token\_id} (bug 933587)
 6937 * XML de/serialization (bug 928058)
 6938 * fleshing out architecture docs
 6939 * Update auth\_token middleware so it sets X\_USER\_ID
 6940 * Adds AUTHORS file generated from git log (and de-duplicated)
 6941 * The default nova compute port is 8774
 6942 * Fix case of admin role in middleware
 6943 * Fix MANIFEST.in to include missing files
 6944 * Remove extraneous \_validate\_claims() arg
 6945 * Create tools/sample\_data.sh
 6946 * Backslash continuations (Keystone)
 6947 * Correct config name for max\_pool\_size
 6948 * Use cfg's new print\_help() method
 6949 * Move cfg to keystone.openstack.common
 6950 * Remove cfg dict mixin
 6951 * Update cfg from openstack-common
 6952 * Fix copyright dates and remove duplicate Apache licenses
 6953 * some additional style bits
 6954 * Add migration path for Nova auth
 6955 * fix the style guide to match the code
 6956 * Re-adds admin\_pass/user to auth\_tok middleware
 6957 * Fix thinko in keystone-all sys.path hack
 6958 * Removing broken & redundant code (bug 933555)
 6959 * Return HTTP 401 bad user/password is specified
 6960 * cli now returns an exit status cmd is invalid
 6961 * Ignore sqlite.db files
 6962 * Implements admin logic for tenant\_list call
 6963 * Implemented get\_tenant\_users. Fixed bug 933721
 6964 * Removing unused imports from keystone.cli
 6965 * Set include\_package\_data=True in setup.py
 6966 * Remove data\_files section from setup.py
 6967 * Update Manifest.in
 6968 * Add migrate.cfg to data\_files in setup.py
 6969 * Should return 300 Multiple Choice (bug 925548)
 6970 * Admin version pipeline not utilized (bug 925548)
 6971 * fixes #934459
 6972 * Fix logging.config import
 6973 * backport some asserts
 6974 * remove pycli
 6975 * Adds missing argument to add\_user\_to\_tenant in create\_user
 6976 * Fixes a failure caused by a recent change to user update in the client
 6977 * remove executable bit from setup.py
 6978 * Raising 'NotImplmented' results in TypeError
 6979 * Update docs for Swift and S3 middlewares
 6980 * Added Apache 2.0 License information
 6981 * Add docs on keystone\_old -> ksl migration
 6982 * Add token expiration
 6983 * Update docs to for current keystone-manage usage
 6984 * add catalog export
 6985 * Handle unicode keys in memcache token backend
 6986 * make sure passwords work after migration
 6987 * add legacy diablo import tests
 6988 * change password hash
 6989 * add essex test as well
 6990 * add sql for import legacy tests
 6991 * add import legacy cli command
 6992 * add migration from legacy db
 6993 * remove keystoneclient-based manage commands
 6994 * Remove executable bit from auth\_token.py
 6995 * Update swift token middleware
 6996 * Add s3\_token
 6997 * Add pagination to GET /tokens
 6998 * Fixes role checking for admin check
 6999 * Fix webob exceptions in test\_middlware
 7000 * Add tests for core middleware
 7001 * Add version description to root path
 7002 * Add TokenNotFound exception
 7003 * remove diablo tests, they aren't doing much
 7004 * Fix largest memory leak in ksl tests
 7005 * Add memcache token backend
 7006 * Friendly JSON exceptions (bug 928061, bug 928062)
 7007 * Fix comment on bcrypt and avoid hard-coding 29 as the salt length
 7008 * Add SQL token backend
 7009 * Add content-type to responses
 7010 * Cope with unicode passwords or None
 7011 * Add auth checks to ec2 credential crud operations
 7012 * termie all the things
 7013 * example in hacking was incorrect
 7014 * Ensures duplicate users and tenants can't be made
 7015 * make pip requires match nova
 7016 * fixes lp:925721 adds .gitreview for redux branch
 7017 * remove novaclient, fix python syntax
 7018 * We don't need all the deps to check pep8
 7019 * remove extra line
 7020 * Make ec2 auth actually work
 7021 * fixing grammar, noting broken enable, adding hacking with prefs for project
 7022 * Removed unused reference
 7023 * adding a token service Driver to define the interface
 7024 * Added support for DELETE /tokens/{token\_id}
 7025 * Fixes bug 924391
 7026 * ran through all commands to verify keywords against current (master) keystonelight
 7027 * updating docs:
 7028 * Fix "KeyError: 'service-header-mappings'"
 7029 * updating tox.ini with test pip requirements
 7030 * use our own logging module
 7031 * Update auth\_token middleware to support creds
 7032 * Removes nova middleware and config from keystone
 7033 * minor docstring update for new locations
 7034 * Missed one more keystone-server
 7035 * Renamed keystone-server to keystone-all based on comments in LP: #910484
 7036 * be more safe with getting json aprams
 7037 * skip the two tests where testing code is failing
 7038 * accept POST or PUT for tenant update
 7039 * deal with reparsing the config files
 7040 * don't automatically parse sys.argv for cfg
 7041 * deal with tags in git checkout
 7042 * fix keystoneclient tests
 7043 * add tests for essex and fix the testing framework
 7044 * Update docs/source/developing.rst
 7045 * Change the name of keystone to keystone-server so the binaries dont conflict with python-keystoneclient
 7046 * Normalize build files with current jenkins
 7047 * Use gerrit instead of github
 7048 * Fix pep8 violations
 7049 * Add .gitreview file
 7050 * Added keystone-manage list\_role\_grants (bug 923933)
 7051 * removing unused images, cleaning up RST in docstrings from sphinx warnings
 7052 * pep8 cleanup
 7053 * shifting contents from \_static to static
 7054 * adding in testing details
 7055 * moved notes from README.rst into docs/architecture.rst
 7056 * updating formating for configuration page
 7057 * format tweaks and moving old docs
 7058 * shifting older docs into old/ directory
 7059 * doc updates
 7060 * moving in all the original docs from keystone
 7061 * adding python keystoneclient to setup.py deps
 7062 * fixing up PIP requirements for testing and virtualenv
 7063 * indents
 7064 * Make it as a subclass
 7065 * Added shortcut for id=NULL queries (bug 916386)
 7066 * fix style and termie's comments about comments
 7067 * invalid params for roles.delete
 7068 * initial stab at requiring adminness
 7069 * Simplify code
 7070 * add tests that auth with tenant user isn't member of
 7071 * Add s3tokens validation
 7072 * Test coverage for issue described in bug 919335
 7073 * Removing \_\_init\_\_ from non-packages (bug 921054)
 7074 * add instructions for setting up a devenv on openSUSE 11.4 and 12.1
 7075 * Documented race condition (bug 921634)
 7076 * Fix race in TestCreateTokenCommand (bug 921634)
 7077 * Forgot to update models (bug 885426)
 7078 * Updating example glance paste config
 7079 * add a bunch of basic tests for the cli
 7080 * Migrated 'enabled' int columns to bool for postgres (bug 885426)
 7081 * remove this useless catalog
 7082 * move cli code into a module for testing
 7083 * Updated bp keystone-configuration for bp keystone-manage2
 7084 * Return Version and Tenant in Endpoints
 7085 * Updated error message for keystone-manage2
 7086 * allow class names to be different from attr names
 7087 * add ec2 credentials to the cli
 7088 * fix middleware
 7089 * Added: "UserWithPassword" Added: "UserWithOnlyEnabled" Removed: "UserWithOnlyPassword"
 7090 * Update Extended Credentials (EC2, S3)
 7091 * Fix for bug 921126
 7092 * Adds keystone auth-n/auth-z for Swift S3 API
 7093 * Implement cfg.py
 7094 * bcrypt the passwords
 7095 * fix token vs auth\_token
 7096 * Implement Secure Token Auth
 7097 * some quick fixes to cli, tests incoming
 7098 * fix pep8
 7099 * fix some more pass-by-reference bugs
 7100 * strip password before checking output
 7101 * flip actual and expected to match common api
 7102 * don't allow disabled users to authenticate
 7103 * turn off echo
 7104 * fix invalid\_password, skip ec2 tests
 7105 * Suppressed backtraces in tests causes sweaty eyes
 7106 * strip password from sql backend
 7107 * raise and catch correct authenticate error
 7108 * rely on internal \_get\_user for update calls
 7109 * Fixed: Inserting URLs into endpoint version attr
 7110 * strip password from kvs backend
 7111 * fix user\_get/user\_list tests
 7112 * Release Notes for E3
 7113 * Addresses bug 918608
 7114 * Restore Console Info Logging - bp keystone-logging
 7115 * removing the sphinx\_build from setup.py, adding how to run the docs into the README
 7116 * Added Vary header to support caching (bug 913895)
 7117 * Implemented subparsers (bp keystone-manage2)
 7118 * Handle EC2 Credentials on /tokens
 7119 * ec2 docs
 7120 * simple docstrings for ec2 crud
 7121 * Fixed PEP8 violations and disallowed them
 7122 * Implemented bp keystone-manage2
 7123 * Fixes 918535: time not properly parsed in auth\_token middleware
 7124 * Use dateutil 1.5
 7125 * get docs working
 7126 * some cli improvements
 7127 * add checks for no password attribute
 7128 * Prestage fix - fixed requirement name; python-dateutil, not dateutil
 7129 * users with correct credentials but disabled are forbidden not unauthorized
 7130 * Pre-staging pip requires
 7131 * shimming in basics from original keystone
 7132 * test login fails with invalid password or disabled user
 7133 * doctry
 7134 * use token\_client in token tests
 7135 * remove duplicate pycli from pip-requires
 7136 * fix ec2 sql config
 7137 * get\_client lets you send user and tenant
 7138 * update how user is specified in tests
 7139 * rename ec2 tests to be more explicit
 7140 * use the sql backend for ec2 tests
 7141 * more failing ec2 tests
 7142 * add METADATA for boo
 7143 * add (failing) tests for scoping ec2 crud
 7144 * add some docs that got overwritten last night
 7145 * Bug #916199: keystone-manage service list fails with AttributeError on Service.description
 7146 * Exception raise error
 7147 * Updates to middleware to deprecate X\_USER
 7148 * Revert "Exception raise error"
 7149 * fix pep8
 7150 * update tests
 7151 * update some names
 7152 * fix some imports
 7153 * split up sql backends too
 7154 * split up the services and kvs backends
 7155 * establish basic structure
 7156 * add docs for various service managers
 7157 * expect sphinx sources to be autogenned
 7158 * some tiny docs
 7159 * fix sphinx
 7160 * testing rst on github
 7161 * updating dependencies for ksl
 7162 * needed to do more for cli opts
 7163 * make a main in keystone-manage
 7164 * fix pep8 error
 7165 * rename apidoc to autodoc
 7166 * Fix typo
 7167 * Fix LDAP Schema Syntax (bug 904380)
 7168 * return to starting directory after git work
 7169 * spacing
 7170 * tests for ec2 crud
 7171 * add keystoneclient expected format
 7172 * add sql backend, too
 7173 * add an ec2 extension
 7174 * update readme
 7175 * Exception raise error
 7176 * re-indent
 7177 * re-indent
 7178 * re-indent
 7179 * re-indent kvs.py
 7180 * re-indent test.py
 7181 * remove models.py
 7182 * add some docs to manager
 7183 * dynamic manager classes for now
 7184 * add a couple more tests
 7185 * Bug #915544: keystone-manage version 1 commands broken when using flags
 7186 * add some more todos
 7187 * strip newlines
 7188 * TODO
 7189 * add role refs to validate token
 7190 * fix token auth
 7191 * check for membership
 7192 * flush that sht
 7193 * add more middleware
 7194 * fixing WatchedFileHandler
 7195 * logging to debugging by default for now
 7196 * add a noop controller
 7197 * woops
 7198 * add glance middleware ??
