"Fossies" - the Fresh Open Source Software Archive

Member "keystone-19.0.0/ChangeLog" (14 Apr 2021, 365623 Bytes) of package /linux/misc/openstack/keystone-19.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested text file into HTML format (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file. See also the latest Fossies "Diffs" side-by-side code changes report for "ChangeLog": 18.0.0_vs_19.0.0.

    1 CHANGES
    2 =======
    3 
    4 19.0.0
    5 ------
    6 
    7 * Retry update\_user when sqlalchemy raises StaleDataErrors
    8 
    9 19.0.0.0rc1
   10 -----------
   11 
   12 * Add job for keystone functional protection tests
   13 * trivial: Update minor wording nit in RBAC persona documentation
   14 * Clarify top-level personas in RBAC documentation
   15 * Clarify \`\`reader\`\` role implementation in persona admin guide
   16 * [goal] Deprecate the JSON formatted policy file
   17 * Ignore oslo.db deprecating sqlalchemy-migrate warning
   18 * Add openstack-python3-wallaby-jobs-arm64 job
   19 * Support bytes type in generate\_public\_ID()
   20 * Imported Translations from Zanata
   21 * Drop lower-constraints job
   22 * fix E225 missing whitespace around operator
   23 * Use app cred user ID in policy enforcement
   24 * Generalize release note for bug 1878938
   25 * Use enforce\_new\_defaults when setting up keystone protection tests
   26 * Implement more robust connection handling for asynchronous LDAP calls
   27 * Imported Translations from Zanata
   28 * Add vine to lower-constraints
   29 * Simplify default config test
   30 
   31 18.0.0
   32 ------
   33 
   34 * [goal] Migrate testing to ubuntu focal
   35 * Fix gate by running l-c job on Bionic
   36 * Write a symptom for checking memcache connections
   37 * Bump pysaml2 requeriment to avoid CVE-2020-5390
   38 * Fix user creation with GRANT in MySQL 8.0(Ubuntu Focal)
   39 * Improve the update description for limits in api-ref
   40 * Follow-up for bug-1891244
   41 * Support format for msgpack < 1.0 in token formatter
   42 * Skip tests to update u-c for PyMySql to 0.10.0
   43 * Spelling Fix
   44 * NIT: Spelling Fix
   45 * Properly handle octet (byte) strings when converting LDAP responses
   46 * Add support for functional RBAC tests
   47 * Fix invalid assertTrue which should be assertEqual
   48 * Delete system role assignments from system\_assignment table
   49 * Fix api-ref for list endpoints
   50 * Fix lower-constraint for PyMySQL
   51 * Fix doc for package mod\_wsgi on Centos8/RHEL8
   52 * requirements: Drop os-testr
   53 * Fix "allow expired" feature for JWT
   54 * Add ignore\_user\_inactivity user option
   55 * Adding note for create a project without domain info
   56 * Add "explicit\_domain\_id" to api-ref
   57 * Run federation jobs on Ubuntu Focal
   58 * Add an enhanced debug configuration technique to caching guide
   59 * Remove an assignment from domain and project
   60 * Imported Translations from Zanata
   61 * New config option 'user\_limit' in credentials
   62 * ldap: fix config option docs for \*\_tree\_dn
   63 * Port the grenade multinode job to Zuul v3
   64 * Stop to use the \_\_future\_\_ module
   65 * NIT: Fix Spelling in auth\_context.py
   66 * Update caching-layer.rst
   67 * Cap jsonschema 3.2.0 as the minimal version
   68 * Support regexes in whitelists/blacklists
   69 * Switch to newer openstackdocstheme and reno versions
   70 * Update keystone Making an API Change doc
   71 * Update filtering-responsibilities and truncation
   72 * Update doc id-manage.rst
   73 * Update keystone architecture doc
   74 * Disable EC2 credentials access\_id update
   75 * Add service name filter to service list api-ref
   76 * Bump hacking min version to 3.0.1
   77 * Fix UserNotFound exception for expiring groups
   78 * Switch to new grenade job name
   79 * Fix security issues with EC2 credentials
   80 * Ensure OAuth1 authorized roles are respected
   81 * Check timestamp of signed EC2 token request
   82 * Removes info about deleted function should\_cache\_fn
   83 * Correct help for unified\_limits
   84 * Imported Translations from Zanata
   85 * Add Python3 victoria unit tests
   86 * Update master for stable/ussuri
   87 
   88 17.0.0.0rc1
   89 -----------
   90 
   91 * Enable groups testing for K2K scenarios
   92 * Add schema placeholders for Ussuri
   93 * Remove Babel as requirement
   94 * Update hacking for Python3
   95 * Remove a note related to UUID tokens from example configuration
   96 * Update api-ref for federated objects in user
   97 * Expiring Group Memberships API - Allow set idp authorization\_ttl
   98 * Add federated support for updating a user
   99 * Update contributors document keystone
  100 * Add federated support for creating a user
  101 * Stop configuring install\_command in tox
  102 * Cleanup py27 support
  103 * Add federated support for get user
  104 * Add expiring user group memberships on mapped authentication
  105 * Expiring Group Membership Driver - Add, List Groups
  106 * Expiring User Group Membership Model
  107 * Community goal: Adding contributing.rst
  108 * Parse cli args in get\_enforcer
  109 * Add openstack\_groups to assertion
  110 * Change time faking for totp test
  111 * Document the "immutable" resource option
  112 * remove oslo-concurrency from requirements
  113 * drop mock from test-requirements
  114 * Correcting api-ref for users
  115 * NIT: Fix spelling
  116 * Copy shibboleth logs in federation jobs
  117 * Ignore SQLAlchemy RemovedIn20Warning
  118 * Switch from mock to unittest.mock use
  119 * Refactor some ldap code to implement TODOs
  120 * Doc Cleanup
  121 * Tell reno to ignore the kilo branch
  122 * Constraint dependencies for docs build
  123 * Removing tempest-full from gate
  124 * Check if content-type contains http, not equals
  125 * Add docs about bootstrapping immutable roles
  126 * Add domain admin grant test cases
  127 * Default to bootstrapping roles as immutable
  128 * Use inspect instead of Inspector.from\_engine()
  129 * Remove six usage
  130 * Updating tox -e all-plugin command
  131 * Capture output from test run of policy generator
  132 * Cleanup doc/requirements.txt
  133 * Always have username in CADF initiator
  134 * Fix duplicated words issue like "each each user\_id"
  135 * Ensure bootstrap handles multiple roles with the same name
  136 * Fix role\_assignments role.id filter
  137 * Fix release note link formatting
  138 * Fix token auth error if federated\_groups\_id is empty list
  139 * Update OIDC documentation to handle bearer access token flow
  140 * Imported Translations from Zanata
  141 * Add docs for app cred access rules
  142 * Remove python 2.7 specific library
  143 * Add name in GET API of application credentials
  144 * Stop adding entry in local\_user while updating ephemerals
  145 * Fix api-ref roles response description
  146 * Fix credential list for project members
  147 * Fix application credential doc example
  148 * Migrate grenade jobs to py3
  149 * Start README.rst with a better title
  150 * Drop old neutron-grenade job
  151 * Stop testing Python 2
  152 * Remove group deletion for non-sql driver when removing domains
  153 * Refresh "how can I help?" doc
  154 * Re-enable line-length linter
  155 * Fix line-length PEP8 errors for c7fae97
  156 * Add voting k2k tests
  157 * Fix K2K auth flow diagram
  158 * Stop explicitly requiring pycodestyle
  159 * Add Source links to readme
  160 * Switch to opensuse-15 nodeset
  161 * Switch to official Ussuri jobs
  162 * Revert "Resource backend is SQL only now"
  163 * Drop project.id foreign keys
  164 * Fix sql migrate repo prefix check
  165 * Add schema placeholders for Train
  166 * Overhaul the RBAC documentation for administrators
  167 * Fix wrong interface description
  168 * Import LDAP job into project
  169 * Update getting started guide
  170 * Remove legacy protection tests
  171 * Update token definitions
  172 * Remove policy.v3cloudsample.json
  173 * Imported Translations from Zanata
  174 * Fix misspell word
  175 * Update master for stable/train
  176 
  177 16.0.0.0rc1
  178 -----------
  179 
  180 * Remove limit policies from policy.v3cloudsample.json
  181 * Add tests for project users interacting with limits
  182 * Allow domain users to access the limit API
  183 * Use immutable roles in tests
  184 * Add missing ws between words in log messages
  185 * Allow system/domain scope for assignment tree list
  186 * Make policy deprecation reasons less verbose
  187 * Readjust job timeouts
  188 * Implement scope type checking for Project Endpoints
  189 * Federation mapping debug should show direct\_maps values
  190 * Consolidate policy deprecation warnings
  191 * Add default roles and scope checking to project tags
  192 * DRY up credential policies
  193 * Move remaining protection tests
  194 * Fix test case in policy associations
  195 * Fix PostgreSQL specifc issue with credentials encoding
  196 * Fix validation of role assignment subtree list
  197 * Specify keystone is OS user for fernet and credential setup
  198 * Add remote\_id definition in \_perform\_auth
  199 * Use correct repo for initial version check
  200 * Split protection unit tests into its own job
  201 * Remove system EC2 credentials from policy.v3cloudsample.json
  202 * Remove system Domain Config from policy.v3cloudsample.json
  203 * Update API version for access rules
  204 * Add access rules to token validation
  205 * Expose access rules as its own API
  206 * Remove obsolete grant policies from policy.v3cloudsample.json
  207 * Alphabetize removed policies in tests
  208 * Implement system admin for OAUTH1 consumers
  209 * Implement system scope for domain role management
  210 * Make system tokens work with domain-specific drivers
  211 * Implement scope type checking for EC2 credentials
  212 * Increase tox job timeouts to 90 minutes
  213 * Add immutable roles status check
  214 * Remove implied roles policies from v3cloudsample
  215 * Implement system admin for implied roles
  216 * Implement domain admin support for grants
  217 * Implement domain reader support for grants
  218 * Add Project User coverage for domain config API
  219 * Add Domain User for security compliance domain config API
  220 * Implement system admin for domain config API
  221 * Implement system reader & member for domain config API
  222 * Fix timeout Zuul changes
  223 * Generate PDF documentation
  224 * Add --immutable-roles flag to bootstrap command
  225 * Add immutable option for roles and projects
  226 * Bump timeout for lower-constraints job
  227 * Implement resource options for roles and projects
  228 * Implement system reader for OAUTH1 consumers
  229 * Implement system reader for implied roles
  230 * Remove system policy and its association from policy.v3cloudsample.json
  231 * Override tox job timeouts
  232 * Fix federation CI
  233 * Fix oauthlib update errors
  234 * Use raw formatting for mapping\_engine help text
  235 * Add tests for project users for policy association
  236 * Add tests for domain users for policy association
  237 * Implement system admin for policy association
  238 * Implement system reader & member for policy association
  239 * Add tests for project users interacting with policies
  240 * Add notifications for deleting app creds by user
  241 * Add tests for domain users interacting with policies
  242 * Clean up UserGroups target enforcement callback
  243 * Fix relative links
  244 * Add tests for project users interacting with endpoint\_groups
  245 * Add tests for domain users interacting with endpoint\_groups
  246 * Implement system\_admin for endpoint\_groups
  247 * Implement system reader and member for endpoint\_groups
  248 * Add retry for DBDeadlock in credential delete
  249 * Fix translated response
  250 * Implement system admin for trusts API
  251 * Add tests for domain users for trusts
  252 * Add tests for system member for trusts
  253 * Implement system reader role for trusts API
  254 * Move get\_role\_for\_trust enforcement to policies
  255 * Move list\_roles\_for\_trust enforcement to policies
  256 * Move get\_trust enforcement to default policies
  257 * Move delete\_trust enforcement to default policies
  258 * Move list\_trusts enforcement to default policies
  259 * Add protection tests for trusts API
  260 * Update broken link
  261 * Update cli docs
  262 * Implement system admin for policies
  263 * Implement system reader and member for policies
  264 * Add support for previous TOTP windows
  265 * Honor group\_members\_are\_ids for user\_enabled\_emulation
  266 * Update api-ref for revocation list OS-PKI
  267 * Docs: Make robust with using real links
  268 * Clean up irrelevant comment
  269 * Fix list\_mappings deprecation warning message
  270 * Allows to use application credentials through group membership
  271 * Fix missing print format and missing ws between words
  272 * Suppress policy deprecation warnings in unit tests
  273 * Add API changes for app cred access rules
  274 * Add manager support for app cred access rules
  275 * Add user\_id, external\_id to access rules table
  276 * Fix websso auth loop
  277 * Deprecate keystone.conf.memcache socket\_timeout
  278 * Fix typo: RBACKEnforcer -> RBACEnforcer
  279 * Run 'tempest-ipv6-only' job in gate
  280 * Followup for remove signing[config]
  281 * Remove broken api-ref link
  282 * doc: Fix broken links
  283 * Fix python3 compatibility on LDAP search DN from id
  284 * Deprecate identity:revocation\_list policy for removal
  285 * Remove [signing] config
  286 * Update api-ref location
  287 * implement system scope for application credential
  288 * Fixing dn\_to\_id function for cases were id is not in the DN
  289 * Add new attribute to the federation protocol API
  290 * Allow to filter endpoint groups by name
  291 * update documentation for X.509 tokenless auth
  292 * Deprecate [federation] federated\_domain\_name
  293 * Allow JsonBlob to accommodate SQL NULL result sets
  294 * Add exercises for intern applicants
  295 * Fix keystone document
  296 * nit: remove some useless code
  297 * Drop limit columns
  298 * token: consistently decode binary types
  299 * Incorrect behavior of validate\_password method
  300 * Update test cases for os-pki revoke API
  301 * Blacklist sphinx 2.1.0 (autodoc bug)
  302 * Bump openstackdocstheme to 1.20.0
  303 * Remove redundant parameter passed to assertTrue
  304 * Add Python 3 Train unit tests
  305 * Switch order of precedence for unit test deps
  306 * Don't call .c from select() objects
  307 * Update misleading comment about fernet credential encryption
  308 * Fix E731 flake8
  309 * [api-ref] Fix nocatalog description for unscoped token
  310 * Drop use opendev.org for tox deps
  311 * Fix contributor doc of keystone
  312 * Add link to describe Principle of Least Privilege
  313 * Update the meaning of low-hanging-fruit
  314 * Implement system scope and default roles for token API
  315 * Update unified limit documentation
  316 * Add cadf auditing to credentials
  317 * Remove deprecated admin\_endpoint
  318 * Revert "Exclude constants from autodoc"
  319 * Revert "Ignore boilerplate constants in autodoc"
  320 * Ignore boilerplate constants in autodoc
  321 * Exclude constants from autodoc
  322 * Report correct domain in federated user token
  323 * Add flake8 ignore list to fast8 script
  324 * Add application\_credential as a CADF type
  325 * add raw format link to keystone config sample
  326 * Update mission statement and vision reflection
  327 * Add note about application credential ownership
  328 * Revert "Add JSON driver for access rules config"
  329 * Revert "Add manager for access rules config"
  330 * Revert "Add a permissive mode for access rules config"
  331 * Revert "Add manager support for app cred access rules"
  332 * Revert "Add API for /v3/access\_rules\_config"
  333 * Don't throw valueerror on bootstrap
  334 * Remove [token]/ infer\_roles
  335 * Pep8 environment to run on delta code only
  336 * Add clarification for context in install guides
  337 * Adds caching of credentials
  338 * Cap sphinx for py2 to match global requirements
  339 * Revert "Blacklist bandit 1.6.0"
  340 * Fix documentation typo
  341 * Blacklist bandit 1.6.0
  342 * Update Python 3 test runtimes for Train
  343 * [docs] remove deprecated ubuntu package from installation
  344 * Fix for werkzeug > 0.15
  345 * Replace git.openstack.org URLs with opendev.org URLs
  346 * OpenDev Migration Patch
  347 * Pass kwargs to exception to get better format of error message
  348 * Replace support matrix ext with common library
  349 * Uncap jsonschema
  350 * Fix unscoped federated token formatter
  351 * Use openstackdocstheme according to guide
  352 * Make fetching all foreign keys in a join
  353 * Support endpoint updates in bootstrap
  354 * Add missing ws separator between words
  355 * Move redelegation fields out of extras
  356 * Replace dict.iteritems() with dict.items() in keystone
  357 * Add release note for service token documentation
  358 * Fix werkzeug imports for version 0.15.x
  359 * Allow an explicit\_domain\_id parameter when creating a domain
  360 * Update the min version of tox
  361 * Convert user\_id back to string
  362 * Add API for /v3/access\_rules\_config
  363 * Ignore Stein-specific release notes
  364 * Be more verbose in logging role grant on bootstrap
  365 * Replace UUID with id\_generator for Federated users
  366 * DRY: Remove redundant policies from policy.v3cloudsample.json
  367 * Raise METHOD NOT ALLOWED instead of 500 error on protocol CRUD
  368 * Remove redundant policies from v3cloudsample
  369 * Add domain scope support for group policies
  370 * Update broken links to dogpile.cache docs
  371 * Add keystone's technical vision reflection
  372 * Add release prelude about changing policies
  373 * Consolidate user protection tests
  374 * Replace URL name to the correct one in Keystone Docs
  375 * Delete shadow users when domain is deleted
  376 * Make system admin policies consistent for grants
  377 * Remove assignment policies from policy.v3cloudsample.json
  378 * Add role assignment testing for project users
  379 * Replace openstack.org git:// URLs with https://
  380 * Implement system reader functionality for grants
  381 * Remove external-dev and consolidate to contributor
  382 * Remove system assignment policies from policy.v3cloudsample.json
  383 * Test domain and project users against group system assignment API
  384 * Add role assignment test coverage for domain admins
  385 * Add role assignment test coverage for domain members
  386 * Implement domain reader for role\_assignments
  387 * Add explicit testing for project users and the user API
  388 * Update group system grant policies for admins
  389 * Update system group assignment policies for reader and member
  390 * Fix typo in docs section header
  391 * Update master for stable/stein
  392 * Test project users against system assignment API
  393 * Test domain users against system assignment API
  394 * Update system grant policies for system admin
  395 * Update system grant policies for system member
  396 * Update system grant policies for system reader
  397 
  398 15.0.0.0rc1
  399 -----------
  400 
  401 * trivial: correct spelling in test names
  402 * Remove project policies from policy.v3cloudsample.json
  403 * Implement domain admin functionality for projects
  404 * Implement domain member functionality for projects
  405 * Only validate tokens once per request
  406 * Pin Werkzeug in lower-constraints
  407 * Implement domain admin functionality for user API
  408 * Implement domain member functionality for user API
  409 * Implement domain reader functionality for user API
  410 * Add documentation for service tokens
  411 * Added keystone identity provider installation to Devstack plugin
  412 * PY3: Ensure LDAP searches use unicode attributes
  413 * Use ForbiddenAction for invalid action instead of Forbidden
  414 * Add schema placeholders for Stein
  415 * Implement domain reader functionality for projects
  416 * Small refactor for create nonlocal user
  417 * Mention allow\_expired\_window in fernet FAQ
  418 * Fix the incorrect release name of project guide
  419 * trivial: fix broken link in trust API reference
  420 * Migrate keystone-dsvm-grenade-multinode job to Ubuntu Bionic
  421 * Remove publish-loci post job
  422 * Add hint for order of keys during distribution
  423 * Add service developer documentation for scopes
  424 * Make system members the same as system readers for credentials
  425 * Drop py35 jobs
  426 * Remove service policies from policy.v3cloudsample.json
  427 * Switch federation check jobs to opensuse
  428 * Add manager support for app cred access rules
  429 * Add driver support for app cred access rules
  430 * Add SQL migrations for app cred access rules
  431 * Add a permissive mode for access rules config
  432 * Add manager for access rules config
  433 * Add JSON driver for access rules config
  434 * Remove protocol policies from v3cloudsample.json
  435 * Add tests for project users interacting with services
  436 * Remove role policies from policy.v3cloudsample.json
  437 * Add tests for project users interacting with roles
  438 * Add tests for domain users interacting with roles
  439 * Remove endpoint policies from policy.v3cloudsample.json
  440 * Remove domain policies from policy.v3cloudsample.json
  441 * Add role assignment test coverage for system admin
  442 * Add role assignment test coverage for system members
  443 * Reorganize role assignment tests for system users
  444 * Implement system reader for role\_assignments
  445 * Remove idp policies from policy.v3cloudsample.json
  446 * Add py37 tox env
  447 * Add tests for domain users interacting with services
  448 * Update service policies for system admin
  449 * Add shibboleth config to log output
  450 * Update introduction of external services doc
  451 * Address follow-up comments in contributor guide for specs
  452 * [api-ref] add domain level limit support
  453 * Release note for domain level limit
  454 * Update project depth check
  455 * Add domain level support for strict-two-level-model
  456 * Add domain level limit support - API
  457 * Add domain level limit support - Manager
  458 * Remove mapping policies from policy.v3cloudsample.json
  459 * Add tests for project users interacting with mappings
  460 * Deprecate cache\_on\_issue configuration option
  461 * Add JWS token provider documentation
  462 * Add OpenSUSE support in devstack federation plugin
  463 * Add experimental job for OpenSUSE
  464 * Fix mock for v2 test
  465 * Add documentation for writing specifications
  466 * Remove unused sample token fixtures
  467 * Fix bindep for SUSE
  468 * add python 3.7 unit test job
  469 * Correcting tests with project\_id
  470 * Add domain\_id column for limit
  471 * [SQLite] Ensure change is addressed for limit table
  472 * Remove region policies from policy.v3cloudsample.json
  473 * Add tests for project users interacting with regions
  474 * Add tests for domain users interacting with regions
  475 * Update region policies to use system admin
  476 * Add region tests for system member role
  477 * Implement system admin role in groups API
  478 * populate request context with X.509 tokenless cred information
  479 * Fix wrong example for direct\_maps
  480 * Fixes incorrect params
  481 * Implement JWS token provider
  482 * Seperated CADF notifications tests for request\_id
  483 * Added request\_id and global\_request\_id to basic notifications
  484 * Converting the API tests to use flask's test\_client
  485 * Implement system admin role in users API
  486 * Implement system member role user test coverage
  487 * Implement system reader role for users
  488 * Replace 'tenant\_id' with 'project\_id'
  489 * Add PyJWT as a requirement
  490 * Add test fixture for the JWS key repository
  491 * Add keystone-manage create\_jws\_keypair functionality
  492 * Add configuration options for JWS provider
  493 * Test case for bad type user in assertion
  494 * Adjust Indents to meet PEP8 E117
  495 * Handle special cases with msgpack and python3
  496 * Add experimental job for CentOS
  497 * Add CentOS support in devstack federation plugin
  498 * Remove service provider policies from v3cloudsample.json
  499 * Add documentation for Auth Receipts and MFA
  500 * bump Keystone version for Stein
  501 * Allow project users to retrieve domains
  502 * Fix wrong urls
  503 * Optimize fernet token and receipts in cli.py
  504 * PY3: switch to using unicode text values
  505 * Expose receipt\_setup and receipt\_rotate command
  506 * Clean up the create\_arguments\_apply methods
  507 * Allow domain users to access the GET domain API
  508 * Update doc for token\_setup and token\_rotate
  509 * Fix nits
  510 * Fix app\_cred schema spell nit
  511 * Update limit policies for system admin
  512 * Do not use self in classmethod
  513 * Add tests for project users interacting with endpoints
  514 * Add tests for domain users interacting with endpoints
  515 * Update endpoint  policies for system admin
  516 * Add endpoint tests for system member role
  517 * Update endpoint policies for system reader
  518 * Add tests for domain users interacting with mappings
  519 * Update mapping policies for system admin
  520 * Add mapping tests for system member role
  521 * Update mapping policies for system reader
  522 * Add tests for project users interacting with idps
  523 * Add tests for domain users interacting with idps
  524 * Update idp policies for system admin
  525 * Add idp tests for system member role
  526 * Update idp policies for system reader
  527 * Add region protection tests for system readers
  528 * Update role policies for system admin
  529 * Reuse common system role definitions for roles API
  530 * Add tests for project users interacting with protocols
  531 * Add tests for domain users interacting with protocols
  532 * Implement system admin role in protocol API
  533 * Add protocol tests for system member role
  534 * Update protocol policies for system reader
  535 * Add limit tests for system member role
  536 * Add limit protection tests
  537 * Remove registered limit policies from policy.v3cloudsample.json
  538 * Add tests for project users interacting with registered limits
  539 * Allow domain users to access the registered limits API
  540 * Remove duplicated TOC in configuration guide
  541 * Implement system admin role in project API
  542 * Implement system member role project test coverage
  543 * Implement system reader role for projects
  544 * Enhance the openidc guide
  545 * Enhance the mellon guide
  546 * Enhance the shibboleth guide
  547 * Consolidate WebSSO guide into SP instructions
  548 * Add section on configuring protected auth paths
  549 * Reorganize guide on configuring a keystone SP
  550 * Clean up keystone-to-keystone section
  551 * Enhance authn sections in federation guide
  552 * correct the description on domain re-enable
  553 * Add tests for project users interacting with sps
  554 * Add tests for domain users interacting with sps
  555 * Update service provider  policies for system admin
  556 * Add prerequisites section to keystone-to-keystone
  557 * Invalidate shadow\_federated\_user cache when deleting protocol
  558 * Remove duplicate RBAC logging from enforcer
  559 * Update federation SP prerequisites section
  560 * Use samltest.id as an example sandbox IdP
  561 * Fix nits in code blocks in federation guide
  562 * Bring SP/IdP URLs closer to style guide guidance
  563 * Restructure federation guide
  564 * Update doc with samltest.id
  565 * Clarify location for HTTPD instructions
  566 * Use common system role definitions for registered limits
  567 * Implement system member test coverage for groups
  568 * Implement system reader role for groups
  569 * Add service provider tests for system member role
  570 * Update service provider policies for system reader
  571 * Add service tests for system member role
  572 * Update service policies for system reader
  573 * Use renamed template 'integrated-gate-py3'
  574 * Add scope checks to common system role definitions
  575 * Remove i18n.enable\_lazy() translation
  576 * Reorganize admin guide
  577 * Consolidate service catalog docs
  578 * Add irrelevant-files for grenade-py3 jobs
  579 * Delete outdated keystonemiddleware doc
  580 * Remove example usage from admin guide
  581 * Split trusts docs between admin and user guide
  582 * Move identity sources doc to admin guide
  583 * Remove message about circular role inferences
  584 * Remove Certificates for PKI guide
  585 * Add introduction section to federation docs
  586 * Fix links to external-authentication
  587 * Move list limit docs to admin guide
  588 * Rename admin guide pages
  589 * Consolidate tokenless X.509 docs
  590 * Update registered limit policies for system admin
  591 * Consolidate Keystone docs: admin/identity-external-authentication.rst
  592 * Implement system admin role in domains API
  593 * Implement system member role domain test coverage
  594 * Implement system reader role in domains API
  595 * Bump oslo.policy and oslo.context versions
  596 * Move supported clients section to user guide
  597 * Use request\_body\_json function
  598 * Move SSL recommendation to installation guide
  599 * Move "Public ID Generators" to relevant docs
  600 * Consolidate Keystone docs: federated-identity.rst
  601 * Add role tests for system member role
  602 * Consolidate catalog management guide
  603 * Update role policies for system reader
  604 * Change openstack-dev to openstack-discuss
  605 * Add registered limit tests for system member role
  606 * Add registered limit protection tests
  607 * Keep federation jobs running on Xenial
  608 * Clarify docstrings for domain flask refactor
  609 * Move test utility to common location
  610 * Add missing translation import to common.auth.py
  611 * Move to password validation schema
  612 * Don't emit a notification for the root domain
  613 * Pass context objects to policy enforcement
  614 * Consolidate identity-domain-specific-config.rst
  615 * Consolidate auth-totp.rst
  616 * Consolidate event\_notifications.rst
  617 * Consolidate endpoint-policy.rst
  618 * Consolidate service-catalog.rst
  619 * Update contributor doc
  620 * Use pycodestyle in place of pep8
  621 * Update api-ref to include user options
  622 * Document user options
  623 * Add scope documentation for service developers
  624 * Remove deprecated secure\_proxy\_ssl\_header config
  625 * Refactor flask domain config resources
  626 * Add missing ws seperator between words
  627 * Add the missing packages when install keystone
  628 * add request\_id and global\_request\_id to cadf notifications
  629 * changed port in tools/sample\_data.sh
  630 * Move irrelevant-files to project definition
  631 * Add tempest-full-py3 job to zuul file
  632 * Remove the repetition words in  identity-fernet-token-faq.rst
  633 * Removing default\_assigment\_driver
  634 * Bump sqlalchemy minimum version to 1.1.0
  635 * Drop the compatibility password column
  636 * Remove "crypt\_strength" option
  637 * Correct HTTP OPTIONS method
  638 * Update api-ref for set registered limits
  639 * Remove deprecated "bind" in token
  640 * Update more info of vhost file
  641 * Refactor directory creation into a common place
  642 * Region update extra support
  643 * Change \_\_all\_\_ list to tuple
  644 * Remove redundant variables from context class
  645 * Refresh admin doc
  646 * Fixing nits
  647 * Add abstract method in trusts base.py
  648 * Switch devstack plugin to samltest.id
  649 * Clean up python3.5 usage in tox.ini
  650 * Add py36 tox environment
  651 * Remove unused lower constraints
  652 * Replace usage of get\_legacy\_facade() with get\_engine()
  653 * Fix uwsgi --http flag
  654 * Fix an issue with double fernet key rotation
  655 * Delete PKI middleware debugging section
  656 * Fix developer config dir flask aftermath
  657 * Documentation fix - Port number
  658 * Use port 5000, keystone-wsgi-public and --http-socket
  659 * Changed the port numbers
  660 * Implement auth receipts spec
  661 * changed port in argument '--bootstrap-admin-url'
  662 * Unregister "Exception" from flask handler
  663 * Add release note for unified limit APIs changing
  664 * Deprecate eventlet related configuration
  665 * Remove compatability shim
  666 * Remove check for disabled v3
  667 * Remove obsolete credential policies
  668 * Delete "Preparing your environment" section
  669 * Implement scope\_type checking for credentials
  670 * Fix spelling 'unnecessary'
  671 * Remove custom auth middleware documentation
  672 * Delete the external auth admin guide
  673 * Remove useless use of :orphan:
  674 * Change port and version on v3 endpoints example
  675 * Provide a Location on HTTP 300
  676 * Set Default and resource limit as defined schema
  677 * Emit CADF notifications on authentication for invalid users
  678 * Delete administrator federation guide
  679 * Update keystone-manage bootstrap port instructions
  680 * Fix api-ref v3.9 release identifier
  681 * Update third endpoint legacy port for Keystone v3 API
  682 * Remove unused logging module
  683 * Remove useless "clean" file
  684 * Trivial: Remove repeated if conditions
  685 * Updating doc of unified limit
  686 * Adding 'date' for trust\_flush
  687 * Add caching on trust role validation to improve performance
  688 * Allow registered limit's region\_id to be None
  689 * Add a test for idp and federated user cascade deleting
  690 * Fix example for getting system scoped token
  691 * Remaining cases of MappingEngineTester
  692 * Set min and max length for resource\_name
  693 * Implement scaffolding for upgrade checks
  694 * Fixing update unified limit api-ref
  695 * Remove deprecated token\_flush
  696 * Invalidate app cred AFTER deletion
  697 * Update API version to 3.11
  698 * Added test case update registered limit with region
  699 * Remove incorrect copyright notice
  700 * Remove paste-ini
  701 * Remove pre-flask legacy code
  702 * Make collection\_key and member\_key raise if unset
  703 * Increment versioning with pbr instruction
  704 * Loosen the assertion for logging scope type warnings
  705 * Expand implied roles in system-scoped tokens
  706 * Add test case for expanding implied roles in system tokens
  707 * Move loadapp to a generic place
  708 * Make policy file support in fixture optional
  709 * Use tempest-pg-full
  710 * Cleanup test\_wsgi
  711 * Flask comment/docstring cleanup
  712 * Move AuthContextMiddleware
  713 * Convert Normalizing filter to flask native Middleware
  714 * Internally defined middleware don't use stevedore
  715 * Make Request Logging a little better
  716 * Register exceptions with a Flask Error Handler
  717 * Cleanup keystone.server.flask.application
  718 * Replace JSON Body middleware with flask-native func
  719 * Convert S3 and EC2 auth to flask native dispatching
  720 * Remove skip for test\_locked\_out\_user\_sends\_notification
  721 * Convert projects API to Flask
  722 * Convert /v3/users to flask native dispatching
  723 * add unit tests for healthcheck
  724 * Replace openSUSE experimental check with newer version
  725 * Auth flask conversion cleanup
  726 * Convert auth to flask native dispatching
  727 * Update notification tests to work with o-m 9.0.0
  728 * Don't mock internal implementation details of oslo
  729 * Update log translation hacking check
  730 * Don't quote {posargs} in tox.ini
  731 * Enable foreign keys for unit test
  732 * Update doc string for transform\_to\_group\_ids
  733 * Follow Zuul job rename
  734 * Add release names to api-ref
  735 * Avoid using dict.get() in assertions
  736 * Clarify group-mapping example in docs
  737 * Purge soft-deleted trusts
  738 * LDAP attribute names non-case-sensitive
  739 * Organize project tag api-ref by route
  740 * Add build\_target arguement to enforcer
  741 * Properly replace flask view args in links
  742 * Adding test case for MappingEngineTester
  743 * Fix command to verify role removal in docs
  744 * Add python3 functional test job
  745 * Convert legacy functional jobs to Zuul-v3-native
  746 * Update auto-provisioning example to use reader
  747 * Enable Foreign keys for sql backend unit test
  748 * Add releasenote for bug fix 1789450
  749 * Comment out un-runnable tests
  750 * Mapped Groups don't exist breaks WebSSO
  751 * Add hint back
  752 * Implement Trust Flush via keystone-manage
  753 * Properly normalize domain ids in flask
  754 * Use templates for cover and lower-constraints
  755 * Make OSA rolling upgrade test experimental
  756 * Rename v3-only functional zuul job
  757 * Remove unused revoke\_by\_user\_and\_project
  758 * Address issues with flask conversion of os-federation
  759 * Convert domains api to flask
  760 * Move use of constraints out of install\_cmd
  761 * Ensure view args is in policy dict
  762 * Rename py35 v3 only check
  763 * Convert OS-INHERIT API to flask native dispatching
  764 * Fix a translation of log
  765 * Convert groups API to flask native dispatching
  766 * Fix RBACEnforcer get\_member\_from\_driver mechanism
  767 * Refactor ProviderAPIs object to better design pattern
  768 * Convert OS-FEDERATION to flask native dispatching
  769 * Update the documentation bug tag
  770 * api-ref: Remove broken link
  771 * Added support for a \`\`description\`\` attribute for Identity Roles
  772 * Update the minimimum required version of oslo.log
  773 * Incorrect use of translation \_()
  774 * Update RDO install guide for v3
  775 * Remove member\_role\_id/name
  776 * Convert policy API to flask
  777 * Fix db model inconsistency for FederatedUser
  778 * add python 3.6 unit test job
  779 * switch documentation job to new PTI
  780 * import zuul job settings from project-config
  781 * Use items() instead of iteritems()
  782 * Add details and clarify examples on casing
  783 * Address nits
  784 * Re-Add scope.system to filters
  785 * Add placeholder migrations for Rocky
  786 * Change unique\_last\_password\_count default to 0
  787 * Trivial: Remove app\_conf kwarg from testing setup
  788 * Trivial: Add missing space in exception
  789 * Move json\_home "extension" rel functions
  790 * Convert system (role) api to flask native dispatching
  791 * Do not log token string
  792 * Convert role\_assignments API to flask native dispatching
  793 * Add safety to the inferred target extraction during enforcement
  794 * Use osc in k2k example
  795 * Fix a bug that issue token with project-scope gets error
  796 * Convert role\_inferences API to flask native dispatching
  797 * Convert Roles API to flask native dispatching
  798 * Convert endpoints api to flask native dispatching
  799 * Convert services api to flask native dispatching
  800 * Convert regions API to flask native dispatching
  801 * Remove unused util function
  802 * Redundant parameters in api-ref:domain-config
  803 * Add callback action back in
  804 * Set initiator id as user\_id for auth events
  805 * Update reno for stable/rocky
  806 * More accurate explanation in api-ref:application credentials
  807 * Imported Translations from Zanata
  808 
  809 14.0.0.0rc1
  810 -----------
  811 
  812 * Allow wrap\_member and wrap\_collection to specify target
  813 * Pass path into full\_url and base\_url
  814 * Allow for more robust config checking with keystone-manage
  815 * Remove redundant get\_project call
  816 * Convert OS-SIMPLE-CERT to flask dispatching
  817 * Migrate OS-EP-FILTER to flask native dispatching
  818 * Convert limits and registered limits to flask dispatching
  819 * Add a release note for bug 1785164
  820 * Error location of parameters in api-ref:project tags
  821 * Code optimization of create application credential
  822 * Do not allow create limits for domain
  823 * Update api-ref for unified limits
  824 * Fix json indentation of notification sample
  825 * Convert OS-AUTH1 paths to flask dispatching
  826 * Clean up token extra code
  827 * Expose a bug that issue token with project-scope gets error
  828 * Remove KeystoneToken object
  829 * Convert OS-REVOKE to flask dispatching
  830 * Address FIXMEs for listing revoked tokens
  831 * Move unenforced\_api decorator to module function
  832 * Remove direct calls to auth.controllers in some tests
  833 * Move validate\_issue\_token\_auth from controllers
  834 * Unified code style nullable description parameter
  835 * Remove get\_catalog from manage layer
  836 * Api-ref: Correct response code
  837 * Adding missing comma in docs
  838 * Expose random uuid bug in cadf notifications
  839 * Boostrap CLI tests no longer call auth controller
  840 * Implement "no-update" test for trusts
  841 * Move trusts to flask native dispatching
  842 * Address nits in strict-two-level implementation
  843 * Remove get\_catalog usage from contrib
  844 
  845 14.0.0.0b3
  846 ----------
  847 
  848 * Deprecate [token] infer\_roles=False
  849 * Reduce duplication in federated auth APIs
  850 * Fix RBACEnforcer Comment
  851 * Mirror self-link trust check from tempest
  852 * Trusts do not implement patch
  853 * Allow for 'extension' rel in json home
  854 * Add pycadf initiator for flask resource
  855 * Use oslo\_serialization.jsonutils
  856 * Correctly pull input data for enforcement
  857 * Delete project limits when deleting project
  858 * Add project hierarchical tree check when Keystone start
  859 * Update project depth check
  860 * Add include\_limits filter
  861 * Bump lower constraint for pysaml2 to 4.5.0
  862 * Allow class-level definition of API URL Prefix
  863 * Move Credentials API to Flask Native
  864 * Add project\_id filter for listing limit
  865 * Strict two level limit model
  866 * Switch to python-ldap
  867 * Add correct self-link
  868 * Properly remove content-type on HTTP 204
  869 * Increase test coverage of entity\_type id mapping query
  870 * Cleanup keystone.token.providers.common
  871 * Remove remnants of token bind
  872 * Simplify the token provider API
  873 * Add serialization for TokenModel object
  874 * Introduce new TokenModel object
  875 * Don't allow legacy and native flask to share paths
  876 * Remove uuid token size check from doctor
  877 * Do not use flask.g imported as g
  878 * Fix keystone.common.rbac\_enforcer.\_\_init\_\_.py exporting
  879 * Make keystone.server.flask more interesting for importing
  880 * Flesh out and add testing for flask\_RESTful scaffolding
  881 * Update pypi url to new url
  882 * Invalidate 'computed assignments' cache when creating a project
  883 * Filter project\_id for list limits
  884 * Expose endpoint to return enforcement model
  885 * Add docs for case-insensitivity in keystone
  886 * Clarifications to API & Scenario Tests
  887 * Remove enable config option of trust feature
  888 * Fix keystone-manage saml\_idp\_metadata under python3
  889 * Only upload SP metadata to testshib.org if IDP id is testshib
  890 * Ignore .eggs dir as well
  891 * Implement enforcement model logic in Manager
  892 * Add registered\_limit\_id column for limit
  893 * Add auto increase primary key for unified limit
  894 * Address minor comments from initial impl RBACEnforcer
  895 * Refactor \_handle\_shadow\_and\_local\_users
  896 * Refactor \_set\_domain\_id\_and\_mapping functions
  897 * Move keystone.server.common to keystone.server
  898 * Add support for enforce\_call to set value on flask.g
  899 * Refactor - remove extra for loop
  900 * Remove token bind capabilities
  901 * Address minor comments to 404 error detection
  902 * Exposing ambiguity bug when querying role assignments
  903 * pycrypto is not used by keystone
  904 * Add new "How Can I Help?" contributor guide
  905 * Added check to avoid keyerror "user['name']"
  906 * Implement base for new RBAC Enforcer
  907 * Refactor trust roles check
  908 * Make it easy to identify a 404 from Flask
  909 * Don't replace the whole app just the wsgi\_app backing
  910 * Add support for before and after request functions
  911 * Convert json\_home and version discovery to Flask
  912 * Keystone adheres to public\_endpoint opt only
  913 * Implement scaffolding for Flask-RESTful use
  914 * Add Flask-RESTful and update flask minimum(s)
  915 * Fix keystone-manage mapping\_purge with --type option
  916 * Override oauthlib docstrings that fail with Sphinx 1.7.5
  917 * Simple usage docs for implied roles
  918 * Fix duplicate role names in trusts bug
  919 * Expose duplicate role names bug in trusts
  920 * Remove unclear wording in parameters
  921 * Filter by entity\_type in get\_domain\_mapping\_list
  922 * Migrate all password hashes to the new location if needed
  923 * Add policy for limit model protection
  924 * Api-ref: Refresh the Update APIs for limits
  925 * Imported Translations from Zanata
  926 * Remove a useless function
  927 * Clarify complicated sentence in docs
  928 * Unified limit update APIs Refactor
  929 * Store JSON Home Resources off the composing router
  930 * Ensure default roles created during bootstrap
  931 * Add release notes link to README
  932 * Remove duplicated test
  933 * Expand on debug\_middleware option
  934 * Update response codes for authentication API reference
  935 * Clarify scope responses in authentication api ref
  936 * fix tox python3 overrides
  937 * Add Flaskification release-note
  938 * Remove pastedeploy
  939 * Flaskification cleanup
  940 * Remove the rest of v2.0 legacy
  941 * Add in ability to load DEBUG middleware
  942 * Revert "Rename fernet\_utils to token\_utils"
  943 * Convert Keystone to use Flask
  944 
  945 14.0.0.0b2
  946 ----------
  947 
  948 * Docs: Remove the TokenAuth middleware
  949 * Correct test\_v3\_oauth1.test\_deleting\_project\_also\_invalidates\_tokens
  950 * Correct test\_v3\_oauth1.test\_change\_user\_password\_also\_deletes\_tokens
  951 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_id
  952 * Correct test\_v3\_oauth1.test\_bad\_authorizing\_roles\_name
  953 * Fix warnings in documentation
  954 * fix rally docs url
  955 * Decouple bootstrap from cli module
  956 * Handle empty token key files
  957 * Remove some unused functions
  958 * Update tests to work with WebOb 1.8.1
  959 * Consolidate oauth1.rst
  960 * Remove the TokenAuth middleware
  961 * Remove token driver configuration
  962 * Fix the test for unique IdP
  963 * Consolidate health-check-middleware.rst
  964 * Limit description support
  965 * The migration script to add description for limit
  966 * Update IdP sql model
  967 * Remove dead dependency injection code
  968 * Remove unused assertions from test\_v3.py
  969 * Remove dead code in token provider
  970 * Remove unused exception
  971 * Do not return all the limits for POST request
  972 * Add configuration option for enforcement models
  973 * Use the provider\_api module in limit controller
  974 * Fix the outdated URL
  975 * Remove policy service from architecture.rst
  976 * Invalidate the shadow user cache when deleting a user
  977 * Add conceptual overview of the service catalog
  978 * Trivial: Update pypi url to new url
  979 * Update the RDO installation guide to use port 5000
  980 * Update keystone functional tests
  981 
  982 14.0.0.0b1
  983 ----------
  984 
  985 * Remove the sample .conf file
  986 * Allow blocking users from self-service password change
  987 * Add prerequisite package note to Keystone install guide
  988 * Update auth\_uri option to www\_authenticate\_uri
  989 * Fix json schema nullable to add None to ENUM
  990 * Use consistent role schema in token response validation
  991 * Corrects spelling of MacOS
  992 * Fix 500 error when deleting domain
  993 * Allow cleaning up non-existant group assignments
  994 * Follow the new PTI for document build
  995 * Use the new pysaml2 constraints
  996 * Fix incompatible requirement in lower-constraints
  997 * Update install guides
  998 * Fix mispelling of accommodate in install docs
  999 * Fix list\_limit doesn't work correctly for domain
 1000 * Expose a bug that list\_limit doesn't work correctly
 1001 * Log warning when using token\_flush
 1002 * Removal of deprecated direct driver loading
 1003 * Make tags filter match subset rather than exact
 1004 * Updated from global requirements
 1005 * Update RDO install guide for v3
 1006 * Remove admin interface in sample Apache file
 1007 * add lower-constraints job
 1008 * Fix integer -> method conversion for python3
 1009 * Fix user email in federated shadow users
 1010 * Remove references to v2.0 from external developer doc
 1011 * Remove references to UUID from token documentation
 1012 * Add logging for xmlsec1 installation
 1013 * Updated from global requirements
 1014 * Mark the implied role API as stable
 1015 * Add note to keystone-manage bootstrap doc
 1016 * Fix assert test error under py3.6
 1017 * Fix api-ref for project tag create
 1018 * Updated from global requirements
 1019 * Fixing multi-region support in templated v3 catalog
 1020 * Update links in README
 1021 * Use different labels for user and project names
 1022 * Imported Translations from Zanata
 1023 * Add user documentation for JSON Home
 1024 * Fix formatting of ImportError
 1025 * Imported Translations from Zanata
 1026 * Updated from global requirements
 1027 * Imported Translations from Zanata
 1028 * Remove @expression from tags
 1029 * Work around deprecations for opportunistic tests