 7199 * add legacy middleware
 7200 * fix setup.py
 7201 * adding #vim to file with changed indent
 7202 * add id-only flag to return IDs
 7203 * rename ks to keystone-manage
 7204 * fixing imports for syslog handlers and gettext
 7205 * adding gettext
 7206 * adding logging from configuration files, default logging per common
 7207 * cli using keystoneclient
 7208 * add a db\_sync command to bin/ks, remove others
 7209 * merge test and default configs
 7210 * adding project to keystone config to find default config files
 7211 * some more config in bin/keystone
 7212 * in the bin config too
 7213 * rename many service parts to public
 7214 * keystone\_compat -> service
 7215 * remove keystone from names, remove service
 7216 * remove default configuration
 7217 * basic service running again
 7218 * rename extras to metadata
 7219 * version number in setup.py
 7220 * add basic sphinx doc bits
 7221 * remove references to keystone light
 7222 * renaming keystonelight to keystone
 7223 * keystoneclient tests working against sql backend
 7224 * run all teh keystoneclient tests against sql too
 7225 * move everything over to the default config
 7226 * config system overhaul
 7227 * add nova's cfg framework
 7228 * fix pep8
 7229 * missed a file
 7230 * most tests working again
 7231 * still wip, got migration mostly working
 7232 * get the sql ball rolling, still wip
 7233 * add sql backend, WIP
 7234 * Show useful traceback if manage command fails
 7235 * Fix minor typo
 7236 * Add 'tenants' to Auth & Validate Response
 7237 * Fixed Test Coverage Handling
 7238 * Adding prettytable dependency
 7239 * Front-end logging
 7240 * tweaking for running regular tests in jenkins
 7241 * Implement Role Model
 7242 * xsd fixes
 7243 * Added decorators for admin and service\_admin checks
 7244 * Initial keystone-manage rewrite (bp keystone-manage2)
 7245 * Correct endpoint template URLs in docs
 7246 * fix bug lp:843064
 7247 * finished up services stuff
 7248 * add the various role tests
 7249 * add list users
 7250 * get user tests working
 7251 * Remove install\_requires processing
 7252 * get endpoints test working
 7253 * get tenant\_add\_and\_remove\_user test working
 7254 * tenant test working again
 7255 * copy over the os-ksadm extension
 7256 * Implement Endpoint, Endpoint Template, and Credential Managers
 7257 * PEP8 keystone cleanup
 7258 * Changes run\_tests.sh to also run pep8 by default
 7259 * example crud extension for create\_tenant
 7260 * Updates to Tests/Testing
 7261 * Un-pythonic methods lp:911311 Fixed pep8 problems Changed comments to docstrings
 7262 * get some tests working again
 7263 * merge fixes
 7264 * fixup
 7265 * Made tests use both service and admin endpoints
 7266 * All tests but create\_tenant pass
 7267 * Split keystone compat by admin and service endpoints
 7268 * Install a good version of pip in the venv
 7269 * fix bug lp:910491 option "service\_host" in keystone.conf not works
 7270 * Added broken tests to show compatibility gaps
 7271 * Added tox.ini file
 7272 * Split keystone compat by admin and service endpoints
 7273 * Implement Service Manager
 7274 * Implement Tenant Manager
 7275 * Fixes bug lp:910169 - Tests are using too much memory Added super() call to tearDown() method
 7276 * Changed the call to create the KeystoneContextMiddleware object to pass the correct glance ConfigOpts object
 7277 * Added logging on core modules
 7278 * Adding logging to Auth-Token Middleware
 7279 * Implement Role Manager
 7280 * Refactor models and backends
 7281 * Add HP-IDM extension to fix Bug 890411
 7282 * Move URL Normalizer to Frontends
 7283 * move novaclient tests over also
 7284 * clean up test\_identity\_api
 7285 * clean up keystoneclient setup
 7286 * Move Global Role variables out of backendutils
 7287 * Bug #909255: Endpoint handling broken on SQL backend by portable-identifiers changes
 7288 * add role crud
 7289 * speed up tests
 7290 * add basic fixture functionality
 7291 * documentation driven development
 7292 * novaclient now requires prettytable
 7293 * Return Endpoint IDs
 7294 * Correct Handling of Default Tenant
 7295 * Fix duplicate logging
 7296 * Added global endpoints response in XML as well
 7297 * Fix: Client and Unit Tests not correctly failing a build
 7298 *  Bug #907521.     Changes to support get roles by service
 7299 * Always Return Global Endpoints
 7300 * Added release notes
 7301 * Fixed error with database initialization
 7302 * Tests use free TCP/IP ports
 7303 * Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here:   https://github.com/ziadsawalha/keystone/commits/tests
 7304 * Added HP-IDM documentation artifacts
 7305 * whitespace
 7306 * whitespace
 7307 * make create\_tenant work for keystone api
 7308 * common ks client creation
 7309 * Fixed version response (bug 891555 and bug 843052)
 7310 * Implement Multiple Choices Response (bug 843051)
 7311 * updating of docs
 7312 * Fix LDAP schema (bug 904815)
 7313 * working on a tenant\_create test
 7314 * standardize spacing
 7315 * novaclient uses password instead of apikey
 7316 * update to use the correct repo for python-novaclient
 7317 * fix tenant auth tests
 7318 * Updated namespace
 7319 * Fixes the catalog return in d5\_compat calls
 7320 * Added: ./keystone-manage database goto <version>
 7321 * Added databased version check on startup w/ docs
 7322 * Revised in-memory sql connection path for sqlalchemy
 7323 * Clarify 'test not found' error message
 7324 * Contract fix: change IDs from xsd:ID to xsd:string
 7325 * Tenants - asserted all the things (bug 887844)
 7326 * Support for unscoped admin tokens
 7327 * LDAP: fix to keystone.ldif
 7328 * Contract fix: IDs are not Ints, they are ID or string types
 7329 * Contract fix: description optional
 7330 * Update tracer excludes for Linux
 7331 * Fixed bug 905422. Swift caching should work again.  Also fixed a few other minor syntactical stuff
 7332 * Update test\_keystone\_manage to use unittest2
 7333 * Python 2.6 subprocess.check\_output doesn't exist
 7334 * No more python path changes
 7335 * Clarified language on migration instructions
 7336 * Refactor: Workaround for python build\_sphinx failure
 7337 * Fixed some skipped tests
 7338 * Format keystone-manage output better
 7339 * Added instructions to git clone from github
 7340 * Refactor: Computing api/model module paths dynamically
 7341 * Introduces UID's & domain models (bp portable-identifiers)
 7342 * Improved test coverage of d5 compat
 7343 * Fixed: Tests returning successful (0) on failure
 7344 * D5 Compatibility Support
 7345 * Added original tenants blueprint to docs
 7346 * Fixed broken import of version info (bug 902316)
 7347 * Added missing import preventing keystone from starting (bug 901453)
 7348 * Fix some issues with new version module
 7349 * quantum\_auth\_token.py middleware fails on roles
 7350 * Removed Server class from \_\_init\_\_.py
 7351 * Fix auth\_token middleware: make \_verify\_claims not static. Fixes bug #901049
 7352 * Pylint fixes to auth\_token.py
 7353 * Split version code into its own file
 7354 * Change is\_global == 1 to is\_global == True
 7355 * Bug 897496: Remove tenant id from Glance URLs
 7356 * Refactor: move initialization code to class
 7357 * Add missing json validation
 7358 * Refactor: get rid of keystone/config.py
 7359 * Fixes missed tests and subsequently introduced bugs
 7360 * Rename .keystone-venv to .venv
 7361 * Refactor: Rename auth controller to token controller
 7362 * Added documentation
 7363 * Added SSL and memcache sample config files
 7364 * Updated auth\_token middleware caching to support memcache
 7365 * Deprecating RAX-KEY middleware
 7366 * Added argparse to support python 2.3 - 2.6
 7367 * Make bin/keystone use port settings in the config file. Fixes bug #898935
 7368 * Bug#899116: use correct module when building docs
 7369 * Minor RST changes
 7370 * Revised extension documentation
 7371 * Added documentation for SQL tables
 7372 * Remove pysqlite deps. Fixes bug #898343
 7373 * Pretty-printed JSON samples
 7374 * Added option to pretty-print JSON
 7375 * Implements blueprint keystone-swift-acls
 7376 * Updated docstring to match auth\_token.py (bug 898211)
 7377 * Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from  additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file
 7378 * Added JSON validator; fixed samples (bug 898353)
 7379 * Fixes a number of configuration/startup bugs
 7380 * Fixed RST syntax (bug 898211)
 7381 * Revised schema migration docs
 7382 * Improved doc formatting consistency (bug 898211)
 7383 * Fixed RST syntax in doc strings (bug 898211)
 7384 * Added ssl docs to index; fixed rst syntax (bug 898211)
 7385 * Bug-897724: Added method to list endpoints specific to a service and related tests
 7386 * Eliminated debug output from sphinx\_build (bug 898211)
 7387 * Updated testing
 7388 * Fixes bug lp:897819
 7389 * Check that endpointTemplate ID is valid in endpoint add cmd (#897749)
 7390 * Added Endpoint and Endpoint Template documentation
 7391 * Bug #854104   - Changes to allow admin url to be shown only for admin users.   - Additional test asserts to verify
 7392 * Fixed memcache tests
 7393 * Update documentation and examples following API 1.1 removal
 7394 * Fixes bug 843065
 7395 * Additional middleware test coverage
 7396 * Enforce service ownership
 7397 * Add keystone\_tenant\_user\_admin option and fixes
 7398 * Make owner the user named same as tenant/account
 7399 * Restored developer default log dir
 7400 * Add default for log directory and log filenames
 7401 * Added wadls, pdfs, samples and functional test confs (bug 891093)
 7402 * Additional documentation
 7403 * ./keystone-manage endpointTemplates list missing arg (bug 891843)
 7404 * Bug #890399
 7405 * Bug #891451: Changes to support update endpointTemplates call in the WADL
 7406 * add an example for capability rbac
 7407 * make readme use code style
 7408 * add the policy code
 7409 * describe and add a policy backend
 7410 * policty stub
 7411 * re-indent
 7412 * Added timeout to bufferedhttp class and timeout setting for middleware - bug 891687
 7413 * Refactoring master to match stable/diablo fix for bug 891710
 7414 * Refactor auth\_token.py to only call out to Keystone once
 7415 * Added files missing from dist packaging (bug 891093)
 7416 * pylintrc should not be hidden (bug 891093)
 7417 * Simplified gitignore (in pursuit of bug 891093)
 7418 * Fixes typo in setup document
 7419 * Adding middleware tests
 7420 * Remove executable bit on template
 7421 * change array syntax
 7422 * updates to make compatible with middleware
 7423 * mergeish dolph's port change
 7424 * fix tests
 7425 * handle unscoped requests
 7426 * adjust default port
 7427 * Revised version status response (bug 890807)
 7428 * Refactored headers produced by middleware (bug 835087)
 7429 * move noop to identity controller
 7430 * Ignoring db migrate mgmt module to workaround bug 889287
 7431 * 'text/json' should be 'application/json' (bug 843226)
 7432 * Revised curl examples (bug 884789)
 7433 * allow setting user\_id on create
 7434 * users require a name
 7435 * pep8
 7436 * update test conf too
 7437 * cli for adding users, tenants, extras
 7438 * adjust paths and use composite apps
 7439 * add tests for extras
 7440 * add tenant crud
 7441 * oops, forgot update in crud
 7442 * add crud tests
 7443 * add crud tests
 7444 * add crud tests
 7445 * add test for create user and get user
 7446 * add test for create user and get user
 7447 * re-indent identity.py
 7448 * don't pep8 swp files
 7449 * accept data as kwargs for crud
 7450 * use the keystone app in the conf
 7451 * reorg
 7452 * re-indent service.py
 7453 * Bug 888448: - Changes to allow validate token call return user name as per contract. - Additional test assertions to test the same. - Changes to middleware
 7454 * more dyanmic client
 7455 * get some initial identity api tests working
 7456 * update service to middleware in confs
 7457 * move around middleware
 7458 * make a composite app
 7459 * add crud methods to identity manager
 7460 * Add a new swift auth middleware
 7461 * Use TENANT\_ID if it exists, but still support X\_TENANT
 7462 * cli beginnings
 7463 * Bug 888170: Fixing references to incorrect schema
 7464 * add admin port
 7465 * add an etc dir
 7466 * Bug #888210: Changes to fix calls to use the right path
 7467 * bug 878431: Minor changes to auth\_token middleware
 7468 * add a default handler for /
 7469 * Bug #886046 Add Quantum auth middleware to Keystone source code tree
 7470 * add a stubby setup.py
 7471 * use paste for the binary
 7472 * add a trivial admin-only middleware
 7473 * update keystone sample tests, skip one
 7474 * Bug #887236: - Changes to allow extensions to be configured. - Introduced a new property that holds list of extensions that are to be enabled
 7475 * add crud info to readme
 7476 * get novaclient tests working
 7477 * add novaclient, intermediate
 7478 * add run\_tests.sh and pep8 stuff
 7479 * remove italics on Light
 7480 * modify requirements
 7481 * link diagrams
 7482 * Track post-Diablo database evolution using migrations (BP: database-migrations)
 7483 * Changed blatant hack (fixed spelling also) to 5 second timout as tests were not completing
 7484 * Use TENANT\_ID instead of TENANT for project\_id
 7485 * X.509 client authentication with Keystone.  Implements blueprint 2-way-ssl
 7486 * whitespace
 7487 * added catalog tests
 7488 * added tests for tokens
 7489 * test the other methods too
 7490 * add some tests and get others to pass
 7491 * add some failing tests
 7492 * add a default conf
 7493 * minor whitespace cleanup
 7494 * add some todo
 7495 * fixed the output message error on granting user a role
 7496 * Bug #884930 Support/Remove additional calls for for Tenant. - Supported call to get users for a tenant for a specific role. - Removed calls to get specific role for a user and to get all the roles for a specific tenant as they are not useful. - Fixed LDAP backend call to get users for a tenant. - Disabling Invalid pylint check
 7497 * adding docs to test classes, updating run\_tests.sh to match reality adding debug middleware factory adding docs on enabling debug middleware resolving pep8 issues
 7498 * Fixes LP Bug#885434 - Documentation showing multiple tenants misleading
 7499 * add example
 7500 * rst blah blah
 7501 * updated readme
 7502 * authenticate and tenants working
 7503 * working authenticate in keystoneclient
 7504 * remove test\_keystone\_compat's catalog tests
 7505 * add templated catalog backend
 7506 * Use pure version number ("2012.1") in tarball name
 7507 * Set run\_tests.sh so pep8 runs in the virtualenv
 7508 * bug 885364
 7509 * bug:884518 Changes to support passwordcredentials calls as per API contract. Minor LDAP code change to support tests
 7510 * Fixed spelling of 'Resources' (Resoruces)
 7511 * pep8 cleanup
 7512 * everything but the catalog
 7513 * Remove execute bit on keystone.conf
 7514 * Fixes LP882760.Changes to return TenantId properly as part of roles.Additional tests to support the same
 7515 * Moving contributor docs into rst (bug #843056)
 7516 * fixing search sequence to not include directory structure from os.walk()
 7517 * bug lp:882371 Standardize Json pagination structures
 7518 * get a checkout of keystoneclient
 7519 * bug lp:882233 Code changes to support API calls to fetch services/roles by name
 7520 * Removed contributor doc build info from project README (bug #843056)
 7521 * Revised documentation build process (bug #843056)
 7522 * updates to keystone documentation - install & conf bug 843056 blueprint keystone-documentation
 7523 * Specific LDAP version causing hiccups installing on latest ubuntu & fedora
 7524 * Adding the concept of creating a Keystone HTTP client in Python which can be used in Keystone and imported from Keystone to allow for easier Keystone integration
 7525 * Add .gitreview config file for gerrit
 7526 * updating keystone developer documentation updating docstrings to remove errors in automodule generation updating setup.py to generate source documentation blueprint keystone-documentation bug 843056
 7527 * Changes to support getuser by name and gettenant by name calls
 7528 * Changes to support get endpoints for token call
 7529 * Additional changes to support endpointtemplates operations.Disabling pylint msgs that dont fit
 7530 * Github markdown doens't seem to like irc:// links
 7531 * Removed 'under construction' docs provided elsewhere
 7532 * Updated self-documentation to point to docs.openstack.org
 7533 * Revised documentation
 7534 * Changes to endpoint operations as per OSKSCATALOG contract. Adding couple of pylint fixes
 7535 * Refactored version attributes
 7536 * Changes to support endpointTemplate operations as per new API.Fixed issues with command line manage stuff
 7537 * Updated Secret Q&A to extend CredentialType
 7538 * Changes to support API calls as per OS-KSCATALOG extension
 7539 * Improved CLI error feedback (bug 877504)
 7540 * authenticate working, too
 7541 * base tests on keystone-diablo/stable
 7542 * get tenants passing, yay
 7543 * flow working, added debugging
 7544 * add context to calls
 7545 * move diagram into docs dir
 7546 * refactor keystone compat and add catalog service
 7547 * added sequence diagrams for keystone compat
 7548 * Resubmitting change. Fixing issue #843226. Changes to throw appropriate faults during token validation
 7549 * bug lp:865448 change abspath to dirname in controllers/version.py to correct path problems
 7550 * Moving non core users and tenants calls to appropriate extensions
 7551 * Fix issues in the ec2 middleware
 7552 * Adding calls to get roles for user as per new format.Cleaning references to old code
 7553 * Fixes LP844959, typo in Authors file
 7554 * Changes to support roles and services calls via extensions. Change-Id: I1316633b30c2be07353dacdffb321791a4e2e231
 7555 * Simplified README
 7556 * First commit for Secret Question and Answer Extension: RAX-KSQA
 7557 * Fixing issue 854425.ie chaning token table name to tokens. Fixing issue 863667.Changes to support updation of user/tenant name as well using api calls. Fixing LDAP backend to have id independent of name.Fixing getuser call to also return name
 7558 *  Fixing bug 859937.  Removing incorrect atom feed references from roles.xsd
 7559 * Minor corrections to the middleware and wadl
 7560 * Changes to show name also for the user list
 7561 * Changes to show admin URL also as a part of json in endpoints listing
 7562 * getting closer, need to match api now
 7563 * tests running through, still failing
 7564 * add a test client
 7565 * added a test, need to get it working now
 7566 * Use the tenant name for X\_TENANT
 7567 * Fix possible\_topdir computing
 7568 * Change roleId to role.id for swift middleware
 7569 * adding in doc and setup to cover existing scripts adding doc around credentials command usage (for EC2)
 7570 
 7571 2011.3
 7572 ------
 7573 
 7574 * Updating legacy auth translation to 2.0 (bug #863661)
 7575 * Shouldn't look in /etc/init/ for config files
 7576 * Changing default admin port from 5001 to 35357, per IANA/IETF (bug #843054)
 7577 * Organizing and documenting pypi requirements
 7578 * sample data updates to remove -service from image and identity
 7579 * Refactor and unit test json auth parsing
 7580 * Error message expecting 'e' in local scope
 7581 * Do not return identical error messages twice
 7582 * Update auth examples in README
 7583 * README.md changes to point to openstack repo
 7584 * updating docs for Mac source install, no docs for mac package install relevant
 7585 * POST /tokens: Added tenant id & name to scoped tokens in XML (#862752)
 7586 * Updated guides.Have recompiled to use the latest examples
 7587 * Fix bug 861546
 7588 * Fix swift middleware with regard to latest changes
 7589 * Changes to support getTenants to behave differntly for admin users when invoked as a service api or admin api
 7590 * Changes to stored hashed password in backends. Using passlib a password hashing library. Using sha512. Setting hashing to be the default behavior
 7591 * Changes to WADLs to refer actual types
 7592 * Revised docstring
 7593 * Added /etc/init/keystone.conf to list of known configuration paths