 1030 * Api-ref: fix resource\_limit format
 1031 * Correct typo in identity API reference
 1032 * Imported Translations from Zanata
 1033 * Consolidate identity-token-binding.rst
 1034 * Consolidate identity-service-api-protection.rst
 1035 * Add new setup commands for token keys
 1036 * Consolidate endpoint-filtering.rst
 1037 * Remove unnecessary config overrides from fernet tests
 1038 * Make assertValidFernetKey assertion more robust
 1039 * Update 3.10 versioning to limits and system scope
 1040 * Remove v2.0 policies
 1041 * Populate application credential data in token
 1042 * Imported Translations from Zanata
 1043 * Simplify federation and oauth token callbacks
 1044 * Simplify token persistence callbacks
 1045 * Refactor token cache invalidation callbacks
 1046 * Remove needs\_persistence property from token providers
 1047 * Imported Translations from Zanata
 1048 * Use OSC in application credential documentation
 1049 * Add docs for application credentials
 1050 * Force SQLite to properly deal with foreign keys
 1051 * Remove unused class variables from token provider
 1052 * Imported Translations from Zanata
 1053 * Grant admin a role on the system during bootstrap
 1054 * Fix querying role\_assignment with system roles
 1055 * Delete system role assignments when deleting groups
 1056 * Expose bug in system assignment when deleting groups
 1057 * Delete system role assignments when deleting users
 1058 * Expose bug in system assignment when deleting users
 1059 * Expose bug in /role\_assignments API with system-scope
 1060 * Remove the sql token driver and uuid token provider
 1061 * Imported Translations from Zanata
 1062 * Update reno for stable/queens
 1063 * Imported Translations from Zanata
 1064 
 1065 13.0.0.0rc1
 1066 -----------
 1067 
 1068 * Add placeholder migrations for Queens
 1069 * Delete SQL users before deleting domain
 1070 * Reorganize api-ref: v3-ext federation mapping.inc
 1071 * Update OBS install docs for v2 removal
 1072 * Reorganize api-ref: v3-ext federation service-provider
 1073 * Reorganize api-ref: v3-ext oauth.inc
 1074 * Replace port 35357 with 5000 for ubuntu guide
 1075 * Reorganize api-ref: v3 os-pki
 1076 * Reorganize api-ref: v3-ext federation identity-provider
 1077 * Reorganize api-ref: v3-ext trust.inc
 1078 * Remove v2.0 from documentation guides
 1079 * Remove v2.0 extension documentation
 1080 * Update curl request documentation to remove v2.0
 1081 * Remove v2 and v2-admin API documentation
 1082 * Remove all v2.0 APIs except the ec2tokens API
 1083 * Update sample configuration file for Queens
 1084 * Imported Translations from Zanata
 1085 * Finish refactoring self.\*\_api out of tests
 1086 * Add cache invalidation when delete application credential
 1087 * Expose a bug that application credential cache is not invalidated
 1088 * Fix cache invalidation for application credential
 1089 * Expose a bug that cache invalidation doesn't work for application credential
 1090 * Update the base class for application credential
 1091 * Fix list users by name
 1092 * Refactor self.\*\_api out of tests
 1093 * Use keystone.common.provider\_api for auth APIs
 1094 * Fix the wrong description
 1095 * Remove the redundant word
 1096 * Validate identity providers during token validation
 1097 * Update historical context about the removal of v2.0
 1098 * Document flat limit enforcement model
 1099 * add 'tags' in request body of projects
 1100 * Increase MySQL max\_connections for unit tests
 1101 * Add scope\_types for user policies
 1102 * Use native Zuul v3 tox job
 1103 * Update documentation to reflect system-scope
 1104 * Add a release note for application credentials
 1105 * Impose limits on application credentials
 1106 * Enable application\_credential auth by default
 1107 * Add api-ref for application credentials
 1108 * Add application credential auth plugin
 1109 * Add Application Credentials controller
 1110 * Zuul: Remove project name
 1111 * Refresh the admin\_token doc
 1112 * Remove pki\_setup step in doc
 1113 * Add documentation describing unified limits
 1114 * Handle TZ change in iso8601 >=0.1.12
 1115 * Remove PKI/PKIZ token in doc
 1116 * Add api-ref for unified limits
 1117 * Expose unified limit APIs
 1118 * Implement policies for limits
 1119 * Add limit provider
 1120 * Improve limit sql backend
 1121 * Replace Chinese punctuation with English punctuation
 1122 
 1123 13.0.0.0b3
 1124 ----------
 1125 
 1126 * Add release note for system-scope
 1127 * Implement GET /v3/auth/system
 1128 * Updated from global requirements
 1129 * Implement system-scoped tokens
 1130 * Document scope\_types for project policies
 1131 * Add scope\_types to trust policies
 1132 * Add scope\_types to grant policies
 1133 * Add scope\_types to role assignment policies
 1134 * Fix column rename migration for mariadb 10.2
 1135 * Remove foreign key for registered limit
 1136 * Introduce assertions for system-scoped token testing
 1137 * Implement system-scope in the token provider API
 1138 * Teach TokenFormatter how to handle system scope
 1139 * Remove the deprecated "giturl" option
 1140 * Relay system information in RoleAssignmentNotFound
 1141 * Rename application credential restriction column
 1142 * Update token doc
 1143 * Update keystone v2/tokenauth example
 1144 * Reorganize api-ref: v3-ext revoke.inc
 1145 * Reorganize api-ref: v3-ext ep-filter.inc
 1146 * Reorganize api-ref: v3-ext simple-cert.inc
 1147 * Reorganize api-ref: v3-ext federation projects-domains.inc
 1148 * Document scope\_types for credential policies
 1149 * Document scope\_types for ec2 policies
 1150 * Move token\_formatter to token
 1151 * Document fixes needed for token scope\_types
 1152 * Add scope\_types to service provider policies
 1153 * Add scope\_types to group policies
 1154 * Add scope\_types to domain config policies
 1155 * Add system column to app cred table
 1156 * Fix outdated links
 1157 * Add ability to list all system role assignments
 1158 * Add system role assignment documentation
 1159 * Add Application Credentials manager
 1160 * Handle TODO notes for using new\_user\_ref
 1161 * Updated from global requirements
 1162 * Add application credentials driver
 1163 * Make entries in policy\_mapping.rst consistent
 1164 * Add application credentials db migration
 1165 * Fix indentation in docs
 1166 * remove \_append\_null\_domain\_id decorator
 1167 * Fix wrong url in domains-config-v3.inc
 1168 * msgpack-python has been renamed to msgpack
 1169 * adjust response code order in 'regions-v3.inc'
 1170 * Fix wrong url in config-options.rst
 1171 * adjust response code order in 'authenticate-v3.inc'
 1172 * Reorganize api-ref: v3-ext endpoint-policy.inc
 1173 * Imported Translations from Zanata
 1174 * Extract expiration validation to utils
 1175 * Implement controller logic for system group assignments
 1176 * adjust response code order in ''policies.inc''
 1177 * adjust response code order in ''domains-config-v3.inc''
 1178 * put response code in table of ''domains.inc''
 1179 * adjust response code in order of credentials.inc
 1180 * fix wrong url link of User trusts
 1181 * Reorganize api-ref: v3-ext federation assertion.inc
 1182 * Implement controller logic for system user assignments
 1183 * Add schema check for authorize request token
 1184 * Remove whitespace from policy sample file
 1185 * Use keystone.common.provider\_api for trust APIs
 1186 * Add db operation for unified limit
 1187 * Add new tables for unified limits
 1188 * Fix federation unit test
 1189 * add response example and 'extra' info of create user
 1190 * Add scope\_types to domain policies
 1191 * Add scope\_types for policy policies
 1192 * Add scope\_types to oauth policies
 1193 * Add scope\_types to token revocation policies
 1194 * Add scope\_types to endpoint group policies
 1195 * Migrate jobs to zuulV3
 1196 * Add scope\_types to role policies
 1197 * Add scope\_types to implied role policies
 1198 * Add expired\_at\_int column to trusts
 1199 * Add scope\_types for revoke event policies
 1200 * Add scope\_types to protocol policies
 1201 * Add scope\_types to project endpoint policies
 1202 * Add scope\_types to policy association policies
 1203 * Add scope\_types to mapping policies
 1204 * Add scope\_types to identity provider policies
 1205 * Add scope\_types to service policies
 1206 * Handle InvalidScope exception from oslo.policy
 1207 * Use keystone.common.provider\_api directly in assignment
 1208 * Add scope\_types to region policies
 1209 * Add scope\_types to endpoint policies
 1210 * Expose a get\_enforcer method for oslo.policy scripts
 1211 * Reorganize api-ref: v3 project-tags
 1212 * Reorganize api-ref: v3 authenticate-v3
 1213 * Deprecate [trust]/enabled option
 1214 * Use keystone.common.provider\_api for resource APIs
 1215 * Re-organize api-ref: v3 inherit.inc
 1216 * Implement get\_unique\_role\_by\_name
 1217 * Reorganize api-ref: v3-ext federation projects-domains
 1218 * Reorganize api-ref: v3 regions-v3
 1219 * Reorganize api-ref: v3 policies
 1220 * Remove duplicated release note
 1221 * Reorganize api-ref: v3 credentials
 1222 * Reorganize api-ref: v3 domains-config-v3
 1223 * Reorganize api-ref: v3 service-catalog
 1224 * Reorganize api-ref: v3 projects
 1225 * Reorganize api-ref: v3 roles
 1226 * Use keystone.common.provider\_api for identity APIs
 1227 * Use keystone.common.provider\_api for revoke APIs
 1228 * Use keystone.common.provider\_api for policy APIs
 1229 * Use keystone.common.provider\_api for oauth APIs
 1230 * Use keystone.common.provider\_api for federation APIs
 1231 * Use keystone.common.provider\_api for endpoint\_policy APIs
 1232 * Use keystone.common.provider\_api for credential APIs
 1233 * Use keystone.common.provider\_api for catalog APIs
 1234 * Use keystone.common.provider\_api for token APIs
 1235 * modify LOG.error tip message
 1236 * Performance: improve get\_role
 1237 * Add group system grant policies
 1238 * Replace parse\_strtime with datetime.strptime
 1239 * Remove private methods for v2.0 and v3 tokens
 1240 * Ensure building scope is mutually exclusive
 1241 * Add user system grant policies
 1242 * Implement manager logic for group+system roles
 1243 * Implement manager logic for user+system roles
 1244 * Implement backend logic for system roles
 1245 * Add a new table for system role assignments
 1246 * Refactor project tags encoding
 1247 * Expose a bug when authorize request token
 1248 * Bump API version and date to 3.9
 1249 * Create doc/requirements.txt
 1250 * remove some misleading info in Update user API doc
 1251 * Updated from global requirements
 1252 * remove "admin\_token\_auth" related content"
 1253 * Remove rolling\_upgrade\_password\_hash\_compat
 1254 * Deprecate member\_role\_id and member\_role\_name
 1255 * Migrate functional tests to stestr
 1256 * Remove Dependency Injection
 1257 * Rename fernet\_utils to token\_utils
 1258 * Remove extra parameter for token auth
 1259 * Refresh sample\_data.sh
 1260 * Improve exception logging with 500 response
 1261 * Remove dead code for auth\_context
 1262 * Updated from global requirements
 1263 
 1264 13.0.0.0b2
 1265 ----------
 1266 
 1267 * Reorganize api-ref:v3 groups
 1268 * Handle deprecation of inspect.getargspec
 1269 * Enforce policy on oslo-context
 1270 * Correct error message for request token
 1271 * Refresh the Controller list
 1272 * Updated from global requirements
 1273 * Update keystone testing documentation
 1274 * Fix role schema in trust object
 1275 * Validate disabled domains and projects online
 1276 * Add New in Pike note to using db\_sync check
 1277 * Fix 500 error when create trust with invalid role key
 1278 * Expose a bug when create trust with roles
 1279 * Remove member role assignment
 1280 * Fix wrong links in keystone documentation
 1281 * Add schema check for OS-TRUST:trust authentication
 1282 * Expose a bug when authenticating for a trust-scoped token
 1283 * Update the help message for unique\_last\_password\_count
 1284 * Remove apache-httpd related link
 1285 * Populate user, project and domain names from token into context
 1286 * Remove setting of version/release from releasenotes
 1287 * Updated from global requirements
 1288 * Update cache doc
 1289 * Updated from global requirements
 1290 * Fix 500 error when authenticate with "mapped"
 1291 * Updated from global requirements
 1292 * Filter users/groups in ldap with whitespaces
 1293 * Deprecate policies API
 1294 * Change url in middleware test to v3
 1295 * Remove ensure\_default\_domain\_exists
 1296 * Ensure listing projects always returns tags
 1297 * Consolidate V2Controller functionality
 1298 * Remove v2 token value model
 1299 * Add non-voting rolling upgrade test
 1300 * Remove "no auth token" debug log
 1301 * Partially clarify federation auth plugins
 1302 * Handle ldap size limit exeeded exception
 1303 * policy.v3cloudsample.json: remove redundant blank space
 1304 * Remove expired password v2 test
 1305 * Remove v2 token test models
 1306 * Remove/update v2 catalog endpoint tests
 1307 * Remove unnecessary dependency injection
 1308 * Remove identity v2 to v3 test case
 1309 * Reorganize api-ref: v3 domains
 1310 * Correct parameter to follow convention
 1311 
 1312 13.0.0.0b1
 1313 ----------
 1314 
 1315 * Remove v2 schema and validation tests
 1316 * Implement project tags API controller and router
 1317 * Implement project tags logic into manager
 1318 * Implement backend logic for project tags
 1319 * Remove v2.0 assignment schema
 1320 * Add project tags api-ref documentation and reno
 1321 * Deleting an identity provider doesn't invalidate tokens
 1322 * Add policy for project tags
 1323 * Add JSON schema validation for project tags
 1324 * Fix initial mapping example
 1325 * Fix list in caching documentation
 1326 * Updated from global requirements
 1327 * Refactor test\_backend\_ldap tests
 1328 * Emit deprecation warning for federated domain/project APIs
 1329 * Reorganize api-ref: v3-ext federation auth
 1330 * Update the release name in install tutorial
 1331 * Reorganize api-ref: v3 users
 1332 * Add explain of mapping group attribute
 1333 * Remove v2.0 identity API documentation
 1334 * Add database migration for project tags
 1335 * Remove the v2\_deprecated decorator
 1336 * Remove the v3 to v2 resource test case
 1337 * Remove admin\_token\_auth steps from install guide
 1338 * Remove the v2.0 validate path from validate\_token
 1339 * Remove v2.0 test plumbing
 1340 * Remove v2.0 auth APIs
 1341 * Remove v2.0 token APIs
 1342 * Move auth header definitions into authorization
 1343 * Remove v2.0 identity APIs
 1344 * Use stestr directly instead of ostestr
 1345 * Remove middleware reference to PARAMS\_ENV and CONTEXT\_ENV
 1346 * Migrate to stestr
 1347 * Updated from global requirements
 1348 * Add default configuration files to data\_files
 1349 * Add unit tests to mapping\_purge
 1350 * Replace assertRegexpMatches with assertregex
 1351 * Update API reference link in README
 1352 * Refactor removal of duplicate projects/domains
 1353 * Update links in keystone
 1354 * Fix role assignment api-ref docs
 1355 * Update invalid url in admin docs
 1356 * Remove keystone-all doc
 1357 * Fix typos in bootstrap doc
 1358 * Properly normalize protocol in Fedrations update\_protocol
 1359 * Two different API achieve listing role assignments
 1360 * Add backport migrations for Pike
 1361 * Adds Bandit #nosec flag to instances of SHA1
 1362 * Policy exception
 1363 * Remove duplicate code
 1364 *   Fix a typo
 1365 * Increase multi region endpoints test coverage
 1366 * Replace DbMigrationError with DBMigrationError
 1367 * Confusing notes of ephemeral user's domain
 1368 * Confusing log messages in project hierarchy checking
 1369 * Remove vestigate HUDSON\_PUBLISH\_DOCS reference
 1370 * Add test GET for member url in the Assignment API
 1371 * Remove v2.0 resource APIs
 1372 * Remove v2.0 assignment APIs
 1373 * Remove v2.0 service and endpoint APIs
 1374 * Fix endpoint examples in api-ref
 1375 * Copy specific distro pages for install guide
 1376 * Imported Translations from Zanata
 1377 * Log format error
 1378 * Updated from global requirements
 1379 * Ignore release notes for pike and master
 1380 * Clarify documentation for release notes
 1381 * Revert "Fix wrong links"
 1382 * Remove missing release note from previous revert
 1383 * Include a link in release note for bug 1698900
 1384 * Delete redundant code
 1385 * Call methods with kwargs instead of positionals
 1386 * Remove duplicate roles from federated auth
 1387 * Add the step to create a domain
 1388 * Add int storage of datetime for password created/expires
 1389 * Resource backend is SQL only now
 1390 * Assert default project id is not domain
 1391 * Fix wrong links
 1392 * Imported Translations from Zanata
 1393 * Remove deprecation of domain\_config\_upload
 1394 * Update reno for stable/pike
 1395 
 1396 12.0.0.0rc1
 1397 -----------
 1398 
 1399 * Unset project ids for all identity backends
 1400 * Update docs: fernet is the default provider
 1401 * Add description for relationship links in api-ref
 1402 * Updated URLs in docs
 1403 * Cache list projects and domains for user
 1404 * Remove unused hints from assignment APIs
 1405 * Make an error state message more explicit
 1406 * Fill in content in CLI Documentation
 1407 * Except forbidden when clearing default project IDs
 1408 * Update URL in README.rst
 1409 * Document required \`type\` mapping attribute
 1410 * Imported Translations from Zanata
 1411 * Fix man page builds
 1412 * Fill in content in User Documentation
 1413 * Clarify SELinux note in LDAP documentation
 1414 * Remove duplicate sample files
 1415 * Remove policy for self-service password changes
 1416 * Add role\_domain\_id\_request\_body in parameters
 1417 * use the show-policy directive to show policy settings
 1418 * Move credential encryption docs to admin-guide
 1419 * Consolidate LDAP documentation into admin-guide
 1420 * Imported Translations from Zanata
 1421 * Add description of domain\_id in creating user/group
 1422 * Add cli/ directory for documentation
 1423 * Add user/ directory for documentation
 1424 * Add contributor/ directory for docs
 1425 * Removed unnecessary setUp() calls from unit tests
 1426 * Filter users and groups in ldap
 1427 * Move url safe naming docs to admin guide
 1428 * Fix ec2tokens validation in v2 after regression in metadata\_ref removal
 1429 * Add the step to install apache2 libapache2-mod-wsgi
 1430 * Handle auto-generated domains when creating IdPs
 1431 * Updated from global requirements
 1432 * Fix the documentation sample for OS-EP-FILTER
 1433 
 1434 12.0.0.0b3
 1435 ----------
 1436 
 1437 * Clarify documentation on whitelists and blacklists
 1438 * In the devstack plugin, restart keystone after modifying conf
 1439 * Fix typo in index documentation
 1440 * Move performance documentation to admin-guide
 1441 * Consolidate certificate docs to admin-guide
 1442 * Move auth plugin development doc to contrib guide
 1443 * Add missing comma to json sample
 1444 * Added new subsections to developer docs
 1445 * Fix wording of configuration help text
 1446 * Added index.rst in each sub-directory
 1447 * Optional request parameters should be not required
 1448 * Updated from global requirements
 1449 * Move development environment setup to contributor docs
 1450 * Add a hacking rule for string interpolation at logging
 1451 * Make the devstack plugin more configurable for federation
 1452 * Reorganised developer documentation
 1453 * Enable sphinx todo extension
 1454 * Remove duplicate configuration sections
 1455 * Expanded the best practices subsection in devdocs
 1456 * Added new docs to admin section
 1457 * Move bootstrapping documentation to admin-guide
 1458 * Updated from global requirements
 1459 * Add a release note for bug 1687593
 1460 * Reorganised api-ref index page
 1461 * remove default rule
 1462 * Merged the caching subsections in admin docs
 1463 * Move trust to DocumentedRuleDefault
 1464 * Improved the keystone federation image
 1465 * [install] Clarify the paths of the rc files
 1466 * fix identity:get\_identity\_providers typo
 1467 * fix assert\_admin
 1468 * Fixing flushing tokens workflow
 1469 * Replaced policy.json with policy.yaml
 1470 * Added configuration options using oslo.config
 1471 * Added configuration references to documentation
 1472 * Add history behind why keystone has two ports
 1473 * Move upgrade documentation to admin-guide
 1474 * Stop using deprecated 'message' attribute in Exception
 1475 * Move caching docs into admin-guide
 1476 * Gear documentation towards a wider audience
 1477 * Removed apache-httpd guide from docs
 1478 * Update security compliance documentation
 1479 * A simple fix about explicit unscoped string
 1480 * Remove duplicate token docs
 1481 * Update info about logging in admin guide
 1482 * Use log debug instead of warning
 1483 * Added a note for API curl examples
 1484 * Move import down to correct group
 1485 * Switch from oslosphinx to openstackdocstheme
 1486 * Clarify LDAP invalid credentials exception
 1487 * Ensure there isn't duplication in federated auth
 1488 * Remove keystone\_tempest\_plugin from setup.cfg
 1489 * Move implied role policies to DocumentedRuleDefault
 1490 * Remove duplicated list conversion
 1491 * Remove duplicated hacking rule
 1492 * Document and add release note for HEAD APIs
 1493 * Validate rolling upgrade is run in order
 1494 * Remove duplicate logging documentation
 1495 * Migrated docs from devdocs to user docs
 1496 * Updated from global requirements
 1497 * Remove note about kvs from admin-guide
 1498 * Move token flush documentation to admin-guide
 1499 * Remove the revocation api config section
 1500 * Rename Developer docs to Contributor docs
 1501 * Removed unnecessary line breaks from install-guides
 1502 * Added keystone installation guides
 1503 * Implement HEAD for assignment API
 1504 * Make federation documentation consistent
 1505 * Added keystone admin guides to documentation
 1506 * Add annotation about token authenticate
 1507 * Split test\_get\_head\_catalog\_no\_token
 1508 * Move related project information into main doc
 1509 * Move ec2 credential policies to DocumentedRuleDefault
 1510 * Return 400 when trying to create trust with ambiguous role name
 1511 * Reorganised keystone documentation structure
 1512 * Updated the keystone docs to follow the docs theme
 1513 * Fix PCI DSS docs on change\_password\_after\_first\_use
 1514 * Add HEAD API to auth
 1515 * Add HEAD APIs to federated API
 1516 * Ensure the trust API supports HEAD requests
 1517 * Ensure oauth API supports HEAD
 1518 * Ensure the endpoint policy API supports HEAD
 1519 * Improve handling of database migration checks
 1520 * Updated from global requirements
 1521 * Check log output rather than emitting in tests
 1522 * Ensure HEAD is supported with simple cert
 1523 * Ensure the ec2 API supports HEAD
 1524 * Ensure the endpoint filter API supports HEAD
 1525 * Move domain config to DocumentedRuleDefault
 1526 * Add HEAD API to domain config
 1527 * Updated from global requirements
 1528 * Move grant policies to DocumentedRuleDefault
 1529 * Move role policies to DocumentedRuleDefault
 1530 
 1531 12.0.0.0b2
 1532 ----------
 1533 
 1534 * Use DocumentedRuleDefault for token operations
 1535 * Remove the local tempest plugin
 1536 * Add response example in authenticate-v3.inc
 1537 * Addition of "type" optional attribute to list credentials
 1538 * Remove keystone.conf if not used
 1539 * Updated from global requirements
 1540 * Remove assertRaisesRegexp testing function
 1541 * Update DirectMappingError in keystone.exception
 1542 * Remove dependency requires if not used
 1543 * Add role test to test\_consume\_trust\_once in test\_v3\_auth.py
 1544 * Writing API & Scenario Tests docs
 1545 * Handle group NotFound in effective assignment list
 1546 * Updated from global requirements
 1547 * Update doctor warning about caching
 1548 * Basic overview of tempest and devstack plugins
 1549 * Updated from global requirements
 1550 * Updated from global requirements
 1551 * Don't need to contruct data if not need persistence
 1552 * Fix response body of getting role inference rule
 1553 * Quotation marks should be included in http url using curl
 1554 * Updated from global requirements
 1555 * Replace test.attr with decorators.attr
 1556 * Update test case for federation
 1557 * Support new hashing algorithms for securely storing password hashes
 1558 * Remove loading drivers outside of their expected namespaces
 1559 * Change LDAPServerConnectionError
 1560 * Error api about grant collections in policy\_mapping.rst
 1561 * Updated from global requirements
 1562 * Handle NotFound when listing role assignments for deleted users
 1563 * Update sample configuration file for Pike
 1564 * Change url scheme passed to oauth signature verifier
 1565 * Updated from global requirements
 1566 * Role name is unique within the owning domain
 1567 * Remove LDAP delete logic and associated tests
 1568 * Revert change 438035 is\_admin\_project default
 1569 * Trivial fix typo in doc
 1570 * Fix misnamed variable in config
 1571 * Change url passed to oauth signature verifier to request url
 1572 * Expose a bug in domain creation from idps
 1573 * Role name is unique within the owning domain
 1574 * Refactor is\_admin
 1575 * Update fail message to test\_database\_conflicts
 1576 * Fix keystone.tests.unit.test\_v3\_oauth1.MaliciousOAuth1Tests
 1577 * Test config option 'user\_enabled\_default' with string type value
 1578 * Stop using oslotest.mockpatch
 1579 * Remove X-Auth-Token from response parameters
 1580 * Fix test\_minimum\_password\_age\_and\_password\_expires\_days\_deactivated
 1581 * Refactor Authorization:
 1582 * Cleanup policy generation
 1583 * Fix test keystone.tests.unit.test\_token\_bind.BindTest
 1584 * Fix keystone.tests.unit.test\_backend\_ldap.LDAPIdentity
 1585 * Remove test\_metadata\_invalid\_contact\_type
 1586 * Update dead API spec links
 1587 * override config option notification\_opt\_out with list
 1588 * Add filter explain in api ref about parents\_as\_list and subtree\_as\_list
 1589 * use '&' instead of '?' to connect parameters in url
 1590 * Remove usage of enforce\_type
 1591 * Revise doc about python 3.4
 1592 * Update Devstack plugin for uwsgi and mod\_proxy\_uwsgi
 1593 * Add notes in inherit.inc
 1594 * Do not fetch group assignments without groups
 1595 * Readability enhancements to architecture doc
 1596 * Add response examples to OS-OAUTH1 api documentation
 1597 * Correct oauth create\_request\_token documentation
 1598 * Remove unused CONF
 1599 * Remove unused LOG
 1600 * Move policy generator config to config-generator/
 1601 * Include sample policy file in documentation
 1602 * Trivial Fix: fix typo in test comments
 1603 * Move user policies to DocumentedRuleDefault
 1604 * Explicitly set 'builders' option
 1605 * Make flushing tokens more robust
 1606 * Minor corrections in OS-OAUTH1 api documentation
 1607 * Fix-test-of-assertValidRole
 1608 * Small refactoring in tests development docs
 1609 * Move endpoint group to DocumentedRuleDefault
 1610 * Fix doc generation for python 3
 1611 
 1612 12.0.0.0b1
 1613 ----------
 1614 
 1615 * Updated from global requirements
 1616 * Imported Translations from Zanata
 1617 * Updated scope parameter description in v3 API-ref
 1618 * Add Apache License Content in index.rst
 1619 * Address comments from Policy in Code 5
 1620 * Remove unused revocation check in revoke\_models
 1621 * Updated from global requirements
 1622 * Remove unused code in test\_revoke
 1623 * Move group policies to DocumentedRuleDefault
 1624 * Move consumer to DocumentedRuleDefault
 1625 * Move access token to DocumentedRuleDefault
 1626 * Move mapping to DocumentedRuleDefault
 1627 * Move role assignment to DocumentedRuleDefault
 1628 * Move region policies to DocumentedRuleDefault
 1629 * Move project endpoint to DocumentedRuleDefault
 1630 * Remove unnecessary processing when deleting grant
 1631 * Add sem-ver flag so pbr generates correct version
 1632 * Move protocol to DocumentedRuleDefault
 1633 * Move credential policies to DocumentedRuleDefault
 1634 * Move policy association to DocumentedRuleDefault
 1635 * Move and refactor test\_revoke\_by\_audit\_chain\_id
 1636 * Move policy policies to DocumentedRuleDefault
 1637 * Move and refactor project\_and\_user\_and\_role
 1638 * Updated from global requirements
 1639 * Move and refactor test\_by\_domain\_domain
 1640 * Move and refactor test\_by\_domain\_project
 1641 * Move and refactor test\_by\_domain\_user
 1642 * Remove unused method \_sample\_data in test\_revoke
 1643 * Refactor test\_revoke to call check\_token directly
 1644 * Differentiate between dpkg and rpm for libssl-dev
 1645 * Move auth to DocumentedRuleDefault
 1646 * Move service policies to DocumentedRuleDefault
 1647 * Remove unnecessary setUp function in testcase
 1648 * Remove policy file from source and refactor tests
 1649 * Remove revocation API dependency from identity API
 1650 * Remove revocation API dependency from resource API
 1651 * Move project policies to DocumentedRuleDefault
 1652 * Replace wip with skip
 1653 * Removed domain conflict guard in load\_fixtures
 1654 * Updated from global requirements
 1655 * Remove create\_container\_group from tests
 1656 * Add charset to webob.Response
 1657 * Move identity provider to DocumentedRuleDefault
 1658 * Move endpoint policies to DocumentedRuleDefault
 1659 * Move domain policies to DocumentedRuleDefault
 1660 * Move service provider to DocumentedRuleDefault
 1661 * Add policy sample generation
 1662 * Removed the deprecated pki\_setup command
 1663 * Reduce fixture setup in test\_backend\_ldap
 1664 * Consolidate and cleanup test\_backend\_ldap setup
 1665 * Remove conflict guards in load\_fixtures
 1666 * Remove orphaned \_create\_context test helper
 1667 * Remove decorator for asserting validation errors
 1668 * Remove orphaned AuthTestMixin from test\_v3
 1669 * Move revoke events to DocumentedRuleDefault
 1670 * Doc db\_sync --expand incurring downtime in upgrades to Newton
 1671 * Fix some reST field lists in docstrings
 1672 * Remove log translations in keystone
 1673 * Move release note from /keystone/releasenotes to /releasenotes
 1674 * Small fixes for WebOb 1.7 compatibiltity
 1675 * Error messages are not translating with locale
 1676 * Add a note to db\_sync configuration section
 1677 * Remove unused revoke\_by\_domain\_role\_assignment
 1678 * Remove unused revoke\_by\_project\_role\_assignment
 1679 * Remove unnecessary revocation events revoke grant
 1680 * Remove unnecessary revocation events
 1681 * Remove unnecessary revocation events
 1682 * Policy in code (part 5)
 1683 * Policy in code (part 4)
 1684 * Set the correct in-code policy for ec2 operations
 1685 * Don't persist revocation events when deleting a role
 1686 * Policy in code (part 3)
 1687 * Policy in code (part 2)
 1688 * Policy in code
 1689 * Speed up check\_user\_in\_group for LDAP users
 1690 * Don't persist rev event when deleting access token
 1691 * Include the requested URL in authentication errors
 1692 * Remove extra duplicate 'be' in description
 1693 * Add group\_members\_are\_ids to whitelisted options
 1694 * Use HostAddressOpt for opts that accept IP and hostnames
 1695 * Remove x-subject-token in api-ref for v3/auth/catalog
 1696 * Add reno conventions to developer documentation
 1697 * Updated from global requirements
 1698 * Fix description for 204 response
 1699 * Updated from global requirements
 1700 * Remove keystone.common.ldap
 1701 * Fix the typo
 1702 * Add in-code comment to clarify pattern in tests
 1703 * Fix keystone.o.o URL
 1704 * Test for fernet rotation recovery after disk full
 1705 * API-ref return code fix
 1706 * Updated from global requirements
 1707 * Imported Translations from Zanata
 1708 * Fix api-ref building with sphinx 1.5
 1709 * Change is\_admin\_project to False by default
 1710 * Remove pbr warnerrors in favor of sphinx check
 1711 * Move driver loading inside of dict
 1712 * Minor cleanup from patch 429047
 1713 * Remove password\_expires\_ignore\_user\_ids
 1714 * Remove unused variable
 1715 * Revise conf param in releasenotes
 1716 * Modify examples to use v3 URLs
 1717 * Fix duplicate handling for user-specified IDs
 1718 * Removing group role assignments results in overly broad revocation events
 1719 * Typos in the LoadAuthPlugins note
 1720 * Remove domains \*-log-\* from compile\_catalog
 1721 * Add instruction to restart apache
 1722 * Exchange cURL examples for openstackclient
 1723 * Updated from global requirements
 1724 * Remove x-subject-token in api-ref for v3/auth/{projects,domains}
 1725 * Exclusively use restore\_padding method in unpacking fernet tokens
 1726 * Remove EndpointFilterCatalog
 1727 * Give a prospective removal date for all v2 APIs
 1728 * Fix some typo in releasenotes
 1729 * Correct and enhance OpenId Connect docs
 1730 * Imported Translations from Zanata
 1731 * Correct and enhance Mellon federation docs
 1732 * Clear the project ID from user information
 1733 * Fix MFA rule checks for LDAP auth
 1734 * Fix v2 role create schema validation
 1735 * Update reno for stable/ocata
 1736 * Fix the s3tokens endpoint
 1737 * Stop reading local config dirs for domain-specific file config driver
 1738 * Fix typo in config doc
 1739 * Updated from global requirements
 1740 * Fix example response formatting
 1741 * Rename protocol cascade delete migration file
 1742 * Remove logging import unused
 1743 * Address db\_sync check against new install
 1744 * Deprecate (and slate for removal) UUID tokens
 1745 * Remove the file encoding which is unnecessary
 1746 * Correct some typo errors
 1747 * Federated mapping doc improvements
 1748 * Include 'token' in the method list for federated scoped tokens
 1749 * Add --check to keystone-manage db\_sync command
 1750 * Deprecate (and emit message) AdminTokenAuthMiddleware
 1751 * Use ostestr instead of the custom pretty\_tox.sh
 1752 * Fix multiple uuid warnings with pycadf
 1753 * Add unit test for db\_sync run out of order
 1754 * Fixed warning when building keystone docs
 1755 * Ensure migration file names are unique to avoid caching errors
 1756 * use the correct bp link for shadow-mapping rel note
 1757 * Readability/Typo Fixes in Release Notes
 1758 * Remove unused api parameters
 1759 * Make use of Dict-base including extras explicit
 1760 * Add placeholder migrations for Ocata
 1761 * Update hacking version
 1762 * Use httplib constants for http status codes
 1763 * Renaming of api parameters
 1764 * Remove KVS code
 1765 
 1766 11.0.0
 1767 ------
 1768 
 1769 * Modify the spelling mistakes
 1770 * Stop reading local config dirs for domain-specific SQL config driver
 1771 * Prepare for using standard python tests
 1772 * update keystone.conf.sample for ocata-rc
 1773 * Add MFA Rules Release Note
 1774 * Remove de-dupe for MFA Rule parsing
 1775 * Add comment to clarify resource-options jsonschema
 1776 * Cleanup TODO, AuthContext and AuthInfo to auth.core
 1777 * Cleanup TODO about auth.controller code moved to core
 1778 * Add validation that token method isn't needed in MFARules
 1779 * Add validation for mfa rule validator (storage)
 1780 * Process and validate auth methods against MFA rules
 1781 * Update endpoint api for optional region\_id
 1782 * No need to enable infer\_roles setting
 1783 * Fix bad error message from FernetUtils
 1784 * Use https for docs.openstack.org references
 1785 * Update PCI documenation
 1786 * Auth Plugins pass data back via AuthHandlerResponse
 1787 * Auth Method Handlers now return a response object always
 1788 * Add MFA Rules and Enabled User options
 1789 * cleanup release notes from PCI options
 1790 * Create user option \`ignore\_lockout\_failure\_attempts\`
 1791 * Implement better validation for resource options
 1792 * Deprecate [security\_compliance]\password\_expires\_ignore\_user\_ids
 1793 * Fixes deprecations caused by latest oslo.context
 1794 * PCI-DSS Force users to change password upon first use
 1795 * clean up release notes for ocata
 1796 * Reuse already existing groups from upstream tempest config
 1797 * add additional deprecation warnings for KVS options
 1798 * Address follow-up comments from previous patchset
 1799 * Cleanup for resource-specific options
 1800 * Adds tests showing how mapping locals are handled
 1801 
 1802 11.0.0.0b3
 1803 ----------
 1804 
 1805 * Add 'options' as an explicit user schema validation
 1806 * Code-Defined Resource-specific Options
 1807 * Set the domain for federated users
 1808 * Refactor shadow users tests
 1809 * Add domain\_id to the user table
 1810 * Do not call \`to\_dict\` outside of a session context
 1811 * Remove code supporting moving resources between domains
 1812 * Change unit test class to a less generic name
 1813 * Remove dogpile.core dependencies
 1814 * Verbose breakup of method into seperate methods
 1815 * Fixed unraised exception in \_disallow\_write for LDAP
 1816 * Add password expiration queries for PCI-DSS
 1817 * Add missing parentheses
 1818 * Add queries for federated attributes in list\_users
 1819 * update entry points related to paste middleware
 1820 * Remove LDAP write support
 1821 * Remove releated role\_tree\_dn test
 1822 * Add warning about using \`external\` with federation
 1823 * Allow user to change own expired password
 1824 * Fix warnings generated by os-api-ref 1.2.0
 1825 * Improvements to external auth documentation page
 1826 * Test cross domain authentication via implied roles
 1827 * Updates to project mapping documentation
 1828 * Add documentation for auto-provisioning
 1829 * Implement federated auto-provisioning
 1830 * Fix typo in main docs page
 1831 * switch @hybrid\_property to @property
 1832 * Catch potential SyntaxError in federation mapping
 1833 * Fix typo in shibboleth federation docs
 1834 * Handling of 'region' parameter as None
 1835 * Corrected punctuation on multiple exceptions
 1836 * Exclude 'keystone\_tempest\_plugin' in doc build
 1837 * Force use of AuthContext object in .authentcate()
 1838 * Cascade delete federated\_user fk
 1839 * update sample config for ocata release
 1840 * Drop type in filters
 1841 * Add DB operations tracing
 1842 * fix broken links
 1843 * Changed 'Driver' reference to 'TokenDriverBase'
 1844 * Fix keystone-manage mapping\_engine tester
 1845 * Add anonymous bind to get\_connection method
 1846 * Set connection timeout for LDAP configuration
 1847 * Invalid parameter name on interface
 1848 * Bump API version and date
 1849 * listing revoke events should be admin only
 1850 * Adds projects mapping to the mapping engine
 1851 * Updated docstring for test\_sql\_upgrade.py
 1852 * Use public interfaces of pep8 for hacking
 1853 * [api-ref] Clean up OS-EP-FILTER association docs
 1854 * Remove comment from previous migration
 1855 * [api-ref] Clean up OS-EP-FILTER documentation
 1856 * Fixed not in toctree warnings when building docs
 1857 * Remove stevedore warning when building docs
 1858 * Update docs to require domain\_id when registering Identity Providers
 1859 * Retry on deadlock Transactions in backend
 1860 * Fix region\_id responses and requests to be consistent
 1861 * Remove endpoint\_id parameter from EP-FILTER docs
 1862 * [api] fix ep filter example
 1863 * Require domain\_id when registering Identity Providers
 1864 * Fix minor typo
 1865 * Remove references to Python 3.4
 1866 * Improve assertion in test
 1867 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1868 * Correct invalid rst in api docs
 1869 * Fixed 7 tests running twice in v3 identity
 1870 * Fix issues with keystone-dsvm-py35-functional-v3-only on py35
 1871 * Fix the usage of tempest.client.Manager class
 1872 * Correct timestamp format in token responses
 1873 * Remove unused exceptions from CADF notifications
 1874 * Minor improvement in test\_user\_id\_persistence
 1875 * Remove CONF.domain\_id\_immutable
 1876 * Fix test function name with two underscores to have only one
 1877 * Updated from global requirements
 1878 * Fix import ordering in tempest plugins
 1879 * [api] Inconsistency between v3 API and keystone token timestamps
 1880 * Federated authentication via ECP functional tests
 1881 * Removes unnecessary utf-8 encoding
 1882 * Handle disk write failure when doing Fernet key rotation
 1883 * Fix cloud\_admin rule and ensure only project tokens can be cloud admin
 1884 * Updated from global requirements
 1885 * Remove duplicate role assignment in federated setup
 1886 * Remove unused variables from federation tests
 1887 * Remove unused variables from unit test method
 1888 * Add reason to CADF notifications in docs
 1889 * [doc] point release note docs to project team guide
 1890 * [api] set \`is\_admin\_project\` on tokens for admin project
 1891 * Settings for test cases
 1892 * Add reason to notifications for PCI-DSS
 1893 * Fix typo in doc
 1894 * fix one typo
 1895 * Updated from global requirements
 1896 * Wrap invalidation region to context-local cache
 1897 * move common sql test helpers to base class
 1898 * Use assertGreater(len(x), y) instead of assertTrue(len(x) > y)
 1899 * replace assertTrue with assertIs
 1900 
 1901 11.0.0.0b2
 1902 ----------
 1903 
 1904 * Replace logging with oslo\_log
 1905 * expose v3policy failure with is\_admin\_token
 1906 * Add doctor checks for ldap symptoms
 1907 * Implement password requirements API
 1908 * Fix a typo in comment
 1909 * Add unit tests for doctor token\_fernet symptoms
 1910 * Remove impossible case from \_option\_dict method
 1911 * Make \_option\_dict() a method for domain\_config\_api
 1912 * Add unit tests for doctor tokens symptoms
 1913 * Add checks for doctor credential symptoms
 1914 * Make user to nonlocal\_user a 1:1 relationship
 1915 * Add id to conflict error if caused by duplicate id
 1916 * Refactors \_get\_names\_from\_role\_assignments
 1917 * Do not manually remove /etc/shibboleth folder
 1918 * API Documentation for user password expires
 1919 * Revert "API Documentation for user password expires"
 1920 * API Documentation for user password expires
 1921 * Clean up keystone doc landing page
 1922 * Add doctor tests on security\_compliance and rename
 1923 * Fix typo in api-ref doc
 1924 * Move V2TokenDataHelper to the v2.0 controller
 1925 * Remove exception from v2 validation path
 1926 * Make bootstrap idempotent when it needs to be
 1927 * Add unit tests for doctor's database symptoms
 1928 * Print name with duplicate error on user creation
 1929 * Expose idempotency issue with bootstrap
 1930 * Print domain name in mapping\_populate error message
 1931 * Correct missspellings of secret
 1932 * Trivial indentation corrections in mappings doc
 1933 * Add doctor check for debug mode enabled
 1934 * Fixed multiple warnings in tox -edocs
 1935 * Get assignments with names honors inheritance flag
 1936 * Updated from global requirements
 1937 * Add test to expose bug 1625230
 1938 * Invalidate token cache after token delete
 1939 * Revert "Rename doctor symptom in security\_compliance"
 1940 * Domain included for role in list\_role\_assignment
 1941 * api-ref update for roles assignments with names
 1942 * Rename doctor symptom in security\_compliance
 1943 * Corrects sample-data incorrect credential call
 1944 * Correct minor issues in test schema
 1945 * Add unit tests for doctor federation file
 1946 * Remove CONF.os\_inherit.enabled
 1947 * Add unit tests for doctor's caching symptoms
 1948 * Updated from global requirements
 1949 * Updated from global requirements
 1950 * More info in schema validation error
 1951 * Minor fix in role\_assignments api-ref
 1952 * Include mapped in the default auth methods
 1953 * Validate token issue input
 1954 * Removes unused exceptions
 1955 * Removes unused method from assignment core
 1956 * Removes unused default\_assignment\_driver method
 1957 * Removed unused EXTENSION\_TO\_ADD test declarations
 1958 * Use sha512.hash() instead of .encrypt()
 1959 * Don't invalidate all user tokens of roleless group
 1960 * Upload service provider metadata to testshib
 1961 * Updated from global requirements
 1962 * SAML federation docs refer to old WSGIScriptAlias
 1963 * cache\_on\_issue default to true
 1964 * Make try/except work for passlib 1.6 and 1.7
 1965 * Document token header in federation auth response
 1966 * Refactor Keystone admin-tokens and admin-users v2
 1967 * ignore deprecation warning for .encrypt()
 1968 * Send the identity.deleted.role\_assignment after the deletion
 1969 * Allow fetching an expired token
 1970 * Show team and repo badges on README
 1971 * Remove eventlet-related call to sleep
 1972 * Add a comment about not using assertTrue
 1973 * clean up developer docs
 1974 * Improvements in error messages
 1975 * Remove trailing "d" from -days param of OpenSSL command
 1976 * Swap the notification formats in the docs
 1977 * Normalizes use of ForbiddenAction in trusts
 1978 * Enable CADF notification format by default
 1979 * Remove unused statements in matches
 1980 * Fix doc example
 1981 * Remove extension and auth\_token middleware docs
 1982 * Move docs from key\_terms to architecture
 1983 * move content from configuringservices to configuration
 1984 * Update configuration.rst documentation
 1985 * Verbose 401/403 debug responses
 1986 * Fix the misspelling in \`keystone/tests/unit/test\_cli.py\`
 1987 * refactor notification test to work with either format
 1988 * Clarify the v2.0 validation path
 1989 * Remove metadata from token provider
 1990 * Lockout ignore user list
 1991 * Add developer docs for keystone-manage doctor
 1992 * [api] add changelog from 3.0 -> 3.7
 1993 * Devstack plugin to federate with testshib.org
 1994 * Remove entry\_points to non-existent drivers
 1995 * Fix typo in doc
 1996 
 1997 11.0.0.0b1
 1998 ----------
 1999 
 2000 * remove release note about LDAP write removal
 2001 * Change "Change User Password" request example
 2002 * Fixes remaining nits in endpoint\_policy tests
 2003 * Remove reference to future removal of saml
 2004 * Limits config fixture usage to where it's needed
 2005 * Updated from global requirements
 2006 * Remove format\_token method
 2007 * Remove issue\_v3\_token in favor of issue\_token
 2008 * Remove issue\_v2\_token
 2009 * refactor the token controller
 2010 * Use issue\_v3\_token instead of issue\_v2\_token
 2011 * Updates to the architecture doc
 2012 * Support nested groups in Active Directory
 2013 * Add healthcheck middleware to pipelines
 2014 * Request cache should not update context
 2015 * Change cfg.set\_defaults into cors.set\_defaults
 2016 * Updated from global requirements
 2017 * Updated from global requirements
 2018 * Doc warning for keystone db migration
 2019 * Wording error in upgrading documentation
 2020 * Updated from global requirements
 2021 * fix credentials backend tests
 2022 * Allow running expand & migrate at the same time
 2023 * Add test cases for passing "None" as a hint
 2024 * Fix test\_revoke to run all tests after pki removal
 2025 * Updated from global requirements
 2026 * Switch fernet to be the default token provider
 2027 * Remove support for PKI and PKIz tokens
 2028 * Doc the difference between memcache and cache
 2029 * Doctor ldap check fix for config files
 2030 * Additional logging when authenticating
 2031 * Document OS-SIMPLE-CERT Routes
 2032 * Document v2 Revoked Token Route
 2033 * Add api-ref /auth/tokens/OS-PKI/revoked (v3)
 2034 * Fix broken links in the docs
 2035 * Add structure for Devstack plugin
 2036 * Add bindep environment to tox
 2037 * Pass a request to controllers instead of a context
 2038 * Create default role as a part of bootstrap
 2039 * Updated from global requirements
 2040 * Don't deprecate the LDAP property which is still needed
 2041 * Clarifying on the remove of \`build\_auth\_context\` middleware
 2042 * log.error use \_ of i18n
 2043 * Doctor check for LDAP domain specific configs
 2044 * Updated from global requirements
 2045 * Updated from global requirements
 2046 * Validate mapping exists when creating/updating a protocol
 2047 * Remove new\_id() in test\_revoke
 2048 * Adds warning when no domain configs were uploaded
 2049 * Add release note for fernet tokens
 2050 * Tweak api-ref doc for v3 roles
 2051 * Tweak api-ref doc for v3 roles status codes
 2052 * Reorder APIs in api-ref for v3 groups
 2053 * [api-ref] Remove the duplicated sample
 2054 * Follow-on of memcache token persistence removal
 2055 * changed domain id to name in JSON request
 2056 * More configuration doc edits
 2057 * Remove backend dependencies from token provider
 2058 * Updated from global requirements
 2059 * [api-ref] Fix couple of issues on OS-INHERIT API
 2060 * Code cleanup
 2061 * Replace tenant with project for keystone catalog
 2062 * Imported Translations from Zanata
 2063 * Update, correct, and enhance federation docs
 2064 * Invalidate trust when the related project is deleted
 2065 * Remove unused arg(project and initiator)
 2066 * Drop MANIFEST.in - it's not needed by pbr
 2067 * Ignore unknown arguments to fetch\_token
 2068 * Return password\_expires\_at during auth
 2069 * Move the token abstract base class out of core
 2070 * Add is\_admin\_project to policy dict
 2071 * Fix a typo in token\_formatters.py
 2072 * Improve check\_token validation performance
 2073 * Add revocation event indexes
 2074 * Add docs for PCI-DSS
 2075 * Invalidate trust when the trustor or trustee is deleted
 2076 * Updated from global requirements
 2077 * [api] add a note about project name restrictions
 2078 * One validate method to rule them all..