 7594 * Revising tenant IDs & Names in samples (#854228)
 7595 * Authenticating against non-existent tenant (fixed #859927)
 7596 * Adds list of dependencies to dev install
 7597 * Fixed Anne's email address & list position (alphabetical)
 7598 * Added support for scoping by tenantName
 7599 * Changes to return groups as a part of RAXKSGRP extension.Also fixed incorrect schema version references in wadls and examples
 7600 * Changes to support authenticate call to accept token as per agreed format
 7601 * Minor changes to wadl
 7602 * Making type mandatory as per sandy's request and minor fixes to wadl examples. Adding Ann as an author
 7603 * Changes to structures to support authenticate using token. Minor wadl fixes. Adding Anne as an author
 7604 * Removing token element from token.xsd
 7605 * Update to token.xsd to allow element token as a root element in relation tu bug: https://bugs.launchpad.net/keystone/+bug/855216 - apiKeyCredentials Samples casing apiKey update
 7606 * Changes to support endpoint template addition/listing by service names. Changes to list service details as well
 7607 * Modified apiKeyCredentials to extend single entity and use restriction
 7608 * Reorder params in User() constructor
 7609 * Fix for bug 856857 - add user.name to User() constructor to re-align param
 7610 * Fix for bug 856846 - cast ints to string in users\_get\_by\_tenant\_get\_page so that they can be joined
 7611 * POST /tokens: A chronicle of missing features
 7612 * Fixes issues with ldap tests
 7613 * Get Service Catalog from token
 7614 * Fixes auth\_token middleware to allow admin users in nova
 7615 * Initial set of changes to move role operations to extensions
 7616 * Updating guide wrt wadl changes
 7617 * Minor Changes to extension WADL
 7618 * Changes to support auth catalog as per new format
 7619 * Changes to docs
 7620 * Adding tenantid to user roles and endpoints
 7621 * Fixes bug 855823
 7622 * Add code removed in https://code.launchpad.net/~vishvananda/nova/remove-keystone-middleware/+merge/76297 to keystone
 7623 * Added support for HEAD /tokens/{token\_id} Changed POST /tokens response container from 'auth' to 'access'
 7624 * Making identity-admin.wadl well-formed
 7625 * Converting to new doc format for included code samples
 7626 * Changing authenticate request content xml as well as json
 7627 * GET /tokens/{token\_id}: Exposing both role ID's and Name's
 7628 * Renaming 'roleRef' container to 'role'
 7629 * Renaming 'roleRefs' container to 'roles'
 7630 * Renaming GET /tokens/{token\_id} response container to 'access'
 7631 * Revised samples
 7632 * Fixed path issues with keystone-import
 7633 * Update validate\_service\_or\_keystone\_admin\_token so that it doesn't cause exceptions if the admin or service admin haven't been configured
 7634 * Changing/introducing actual extension json/xml snippets. Adding updated documents
 7635 * Backend-managed role & service ID's (bug #834683)
 7636 * Initial Changes to move service operations to extensions
 7637 * Docs,wadls,samples,initial code to support RAX-KSKEY and OS-KSEC2 extensions. Removed tenant id from being part of endpoints
 7638 * Glance Auth Token Middleware fix
 7639 * Sorted AUTHORS list
 7640 * adding imports from Nova for roles, tenants, users and credentials
 7641 * Update keystone-manage commands to convert tenant name to id. Fixes #lp849007
 7642 * 1.Changed all Json paginated collection structure. 2.Introduced a type for credential type (path param) and change wadls and xsds. 3.Added List Users call. 4.Changed Endpoint creation example
 7643 * Don't import keystone.test unless we are in testing. Fixes #lp848267
 7644 * Add toggle to run tests in-process, w/ realtime progress feedback
 7645 * Add ability to run fakeldap in memory
 7646 * Added backend-managed primary key to User and Tenant model
 7647 * Introducing doc to support OS-KSCATALOG extensions.Adding new calls to OS-KSADM extension document
 7648 * Adding initial document for OS-KSADM-admin extension.Related changes on wadl,json,xsd etc
 7649 * Fixing sample content
 7650 * Adding new doc.Changes to sample xmls and jsons
 7651 * Validation content and relavant changes
 7652 * Minor fixes on xsds and sample xmls
 7653 * Fixing existing wadl.Completing wadl for extension OS-KSADM
 7654 * Fix invocations of TemplateError.  This exception takes precisely three parameters, so I've added a fake location (0, 0) to keep it happy
 7655 * Adding wadl for OS-KSCATALOG extension.Fixing existing xsds.Fixing service wadls. Merging changes. Change-Id: Id29dc19cbc89f47e21329e531fc33bd66c14cf61
 7656 * Update Nova and Glance paste config examples
 7657 * Various documentation-related changes
 7658 * Consolidating xsds. Splitting contrib to admin and service
 7659 * Adding guides for groups extension
 7660 * Fix host/port split code in authenticate\_ec2. Resolves an AttributeError: 'Ec2Credentials' object has no attribute 'partition' exception that can occur for EC2 auth validations
 7661 * Adding guide for RAX-KSKEY-service extension. Adding guide for OS-KSEC2-service extension
 7662 * Fix NameError exceptions in add\_credentials. Adds test case on creating credentials
 7663 * Redefining credential types. Defining additional extensions and renaming extensions. Removed wadls that are not needed
 7664 * Fix for duplicate <any> tag on credentials.xsd
 7665 * Move tools/tracer into the keystone code. Fixes ImportError's when running keystone as a .deb package
 7666 * Fixed error where endpoints returned for tenant instead of token
 7667 * Updated the AUTHORS file to test the new rpc script and workflow
 7668 * Update rfc.sh to use 'true'
 7669 * Made it possible to integrate with external LDAP
 7670 *     Dev guide rebuild and minor fixes
 7671 * Updates to samples, XSDs, and WADLs
 7672 * Added AUTHORS, .mailmap and generate\_authors.sh
 7673 * Changes to support endpoint template updates
 7674 * Fixes bug 831574. Adds missing sys import
 7675 * Updated schema to reflect id and name changes to Users and Tenants
 7676 * Updated guides and samples
 7677 * Additional contract changes
 7678 * Sample changes
 7679 * Atom links on Token
 7680 * Cleanup service it endpoint catalog
 7681 * Removed redundant function from base user api
 7682 * Updated samples
 7683 * Fixed reference to unassigned variable
 7684 * Reworked XSDs and WADL to support auth and access elements
 7685 * Remove more group stuff
 7686 * Removed OSX files that shouldn't be in git
 7687 * Documentation cleanups
 7688 * Banished .DS\_Store
 7689 * Add rfc.sh for git review
 7690 * Wrong common namespace
 7691 * XSD & sample updates
 7692 * Added more missing files to MANIFEST.in
 7693 * hanges to allow test to work on python 2.6.\*
 7694 * Cleaned up come issues with python2.6
 7695 * Refactored manage.py to be both testable and useful for testing
 7696 * Sample changes to support v2.0 api
 7697 * Sample changes to support v2.0 api
 7698 * Admin WADL Revisions
 7699 * Add the files in keystone/test/etc
 7700 * Add run\_tests.\* to the MANIFEST.in
 7701 * Keystone manage.py cleanup
 7702 * Tests running on in-memory sqlite db
 7703 * Additional changes to fix minor service support stuff and increase test coverage. Also making validate token call available using service admin tokens
 7704 * Made all sample data loading in one script
 7705 * Minor fix to run\_tests
 7706 * Contract changes
 7707 * Admin WADL updates
 7708 * Port of glance-control to keystone.  This will make writing certain keystone integration functional tests a little easier to do
 7709 * Updates to XML and JSON changes for validateToken
 7710 * Added pylint message count as run\_tests.sh -l
 7711 * Added reponse handling for xsd static file rendering III Extra extension tests (for RS-KEY)
 7712 * Creating an artificial whitespace merge conflict
 7713 * Moved run\_test logic into abstract class
 7714 * Git-ignore python coverage data
 7715 * Added reponse handling for xsd static file rendering
 7716 * Additional tests and minor changes to support services CRUD
 7717 * Added reponse handling for xsd static file rendering
 7718 * Schema updates. Split WADLs and extensions and got xsds to compile
 7719 * Ziads changes and fixes for them
 7720 * Added check\_password to abstract backend user API
 7721 * Doc changes, including service catalog xsd
 7722 * Fixed service-bound roles implementation in LDAP backend
 7723 * Removed ldap names import from fakeldap module
 7724 * fix ec2 and add keystone-manage command for creating credentials
 7725 * Legacy auth fix and doc, wadl, and xsd updates
 7726 * Replacing tokens with the dummy tokens from sampledata.sh
 7727 * Add option for running coverage with unit2
 7728 * Adding curl documentation and additional installation doc. Also updated man documentation for keystone-manage
 7729 * Changes to improve performance
 7730 * Removed the need to set PYTHONPATH before tests
 7731 * Back to zero PEP8 violations
 7732 * Schema and WADL updates
 7733 * Adding documentation to WADL
 7734 * Correct 401, 305, and www-authenticate responses
 7735 * Correct 401, 305, and www-authenticate responses
 7736 * Correct 401, 305, and www-authenticate responses
 7737 * Added xsd content, update static controller, and static tests
 7738 * Updated wadl
 7739 * Fix LDAP requires to compatible version
 7740 * Moved password check logic to backend
 7741 * Changes to delete dependencies when services,endpoint\_templates,roles are being deleted. PEP8 and Pylint fixes.Also do ldap related changes
 7742 * Add LDAP schema
 7743 * Add wrapper for real LDAP connection with logging and type converting
 7744 * Fix console and debug logging
 7745 * Redux: Add proper simple\_bind\_s to fakeldap
 7746 * Adds support for authenticating via ec2 signatures
 7747 * Changes to allow additional calls to support endpoint template CRUD and additional checks on existing method
 7748 *  Committer: Joe Savak <joe3963@joe3963-VirtualBox.(none)>
 7749 * Refactoring business logic behind GET /tenants to make it less convoluted
 7750 * Moved run\_tests.py to match other projects
 7751 * Revert "Add proper simple\_bind\_s to fakeldap, removed all imports from ldap."
 7752 * Add proper simple\_bind\_s to fakeldap, removed all imports from ldap
 7753 * Gets Keystone a bit more inline with the way that other OpenStack projects run tests. Basically, adds the standard run\_tests.sh script, modifies the run\_tests.py script to do the following:
 7754 * Changes to support CRUD on services/roles
 7755 * Issue #115: Added support for testing multiple keystone configurations (sql-only, memcache, ldap)
 7756 * Added automatic test discovery to unit tests  and removed all dead tests
 7757 * PEP8 fixes... all of them
 7758 * Small licensing change to test Gerrit
 7759 * Small change to test Gerrit
 7760 * Fix brain-o--we may not need project\_ref, but we do need to create the project!
 7761 * updated README with more accurate swift info
 7762 * Determine is\_admin based on 'Admin' role; remove dead project\_ref code; pass auth\_token into request context; pass user\_id/project\_id into request context instead of their refs
 7763 * Added support for versioned openstack MIME types
 7764 *  #16 Changes to remove unused group clls
 7765 * Add unittest2 to pip requires for testing
 7766 * #66 Change in variable cases
 7767 * #66 Change in variable cases
 7768 * Changes to make cache time configurable
 7769 * Changes to store tokens using memcache #66
 7770 * Changes suggested by Ziad.Adding validateToken operation
 7771 * Flow diagram to support keystone service registration
 7772 * Restored identity.wadl w/ system test
 7773 * pylint fixes for role api
 7774 * Removing attribute duplicated from superclass; causes an issue in py 2.7
 7775 * pylint fixes for tenant-group unit tests
 7776 * pylint fixes for server unit tests
 7777 * Making the API version configurable per API request
 7778 * PEP8 fixes for system tests
 7779 * Issue #13: Added support for Accept-appropriate 404 responses w/ tests for json & xml
 7780 * Simple change to test gerrit
 7781 * Document how to allow anonymous access
 7782 * Sigh. Proofreading..
 7783 * Update README with instructions to fix segfault
 7784 * These changes make no sense--I didn't do them, and I'm in sync!
 7785 * Add middleware for glance integration
 7786 * #3 Preventing creation of users with empty user id and pwds
 7787 * Fixing naming conflict with builtin function next()
 7788 * This makes the use of set\_enabled more clear
 7789 * Fixes failing test introduced after disabled check remove
 7790 * Changes to allow password updates even when the user is disabled.Also fixed failing tests
 7791 * Disabled users should now be returned by GET /users/{user\_id}
 7792 * Updating a disabled user (via xml) should now succeed
 7793 * Updating a disabled user should now succeed
 7794 * Noted potential issue, but I'm not sure if this is dead code or not anyway?
 7795 * Assigned Base API classes so downstream code knows what to expect
 7796 * Adding missing class variable declaration
 7797 * Cleaning up unit tests
 7798 * Removes disabled checks from get\_user and update\_user
 7799 * Fixing module-level variable naming issues
 7800 * Improving variable naming consistency
 7801 * Avoiding overloading of built-in: type()
 7802 * Fixing indentation
 7803 * Specified python-ldap version, which appears to avoid the packaging issues we've experienced
 7804 * Added missing import
 7805 * More LDAP tweaks
 7806 * LDAP backend updates
 7807 * More test fixes
 7808 * Fixed deprecation warning
 7809 * Updated test to allow for additional role
 7810 * Restored UnauthorizedFaults to token validation requests
 7811 * Fix for issue #85
 7812 * - System test framework can now assert specific response codes automatically - Revised system test for issue #85 based on clarification from Ziad - Added system test to attempt admin action using a service token
 7813 * Adds the member role to sampledata, gives it to joeuser
 7814 * PEP8 fixes
 7815 * Formatting
 7816 * Merged duplicate code
 7817 * Add first implementation of LDAP backend
 7818 * Added (failing) system test for issue #13
 7819 * Minor cleanup
 7820 * Made all API methods raise NotImplementedError if they are not implemented in backend
 7821 * Made delete\_all\_endpoint calm if there is nothing to do
 7822 * Fixed bug causing request body setting to fail
 7823 * Add check to sqlalchemy backed to prevent loud crush
 7824 * Tweaked import\_module to clearly import module if it can
 7825 * Removed hardcoded references to sql backends
 7826 * Add exception throwing and logging to keystone-manage
 7827 * Merging keystone.auth\_protocols package into keystone.middleware
 7828 * - Added 'automatic' admin authentication to KeystoneTestCase using bootstrapped user - Added system tests for admin & service authentication - Abstracted '/v2.0' path prefix away from system tests - Added simple uuid function to generate data for system tests (random number gen w/ seeds might work better?) - Refactored issue #85 tests with setUp & tearDown methods
 7829 * Clarifying test case
 7830 * Fixed minor pylint issues
 7831 * Removed tenant id from admin user
 7832 * Move dev guide to OpenStack
 7833 * Commented out failing request, until it's review
 7834 * Wrote test case for github issue #85
 7835 * Formatting change
 7836 * Was this a typo or an incredibly lame joke?
 7837 * Added missing imports and fixed a few pylint issues
 7838 * Improved dict formatting
 7839 * Improved readability a bit
 7840 * Abstracted underlying HTTP behavior away from RestfulTestCase Added 'automatic' JSON body encoding (TODO: automatic XML encoding) Improved user-feedback on automatic response status assertion
 7841 * Added run\_tests.py to keystone.test.system, which uses bootstrap db script
 7842 * Added bootstrap configuration script (with admin user assigned an Admin role)
 7843 * Added 'automatic' token auth for each API
 7844 * Refactored port configuration strategy to allow a single test case to address both the admin and service API's
 7845 * Added automatic json/xml parsing to system test framework
 7846 * Added system test discovery to run\_tests.py
 7847 * Added system tests for content type handling and url rewriting
 7848 * Updated tests to reflect last bug fix
 7849 * Extracted sample test from framework and moved system test framework into \_\_init\_\_
 7850 * Converted system test framework to use httplib
 7851 * Initial system test approach, using urllib2
 7852 * Fixed bug: traceback thrown when the path '/' is requested
 7853 * Updated \*unused\* tests to reflect refactored API's
 7854 * Removed some useless/dead code
 7855 * Cleaned up authentication tests
 7856 * Improved readability slightly
 7857 * Moved db imports to config module Removed useless try/except blocks
 7858 * Organized imports
 7859 * Simplified a few util functions
 7860 * Fixed line length
 7861 * Renamed service API configuration options
 7862 * Renamed ServiceApi router module
 7863 * Renamed ServiceApi router
 7864 * Cleaned up keystone.logic
 7865 * Removed unused logger
 7866 * Refactored routers and controllers into their own modules (issue #44)
 7867 * Fixed doc string
 7868 * Improved PEP8 compliance
 7869 * Fixed spelling
 7870 * Removed unused import
 7871 * Slightly simplified base wsgi router
 7872 * Added note about run\_tests.py to readme
 7873 * Organized imports
 7874 * Improved readme consistency
 7875 * pep8
 7876 * Pylint an pep8 fixes
 7877 * Fixing bug reported using with swift
 7878 * Fixed default content type behavior (was defaulting to XML)
 7879 * Removed redundant action mappings (for version controller)
 7880 * Renamed exthandler to urlrewritefilter to better illustrate it's purpose
 7881 * Minor comment change
 7882 * Refactored URL extensions handling (for .json/.xml) Added universal support for optional trailing slashes
 7883 * Return users in a tenant as part of a many-to-many relationship
 7884 * Added import, autoformatting
 7885 * Removed unused imports
 7886 * Moved exthandler to keystone.middleware
 7887 * \*\* keystone.conf refactoring \*\*
 7888 * Fixed 'is\_xml\_response' function, which had no clear intention
 7889 * Removed unused function
 7890 * Rewrote .json/.xml extension handler with additional unit test
 7891 * Added links to readme
 7892 * Added python-ldap to pip-requires
 7893 * Initialized LDAP backend
 7894 * Various fixes for test running
 7895 * Commented out suspicious unit tests.....