 2079 * Simplify the KeystoneToken model
 2080 * Remove validate\_v2\_token() method
 2081 * [api] remove \`user\_id\` and \`project\_id\` from policy
 2082 * Remove the decorator where it's not applied
 2083 * Optimize remove unused variable
 2084 * Remove those redundant variable declaration
 2085 * [doc] Correct mapping JSON example
 2086 * Remove no use variable (domain\_id)
 2087 * Remove redundant variable declaration
 2088 * Deprecate \`endpoint\_filter.sql\` backend
 2089 * remove deprecated \`[endpoint\_policy] enable\` option
 2090 * Pass initiator to Manager as a kwarg
 2091 * create release notes for removed functionality
 2092 * Remove driver version specifiers from tests
 2093 * Enable release notes translation
 2094 * Remove driver version from identity backend test names
 2095 * Remove driver version from docs
 2096 * Updated from global requirements
 2097 * Default the assignment backend to SQL
 2098 * remove legacy driver tox target
 2099 * Use validate\_v3\_token instead of validate\_token
 2100 * Ensure all v2.0 tokens are validated the same way
 2101 * Make sure all v3 tokens are validated the same way
 2102 * re-add valid comment about None domain ID
 2103 * Default the resource backend to SQL
 2104 * Make returning is\_domain conditional
 2105 * Move audit initiator creation to request
 2106 * Don't validate token expiry in the persistence backend
 2107 * Add tests for validating expired tokens
 2108 * Fix a typo in \_init\_.py
 2109 * Remove password history validation from admin password resets
 2110 * Updating the document regarding LDAP options
 2111 * Updated from global requirements
 2112 * Remove the unused sdx doc files
 2113 * Updated from global requirements
 2114 * Remove the no use arg (auth=None)
 2115 * Fix typo in docstring
 2116 * Tweak api-ref for v3 groups status codes
 2117 * Updated from global requirements
 2118 * Add Apache 2.0 license to source file
 2119 * Fix a typo in core.py and bp-domain-config-default-82e42d946ee7cb43.yaml
 2120 * Validate password history for self-service password changes
 2121 * Make test\_v3\_auth exercise the whole API
 2122 * Remove stable driver interfaces
 2123 * Updated from global requirements
 2124 * Remove the check for admin token in build\_auth\_context middleware
 2125 * Reorder APIs in api-ref doc for v3 users
 2126 * Fix a docstring typo in test\_v3\_resource.py
 2127 * Using assertIsNone(...) instead of assertIs(None, ...)
 2128 * Updated from global requirements
 2129 * remove deprecated items from contrib
 2130 * Update man page for Ocata release version and date
 2131 * Using assertIsNone() instead of assertIs(None)
 2132 * Remove default=None when set value in config
 2133 * Undeprecate options used for signing
 2134 * Remove unused path in the v2 token controller
 2135 * Fix the belongsTo query parameter
 2136 * Fix 'API Specification for Endpoint Filtering' broken link
 2137 * Add domain check in domain-specific role implication
 2138 * Override credential key repository for null key tests
 2139 * Remove useless method override
 2140 * remove memcache token persistence backends
 2141 * remove keystone/service.py
 2142 * remove saml2 auth plugin
 2143 * remove httpd/keystone.py
 2144 * remove cache backends
 2145 * Revert "Allow compatibility with keystonemiddleware 4.0.0"
 2146 * Consolidate the common code into one method
 2147 * Handle the exception from creating request token properly
 2148 * Fix formatting strings in LOG.debug
 2149 * Fix formatting strings in LOG.warning
 2150 * Handle the exception from creating access token properly
 2151 * Updated from global requirements
 2152 * Tweak status code in api-ref doc for v3 users
 2153 * Fix prameters names in Keystone API v2-ext
 2154 * Refactor Keystone admin-tenant API v2
 2155 * Refactor Keystone admin-endpoint API
 2156 * Fix for unindent warning in doc build
 2157 * add placeholder migrations for newton
 2158 * Remove  default=None for config options
 2159 * Ensure the sqla-migrate scripts cache is cleared
 2160 * Move test\_sql\_upgrade.MigrationRepository into keystone.common
 2161 * Rename sql.migration\_helpers to sql.upgrades
 2162 * Give domain admin rights to domain specific implied roles
 2163 * Update reno for stable/newton
 2164 * Refactor find\_migrate\_repo(): require caller to specify repo
 2165 * Fixes password created\_at errors due to the server\_default
 2166 * Move the responsibility for stdout to the CLI module
 2167 * Use a read-only DB session to retrieve schema version
 2168 * Move rolling upgrade repo names into constants
 2169 
 2170 10.0.0.0rc1
 2171 -----------
 2172 
 2173 * Removal of imports within functions
 2174 * Trivial fixes in the ldap common functions
 2175 * Test that rolling upgrade repos are in lockstep
 2176 * Add unit tests for isotime()
 2177 * Remove unused \_convert\_to\_integers() method
 2178 * Adds tests for verify\_length\_and\_trunc\_password()
 2179 * Remove unused read\_cached\_file method from utils
 2180 * Allow compatibility with keystonemiddleware 4.0.0
 2181 * Fix links on configure\_federation documentation
 2182 * Add edge case tests for disabling a trustee
 2183 * Fix prameters name and response codes in Keystone API v2
 2184 * Tweak api-ref doc for services/endpoints
 2185 * Use issued\_at in fernet token provider
 2186 * Remove unused method from keystone.common.utils
 2187 * Use ConfigParser instead of SafeConfigParser
 2188 * Consistently round down timestamps
 2189 * Remove the APIs from doc that is not supported yet
 2190 * TrivialFix: Merge imports in code
 2191 * Fix the nit on how to deploy keystone with \`mod\_proxy\_uwsgi\`
 2192 * Tweak api-ref doc for projects
 2193 * Remove the dead link in schema migration doc
 2194 * Updated from global requirements
 2195 * Fix order of arguments in assertIs
 2196 * New notes on advanced upgrade/fallback for cluster
 2197 * standardize release note page ordering
 2198 * [api-ref] Correct response code status
 2199 * Replace six iteration methods with standard ones
 2200 * Fixes a nit in a comment
 2201 * Updates configuration doc with latest changes
 2202 * Use freezegun for change password tests
 2203 * Update sample keystone.conf for Newton
 2204 * Project domain must match role domain for assignment
 2205 * Add docs for the null key
 2206 * Log warning if null key is used for encryption
 2207 * Introduce null key for credential encryption
 2208 * More nit doc fixes
 2209 * Keep the order of passwords in tests
 2210 * EndpointPolicy driver doesn't inherit interface
 2211 * [api-ref] Stop supporting os-api-ref 1.0.0
 2212 * Fix up some doc nits
 2213 * Only cache callables in the base manager
 2214 * [api-ref] Correcting parameter's type
 2215 * Correct link type
 2216 * Fix problems in service api doc
 2217 * Raise NotImplementedError instead of NotImplemented
 2218 * Add the deprecated\_since to deprecated options
 2219 * Add doctor checks for credential fernet keys
 2220 * Few new commands missing from docs
 2221 * Emit log message for fernet tokens only
 2222 * Implement encryption of credentials at rest
 2223 * Typo: key\_manger\_factory to key\_mangler\_factory
 2224 
 2225 10.0.0.0b3
 2226 ----------
 2227 
 2228 * Fixes spelling mistakes
 2229 * Fixes migration where password created\_at is nullable
 2230 * Block global roles implying domain specific roles
 2231 * Correct typo in mapping\_populate command's help
 2232 * Relax the requirement for mappings to result in group memberships
 2233 * Document credential encryption
 2234 * Update sample uwsgi config for lazy-apps
 2235 * Add documentation on how to set a user's tenant
 2236 * Pre-cache new tokens
 2237 * Config logABug feature for Keystone api-ref
 2238 * Fix nits in db migration dev docs
 2239 * Disallow new migrations in the legacy migration repository
 2240 * Updated from global requirements
 2241 * Update developer docs for new rolling upgrade repos
 2242 * Add man page info for credential setup command
 2243 * Remove unnecessary try/except from token provider
 2244 * Fixes small grammar mistake in docstring
 2245 * Add a feature support matrix for identity sources
 2246 * Fix wrong response codes in 'groups' APIs
 2247 * Make token\_id a required parameter in v3\_to\_v2\_token
 2248 * Distributed cache namespace to invalidate regions
 2249 * Fix formatting strings when using multiple variables
 2250 * Add credential setup command
 2251 * Add Response Example for 'Create credential' API
 2252 * Add Response Example for 'Passwd auth with unscoped authorization'
 2253 * Remove mapping schema from the doc
 2254 * Impose a min and a max on time values in CONF.token
 2255 * Repair link in Keystone documentation
 2256 * Faster id mapping lookup
 2257 * Fix some typos in comments
 2258 * Cleaning imports in code
 2259 * Updated from global requirements
 2260 * TrivialFix: Remove logging import unused
 2261 * Removes old, unused code
 2262 * Reduce log level of Fernet key count message
 2263 * Updated from global requirements
 2264 * Adds password regular expression checks to doctor
 2265 * Let upgrade tests control all 4 repositories at once
 2266 * Adds check that minimum password age is less than password expires days
 2267 * Remove unused global variable from unit tests
 2268 * Modify sql banned operations for each of the new repos
 2269 * Use egg form of osprofiler in paste pipeline
 2270 * api-ref: Splitting status lines in API v3-ext
 2271 * api-ref: Splitting status lines in API v3
 2272 * Remove mox from test-requirements
 2273 * TrivialFix: Remove logging import unused
 2274 * [api-ref]: Outdated link reference
 2275 * Remove unnecessary \_\_init\_\_
 2276 * Add mapping\_populate command
 2277 * Doc fix: license rendered in published doc
 2278 * Doc fix: "keystone-manage upgrade" is not a thing
 2279 * Fix credential update to ec2 type
 2280 * Add key repository uniqueness check to doctor
 2281 * Update \`href\` for keystone extensions
 2282 * Updated from global requirements
 2283 * Fix the wrong URI for the OAuth1 extension in api-ref
 2284 * Shadowing a nonlocal\_user incorrectly creates a local\_user
 2285 * Add entrypoint for mapped auth method
 2286 * Get ready for os-api-ref sphinx theme change
 2287 * Add rolling upgrade documentation
 2288 * Add create and update methods to credential Manager
 2289 * Create a fernet credential provider
 2290 * Make KeyRepository shareable
 2291 * Add conf to support credential encryption
 2292 * Password expires ignore user list
 2293 * Add expand, data migration and contract logic to keystone-manage
 2294 * [api] add relationship links to v3-ext
 2295 * Removes use of freezegun in test\_auth tests
 2296 * Removes a redundant test from FernetAuthWithTrust
 2297 * api-ref: Fix parameters attributes
 2298 * Set default value for [saml]/idp\_contact\_surname
 2299 * Tidy up for late-breaking review comments on keystone-manage
 2300 * PCI-DSS Minimum password age requirements
 2301 * api-ref: Document domain specific roles
 2302 * Revert "Add debug logging to revocation event checking"
 2303 * Replace the content type with correct one
 2304 * Add credential encryption exception
 2305 * Pass key\_repository and max\_active\_keys to FernetUtils
 2306 * Make a FernetUtils class
 2307 * Move fernet utils into keystone/common/
 2308 * Add support for rolling upgrades to keystone-manage
 2309 * api-ref: Document implied roles API
 2310 * Support new osprofiler API
 2311 * api-ref: Correcting V3 OS-INHERIT APIs
 2312 * Fix typo in the file
 2313 * Add debug logging to revocation event checking
 2314 * Detail Federation Service Provider APIs in api-ref
 2315 * Detail Fed Projects and Domains APIs in api-ref
 2316 * add a header for the federation APIs
 2317 * Detail Federation Mapping APIs in api-ref docs
 2318 * Detail Federation Auth APIs in api-ref docs
 2319 * Detail Federation Assertion APIs in api-ref docs
 2320 * Move other-requirements.txt to bindep.txt
 2321 * Detail IdP APIs in api-ref docs
 2322 * api-ref: Add default domain config documentation
 2323 * Constraints are ready to be used for tox.ini
 2324 * Updated from global requirements
 2325 * [api] add relationship links to v3
 2326 * Refactor revoke matcher
 2327 * Document get auth/catalog,projects,domains
 2328 * api-ref: Renaming parameters of V3-ext APIs
 2329 * api-ref: Correcting V3 Credentials APIs
 2330 * api-ref: Correcting V3 Policies APIs
 2331 * api-ref: Correcting V3 Authentication APIs
 2332 * api-ref: Correcting V3 Domain config APIs
 2333 * Use international logging message
 2334 * Updates Development Environment Docs
 2335 * Create unit tests for endpoint policy drivers
 2336 * api-ref: Add query options to GET /projects API documentation
 2337 * Updated from global requirements
 2338 * api-ref: Add missing parameter tables to tenant
 2339 * Create unit tests for the policy drivers
 2340 * api-ref: Correcting V3 Endpoints APIs
 2341 * api-ref: Correcting V3 Services APIs
 2342 * api-ref: Add "nocatalog" option to GET /v3/auth/tokens
 2343 * Fix warning when running tox -e api-ref
 2344 * Add basic upgrade documentation
 2345 * Document query option (is\_domain) for projects
 2346 * remove test utilities related to adding extensions
 2347 * Update etc/keystone.conf.sample
 2348 * Make hash\_algorithms order deterministic
 2349 * PCI-DSS Password expires validation
 2350 * Report v2.0 as deprecated in version discovery
 2351 * Update the api-ref to mark the v2 API as deprecated
 2352 * Add schema validation to create user v2
 2353 * Fix the spelling of a test name
 2354 * Remove mention of db\_sync per backend
 2355 * Trust controller refactoring
 2356 * Use more specific asserts in tests
 2357 * Updated from global requirements
 2358 * Add debug logging for RevokeEvent deserialize problem
 2359 * Make all token provider behave the same with trusts
 2360 * Use URIOpt for endpoint URL options
 2361 * Clean up the introductory text in the docs
 2362 * Retry revocation on MySQL deadlock
 2363 * Add schema validation to update user v2
 2364 * PCI-DSS Lockout requirements
 2365 * Improve domain configuration API docs
 2366 * Skip middleware request processing for admin token
 2367 * Move Assertion API to its own file
 2368 * Bump API version number and date
 2369 * Move Federation Auth API to its own file
 2370 * Move List Projects and Domains API to its own file
 2371 * Move Service Provider API to its own file
 2372 * Move Mapping API to its own file
 2373 * Use %()d for integer substitution
 2374 * Don't include openstack/common in flake8 exclude list
 2375 * Added postgresql libs to developer docs
 2376 * Add schema validation to create service in v2
 2377 * Remove the redundant verification in OAuth1 authorization
 2378 * Add schema validation to v2 update tenant
 2379 * refactor idp to its own file
 2380 * Updated from global requirements
 2381 * PCI-DSS Password history requirements
 2382 * Move Identity Provider API to its own file
 2383 * Add dummy domain\_id column to cached role
 2384 * Allow attributes other than \`enabled\` in schema
 2385 * Remove the extensions repos
 2386 * Document the domain config API as stable
 2387 * Remove configuration references to eventlet
 2388 * Adds a custom deepcopy handler
 2389 * Add token feature support matrix to documentation
 2390 * Test number of queries on list\_users
 2391 * No need the redundant validation in manager level
 2392 * Add the missing testcases for \`name\` and \`enabled\`
 2393 * Adds test for SecurityError's translation behavior
 2394 * TOTP auth not functional in python3
 2395 * Invalid tls\_req\_cert constant as default
 2396 * Add schema validation to v2 create tenant
 2397 * Use quotes consistently in token controller
 2398 * Add performance tuning documentation
 2399 * Allow V2TestCase to be tested against fernet and uuid
 2400 * Make AuthWithTrust testable against uuid and fernet
 2401 * Improve os-federation docs
 2402 * Fix v2-ext API enabled documentation
 2403 * PCI-DSS Adds password\_expires\_at to API docs
 2404 * Make it so federated tokens are validated on v2.0
 2405 * Use freezegun in AssignmentInheritanceTestCase
 2406 * Only run KvsTokenCacheInvalidation against uuid
 2407 * Use freezegun in OSRevokeTests
 2408 * refactor: make TestFetchRevocationList test uuid
 2409 * refactor: make TestAuthExternalDefaultDomain test uuid/pki/pkiz
 2410 * refactor: make TestAuthKerberos test pki/pkiz/uuid
 2411 * Add schema validation to create role
 2412 * Replace OpenStack LLC with OpenStack Foundation
 2413 * refactor: inherit AuthWithRemoteUser for other providers
 2414 * Run AuthWithToken against all token providers
 2415 * Don't run TokenCacheInvalidation with Fernet
 2416 * Refactor TestAuthExternalDomain to not inherit tests
 2417 * Use freezegun to increment clock in test\_v3\_assignment
 2418 * Add schema for enabling a user
 2419 * Fix up the api-ref request/response parameters for projects
 2420 * \`password\` is not required for updating a user
 2421 * Clarify V2 API for enabling or disabling user
 2422 * Removed duplicate parameter in v2-admin api-ref
 2423 * Fix the errors in params in api-ref for V3 region
 2424 * Fix the errors in params in api-ref for V3 user
 2425 * Added cache for id mapping manager
 2426 * Updated from global requirements
 2427 * Add Python 3.5 classifier
 2428 * Handle Py35 fix of ast.node.col\_offset bug
 2429 * deprecate a few more LDAP config options
 2430 * Clean up api-ref for domains
 2431 * keystone-manage doctor
 2432 * v2 api: add APIs for setting a user's password
 2433 * Update os-inherit API reference
 2434 * Updated from global requirements
 2435 * Run AuthTokenTests against fernet and uuid
 2436 * Use freezegun to increment the clock in test\_v3\_filters
 2437 * Prevent error when duplicate mapping is created
 2438 * Fix the wrong check condition
 2439 * Clean up the api-ref for groups
 2440 * Updated from global requirements
 2441 * Improve introdcution to api-ref projects
 2442 * Migrate OS-FEDERATION from specs repo
 2443 * v2 api: remove APIs for global roles
 2444 * v2 api: group and order the v2-ext APIs
 2445 * v2 api: remove duplicated delete user API
 2446 * v2 api: add missing /roles in role CRUD APIs
 2447 * v2 api: list user roles is defined twice
 2448 * v2 api: add OS-KSADM to service API routes
 2449 * v2 api: add tenant APIs
 2450 * v2 api: delete user is defined twice
 2451 * v2 api: change update user
 2452 * v2 api: correct user list
 2453 * Update Identity endpoint in v2 samples
 2454 * Fix up numerous errors in params in api-ref for roles
 2455 * Fix up the api-ref for role query paramaters
 2456 * Fix the username value in federated tokens
 2457 * Improve readability of the api-ref roles section
 2458 * Use constraints for coverage job
 2459 * clean up OAUTH API
 2460 * Add relationship links to OAUTH APIs
 2461 * Remove \`name\` property from \`endpoint\` create/update API
 2462 * Add v2.0 /endpoints/ api-ref
 2463 * Update identity endpoint in v3 and v3-ext samples
 2464 * Pass request to v2 token authenticate
 2465 * Remove unused context from AuthInfo
 2466 * Correct normal response codes for v2.0 extensions
 2467 * Improve user experience involving token flush
 2468 * Add "v2 overview" docs to APIs
 2469 * add OS-OAUTH1/authorize/{request\_token\_id} API
 2470 * Move OS-INHERIT api-ref from extensions to core
 2471 * re-order the oauth APIs
 2472 * Copy the preamble / summary of OAuth1 from the specs repo
 2473 * Correct normal response codes in trust documentation
 2474 * Add OS-EP-FILTER to api-ref
 2475 
 2476 10.0.0.0b2
 2477 ----------
 2478 
 2479 * PCI-DSS Password strength requirements
 2480 * Variables in URL path should be required
 2481 * Remove get\_trust\_id\_for\_request function
 2482 * Pass request to normalize\_domain\_id
 2483 * Remove a validate\_token\_bind call
 2484 * Remove get\_user\_id in trust controller
 2485 * Cleanup trusts controller
 2486 * Trivial spacing and comma corrections
 2487 * Add OS-KSCRUD api-ref
 2488 * Disable warnerrors in setup.cfg temporarily
 2489 * Add is\_domain to project example responses
 2490 * Add is\_domain to scope token response examples
 2491 * Improve keystone.conf [security\_compliance] documentation
 2492 * Improve keystone.conf [signing] documentation
 2493 * Correct normal response codes in OS-INHERIT docs
 2494 * Fix python{3,}-all-dev depends in deb based
 2495 * Correct normal status codes for v2.0 admin docs
 2496 * Improve keystone.conf [shadow\_users] documentation
 2497 * Correct normal response codes for region docs
 2498 * Correct normal response codes for auth docs
 2499 * Correct normal response codes for credential docs
 2500 * Correct normal response codes for project docs
 2501 * Correct normal response codes for policy docs
 2502 * Correct normal response codes for v2.0 versions doc
 2503 * Correct normal response codes in v2.0 versions doc
 2504 * Correct normal response codes in v2.0 tenant docs
 2505 * Use URIOpt instead of StrOpt for SAML config
 2506 * Correct normal response codes for role docs
 2507 * Correct normal response codes in v2.0 token docs
 2508 * Correct normal response codes in service catalog doc
 2509 * Correct normal response codes in oauth docs
 2510 * Correct normal response codes in v2.0 admin user docs
 2511 * Improve keystone.conf [token] documentation
 2512 * Correct normal response codes in endpoint policy docs
 2513 * Validate SAML keyfile & certfile options
 2514 * Improve keystone.conf [tokenless\_auth] documentation
 2515 * Complete OS-TRUST API documentation
 2516 * Fixes response codes in endpoint policy api-ref
 2517 * List 20X status codes as Normal in domain docs
 2518 * Improve the API documentation for groups
 2519 * Create APIs for OS-REVOKE
 2520 * Clean up token binding validation code
 2521 * Reorder request params in endpoint policy api-ref
 2522 * Adds missing parameter to endpoint policy api-ref
 2523 * Adds missing docs to endpoint policy api-ref
 2524 * Reorders API calls to match precedence rules
 2525 * Improve keystone.conf [saml] documentation
 2526 * Handle more auth information via context
 2527 * Require auth\_context middleware in the pipeline
 2528 * Updated from global requirements
 2529 * Improve keystone.conf [trust] documentation
 2530 * Improve keystone.conf [role] documentation
 2531 * Improve keystone.conf [ldap] documentation
 2532 * Improve keystone.conf [os\_inherit] documentation
 2533 * Improve keystone.conf [revoke] documentation
 2534 * Improve keystone.conf [resource] documentation
 2535 * Move logic for catalog driver differences to manager
 2536 * Minor docstring cleanup for domain\_id mapping
 2537 * Remove unnecessary stable attribute value for status
 2538 * Updated from global requirements
 2539 * Mark the domain config via API as stable
 2540 * Remove validated decorator
 2541 * Move request validation inline
 2542 * Invalidate token cache on domain disablement
 2543 * Isolate token caching into its own region
 2544 * Doc update on enabled external auth and federation
 2545 * keystone recommend deprecated memcache backend
 2546 * Use request object in policy enforcement
 2547 * Use the context's is\_admin property
 2548 * Add the oslo\_context to the environment and request
 2549 * Use http\_client constants instead of hardcoding
 2550 * Increase test coverage for token APIs
 2551 * Ensure status code is always passed as int
 2552 * Fix fernet token validate for disabled domains/trusts
 2553 * Doc update for moving abstract base classes out of core
 2554 * Fix \_populate\_token\_dates method signature
 2555 * Move the trust abstract base class out of core
 2556 * Move the credential abstract base class out of core
 2557 * Move the auth plugins abstract base class out of core
 2558 * Expose bug with Fernet tokens and trusts
 2559 * Remove last parts of query\_string from context
 2560 * Remove get\_auth\_context
 2561 * Correct reraising of exception
 2562 * Pass request to build\_driver\_hints
 2563 * Remove headers from context
 2564 * Use request.environ through auth and federation
 2565 * Remove accept\_header from context
 2566 * Fixed a Typo
 2567 * Docs: Fix the query params in role\_assignments example
 2568 * [doc/api]Remove space within word
 2569 * Remove unused LOG
 2570 * Make assert\_admin work with a request
 2571 * Add missing preamble for v3 and v3-ext
 2572 * move OAUTH1 API to extensions
 2573 * generate separate index files for each api-ref
 2574 * Migrate identity /v2-admin docs from api-ref repo
 2575 * Use request instead of context in v2 auth
 2576 * Handle catalog backends that don't support all functions
 2577 * Refactoring: remove the duplicate method
 2578 * Return \`revoked\_at\` for list revoke events
 2579 * Use skip\_test\_overrides everywhere we feature skip
 2580 * Improve keystone.conf [fernet\_tokens] documentation
 2581 * Improve keystone.conf [catalog] documentation
 2582 * Refactor: [ldap] suffix should not be an instance attribute
 2583 * Grammar fix: will -> can
 2584 * Fixes hacking's handling of log hints
 2585 * Improve keystone.conf [paste\_deploy] documentation
 2586 * Improve keystone.conf [kvs] documentation
 2587 * Improve keystone.conf [identity] documentation
 2588 * Improve keystone.conf [endpoint\_filter] documentation
 2589 * Improve keystone.conf [oauth1] documentation
 2590 * Verify domain\_id when get\_domain is being called
 2591 * Updated from global requirements
 2592 * Include doc directory in pep8 checks
 2593 * Do not register options on import
 2594 * Improve keystone.conf [policy] documentation
 2595 * Improve keystone.conf [memcache] documentation
 2596 * Use min to avoid checking < 1 max fernet keys
 2597 * Improve keystone.conf [identity\_mapping] documentation
 2598 * Improve keystone.conf [federation] documentation
 2599 * Updated tests that claimed to be blocked by bugs
 2600 * Use skip\_test\_overrides in test\_backend\_ldap
 2601 * Adds a skip method to identify useless skips
 2602 * Update the nosetests test regex for legacy tests
 2603 * update a config option deprecation message
 2604 * Improve keystone.conf [eventlet\_server] documentation
 2605 * Improve keystone.conf [endpoint\_policy] documentation
 2606 * Improve keystone.conf [credential] documentation
 2607 * Improve keystone.conf [domain\_config] documentation
 2608 * Rename [DEFAULT] keystone.conf module to keystone.conf.default
 2609 * Improve keystone.conf [DEFAULT] documentation
 2610 * Remove test\_backend\_ldap skips for missing tests
 2611 * Removes duplicate ldap test setup
 2612 * Extracted common ldap setup and use in the filter tests
 2613 * Reduce domain specific config setup duplication
 2614 * API Change Tutorial doc code modify
 2615 * Update other-requirements for Xenial
 2616 * Concrete role assignments for federated users
 2617 * PCI-DSS Disable inactive users requirements
 2618 * Migrate identity /v3-ext docs from api-ref repo
 2619 * Migrate identity /v2-ext docs from api-ref repo
 2620 * Migrate identity /v2 docs from api-ref repo
 2621 * Use request.params instead of context['query\_string']
 2622 * Config: no need to set default=None
 2623 * Do not spam the log with uncritical stacktraces
 2624 * Improve keystone.conf [auth] documentation
 2625 * Improve keystone.conf [assignment] documentation
 2626 * Group test\_backend\_ldap skips for readability
 2627 * Adds a backend test fixture
 2628 * Remove unused test code
 2629 * Moves auth plugin test setup closer to its use
 2630 * Add security\_compliance group back to config
 2631 * Fix nits related to the new keystone.conf package
 2632 * Fixes failure when password is null
 2633 * Allow auth plugins to be setup more than once
 2634 * Removes outdate comment from a test
 2635 * Replace keystone.common.config with keystone.conf package
 2636 * Updated from global requirements
 2637 * Fix a few spelling mistakes
 2638 * Allow user to get themself and their domain
 2639 * PCI-DSS Password SQL model changes
 2640 * Fix argument order for assertEqual to (expected, observed)
 2641 * Use the ldap fixture to simplify tests
 2642 * Change the remaining conf setup to use the fixture
 2643 * Reduce setup overhead in auth\_plugin tests
 2644 * /services?name=<name> API fails when using list\_limit
 2645 * Updated from global requirements
 2646 * Make sure to use InnoDB as the DB engine
 2647 * Remove TestAuth
 2648 * Move last few TestAuth tests to TokenAPITests
 2649 * Move external auth and bind test to TokenAPITests
 2650 * Refactor test\_validate\_v2\_scoped\_token\_with\_v3\_api
 2651 * Remove test\_validate\_v2\_unscoped\_token\_with\_v3\_api
 2652 * Move more project scoped token behavior to TokenAPITests
 2653 * Validate impersonation in trust redelegation
 2654 * Correct domain\_id and name constraint dropping
 2655 * Integration tests cleanup
 2656 * Use http\_proxy\_to\_wsgi from oslo.middleware
 2657 * Use request object in auth plugins
 2658 * Move cross domain/group/project auth tests
 2659 * Move negative token tests to TokenAPITests
 2660 * Move unscoped token test to TokenAPITests
 2661 * Move negative domain scope test to TokenAPITests
 2662 * Consolidate domain token tests into TokenAPITests
 2663 * Move more project scoped behavior tests to TokenAPITests
 2664 * Move project scoped catalog tests to TokenAPITests
 2665 * Update driver versioning documentation
 2666 * Move project scoped tests to TokenAPITests
 2667 * Move TestAuth unscoped token tests to TokenAPITests
 2668 * Add cache invalidation for service providers
 2669 * Updated from global requirements
 2670 * Add 'links' to implied roles response
 2671 * Updated from global requirements
 2672 * fix ldap delete\_user group member cleanup
 2673 * exception sensitive cache/audit changes
 2674 * Fix TOTP transient test failure
 2675 * Change LocalUser sql model to eager loading
 2676 * Shadow LDAP and custom driver users
 2677 * Refactor shadow users
 2678 * Fix ValidationError exception name in docstring
 2679 * Add docstring to delete\_project
 2680 * Updated from global requirements
 2681 * Revert to caching fernet tokens the same way we do UUID
 2682 * Honor ldap\_filter on filtered group list
 2683 * Pass a request to controllers instead of a context
 2684 * Update the keystone-manage man page options
 2685 * clean up test\_resource\_uuid
 2686 * Return 404 instead of 401 for tokens w/o roles
 2687 * Updating sample configuration file
 2688 * Revert "Install necessary files in etc/"
 2689 * Keystone uwsgi performance tuning
 2690 * Add caching config for federation
 2691 * Updated from global requirements
 2692 * Updating sample configuration file
 2693 * Updating sample configuration file
 2694 * Bootstrap: enable and reset password for existing users
 2695 * PEP257: Ignore D203 because it was deprecated
 2696 * Cache service providers on token validation
 2697 * Refactor revoke\_model to remove circular dependency
 2698 * Update man page for Newton release
 2699 * Move stray notification options into config module
 2700 * Adding role assignment lists unit tests
 2701 * Add protocols integration tests
 2702 * Add mapping rules integration tests
 2703 * Add service providers integration tests
 2704 * Imported Translations from Zanata
 2705 * Updated from global requirements
 2706 
 2707 10.0.0.0b1
 2708 ----------
 2709 
 2710 * Simplify & fix configuration file copy in setup.cfg
 2711 * Config settings to support PCI-DSS
 2712 * Fix credentials\_factory method call
 2713 * Allow domain admins to list users in groups with v3 policy
 2714 * Updating sample configuration file
 2715 * Updated from global requirements
 2716 * Honor ldap\_filter on filtered user list
 2717 * Install necessary files in etc/
 2718 * Replace revoke tree with linear search
 2719 * Migrate identity /v3 docs from api-ref repo
 2720 * Updated from global requirements
 2721 * Add new functionality to @wip
 2722 * remove deprecated revoke\_by\_expiration function
 2723 * Isolate common ldap code to the identity backend
 2724 * Updated from global requirements
 2725 * Remove helper script for py34
 2726 * Include project\_id in the validation error on default project is domain
 2727 * Add python 3 release note
 2728 * Add comment to test case helper function
 2729 * Add Python 3 classification
 2730 * Py3 oauth tests
 2731 * Enable py3 tests for test\_v3\_auth
 2732 * make sure default\_project\_id is not domain on user creation and update
 2733 * Let setup.py compile\_catalog process all language files
 2734 * Fix broken link of federation docs
 2735 * Add new line in keystone/common/request.py
 2736 * Move identity.backends.sql model code to sql\_model.py
 2737 * Add .mo files to MANIFEST.in
 2738 * Replace context building with a request object
 2739 * Enable py3 testing for Fernet token provider
 2740 * Enable py3 for credential tests
 2741 * reorganize mitaka release notes
 2742 * enable ldap tests for py3
 2743 * Updated from global requirements
 2744 * Add the validation rules when create token
 2745 * Use PyLDAP instead of python-ldap
 2746 * Fix config path for running wsgi in developer mode
 2747 * Move the revoke abstract base class out of core
 2748 * Updated from global requirements
 2749 * Port test\_v2 unit test to Python 3
 2750 * Move the oauth1 abstract base class out of core
 2751 * Drop the (unused) domain table
 2752 * Don't set None for ldap.OPT\_X\_TLS\_CACERTFILE
 2753 * Add API Change Tutorial
 2754 * Deprecate keystone.common.kvs
 2755 * Updating sample configuration file
 2756 * Add is\_domain in token response
 2757 * Switch to use \`new\_domain\_ref\` for testcases
 2758 * Move the assignment abstract base class out of core
 2759 * Add identity providers integration tests
 2760 * Update documentation to remove keystone-all
 2761 * Updating sample configuration file
 2762 * Updated from global requirements
 2763 * replace logging with oslo.log
 2764 * Move the federation abstract base class out of core
 2765 * Separate protocol schema
 2766 * Updated from global requirements
 2767 * Move the catalog abstract base class and common code out of core
 2768 * Enhance federation group mapping validation
 2769 * Add mapping validation tests
 2770 * Fixes example in the mapping combinations docs
 2771 * do not search file on real environment
 2772 * Allow 'domain' property for local.group
 2773 * Add conflict validation for idp update
 2774 * Always add is\_admin\_project if admin project defined
 2775 * Make keystone exit when fernet keys don't exist
 2776 * Fix fernet audit ids for v2.0
 2777 * Revert "Revert "Unit test for checking cross-version migrations compatibility""
 2778 * Make all fixture project\_ids into uuids
 2779 * Fixing D105, D203, and D205 PEP257
 2780 * Remove test\_invalid\_policy\_raises\_error
 2781 * switch to tempest instead of deprecated tempest-lib
 2782 * Move the resource abstract base class out of core
 2783 * Correct RST syntax for a code block
 2784 * Restructure policy abstract driver
 2785 * Updated from global requirements
 2786 * Add test for authentication when project and domain name clash
 2787 * Fix doc build if git is absent
 2788 * Restructure endpoint policy abstract driver
 2789 * Clean up test\_receive\_identityId
 2790 * Fix typos
 2791 * Fixes incorrect deprecation warning for IdentityDriverV8
 2792 * Add other-requirements.txt
 2793 * Fix D400 PEP257
 2794 * Imported Translations from Zanata
 2795 * Updating sample configuration file
 2796 * Customize config file location when run as wsgi app
 2797 * Updated from global requirements
 2798 * Updating sample configuration file
 2799 * Updated from global requirements
 2800 * Bump the required tox version to 2.3.1
 2801 * Add set\_config\_defaults() call to tests
 2802 * update deprecation warning for falling back to default domain
 2803 * Tests clean up global ldap settings
 2804 * Define identity interface - easy cases
 2805 * add missing deprecation reason for eventlet option
 2806 * Remove comments mentioning eventlet
 2807 * Remove support for generating ssl certs
 2808 * Updating sample configuration file
 2809 * Remove eventlet support
 2810 * Default caching to on for request-local caching
 2811 * Typo in sysctl command example Edit
 2812 * Typo fix in tests
 2813 * Add logging to cli if keystone.conf is not found
 2814 * Fix post jobs
 2815 * Refactor domain config upload
 2816 * Keystone jobs should honor upper-constraints.txt
 2817 * Fix confusing naming in ldap EnableEmuMixin
 2818 * Updating sample configuration file
 2819 * Deprecation reason for domain\_id\_immutable
 2820 * Test list project hierarchy is correct for a large tree
 2821 * Fix D401 PEP8 violation
 2822 * OSprofiler release notes
 2823 * Updating sample configuration file
 2824 * Updated from global requirements
 2825 * Add keystone service ID to observer audit
 2826 * group federated identity docs together
 2827 * Change Role/Region to role/region in keystone-manage bootstrap
 2828 * Use mockpatch fixtures from fixtures
 2829 * Set the values for the request\_local\_cache
 2830 * Add missing backslash to keystone-manage bootstrap command in documentation
 2831 * fix typo
 2832 * Fix KeyError when rename to a name is already in use
 2833 * Improve project name conflict message
 2834 * Imported Translations from Zanata
 2835 * Updating sample configuration file
 2836 * Dev doc update for moving abstract base classes out of core
 2837 * Simplify chained comparison
 2838 * Update the description of the role driver option
 2839 * Integrate OSprofiler in Keystone
 2840 * Update the Administrator guide link
 2841 * Clean up test case for shadow users
 2842 * Fixes bug where the updated federated display\_name is not returned
 2843 * Make AuthContext depend on auth\_token middleware
 2844 * Fix totp test fails randomly
 2845 
 2846 9.0.0
 2847 -----
 2848 
 2849 * Update federated user display name with shadow\_users\_api
 2850 * Update federated user display name with shadow\_users\_api
 2851 * Remove comment from D202 rule
 2852 * Remove backend interface and common code out of identity.core
 2853 * Use messaging notifications transport instead of default
 2854 * Run federation tests under Python 3
 2855 * Bandit test results
 2856 * create a new \`advanced topics\` section in the docs
 2857 
 2858 9.0.0.0rc2
 2859 ----------
 2860 
 2861 * Correct \`role\_name\` constraint dropping
 2862 * Correct \`role\_name\` constraint dropping
 2863 * Base for keystone tempest plugin
 2864 * Random project should return positive numbers
 2865 * Imported Translations from Zanata
 2866 * Improve error message for schema validation
 2867 * Imported Translations from Zanata
 2868 * The name can be just white character except project and user
 2869 * Fix typos in Keystone files
 2870 * Add \`patch\_cover\` to keystone
 2871 * Fix keystone-manage config file path
 2872 * Cleanup LDAP models
 2873 * Correct test to support changing N release name
 2874 * Correct \_populate\_default\_domain in tests
 2875 * Imported Translations from Zanata
 2876 * Removing redundant words
 2877 * Imported Translations from Zanata
 2878 * Correct test to support changing N release name
 2879 * Fix keystone-manage config file path
 2880 * Opportunistic testing with different DBs
 2881 * Correct test\_implied\_roles\_fk\_on\_delete\_cascade
 2882 * Fix table row counting SQL for MySQL and Postgresql
 2883 * Switch migration tests to oslo.db DbTestCase
 2884 * Correct test\_migrate\_data\_to\_local\_user\_and\_password\_tables
 2885 * Fix test\_add\_int\_pkey\_to\_revocation\_event\_table for MySQL
 2886 * Imported Translations from Zanata
 2887 * Implement HEAD method for all v3 GET actions
 2888 * Avoid name repetition in equality comparisons
 2889 * Simplify repetitive unequal checks
 2890 * Imported Translations from Zanata
 2891 * Add test for domains list filtering and limiting
 2892 * Imported Translations from Zanata
 2893 * remove endpoint\_policy from contrib
 2894 * Moved name formatting (clean) out of the driver
 2895 * Add py3 debugging
 2896 * Add release note for list\_limit support
 2897 * Add release note for list\_limit support
 2898 * Cleanup migration tests
 2899 * Imported Translations from Zanata
 2900 * Imported Translations from Zanata
 2901 * Update dev docs and sample script for v3/bootstrap
 2902 * add placeholder migrations for mitaka
 2903 * Enables the notification tests in py3
 2904 * Update reno for stable/mitaka
 2905 * Update .gitreview for stable/mitaka
 2906 
 2907 9.0.0.0rc1
 2908 ----------
 2909 
 2910 * Support \`id\` and \`enabled\` attributes when listing service providers
 2911 * Check for already present user without inserting in Bootstrap
 2912 * Mapping which yield no identities should result in ValidationError
 2913 * Make backend filter testing more comprehensive
 2914 * Move region configuration to a critical section
 2915 * Change xrange to range for python3 compatibility
 2916 * Remove reference to keystoneclient CLI
 2917 * Document running in uwsgi proxied by apache
 2918 * Updating sample configuration file
 2919 * Imported Translations from Zanata
 2920 * Correct Hints class filter documentation
 2921 * Release note cleanup
 2922 * Update reported version for Mitaka
 2923 * Add docs for additional bootstrap endpoint parameters
 2924 * Remove unused notification method and class
 2925 * Consolidate @notifications.internal into Audit
 2926 * Imported Translations from Zanata
 2927 * Remove some translations
 2928 * Imported Translations from Zanata
 2929 * Fixed user in group participance
 2930 * register the config generator default hook with the right name
 2931 * Imported Translations from Zanata
 2932 * Rename v2 token schema used for validation
 2933 * Migrate\_repo init version helper
 2934 * Remove TestFernetTokenProvider
 2935 * Refactor TestFernetTokenProvider trust-scoped tests
 2936 * Refactor TestFernetTokenProvider project-scoped tests
 2937 * Refactor TestFernetTokenProvider domain-scoped tests
 2938 * Refactor TestFernetTokenProvider unscoped token tests
 2939 * Fixing mapping schema to allow local user
 2940 * Fix keystone-manage example command path
 2941 * Make modifications to domain config atomic
 2942 * Add auto-increment int primary key to revoke.backends.sql
 2943 * Add PKIZ coverage to trust tests
 2944 * Consolidate TestTrustRedelegation and TestTrustAuth tests
 2945 * Expose not clearing of user default project on project delete
 2946 * Split out domain config driver and manager tests
 2947 * Add notifications to user/group membership
 2948 * Add ability to send notifications for actors
 2949 * Updated from global requirements
 2950 * Remove foreign assignments when deleting a domain
 2951 * Correct create\_project driver versioning
 2952 * Explicitly exclude tests from bandit scan
 2953 * Move role backend tests
 2954 * v2 tokens validated on the v3 API are missing timezones
 2955 * Move domain config backend tests
 2956 * Validate v2 fernet token returns extra attributes
 2957 * Clarify virtualenv setup in developer docs
 2958 * Fixes a few LDAP tests to actually run
 2959 * Imported Translations from Zanata
 2960 * Un-wrap function
 2961 * Fix warning when running tox
 2962 * Race condition in keystone domain config
 2963 * Adding 'domain\_id' filter to list\_user\_projects()
 2964 * Add identity endpoint creation to bootstrap
 2965 * Updated from global requirements
 2966 * Remove \_disable\_domain from the resource API
 2967 * Remove \_disable\_project from the resource API
 2968 * Remove the notification.disabled decorator
 2969 * Remove unused notification decorators
 2970 * Cleanup from from split of token backend tests
 2971 * Split identity backend tests
 2972 * Split policy backend tests
 2973 * Split catalog backend tests
 2974 * Split trust backend tests
 2975 * Split token backend tests
 2976 * Split resource backend tests
 2977 * Split assignment backend tests
 2978 * Updated from global requirements
 2979 * Consolidate configuration default overrides
 2980 * Updating sample configuration file
 2981 * IPV6 test unblacklist
 2982 * Fix trust chain tests
 2983 
 2984 9.0.0.0b3
 2985 ---------
 2986 
 2987 * Minor edits to the developing doc
 2988 * Add release notes for projects acting as domains
 2989 * Fix keystone.common.wsgi to explicitly use bytes
 2990 * fix sample config link that 404s
 2991 * add hints to list\_services for templated backend
 2992 * Fixes hacking for Py3 tests
 2993 * Fixes to get cert tests running in Py3
 2994 * Fixes the templated backend tests for Python3
 2995 * remove pyc files before running tests
 2996 * Stop using oslotest.BaseTestCase
 2997 * Return 404 instead of 401 for tokens w/o roles
 2998 * Remove unused domain driver method in legacy wrapper
 2999 * Deprecate domain driver interface methods
 3000 * Fix the migration issue for the user doesn't have a password
 3001 * Add driver details in architecture doc
 3002 * Shadow users - Shadow federated users
 3003 * Projects acting as domains
 3004 * Update developer docs for ubuntu 15.10
 3005 * Moved CORS middleware configuration into oslo-config-generator
 3006 * V2 operations create default domain on demand
 3007 * Make keystone tests work on leap years
 3008 * Updating sample configuration file
 3009 * Fix doc build warnings
 3010 * Enable LDAP connection pooling by default
 3011 * Delay using threading.local() to fix check job failure
 3012 * Minor edits to the installation doc
 3013 * Minor edits to the configuration doc
 3014 * Minor community doc edits
 3015 * Updated from global requirements
 3016 * Followup for LDAP removal
 3017 * Remove get\_session and get\_engine
 3018 * No more legacy engine facade in tests
 3019 * Use requst local in-process cache per request
 3020 * Move admin\_token\_auth before build\_auth\_context in sample paste.ini
 3021 * Update default domain's description
 3022 * Reference config values at runtime
 3023 * Use the new enginefacade from oslo.db
 3024 * Updated from global requirements
 3025 * Fix incorrect assumption when deleting assignments
 3026 * Remove migration\_helpers.get\_default\_domain
 3027 * db\_sync doesn't create default domain
 3028 * Implied roles index with cascading delete
 3029 * Fix project-related forbidden response messages
 3030 * Fixes a bug when setting a user's password to null
 3031 * Renamed TOTP passcode generation function
 3032 * Updates TOTP release note
 3033 * Simplify use of secure\_proxy\_ssl\_header
 3034 * Shadow users - Separate user identities
 3035 * Switch to configless bandit
 3036 * Parameter to return audit ids only in revocation list
 3037 * Add tests for fetching the revocation list
 3038 * Updating sample configuration file
 3039 * Deprecate logger.WritableLogger
 3040 * Removing H405 violations from keystone
 3041 * Updated from global requirements
 3042 * Updated from global requirements
 3043 * Updating sample configuration file
 3044 * Remove useless {} from \_\_table\_args\_\_
 3045 * Time-based One-time Password
 3046 * Fix inconsistencies between Oauth1DriverV8 interface and driver
 3047 * Oauth1 manager sets consumer secret
 3048 * Remove setting class variable
 3049 * Allow user list without specifying domain
 3050 * Adds user\_description\_attribute mapping support to the LDAP backend
 3051 * encode user id for notifications
 3052 * Add back a bandit tox job
 3053 * Enable support for posixGroups in LDAP
 3054 * Add is\_domain filter to v3 list\_projects
 3055 * Add tests in preparation of projects acting as a domain
 3056 * Avoid using \`len(x)\` to check if x is empty
 3057 * Use the driver to get limits
 3058 * Fallback to list\_limit from default config
 3059 * Add list\_limit to the white list for configs in db
 3060 * Updating sample configuration file
 3061 * handle unicode names for federated users
 3062 * Verify project unique constraints for projects acting as domains
 3063 * wsgi: fix base\_url finding
 3064 * Disable Admin tokens set to None
 3065 * Modify rules for domain specific role assignments
 3066 * Modify implied roles to honor domain specific roles
 3067 * Modify rules in the v3 policy sample for domain specifc roles
 3068 * Re-enable and undeprecate admin\_token\_auth
 3069 * Don't describe trusts as an extension in configuration doc
 3070 * Tidy up configuration documentation for inherited assignments
 3071 * Clean up configuration documentataion on v2 user CRUD
 3072 * Allow project domain\_id to be nullable at the manager level
 3073 * Trivial: Cleanup unused conf variables
 3074 * Updating sample configuration file
 3075 * Updating sample configuration file
 3076 * Fixes parameter in duplicate project name creation
 3077 * Fix terms from patch 275706
 3078 * sensible default for secure\_proxy\_ssl\_header
 3079 * Restricting domain\_id update
 3080 * Allow project\_id in catalog substitutions
 3081 * Avoid \`None\` as a redundant argument to dict.get()
 3082 * Avoid "non-Pythonic" method names
 3083 * Manager support for project cascade update
 3084 * Updating sample configuration file
 3085 * Expand implied roles in trust tokens
 3086 * add a test that uses trusts and implies roles
 3087 * Updating sample configuration file
 3088 * Convert assignment.root\_role config option to list of strings
 3089 * Avoid wrong deletion of domain assignments
 3090 * Manager support for project cascade delete
 3091 * AuthContextMiddleware admin token handling
 3092 * Deprecate admin\_token\_auth
 3093 * Adds better logging to the domain config finder
 3094 * Extracts logic for finding domain configs
 3095 * Fix nits from domain specific roles CRUD support
 3096 * Change get\_project permission
 3097 * Updated from global requirements
 3098 * Enables token\_data\_helper tests for Python3
 3099 * Stop using nose as a Python3 test runner
 3100 * Fix release note of removal of v2.0 trusts support
 3101 * Remove PostParams middleware
 3102 * Updated from global requirements
 3103 * Moves policy setup into a fixture
 3104 * Make pep8 \*the\* linting interface
 3105 * Added tokenless auth headers to CORS middleware
 3106 * Add backend support for deleting a projects list
 3107 * Make fernet work with oauth1 authentication
 3108 * Consolidate the fernet provider validate\_v2\_token()
 3109 * Remove support for trusts in v2.0
 3110 * Add CRUD support for domain specific roles
 3111 * Added CORS support to Keystone
 3112 * Deprecate Saml2 auth plugin
 3113 * Uses open context manager for templated catalogs
 3114 * Disable the ipv6 tests in py34
 3115 * Missing 'region' in service and 'name' in endpoint for EndpointFilterCatalog
 3116 * Small typos on the ldap.url config option help
 3117 * Replace exit() with sys.exit()
 3118 * include sample config file in docs
 3119 * Fixes a language issue in a release note
 3120 * Imported Translations from Zanata
 3121 * Updated from global requirements
 3122 * Support multiple URLs for LDAP server
 3123 * Set deprecated\_reason on deprecated config options
 3124 * Move user and admin crud to core
 3125 * squash migrations - kilo
 3126 * Adds validation negative unit tests
 3127 * Use oslo.log specified method to set log levels
 3128 * Add RENO update for simple\_cert\_extension deprecation
 3129 * Opt-out certain Keystone Notifications
 3130 * Update the home page
 3131 * Release notes for implied roles
 3132 * deprecate pki\_setup from keystone-manage
 3133 * test\_credential.py work with python34
 3134 * Consolidate \`test\_contrib\_ec2.py\` into \`test\_credential.py\`
 3135 * Reinitialize the policy engine where it is needed
 3136 * Provide an error message if downgrading schema
 3137 * Updated from global requirements
 3138 * Consolidate the fernet provider issue\_v2\_token()
 3139 * Consolidate the fernet provider validate\_v3\_token()
 3140 * Add tests for role management with v3policy file
 3141 * Fix some word spellings
 3142 * Make WebSSO trusted\_dashboard hostname case-insensitive
 3143 * Deprecate simple\_cert extension
 3144 * Do not assign admin to service users
 3145 * Add in TRACE logging for the manager
 3146 * Add schema for OAuth1 consumer API
 3147 * Correct docstrings
 3148 * Remove un-used test code
 3149 * Raise more precise exception on keyword mapping errors
 3150 * Allow '\_' character in mapping\_id value
 3151 * Implied Roles API
 3152 * Revert "Unit test for checking cross-version migrations compatibility"
 3153 * replace tenant with project in cli.py
 3154 * Fix schema validation to use JSONSchema for empty entity
 3155 * Replace tenant for project in resource files
 3156 * Reuse project scoped token check for trusts
 3157 * Add checks for project scoped data creep to tests
 3158 * Add checks for domain scoped data creep
 3159 * Use the oslo.utils.reflection to extract the class name
 3160 * Test hyphens instead of underscores in request attributes
 3161 * Simplify admin\_required policy
 3162 * Add caching to role assignments
 3163 * Enable bandit tests
 3164 * Update bandit.yaml
 3165 * Enhance manager list\_role\_assignments to support group listing
 3166 * remove KVS backend for keystone.contrib.revoke
 3167 * Fix trust redelegation and associated test
 3168 * use self.skipTest instead of self.skip
 3169 * Removed deprecated revoke KVS backend
 3170 * Revert "skip test\_get\_token\_id\_error\_handling to get gate passing"
 3171 * Updated from global requirements
 3172 * Updated from global requirements
 3173 * skip test\_get\_token\_id\_error\_handling to get gate passing
 3174 * Ensure pycadf initiator IDs are UUID
 3175 * Check for circular references when expanding implied roles
 3176 * Improves domain name case sensitivity tests
 3177 * Fixes style issues in a v2 controller tests
 3178 * Prevents creating is\_domain=True projects in v2
 3179 * Refactors validation tests to better see the cases
 3180 * Remove keystone/common/cache/\_memcache\_pool.py
 3181 * Update mod\_wsgi + cache config docs
 3182 * Address comments from Implied Role manager patch
 3183 * Fix nits in include names patch
 3184 * Unit test for checking cross-version migrations compatibility
 3185 * Online schema migration documentation
 3186 * Updated from global requirements
 3187 * Remove additional references to ldap role attribs
 3188 * Remove duplicate LDAP test class
 3189 * Remove more ldap project references
 3190 
 3191 9.0.0.0b2
 3192 ---------
 3193 
 3194 * Add testcases to check cache invalidation
 3195 * Fix typo abstact in comments
 3196 * deprecate write support for identity LDAP
 3197 * Deprecate \`hash\_algorithm\` config option
 3198 * Mark memcache and memcache\_pool token deprecated
 3199 * List assignments with names
 3200 * Remove LDAP Role Backend
 3201 * Remove LDAP Resource and LDAP Assignment backends
 3202 * Removes KVS catalog backend
 3203 * Fix docstring
 3204 * Strengthen Mapping Validation in Federation Mappings
 3205 * Add checks for token data creep using jsonschema
 3206 * Deprecating API v2.0
 3207 * Implied roles driver and manager
 3208 * Add support for strict url safe option on new projects and domains
 3209 * Remove bandit tox environment
 3210 * Add linters environment, keep pep8 as alias
 3211 * Make sure the assignment creation use the right arguments
 3212 * Fix indentation for oauth context
 3213 * Imported Translations from Zanata
 3214 * document the bootstrapping process
 3215 * Add release note for revert of c4723550aa95be403ff591dd132c9024549eff10
 3216 * Updated from global requirements
 3217 * Enable \`id\`, \`enabled\` attributes filtering for list IdP API
 3218 * Improve Conflict error message in IdP creation
 3219 * Fedora link is too old and so updated with newer version
 3220 * Support the reading of default values of domain configuration options
 3221 * Correct docstrings for federation driver interface
 3222 * Update v3policysample tests to use admin\_project not special domain\_id
 3223 * Enable limiting in ldap for groups
 3224 * Enable limiting in ldap for users
 3225 * Doc FIX
 3226 * Store config in drivers and use it to get list\_limit
 3227 * Add asserts for service providers
 3228 * Fix incorrect signature in federation legacy V8 wrapper
 3229 * Tidy up release notes for V9 drivers
 3230 * Adds an explicit utils import in test\_v3\_protection.py
 3231 * Refactor test auth\_plugin config into fixture
 3232 * Create V9 version of resource driver interface
 3233 * Updated from global requirements
 3234 * Separate trust crud tests from trust auth tests
 3235 * Delete checks for default domain delete
 3236 * correct help text for bootstrap command
 3237 * Replace unicode with six.text\_type
 3238 * Escape DN in enabled query
 3239 * Test enabled emulation with special user\_tree\_dn
 3240 * SQL migrations for implied roles
 3241 * Revert "Validate domain ownership for v2 tokens"
 3242 * Use assertIn to check if collection contains value
 3243 * Updated from global requirements
 3244 * Perform middleware tests with webtest
 3245 * De-duplicate fernet payload tests
 3246 * Reference driver methods through the Manager
 3247 * Fix users in group and groups for user exact filters
 3248 * Expose defect in users\_in\_group, groups\_for\_user exact filters
 3249 * Replace deprecated library function os.popen() with subprocess
 3250 * OAuth1 driver doesnt inherit its interface
 3251 * Update man pages with Mitaka version and dates
 3252 * Fixes hacking logger test cases to use same base
 3253 * Adds a hacking check looking for Logger.warn usage
 3254 * Change LOG.warn to LOG.warning
 3255 * Remove redundant check after enforcing schema validation
 3256 * Updating sample configuration file
 3257 * Create V9 version of federation driver interface
 3258 * Do not use \_\_builtin\_\_ in python3
 3259 * Define paste entrypoints
 3260 * Add schema for federation protocol
 3261 * Expose method list inconsistency in federation api
 3262 * remove irrelevant parenthesis
 3263 * Add return value
 3264 * Test: make enforce\_type=True in CONF.set\_override
 3265 * Updated from global requirements
 3266 * Add schema for identity provider
 3267 * Updating sample configuration file
 3268 * Use six.moves.reload\_module instead of builtin reload
 3269 * Fix the incompatible issue in response header
 3270 * Wrong usage of "an"
 3271 * Correct fernet provider reference
 3272 * Correct DN/encoding in test
 3273 * Support url safe restriction on new projects and domains
 3274 * Correct the class name of the V9 LDAP role driver
 3275 * Wrong usage of "a/an"
 3276 * Trival: Remove unused logging import
 3277 * Updating sample configuration file
 3278 * Fix pep8 job
 3279 * Fix some inconsistency in docstrings
 3280 * Fix 500 error when no fernet token is passed
 3281 * Cleanup tox.ini py34 test list
 3282 * Fixes kvs cache key mangling issue for Py3
 3283 * Some small improvements on fernet uuid handling
 3284 * Updated from global requirements
 3285 * Updating sample configuration file
 3286 * Fix key\_repository\_signature method for python3
 3287 * Add audit IDs to revocation events
 3288 * Enable os\_inherit of Keystone v3 API
 3289 * Use pip (and DevStack) instead of setuptools in docs
 3290 * Correct developer documentation on venv creation
 3291 * Updating sample configuration file
 3292 * Updated from global requirements
 3293 * Validate domain for DB-based domain config. CRUD
 3294 * fix up release notes, file deprecations under right title
 3295 * Updated Cloudsample
 3296 * Update \`developing.rst\` to remove extensions stuff
 3297 * Verify that user is trustee only on issuing token
 3298 * Adds a base class for functional tests
 3299 * Make \`bootstrap\` idempotent
 3300 * Add \`keystone-manage bootstrap\` command
 3301 * Changed the key repo validation to allow read only
 3302 * Deprecated tox -downloadcache option removed
 3303 * Fix defect in list\_user\_ids that only lists direct user assignments
 3304 * Show defect in list\_user\_ids that only lists direct user assignments
 3305 * Add API route for list role assignments for tree
 3306 * Use list\_role\_assignments to get projects/domains for user
 3307 * Add \`type' filter for list\_credentials\_for\_user
 3308 * Clean up new\_credential\_ref usage and surrounding code
 3309 * Create neutron service in sample\_data.sh
 3310 * Updating sample configuration file
 3311 * Updated from global requirements
 3312 * Limiting for fake LDAP
 3313 * Make @truncated common for all backends
 3314 * Fix exposition of bug about limiting with ldap
 3315 * Use assertDictEqual instead of assertEqualPolicies
 3316 * refactor: Remove unused test method
 3317 * Remove unfixable FIXME
 3318 * Use new\_policy\_ref consistently
 3319 * fix reuse of variables
 3320 * Remove comments on enforcing endpoints for trust
 3321 * refactor: move the common code to manager layer
 3322 * Create V9 Role Driver
 3323 * Create new version of assignment driver interface
 3324 * Remove keystoneclient tests
 3325 * Verify that attribute \`enabled\` equals True
 3326 * Remove invalid comment about LDAP domain support
 3327 * Pass dict into update() rather than \*\*kwargs
 3328 * Refactor test use of new\_\*\_ref
 3329 * Cleans up code for \`is\_admin\` in tokens
 3330 * Deprecate ldap Role
 3331 * Update extensions links
 3332 * Improve comments in test\_catalog
 3333 * Fix for GET project by project admin
 3334 * Fix multiline strings with missing spaces
 3335 * Updating sample configuration file
 3336 * Remove invalid TODO in extensions
 3337 * Updated from global requirements
 3338 * Refactor: Remove use of self where not needed
 3339 * Refactor: Move uncommon entities from setUp
 3340 * Split resource tests from assignment tests
 3341 * Remove invalid TODO related to bug 1265071
 3342 * Fix test\_crud\_user\_project\_role\_grants
 3343 * Deprecate the pki and pkiz token providers
 3344 * Remove invalid FIXME note
 3345 * Refactor: Use Federation constants where possible
 3346 * Remove exposure of routers at package level
 3347 * Update API version info for Liberty
 3348 * remove version from setup.cfg
 3349 * Ensure endpoints returned is filtered correctly
 3350 * Put py34 first in the env order of tox
 3351 
 3352 9.0.0.0b1
 3353 ---------
 3354 
 3355 * Add release notes for mitaka-1
 3356 * set \`is\_admin\` on tokens for admin project
 3357 * Use unit.new\_project\_ref consistently
 3358 * Reference environment close to use
 3359 * refactor: move variable to where it's needed
 3360 * Needn't care about the sequence for cache validation
 3361 * Updated from global requirements
 3362 * Fix a typo in notifications function doc
 3363 * Remove RequestBodySizeLimiter from middleware
 3364 * Optimize "open" method with context manager
 3365 * eventlet: handle system that misses TCP\_KEEPIDLE
 3366 * force releasenotes warnings to be treated as errors
 3367 * Cleanup region refs
 3368 * Remove \`extras\` from token data
 3369 * Use subprocess.check\_output instead of Popen
 3370 * Remove deprecated notification event\_type
 3371 * Remove check\_role\_for\_trust
 3372 * Correct RoleNotFound usage
 3373 * Remove example extension
 3374 * Updating sample configuration file
 3375 * Correct docstring warnings
 3376 * Using the right format to render the docstring correctly
 3377 * Add release notes for mitaka thus far
 3378 * Accepts Group IDs from the IdP without domain
 3379 * Cleanup use of service refs
 3380 * Update docs for legacy keystone extensions
 3381 * Correct SecurityError with unicode args
 3382 * Updated from global requirements
 3383 * Use idp\_id and protocol\_id in jsonhome
 3384 * Use standard credential\_id parameter in jsonhome
 3385 * Remove core module from the legacy endpoint\_filter extension
 3386 * Minor cleanups for usage of group refs
 3387 * Reject user creation using admin token without domain
 3388 * Add Trusts unique constraint to remove duplicates
 3389 * deprecate \`enabled\` option for endpoint-policy extension
 3390 * remove useless config option in endpoint filter
 3391 * Use [] where a field is required
 3392 * Manager support for projects acting as domains
 3393 * Config option for insecure responses
 3394 * Add missing colon separators to inline comments
 3395 * Simplify LimitTests
 3396 * Rationalize list role assignment routing
 3397 * Enable listing of role assignments in a project hierarchy
 3398 * Capital letters
 3399 * remove use of magic numbers in sql migrate extension tests
 3400 * Use new\_trust\_ref consistently
 3401 * Updating sample configuration file
 3402 * Move endpoint\_filter migrations into keystone core
 3403 * Move endpoint filter into keystone core
 3404 * Move revoke sql migrations to common
 3405 * Move revoke extension into core
 3406 * Move oauth1 sql migrations to common
 3407 * Move oauth1 extension into core
 3408 * Move federation sql migrations to common
 3409 * Move federation extension into keystone core
 3410 * Fix string conversion in s3 handler for python 2
 3411 * Fix inaccurate debug mode response
 3412 * Use unit.new\_user\_ref consistently
 3413 * Imported Translations from Zanata
 3414 * Updated from global requirements
 3415 * Add testcases to check cache invalidation in endpoint filter extension
 3416 * Fix the wrong method name
 3417 * Updating sample configuration file
 3418 * change some punctuation marks
 3419 * Updated from global requirements
 3420 * Remove hardcoded LDAP group schema from emulated enabled mix-in
 3421 * Exclude old Shibboleth options from docs
 3422 * Updated from global requirements
 3423 * Use new\_domain\_ref instead of manually created ref
 3424 * Use new\_region\_ref instead of manually created dict
 3425 * Document release notes process
 3426 * Use new\_service\_ref instead of manually created dict
 3427 * Use unit.new\_group\_ref consistently
 3428 * Use unit.new\_role\_ref consistently
 3429 * Use unit.new\_domain\_ref consistently
 3430 * Use unit.new\_region\_ref() consistently
 3431 * Use unit.new\_service\_ref() consistently
 3432 * Move AuthContext middleware into its own file
 3433 * Use unit.new\_endpoint\_ref consistently
 3434 * Use list\_role\_assignments to get assignments by role\_id
 3435 * Pass kwargs when using revoke\_api.list\_events()
 3436 * Add reno for release notes management
 3437 * Make K2K Mapping Attribute Examples more visible
 3438 * Add S3 signature v4 checking
 3439 * Fix some nits inside validation/config.py
 3440 * Add Mapping Combinations for Keystone to Keystone Federation
 3441 * Remove manager-driver assignment metadata construct
 3442 * Correct description in Keystone key\_terms
 3443 * Imported Translations from Zanata
 3444 * Handle fernet payload timestamp differences
 3445 * Fix fernet padding for python 3
 3446 * More useful message when using direct driver import
 3447 * Get user role without project id is not implemented
 3448 * Update sample catalog templates
 3449 * update mailmap with gyee's new email
 3450 * Revert "Added CORS support to Keystone"
 3451 * Updated from global requirements
 3452 * test\_backend\_sql work with python34
 3453 * Use assertTrue/False instead of assertEqual(T/F)
 3454 * Fix the issues found with local conf
 3455 * Add test for security error with no message
 3456 * Add exception unit tests with different message types
 3457 * Cleanup message handling in test\_exception
 3458 * Normalize fernet payload disassembly
 3459 * Common arguments for fernet payloads assembly
 3460 * Capitalize a Few Words
 3461 * I18n safe exceptions
 3462 * Keystone Spelling Errors in docstrings and comments
 3463 * [rally] remove deprecated arg
 3464 * Move endpoint\_policy migrations into keystone core
 3465 * Promote an arbitrary string to be a docstring
 3466 * Fix D204: blank line required after class docstring (PEP257)
 3467 * Fix D202: No blank lines after function docstring (PEP257)
 3468 * Update Configuring Keystone doc for consistency
 3469 * Comment spelling error in assignment.core file
 3470 * Fix exceptions to use correct titles
 3471 * Fix UnexpectedError exceptions to use debug\_message\_format
 3472 * Fix punctuation in doc strings
 3473 * Fix docstring
 3474 * Updating sample configuration file
 3475 * Explain default domain in docs for other services
 3476 * Correct bashate issues in gen\_pki.sh
 3477 * Fix incorrect federated mapping example
 3478 * change stackforge url to openstack url
 3479 * Updated from global requirements
 3480 * Adds already passing tests to py34 run
 3481 * Wrong usage of "an"
 3482 * Allow the PBR\_VERSION env to pass through tox
 3483 * Fix D200: 1 line docstrings should fit with quotes (PEP257)
 3484 * Fix D210: No whitespaces allowed surrounding docstring text (PEP257)
 3485 * Fix D300: Use """triple double quotes""" (PEP257)
 3486 * Fix D402: First line should not be the function's "signature" (PEP257)
 3487 * Fix D208: Docstring over indented. (PEP257)
 3488 * Add docstring validation
 3489 * Add caching to get\_catalog
 3490 * Fix fernet key writing for python 3
 3491 * Update test modules passing on py34
 3492 * Updated from global requirements
 3493 * Forbid non-stripped endpoint urls
 3494 * fix deprecation warnings in cache backends
 3495 * Create tests for set\_default\_is\_domain in LDAP
 3496 * Enable try\_except\_pass Bandit test
 3497 * Enable subprocess\_without\_shell\_equals\_true Bandit test
 3498 * Correct typo in copyright
 3499 * Updated from global requirements
 3500 * switch to oslo.cache
 3501 * Updating sample configuration file
 3502 * Updated from global requirements
 3503 * keystone-paste.ini docs for deployers are out of date
 3504 * Correct the filename
 3505 * More info in RequestContext
 3506 * Fix some nits in \`configure\_federation.rst\`
 3507 * add placeholder migrations for liberty
 3508 * Remove bas64utils and tests
 3509 * Create a version package
 3510 * Remove oslo.policy implementation tests from keystone
 3511 * Refactor: Don't hard code 409 Conflict error codes
 3512 * Fix use of TokenNotFound
 3513 * Refactor: change 403 status codes in test names
 3514 * Refactor: change 410 status codes in test names
 3515 * Refactor: change 400 status codes in test names
 3516 * Refactor: change 404 status codes in test names
 3517 * Updated from global requirements
 3518 * Imported Translations from Zanata
 3519 * add initiator to v2 calls for additional auditing
 3520 * Fixed missed translatable string inside exception
 3521 * Handle 16-char non-uuid user IDs in payload
 3522 * Additional documentation for services
 3523 * Rename fernet methods to match expiration timestamp
 3524 * Updated from global requirements
 3525 * Enable password\_config\_option\_not\_marked\_secret Bandit test
 3526 * Enable hardcoded\_bind\_all\_interfaces Bandit test
 3527 * Documentation for other services
 3528 * Reclassify get\_project\_by\_name() controller method
 3529 * Trivial fix of some typos found
 3530 * Filters is\_domain=True in v2 get\_project\_by\_name
 3531 * Add test case passing is\_domain flag as False
 3532 
 3533 8.0.0
 3534 -----
 3535 
 3536 * Ensure token validation works irrespective of padding
 3537 * Ensure token validation works irrespective of padding
 3538 * Imported Translations from Zanata
 3539 * Rename RestfulTestCase.v3\_authenticate\_token() to v3\_create\_token()
 3540 * Improving domain\_id update tests
 3541 * Show v3 endpoints in v2 endpoint list
 3542 * Expose 1501698 bug
 3543 * Replace sqlalchemy-migrate occurences from code.google to github
 3544 * Fix unreachable code in test\_v3 module
 3545 * Imported Translations from Zanata
 3546 * Use deepcopy of mapping fixtures in tests
 3547 * Show v3 endpoints in v2 endpoint list
 3548 * Enable Bandit 0.13.2 tests
 3549 * Update bandit blacklist\_imports config
 3550 * Cleanup \_build\_federated\_info
 3551 * Add LimitRequestBody to sample httpd config
 3552 * Make \_\_all\_\_ immutable
 3553 * Skip rows with empty remote\_ids
 3554 * Includes server\_default option in is\_domain column
 3555 * Remove unused get\_user\_projects()
 3556 * Deprecate httpd/keystone.py
 3557 * Skip rows with empty remote\_ids
 3558 * Fix order of arguments in assertDictEqual
 3559 * Cleanup fernet validate\_v3\_token
 3560 * Update bandit blacklist\_calls config
 3561 * Add unit test for creating RequestContext
 3562 * Add user\_domain\_id, project\_domain\_id to auth context
 3563 * Add user domain info to federated fernet tokens
 3564 * Unit tests for fernet validate\_v3\_token
 3565 * Fix order of arguments in assertEqual
 3566 * Updating sample configuration file
 3567 * Cleanup of Translations
 3568 * Imported Translations from Zanata
 3569 * Uses constants for 5XX http status codes in tests
 3570 * Fixes v3\_authenticate\_token calls - no default
 3571 * Fixes the way v3\_admin is called to match its def
 3572 * Declares expected\_status in method signatures
 3573 * Refactor: Don't hard code the error code
 3574 * Correct docstrings
 3575 * Correct comment to not be driver-specific
 3576 * Move development environment setup instructions to standard location
 3577 * Fix typo in config help
 3578 * Use the correct import for range
 3579 * Adds interface tests for timeutils
 3580 * Add unit tests for token\_to\_auth\_context
 3581 * Updating sample configuration file
 3582 
 3583 8.0.0.0rc1
 3584 ----------
 3585 
 3586 * Open Mitaka development
 3587 * Bring bandit config up-to-date
 3588 * Update the examples used for the trusted\_dashboard option
 3589 * Log message when debug is enabled
 3590 * Clean up bandit profiles
 3591 * federation.idp use correct subprocess
 3592 * Change ignore-errors to ignore\_errors
 3593 * Imported Translations from Zanata
 3594 * Remove unused code in domain config checking
 3595 * Relax newly imposed sql driver restriction for domain config
 3596 * Add documentation for configuring IdP WebSSO
 3597 * Updated from global requirements
 3598 * check if tokenless auth is configured before validating
 3599 * Fix the referred [app:app\_v3] into [pipeline:api\_v3]
 3600 * Updated from global requirements
 3601 * Issue deprecation warning if domain\_id not specified in create call
 3602 * functional tests for keystone on subpaths
 3603 * Removed the extra http:// from JSON schema link
 3604 * Document httpd for accept on /identity, /identity\_admin
 3605 * Updated from global requirements
 3606 * Update federation router with missing call
 3607 * Reject rule if assertion type unset
 3608 * Update man pages with liberty version and dates
 3609 * Refactor: Don't hard code the error code
 3610 * Move TestClient to test\_versions
 3611 * Use oslo.log fixture
 3612 * Update apache-httpd.rst
 3613 * Updated from global requirements
 3614 * Remove padding from Fernet tokens
 3615 * Imported Translations from Transifex
 3616 * Updated from global requirements
 3617 * Fixed typos in 'developing\_drivers' doc
 3618 * Stop using deprecated keystoneclient function
 3619 * Change tests to use common name for keystone.tests.unit
 3620 * Removes py3 test import hacks
 3621 * Updating sample configuration file
 3622 * Fixes confusing deprecation message
 3623 
 3624 8.0.0.0b3
 3625 ---------
 3626 
 3627 * Add methods for checking scoped tokens
 3628 * Build oslo.context RequestContext
 3629 * Correct docstring for common.authorization
 3630 * Deprecate LDAP Resource Backend
 3631 * Added CORS support to Keystone
 3632 * List credentials by type
 3633 * Fixes a typo in a comment
 3634 * Tokenless authz with X.509 SSL client certificate
 3635 * Support project hierarchies in data driver tests
 3636 * Stable Keystone Driver Interfaces
 3637 * Initial support for versioned driver classes
 3638 * Add federated auth for idp specific websso
 3639 * Adds caching to paste deploy's egg lookup
 3640 * Fix grammar in doc string
 3641 * Test list\_role\_assignment in standard inheritance tests
 3642 * Broaden domain-group testing of list\_role\_assignments
 3643 * Add support for group membership to data driven assignment tests
 3644 * Add support for effective & inherited mode in data driven tests
 3645 * Add support for data-driven backend assignment testing
 3646 * Updated from global requirements
 3647 * Change JSON Home for OS-FEDERATION to use /auth/projects|domains
 3648 * Unit tests for is\_domain field in project's table
 3649 * Group tox optional dependencies
 3650 * Provide new\_xyz\_ref functions in tests.core
 3651 * Refactor mapping rule engine tests to not create servers
 3652 * Updating sample configuration file
 3653 * Correct docstrings in resource/core.py
 3654 * Validate Mapped User object
 3655 * Set max on max\_password\_length to passlib max
 3656 * Simplify federated\_domain\_name processing
 3657 * Get method's class name in a python3-compatible way
 3658 * Stop reading local config for domain-specific SQL config driver
 3659 * Enforce .config\_overrides is called exactly once
 3660 * Use /auth/projects in tests
 3661 * Remove keystone/openstack/\* from coveragerc
 3662 * Rationalize unfiltered list role assignment test
 3663 * Change mongodb extras to lowercase
 3664 * Refactor: Provider.\_rebuild\_federated\_info()
 3665 * Refactor: rename Fernet's unscoped federated payload
 3666 * Fernet payloads for federated scoped tokens
 3667 * No More .reload\_backends() or .reload\_backend()
 3668 * Ensure ephemeral user's user\_id is url-safe
 3669 * Use min and max on IntOpt option types
 3670 * Adds a notification testcase for unbound methods
 3671 * Do not revoke all of a user's tokens when a role assignment is deleted
 3672 * Handle tokens created and quickly revoked with insufficient timestamp precision
 3673 * Show that unscoped tokens are revoked when deleting role assignments
 3674 * Prevent exception due to missing id of LDAP entity
 3675 * Expose exception due to missing id of LDAP entity
 3676 * Add testcase to test invalid region id in request
 3677 * Add region\_id filter for List Endpoints API
 3678 * Remove references to keystone.openstack.common
 3679 * Remove all traces of oslo incubator
 3680 * Updating sample configuration file
 3681 * Test v2 tokens being deleted by v3
 3682 * Use entrypoints for paste middleware and apps
 3683 * update links in http-api to point to specs repo
 3684 * Add necessary executable permission
 3685 * Refactor: use fixtures.TempDir more
 3686 * Add is\_domain field in Project Table
 3687 * Prevent exception for invalidly encoded parameters
 3688 * Extras for bandit
 3689 * Use extras for memcache and MongoDB packages
 3690 * Use wsgi\_scripts to create admin and public httpd files
 3691 * Update Httpd configuration docs for sites-available/enabled
 3692 * Remove unnecessary check
 3693 * Update 'doc/source/setup.rst'
 3694 * Remove unnecessary load\_backends from TestKeystoneTokenModel
 3695 * Updated from global requirements
 3696 * Imported Translations from Transifex
 3697 * Updated from global requirements
 3698 * Show helpful message when request body is not provided
 3699 * Fix logging in federation/idp.py
 3700 * Enhance tests for saml2 signing exception logging
 3701 * Remove deprecated methods from assignment.Manager
 3702 * Stop using deprecated assignment manager methods
 3703 * EndpointFilter driver doesnt inherit its interface
 3704 * Hardens the validated decorator's implementation
 3705 * Updating sample configuration file
 3706 * Simplify rule in sample v3 policy file
 3707 * Improve a few random docstrings
 3708 * Maintain datatypes when loading configs from DB
 3709 * Remove "tenants" from user\_attribute\_ignore default
 3710 * Use oslo\_config PortOpt support
 3711 * Updated from global requirements
 3712 * Updated from global requirements
 3713 * Fix the misspelling
 3714 * When validating a V3 token as V2, use the v3\_to\_v2 conversion
 3715 * Do not require the token\_id for converting v3 to v2 tokens
 3716 * Maintain the expiry of v2 fernet tokens
 3717 * Fix typo in doc-string
 3718 * Validate domain ownership for v2 tokens
 3719 * Fix docstring in mapped plugin
 3720 * Updated from global requirements
 3721 * Minor grammar fixes to connection pooling section
 3722 * Creates a fixture representing as LDAP database
 3723 * Sample config help for supplied drivers
 3724 * Improve List Role Assignments Filters Performance
 3725 * Update docs for stevedore drivers
 3726 * Fixes an incorrect docstring in notifications
 3727 * Stop calling deprecated assignment manager methods
 3728 * Updated from global requirements
 3729 * Updating sample configuration file
 3730 * Adds backend check to setup of LDAP tests
 3731 * Improve a few random docstrings (H405)
 3732 * Remove excessive transformation to list
 3733 * Stop calling deprecated assignment manager methods
 3734 * Remove reference of old endpoint\_policy in paste file
 3735 * Fernet 'expires' value loses 'ms' after validation
 3736 * Correct enabled emulation query to request no attributes
 3737 * NotificationsTestCase running in isolation
 3738 * Adds/updates notifications test cases
 3739 * Fix duplicate-key pylint issue
 3740 * Fix explicit line joining with backslash
 3741 * Fixes an issue with data ordering in the tests
 3742 * Imported Translations from Transifex
 3743 * Allow Domain Admin to get domain details
 3744 * Assignment driver cleaning
 3745 * Cleanup tearDown in unit tests
 3746 * Fix unbound error in federation \_sign\_assertion
 3747 * Fix typos of RoleAssignmentV3.\_format\_entity doc
 3748 * Updating sample configuration file
 3749 * Updated from global requirements
 3750 * Remove unnecessary check from notifications.py
 3751 * Remove oslo import hacking check
 3752 * Use dict.items() rather than six.iteritems()
 3753 * Cleanup use of iteritems
 3754 * Imported Translations from Transifex
 3755 * Missing ADMIN\_USER in sample\_data.sh
 3756 * Update exported variables for openstack client
 3757 * Use extras for ldap dependencies
 3758 * Add better user feedback when bind is not implemented
 3759 * Test to ensure fernet key rotation results in new key sets
 3760 * Better error message when unable to map user
 3761 * Refactor \_populate\_roles\_for\_groups()
 3762 * Add groups in scoped federated tokens