 7896 * Added test automation script
 7897 * Cleaned up file
 7898 * Added missing test files to test collection
 7899 * Made unit tests executable from the cmd line
 7900 * Added test\_auth to list of unit tests
 7901 * Update auth test to account for generic service names
 7902 * Changes to make Admin for keystone configurable.#27
 7903 * Remove old initializers
 7904 * Changes to introduce BaseAPI to support multiple back ends
 7905 * Changes to support dynamic loading of models
 7906 * Adding list of todos
 7907 * Initial changes to support multiple backends
 7908 * Fixed identity.wadl response - issue #71#
 7909 * Recompiled devguide with endpoints and templates
 7910 * Removed unnecessary symlink
 7911 * Changes to support endpoints and endpointemplates (renaming BaseUrls and BaseURLRefs)
 7912 * Make swift middleware live where it should
 7913 * Remove swift-y bits from generic token auth
 7914 * Changes on Sample data
 7915 * Code changes to support global endpointTemplates
 7916 * Swift-specific middleware
 7917 * Issue 31: Switching default ports to 5000/5001 (public/admin)
 7918 * Fixed readme instructions for Nova - Issue #55
 7919 * Fixed requires for development and in readme
 7920 * Bringing back the changes to support endpointTemplates and endpoints
 7921 * Readme fix
 7922 * Edited keystone/auth\_protocols/nova\_auth\_token.py via GitHub
 7923 * Issue 32: Updated readme to reflect fix for issue 32 (removed 'cd bin' prefixes before several commands)
 7924 * (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/
 7925 * Issue 32: ./bin/keystone cannot be executed outside of bin/
 7926 * Issue 31: Reverted ports to 8080/8081 while the issue is under discussion
 7927 * Adding endpoint related files
 7928 * Updated readme to reflect docs/ -> doc/ change Added tools/pip-requires-dev for depelopment dependencies
 7929 * Basic authorization for swift
 7930 * Republished developer guide for Jun 21, 2011
 7931 * Updated token validation sample xml (dev guide)
 7932 * Updated dev guide publish date
 7933 * Added developer guide build folder to git ignore list
 7934 * Auto-formatted and syntacically validated every JSON example in the doc guide
 7935 * working with dashboard
 7936 * add get\_tenants
 7937 * rudimentary login working
 7938 * most bits working
 7939 * initial
 7940 * Reverting change thats not needed
 7941 * Fixing some of the failing tests
 7942 * Merging changes from trunk
 7943 * demo of membership using keystone in sampledata
 7944 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7945 * Fixed formatting, imports
 7946 * Issue 31: Updated docs and examples
 7947 * Committing unit test configuration for issue 31
 7948 * Issue 31: Changed default ports to 80/8080
 7949 * Issue #8: Renamed primary key of Token to 'id'
 7950 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7951 * Changes to hash password
 7952 * Restored tools.tracer to bin/ scripts; included fix for empty frames
 7953 * Merging changes
 7954 * Removed unused import
 7955 * Removed redundant sentence in dev guide
 7956 * Removed unused imports in bin/
 7957 * Fix for keystone issue 41: https://github.com/rackspace/keystone/issues/41
 7958 * Merging changes from rackspace
 7959 * Fixed spelling error
 7960 * Changes to include support for paginations
 7961 * Fixing existing methods on wadl
 7962 * Fixed broken unit test code
 7963 * Refactored api function names to avoid redundancy with new module names
 7964 * Changes to wadl to support user operations
 7965 * Refactored DB API into modules by model
 7966 * Pep8 changes
 7967 * Changes to allow user creation without a tenant
 7968 * for got to change a 1.1 to 1.0
 7969 * dash needs both 1.0 and 1.1 compatability - need to fix that!
 7970 * nova needs 1.0 api currently
 7971 * Some field validations
 7972 * Merged docs
 7973 * make sampledata executable again
 7974 * Admin for nova doesn't take a tenant
 7975 * add keystone to its own service catalog
 7976 * Fixed error on UrlExtensionFilterTest
 7977 * Fixed imports; improved PEP8 formatting compliance
 7978 * Fixed imports in keystone.common
 7979 * Removed unused imports and denoted unused variables
 7980 * Fixed imports in auth\_protocols
 7981 * Removed duplicated function
 7982 * Added coverage to pip development requirements
 7983 * Fixed relative & unused imports
 7984 * Adding py init to functional tests
 7985 * Created pip requirements file for development env (added sphinx python doc generation to start)
 7986 * Added pydev files to gitignore
 7987 * Added py init files to directories already being referenced as modules
 7988 * Users must have tenants or nova breaks
 7989 * Doc updates and dev requires
 7990 * Resolved conflicts
 7991 * To PUT or to POST
 7992 * Fixed v1.0 auth test to account for cdn baseURL order
 7993 * Support for GET /v2.0/users and add cdn back to sampledata for v1.0 support
 7994 * Update the baseURL data pushed into glance
 7995 * Fix symlinks after docs -> doc rename
 7996 * Adding call to modify tenant.Adding more tests and fixing minor issue
 7997 * Added pip requirements file for testing environments
 7998 * Grammar corrections
 7999 * Adds Sphinx build ability and RST documentation
 8000 * Removing unused references to UserTenantAssociation
 8001 * Introduced a method to get all users @Users resource.Also moved the method to get user groups out of tenant scope
 8002 * Changed BaseURLs to OpenStack names
 8003 * Test fixes
 8004 * Seperating user calls from tenants
 8005 * Improved README formatting/consistency
 8006 * Updated paths to unit/function tests in README
 8007 * Updated docs: sampledata.sh can't be executed outside of bin/
 8008 * Added Routes and httplib2 to production dependencies
 8009 * Correcting typo
 8010 * Setup.py fix
 8011 * Readd test folder
 8012 * Forgot to add doc file
 8013 * Moved tests to keystone folder and removed old management tools - issue #26
 8014 * Updated SWIFT endpoint default
 8015 * Update to dev guide explaining admin call auth requirements
 8016 * Update sample data and keystone-manage for local install of OpenStack
 8017 * Put updated Swift Quickstart into README.md
 8018 * API v2.0 Proposal
 8019 * Doc updates.Minor keyston-manage changes
 8020 * Doc updates
 8021 * Doc updates
 8022 * set nova admin role if keystone user has "Admin" role
 8023 * keystone repo is now at github.com/rackspace/keystone
 8024 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 8025 * Add Admin API tests for v2 authentication
 8026 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 8027 * Rename file.Ziad suggestion
 8028 * Name changes suggested by Ziad
 8029 * Minor fixes
 8030 * Code cleanup
 8031 * PEP8 changes
 8032 * Removing redundant files
 8033 * Changing to legacy auth to standard wsgi middleware.Name change of some of the files
 8034 * Changing to legacy auth to standard wsgi middleware
 8035 * Introducing new frontend component to handle rackspace legacy calls
 8036 * Introducing new frontend component to handle rackspace legacy calls
 8037 * keystone repo is now at github.com/rackspace/keystone
 8038 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 8039 * Add Admin API tests for v2 authentication
 8040 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 8041 * Removing debug print
 8042 * Changes to return service urls for Auth1.0 style calls
 8043 * Changes to return service urls for Auth1.0 style calls
 8044 * Updating tests and sample data
 8045 * Merging changes from rackspace
 8046 * Changes to support service catalog
 8047 * pep8
 8048 * Added URLs to sampledata
 8049 * Support for listing BaseURL refs in keystone-manage
 8050 * Support transforming service catalog
 8051 * Removing remerged comments
 8052 * Adding roles as comma seperated values on a single header
 8053 * Changes to support getTenants call for user with admin privelage and regular user
 8054 * Add more test cases for v2 authentication for bad requests and unauthorized results
 8055 * Add test case for verifying GET /v2.0/tokens returns 404 Not Found
 8056 * It's possible to authenticate through the Admin API
 8057 * Changes on auth basic middleware component to return roles.Also changes on the application to return roles not tied to a tenant
 8058 * Update the sample to reflect some minor enhancements to the base framework
 8059 * Add test for validate\_token
 8060 * Save expiration data for later comparison
 8061 * Don't need to fiddle around with user tokens here, just admin tokens
 8062 * Get and revoke both admin and user tokens..
 8063 * Merging changes
 8064 * Bah, somehow my sample data failed to include Admin as admin's role
 8065 * Merging changes
 8066 * Merging changes
 8067 * Merging changes
 8068 * Meging changes
 8069 * Changes to also return role references as a part of user when get token call is made for a specific tenant
 8070 * Use un-spaced exception names..
 8071 * Try to use an admin credential to revoke the token
 8072 * Split the Keystone service from the Admin service so we can test both
 8073 * The API is a moving target; update the test
 8074 * Support for listing roles in keystone-manage
 8075 * Adds unit testing base class that takes care of much of the tedium around setting up test fixtures. This first commit just demoes the new test case functionality with a new test case /test/unit/test\_authn\_v2.py
 8076 * pep8
 8077 * Fixed issue #6
 8078 * Support POST /tokens only - issue #5
 8079 * Added quick start guide to integrating Swift and Keystone; fixed setup.py tokenauth filter installation
 8080 * Added role and user data to sampledata.sh
 8081 * Additional unit tests for base url refs.Minor code refactorings
 8082 * Changes to support baseurlrefs operations
 8083 * MD cleanup
 8084 * md futzing
 8085 * More readme cleanup
 8086 * Merged DTest tests and moved ini file to examples/paste
 8087 * moved paste example to examples
 8088 * Readme updates
 8089 * Just making sure leading whitespace is stripped if automated
 8090 * to->too
 8091 * Updated dev guide
 8092 * Add a sample to document how to create tests
 8093 * Add a test for authenticate/revoke\_token
 8094 * Ensure that --username, --password, and --keystone are given
 8095 * Build base classes for tests
 8096 * Documentation fixes to versions
 8097 * Build the skeleton necessary to run tests
 8098 * Add x\_auth\_token header to most methods
 8099 * Make sure we don't lose the body completely if we can't json.load() it
 8100 * Add debugging messages
 8101 * Add a property to get the RESTClient instance
 8102 * Fix up get()/put()/post()/delete() calls to make\_req()
 8103 * Deal with the case that no headers are provided
 8104 * Deal more intelligently with empty strings
 8105 * Listing technologies to integrate
 8106 * Um, queries are supposed to be optional, all others required
 8107 * Properly join relative paths
 8108 * Apparently "/token" is actually spelled "/tokens"
 8109 * Accidentally left out the reqwrapper argument
 8110 * Sketch in a basis for the Keystone API 2.0
 8111 * Make argument order a little more natural
 8112 * Fixing unit tests.Introduced support for global roles
 8113 * Don't let self.\_path be the empty string
 8114 * self.\_scheme isn't set yet
 8115 * Don't add a field if there isn't one..
 8116 * Create a simple means of building a REST-based API
 8117 * Fixing unit tests for user and groups
 8118 * Docs
 8119 * Link fix
 8120 * API Spec updates
 8121 * More /token -> /tokens fixes
 8122 * /tokens instead of /token
 8123 * Prep for move to git@github.com:rackspace/keystone.git
 8124 * Made URL relative
 8125 * pep-8 and minor mapping fix
 8126 * Dev guide update - BaseURLs and Roles
 8127 * Update docs on how to use nova.sh to deploy openstack on cloud servers
 8128 * Changes to support calls to getBaseUrls
 8129 * Changes to support /tokens on docbook and minor roleref changes
 8130 * Changes to support roleref calls
 8131 * Updated to use X\_USER as decided in Issue 49
 8132 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8133 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8134 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8135 * user should be what keystone returns
 8136 * Fixed issue #54
 8137 * Updated to use X\_USER as decided in Issue 49
 8138 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8139 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8140 * Minor changes to the document
 8141 * Changes to unique relationship definition
 8142 * Adding more tests for roleref operations
 8143 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8144 * Changes to support /tokens on docbook and minor roleref changes
 8145 * Changes to support roleref calls
 8146 * user should be what keystone returns
 8147 * midnight typo
 8148 * Added examples readme
 8149 * Fixed issue #54
 8150 * Link to latest dev guide in readme
 8151 * Instructions to run with Nova
 8152 * Documentation update and new API spec
 8153 * Updates to README
 8154 * Updates to README
 8155 * Updates to README
 8156 * Updates to README
 8157 * Updates to README
 8158 * Updates to README
 8159 * Fix up broken setup.py scripts list
 8160 * -Removed .project file from project and added it to .gitignore -Moved pylintrc -> .pylintrc, personal preference that this file should be available, but not seen -Moved echo to examples directory, seemed a bit odd to be in the top level -Moved management directory to tools, seemed a bit odd to be in the top level -Moved pip-requires to tools/, and updated the reference to it in README.md
 8161 * Fix the identity.wadl symlink
 8162 * keystone src directory needs symlinked
 8163 * remove copy&paste ware from nova\_auth\_token and use auth\_token middleware
 8164 * Flow diagrams
 8165 * simple flow diagrams
 8166 * Multi-tenant token fixes
 8167 * Fixed invalid tenant authentication
 8168 * Fix error in tenant\_is\_empty (model has changed)
 8169 * Fixed debug/verbose flag processing
 8170 * update readme
 8171 * keep nova\_auth\_token in keystone
 8172 * Changes to support /Roles calls.Removing create call from being exposed as of now
 8173 * Changes to support /Roles calls.Description included
 8174 * Changes to support /Roles calls
 8175 * Readme merge
 8176 * Readme updaes for load testing
 8177 * hack nova\_auth\_token to work
 8178 * removing unused library
 8179 * Changes to support roles and baseurls on wadl
 8180 * Changes to support roles and baseurls on wadl
 8181 * Changes to support roles and baseURLs
 8182 * missed some nova reqs
 8183 * information on using nova\_auth\_token
 8184 * lazy provisioning for nova
 8185 * readme fixes
 8186 * Merged in anotherjesse's changes
 8187 * New model working with echo\_client.py
 8188 * Missed a file
 8189 * Added tracing and modified model
 8190 * echo\_client should be executable
 8191 * move nova's path injection to management scripts
 8192 * server.py/version.py shouldn't be executable while cli tools should
 8193 * spacing for readme
 8194 * Add keystone-manage to support bootstrapping Keystone with add user command
 8195 * Setup.py update
 8196 * Updated logging and parameterization for bin scripts
 8197 * Minor readme fixes
 8198 * Simplified running Keystone and Updated readme
 8199 * v1 compatibility and Service/Admin API split
 8200 * DocBook Changes
 8201 * Merging HCL changes - pull 40
 8202 * Changes to support baseurls and roles on the document.Adding sample files
 8203 * Changes to support baseurls and roles on the document
 8204 * Adding xsds to support roles and baseurls
 8205 * More version fixes
 8206 * Initial commit
 8207 * Make config compatible with legacy
 8208 * Move to v2.0
 8209 * Changes to move the db settings to conf file
 8210 * removing bottle
 8211 * Adding Accept header to is\_xml\_response logic
 8212 * Removing bottle dependencies
 8213 * Mae Pylintrc, reordered imports made pep8 of the  files
 8214 * Foundation for some server and auth unit tests
 8215 * Added as per HACKING  Files
 8216 * pylint fixes
 8217 * fixes
 8218 * fixed test cases
 8219 * Merged api,service,server,test\_common
 8220 * Added test cases for add user to a tenanat
 8221 * multi token test cases and bug fixes
 8222 * Moved all Server functions to utils.py
 8223 * Fixed failing test - bug introduced in cleanup
 8224 * Added pylint and cleanup from last commit
 8225 * Merged pull 37. Removes bottle, adds configuration, and adds daemonization
 8226 * fixed pylint
 8227 * fixed bugs
 8228 * fixes
 8229 * fixes
 8230 * removed backslashes
 8231 * Added functionality add user to a tenant
 8232 * fixes
 8233 * Pep8 test\_users.py
 8234 * checking SSLv3 problems
 8235 * checking SSLv3 problems
 8236 * checking SSLv3 problems
 8237 * checking git push problems
 8238 * Optimised test\_users.py
 8239 * Modified the README and README.md
 8240 * fixed bug raised when included exthandler
 8241 * Removed unwanted file
 8242 * removed unused run method
 8243 * Added PEP8 to test cases
 8244 * Removed importing objects from keystone
 8245 * pylintrc optimization
 8246 * optimization of test cases and handling multi token
 8247 * fixes
 8248 * Nochanges
 8249 * Modified the README for keystone-control issue
 8250 * Modified the README
 8251 * Added PEP8 for remaining test cases
 8252 * PEP8 for test cases by praveena
 8253 * renamed test\_identity.py to test\_keystone
 8254 * added pidfile and removed print statement from test\_common
 8255 * fixes
 8256 * removed print statement
 8257 * Added keystone.log to ignore list
 8258 * Modified  server.py tenant group URL to fix failing test cases
 8259 * Added \*.log to gitignore
 8260 * neglect changes
 8261 * Added new script to run all tests
 8262 * Modified and tests. Tests groups throwing some minor errors still
 8263 * Modified and commented the code
 8264 * Split the test cases into individual files Fixed Bugs of api
 8265 * Made PEP8 of server
 8266 * Too much of duplication and incomplete conflict resolution in test\_identity.py
 8267 * Sisirhs changes
 8268 * Sai and Praveena's Changes
 8269 * Added missing tests,  mad e enable and disable password work
 8270 * merged conflicts
 8271 * test cases modfications and bug fixes
 8272 * Renamed  to server.py and added  top dir in config
 8273 * Added the keystone  top dir in configuration
 8274 * Modified the README
 8275 * latest updates
 8276 * latest updates
 8277 * new merge with installation fixes
 8278 * A brief README for the auth-server
 8279 * Added keystone-control
 8280 * chasing tenant group bug
 8281 * Added tests for the URL extension middleware
 8282 * modified keystone-control and reshuffling of file names
 8283 * Adding unit test for the URL extension handler
 8284 * Modified test cases
 8285 * Yes, I modified, but I wont commit
 8286 * merged Sai changes
 8287 * Installation of keystone done
 8288 * corrects charset=utf=8
 8289 * Working on echo server
 8290 * one more push
 8291 * move the template code from bottle into a separate file:
 8292 * modified auth\_server.py
 8293 * Added echod and renamed echo.py to server.py
 8294 * Minor cleanup + pep8
 8295 * merging changes from sai branch