 3763 * Adds missing list\_endpoints tests
 3764 * Reject create endpoint with invalid urls
 3765 * Explain the "or None" on eventlet's client\_socket\_timeout
 3766 * Reduce number of Fernet log messages
 3767 * Fix test\_admin to expect admin endpoint
 3768 * Fixes a docstring to reflect actual return values
 3769 * Give some message when an invalid token is in use
 3770 
 3771 8.0.0.0b2
 3772 ---------
 3773 
 3774 * Updated from global requirements
 3775 * Ensure database options registered for tests
 3776 * Document sample config updated automatically
 3777 * Test function call result, not function object
 3778 * Test admin app in test\_admin\_version\_v3
 3779 * Updating sample configuration file
 3780 * Handle non-numeric files in key\_repository
 3781 * Fix remaining mention of KLWT
 3782 * Updated from global requirements
 3783 * Replace 401 to 404 when token is invalid
 3784 * Assign different values to public and admin ports
 3785 * Fix four typos and Add one space on keystone document
 3786 * Reuse token\_ref fetched in AuthContextMiddleware
 3787 * Refactor: clean up TokenAPITests
 3788 * pemutils isn't used anymore
 3789 * Imported Translations from Transifex
 3790 * Fix test\_exception.py for py34
 3791 * Fix s3.core for py34
 3792 * Updating sample configuration file
 3793 * Fix test\_utils for py34
 3794 * test\_base64utils works with py34
 3795 * Minor fix in the \`configuration.rst\`
 3796 * Correct spacing in \`\`mapping\_combinations.rst\`\`
 3797 * add federation docs for mod\_auth\_mellon
 3798 * Avoid the hard coding of admin token
 3799 * Adding Documentation for Mapping Combinations
 3800 * Clean up docs before creating new ones
 3801 * Document policy target for operation
 3802 * Fix docs in federation.routers
 3803 * Fix docstrings in contrib
 3804 * Additional Fernet test coverage
 3805 * Refactor websso \`\`origin\`\` validation
 3806 * Docs link to ACTIONS
 3807 * Clean up code to use .items()
 3808 * Document default value for tree\_dn options
 3809 * Remove unnecessary ldap imports
 3810 * Move backends.py to keystone.server
 3811 * move clean.py into keystone/common
 3812 * Updated from global requirements
 3813 * Remove unnecessary executable permission
 3814 * Move cli.py into keystone.cmd
 3815 * Do not remove expired revocation events on "get"
 3816 * Clean up notifications type checking
 3817 * Federation API provides method to evaluate rules
 3818 * Move constants out of federation.core
 3819 * Implement backend filtering on membership queries
 3820 * Moves keystone.hacking into keystone.tests
 3821 * Add missing "raise" when throwing exception
 3822 * Log xmlsec1 output if it fails
 3823 * Fix test method examining scoped federation tokens
 3824 * Spelling correction
 3825 * Fixes grammar in setup.rst in doc source
 3826 * Updated from global requirements
 3827 * Deprecate LDAP assignment driver options
 3828 * Register fatal\_deprecations before use
 3829 * Use oslo.utils instead of home brewed tempfile
 3830 * Updating sample configuration file
 3831 * Add testcases for list\_role\_assignments of v3 domains
 3832 * Centralizing build\_role\_assignment\_\* functions
 3833 * Replace reference of ksc with osc
 3834 * Updated from global requirements
 3835 * Changing exception type to ValidationError instead of Forbidden
 3836 * Standardize documentation at Service Managers
 3837 * Fixes grammar in the httpd README
 3838 * Fix the incorrect format for docstring
 3839 * Imported Translations from Transifex
 3840 * Fixes docstring to make it more precise
 3841 * Removed optional dependency support
 3842 * Decouple notifications from DI
 3843 * Adds proper isolation to templated catalog tests
 3844 * Fix log message in one of the v3 create call methods
 3845 * Catch exception.Unauthorized when checking for admin
 3846 * Remove convert\_to\_sqlite.sh
 3847 * Fix for LDAP filter on group search by name
 3848 * Remove fileutils from oslo-incubator
 3849 * Remove comment for doc building bug 1260495
 3850 * Fix code-block in federation documentation
 3851 * Modified command used to run keystone-all
 3852 * Delete extra parentheses in assertEqual message
 3853 * Fix the invalid testcase
 3854 * Updating sample configuration file
 3855 * Add unit test for fernet provider
 3856 * Update federation docstring
 3857 * Do not specify 'objectClass' twice in LDAP filter string
 3858 * Fix tox -e py34
 3859 * Change mapping model so rules is dict
 3860 * Add test case for deleting endpoint with space in url
 3861 * Update requirements by hand
 3862 * Consolidate the fernet provider issue\_v3\_token()
 3863 * Group role revocation invalidates all user tokens
 3864 * OS-FEDERATION no longer extension in docs
 3865 * Switch from deprecated oslo\_utils.timeutils.strtime
 3866 * Remove unused setUp for RevokeTests
 3867 * Update MANIFEST.in
 3868 * Update sample config file
 3869 * Disable migration sanity check
 3870 * Updated from global requirements
 3871 * Use oslo.service ServiceBase when loading from eventlet
 3872 * Document use of wip up to developer
 3873 * Simplify fernet rotation code
 3874 * Tests for correct key removed
 3875 * Relax the formats of accepted mapping rules for keystone-manage
 3876 * Python 3: Use range instead of xrange for py3 compatibility
 3877 
 3878 8.0.0.0b1
 3879 ---------
 3880 
 3881 * Document entrypoint namespaces
 3882 * Short names for auth plugins
 3883 * Update sample configuration file
 3884 * Switch to oslo.service
 3885 * Update sample configuration file
 3886 * Remove redundant config
 3887 * Don't try to drop FK constraints for sqlite
 3888 * Remove unused requirements
 3889 * Add missing keystone-manage commands to doc
 3890 * Mask passwords in debug log on user password operations
 3891 * Add test showing password logged
 3892 * Adds some debugging statements
 3893 * Imported Translations from Transifex
 3894 * Use stevedore for auth drivers
 3895 * Refactor extract function load\_auth\_method
 3896 * Add unit test to exercise key rotation
 3897 * Fix Fernet key rotation
 3898 * Update version for Liberty
 3899 
 3900 8.0.0a0
 3901 -------
 3902 
 3903 * Refactor: move PKI-specific tests into the appropriate class
 3904 * Needn't load fernet keys twice
 3905 * Pass environment variables of proxy to tox
 3906 * Fix tests failing on slower system
 3907 * Mapping Engine CLI
 3908 * Imported Translations from Transifex
 3909 * Fix spelling in configuration comment
 3910 * Switch keystone over to oslo\_log versionutils
 3911 * Updated from global requirements
 3912 * Use lower default value for sha512\_crypt rounds
 3913 * Updated from global requirements
 3914 * Add more Rally scenarios
 3915 * Remove unnecessary dependencies from KerberosDomain
 3916 * Remove deprecated external authentication plugins
 3917 * Remove unnecessary code for default suffix
 3918 * Remove custom assertions for python2.6
 3919 * Avoid using the interactive interpreter for a one-liner
 3920 * Add validity check of 'expires\_at' in trust creation
 3921 * Revocation engine refactoring
 3922 * Updated from global requirements
 3923 * Rename directory with rally jobs files
 3924 * Fix req.environ[SCRIPT\_NAME] value
 3925 * Don't query db if criteria longer than col length
 3926 * Updated from global requirements
 3927 * Run WSGI with group=keystone
 3928 * Consolidate test-requirements files
 3929 * Switch from deprecated isotime
 3930 * Fix the wrong order of parameters when using assertEqual
 3931 * Add testcases to test DefaultDomain
 3932 * Remove the deprecated ec2 token middleware
 3933 * Replace blacklist\_functions with blacklist\_calls
 3934 * updates sample\_data script to use the new openstack commands
 3935 * Log info for Fernet tokens over 255 chars
 3936 * Update functional tox env requirements
 3937 * Update sample config file
 3938 * Correct oauth1 driver help text
 3939 * Rename driver to backend and fix the inaccurate docstring
 3940 * Add "enabled" to create service provider example
 3941 * Update testing keystone2keystone doc
 3942 * Removes unused database setup code
 3943 * Refactor: use \_\_getitem\_\_ when the key will exists
 3944 * Refactor: create the lookup object once
 3945 * Order routes so most frequent requests are first
 3946 * \`api\_curl\_examples.rst\` is out of date
 3947 * Don't assume project IDs are UUID format
 3948 * Don't assume group IDs are UUID format
 3949 * Don't fail on converting user ids to bytes
 3950 * Move endpoint policy into keystone core
 3951 * Update sample config file
 3952 * Tests don't override default auth methods/plugins
 3953 * Tests consistently use auth\_plugin\_config\_override
 3954 * Test use config\_overrides for configs
 3955 * Correct tests setting auth methods to a non-list
 3956 * Make sure LDAP filter is constructed correctly
 3957 * basestring no longer exists in Python3
 3958 * Add mocking for memcache for Python3 tests
 3959 * Fix xmldsig import
 3960 * Refactor deprecations tests
 3961 * Switch from MySQL-python to PyMySQL
 3962 * Improve websso documentation
 3963 * Remove the deprecated compute\_port option
 3964 * Workflow documentation is now in infra-manual
 3965 * Remove XML middleware stub
 3966 * Rename sample\_config to genconfig
 3967 * Imported Translations from Transifex
 3968 * Replace ci.o.o links with docs.o.o/infra
 3969 * Sync oslo-incubator cc19617
 3970 * Use single connection in get\_all function
 3971 * Removes temporary fix for doc generation
 3972 * Improve error message when tenant ID does not exist
 3973 * Updated from global requirements
 3974 * Add missing part for \`token\` object
 3975 * Remove identity\_api from AuthInfo dependencies
 3976 * Move bandit requirement to test-requirements-bandit.txt
 3977 * Adds inherited column to RoleAssignment PK
 3978 * Update dev setup requirements for Python 3.4
 3979 * Update sample config file
 3980 * Remove support for loading auth plugin by class
 3981 * Use [] where a value is required
 3982 * De-duplicate auth methods
 3983 * Remove unnecessary oauth\_api check
 3984 * Use short names for drivers
 3985 * Fixes deprecations test for Python3
 3986 * Add mocking for ldappool for Python3 tests
 3987 * Fixes a whitespace issue
 3988 * Handles modules that moved in Python3
 3989 * Handles Python3 builtin changes
 3990 * Fixes use of dict methods for Python3
 3991 * Updated from global requirements
 3992 * Replace github reference by git.openstack.org and change a doc link
 3993 * Refactor \_create\_attribute\_statement IdP method
 3994 * Revert "Loosen validation on matching trusted dashboard"
 3995 * Updated from global requirements
 3996 * Use correct LOG translation indicator for errors
 3997 * Add openstack\_user\_domain to assertion
 3998 * Pass-in domain when testing saml signing
 3999 * Fixes test nits from a previous review
 4000 * Implement validation on the Identity V3 API
 4001 * Fix tiny typo in comment message
 4002 * Updates the \*py3 requirements files
 4003 * Fixes mocking of oslo messaging for Python3
 4004 * pycadf now supports Python3
 4005 * eventlet now supports Python3
 4006 * Updated from global requirements
 4007 * Add openstack\_project\_domain to assertion
 4008 * Use stevedore for backend drivers
 4009 * Prohibit invalid ids in subtree and parents list
 4010 * Update sample config
 4011 * Fix sample policy to allow user to check own token
 4012 * Replaced filter with a list comprehension
 4013 * Ignore multiple imports per line for six.moves
 4014 * Fixes order of imports for pep8
 4015 * pep8 whitespace changes
 4016 * Remove randomness from test\_client\_socket\_timeout
 4017 * Allow wsgiref to reconstruct URIs per the WSGI spec
 4018 * Fix the misuse of \`versionutils.deprecated\`
 4019 * Updated from global requirements
 4020 * Update openid connect docs to include other distros
 4021 
 4022 2015.1.0
 4023 --------
 4024 
 4025 * Updated from global requirements
 4026 * Remove pysqlite test-requirement dependency
 4027 * Fixes tests to use the config fixture
 4028 * Isolate injection tests
 4029 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 4030 * Sync oslo-incubator Ie51669bd278288b768311ddf56ad31a2f28cc7ab
 4031 * Fixes cyclic ref detection in project subtree
 4032 * Updated from global requirements
 4033 * Updated from global requirements
 4034 * Release Import of Translations from Transifex
 4035 * Make memcache client reusable across threads
 4036 * Imported Translations from Transifex
 4037 * Remove project association before removing endpoint group
 4038 * Loosen validation on matching trusted dashboard
 4039 * adds a tox target for functional tests
 4040 * Adds an initial functional test
 4041 * Fix the incorrect comment
 4042 * Set default branch to stable/kilo
 4043 * Remove assigned protocol before removing IdP
 4044 * Expose domain\_name in the context for policy.json
 4045 * Update developer doc to reference Ubuntu 14
 4046 * Make memcache client reusable across threads
 4047 * Update Get API version Curl example
 4048 * Remove unused policy rule for get\_trust
 4049 * backend\_argument should be marked secret
 4050 * Update man pages for the Kilo release
 4051 * make sure we properly initialize the backends before using the drivers
 4052 * WebSSO should use remote\_id\_attribute by protocol
 4053 * Work with pymongo 3.0
 4054 * Fix incorrect setting in WebSSO documentation
 4055 * Stops injecting revoke\_api into TestCase
 4056 * Checking if Trust exists should be DRY
 4057 * Use correct LOG translation indicator for warnings
 4058 * backend\_argument should be marked secret
 4059 * Fix signed\_saml2\_assertion.xml tests fixture
 4060 * Don't provide backends from \_\_all\_\_ in persistence
 4061 * Add domain\_id checking in create\_project
 4062 * Update keystone.sample.conf
 4063 * Use choices in config.py
 4064 * make sure we properly initialize the backends before using the drivers
 4065 * WebSSO should use remote\_id\_attribute by protocol
 4066 * Refactor common function for loading drivers
 4067 * Tests don't override default config with default
 4068 * Refactor MemcachedBackend to not be a Manager
 4069 * Update openstack-common reference in openstack/common/README
 4070 * Exposes bug on role assignments creation
 4071 * Removes discover from test-reqs
 4072 * Work with pymongo 3.0
 4073 
 4074 2015.1.0rc1
 4075 -----------
 4076 
 4077 * Update man pages for the Kilo release
 4078 * Add placeholders for reserved migrations
 4079 * Redundant events on group grant revocation
 4080 * Open Liberty development
 4081 * Improved policy setting in the 'v3 filter' tests
 4082 * Handle NULL value for service.extra in migration 066
 4083 * Skip SSL tests because some platforms do not enable SSLv3
 4084 * Fix the typo in \`token/providers/fernet/core.py\`
 4085 * Fix index name the assignment.actor\_id table
 4086 * Add index to the revocation\_event.revoked\_at
 4087 * Document websso setup
 4088 * Allow identity provider to be created with remote\_ids set to None
 4089 * Update testing docs
 4090 * Import fernet providers only if used in keystone-manage
 4091 * Imported Translations from Transifex
 4092 * Fix multiple SQL backend usage validation error
 4093 * Expose multiple SQL backend usage validation error
 4094 * Fix for notifications for v2 role grant/delete
 4095 * Update sample config file
 4096 * Fix errors in ec2 signature logic checking
 4097 * Don't add unformatted project-specific endpoints to catalog
 4098 * Reload drivers when their domain config is updated
 4099 * Correcting the name of directory holding dev docs
 4100 * Fixes bug in Federation list projects endpoint
 4101 * Exposes bug in Federation list projects endpoint
 4102 * Updated from global requirements
 4103 * Refactor assignment driver internal clean-up method names
 4104 * Remove unnecessary .driver. references in assignment manager
 4105 * Rename notification for create/delete grants
 4106 * Drop sql.transaction() usage in migration
 4107 * Update configuration documentation for domain config
 4108 * Fix for migration 062 on MySQL
 4109 * Bump advertised API version to 3.4
 4110 * Extract response headers to private method
 4111 * Deprecate eventlet config options
 4112 * Imported Translations from Transifex
 4113 * remove useless nocatalog tests of endpoint\_filter
 4114 * Add API to create ecp wrapped saml assertion
 4115 * Add relay\_state\_prefix to Service Provider
 4116 * Change the way values are migrated for 007\_add\_remote\_id\_table
 4117 * Add routing for list\_endpoint\_groups\_for\_project
 4118 * Use ORM in upgrade test instead of manual query construction
 4119 * Remove empty request bodies
 4120 * Remove unnecessary import that was not checked
 4121 * IdP ID registration and validation
 4122 * Imported Translations from Transifex
 4123 * add test of /v3/auth/catalog for endpoint\_filter
 4124 * Entrypoints for commands
 4125 * More content in the guide for core components' migration
 4126 * Make trust manager raise formatted message exception
 4127 * Revert "Document mapping of policy action to operation"
 4128 * Remove SQL Downgrades
 4129 * Add caching to getting of the fully substituted domain config
 4130 * Refactor \_create\_projects\_hierarchy in tests
 4131 * Fixes bug when getting hierarchy on Project API
 4132 * Exposes bug when getting hierarchy on Project API
 4133 * Move common checks into base testcase
 4134 * Tests use common base class
 4135 * use tokens returned by delete\_tokens to invalidate cache
 4136 * Loosen the validation schema used for trustee/trustor ids
 4137 * region.description is optional and can be null
 4138 * Update access control configuration in httpd config
 4139 * Document mapping of policy action to operation
 4140 * Update install.rst for Fedora
 4141 * Update sample config file
 4142 * Remove parent\_id in v2 tenant response
 4143 * Tox env for Bandit
 4144 * Refactor: extract and rename unique\_id method
 4145 * create \_member\_ role as specified in CONF
 4146 * Fix sample policy to allow user to revoke own token
 4147 * Add unit tests for sample policy token operations
 4148 * Mark some strings for translation
 4149 * Add fernet to test\_supported\_token\_providers
 4150 * Fix up token provider help text
 4151 * Tests use Database fixture
 4152 * Remove parent\_id in v2 token response
 4153 * Update ServiceProviderModel attributes
 4154 * Add docstrings to keystone.notifications functions
 4155 * Remove unused metadata parameter from get\_catalog methods
 4156 * Imported Translations from Transifex
 4157 * Cleanup use of .driver
 4158 * Specify time units for default\_lock\_timeout
 4159 * Remove stevedore from test-requirements
 4160 * Lookup identity provider by remote\_id for websso
 4161 * Deal with PEP-0476 certificate chaining checking
 4162 * Distinguish between unset and empty black and white lists
 4163 * Remove unused domain config method paramters
 4164 * Correct path in request logging
 4165 * Correct request logging query parameters separator
 4166 * Fix setting default log levels
 4167 * On creation default service name to empty string
 4168 * Needn't workaround when invoking \`app.request()\`
 4169 
 4170 2015.1.0b3
 4171 ----------
 4172 
 4173 * Imported Translations from Transifex
 4174 * Support upload domain config files to database
 4175 * Update sample httpd config file
 4176 * Update Apache httpd config docs for token persistence
 4177 * Cleanup Fernet testcases and add comments
 4178 * Add inline comment and docstrings fixes for Fernet
 4179 * Fix nullable constraints in service provider table
 4180 * Move backend LDAP role testing to the new backend testing module
 4181 * URL quote Fernet tokens
 4182 * Use existing token test for Fernet tokens
 4183 * Implement Fernet tokens for v2.0 tokens
 4184 * Refactor code supporting status in JSON Home
 4185 * remove expected backtrace from logs
 4186 * Log when no external auth plugin registered
 4187 * Adds test for federation mapping list order issues
 4188 * Updated from global requirements
 4189 * Enable sensitive substitutions into whitelisted domain configs
 4190 * Imported Translations from Transifex
 4191 * Create a fixture for key repository
 4192 * Ignore unknown groups in lists for Federation
 4193 * Remove RestfulTestCase.admin\_request
 4194 * Remove SSL configuration instructions from HTTPd docs
 4195 * Wrap apache-httpd.rst
 4196 * Remove fix for migration 37
 4197 * Cleanup for credentials schema test
 4198 * Refactor sql filter code for clarity
 4199 * Prefer . to setattr()/getattr()
 4200 * Build domain scope for Fernet tokens
 4201 * Mark the domain config API as experimental
 4202 * Imported Translations from Transifex
 4203 * Allow methods to be carried in Fernet tokens
 4204 * Federated token formatter
 4205 * Refactor: make Fernet token creation/validation API agnostic
 4206 * Convert audit\_ids to bytes
 4207 * Drop Fernet token prefixes & add domain-scoped Fernet tokens
 4208 * Add JSON schema validation for service providers
 4209 * Implements whitelist and blacklist mapping rules
 4210 * Adding utf8 to federation tables
 4211 * Eventlet green threads not released back to pool
 4212 * Abstract the direct map concept into an object
 4213 * Remove redundant creation timestamp from fernet tokens
 4214 * Fix deprecated group for eventlet\_server options
 4215 * Sync oslo-incubator to f2cfbba
 4216 * Cleanup test keeping unnecessary fixture references
 4217 * Fix typo in name of variable in resource router
 4218 * Add test to list projects by the parent\_id
 4219 * Fixes minor spelling issue
 4220 * Crosslink to other sites that are owned by Keystone
 4221 * Imported Translations from Transifex
 4222 * move region and service exist checks into manager layer
 4223 * make credential policy check ownership of credential
 4224 * Remove unused threads argument
 4225 * Refactor: remove dep on trust\_api / v3 token helper
 4226 * Enable use of database domain config
 4227 * add oauth authentication to config file
 4228 * Prevent calling waitall() inside a GreenPool's greenthread
 4229 * Rename get\_events to list\_events on the Revoke API
 4230 * Address nits for default cache time more explicit
 4231 * add cadf notifications for oauth
 4232 * Add scope info to initiator data for CADF notifications
 4233 * Removed maxDiff attribute from TestCase
 4234 * Refactoring: use BaseTestCase instead of TestCase
 4235 * Moved sys.exit mocking into BaseTestClass
 4236 * Refactor: move initiator test to cadf specific section
 4237 * Refactor: create a common base for notification tests
 4238 * Migrations squash
 4239 * Consistently use oslo\_config.cfg.CONF
 4240 * Removes logging code that supported Python <2.7
 4241 * Refactoring: removed client method from TestCase
 4242 * Refactoring: remove self.\_config\_file\_list from TestCase
 4243 * Deprecate passing "extras" in token data
 4244 * 'Assignment' has no attr 'get\_domain\_by\_name'
 4245 * Refactor: make extras optional in v3 get\_token\_data
 4246 * Remove extra semicolon from mapping fixtures
 4247 * Imported Translations from Transifex
 4248 * Fix seconds since epoch use in fernet tokens
 4249 * Add API support for domain config
 4250 * Remove unused checkout\_vendor
 4251 * Move test\_core to keysteone.tests.unit.tests
 4252 * Fixes the SQL model tests
 4253 * Add documentation for key terms and basic authenticating
 4254 * Remove useless comment from requirements.txt
 4255 * Move pysaml to requirements.txt for py3
 4256 * Docstring fixes in fernet.token\_formatters
 4257 * Made project\_id required for ec2 credential
 4258 * Add Federation mixin for setting up data
 4259 * Refactor: remove token formatters dep on 'token\_data' on create()
 4260 * Refactor: rename the "standard" token formatter to "scoped"
 4261 * Add unscoped token formatter for Fernet tokens
 4262 * Fix the wrong order of parameters when using assertEqual
 4263 * Imported Translations from Transifex
 4264 * Spelling and grammar cleanup
 4265 * Fixes bug in SQL/LDAP when honoring driver\_hints
 4266 * Remove policy parsing exception
 4267 * Cleanup policy related tests
 4268 * Remove incubated version of oslo policy
 4269 * Use oslo.policy instead of incubated version
 4270 * Fixes minor whitespace issues
 4271 * Updated from global requirements
 4272 * Add checking for existing group/option to update domain config
 4273 * Stop debug logging of Ldap while running unit tests
 4274 * Exposes bug in SQL/LDAP when honoring driver\_hints
 4275 * Updated from global requirements
 4276 * Fix typos in tests/unit/core.py
 4277 * Remove unnecessary import
 4278 * Update developer docs landing page
 4279 * Add support for whitelisting and partial domain configs
 4280 * Change headers to be byte string friendly
 4281 * fix import order in federation controller
 4282 * Imported Translations from Transifex
 4283 * Fix a minor coding nit in Fernet testing
 4284 * Move install of cryptography before six
 4285 * refactor: extract and document audit ID generation
 4286 * Update sample config file
 4287 * log query string instead of openstack.params and request args
 4288 * Cleanup docstrings in test\_v3\_federation.py
 4289 * refactor: consistently refer to "unpacked tokens" as the token's "payload"
 4290 * refactor: extract fernet packing & unpacking methods
 4291 * Fix nits from 157495
 4292 * Deprecate Eventlet Deployment in favor of wsgi containers
 4293 * remove old docstr referring to keyczar
 4294 * Implement backend driver support for domain config
 4295 * Use revocation events for lightweight tokens
 4296 * Avoid multiple instances for a provider
 4297 * Always load revocation manager
 4298 * Cleanup comments from 159865
 4299 * Updated from global requirements
 4300 * Rename "Keystone LightWeight Tokens" (KLWT) to "Fernet" tokens
 4301 * Make the default cache time more explicit in code
 4302 * Keystone Lightweight Tokens (KLWT)
 4303 * Refactor and provide scaffolding for domain specific loading
 4304 * Populate token with service providers
 4305 * Add CADF notifications for trusts
 4306 * Get initiator from manager and send to controller
 4307 * Add in non-decorator notifiers
 4308 * Implemented caching in identity layer
 4309 * Imported Translations from Transifex
 4310 * Use dict comprehensions instead of dict constructor
 4311 * Remove deprecated methods and functions in token subsystem
 4312 * Authenticate local users via federated workflow
 4313 * Move UserAuthInfo to a separate file
 4314 * Make RuleProcessor.\_UserType class public
 4315 * Enhance user identification in mapping engine
 4316 * Remove conditional check (and test) for oauth\_api
 4317 * Fixes test\_multiple\_filters filters definition
 4318 * Remove conditionals that check for revoke\_api
 4319 * Use correct dependency decorator
 4320 * Add minimum release support notes for federation
 4321 * Update \`os service create\` examples in config services
 4322 * Reference OSC docs in CLI examples
 4323 * Chain a trust with a role specified by name
 4324 * Add parent\_id to test\_project\_model
 4325 * Revamp the documentation surrounding notifications
 4326 * Remove unused tmp directory in tests
 4327 * Correct initialization order for logging to use eventlet locks
 4328 * add missing links for v3 OS-EC2 API response
 4329 * Remove explicit mentions of JSON from test\_v2
 4330 * Rename test\_keystoneclient\*
 4331 * Rename test\_content\_types
 4332 * Fix for KVS cache backend incompatible with redis-py
 4333 * Enable endpoint\_policy, endpoint\_filter and oauth by default
 4334 * Add links to extensions that point to api specs
 4335 * Classifying extensions and defining process
 4336 * Imported Translations from Transifex
 4337 * Add oslo request id middleware to keystone paste pipeline
 4338 * Uses SQL catalog driver for v2 REST tests
 4339 * Fixed skip msg in templated catalog test
 4340 * Remove invalid comment/statement at role manager
 4341 * Standardize notifications types as constants
 4342 * Change use of random to random.SystemRandom
 4343 * Remove extra call to oauth manager from tests
 4344 * Remove an extra call to create federation manager
 4345 * Updated from global requirements
 4346 * Imported Translations from Transifex
 4347 * Improve List Role Assignment Tests
 4348 * Enable filtering in LDAP backend for listing entities
 4349 * Refactor filter and sensitivity tests in prepartion for LDAP support
 4350 * Imported Translations from Transifex
 4351 * Provide additional detail if OAuth headers are missing
 4352 * Add WebSSO support for federation
 4353 * Check consumer and project id before creating request token
 4354 * Regenerate sample config file
 4355 * Move eventlet server options to a config section
 4356 * refactor: use \_get\_project\_endpoint\_group\_url() where applicable
 4357 * Update sample config file
 4358 * Consistently use oslo\_config.cfg.CONF
 4359 * Imported Translations from Transifex
 4360 * Removes unnecessary checks when cleaning a domain
 4361 * Remove check\_role\_for\_trust from sample policies
 4362 * Remove duplicated test for get\_role
 4363 * Add a test for create\_domain in notifications
 4364 * Add CADF notification handling for policy/region/service/endpoint
 4365 * Publicize region/endpoint/policy/service events
 4366 * Add CADF notifications for most resources
 4367 * Updated from global requirements
 4368 * Drop foreign key (domain\_id) from user and group tables
 4369 * Make federated domain configurable
 4370 * Imported Translations from Transifex
 4371 * Move backend role tests into their own module
 4372 * Fix nits from patch #110858
 4373 * Fix invalid super() usage in memcache pool
 4374 * Add a domain to federated users
 4375 * Wrap dependency registry
 4376 * Remove unnecessary code setting provider
 4377 * Fix tests to not load federation manager twice
 4378 * Fix places where role API calls still called assignment\_api
 4379 * fix a small issue in test\_v3\_auth.py
 4380 * Imported Translations from Transifex
 4381 * rename cls in get\_auth\_context to self
 4382 * make tests of endpoint\_filter check endpoints num
 4383 * remove the Conf.signing.token\_format option support
 4384 * Remove list\_endpoint\_groups\_for\_project from sample policies
 4385 * Add get\_endpoint\_group\_in\_project to sample policy files
 4386 * Check for invalid filtering on v3/role\_assignments
 4387 * Remove duplicate token revocation check
 4388 * Remove incubator version of log and local
 4389 * Use oslo.log instead of incubator
 4390 * Move existing tests to unit
 4391 * Cleanup tests to not set multiple workers
 4392 * Use subunit-trace from tempest-lib
 4393 * Log exceptions safely
 4394 * Imported Translations from Transifex
 4395 * Refactor \_send\_audit\_notification
 4396 * Updated from global requirements
 4397 * Remove excess brackets in exception creation
 4398 * Update policy doc to use new rule format
 4399 * remove the unused variables in indentity/core.py
 4400 * fix assertTableColumns
 4401 * Imported Translations from Transifex
 4402 * make federation part of keystone core
 4403 * Small cleanup of cloudsample policy
 4404 * Fix error message on check on RoleV3
 4405 * Improve creation of expected assignments in tests
 4406 * Add a check to see if a federation token is being used for v2 auth
 4407 * Adds a fork of python-ldap for Py3 testing
 4408 * Updates Python3 requirements
 4409 * Sync with oslo-incubator
 4410 * Add local rules in the federation mapping tests
 4411 * Don't try to convert LDAP attributes to boolean
 4412 * Add schema for endpoint group
 4413 * Split the assignments controller
 4414 * Use \_VersionsEqual for a few more version tests
 4415 * Remove test PYTHONHASHSEED setting
 4416 * Correct version tests for result ordering
 4417 * Correct a v3 auth test for result ordering
 4418 * Correct catalog response checker for result ordering
 4419 * Correct test\_get\_v3\_catalog test for result ordering
 4420 * Correct test\_auth\_unscoped\_token\_project for result ordering
 4421 * Fix the syntax issue on creating table \`endpoint\_group\`
 4422 * Change hacking check to verify all oslo imports
 4423 * Change oslo.i18n to oslo\_i18n
 4424 * Change oslo.config to oslo\_config
 4425 * Change oslo.db to oslo\_db
 4426 * Remove XMLEquals from tests
 4427 * Remove unused test case
 4428 * Don't coerce port config values
 4429 * Make identity id mapping handle unicode
 4430 * Improve testing of unicode id mapping
 4431 * Add new "RoleAssignment" exception
 4432 * Imported Translations from Transifex
 4433 * log wsgi requests at INFO level
 4434 * Fix race on default role creation
 4435 * Imported Translations from Transifex
 4436 * Unscoped to Scoped only
 4437 * Refactor federation SQL backend
 4438 
 4439 2015.1.0b2
 4440 ----------
 4441 
 4442 * Set initiators ID to user\_id
 4443 * Updated from global requirements
 4444 * Change oslo.messaging to oslo\_messaging
 4445 * Change oslo.serialization to oslo\_serialization
 4446 * Handle SSL termination proxies for version list
 4447 * Imported Translations from Transifex
 4448 * Update federation config to use Service Providers
 4449 * Drop URL field from region table
 4450 * Create K2K SAML assertion from Service Provider
 4451 * Service Providers API for OS-FEDERATION
 4452 * Implements subtree\_as\_ids query param
 4453 * Refactor role assignment assertions
 4454 * Fixes 'OS-INHERIT:inherited\_to' info in tests
 4455 * During authentication validate if IdP is enabled
 4456 * Fix typo in Patch #142743
 4457 * Make the LDAP dependency clear between identity, resource & assignment
 4458 * Implements parents\_as\_ids query param
 4459 * Internal notifications for cleanup domain
 4460 * Multiple IDP authentication URL
 4461 * Change oslo.utils to oslo\_utils
 4462 * Imported Translations from Transifex
 4463 * Regenerate sample config file
 4464 * Make unit tests call the new resource manager
 4465 * Make controllers and managers reference new resource manager
 4466 * Remove unused pointer to assignment in identity driver
 4467 * Move projects and domains to their own backend
 4468 * Make role manager refer to role cache config options
 4469 * Documentation fix for Keystone Architecture
 4470 * Imported Translations from Transifex
 4471 * Fix evaluation logic of federation mapping rules
 4472 * Deprecate LDAP Assignment Backend
 4473 * Fix up \_ldap\_res\_to\_model for ldap identity backend
 4474 * Remove local conf information from paste-ini
 4475 * Use RequestBodySizeLimiter from oslo.middleware
 4476 * Adds a wip decorator for tests
 4477 * Remove list\_user\_projects method from assignment
 4478 * Updated from global requirements
 4479 * Remove unnecessary code block of exception handling
 4480 * Updated from global requirements
 4481 * Add library oslo.concurrency in config-generator config file
 4482 * Updated from global requirements
 4483 * Explicit Unscoped
 4484 * add missing API in docstring of EndpointFilterExtension
 4485 * fix test\_ec2\_list\_credentials
 4486 * Assignment sql backend create\_grant refactoring
 4487 * Updated from global requirements
 4488 * Imported Translations from Transifex
 4489 * Remove TODO comment which has been addressed
 4490 * Refactor keystone-all and http/keystone
 4491 * Updated from global requirements
 4492 * Identify groups by name/domain in mapping rules
 4493 * do parameter check before updating endpoint\_group
 4494 * Move sql specific filter test code into test\_backend\_sql
 4495 * Fix incorrect filter test name
 4496 * Update the keystone sample config
 4497 * Minor fix in RestfulTestCase
 4498 * Scope federated token with 'token' identity method
 4499 * Correct comment about circular dependency
 4500 * Refactor assignment manager/driver methods
 4501 * Make unit tests call the new, split out, role manager
 4502 * Make controllers call the new, split out, role manager
 4503 * Correct doc string for grant driver methods
 4504 * Split roles into their own backend within assignments
 4505 * correct the help text of os\_inherit
 4506 * Update Inherited Role Assignment Extension section
 4507 * Limit lines length on configuration doc
 4508 * Fixes spacing in sentences on configuration doc
 4509 * Fixes several typos on configuration doc
 4510 * Trust redelegation
 4511 * add missing parent\_id parameter check in project schema
 4512 * Fix incorrect session usage in tests
 4513 * Fix migration 42 downgrade
 4514 * Updated from global requirements
 4515 * Additional test coverage for password changes
 4516 * Fix downgrade test for migration 61 on non-sqlite
 4517 * Fix transaction issue in migration 44 downgrade
 4518 * Correct failures for H238
 4519 * Move to hacking 0.10
 4520 * Updated from global requirements
 4521 * Remove unused fields in base TestCase
 4522 * Keystoneclient tests from venv-installed client
 4523 * Fix downgrade from migration 61 on non-sqlite
 4524 * explicit namespace prefixes for SAML2 assertion
 4525 * Remove requirements not needed by oslo-incubator modules anymore
 4526 * Remove unused testscenarios requirement
 4527 * Cleanup test-requirements for keystoneclient
 4528 * Fix tests using extension drivers
 4529 * Ensure manager grant methods throw exception if role\_id is invalid
 4530 * update sample conf using latest oslo.conf
 4531 * Remove unnecessary oslo incubator bits
 4532 * let endpoint\_filter sql backend return dict data
 4533 * Tests fail only on deprecation warnings from keystone
 4534 * switch from sample\_config.sh to oslo-config-generator
 4535 * Add positive test case for content types
 4536 * Update the keystone.conf sample
 4537 * remove invalid note
 4538 * invalidate cache when updating catalog objects
 4539 * Enable hacking rule H302
 4540 * fix wrong self link in the response of endpoint\_groups API
 4541 * Imported Translations from Transifex
 4542 * improve the EP-FILTER catalog length check in test\_v3.py
 4543 * Don't allow deprecations during testing
 4544 * Fix to not use deprecated Exception.message
 4545 * Integrate logging with the warnings module
 4546 * rename oslo.concurrency to oslo\_concurrency
 4547 * Fix to not use empty IN clause
 4548 * Be more precise with flake8 filename matches
 4549 * Use bashate to run\_tests.sh
 4550 * Move test\_utils to keystone/tests/unit/
 4551 * add circular check when updating region
 4552 * fix the wrong update logic of catalog kvs driver
 4553 * Removes a Py2.6 version of assertSetEqual
 4554 * Removes a Py2.6 version of inspect.getcallargs
 4555 * Removes a bit of WSGI code converts unicode to str
 4556 * Expanded mutable hacking checks
 4557 * Make the mutable default arg check very strict
 4558 * sync to oslo commit 1cf2c6
 4559 * Update federation docs to point to specs.o.org
 4560 * Memcache connection pool excess check
 4561 * Always return the service name in the catalog
 4562 * Update docs to no longer show XML support
 4563 
 4564 2015.1.0b1
 4565 ----------
 4566 
 4567 * Check and delete for policy\_association\_for\_region\_and\_service
 4568 * Remove unnecessary ldap import
 4569 * Rename \`removeEvent\` to be more pythonic
 4570 * Fix the way migration helpers check FK names
 4571 * Remove XML support
 4572 * Fix modifying a role with same name using LDAP
 4573 * Add a test for modifying a role to set the name the same
 4574 * Fix disabling entities when enabled is ignored
 4575 * Add tests for enabled attribute ignored
 4576 * Cleanup eventlet use in tests
 4577 * Fix update role without name using LDAP
 4578 * Add test for update role without name
 4579 * Inherited role assignments to projects
 4580 * Updated from global requirements
 4581 * Fix inherited user role test docstring
 4582 * Fixes links in Shibboleth configuration docs
 4583 * Updated from global requirements
 4584 * fix wrong indentation in contrib/federation/utils.py
 4585 * Adds openSUSE support for developer documentation
 4586 * User ids that begin with 0 cannot authenticate through ldap
 4587 * Typo in policy call
 4588 * Updated from global requirements
 4589 * Remove endpoint\_substitution\_whitelist config option
 4590 * Correct max\_project\_tree\_depth config help text
 4591 * Adds correct checks in LDAP backend tests
 4592 * Updated from global requirements
 4593 * Add an identity backend method to get group by name
 4594 * Create, update and delete hierarchical projects
 4595 * drop developer support for OS X
 4596 * Ignore H302 - bug 1398472
 4597 * Remove irrelative comment
 4598 * remove deprecated access log middleware
 4599 * Multiple IdPs problem
 4600 * Fixes docstring at eventlet\_server
 4601 * Fix the copy-pasted help info for db\_version
 4602 * Updated from global requirements
 4603 * TestAuthPlugin doesn't use test\_auth\_plugin.conf
 4604 * Add missing translation marker for dependency
 4605 * Use \_ definition from keystone.i18n
 4606 * Remove Python 2.6 classifier
 4607 * Correct token flush logging
 4608 * Speed up memcache lock
 4609 * Moves hacking tests to unit directory
 4610 * Fixes create\_saml\_assertion() return