 8296 * saving changes to auth\_server.py
 8297 * get version implementation s Please enter the commit message for your changes. Lines starting
 8298 * get\_version\_info is still not working
 8299 * in the middle of get\_version\_info
 8300 * Modified test\_identity
 8301 * removed .auth.serve.py.swp
 8302 * Added some more functions through Routes and mapper
 8303 * Update for Abdul
 8304 * My Changes part 2
 8305 * modified Resposne to resp=Response()
 8306 * My Changes
 8307 * minor tweak
 8308 * Some more cleaning up of git merges
 8309 * Cleaning up of git merges
 8310 * Added glance type of eventlet, because of its plug and play which meets the need of running everything independently if needed
 8311 * pep8 and fixes
 8312 * Readme updates
 8313 * Removed keystone.db - should be generated by ORM
 8314 * Removed extra files from last commit
 8315 * Removed Global groups tests, which still needs to be tested. Updated README on how to run unit test
 8316 * Deleted keystone.db
 8317 * Merged pagination
 8318 * Git problems - lingering commit
 8319 * Renamed identity.py to server.py and added bin directory
 8320 * Adding router to requires. Updating standards in HACKING. Removing schema (generated from ORM)
 8321 * Added pagination functionality and tenant\_group functionality with unit tests
 8322 * Removing unused imports
 8323 * Removing unused function
 8324 * unwanted file
 8325 * added the code that would go to hussein repo
 8326 * Added tenant groups in identity, created test cases for tenant groups
 8327 * Added latest changes to sirish branch with pagination for get tenants
 8328 * Annotate TODOs
 8329 * argument handling in echo.py
 8330 * getting pep8-y with it
 8331 * Merged conflicts
 8332 * Basic auth and refactor
 8333 * more pep8
 8334 * testing merging
 8335 * get \_tenants pagination updates
 8336 * Merging keystone code
 8337 * Basic Auth support
 8338 * 17: query extension works
 8339 * Issue 17: Adding tests
 8340 * removed \r chararcter from unit directory
 8341 * removed windows newline characters from management folder
 8342 * removed unwanted files
 8343 * Adding First kestone repo
 8344 * Add Description File
 8345 * sai added by sai
 8346 * Foo2
 8347 * Foo
 8348 * Initial
 8349 * Minor changes + call using WSGI instead of bottle
 8350 * Restored remoteauth
 8351 * Reverted accidental(?) WADL deletion >:-(
 8352 * Renamed protocol modules to auth\_[type] Renamed PAPIAuth to RemoteAuth - better documented it and added redirect to auth\_token (to stop using this) Cleaned up ini files and ini file handling (removed hard-coded defaults)
 8353 * simple json cleanups for tests
 8354 * pep8-ize
 8355 * Added protocol stubs (openid and basic auth)
 8356 * Renamed delegated to 'delay\_auth\_decision' Remove PAPIAuth Rename folder to Auth\_protocols (that is where we add protocol components)Get\_request -> get\_content Make protocol module more generic (prepare for superclassing and multiple protocol support Refactor Auth\_protocol\_token If no token, bail out quick (clearer) same with if app Break out headers: - here is what is coming in - here is what we add - explain the X in headers: extended header
 8357 * Updated Readme, and added TODO
 8358 * Added XML/Json tests to the identity and updated the README
 8359 * Fixed issue with standalone install
 8360 * Updated readme
 8361 * Fixed remote proxy issue
 8362 * draft remote proxy: needs fixing
 8363 * Updated readme and echo\_client
 8364 * Adding remote echo ini file
 8365 * Fixes to middleware, ini parameters, and support for running echo remotely
 8366 * replaced localhost with config
 8367 * modifide middleware; echo\_client works
 8368 * Fixing and documenting middleware
 8369 * Merged pull request #30 from cloudbuilders/master
 8370 * Updated management scripts to use SQLAlchemy
 8371 * Fixed SQLAlchemy db location to keystone directory
 8372 * Added unit tests and updated the README.md on how to run it
 8373 * made echo test work
 8374 * get\_request is actually init model from request contents
 8375 * missed simplejson assumption
 8376 * finish removing simplejson
 8377 * pythonizing
 8378 * update fault to be pythonic
 8379 * remove unpythonic properties from atom and tenant
 8380 * error decorator and logging unhandled errors
 8381 * missed auth\_data
 8382 * fix typos
 8383 * more pythonic
 8384 * we don't need properties yet
 8385 * use string formating
 8386 * use relative import in init
 8387 * fixed paste configs to run without eggs
 8388 * Fixed mistake in port for echo service
 8389 * Added echo\_client.py
 8390 * keystone.db should be in keystone dir
 8391 * pep8 / whitespace
 8392 * gitignore pyc files
 8393 * split out running and installing sections in readme
 8394 * allow apps to be run without setup.py
 8395 * add command for test database to readme
 8396 * echo has a separate setup.py
 8397 * httplib2 isn't used
 8398 * spacing
 8399 * add httplib2 to deps and sort them
 8400 * Added pip-requires and updated readme to include missing deps
 8401 * explict installs for python libraries
 8402 * update readme formating
 8403 * update readme to be markdown
 8404 * Updated readme
 8405 * Doc fixes
 8406 * Friendly error message if a user is not associated with a tenant
 8407 * Ensure schema complience assertion is on in all tests
 8408 * Whoops, details element is optional in faults
 8409 * Remove identity (1) stuff and renamed identity2 to identity
 8410 * Added wadl and xsd contract links
 8411 * Adjust reletive links in schema
 8412 * Comment seperators
 8413 * Init version links
 8414 * Initial version support
 8415 * Initial extensions support
 8416 * Initial update tenant
 8417 * Make sure we don't delete non-empty tenants
 8418 * Initial delete tenant
 8419 * Initial getTenant
 8420 * Minor updates to tests
 8421 * Initial implementation of get tenants
 8422 * added unit tests in test/unit/test\_keystone.py
 8423 * Initial create tenant
 8424 * Minor bug when serializing tenant to JSON
 8425 * Schema update
 8426 * Whoops forgot 409 in JSON as well!
 8427 * Whoops missed 409 on create tenant
 8428 * setup.py fix
 8429 * Minor fixes
 8430 * pep-8 cleanup of model
 8431 * More pep-8 cleanup
 8432 * Minor fixes
 8433 * Some pep-8 cleanup
 8434 * Initial revoke token
 8435 * Initial support for authenticate
 8436 * Whoops, bad user data
 8437 * Initial working validate token
 8438 * Whoops need to convert datetimes to iso format
 8439 * Test updates
 8440 * tokenId should not be a string!
 8441 * Cleaned up validate token call
 8442 * Full check admin token with soap ui tests
 8443 * Some SQL testing scripts
 8444 * Initial check admin token from db
 8445 * made identity.py pep8 compliant
 8446 * Better error handling
 8447 * Initial full response to authenticate token, still having issues with errors
 8448 * Stubb for token calls
 8449 * Initial prototype of default token based auth protocol
 8450 * Initial deserialization of tenant
 8451 * Initial deserialization of password credentials
 8452 * SQL Alchemy additions: Token
 8453 * SQL Alchemy additions
 8454 * Whoops pep8
 8455 * Output serialization of faults
 8456 * XML and JSON rendering on tenant/s
 8457 * Translations of auth to XML and JSON
 8458 * Sample service.py with sqlalchemy
 8459 * Fixed relative path issue
 8460 * sqlalchemy draft
 8461 * Initial service.py
 8462 * Cleaned up setup.py
 8463 * Added collections
 8464 * Initial atom link type
 8465 * Initial fault type
 8466 * Initial tenant type
 8467 * PEP-8 for echo.py
 8468 * Initial auth types
 8469 * Readme update
 8470 * Fixed identity.py and some styling
 8471 * Minor updates
 8472 * Keystone WSGI and eventlet
 8473 * Corrected how to run echo service
 8474 * Replaced paster with eventlet for echo service
 8475 * Added create tables in README and modified keystone.db to reflect the new schema
 8476 * Merged identity functions second time
 8477 * Sync
 8478 * Whoops should have never checked this in
 8479 * all management files except user add and delete from group
 8480 * Management files except for add/delete user from group
 8481 * Updated README
 8482 * Setup PasteDeploy and configured PAPIAuth
 8483 * reorganization of files
 8484 * Add SOAPUI projects
 8485 * Resolved Conflicts
 8486 * Removed Conflicts
 8487 * dos2unix
 8488 * Deleted IDE files
 8489 * Importing from DevTeam
 8490 * Import from DevTeam
 8491 * updates DevTeam
 8492 * Code by Dev Team
 8493 * Added Power API Auth Middleware
 8494 * removed unused libraries
 8495 * Dev Team: validate\_token , create\_user ( created for test purpose) and update\_tenant
 8496 * Added to README
 8497 * Fixed bug in echo.py
 8498 * Whoops forgot auth header
 8499 * Instructions for soapUI
 8500 * Add WADL links for convenience
 8501 * Initial work into paste deploy...commen out for now
 8502 * Added echo.wadl
 8503 * Fixed for case with missing accept header
 8504 * Added content nagotiation
 8505 * Use XSL to convert
 8506 * Better quote handling
 8507 * Add JSON transform
 8508 * Whoops samples don't match
 8509 * XSD for echo service
 8510 * Initial echo service
 8511 * Updates to identity.py and README
 8512 * Added X-Auth-Token
 8513 * Added extensions
 8514 * Updated errors for extension requests
 8515 * Added getTenant, updateTenant, deleteTenant
 8516 * Added get and create tenants
 8517 * Initial WADL with token operations
 8518 * Added faults
 8519 * Remove refrences to usernameConflict and groupConflict
 8520 * Added common extensions
 8521 * Added api.xsd schema index
 8522 * Added XSD 1.1 and atom linking support
 8523 * Made the tenant xsd extensible
 8524 * Initial tenant xsd
 8525 * Made the token schema extensible
 8526 * Initial token schema
 8527 * Groups should have ids instead of names?
 8528 * Added Creating Tenants, JSON only
 8529 * Remove mention of service catalog
 8530 * Updated samples
 8531 * Updated pubdate
 8532 * Updates to intro section
 8533 * Updated concepts
 8534 * Better entities in document
 8535 * Removed init section from docs, we'll get to them later
 8536 * Added Dependencies section
 8537 * Added License & Create/Delete user management CLI
 8538 * Initial docs import
 8539 * Created DB with users table, simple schema
 8540 * first commit