 4611 * Add import i18n to federation/controllers.py
 4612 * Correct use of config fixture
 4613 * Extends hacking check for logging to verify i18n hints
 4614 * Adds missing log hints for level E/I/W
 4615 * make sample\_data.sh account for the default options in keystone.conf
 4616 * Adds dynamic checking for mapped tokens
 4617 * Updated from global requirements
 4618 * Enable cloud\_admin to list projects in all domains
 4619 * Remove string from URL in list\_revoke\_events()
 4620 * Configuring Keystone edits
 4621 * Update keystone readme to point to specs.o.org
 4622 * Imported Translations from Transifex
 4623 * Add WSGIPassAuthorization to OAuth docs
 4624 * Increase test coverage of test\_versions.py
 4625 * Move test\_pemutils.py to unit test directory
 4626 * Don't return \`\`user\_name\`\` in mapped.Mapped class
 4627 * Increase test coverage of test\_base64utils.py
 4628 * Move base64 unit tests to keystone/tests/unit dir
 4629 * Move injection unit tests to keystone/tests/unit
 4630 * Move notification unit tests to unit test dir
 4631 * Allow for REMOTE\_USER name in federation mapping
 4632 * Doc about specifying domains in domains specific backends
 4633 * Remove useless field passed into SQLAlchemy "distinct" statement
 4634 * Exclude domains with inherited roles from user domain list
 4635 * Improve testing of exclusion of inherited roles
 4636 * Fix project federation tokens for inherited roles
 4637 * Improve testing of project federation tokens for inherited roles
 4638 * Fix domain federation tokens for inherited roles
 4639 * Improve testing of domain federation tokens for inherited roles
 4640 * Fix misspelling at configuration.rst file
 4641 * Remove duplicate setup logic in federation tests
 4642 * Imported Translations from Transifex
 4643 * Enable hacking rule H904
 4644 * Move shib specific documentation
 4645 * Additional debug logs for federation flows
 4646 * Add openid connect support
 4647 * Imported Translations from Transifex
 4648 * Enable hacking rule H104 File contains nothing but comments
 4649 * Rename \_handle\_saml2\_tokens() method
 4650 * Updated from global requirements
 4651 * Update references to auth\_token middleware
 4652 * Use true() rather than variable/singleton
 4653 * Change ca to uppercase in keystone.conf
 4654 * default revoke driver should be the non-deprecated driver
 4655 * Prevent infinite loop in token\_flush
 4656 * Adds IPv6 url validation support
 4657 * Provide useful info when parsing policy file
 4658 * Doc about deleting a domain specific backend domain
 4659 * Updated from global requirements
 4660 * Remove token persistence proxy
 4661 * Correct use of noqa
 4662 * Use oslo.concurrency instead of sync'ed version
 4663 * revise error message for keystone.token.persistence pkg
 4664 * Change config option examples to v3
 4665 * Sync modules from oslo-incubator
 4666 * test\_utils use jsonutils from oslo.serialization
 4667 * Add fileutils module
 4668 * Move check\_output and git() to test utils
 4669 * Remove nonexistant param from docstring
 4670 * Fixes aggressive use of translation hints
 4671 * PKI and PKIZ tokens unnecessary whitespace removed
 4672 * Move unit tests from test\_backend\_ldap
 4673 * Use correct name of oslo debugger script
 4674 * Updated from global requirements
 4675 * Imported Translations from Transifex
 4676 * Change /POST to /ECP at federation config
 4677 * Base methods to handle hierarchical projects
 4678 * use expected\_length parameter to assert expected length
 4679 * fix the wrong order of assertEqual args in test\_v3
 4680 * sys.exit mock cleanup
 4681 * Tests raise exception if logging problem
 4682 * Correct the code path of implementation for the abstract method
 4683 * Use newer python-ldap paging control API
 4684 * Add xmlsec1 dependency comments
 4685 * Add parent\_id field to projects
 4686 * Add max-complexity to pep8 for Keystone
 4687 * Remove check\_password() in identity.backend.ldap
 4688 * Restrict certain APIs to cloud admin in domain-aware policy
 4689 * Remove unused ec2 driver option
 4690 * Extract Assignment tests from IdentityTestCase
 4691 * Clean up federated identity audit code
 4692 * obsolete deployment docs
 4693 * Remove database setup duplication
 4694 * Fixes endpoint\_filter tests
 4695 * Fixes a spelling error in hacking tests
 4696 * Fixes docstrings to be more accurate
 4697 * Update the feature/hierarchical-multitenancy branch
 4698 * Updated from global requirements
 4699 
 4700 2014.2
 4701 ------
 4702 
 4703 * updated translations
 4704 * Remove deprecated KVS trust backend
 4705 * Imported Translations from Transifex
 4706 * Ensure sql upgrade tests can run with non-sqlite databases
 4707 * Ensure sql upgrade tests can run with non-sqlite databases
 4708 * Validates controller methods exist when specified
 4709 * Fixes an error deleting an endpoint group project
 4710 * Add v3 openstackclient CLI examples
 4711 * Update the CLI examples to also use openstackclient
 4712 * Replace an instance of keystone/openstack/common/timeutils
 4713 * Use importutils from oslo.utils
 4714 * Use jsonutils from oslo.serialization
 4715 * Update 'Configuring Services' documentation
 4716 * Use openstackclient examples in configuration documentation
 4717 * Validates controller methods exist when specified
 4718 * Fixes an error deleting an endpoint group project
 4719 * Switch LdapIdentitySqlAssignment to use oslo.mockpatch
 4720 * Fix tests comparing tokens
 4721 * Remove deprecated TemplatedCatalog class
 4722 * Remove images directory from docs
 4723 * Remove OS-STATS monitoring
 4724 * Remove identity and assignment kvs backends
 4725 * Add an XML code directive to a shibboleth example
 4726 * revise docs on default \_member\_ role
 4727 * Convert unicode to UTF8 when calling ldap.str2dn()
 4728 * Fix tests comparing tokens
 4729 * Fix parsing of emulated enabled DN
 4730 * Handle default string values when using user\_enabled\_invert
 4731 * Handle default string values when using user\_enabled\_invert
 4732 * Convert unicode to UTF8 when calling ldap.str2dn()
 4733 * Fix parsing of emulated enabled DN
 4734 * Add test for getting a token with inherited role
 4735 * wrong logic in assertValidRoleAssignmentListResponse method
 4736 * Open Kilo development
 4737 
 4738 2014.2.rc1
 4739 ----------
 4740 
 4741 * Enhance FakeLdap to require base entry for subtree search
 4742 * Imported Translations from Transifex
 4743 * Uses session in migration to stop DB locking
 4744 * Address some late comments for memcache clients
 4745 * Set issuer value to CONF.saml.idp\_entity\_id
 4746 * Updated from global requirements
 4747 * Add placeholders for reserved migrations
 4748 * Mark k2k as experimental
 4749 * Add version attribute to the SAML2 Assertion object
 4750 * New section for CLI examples in docs
 4751 * Fix failure of delete domain group grant when identity is LDAP
 4752 * Clean up the Configuration documentation
 4753 * Adding an index on token.user\_id and token.trust\_id
 4754 * Update architecture documentation
 4755 * Fix a spelling mistake in keystone/common/utils.py
 4756 * Imported Translations from Transifex
 4757 * Prevent infinite recursion on persistence core on init
 4758 * Read idp\_metadata\_path value from CONF.saml
 4759 * Remove duplicated assertion
 4760 * Fix create and user-role-add in LDAP backend
 4761 * Fix minor spelling issues in comments
 4762 * Add a pool of memcached clients
 4763 * Update URLs for keystone federation configuration docs
 4764 * add --rebuild option for ssl/pki\_setup
 4765 * Mock doesn't have assert\_called\_once()
 4766 * Do not run git-cloned ksc master tests when local client specified
 4767 * Add info about pysaml2 into federation docs
 4768 * Imported Translations from Transifex
 4769 * Remove unused cache functions from token.core
 4770 * Updated from global requirements
 4771 * Safer check for enabled in trusts
 4772 * Set the default number of workers when running under eventlet
 4773 * Add the processutils from oslo-incubator
 4774 * Update 'Configure Federation' documentation
 4775 * Ensure identity sql driver supports domain-specific configuration
 4776 * Allow users to clean up role assignments
 4777 * Adds a whitelist for endpoint catalog substitution
 4778 * Revoke the tokens of group members when a group role is revoked
 4779 * Change pysaml2 comment in test-requrements.txt
 4780 * Document Keystone2Keystone federation
 4781 * Set LDAP certificate trust options for LDAPS and TLS
 4782 * Fail on empty userId/username before query
 4783 * Refactor FakeLdap to share delete code
 4784 * ldap/core deleteTree not always supported
 4785 * Reduce unit test log level for notifications
 4786 * Fix delete group cleans up role assignments with LDAP
 4787 * Refactor LDAP backend using context manager for connection
 4788 * Fix fakeldap search\_s documentation
 4789 * Add delete notification to endpoint grouping
 4790 * Fix using local ID to clean up user/group assignments
 4791 * Add characterization test for cleanup role assignments for group
 4792 * Fix LDAP group role assignment listing
 4793 * Correct typos in keystone/common/base64utils.py docstrings
 4794 * Add V3 JSON Home support to GET /
 4795 * Ensure a consistent transactional context is used
 4796 * Adds hint about filter placement to extension docs
 4797 * Adds pipeline hints to the example paste config
 4798 * Make the extension docs a top level entry in the landing page
 4799 * LDAP: refactor use of "1.1" OID
 4800 * Fix Policy backend driver documentation
 4801 * improve dependency injection doc strings
 4802 * Document mod\_wsgi doesn't support chunked encoding
 4803 * Making KvsInheritanceTests use backend KVS
 4804 * Keystone local authenticate has an unnecessary pending audit record
 4805 * Use id attribute map for read-only LDAP
 4806 * Stop skipping LDAP tests
 4807 * Update the revocation configuration docs
 4808 * Fixes formatting error in debug log statement
 4809 * Remove trailing space from string
 4810 * Update paste pipelines in configuration docs
 4811 * Update man pages
 4812 * Updates package comment to be more accurate
 4813 * Fixed typo 'in sane manner' to 'in a sane manner'
 4814 * Enable filtering of services by name
 4815 * correct typos
 4816 * Fixes code comment to be more accurate
 4817 * Prevent domains creation for the default LDAP+SQL
 4818 * Add testcase for coverage of 002\_add\_endpoint\_groups
 4819 * Fix oauth sqlite migration downgrade failure
 4820 * Sync jsonutils from oslo-incubator 32e7f0b5
 4821 * Imported Translations from Transifex
 4822 * Avoid conversion of binary LDAP values
 4823 * Remove unused variable TIME\_FORMAT
 4824 * Add characterization test for group role assignment listing
 4825 * Fix dn\_startswith
 4826 * Use oslo\_debug\_helper and remove our own version
 4827 * Fixes a mock cleanup issue caused by oslotest
 4828 * Add rst code-blocks to a bunch of missing examples
 4829 * Capitalize all instances of Keystone in the docs
 4830 
 4831 2014.2.b3
 4832 ---------
 4833 
 4834 * Update the docs that list sections in keystone.conf
 4835 * Fixed spelling mistakes in comments
 4836 * use one indentation style
 4837 * Fix admin server doesn't report v2 support in Apache httpd
 4838 * Add test for single app loaded version response
 4839 * Work toward Python 3.4 support and testing
 4840 * Update the federation configuration docs for saml2
 4841 * Add docs for enabling endpoint policy
 4842 * warn against sorting requirements
 4843 * Adds region back into the catalog endpoint
 4844 * Remove extra V3 version router
 4845 * Implementation of Endpoint Grouping
 4846 * Fix minor nits for token2saml generation
 4847 * Routes for Keystone-IdP metadata endpoint
 4848 * Generate IdP Metadata with keystone-manage
 4849 * IdP SAML Metadata generator
 4850 * Implement validation on Trust V3 API
 4851 * Create SAML generation route and controller
 4852 * trustor\_user\_id not available in v2 trust token
 4853 * Transform a Keystone token to a SAML assertion
 4854 * Remove TODO that was done
 4855 * Fix region schema comment
 4856 * Remove unused \_validate\_endpoint
 4857 * Fix follow up review issues with endpoint policy backend patch
 4858 * controller for the endpoint policy extension
 4859 * Mark the revoke kvs backend deprecated, for removal in Kilo
 4860 * Fix logging config twice
 4861 * Implement validation on the Catalog V3 API
 4862 * General logging cleanup in keystone.notifications
 4863 * Lower log level for notification registration
 4864 * backend for policy endpoint extension
 4865 * Implement validation on Credential V3
 4866 * Implement validation on Policy V3 API
 4867 * Fix token flush fails with recursion depth exception
 4868 * Spelling errors fixed in the comments
 4869 * Add index for actor\_id in assignments table
 4870 * Endpoint table is missing reference to region table
 4871 * add missing log hints for level C/E/I/W
 4872 * Add audit support to keystone federation
 4873 * Add string id type validation
 4874 * Implement validation on Assignment V3 API
 4875 * Adds tests that show how update with validation works
 4876 * Mark the trust kvs backend deprecated, for removal in Kilo
 4877 * Test cleanup: do not leak FDs during test runs
 4878 * Do not load auth plugins by class in tests
 4879 * JSON Home data is required
 4880 * Cleanup superfluous string comprehension and coersion
 4881 * Add commas for ease of maintenance
 4882 * Comments to docstrings for notification emit methods
 4883 * Notification cleanup: namespace actions
 4884 * Mark kvs backends as deprecated, for removal in Kilo
 4885 * Add bash code style to some portions of configuration.rst
 4886 * Update sample config
 4887 * Update tests to not use token\_api
 4888 * Make persistence manager in token\_provider\_api private
 4889 * Enhance GET /v3 to handle Accept header
 4890 * Enhance V3 extensions to provide JSON Home data
 4891 * Enhance V3 extension class to integrate JSON Home data
 4892 * Change OS-INHERIT extension to provide JSON Home data
 4893 * Change the sub-routers to provide JSON Home data
 4894 * Change V3 router classes to provide JSON Home data
 4895 * Create additional docs for role assignment events
 4896 * Add libxmlsec1 as external package dependency on OS X
 4897 * Add \_\_repr\_\_ to KeystoneToken model
 4898 * Add extra guarding to revoke\_by\_audit\_id methods
 4899 * Mark methods on token\_api deprecated
 4900 * Remove SAML2 plugin dependency on token\_api
 4901 * Remove oauth controller dependency on token\_api
 4902 * Remove assignment\_api dependency on token\_api
 4903 * Notification Constant Cleanup and internal notify type
 4904 * Remove wsgi and base controller dependency on token\_api
 4905 * Remove identity\_api dependency on token\_api
 4906 * Remove trust dependency on token\_api
 4907 * Update AuthContextMiddleware to not use token\_api
 4908 * Revoke by Audit Id / Audit Id Chain instead of expires
 4909 * assignment controller error path fix
 4910 * Make SQL the default backend for Identity & Assignment unit tests
 4911 * Add CADF notifications for role assignment create and delete
 4912 * Add notifications for policy, region, service and endpoint
 4913 * Enhance V3 version controller to provide JSON Home response
 4914 * Provide the V3 routers to the V3 extension controller
 4915 * Enhance V3 routers to store basic resource description
 4916 * Correct the signature for some catalog abstract method signatures
 4917 * Convert to urlsafe base64 audit ids
 4918 * Sync Py2 and Py3 requirements files
 4919 * Sync with oslo-incubator
 4920 * Add audit ids to tokens
 4921 * Fixing simple type in comment
 4922 * Create authentication specific routes
 4923 * Standardizing the Federation Process
 4924 * Enable filtering of credentials by user ID
 4925 * Expose context to create grant and delete grant
 4926 * Redirect stdout and stderr when using subprocess
 4927 * Back off initial migration to 34
 4928 * Back off initial migration to 35
 4929 * Use python convention for function names in test\_notifications
 4930 * Use mail for the default LDAP email attribute name
 4931 * Bump hacking to 0.9.x series
 4932 * Fixes an issue with the XMLEquals matcher
 4933 * Do not require method attribute on plugins
 4934 * Remove \_BaseFederationExtension
 4935 * Add a URL field to region table
 4936 * Remove unnecessary declaration of CONF
 4937 * Remove trailing space in tox.ini
 4938 * Rename bash8 requirement
 4939 * Updates the sample config
 4940 * remove unused import
 4941 * Clean whitespace off token
 4942 * Support the hints mechanism in list\_credentials()
 4943 * Keystone service throws error on receiving SIGHUP
 4944 * Remove strutils and timeutils from openstack-common.conf
 4945 * Use functions in oslo.utils
 4946 * Add an OS-FEDERATION section to scoped federation tokens
 4947 * Ensure roles created by unit tests have correct attributes
 4948 * Update control\_exchange value in keystone.conf
 4949 * swap import order of lxml
 4950 * add i18n to lxml error
 4951 * Check for empty string value in REMOTE\_USER
 4952 * Refactor names in catalog backends
 4953 * Update CADF auditing example to show non-payload information
 4954 * Remove ec2 contrib dependency on token\_api
 4955 * Expose token revocation list via token\_provider\_api
 4956 * Remove assignment controller dependency on token\_api
 4957 * Refactor serializer import to XmlBodyMiddleware
 4958 * Delete intersphinx mappings
 4959 * Fix documentation link
 4960 * Make token\_provider\_api contain token persistence
 4961 * Remove S3 middleware tests from tox.ini
 4962 * Remove unused function
 4963 * Add oslo.utils requirement
 4964 * Surround REMOTE\_USER variable name with quotes
 4965 * Remove \`with\_lockmode\` use from Trust SQL backend
 4966 * Allow LDAP lock attributes to be used as enable attributes
 4967 * Improve instructions about federation
 4968 * Do not override venvs
 4969 * Imported Translations from Transifex
 4970 * Remove debug CADF payload for every authN request
 4971 * Don't override tox envdir for pep8 and cover jobs
 4972 * Change V3 extensions to use resources
 4973 * Enhance V3 extension class to use resources
 4974 * V3 Extension class
 4975 * Change V3 router classes to use resources
 4976 * Enhance V3 router class for resources
 4977 * Class for V3 router packages
 4978 * Filter List Regions by 'parent\_region\_id'
 4979 * Refactor existing endpoint filter tests
 4980 * Trust unit tests should target additional threat scenarios
 4981 * Update the config file
 4982 * Fix revocation event handling with MySQL
 4983 * Set default token provider to UUID
 4984 * Add filters to the collections 'self' link
 4985 * Issue multiple SQL statements in separate engine.execute() calls
 4986 * Remove fixture from openstack-common.conf
 4987 * Use config fixture from oslo.config
 4988 * Fix revoking a scoped token from an unscoped token
 4989 * Updated from global requirements
 4990 * KeyError instead of exception.KeyError
 4991 * Catch correct oslo.db exception
 4992 * Update setup docs with Fedora 19+ dependencies
 4993 * Add a test for revoking a scoped token from an unscoped
 4994 * Fix revoking domain-scoped tokens
 4995 * Correct revocation event test for domain\_id
 4996 * Add pluggable range functions for token flush
 4997 * Configurable python-keystoneclient repo
 4998 * Fix invalid self link in get access token
 4999 * Add workaround to support tox 1.7.2
 5000 * Fixes a capitalization issue
 5001 * Do not consume trust uses when create token fails
 5002 * Refactor set domain-id and mapping code
 5003 * Remove duplicated asserts
 5004 * Fix for V2 token issued\_at time changing
 5005 * Add tests related to V2 token issued\_at time changing
 5006 * Sample config update
 5007 * Add the new Keystone TokenModel
 5008 * Add X-Auth-Token header in federation examples
 5009 * Check url is in the 'self' link in list responses
 5010 * Clean up EP-Filter after delete project/endpoint
 5011 * add internal delete notification for endpoint
 5012 * remove static files from docs
 5013 * Move token persistence classes to token.persistence module
 5014 * cache the catalog
 5015 * Disable a domain will revoke tokens under the same domain
 5016 * Sqlite files excluded from the repo
 5017 * Adding support for ldap connection pooling
 5018 * Details the proper way to call a callable
 5019 
 5020 2014.2.b2
 5021 ---------
 5022 
 5023 * Add the new oslo.i18n as a dependency for Python 3
 5024 * Fixes test\_exceptions.py for Python3
 5025 * Fixes test\_wsgi for Python3
 5026 * Adds several more test modules that pass on Py3
 5027 * Reduces the amount of mocked imports for Python 3
 5028 * Disables LDAP unit tests
 5029 * Updated from global requirements
 5030 * Initial implementation of validator
 5031 * Mark the 'check\_vX\_token' methods deprecated
 5032 * Extracting get group roles for project logic to drivers
 5033 * implement GET /v3/catalog
 5034 * Adds coverage report to py33 test runs
 5035 * Fixed tox cover environment to share venv
 5036 * Regenerate sample config file
 5037 * Check that region ID is not an empty string
 5038 * auth tests should not require admin token
 5039 * Example JSON files should be human-readable
 5040 * Consolidate \`assert\_XXX\_enabled\` type calls to managers
 5041 * Move keystone.token.default\_expire\_time to token.provider
 5042 * Move token\_api.unique\_id to token\_provider\_api
 5043 * Capitalize a few project names in configuring services doc
 5044 * Fixes a Python3 syntax error
 5045 * Introduce pragma no cover to asbtract classes
 5046 * Update middleware that was moved to keystonemiddleware
 5047 * Sync with oslo-incubator
 5048 * project disabled/deleted notification recommendations
 5049 * render json examples with syntax highlighting
 5050 * Use oslo.i18n
 5051 * Make sure unit tests set the correct log levels
 5052 * Clean up the endpoint filtering configuration docs
 5053 * Avoid loading a ref from SQL to delete the ref
 5054 * Add revocation extension to default pipeline
 5055 * multi-backend support for identity
 5056 * Update docs to reflect new db\_sync behaviour
 5057 * Migrate default extensions
 5058 * Add oslo.i18n as dependency
 5059 * Do not use lazy translation for keystone-manage
 5060 * Update the configuration docs for the revocation extension
 5061 * Remove deprecated token\_api.list\_tokens
 5062 * Imported Translations from Transifex
 5063 * Add keystonemiddleware to requirements
 5064 * Add \_BaseFederationExtension class
 5065 * Correct the region table to be InnoDB and UTF8
 5066 * HEAD responses should return same status as GET
 5067 * Updated from global requirements
 5068 * Sync with oslo-incubator e9bb0b59
 5069 * Add schema check for OS-FEDERATION mapping table
 5070 * Make OS-FEDERATION core.Driver methods abstract
 5071 * update example with a status code we actually use
 5072 * Correct docstring for assertResponseSuccessful
 5073 * Fix the section name in CONTRIBUTING.rst
 5074 * Fix OAuth1 to not JSON-encode create access token response
 5075 * Ending periods in exception messages deleted
 5076 * Ensure that in v2 auth tenant\_id matches trust
 5077 * Add identity mapping capability
 5078 * Do not use keystone's config for nova's port
 5079 * Fix docs and scripts for pki\_setup and ssl\_setup
 5080 * LDAP: Added documentation for debug\_level option
 5081 * Updated from global requirements
 5082 * Fixes the order of assertEqual arguments
 5083 * remove default=None for config options
 5084 * Fix test for get\_\*\_by\_name invalidation
 5085 * Do not support toggling key\_manglers in cache layer
 5086 * Implicitly ignore attributes that are mapped to None in LDAP
 5087 * Move bash8 to run under pep8 tox env
 5088 * Remove db, db.sqlalchemy from openstack-common.conf
 5089 * Remove backend\_entities from backend\_ldap.conf
 5090 * Consolidate provider calls to token\_api.create\_token
 5091 * Adds hacking check for debug logging translations
 5092 * Updates Python3 requirements to match Python2
 5093 * Adds oslo.db support for Python 3 tests
 5094 * Do not leak SQL queries in HTTP 409 (conflict)
 5095 * Imported Translations from Transifex
 5096 * Do not log 14+ INFO lines on a broken pipe error (eventlet)
 5097 * Regenerate sample config file
 5098 * deprecate LDAP config options for 'tenants'
 5099 * the user\_tenant\_membership table was replaced by "assignment"
 5100 * Corrects minor spelling mistakes
 5101 * Ignoring order of user list in TenantTestCase
 5102 * Make gen\_pki.sh & debug\_helper.sh bash8 compliant
 5103 * TestAuthInfo class in test\_v3\_auth made more efficient
 5104 * Update docs to reference #openstack-keystone
 5105 * Don't set sqlite\_db default
 5106 * Migrate ID generation for users/groups from controller to manager
 5107 * oslo.db implementation
 5108 * Test \`common.sql\` initialization
 5109 * Kerberos as method name
 5110 * test REMOTE\_USER  does not authenticate
 5111 * Document pkiz as provider in config
 5112 * Only emit disable notifications for project/domain on disable
 5113 * Fix the typo and reformat the comments for the added option
 5114 * Updated from global requirements
 5115 * fix flake8 issues
 5116 * Update sample keystone.conf file
 5117 * Fix 500 error if request body is not JSON object
 5118 * Default to PKIZ tokens
 5119 * Fix a few typos in the shibboleth doc
 5120 * pkiz String conversion
 5121 * Fixes catalog URL formatting to never return None
 5122 * Updates keystone.catalog.core.format\_url tests
 5123 * Ignore broken endpoints in get\_catalog
 5124 * Allow for multiple PKI Style Providers
 5125 * Add instructions for removing pyc files to docs
 5126 * Password trunction makes password insecure
 5127 * enable multiple keystone-all worker processes
 5128 * Add cloud auditing notification documentation
 5129 * Block delegation escalation of privilege
 5130 * Fixes typo error in Keystone
 5131 * Add missing docstrings and 1 unittest for LDAP utf-8 fixes
 5132 * Properly invalidate cache for get\_\*\_by\_name methods
 5133 * Make sure domains are enabled by default
 5134 * Convert explicit session get/begin to transaction context
 5135 
 5136 2014.2.b1
 5137 ---------
 5138 
 5139 * remove unnecessary word in docs: 'an'
 5140 * add docs on v2 & v3 support in the service catalog
 5141 * Add v3 curl examples
 5142 * Use code-block for curl examples
 5143 * Sync service module from oslo-incubator
 5144 * remove unneeded definitions of Python Source Code Encoding
 5145 * gitignore etc/keystone/
 5146 * Enforce \`\`saml2\`\` protocol in Apache config
 5147 * install gettext on OS X for msgfmt
 5148 * Use translation hints
 5149 * Add v2 & v3 API documentation
 5150 * Make sure all the auth plugins agree on the shared identity attributes
 5151 * update release support warning for domain-specific drivers
 5152 * Catalog driver generates v3 catalog from v2 catalog
 5153 * Compressed Token Provider
 5154 * document keystone-specs instead of LP blueprints in README
 5155 * fixed several pep8 issues
 5156 * Invalid command referenced in federation documentation
 5157 * Fix curl example refs in docs
 5158 * pep8: do not test locale files
 5159 * Consistenly use jsonutils instead of json
 5160 * Fix type error message in format\_url
 5161 * Updated from global requirements
 5162 * remove out of date docs for Fedora 15
 5163 * Make sure scoping to the project of a disabled domain result in 401
 5164 * document pki\_setup and ssl\_setup in keystone.conf.sample
 5165 * Fixed wrong behavior when updating tenant or user with LDAP backends
 5166 * Cleanup openstack-common.conf and sync from olso
 5167 * recommend excluding 35357 from ephemeral ports
 5168 * Fixes duplicated DELETE queries on SQL backends
 5169 * Refactor tests regarding required attributes
 5170 * Suggest users to remove REMOTE\_USER from shibd conf
 5171 * Refactor driver\_hints
 5172 * Imported Translations from Transifex
 5173 * Code which gets and deletes elements of tree was moved to one method
 5174 * indicate that sensitive messages can be disabled
 5175 * Check that the user is dumb moved to the common method
 5176 * Fix spelling mistakes in docs
 5177 * Replace magic value 'service/security' in CadfNotificationWrapper
 5178 * Replace assertTrue and assertFalse with more suitable asserts
 5179 * replaced unicode() with six.text\_type()
 5180 * Remove obsolete note from ldap
 5181 * install from source docs never actually install the keystone service
 5182 * LDAP fix for get\_roles\_for\_user\_and\_project user=group ID
 5183 * Cleanup of ldap assignment backend
 5184 * Remove all mostly untranslated PO files
 5185 * Mapping engine does not handle regex properly
 5186 * SQL fix for get\_roles\_for\_user\_and\_project user=group ID
 5187 * Unimplemented get roles by group for project list
 5188 * sql migration: ensure using innodb utf8 for assignment table
 5189 * Update mailmap entry for Brant
 5190 * Reduce log noise on expired tokens
 5191 * Add note for v3 API clients using auth plugin docs
 5192 * Refactor test\_auth trust related tests
 5193 * Add detailed federation configuration docs
 5194 * remove a few backslash line continuations
 5195 * Reduce excess LDAP searches
 5196 * Regenerate sample config
 5197 * Fix version links to docs.openstack.org
 5198 * Add mailmap entry
 5199 * Refactor create\_trust for readability
 5200 * Adds several more tests to the Python 3 test run
 5201 * Fixed the policy tests in Python 3
 5202 * Fixed the size limit tests in Python 3
 5203 * fixed typos found by RETF rules in RST files
 5204 * Remove the configure portion of extension docs
 5205 * Ensure token is a string
 5206 * Fixed some typos throughout the codebase
 5207 * Allow 'description' in V3 Regions to be optional
 5208 * More random values for oAuth1 verifier
 5209 * Add rally performance gate job for keystone
 5210 * Set proper DB\_INIT\_VERSION on db\_version command
 5211 * Escape values in LDAP search filters
 5212 * Migration DB\_INIT\_VERSION in common place
 5213 * Redundant unique constraint
 5214 * Correct \`nullable\` values in models and migrations
 5215 * Move hacking code to a separate fixture
 5216 * Some methods in ldap were moved to superclass
 5217 * Sync with oslo-incubator 28fba9c
 5218 * Use oslo.test mockpatch
 5219 * Check that all po/pot files are valid
 5220 * No longer allow listing users by email
 5221 * Refactor notifications
 5222 * Add localized response test
 5223 * Refactor service readiness notification
 5224 * Make test\_revoke expiry times distinct
 5225 * Removed duplication with list\_user\_ids\_for\_project
 5226 * Fix cache configuration checks
 5227 * setUp must be called on a fixture's parent first
 5228 * First real Python 3 tests
 5229 * Make the py33 Jenkins job happy
 5230 * Fix the "search for sql.py" files for db models
 5231 * Sync with oslo-incubator 74ae271
 5232 * no one uses macports
 5233 * Updated from global requirements
 5234 * Compatible server default value in the models
 5235 * Explicit foreign key indexes
 5236 * Added statement for ... if ... else
 5237 * Imported Translations from Transifex
 5238 * Ignore broken endpoints in get\_v3\_catalog
 5239 * Fix typo on cache backend module
 5240 * Fix sql\_upgrade tests run by themselves
 5241 * Discourage use of pki\_setup
 5242 * add dependencies of keystone dev-enviroment
 5243 * More efficient DN list for LDAP role delete
 5244 * Stronger assertion for test\_user\_extra\_attribute\_mapping
 5245 * Refactor test\_password\_hashed to the backend testers
 5246 * Remove LDAP password hashing code
 5247 * More notification unit tests
 5248 * Add missing import, remove trailing ":" in middleware example
 5249 * Fixes for in-code documentation
 5250 * Isolate backend loading
 5251 * Sync with oslo-incubator 2fd457b
 5252 * Adding one more check on project\_id
 5253 * Moves test database setup/teardown into a fixture
 5254 * Make the LDAP debug option a configurable setting
 5255 * Remove unnecessary dict copy
 5256 * More debug output for test
 5257 * Code which gets elements of tree in ldap moved to a common method
 5258 * Removed unused code
 5259 * Don't re-raise instance
 5260 * Fix catalog Driver signatures
 5261 * Include extra attributes in list results
 5262 * Allow any attributes in mapping
 5263 * Enhance tests for user extra attribute mapping
 5264 * Fix typo of ANS1 to ASN1
 5265 * Updated from global requirements
 5266 * Refactor: moved flatten function to utils
 5267 * Collapse SQL Migrations
 5268 * Treat LDAP attribute names as case-insensitive
 5269 * replace word 'by' with 'be'
 5270 * Configurable token hash algorithm
 5271 * Adds style checks to ease reviewer burden
 5272 * Adding more descriptive error message
 5273 * Fixed wrong behavior in method search\_s in BaseLdap class
 5274 * Fix response for missing attributes in trust
 5275 * Refactor: move federation functions to federation utils
 5276 * List all forbidden attributes in the request body
 5277 * Convert test\_backend\_ldap to config fixture
 5278 * Add tests for user ID with comma
 5279 * Fix invalid LDAP filter for user ID with comma
 5280 * Remove assignment proxy methods/controllers
 5281 * Remove legacy\_endpoint\_id and enabled from service catalog
 5282 * Replace all use of mox with mock
 5283 * Fix assertEqual arguments order(catalog, cert\_setup, etc)
 5284 * Remove common.V3Controller.check\_required\_params() method
 5285 * Fix parallel unit tests keystoneclient partial checkout
 5286 * Sync from oslo db.sqlalchemy.migration
 5287 * Removes unused db\_sync methods
 5288 * Removes useless wrapper from manager base class
 5289 * Cleanup of test\_cert\_setup tests
 5290 * Sanitizes authentication methods received in requests
 5291 * Fix create\_region\_with\_id raise 500 Error bug
 5292 * For ldap, API wrongly reports user is in group
 5293 * support conventional domain name with one or more dot
 5294 * Remove \_delete\_tokens function from federation controller
 5295 * Keystone doesn't use pam
 5296 * Fixed small capitalization issue
 5297 * Fix Jenkins translation jobs
 5298 * Removes some duplicate setup from a testcase
 5299 * Updated from global requirements
 5300 * Enable concurrent testing by default
 5301 * Cleanup ldap tests (mox and reset values)
 5302 * Check domain\_id with equality in assignment kvs
 5303 * Moves database setup/teardown closer to its usage
 5304 * Cleanup config.py
 5305 * Clean up config help text
 5306 * Imported Translations from Transifex
 5307 * test\_v3\_token\_id correctly hash token
 5308 * Safer noqa handling
 5309 * Remove noqa form import \_s
 5310 * Fix assertEqual arguments order(auth\_plugin, backend, backend\_sql, etc)
 5311 * Expand the use of non-ascii values in ldap test
 5312 * Properly handle unicode & utf-8 in LDAP
 5313 * Refactor LDAP API
 5314 * Use in-memory SQLite for sql migration tests
 5315 * Use in-memory SQLite for testing
 5316 * Remove extraenous instantiations of managers
 5317 * Make service catalog include service name
 5318 * Add placeholders for reserved migrations
 5319 
 5320 2014.1.rc1
 5321 ----------
 5322 
 5323 * Open Juno development
 5324 * Enable lazy translations in httpd/keystone.py
 5325 * Avoid using .values() on the indexed columns
 5326 * Imported Translations from Transifex
 5327 * revert deprecation of v2 API
 5328 * Remove unnecessary test setUps
 5329 * code hygiene; use six.text\_type, escape regexp's, use key function
 5330 * Use CMS to generate sample tokens
 5331 * Allows override of stdout/stderr/log capturing
 5332 * exclude disabled services from the catalog
 5333 * refactor AuthCatalog tests
 5334 * Rename keystone.tests.fixtures
 5335 * Change the default version discovery URLs
 5336 * Remove extra cache layer debugging
 5337 * Updated from global requirements
 5338 * Fix doc build errors with SQLAlchemy 0.9
 5339 * Sync oslo-incubator db.sqlalchemy b9e2499
 5340 * Create TMPDIR for tests recursively
 5341 * Always include 'enabled' field in service response
 5342 * test tcp\_keepidle only if it's available on the current platform
 5343 * Add dedicated URL for issuing unscoped federation tokens
 5344 * Cleanup revocation query
 5345 * Reduce environment logging
 5346 * Use assertIsNone when comparing against None
 5347 * Removes the use of mutables as default args
 5348 * Add a space after the hash for block comments
 5349 * Filter SAML2 assertion parameters with certain prefix
 5350 * Use assertIn in test\_v3\_catalog
 5351 * Add support for parallel testr workers in Keystone
 5352 * is\_revoked check all viable subtrees
 5353 * update sample conf
 5354 * explicitly import gettext function
 5355 * expires\_at should be in a tuple not turned into one
 5356 * Comparisons should account for instantaneous test execution
 5357 * Start using to oslotest
 5358 * Uses generator expressions instead of filter
 5359 * Remove unused db\_sync from extensions
 5360 * Ability to turn off ldap referral chasing
 5361 * Add user\_id when calling populate\_roles\_for\_groups
 5362 * Store groups ids objects list in the OS-FEDERATION object
 5363 * Make domain\_id immutable by default
 5364 * Do not expose internal data on UnexpectedError
 5365 * Use oslo db.sqlalchemy.session.EngineFacade.from\_config
 5366 * Uses explicit imports for \_
 5367 * Rename scope\_to\_bad\_project() to test\_scope\_to\_bad\_project()
 5368 * Make LIVE Tests configurable with ENV
 5369 * Filter out nonstring environment variables before rules mapping
 5370 * Provide option to make domain\_id immutable
 5371 * Replace httplib.HTTPSConnection in ec2\_token
 5372 * Move test .conf files to keystone/tests/config\_files
 5373 * Removal of test .conf files
 5374 * Don't automatically enable revocation events
 5375 * Ensure v3policysample correctly limits domain\_admin access
 5376 * Sync db, db.sqlalchemy from oslo-incubator 0a3436f
 5377 * Do not use keystone.conf.sample in tests
 5378 * Filter LDAP dumb member when listing role assignments
 5379 * Updated from global requirements
 5380 * Remove unnecessary oauth1.Manager constructions
 5381 * Enforce groups presence for federated authn
 5382 * Update sample config
 5383 * Very minor cleanup to default\_fixtures
 5384 * Cleanup keystoneclient tests
 5385 * Cleanup fixture data added to test instances
 5386 * Cleans up test data from limit tests
 5387 * Cleanup of instance attrs in core tests
 5388 * Cleanup backends after each test
 5389 * Fixup region description uniqueness
 5390 * Add slowest output to tox runs (testr)
 5391 * Add missing documentation for enabling oauth1 auth plugin
 5392 * Add missing documentation for enabling federation auth plugin
 5393 * Use class attribute to represent 'user' and 'group'
 5394 * Configurable temporary directory for tests
 5395 * Call an existing method in sync cache for revoke events
 5396 * Remove unnecessary calls to self.config()
 5397 * remove the unused variable in test\_sql\_upgrade
 5398 * remove hardcoded SQL queries in tests
 5399 * Fix db\_version failed with wrong arguments
 5400 * Use config fixture
 5401 * Fix docstrings in federation related modules
 5402 * Sync db, db.sqlalchemy, gettextutils from oslo-incubator 6ba44fd
 5403 * V3 xml responses should use v3 namespace
 5404 * trust creation allowed with empty roles list
 5405 * Fix test\_provider\_token\_expiration\_validation transient failure
 5406 * Fix include only enabled endpoints in catalog
 5407 * Add unit tests for disabled endpoints in catalog
 5408 
 5409 2014.1.b3
 5410 ---------
 5411 
 5412 * Update ADMIN\_TOKEN description in docs
 5413 * Mark revoke as experimental
 5414 * Import order is fixed
 5415 * Remove unused function from tests
 5416 * Add OS-OAUTH1 to consumers links section
 5417 * Don't need session.flush in context managed by session
 5418 * Imported Translations from Transifex
 5419 * allow create credential with the system admin token
 5420 * Stop gating on up-to-date sample config file
 5421 * Always include 'enabled' field in endpoint response
 5422 * Add the last of the outstanding helpstrings to config
 5423 * Token Revocation Extension
 5424 * Remove vim headers
 5425 * Removes use of timeutils.set\_time\_override
 5426 * drop key distribution from icehouse
 5427 * Limited use trusts
 5428 * Update curl api example to specify tenant
 5429 * Update Oslo wiki link in README
 5430 * Properly configure OS-EP-FILTER test backend
 5431 * Add tests for endpoint enabled
 5432 * Remove the un-used and non-maintained PAM identity backend
 5433 * Remove paste\_deploy from test\_overrides.conf
 5434 * SQLAlchemy Change to support more strict dialect checking
 5435 * Remove "test-only" pam config options
 5436 * Imported Translations from Transifex
 5437 * Fix get project users when no user exists
 5438 * deprecate XML support in favor of JSON
 5439 * Lazy gettextutils behavior
 5440 * Fix the order of assertEqual arguments(keystoneclient, kvs, etc)
 5441 * Update Oslo wiki link in README
 5442 * Removes a redundant test
 5443 * Remove unused variable
 5444 * Implement V3 Specific Version of EC2 Contrib
 5445 * revocation\_list only call isotime on datetime objects
 5446 * Support authentication via SAML 2.0 assertions
 5447 * Fix table name typo in test\_sql\_upgrade
 5448 * Cleanup and add more config help strings
 5449 * Ensure v2 API only returns projects in the default domain
 5450 * Support for mongo as dogpile cache backend
 5451 * v3 endpoint create should require url
 5452 * Fix issue with DB upgrade to assignment table
 5453 * Remove duplicated cms file
 5454 * oauth1 extension migration fails with DB2
 5455 * Handle exception messages with six.text\_type
 5456 * Remove common.sql.migration
 5457 * Unimplemented error on V3 get token
 5458 * Updated from global requirements
 5459 * Replace assertEqual(None, \*) with assertIsNone in tests
 5460 * Fix keystone-manage db\_version
 5461 * Fix assertEqual arguments order(\_ldap\_tls\_livetest, backend\_kvs, etc)
 5462 * Fix assertEqual arguments order(backend\_ldap, cache, v3\_protection)
 5463 * Fix the order of assertEqual arguments(v3\_auth, v3\_identity)
 5464 * Move \_BaseController to common/controllers.py
 5465 * Remove oslo rpc
 5466 * Fix webob.exc.HTTPForbidden parameter miss
 5467 * Remove redundant default value None for dict.get
 5468 * Remove oslo notifier
 5469 * Uses the venv virtualenv for the pep8 command
 5470 * Sync db.exception from Oslo
 5471 * Update oslo-incubator log.py to a01f79c
 5472 * Update man pages
 5473 * Add tests for create grant when no group
 5474 * Add tests for create grant when no user
 5475 * Correct a docstring in keystone.common.config
 5476 * Enable pep8 test against auto-generated configuration
 5477 * Update config options with helpstrings and generate sample
 5478 * Keystone doc has wrong keystone-manage command
 5479 * Fix assertEqual arguments order
 5480 * strengthen assertion for unscoped tokens
 5481 * Remove sql.Base
 5482 * Always hash passwords on their way into the DB
 5483 * bad config user\_enable\_emulation in mask test
 5484 * Convert Token Memcache backend to new KeyValueStore Impl
 5485 * Implement mechanism to provide non-expiring keys in KVS
 5486 * Rationalize the Assignment Grant Tables
 5487 * Add version routes to KDS
 5488 * Keystone team uses #openstack-keystone now
 5489 * Adds model mixin for {to,from}\_dict functionality
 5490 * Adds Cloud Audit (CADF) Support for keystone authentication
 5491 * Use class attribute to represent 'project'
 5492 * Switch over to oslosphinx
 5493 * Replace notifier with oslo.messaging
 5494 * Clean StatsController unnecesary members
 5495 * Use global to represent OS-TRUST:trust
 5496 * Additional notifications for revocations
 5497 * add policy entries for /v3/regions
 5498 * Use Oslo.db migration
 5499 * \`find\_migrate\_repo\` improvement
 5500 * Variable 'domain\_ref' referenced before assignment
 5501 * Cleanup Dogpile KVS Memcache backend support
 5502 * Fix test\_provider\_token\_expiration\_validation transient failure
 5503 * Restructure KDS options to be more like Keystone's options
 5504 * Setup code for auto-config sample generation
 5505 * Correct \`find\_migrate\_repo\` usage
 5506 * Make live LDAP user DN match the default from devstack
 5507 * Set sensible default for keystone's paste
 5508 * Treat sphinx warnings as errors
 5509 * Use WebOb directly in ec2\_token middleware
 5510 * Add lockfile and kombu as requirements for keystone
 5511 * Move filter\_limit\_query out of sql.Base
 5512 * List trusts, incorrect self link
 5513 * LDAP: document enabled\_emulation
 5514 * Remove s3\_token functional tests
 5515 * Provide clearer error when deleting enabled domain
 5516 * Remove copyright from empty files
 5517 * Syncing policy engine from oslo-incubator
 5518 * Rename Openstack to OpenStack
 5519 * Refactor get role for trust
 5520 * KDS fix documented exception
 5521 * Cleanup oauth tests
 5522 * Correctly normalize consumer fields on update
 5523 * Add tests for oauth consumer normalize fields
 5524 * Adds a fixture for setting up the cache
 5525 * Clean up database fixtures
 5526 * Fixes bug in exception message generation
 5527 * reverse my preferred mailmap
 5528 * Notifications upon disable
 5529 * Move identity logic from controller to manager
 5530 * Changing testcase name to match our terminology
 5531 * Allow specifying region ID when creating region
 5532 * explicitly expect hints in the @truncated signature
 5533 * list limit doc cleanup
 5534 * Correct error class in find\_migrate\_repo
 5535 * Remove unnecessary check to see if trustee exists
 5536 * Enforce current certificate retrieval behaviour
 5537 * Use WebOb directly for locale testing
 5538 * Cleanup KDS doc build errors
 5539 * Adds rule processing for mapping
 5540 * Add in functionality to set key\_mangler on dogpile backends
 5541 * Fix indentation issue
 5542 * Cleanup invalid token exception text
 5543 * Limit calls to memcache backend as user token index increases in size
 5544 * Style the code examples in docs as python
 5545 * Fixes a misspelling
 5546 * Doc - Keystone configuration - moving RBAC section
 5547 * Doc - Detailing  objects' attributes available for policy.json
 5548 * Do not use auth\_info objects for accessing the API
 5549 * Remove unused method \_get\_domain\_id\_from\_auth
 5550 * Remove unused method \_get\_domain\_conf
 5551 * Remove unused method \_store\_protocol
 5552 * Remove tox locale overrides
 5553 * Remove unused methods from AuthInfo
 5554 * Remove unused method \_create\_metadata
 5555 * Add test for list project users when no user
 5556 * Fix assignment KVS backend to not use identity
 5557 * Update kvs assignment backend docs
 5558 * Don't skip tests for some bugs
 5559 * Update oslo-incubator fixture to 81c478
 5560 * Remove vim header
 5561 * revise example extension directory structure
 5562 * Deprecate s3\_token middleware
 5563 * Update requirements to 661e6
 5564 * Implement list limiting support in driver backends
 5565 * Fix misspellings in keystone
 5566 * Removes use of fake\_notify and fixes notify test
 5567 * Remove host from per notification options
 5568 * Document priority level on Keystone notifications
 5569 * Remove default\_notification\_level from conf
 5570 * Mock sys.exit in testing
 5571 * Remove auth\_token middleware doc
 5572 * Move v3\_to\_v2\_user from manager to controller
 5573 * Update db.sqlalchemy.session from oslo-incubator 018138
 5574 * Adds tcp\_keepalive and tcp\_keepidle config options
 5575 * Ensure mapping rule has only local and remote properties
 5576 * clean up keystone-manage man page
 5577 * Refactor tests move assertValidErrorResponse
 5578 * fix grammar error in keystone-manage.rst
 5579 * Add rules to be a required field for mapping schema
 5580 * Cleanup docstrings
 5581 * Do not call deprecated functions
 5582 * Removes useless string
 5583 * Removes duplicate key from test fixtures
 5584 * Fixes a Python3 syntax error using raise
 5585 * Uses six.text\_type instead of unicode
 5586 * Uses six.iteritems for Python3 compat
 5587 * Add tests to ensure additional remote properties are not validated
 5588 * Removes xrange for Python3 compat
 5589 * Cleanup sample config
 5590 * Change 'oauth\_extension' to 'oauth1\_extension'
 5591 * Modified keystone endpoint-create default region
 5592 * Load the federation manager
 5593 * Fix indentation errors found by Pep8 1.4.6+
 5594 * Mark strings for translation in ldap backends
 5595 * Remove unused variable assignment
 5596 * Sync oslo's policy module
 5597 * Replace urllib/urlparse with six.moves.\*
 5598 * Change Continuous Integration Project link
 5599 * Remove legacy diablo and essex test cruft
 5600 * Refactor Auth plugin configuration options
 5601 * Use self.opt\_in\_group overrides
 5602 * Federation IdentityProvider filter fields on update response
 5603 * Remove unnecessary test methods
 5604 * Refactor federation controller class hierarchy
 5605 * Refactor mutable parameter handling
 5606 * Avoid use of str() with exceptions
 5607 * Use message when creating Unauthorized exception
 5608 * Make error strings translatable
 5609 * Enhancing tests to check project deletion in Active Directory
 5610 * Add required properties field to rules schema
 5611 * Fix assignment to not require user or group existence
 5612 * deprecate access log middleware
 5613 * remove access log middleware from the default paste pipeline
 5614 * deprecate v2.0 API in multiple choice response
 5615 * cleaned up extension development docs
 5616 * Add a docstring and rename mapping tests
 5617 * Remove versionId, versionInfo, versionList from examples
 5618 * Tests initialize database
 5619 * Don't set default for a nullable column
 5620 * Remove autoincrement from String column
 5621 * Fix docstrings in federation controller
 5622 * Change assertTrue(isinstance()) by optimal assert
 5623 * sync oslo-incubator log.py
 5624 * turn off eventlet.wsgi debug
 5625 * Make boolean query filter "False" argument work
 5626 * Fix list\_projects\_for\_endpoint failed bug
 5627 * Introduce database functionality into KDS
 5628 * Update the default\_log\_levels defaults
 5629 * Correct sample config default log levels
 5630 * deprecate stats middleware
 5631 * Use passed filter dict param in core sql filtering
 5632 * Fix federation documentation reference
 5633 * build auth context from middleware
 5634 * correct the document links in man documents
 5635 * Use six.text\_type to replace unicode
 5636 * Don't mask the filter built-in
 5637 * Move sql.Base.transaction
 5638 * Remove sql.Base.get\_session
 5639 * renamed extensions development doc
 5640 * Implement filter support in driver backends
 5641 * append extension name to trust notifications
 5642 * Allow event callback registration for arbitrary resource types
 5643 * Fix test\_auth isolation
 5644 * Policy sample - Identity v3 resources management
 5645 * Tests use setUp rather than init
 5646 * Improve forbidden checks
 5647 * Tests remove useless config list cleanup code
 5648 * use assertEqual instead of assertIs for string comparison
 5649 * Don't configure on import
 5650 * Fix reading cache-time before configured
 5651 * Cleanup eventlet setup
 5652 * Remove unused variables from common.config
 5653 * Reference dogpile.cache.memcached backend properly
 5654 * Unify StringIO usage with six.StringIO
 5655 * Fix typos in documents and comments
 5656 * Sync oslo strutils.py
 5657 * Use six.string\_types instead of basestring
 5658 
 5659 2014.1.b2
 5660 ---------
 5661 
 5662 * Use six to make dict work in Python 2 and Python 3
 5663 * initialize environment for tests that call popen
 5664 * Don't duplicate the existing config file list
 5665 * Implement notifications for trusts
 5666 * Remove kwargs from trust\_api.create\_trust
 5667 * Fixup incorrect comment
 5668 * Simple Certificate Extension
 5669 * Add mapping function to keystone
 5670 * Switch from 400 to 403 on ImmutableAttributeError
 5671 * Identity Providers CRUD operations
 5672 * Move KDS paths file
 5673 * Update comments in test\_v3\_protection.py
 5674 * description is wrong in endpoint filter rst doc
 5675 * Drop unsused "extras" dependency
 5676 * LDAP Assignment does not support grant v3 API
 5677 * Adds run\_tests.sh cli option to stop on failure
 5678 * Removes option to delete test DB from run\_tests.sh
 5679 * Removes deprecation warning from run\_tests.sh
 5680 * v3 credentials, ensure blob response is json
 5681 * Store ec2 credentials blob as json
 5682 * remove unused LOG
 5683 * Store trust\_id for v3/credentials ec2 keypairs
 5684 * Refactor context trust\_id check to wsgi.Application base class
 5685 * Implementation of internal notification callbacks within Keystone
 5686 * Replacing python-oauth2 by oauthlib
 5687 * Fix using non-default default\_domain\_id
 5688 * Enhance auth tests for non-default default\_domain\_id
 5689 * KVS support domain as namespace for users
 5690 * Remove unused member from KVS assignment
 5691 * Enhance tests for non-default default\_domain\_id
 5692 * rename templated.TemplatedCatalog to templated.Catalog
 5693 * Sync with global requirements
 5694 * Implements regions resource in 3.2 Catalog API
 5695 * Reduces memory utilization during test runs
 5696 * reduce default token duration to one hour
 5697 * Document running with pdb
 5698 * Restructure developing.rst
 5699 * Enable lazy translation
 5700 * Sync gettextutils from oslo-incubator 997ab277
 5701 * derive custom exceptions directly from Exception
 5702 * Do not append to messages with +
 5703 * Convert Token KVS backend to new KeyValueStore Impl
 5704 * Fix sample config external default doc
 5705 * Documentation cleanup
 5706 * Make common log import consistent
 5707 * Remove unused variables
 5708 * Safe command handling for openssl
 5709 * Fix external auth (REMOTE\_USER) plugin support
 5710 * Cleanup test\_no\_admin\_token\_auth cleanup code
 5711 * Subclasses of TestCase don't need to reset conf
 5712 * Cleanup test\_associate\_project\_endpoint\_extension
 5713 * Tests use cleanUp rather than tearDown
 5714 * Remove netifaces requirement
 5715 * Clean up fakeldap logging
 5716 * Resolve oauth dependency after paste pipeline is loaded
 5717 * Change ListOpt default value from str or None to list
 5718 * Sync oslo-incubator rpc	module
 5719 * Cleanup from business logic refactor
 5720 * Introduce basic Pecan/WSME framework for KDS
 5721 * Don't need session.flush in context managed by session
 5722 * races cause 404 when removing user from project
 5723 * initialize eventlet for tests
 5724 * Flush tokens in batches with DB2
 5725 * Remove unnecessary line in test\_auth
 5726 * Clean up docstrings in contrib.oauth1.core
 5727 * Remove unused test function
 5728 * Remove 'disable user' logic from \_delete\_domain\_contents
 5729 * Break dependency of base V3Controller on V2Controller
 5730 * Move deletion business logic out of controllers
 5731 * Do not update password when updating grants in Assignment KVS
 5732 * Cleanup of new credential\_api delete methods
 5733 * Enhance list\_group\_users in GroupApi
 5734 * Remove noop code
 5735 * Remove unused imports
 5736 * Fix typo in test
 5737 * Fix IPv6 check
 5738 * Remove unused code in contrib/ec2/controllers.py
 5739 * Fix use the fact that empty sequences are false
 5740 * Imported Translations from Transifex
 5741 * Synchronized with oslo db and db.sqlalchemy
 5742 * Fix variable passed to driver module
 5743 * Updated Keystone development install instructions for Ubuntu
 5744 * Stops file descriptor leaking in tests
 5745 * Re-write comment for ADMIN\_TOKEN
 5746 * Reduced parameters not used in \_populate\_user()
 5747 * Sync several modules from oslo-incubator
 5748 * Use oslo.db sessions
 5749 * Switch to oslo-incubator mask\_password
 5750 * Replace xrange in for loop with range
 5751 * Move Assignment Controllers and Routers to be First Class
 5752 * Remove Identity and Assignment controller interdependancies
 5753 * Policy based domain isolation can't be defined
 5754 * Moves keystoneclient master tests in a new class
 5755 * Makes the test git checkout info more declaritive
 5756 * trustee unable to perform role based operations on trust
 5757 * Cleanup backend loading
 5758 * Uses oslo's deprecated decorator; removes ours
 5759 * Move endpoint\_filter extension documentation
 5760 * Refactor setup\_logging
 5761 * Fixes documentation building
 5762 * Create user returns 400 without a password
 5763 * Fixes the v2 GET /extensions curl example in the documentation
 5764 * Add assertSetEqual to base test class
 5765 * Base Implementation of KVS Dogpile Refactor
 5766 * Sync db.sqlalchemy from oslo-incubator
 5767 * Fix errors for create\_endpoint api in version2
 5768 * Fix issues handling trust tokens via ec2tokens API
 5769 * Fix typo in identity:list\_role\_assignments policy
 5770 * Debug env for tox
 5771 * Updated from global requirements
 5772 * Sync global requirements to pin sphinx to sphinx>=1.1.2,<1.2
 5773 * Add ABCMeta metaclass to token provider
 5774 * token provider cleanup
 5775 * Sync versionutils from oslo
 5776 * Cleanup duplication in test\_backend
 5777 * replace "global" roles var names with "all" roles
 5778 * Remove unused token.valid index
 5779 * Narrow columns used in list\_revoked\_tokens sql
 5780 * Remove roles from OS-TRUST list responses
 5781 * Remove deprecated code
 5782 * Sync rpc fix from oslo-incubator
 5783 * Don't run non-tests
 5784 * Formalize deprecation of token\_api.list\_tokens
 5785 * Add index to cover revoked token list
 5786 
 5787 2014.1.b1
 5788 ---------
 5789 
 5790 * Refactor assertEqualXML into a testtools matcher
 5791 * Adds support for username to match the v2 spec
 5792 * One transaction per call to sql assignment backend
 5793 * Allow caching to be disabled and tests still pass
 5794 * Sync From OSLO
 5795 * Updated from global requirements
 5796 * Revert "Return a descriptive error message for controllers"
 5797 * Adds a resource for changing a user's password
 5798 * Deprecates V2 controllers
 5799 * Updates .gitignore
 5800 * Ensure the sample policy file won't diverge
 5801 * Add pycrypto as a test-requirement
 5802 * Imported Translations from Transifex
 5803 * Fix typo in keystone
 5804 * Added documentation to keystone.common.dependency
 5805 * Make HACKING.rst DRYer
 5806 * Allow downgrade for extensions
 5807 * Try decoding string to UTF-8 on error message fail
 5808 * Import strutils from oslo
 5809 * Capture debug logging in tests
 5810 * Easy testing with alternate keystoneclient
 5811 * Sync log\_handler module from Oslo
 5812 * refactor test\_catalog
 5813 * PasteConfigNotFound also raised when keystone.conf not found
 5814 * Style improvements to logging format strings
 5815 * Sync the DB2 communication error code change from olso
 5816 * Skip test\_arbitrary\_attributes\_\* in \_ldap\_livetest
 5817 * Add documentation for Read Only LDAP configuration option
 5818 * Remove deprecated auth\_token middleware
 5819 * Role NoneType object has no attribute setdefault
 5820 * Utilites for manipulating base64 & PEM
 5821 * Add memcache options to sample config
 5822 * UUID vs PKI docs
 5823 * RST fix for os\_inherit example
 5824 * Rewrites the serveapp method into a fixture
 5825 * Allow use of rules Policy driver
 5826 * Return a descriptive error message for controllers
 5827 * Proxy Assignment from Identity Deprecated
 5828 * Remove obsolete redhat-eventlet.patch
 5829 * AuthInfo use dependency injection
 5830 * Issue unscoped token if user's default project is invalid
 5831 * Detangle v3 RestfulTestCase setup
 5832 * Do not name variables as builtins
 5833 * Updated from global requirements
 5834 * Removes unused paste appserver instances from tests
 5835 * Add WSGI environment to context
 5836 * trusts raise validation error if expires\_at is invalid
 5837 * Fix newly discovered H302
 5838 * test attribute update edge cases
 5839 * Return an error when a non-existing tenant is added to a user
 5840 * use different bind addresses for admin and public
 5841 * Sync log module from oslo
 5842 * Change deprecated CLI arguments
 5843 * UserAuthInfo use dependency injection
 5844 * fix unparseable JSON
 5845 * Duplicate delete the user\_project\_metadata
 5846 * Skip test\_create\_update\_delete\_unicode\_project in \_ldap\_livetest
 5847 * don't rebind stdlib's os.chdir function
 5848 * Dependency cleanup
 5849 * Moves common RestfulTestCase to it's own module
 5850 * proxy removed from identity and changed to assignment
 5851 * Uses fixtures for mox and stubs
 5852 * Adds fixture package from oslo
 5853 * Fix KVS create\_grant to not raise NotFound if no user/group
 5854 * Enhance tests for assignment create\_grant when no user or group
 5855 * Clean up duplicate exceptions in docs for assignment.Driver
 5856 * Remove obsolete driver test module
 5857 * Change sample policy files to use policy language
 5858 * Documentation on how-to develop Keystone Extensions
 5859 * Allow delete user or group at same time as role
 5860 * Enhance tests for delete\_grant no user/group
 5861 * Fix issue deleting ec2-credentials as non-admin user
 5862 * Remove duplicated code on test\_v3\_auth
 5863 * Removes NoModule from the base testcase
 5864 * Fixes tox coverage command
 5865 * Update mailmap for Joe Gordon
 5866 * Add WWW-Authenticate header in 401 responses
 5867 * Use abstract base class for endpoint\_filter driver
 5868 * Use abstract base class for oauth driver
 5869 * Use abstract base class for policy driver
 5870 * Use abstract base class for token driver
 5871 * Document tox instead of run\_tests.sh
 5872 * Update my mailmap
 5873 * remove 8888 port in sample\_data.sh
 5874 * Adds decorator to deprecate functions and methods
 5875 * Move fakeldap to tests
 5876 * Fix remove role assignment adds role using LDAP assignment
 5877 * Enhance tests for deleting a role not assigned
 5878 * Implementation of opt-out from catalog data during token validation
 5879 * Add external.Base class to external plugins
 5880 * Add notifications for groups and roles
 5881 * add IRC channel & wiki link to README
 5882 * Add python-six to requirements
 5883 * Fix v2 token user ref with trust impersonation=True
 5884 * Changes to testr as the test runner
 5885 * Fixes error messaging
 5886 * Handle unicode at the caching layer more elegantly
 5887 * set user\_update policy to admin\_required
 5888 * Remove unused DEFAULT\_DOMAIN variable
 5889 * Remove unused config option auth\_admin\_prefix
 5890 * Remove unused member
 5891 * Adds tests for user extra attribute behavior
 5892 * Adds identity v2 tests to show extra behavior
 5893 * Treats OS-KSADM:password as password in v2 APIs
 5894 * Adds more uniformity to identity update\_user calls
 5895 * Don't use default value in LimitingReader
 5896 * Use abstract base class for auth handler
 5897 * Use abstract base class for catalog driver
 5898 * Use abstract base class for credential driver
 5899 * Use abstract base class for assignment driver
 5900 * Use abstract base class for trust driver
 5901 * Use abstract base class for identity driver
 5902 * remove the nova dependency in the ec2\_token middleware
 5903 * Catch the socket exception and log it
 5904 * Fixes broken doc references
 5905 * Sync db.sqlalchemy
 5906 * Handle DB2 disconnect
 5907 * Fix mysql checkout handler AttributeError
 5908 * Disable lazy gettext
 5909 
 5910 2013.2.rc1
 5911 ----------
 5912 
 5913 * Open Icehouse development
 5914 * Imported Translations from Transifex
 5915 * Sync with global requirements
 5916 * Add tests dir to the coverage omit list
 5917 * Update tox config
 5918 * Close the cursor for SQLite for 034 upgrade/downgrade on select
 5919 * Imports oslo policy to fix test issues
 5920 * Fixes errors logging in as a user with no password
 5921 * Fix live LDAP tests
 5922 * Eliminate type error on search\_s
 5923 * Fix error when create user with LDAP backend
 5924 * assertEquals is deprecated, use assertEqual (H602)
 5925 * Validate token calls return 404 on invalid tokens
 5926 * Protect oauth controller calls and update policy.json
 5927 * Fix updating attributes with ldap backend
 5928 * sync oslo policy
 5929 * Changes v1.1 to v2 for Compute endpoint in sample\_data.sh
 5930 * Update man pages
 5931 * Update man page version
 5932 * Sync gettextutils from oslo
 5933 * only run flake8 once (bug 1223023)
 5934 * upgrade to oslo.config 1.2 final
 5935 * Add user to project if project ID is changed
 5936 * Ensure any relevant tokens are revoked when a role is deleted
 5937 * Check token\_format for default token providers only
 5938 * Modify oauth1 tests to use generated keystone token in a call
 5939 * Test for backend case sensitivity
 5940 * Remove ldap identity domain attribute options
 5941 * Cleanup of tenantId, tenant\_id, and default\_project\_id
 5942 * Add extra test coverage for unscoped token invalidation
 5943 * Monkey patch select in environment
 5944 * Rewrite README.rst
 5945 * Enclose command args in with\_venv.sh
 5946 * check for domain existence before doing any ID work
 5947 * Ensure v2 tokens are correctly invalidated when using BelongsTo
 5948 * Sync gettextutils from oslo
 5949 * Use localisation for logged warnings
 5950 * Fix misused assertTrue in unit tests
 5951 * oauth using optional dependencies
 5952 * Rationalize list\_user\_projects and get\_projects\_for\_user
 5953 * Optional dependency injection
 5954 * Include new notification options in sample config
 5955 * fix rst syntax in database schema migrations docs
 5956 * Ignore H803 from Hacking
 5957 * Test upgrade migration 16->17
 5958 * test token revocation list API (bug 1202952)
 5959 * Imported Translations from Transifex
 5960 * gate on H304: no relative imports
 5961 * Move gettextutils installation in tests to core
 5962 * Cleanup tests imports so not relative
 5963 * Tests use "from keystone import tests"
 5964 * Reduce churn of cache on revocation\_list
 5965 * domain-specific drivers experimental in havana
 5966 * Fixes for user response with LDAP user\_enabled\_mask
 5967 * Close each LDAP connection after it is used, following python-ldap docs
 5968 * Remove CA key password from cert setup
 5969 * Import core.\* in keystone.tests
 5970 * Fix incorrect test for list\_users
 5971 * Changed header from LLC to Foundation based on trademark policies
 5972 * Changes template header for translation catalogs
 5973 * Support timezone in memcached token backend
 5974 
 5975 2013.2.b3
 5976 ---------
 5977 
 5978 * Imported Translations from Transifex
 5979 * Move CA key from certs directory to private directory
 5980 * OAuth authorizing user should propose roles to delegate
 5981 * Need to use \_() to handle i18n string messages
 5982 * Fix the code miss to show the correct error messages
 5983 * Move \_generate\_paste\_config to tests.core
 5984 * add 'project' notifications to docs
 5985 * Implement basic caching around assignment CRUD
 5986 * Update keystone wsgi httpd script for oslo logging
 5987 * Utilities to create directores, set ownership & permissions
 5988 * Modify default file/directory permissions
 5989 * Add a oauth1-configuration.rst and extension section to docs
 5990 * Update keystone-all man page
 5991 * Cleanup cache layer tests
 5992 * Implement caching for Tokens and Token Validation
 5993 * Document usage notifications
 5994 * Imported Translations from Transifex
 5995 * Remove kvs backend from oauth1 extension
 5996 * Use joins instead of multiple lookups in groups sql
 5997 * Add project CRUD to assignment\_api Manager
 5998 * Add Memory Isolating Cache Proxy
 5999 * Enable SQL tests for oauth
 6000 * Implement decorator-based notifications for users
 6001 * Use common db model class from Oslo
 6002 * Add common code from Oslo for work with database
 6003 * Use testtools as base test class
 6004 * Bump hacking to 0.7
 6005 * Removes KVS references from the documentation
 6006 * Add notifications module
 6007 * Drop support for diablo to essex migrations
 6008 * Add 'cn' to attribute\_list for enabled\_users/tenants query
 6009 * Implement API protection on target entities
 6010 * Refactor Token Provider to be aware of expired tokens
 6011 * Implement Caching for Token Revocation List
 6012 * Keystone Caching Layer for Manager Calls
 6013 * Create associations between projects and endpoints
 6014 * Fixes a link in the documentation
 6015 * Use correct filename for index & serial file when setting permissions
 6016 * remove flake8 option from run\_tests.sh
 6017 * Fix role lookup for Active Directory
 6018 * Clean up keystone-manage man page
 6019 * change oauth.consumer description into nullable
 6020 * Use system locale when Accept-Language header is not provided
 6021 * Fix translate static messages in response
 6022 * Migrating ec2 credentials to credential
 6023 * Fix error where consumer is not deleted from sql
 6024 * add foreign key constraint on oauth tables
 6025 * Remove a useless arg in range()
 6026 * Remove enumerate calls
 6027 * filter in ldap list\_groups\_for\_user
 6028 * Delete file TODO
 6029 * use provider to validate tokens
 6030 * Fix isEnabledFor for compatibility with logging
 6031 * Ensure username passed by REMOTE\_USER can contain '@'
 6032 * fix the default values for token and password auth
 6033 * Remove an enumerate call
 6034 * Add defense in ldap:get\_roles\_for\_user\_and\_project
 6035 * remove unused function
 6036 * Remove Keystone specific logging module
 6037 * remove refs to keystone.common.logging
 6038 * Remove User Check from Assignments
 6039 * Refactor Token Providers for better version interfaces
 6040 * Remove kwargs from manager calls / general cleanup
 6041 * Store hash of access as primary key for ec2 type
 6042 * Add delegated\_auth support for keystone
 6043 * Fix LDAP Identity get user with user\_enabled\_mask
 6044 * Fix LDAP Identity with non-zero user\_enabled\_default
 6045 * More validation in test\_user\_enable\_attribute\_mask
 6046 * Add test test\_deleting\_project\_delete\_grants
 6047 * Cleaned up a few old crufties from README
 6048 * Clean hacking errors in advance of hacking update
 6049 * Add unit test to check non-string password support
 6050 * Assignment to reserved built-in symbol: filter
 6051 * Implement domain specific Identity backends
 6052 * Increase length of username in DB
 6053 * Cleaned up pluggable auth docs
 6054 * Fix test\_user\_enable\_attribute\_mask so it actually tests
 6055 * Do not skip test\_user\_enable\_attribute\_mask in \_ldap\_livetest
 6056 * Skip test\_create\_unicode\_user\_name in \_ldap\_livetest
 6057 * Refactor Keystone to use unified logging from Oslo
 6058 * Revoke user tokens when disabling/delete a project
 6059 * Move affirm\_unique() in create() to BaseLdap
 6060 * Move some logic from update() to BaseLdap
 6061 * Add support for API message localization
 6062 * Remove unused import
 6063 * Assignment to reserved built-in symbol: dir
 6064 * Move 'tests' directory into 'keystone' package
 6065 * Initial implementation of unified-logging
 6066 * Sync notifier module from Oslo
 6067 * Move Babel dependency from test-req to req
 6068 * Ignore flake issues in build/ directory
 6069 * update usage in run\_test.sh for flake8
 6070 * Drop extra credential indexes
 6071 * Sync models with migrations
 6072 * Add memcache to httpd doc
 6073 * Sync unified logging solution from Oslo
 6074 * Configurable max password length (bug 1175906)
 6075 * Fix select n+1 issue in keystone catalog
 6076 * Make pki\_setup work with OpenSSL 0.9.x
 6077 * extension migrations
 6078 * Create default role on demand
 6079 * Set wsgi startup log level to INFO
 6080 * Abstract out attribute\_ignore assigning in LDAP driver
 6081 * Abstract out attribute\_mapping filling in LDAP driver
 6082 * Imported Translations from Transifex
 6083 * remove swift dependency of s3 middleware
 6084 * Raise max header size to accommodate large tokens
 6085 * Clean up use of token\_provider manager in tests
 6086 * add OS-TRUST to links
 6087 * Run test\_mask\_password once
 6088 * Remove kwargs from manager calls where not needed
 6089 * V3 API need to check mandatory field when creating resources
 6090 * Use dependency injection for assignment and identity
 6091 * Handle circular dependencies
 6092 * Clear out the dependency registry between tests
 6093 * .gitignore eggs
 6094 * Handle json data when migrating role metadata
 6095 * Sync DB models and migrations in keystone.assignment.backends.sql
 6096 * Remove passwords from LDAP queries
 6097 * use 'exc\_info=True' instead of import traceback
 6098 * Fix typo: Tenents -> Tenants
 6099 * Use keystone.wsgi.Request for RequestClass
 6100 * Update references with new Mailing List location
 6101 * Scipped tests don't render as ERROR's
 6102 * Implement exception module i18n support
 6103 * Remove vestiges of Assignments from LDAP Identity Backend
 6104 * Load backends before deploy app in client tests
 6105 * default token format/provider handling
 6106 * Fixing broken credential schema in sqlite
 6107 * Use assignment\_api rather than assignment
 6108 * Deprecate kvs token backend
 6109 * Ec2 credentials table not created during testing
 6110 * Correct Spelling Mistake
 6111 * Remove an enumerate call
 6112 * Load app before loading legacy client in tests
 6113 * Add [assignment].driver to sample config
 6114 * Deprecation warning for [signing] token\_format
 6115 * Support token\_format for backward compatibility
 6116 * sql.Driver:authenticate() signatures should match
 6117 * update requires to prevent version cap
 6118 * Return correct link for effective group roles in GET /role\_assignments
 6119 * Implement Token Binding
 6120 * Implemented token creation without catalog response
 6121 * Fix XML rendering with empty auth payload
 6122 * Pluggable Remote User
 6123 * grammar fixes in error messages
 6124 * Implement role assignment inheritance (OS-INHERIT extension)
 6125 * Implements Pluggable V2 Token Provider
 6126 * Register Extensions
 6127 * Implements Pluggable V3 Token Provider
 6128 * Mixed LDAP/SQL Backend
 6129 * Clear cached engine when global engine changes
 6130 * python3: Introduce py33 to tox.ini
 6131 * Add version so that pre-release versioning works
 6132 * Sync-up crypto from oslo-incubator
 6133 * Add crypto dependency
 6134 * Imported Translations from Transifex
 6135 * Change domain component value to org from com
 6136 * Move temporary test files into tests/tmp
 6137 * Use InnoDB for MySQL
 6138 * Rationalize how we get roles after authentication in the controllers
 6139 * Python 3.x compatible use of print
 6140 * Regenerate example PKI after change of defaults
 6141 * assignment backend
 6142 * wsgi.BaseApplication and wsgi.Router factories should use \*\*kwargs
 6143 * Add unittest for keystone.identity.backends.sql Models
 6144 * Imported Translations from Transifex
 6145 * Do not create LDAP Domains sub tree
 6146 * Use oslo.sphinx and remove local copy of doc theme
 6147 * Move comments in front of dependencies
 6148 * Remove context from get\_token call in normalize\_domain\_id
 6149 * Fix issue with v3 tokens and group membership roles
 6150 * Sync install\_venv\_common from oslo
 6151 * Remove a useless arg in range()
 6152 * Remove an enumerate call
 6153 * Update paths to pem files in keystone.conf.sample
 6154 * Don't use deprecated BaseException.message
 6155 * Add callbacks for set\_global\_engine
 6156 * Work without admin\_token\_auth middleware
 6157 * Implement GET /role\_assignment API call
 6158 * rename quantum to neutron in docs
 6159 * Install locales for httpd
 6160 * DB2 migration support
 6161 * Use event.listen() instead of deprecated listeners kwarg
 6162 * Add 'application' to keystone.py for WSGI
 6163 * Remove hard tabs and trailing whitespace
 6164 * Manager instead of direct driver
 6165 * check for constraint before dropping
 6166 * Stop passing context to managers (bug 1194938)
 6167 * \`tox -ecover\` failure. Missing entry in tox.ini
 6168 * Clean up keystone-all.rst
 6169 * Fix up some trivial license mismatches
 6170 * Revert environment module usage in middleware
 6171 * LDAP list group users not fail if user entry deleted
 6172 * Do not raise NEW exceptions
 6173 * Move identity ldap backend from directory to file
 6174 * wsgi.Middleware factory should use \*\*kwargs
 6175 * Removing LDAP API Shim
 6176 * Consolidate admin\_or\_owner rule
 6177 * Isolate eventlet code into environment
 6178 * Set default 'ou' name for LDAP projects to Projects
 6179 * Imported Translations from Transifex
 6180 * Imported Translations from Transifex
 6181 * Move user fileds type check to identity.Manager
 6182 * Http 400 when project enabled is not a boolean
 6183 * Imported Translations from Transifex
 6184 * Correct the resolving api logic in stat middleware
 6185 * Remove a stat warning log
 6186 * Using sql as default driver for tokens
 6187 * Correct LDAP configuration doc
 6188 * Force simple Bind for authentication
 6189 * Initialize logging from HTTPD
 6190 * LDAP get\_project\_users should not return password
 6191 * Add checks to test if enabled is bool
 6192 * Fix link typo in Sphinx doc
 6193 * python WebOb dependency made unpinned
 6194 * Remove explicit distribute depend
 6195 * Version response compatible with Folsom
 6196 * Adds tests for XML version response
 6197 * Replace openstack-common with oslo in docs
 6198 * drop user and group constraints
 6199 * Correct the default name attribute for role
 6200 * Allow request headers access in app context
 6201 * Remove how to contribute section in favor of CONTRIBUTING.rst
 6202 * Fix token purging for memcache for user token index
 6203 * add ca\_key to sample configuration
 6204 * Commit transaction in migration
 6205 * Fix internal doc links (bug 1176211)
 6206 * Missing contraction: Its -> It's (bug 1176213)
 6207 * Pass on arguments on Base.get\_session
 6208 * Remove bufferedhttp
 6209 * Move coverage output dir for Jenkins
 6210 * Check schema when dropping constraints
 6211 * Import eventlet patch from oslo
 6212 * Raise key length defaults
 6213 * Base.get\_engine honor allow\_global\_engine=False
 6214 * run\_tests.sh should use flake8 (bug 1180609)
 6215 * Ignore the .update-venv directory
 6216 * Ignore conflict on v2 auto role assignment (bug 1161963)
 6217 * remove\_role\_from\_user\_and\_project affecting all users (bug 1170649)
 6218 * Maintain tokens after role assignments (bug 1170186)
 6219 * split authenticate call
 6220 * Add db\_version command to keystone-manage
 6221 * Live SQL migration tests
 6222 * Fix incorrect role assignment in migration
 6223 * typo in 'import pydev' statement
 6224 * Fixes a typo
 6225 * Imported Translations from Transifex
 6226 * Improve the performance of tokens deletion for user
 6227 * Revert "Set EVENTLET\_NO\_GREENDNS=yes in tox.ini."
 6228 * Disable eventlet monkey-patching of DNS
 6229 * Fix the debug statement
 6230 * Document size limits
 6231 * Add index on valid column of the SQL token Backend
 6232 * Add KEYSTONE\_LOCALEDIR env variable
 6233 * Add <version> arg to keystone-manage db\_sync
 6234 
 6235 2013.2.b1
 6236 ---------
 6237 
 6238 * Add index on expires column of the SQL token Backend
 6239 * fix error default policy for create\_project
 6240 * Require keystone-user/-group for pki\_setup
 6241 * Replace assertDictContainsSubset with stdlib ver
 6242 * separate paste-deploy configuration from parameters
 6243 * Add missing oslo module
 6244 * Convert openstack-common.conf to the nicer multiline format
 6245 *    Rename requires files to standard names
 6246 * Cleanup docstrings (flake8 H401, H402, H403, H404)
 6247 * imports not in alphabetical order (flake8 H306)
 6248 * import only modules (flake8 H302)
 6249 * one import per line (flake8 H301)
 6250 * eliminate 'except:' (flake8 H201)
 6251 * consistent i18n placeholders (flake8 H701, H702, H703)
 6252 * use the 'not in' operator (flake8 H902)
 6253 * Use TODO(NAME) (flake8 H101)
 6254 * Remove unnecessary commented out code
 6255 * Enumerate ignored flake8 H\* rules
 6256 * Migrate to pbr
 6257 * Remove unused variables (flake8 F841)
 6258 * Satisfy flake8 import rules F401 and F403
 6259 * Test 403 error title
 6260 * Imported Translations from Transifex
 6261 * Remove useless private method
 6262 * Consolidate eventlet code
 6263 * Use webtest for v2 and v3 API testing
 6264 * Add missing space to error msg
 6265 * Imported Translations from Transifex
 6266 * Read-only default domain for LDAP (bug 1168726)
 6267 * Add assertNotEmpty to tests and use it
 6268 * Implement Token Flush via keystone-manage
 6269 * get SQL refs from session (bp sql-query-get)
 6270 * extracting credentials
 6271 * Move auth\_token middleware from admin user to an RBAC policy
 6272 * Accept env variables to override default passwords
 6273 * Http 400 when user enabled is not a boolean
 6274 * Migrate to flake8
 6275 * Fix pyflakes and pep8 in prep for flake8
 6276 * Allow backend & client SQL tests on mysql and pg
 6277 * Revert "Disable eventlet monkey-patching of DNS"
 6278 * Set EVENTLET\_NO\_GREENDNS=yes in tox.ini
 6279 * Disable eventlet monkey-patching of DNS
 6280 * Revoke tokens on user delete (bug 1166670)
 6281 * A minor refactor in wsgi.py
 6282 * Skip IPv6 tests for eventlet dns
 6283 * LDAP list groups with missing member entry
 6284 * Fix 403 status response
 6285 * Remove unused CONF.pam.url
 6286 * Mark LDAP password and admin\_token secret
 6287 * HACKING LDAP
 6288 * Make migration tests postgres & mysql friendly
 6289 * Documentation about the initial configuration file and sample data
 6290 * Add rule for list\_groups\_for\_user in policy.json
 6291 * Test listing of tokens with a null tenant
 6292 * fix duplicate option error
 6293 * Delete extra dict in token controller
 6294 * What is this for?
 6295 * Removed unused imports
 6296 * Remove non-production middleware from sample pipelines
 6297 * Replace password to "\*\*\*" in the debug message
 6298 * Fixed logging usage instead of LOG
 6299 * Remove new constraint from migration downgrade
 6300 * Allow additional attribute mappings in ldap
 6301 * Enable unicode error message
 6302 * Sync with oslo-incubator copy of setup.py
 6303 * Set empty element to ""
 6304 * Fixed unicode username user creation error
 6305 * Fix token ids for memcached
 6306 * Use is\_enabled() in folsom->grizzly upgrade (bug 1167421)
 6307 * Generate HTTPS certificates with ssl\_setup
 6308 * Fix for configuring non-default auth plugins properly
 6309 * test duplicate name
 6310 * Add TLS Support for LDAP
 6311 * fix undefined variable
 6312 * clean up invalid variable reference
 6313 * Clean up duplicate methods
 6314 * stop using time.sleep in tests
 6315 * don't migrate as often
 6316 * use the openstack test runner
 6317 * Fix 401 status response
 6318 * Fix example in documentation
 6319 * Fix IBM copyright strings
 6320 * Share one engine for more than just sqlite in-memory
 6321 * Add missing colon for documentation build steps
 6322 * Mark sql connection with secret flag
 6323 
 6324 2013.1.rc2
 6325 ----------
 6326 
 6327 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6328 * Fix test coverage for v2 scoped auth xml response (bug 1160504)
 6329 * close db migration session
 6330 * Use string for port in default endpoints (bug 1160573)
 6331 * keystone commands don't print any version information
 6332 * bug 1159888 broken links in rst doc
 6333 * use the roles in the token when recreating
 6334 * Sync with oslo-incubator
 6335 * Rename trust extension (bug 1158980)
 6336 * Rename trust extension
 6337 * keystone commands don't print any version information
 6338 * Imported Translations from Transifex
 6339 
 6340 2013.1.rc1
 6341 ----------
 6342 
 6343 * Add a dereference option for ldap
 6344 * Make versions aware of enabled pipelines
 6345 * Move trusts to extension
 6346 * Move trusts to extension
 6347 * Version bump to 2013.2
 6348 * Add a dereference option for ldap
 6349 * Allow trusts to be optional
 6350 * Enable emulation for domains
 6351 * Wrap config module and require manual setup (bug 1143998)
 6352 * Correct spacing in warning msg
 6353 * Prohibit V3 V2 token intermix for resource in non-default domain (bug 1157430)
 6354 * Properly handle emulated ldap enablement
 6355 * Support for LDAP groups (bug #1092187)
 6356 * Validate domains unconditionally (bug 1130236)
 6357 * Fix live ldap tests
 6358 * V2, V3 token intermix for unscoped tokens (bug 1156913)
 6359 * Pass project membership as dict in migration 015
 6360 * Ensure delete domain removes all owned entities
 6361 * Utilize legacy\_endpoint\_id column (bug 1154918)
 6362 * Test default\_project\_id scoping (bug 1023502)
 6363 * Fix XML handling of member links (bug 1156594)
 6364 * Discard null endpoints (bug 1152632)
 6365 * extracting user and trust ids into normalized fields
 6366 * No parent exception to wrap
 6367 * Remove duplicate password/token opts
 6368 * xml\_body returns backtrace on XMLSyntaxError
 6369 * duplicated trust tests
 6370 * Migrate roles from metadata to user\_project\_metadata
 6371 * Fixes bug 1151747: broken XML translation for resource collections
 6372 * Revise docs to use keystoneclient.middleware.auth\_token
 6373 * quiet route logging on skipped tests
 6374 * Ensure tokens are revoked for relevant v3 api calls
 6375 * Remove un-needed LimitingReader read() function
 6376 * Catch and log server exceptions
 6377 * Added test cases to improve LDAP project testing
 6378 * Switch to final 1.1.0 oslo.config release
 6379 * Filter out legacy\_endpoint\_id (bug 1152635)
 6380 * Improve tests for api protection and filtering
 6381 * add belongs\_to check
 6382 * Revert "update tests/\_\_init\_\_.py to verify openssl version"
 6383 * Revert "from tests import"
 6384 * Make Keystone return v3 as part of the version api
 6385 * Run keystone server in debug mode
 6386 * remove spurious roles check
 6387 * bug 1133526
 6388 * Fix folsom -> grizzly role table migration issues (bug 1119789)
 6389 * Delete tokens for user
 6390 * from tests import
 6391 * v3 endpoints won't have legacy ID's (bug 1150930)
 6392 * return 201 Created on POST request (bug1131119)
 6393 * add missing attributes for group/project tables (bug1126021)
 6394 * Remove unused methods from LDAP backed
 6395 * Move get\_by\_name to LdapBase
 6396 * fix typo in kvs backend
 6397 * mark 2.0 API as stable
 6398 * unable to load certificate should abort request
 6399 * Move auth plugins to 'keystone.auth.plugins' (bug 1136967)
 6400 * Change exception raised to Forbidden on trust\_id
 6401 * cleanup trusts in controllers
 6402 * remove unused import
 6403 * ports should be ints in config (bug 1137696)
 6404 * Expand v3 trust test coverage
 6405 * Trusts
 6406 * bug 1134802: fix inconsistent format for expires\_at and issued\_at
 6407 * Sync timeutils with oslo
 6408 * Straighten out NotFound raising in LDAP backend
 6409 * residual grants after delete action (bug1125637)
 6410 * Remove TODO that didn't land in grizzly
 6411 * Make getting user-domain roles backend independant
 6412 * Explain LDAP page\_size & default value
 6413 * Imported Translations from Transifex
 6414 * Enable a parameters on ldap to allow paged\_search of ldap queries This fixes bug 1083463
 6415 * update tests/\_\_init\_\_.py to verify openssl version
 6416 * command line switch for short pep8 output
 6417 * Convert api to controller
 6418 * bug 1131840: fix auth and token data for XML translation
 6419 * flatten payload for policy
 6420 * Unpin pam dependency version
 6421 * keystone : Use Ec2Signer utility class from keystoneclient
 6422 * Move handle\_conflicts decorator into sql
 6423 * domain\_id\_attributes in config.py have wrong default value
 6424 * Rework S3Token middleware tests
 6425 * Remove obsolete \*page[\_marker] methods from LDAP backend
 6426 * Setup logging in keystone-manage command
 6427 * Ensure keystone unittests do not leave CONF.policyfile in bad state
 6428 * catch errors in wsgi.Middleware
 6429 * Fix id\_to\_dn for creating objects
 6430 * Tests for domain-scoped tokens
 6431 * domain-scoping
 6432 * Pass query filter attributes to policy engine
 6433 * Removed redundant assertion
 6434 * v3 token API
 6435 * Update oslo-config version
 6436 * Correct SQL migration 017 column name
 6437 * merging in fix from oslo upstream
 6438 * enabled attribute emulation support
 6439 * Change the default LDAP mapping for description
 6440 * Ensure user and tenant enabled in EC2
 6441 * Disable XML entity parsing
 6442 * Remove old, outdated keystone devref docs
 6443 * Update the Keystone policy engine to the latest openstack common
 6444 * Implement name space for domains
 6445 * Update sample\_data.sh to match docs
 6446 * project membership to role conversion
 6447 * Remove test\_auth\_token\_middleware
 6448 * Workaround Migration issue with PostgreSQL
 6449 * make LDAP query scope configurable
 6450 * make fakeldap.\_match\_query work for an arbitrary number of groups
 6451 * Use oslo-config-2013.1b3
 6452 * Remove usage of UserRoleAssociation.id in LDAP
 6453 * Add an update option to run\_tests.sh
 6454 * Add pysqlite as explicit test dep
 6455 * fix unit test when memcache middleware is not configured
 6456 * add missing kvs functionality (bug1119770)
 6457 * Update to oslo version code
 6458 * adding additional backend tests (bug1101244)
 6459 * Fix spelling mistakes
 6460 * Cleaned up keystone-all --help output
 6461 * Keystone backend preparation for domain-scoping
 6462 * Use install\_venv\_common.py from oslo
 6463 * Spell accommodate correctly
 6464 * Missed import for IPv6 tests skip
 6465 * Add missing log\_format, log\_file, log\_dir opts
 6466 * Fix normalize identity sql ugrade for Mysql and postgresql
 6467 * remove duplicate model declaration/attribution
 6468 * simplify query building logic
 6469 * Fix test\_contrib\_s3\_core unit test
 6470 * Expand dependency injection test coverage
 6471 * remove unneeded config reloading (it's already done during setUp)
 6472 * allow unauthenticated connections to an LDAP server
 6473 * Relational API links
 6474 * return 400 Bad Request if invalid params supplied (bug1061738)
 6475 * UserApi.update not to require all fields in arg
 6476 * Tenant update on LDAP breaks if there is no update to apply
 6477 * Query only attributes strictly required for keystone when using it with existing LDAP servers
 6478 * Update .coveragerc
 6479 * Add size validations to token controller
 6480 * add check for config-dir parameter (bug1101129)
 6481 * Silence routes internal debug logging
 6482 * Imported Translations from Transifex
 6483 * Delete Roles for User and Project LDAP
 6484 * Why .pop()'ing urls first is important
 6485 * don't create a new, copied list in get\_project\_users
 6486 * Fixes 'not in' operator usage
 6487 * Add --keystone-user/group to keystone-manage pki\_setup
 6488 * Adds png versions of all svg image files. Changes reference
 6489 * Updates migration 008 to work on PostgreSQL
 6490 * Create a default domain (bp default-domain)
 6491 * Generate apache-style common access logs
 6492 * import tools/flakes from oslo
 6493 * tenant to project in the apis
 6494 * Tenant to Project in Back ends
 6495 * Fix bugs with set ldap password
 6496 * Enable/disable domains (bug 1100145)
 6497 * Readme: use 'doc' directory not 'docs'
 6498 * rename tenant to project in sql
 6499 * Update to requests>=1.0.0 for keystoneclient
 6500 * Fix pep8 error
 6501 * Document user group LDAP options
 6502 * Sync latest cfg from oslo-incubator
 6503 * Limit the size of HTTP requests
 6504 * Fix role delete method in LDAP backend
 6505 * public\_endpoint & admin\_endpoint configuration
 6506 * Skip IPv6 tests if IPv6 is not supported
 6507 * Allow running of sql against the live DB
 6508 * Test that you can undo & re-apply all migrations
 6509 * downgrade user and tenant normalized tables downgraded such that sqlite is supported, too
 6510 * Auto-detect max SQL migration
 6511 * Safer data migrations
 6512 * Sync base identity Driver defs with SQL driver
 6513 * Fix i18n of string templates
 6514 * Enhance wsgi to listen on ipv6 address
 6515 * add database string field length check
 6516 * Autoload schema before creating FK's (bug 1098174)
 6517 * Enable exception format checking in the tests
 6518 * reorder tables for delete
 6519 * Validated URLs in v2 endpoint creation API
 6520 * Fixes import order nits
 6521 * Cleanup keystoneclient testing requirements
 6522 * Fix issue in test\_forbidden\_action\_exposure
 6523 * Correct spelling errors / typos in test names
 6524 * Update ldap exceptions to pass correct kwargs
 6525 * Add \_FATAL\_EXCEPTION\_FORMAT\_ERRORS global
 6526 * Keystone server support for user groups
 6527 * Add missing .po files to tarball
 6528 * Imported Translations from Transifex
 6529 * adds keyring to test-requires
 6530 * Revert "shorten pep8 output"
 6531 * Upgrade WebOb to 1.2.3
 6532 * il8n some strings
 6533 * Imported Translations from Transifex
 6534 * Removed unused variables
 6535 * Removed unused imports
 6536 * Add pyflakes to tox.ini
 6537 * Fix spelling typo
 6538 * shorten pep8 output
 6539 * Driver registry
 6540 * Adding a means to connect back to a pydevd debugger
 6541 * add in pip requires for requests
 6542 * Split endpoint records in SQL by interface
 6543 * Fix typo s/interalurl/internalurl/
 6544 * module refactoring
 6545 * Test for content-type appropriate 404 (bug 1089987)
 6546 * Imported Translations from Transifex
 6547 * fixing bug 1046862
 6548 * Expand default time delta (bug 1089988)
 6549 * Add tests for contrib.s3.core
 6550 * Test drivers return HTTP 501 Not Implemented
 6551 * Support non-default role\_id\_attribute
 6552 * Remove swift auth
 6553 * Move token controller into keystone.token
 6554 * Import pysqlite2 if sqlite3 is not available
 6555 * Remove mentions of essex in docs (bug 1085247)
 6556 * Ensure serviceCatalog is list when empty, not dict
 6557 * Adding downgrade steps for migration scripts
 6558 * Port to argparse based cfg
 6559 * Only 'import \*' from 'core' modules
 6560 * use keystone test and change config during setUp
 6561 * Bug 1075090 -- Fixing log messages in python source code to support internationalization
 6562 * Added documentation for the external auth support
 6563 * check the redirected path on the request, not the response
 6564 * Validate password type (bug 1081861)
 6565 * split identities module into logical parts remove unneeded imports from core
 6566 * Ensure token expiration is maintained (bug 1079216)
 6567 * normalize identity
 6568 * Fixes typo in keystone setup doc
 6569 * Imported Translations from Transifex
 6570 * Stop using cfg's internal implementation details
 6571 * syncing run\_tests to match tox
 6572 * Expose auth failure details in debug mode
 6573 * Utilize policy.json by default (bug 1043758)
 6574 * Wrap v3 API with RBAC (bug 1023943)
 6575 * v3 Identity
 6576 * v3 Catalog
 6577 * v3 Policies
 6578 * Import auth\_token middleware from keystoneclient
 6579 * Imported Translations from Transifex
 6580 * Refix transient test failures
 6581 * Make the controller addresses configurable
 6582 * Expose authn/z failure info to API in debug mode
 6583 * Refactor TokenController.authenticate() method
 6584 * Fix error un fixtures
 6585 * Ensures User is member of tenant in ec2 validation
 6586 * Properly list tokens with a null tenant
 6587 * Reduce total number of fixtures
 6588 * Provide config file fields for enable users in LDAP backend (bug1067516)
 6589 * populate table check
 6590 * Run test\_keystoneclient\_sql in-memory
 6591 * Make tox.ini run pep8 checks on bin
 6592 * tweaking docs to fix link to wiki Keystone page
 6593 * Various pep8 fixes for keystone
 6594 * Use the right subprocess based on os monkeypatch
 6595 * Fix transient test failures (bug 1077065, bug 1045962)
 6596 * Rewrite initial migration
 6597 * Fix default port for identity.internalURL
 6598 * Improve feedback on test failure
 6599 * fixes bug 1074172
 6600 * SQL upgrade test
 6601 * Include 'extra' attributes twice (bug 1076120)
 6602 * Return non-indexed attrs, not 'extra' (bug 1075376)
 6603 * bug 1069945: generate certs for the tests in one place
 6604 * monkeypatch cms Popen
 6605 * HACKING compliance: consistent use of 'except'
 6606 * auth\_token hash pki key PKI tokens on hash in memcached when accessed by auth\_token middelware
 6607 * key all backends off of hash of pki token
 6608 * don't import filter\_user name, use it from the identity module
 6609 * don't modify the passed in dict to from\_dict
 6610 * move hashing user password functions to common/utils
 6611 * ignore .tox directory for pep8 in runtests
 6612 * Imported Translations from Transifex
 6613 * Implements REMOTE\_USER authentication support
 6614 * pin sqlalchemy to 0.7
 6615 * Move 'opentack.context' and 'openstack.params' definitions to keystone.common.wsgi
 6616 * Removes duplicate flag for token\_format
 6617 * Raise exception if openssl stderr indicates one
 6618 * Ignore keystone.openstack for PEP8
 6619 * Fixed typo in log message
 6620 * Fixes 500 err on authentication for invalid body
 6621 * Enable Deletion of Services with Endpoints
 6622 * Exception.message deprecated in py26 (bug 1070890)
 6623 * Utilize logging instead of print()
 6624 * stop LdapIdentity.create\_user from returning the user's password
 6625 * Compare token expiry without seconds
 6626 * Moved SQL backend tests into memory
 6627 * Add trove classifiers for PyPI
 6628 * Adding handling for get user/tenant by name
 6629 * Fixed bug 1068851. Refreshed new crypto for the SSL tests
 6630 * move filter\_user function to keystone.identity.core
 6631 * Fixes response for missing credentials in auth
 6632 * making PKI default token type
 6633 * Fixes Bug 1063852
 6634 * bug 1068674
 6635 * Update common
 6636 * Extract hardcoded configuration in ldap backend (bug 1052111)
 6637 * Fix Not Found error, when router not match
 6638 * add --config-dir=DIR  for keystone-all option
 6639 * Add  --config-dir=DIR in OPTIONS
 6640 * Delete role does not delete role assignments in tenants (bug 1057436)
 6641 * replacing PKI token detection from content length to content prefix. (bug 1060389)
 6642 * Document PKI configuration and management
 6643 * Raise if we see incorrect keyword args "condition" or "methods"
 6644 * Filter users in LDAP backend (bug 1052925)
 6645 * Use setup.py develop to insert code into venv
 6646 * Raise 400 if credentials not provided (bug 1044032)
 6647 * Fix catalog when services have no URL
 6648 * Unparseable endpoint URL's should raise friendly error
 6649 * Configurable actions on LDAP backend in users Active Directory (bug 1052929)
 6650 * Unable to delete tenant if contains roles in LDAP backend (bug 1057407)
 6651 * Replaced underscores with dashes
 6652 * fixes bug 1058429
 6653 * Command line switch for standard threads
 6654 * Remove run\_test.py in favor of stock nose
 6655 * utf-8 encode user keys in memcache (bug 1056373)
 6656 * Convert database schemas to use utf8 character set
 6657 * Return a meaningful Error when token\_id is missing
 6658 * Backslash continuation cleanup
 6659 * notify calling process we are ready to serve
 6660 * add Swift endpoint in sample data
 6661 * Updated Fix for duplicated entries on LDAP backend for get\_tenant\_users
 6662 * Fix wsgi config file access for HTTPD
 6663 * Bump version to 2013.1
 6664 * Limit token revocation to tenant (bug 1050025)
 6665 * Fixed trivally true tests (bug 983304)
 6666 * add Quantum endpoint in sample data
 6667 * Add XML namespace support for OSADM service api
 6668 * Delete user tokens after role grant/revoke
 6669 * LDAP backend attribute fixes
 6670 * Document memcached host system time configuration
 6671 * Implementation of tenant,user,role list functions for ldap
 6672 * Initialize Metadata variable
 6673 * Cleanup PEP8 errors from Common
 6674 * List tokens for memcached backend
 6675 * Implement token endpoint list (bug 1006777)
 6676 * Ignore eclipse files
 6677 * Identity API v3 Config, Routers, Controllers
 6678 * Sync some misc changes from openstack-common
 6679 * Sync latest cfg from openstack-common
 6680 * Remove id\_hash column
 6681 * LOG.warn all exception.Unauthorized authentication failures
 6682 * Fixed: test\_default\_tenant\_uuid\_token not running
 6683 * Upgrade PEP8 to 1.3.3 (bug 1037303)
 6684 * Expand PEP8 coverage to include docs & tests
 6685 * Removed/fixed unused variable references
 6686 * HACKING compliance & staticly init module vars
 6687 * PEP8 fix E251
 6688 * PEP8 fix
 6689 * Removed unused imports
 6690 * Check for expected cfg impl (bug 1043479)
 6691 * Fixed typos in comment
 6692 * HACKING: Import by full module path
 6693 * HACKING: Use single quotes
 6694 * mistake in doc string
 6695 * pep8 1.3.3 cleanup removing unused imports
 6696 * Removed dead code
 6697 * Fix auth\_token middleware to fetch revocation list as admin
 6698 * Require authz to update user's tenant (bug 1040626)
 6699 * Code cleanup in doc/source/conf.py
 6700 * Typo fix in keystone: existant => existent
 6701 * allow middleware configuration from app config
 6702 * PEP8 fix for PAM test
 6703 * change verbose and debug to Fasle in keystone.conf.sample
 6704 * add token\_format=UUID to keystone.conf.sample
 6705 * Demonstrate that authenticate() returns roles
 6706 * Add nosehtmloutput as a test dependency
 6707 * Less information returned with IntegrityError
 6708 * Support running the tests in the debugger
 6709 * Removed stray print statement (bug 1038131)
 6710 * Remove unused variables
 6711 * PKI Token revocation
 6712 * Remove unused imports
 6713 * Adding missing files to MANIFEST.in
 6714 * Simplify the sql backend deletion of users and tenants
 6715 * Add tests for PAM authentication
 6716 * Allow overloading of username and tenant name in the config files
 6717 * Enabling SQL Catalog tests (bug 958950)
 6718 * Use user home dir as default for cache
 6719 * Set example key\_size to 1024
 6720 * Log errors when signing/verifying
 6721 * Implement python version of migration 002
 6722 * Set default signing\_dir based on os USER
 6723 * Assert adminness on token validation (bug 1030968)
 6724 * Test for Cert by name
 6725 * Typo error in keystone/doc/source/configuration.rst
 6726 * fix broken link
 6727 * Cryptographically Signed tokens
 6728 * Sync jsonutils from openstack-common
 6729 * Added user name validation. Fixes bug 966251
 6730 * Import ec2 credentials from old keystone db
 6731 * Debug output may include passwords (bug 1004114)
 6732 * Raise unauthorized if tenant disabled (bug 988920)
 6733 * Files for  Apache-HTTPD
 6734 * Implementation of LDAP functions
 6735 * Fix the wrong infomation in keystone-manage.rst
 6736 * Webob needs body to calc Content-Length (bug 1016171)
 6737 * Prevent service catalog injection in auth\_token
 6738 * Admin Auth URI prefix
 6739 * updating testing documentation
 6740 * adding keystoneclient test
 6741 * Removed redundant / excessively verbose debug
 6742 * Making docs pretty!
 6743 * Adding user password setting api call
 6744 * Fixing pep8 errors in tests/\*py
 6745 * Make sure user dict has id key before checking against it
 6746 * pep8 for openssl
 6747 * Run pep8 for tests
 6748 * Move monkey patch to keystone-all startup
 6749 * Use sdist tarball instead of zipball
 6750 * Return a 409 error when adding a second time a role to user/tenant
 6751 * notify calling process we are ready to serve
 6752 * Set iso8601 module as default dependence
 6753 * Fixed user-only role deletion error
 6754 * Use PyPI for keystoneclient
 6755 * keystone\_manage certificate generation
 6756 * documenting models
 6757 * Reorder test imports by full import path
 6758 * pep8 v1.3.3 compliance (bug 1019498)
 6759 * Correct Tree DN
 6760 * don't assume that the LDAP server require authentication
 6761 * fix variable names to coincide with the ones in common.ldap
 6762 * Keystone should use openstack.common.timeutils
 6763 * Fixed marker & limit computation (bug 1006055)
 6764 * Do not crash when trying to remove a user role (without a tenant)
 6765 * Keystone should use openstack.common.jsonutils
 6766 * Refactor 404's into managers & drivers (bug 968519)
 6767 * fix sphinx warnings
 6768 * fix man page build
 6769 * Utilize newer changes in openstack-common
 6770 * Add .mailmap file
 6771 * setting up babel for i18n work blueprint start-keystone-i18n
 6772 * Removed unused import
 6773 * Fix order of returned tuple elements in pam authenticate
 6774 * Reorder imports by full module path
 6775 * Pass serviceCatalog in auth\_token middleware
 6776 * Fixed typo in routing conditions (bug 1006793)
 6777 * 400 on unrecognized content type (bug 1012282)
 6778 * Basic request stats monitoring & reporting
 6779 * Monkey patching 'thread'
 6780 * Speed up SQL unit tests
 6781 * PEP8 fixes
 6782 * Clean up test requires a bit
 6783 * Use cfg's new global CONF object
 6784 * Add s3 extension in keystone.conf sample
 6785 * Tweak for easier, safer subclassing
 6786 * Revert file mode to be non-executable
 6787 * fix importing of optional modules in auth\_token
 6788 * Carrying over token expiry time when token chaining
 6789 * Keystone should use openstack.common.importutils
 6790 * Require authz for user role list (bug 1006815)
 6791 * Require authz for service CRUD (bug 1006822)
 6792 * PEP8 fixes
 6793 * Use cfg's new behavior of reset() clearing overrides
 6794 * Use cfg's new group autocreation feature
 6795 * Sync with latest version of openstack.common.cfg
 6796 * blueprint 2-way-ssl
 6797 * Fixes some pep8 warning/errors
 6798 * Update swift\_auth documentation
 6799 * Add ACL check using <tenant\_id>:<user> format
 6800 * Use X\_USER\_NAME and X\_ROLES headers
 6801 * Allow other middleware overriding authentication
 6802 * Backslash continuation removal (Keystone folsom-1)
 6803 * Remove service\_\* from authtoken examples
 6804 * Nail prettytable test dependency at 0.5.0
 6805 * Invalidate user tokens when a user is disabled
 6806 * Fix depricated /users/{user-id}/roles
 6807 * Changed arguments in keystone CLI for consistency
 6808 * Add validations of 'name' field for roles, users and tenants
 6809 * Added 'NormalizingFilter' middleware
 6810 * One 'ctrl-c' kills keystone
 6811 * Make sure we parse delay\_auth\_decision as boolean
 6812 * Flush tenant membership deletion before user
 6813 * notify calling process we are ready to serve
 6814 * Invalidate user tokens when password is changed
 6815 * Added tenant name validation. Fixes bug 966249
 6816 * Corrects url conversion in export\_legacy\_catalog
 6817 * Truly handle mailmap entries for all combinations
 6818 * fix pam admin user case
 6819 * Improve the sample keystone.conf
 6820 * Add defaults for ldap options
 6821 * Sync to newer openstack-common
 6822 * Set defaults for sql options
 6823 * Set defaults for port options
 6824 * Add defaults for driver options
 6825 * Use ConfigOpts.find\_file() to locate catalog template
 6826 * Use ConfigOpts.find\_file() to locate policy.json
 6827 * Policy doc updates; RST syntax consistency
 6828 * Removed SimpleMatch 'shim'; updated readme
 6829 * Removed old sections; improved syntax consistency
 6830 * cleanup dependent data upon user/tenant deletion
 6831 * Update tests to run servers on 127.0.0.1
 6832 * Switch to 1000 rounds during unit tests
 6833 * Fix argument name referred in the document
 6834 * Exit on error in a S3 way
 6835 * Auto generate AUTHORS file for keystone component
 6836 * Misnamed exception attribute (bug 991936)
 6837 * Avoid ValueError in 12.04 essex pkg (bug 988523)
 6838 * Non-nullable User, Tenant, Role names (bug 987121)
 6839 * Fix expired token tests
 6840 * Make run\_tests.py non-executable
 6841 * Add distribute to test-requires
 6842 * Makes the ldap backend return proper role metadata
 6843 * cleanup no\_meta user in live LDAP test
 6844 * Add ChangeLog to tarball
 6845 * Fix "it's" grammar errors
 6846 * Rename keystone.conf to .sample
 6847 * Import latest openstack-common
 6848 * Stub out swift log configuration during testing
 6849 * Remove tenant membership during user deletion
 6850 * Add a \_ at the end of reseller\_prefix default
 6851 * additional logging to support debugging auth issue
 6852 * Add support to swift\_auth for tokenless authz
 6853 * Make import\_nova\_auth only create roles which don't already exist
 6854 * don't duplicate the extra dict in extra
 6855 * Fix looking for config files
 6856 * endpoint-crud 404 (bug 963056)
 6857 * user-role-crud 404 (bug 963056)
 6858 * ec2-credential-crud 404 (bug 963056)
 6859 * service-crud 404 (bug 963056)
 6860 * user-crud 404 (bug 963056)
 6861 * tenant-crud 404 (bug 963056)
 6862 * Add build artifacts missing from .gitignore
 6863 * Switch keystone.test.TestCase to use unittest2
 6864 * Raise keystone.exception for HTTP 401 (bug 962563)
 6865 * Fixed misc errors in configuration.rst
 6866 * Docs: SQL-based vs File-based Service Catalog
 6867 * Improve service CRUD test coverage
 6868 * Change default catalog driver to SQL; doc the options
 6869 * Replace tabs with spaces
 6870 * role-crud 404 (bug 963056)
 6871 * Improve swift\_auth test coverage + Minor fixes
 6872 * Open Folsom
 6873 * S3 tokens cleanups
 6874 * Check values for EC2
 6875 * Fix critical typo in endpoint\_create (bug 961412)
 6876 * updating docs to include creating service accts
 6877 * unique role name constraint
 6878 * Add test for swift middleware
 6879 * Spring cleaning, fix PEP8 violations
 6880 * Rename tokenauth to authtoken
 6881 * pass the arguments in when starting keystone-all
 6882 * fix keystone-all's usage of options vs conf
 6883 * Wrapped unexpected exceptions (bug 955411)
 6884 * Changing belongsTo validation back to ID
 6885 * Clean up sql connection args
 6886 * Improved file logging example (bug 959610)
 6887 * Swift middleware doc update
 6888 * Fixes LP #954089 - Service list templated catalog
 6889 * Remove nova-specific middlewares
 6890 * Add check for MAX\_PASSWORD\_LENGTH to utils
 6891 * Remove glance\_auth\_token middleware
 6892 * Support PyPAM in pam backend, update to latest API
 6893 * Fix default port for identity.internalURL
 6894 * Installing keystone docs
 6895 * Update username -> name in token response
 6896 * Refactor keystone.common.logging use (bug 948224)
 6897 * Add automatically generated code docs
 6898 * Properly return 501 for unsupported Catalog calls
 6899 * docstring cleanup to remove sphinx warnings
 6900 * updating documentation for rewrite of auth\_token
 6901 * Allow connect to another tenant
 6902 * Update docs for keystone client cli args
 6903 * Raising unauthorized instead of 500 (bug 954547)
 6904 * Failing to update tenants (bug 953678, bug 954673)
 6905 * added LDAP section to architecture and architecture
 6906 * Bug #943031 MySQL Server has gone away added docnotes of error messages caught for mysql and reference
 6907 * making all use of time follow datetime.utcnow() fixes bug 954057
 6908 * Improved legacy tenancy resolution (bug 951933)
 6909 * sample\_data.sh: check file paths for packaged installations
 6910 * Fix iso8601 import/use and date comparaison
 6911 * Fix double-quoted service names
 6912 * Remove Nova Diablo reference from migrate docs
 6913 * Fixes the cli documentation of user/tenant/roles
 6914 * Add simple set of tests for auth\_token middleware
 6915 * update documention on changing user password
 6916 * enables run\_test option to skip integration
 6917 * Add token caching via memcache
 6918 * Update get\_metadata to return {}
 6919 * Diablo to Essex migration docs (bug 934328)
 6920 * Added license header (bug 929663)
 6921 * Add AUTHORS to the tarball
 6922 * create service endpoints in sample data
 6923 * Fix EC2 credentials crud after policy backend change
 6924 * port common policy code to keystone
 6925 * rename belongs\_to to belongsTo as per the API spec
 6926 * Make sure we have a port number before int it
 6927 * fixes lp#949648 change belongsTo validate to name
 6928 * HTTP\_AUTHORIZATION was used in proxy mode
 6929 * fix Nova Volume Service in sample data
 6930 * fixes bug lp#948439 belongs\_to and serviceCatalog behavior \* removing belongs\_to as a kwarg and getting from the context \* adding a serviceCatalog for belongs\_to calls to tokens \* adding test to validate belongs\_to behavior in tokens
 6931 * Make bind host configurable
 6932 * add more default catalog templates
 6933 * Fix coverage jobs for Jenkins
 6934 * Improve auth\_str\_equal()
 6935 * Set default identity driver to sql (bug 934332)
 6936 * Renamed sqlite files (bug 944951)
 6937 * Isolating backtraces to DEBUG (bug 947060)
 6938 * updating readme to point to developer setup docs \* fixes bug 945274
 6939 * Add reseller admin capability
 6940 * Remove trailing whitespaces in regular file
 6941 * LDAP get\_user\_by\_name
 6942 * Added missing import (bug 944905)
 6943 * add git commit date / sha1 to sphinx html docs
 6944 * gitignore follow up for docs/ rename
 6945 * improve auth\_token middleware
 6946 * Add service accounts to sample\_data.sh
 6947 * standardize ldap and related tests
 6948 * Align with project configs
 6949 * Fixes doc typo s/SERVIVE/SERVICE/
 6950 * Use constant time string comparisons for auth
 6951 * Unpythonic code in redux in auth\_token.py
 6952 * fix pep8
 6953 * GET /v2.0 (bug 930321)
 6954 * LDAP member defaults
 6955 * Handle KeyError in \_get\_admin\_auth\_token
 6956 * Align tox jobs with project standards
 6957 * renaming pip-requires-test to test-requires
 6958 * Provide request to Middleware.process\_response()
 6959 * Add Vary header (bug 928057)
 6960 * Implement a Catalog SQL backend
 6961 * Set tenantName to 'admin' in get\_admin\_auth\_token
 6962 * LDAP Identity backend
 6963 * Implements extension discovery (bug 928054)
 6964 * Support unicode in the keystone database
 6965 * Add HEAD /tokens/{token\_id} (bug 933587)
 6966 * XML de/serialization (bug 928058)
 6967 * fleshing out architecture docs
 6968 * Update auth\_token middleware so it sets X\_USER\_ID
 6969 * Adds AUTHORS file generated from git log (and de-duplicated)
 6970 * The default nova compute port is 8774
 6971 * Fix case of admin role in middleware
 6972 * Fix MANIFEST.in to include missing files
 6973 * Remove extraneous \_validate\_claims() arg
 6974 * Create tools/sample\_data.sh
 6975 * Backslash continuations (Keystone)
 6976 * Correct config name for max\_pool\_size
 6977 * Use cfg's new print\_help() method
 6978 * Move cfg to keystone.openstack.common
 6979 * Remove cfg dict mixin
 6980 * Update cfg from openstack-common
 6981 * Fix copyright dates and remove duplicate Apache licenses
 6982 * some additional style bits
 6983 * Add migration path for Nova auth
 6984 * fix the style guide to match the code
 6985 * Re-adds admin\_pass/user to auth\_tok middleware
 6986 * Fix thinko in keystone-all sys.path hack
 6987 * Removing broken & redundant code (bug 933555)
 6988 * Return HTTP 401 bad user/password is specified
 6989 * cli now returns an exit status cmd is invalid
 6990 * Ignore sqlite.db files
 6991 * Implements admin logic for tenant\_list call
 6992 * Implemented get\_tenant\_users. Fixed bug 933721
 6993 * Removing unused imports from keystone.cli
 6994 * Set include\_package\_data=True in setup.py
 6995 * Remove data\_files section from setup.py
 6996 * Update Manifest.in
 6997 * Add migrate.cfg to data\_files in setup.py
 6998 * Should return 300 Multiple Choice (bug 925548)
 6999 * Admin version pipeline not utilized (bug 925548)
 7000 * fixes #934459
 7001 * Fix logging.config import
 7002 * backport some asserts
 7003 * remove pycli
 7004 * Adds missing argument to add\_user\_to\_tenant in create\_user
 7005 * Fixes a failure caused by a recent change to user update in the client
 7006 * remove executable bit from setup.py
 7007 * Raising 'NotImplmented' results in TypeError
 7008 * Update docs for Swift and S3 middlewares
 7009 * Added Apache 2.0 License information
 7010 * Add docs on keystone\_old -> ksl migration
 7011 * Add token expiration
 7012 * Update docs to for current keystone-manage usage
 7013 * add catalog export
 7014 * Handle unicode keys in memcache token backend
 7015 * make sure passwords work after migration
 7016 * add legacy diablo import tests
 7017 * change password hash
 7018 * add essex test as well
 7019 * add sql for import legacy tests
 7020 * add import legacy cli command
 7021 * add migration from legacy db
 7022 * remove keystoneclient-based manage commands
 7023 * Remove executable bit from auth\_token.py
 7024 * Update swift token middleware
 7025 * Add s3\_token
 7026 * Add pagination to GET /tokens
 7027 * Fixes role checking for admin check
 7028 * Fix webob exceptions in test\_middlware
 7029 * Add tests for core middleware
 7030 * Add version description to root path
 7031 * Add TokenNotFound exception
 7032 * remove diablo tests, they aren't doing much
 7033 * Fix largest memory leak in ksl tests
 7034 * Add memcache token backend
 7035 * Friendly JSON exceptions (bug 928061, bug 928062)
 7036 * Fix comment on bcrypt and avoid hard-coding 29 as the salt length
 7037 * Add SQL token backend
 7038 * Add content-type to responses
 7039 * Cope with unicode passwords or None
 7040 * Add auth checks to ec2 credential crud operations
 7041 * termie all the things
 7042 * example in hacking was incorrect
 7043 * Ensures duplicate users and tenants can't be made
 7044 * make pip requires match nova
 7045 * fixes lp:925721 adds .gitreview for redux branch
 7046 * remove novaclient, fix python syntax
 7047 * We don't need all the deps to check pep8
 7048 * remove extra line
 7049 * Make ec2 auth actually work
 7050 * fixing grammar, noting broken enable, adding hacking with prefs for project
 7051 * Removed unused reference
 7052 * adding a token service Driver to define the interface
 7053 * Added support for DELETE /tokens/{token\_id}
 7054 * Fixes bug 924391
 7055 * ran through all commands to verify keywords against current (master) keystonelight
 7056 * updating docs:
 7057 * Fix "KeyError: 'service-header-mappings'"
 7058 * updating tox.ini with test pip requirements
 7059 * use our own logging module
 7060 * Update auth\_token middleware to support creds
 7061 * Removes nova middleware and config from keystone
 7062 * minor docstring update for new locations
 7063 * Missed one more keystone-server
 7064 * Renamed keystone-server to keystone-all based on comments in LP: #910484
 7065 * be more safe with getting json aprams
 7066 * skip the two tests where testing code is failing
 7067 * accept POST or PUT for tenant update
 7068 * deal with reparsing the config files
 7069 * don't automatically parse sys.argv for cfg
 7070 * deal with tags in git checkout
 7071 * fix keystoneclient tests
 7072 * add tests for essex and fix the testing framework
 7073 * Update docs/source/developing.rst
 7074 * Change the name of keystone to keystone-server so the binaries dont conflict with python-keystoneclient
 7075 * Normalize build files with current jenkins
 7076 * Use gerrit instead of github
 7077 * Fix pep8 violations
 7078 * Add .gitreview file
 7079 * Added keystone-manage list\_role\_grants (bug 923933)
 7080 * removing unused images, cleaning up RST in docstrings from sphinx warnings
 7081 * pep8 cleanup
 7082 * shifting contents from \_static to static
 7083 * adding in testing details
 7084 * moved notes from README.rst into docs/architecture.rst
 7085 * updating formating for configuration page
 7086 * format tweaks and moving old docs
 7087 * shifting older docs into old/ directory
 7088 * doc updates
 7089 * moving in all the original docs from keystone
 7090 * adding python keystoneclient to setup.py deps
 7091 * fixing up PIP requirements for testing and virtualenv
 7092 * indents
 7093 * Make it as a subclass
 7094 * Added shortcut for id=NULL queries (bug 916386)
 7095 * fix style and termie's comments about comments
 7096 * invalid params for roles.delete
 7097 * initial stab at requiring adminness
 7098 * Simplify code
 7099 * add tests that auth with tenant user isn't member of
 7100 * Add s3tokens validation
 7101 * Test coverage for issue described in bug 919335
 7102 * Removing \_\_init\_\_ from non-packages (bug 921054)
 7103 * add instructions for setting up a devenv on openSUSE 11.4 and 12.1
 7104 * Documented race condition (bug 921634)
 7105 * Fix race in TestCreateTokenCommand (bug 921634)
 7106 * Forgot to update models (bug 885426)
 7107 * Updating example glance paste config
 7108 * add a bunch of basic tests for the cli
 7109 * Migrated 'enabled' int columns to bool for postgres (bug 885426)
 7110 * remove this useless catalog
 7111 * move cli code into a module for testing
 7112 * Updated bp keystone-configuration for bp keystone-manage2
 7113 * Return Version and Tenant in Endpoints
 7114 * Updated error message for keystone-manage2
 7115 * allow class names to be different from attr names
 7116 * add ec2 credentials to the cli
 7117 * fix middleware
 7118 * Added: "UserWithPassword" Added: "UserWithOnlyEnabled" Removed: "UserWithOnlyPassword"
 7119 * Update Extended Credentials (EC2, S3)
 7120 * Fix for bug 921126
 7121 * Adds keystone auth-n/auth-z for Swift S3 API
 7122 * Implement cfg.py
 7123 * bcrypt the passwords
 7124 * fix token vs auth\_token
 7125 * Implement Secure Token Auth
 7126 * some quick fixes to cli, tests incoming
 7127 * fix pep8
 7128 * fix some more pass-by-reference bugs
 7129 * strip password before checking output
 7130 * flip actual and expected to match common api
 7131 * don't allow disabled users to authenticate
 7132 * turn off echo
 7133 * fix invalid\_password, skip ec2 tests
 7134 * Suppressed backtraces in tests causes sweaty eyes
 7135 * strip password from sql backend
 7136 * raise and catch correct authenticate error
 7137 * rely on internal \_get\_user for update calls
 7138 * Fixed: Inserting URLs into endpoint version attr
 7139 * strip password from kvs backend
 7140 * fix user\_get/user\_list tests
 7141 * Release Notes for E3
 7142 * Addresses bug 918608
 7143 * Restore Console Info Logging - bp keystone-logging
 7144 * removing the sphinx\_build from setup.py, adding how to run the docs into the README
 7145 * Added Vary header to support caching (bug 913895)
 7146 * Implemented subparsers (bp keystone-manage2)
 7147 * Handle EC2 Credentials on /tokens
 7148 * ec2 docs
 7149 * simple docstrings for ec2 crud
 7150 * Fixed PEP8 violations and disallowed them
 7151 * Implemented bp keystone-manage2
 7152 * Fixes 918535: time not properly parsed in auth\_token middleware
 7153 * Use dateutil 1.5
 7154 * get docs working
 7155 * some cli improvements
 7156 * add checks for no password attribute
 7157 * Prestage fix - fixed requirement name; python-dateutil, not dateutil
 7158 * users with correct credentials but disabled are forbidden not unauthorized
 7159 * Pre-staging pip requires
 7160 * shimming in basics from original keystone
 7161 * test login fails with invalid password or disabled user
 7162 * doctry
 7163 * use token\_client in token tests
 7164 * remove duplicate pycli from pip-requires
 7165 * fix ec2 sql config
 7166 * get\_client lets you send user and tenant
 7167 * update how user is specified in tests
 7168 * rename ec2 tests to be more explicit
 7169 * use the sql backend for ec2 tests
 7170 * more failing ec2 tests
 7171 * add METADATA for boo
 7172 * add (failing) tests for scoping ec2 crud
 7173 * add some docs that got overwritten last night
 7174 * Bug #916199: keystone-manage service list fails with AttributeError on Service.description
 7175 * Exception raise error
 7176 * Updates to middleware to deprecate X\_USER
 7177 * Revert "Exception raise error"
 7178 * fix pep8
 7179 * update tests
 7180 * update some names
 7181 * fix some imports
 7182 * split up sql backends too
 7183 * split up the services and kvs backends
 7184 * establish basic structure
 7185 * add docs for various service managers
 7186 * expect sphinx sources to be autogenned
 7187 * some tiny docs
 7188 * fix sphinx
 7189 * testing rst on github
 7190 * updating dependencies for ksl
 7191 * needed to do more for cli opts
 7192 * make a main in keystone-manage
 7193 * fix pep8 error
 7194 * rename apidoc to autodoc
 7195 * Fix typo
 7196 * Fix LDAP Schema Syntax (bug 904380)
 7197 * return to starting directory after git work
 7198 * spacing
 7199 * tests for ec2 crud
 7200 * add keystoneclient expected format
 7201 * add sql backend, too
 7202 * add an ec2 extension
 7203 * update readme
 7204 * Exception raise error
 7205 * re-indent
 7206 * re-indent
 7207 * re-indent
 7208 * re-indent kvs.py
 7209 * re-indent test.py
 7210 * remove models.py
 7211 * add some docs to manager
 7212 * dynamic manager classes for now
 7213 * add a couple more tests
 7214 * Bug #915544: keystone-manage version 1 commands broken when using flags
 7215 * add some more todos
 7216 * strip newlines
 7217 * TODO
 7218 * add role refs to validate token
 7219 * fix token auth
 7220 * check for membership
 7221 * flush that sht
 7222 * add more middleware
 7223 * fixing WatchedFileHandler
 7224 * logging to debugging by default for now
 7225 * add a noop controller
 7226 * woops
 7227 * add glance middleware ??
 7228 * add legacy middleware
 7229 * fix setup.py
 7230 * adding #vim to file with changed indent
 7231 * add id-only flag to return IDs
 7232 * rename ks to keystone-manage
 7233 * fixing imports for syslog handlers and gettext
 7234 * adding gettext
 7235 * adding logging from configuration files, default logging per common
 7236 * cli using keystoneclient
 7237 * add a db\_sync command to bin/ks, remove others
 7238 * merge test and default configs
 7239 * adding project to keystone config to find default config files
 7240 * some more config in bin/keystone
 7241 * in the bin config too
 7242 * rename many service parts to public
 7243 * keystone\_compat -> service
 7244 * remove keystone from names, remove service
 7245 * remove default configuration
 7246 * basic service running again
 7247 * rename extras to metadata
 7248 * version number in setup.py
 7249 * add basic sphinx doc bits
 7250 * remove references to keystone light
 7251 * renaming keystonelight to keystone
 7252 * keystoneclient tests working against sql backend
 7253 * run all teh keystoneclient tests against sql too
 7254 * move everything over to the default config
 7255 * config system overhaul
 7256 * add nova's cfg framework
 7257 * fix pep8
 7258 * missed a file
 7259 * most tests working again
 7260 * still wip, got migration mostly working
 7261 * get the sql ball rolling, still wip
 7262 * add sql backend, WIP
 7263 * Show useful traceback if manage command fails
 7264 * Fix minor typo
 7265 * Add 'tenants' to Auth & Validate Response
 7266 * Fixed Test Coverage Handling
 7267 * Adding prettytable dependency
 7268 * Front-end logging
 7269 * tweaking for running regular tests in jenkins
 7270 * Implement Role Model
 7271 * xsd fixes
 7272 * Added decorators for admin and service\_admin checks
 7273 * Initial keystone-manage rewrite (bp keystone-manage2)
 7274 * Correct endpoint template URLs in docs
 7275 * fix bug lp:843064
 7276 * finished up services stuff
 7277 * add the various role tests
 7278 * add list users
 7279 * get user tests working
 7280 * Remove install\_requires processing
 7281 * get endpoints test working
 7282 * get tenant\_add\_and\_remove\_user test working
 7283 * tenant test working again
 7284 * copy over the os-ksadm extension
 7285 * Implement Endpoint, Endpoint Template, and Credential Managers
 7286 * PEP8 keystone cleanup
 7287 * Changes run\_tests.sh to also run pep8 by default
 7288 * example crud extension for create\_tenant
 7289 * Updates to Tests/Testing
 7290 * Un-pythonic methods lp:911311 Fixed pep8 problems Changed comments to docstrings
 7291 * get some tests working again
 7292 * merge fixes
 7293 * fixup
 7294 * Made tests use both service and admin endpoints
 7295 * All tests but create\_tenant pass
 7296 * Split keystone compat by admin and service endpoints
 7297 * Install a good version of pip in the venv
 7298 * fix bug lp:910491 option "service\_host" in keystone.conf not works
 7299 * Added broken tests to show compatibility gaps
 7300 * Added tox.ini file
 7301 * Split keystone compat by admin and service endpoints
 7302 * Implement Service Manager
 7303 * Implement Tenant Manager
 7304 * Fixes bug lp:910169 - Tests are using too much memory Added super() call to tearDown() method
 7305 * Changed the call to create the KeystoneContextMiddleware object to pass the correct glance ConfigOpts object
 7306 * Added logging on core modules
 7307 * Adding logging to Auth-Token Middleware
 7308 * Implement Role Manager
 7309 * Refactor models and backends
 7310 * Add HP-IDM extension to fix Bug 890411
 7311 * Move URL Normalizer to Frontends
 7312 * move novaclient tests over also
 7313 * clean up test\_identity\_api
 7314 * clean up keystoneclient setup
 7315 * Move Global Role variables out of backendutils
 7316 * Bug #909255: Endpoint handling broken on SQL backend by portable-identifiers changes
 7317 * add role crud
 7318 * speed up tests
 7319 * add basic fixture functionality
 7320 * documentation driven development
 7321 * novaclient now requires prettytable
 7322 * Return Endpoint IDs
 7323 * Correct Handling of Default Tenant
 7324 * Fix duplicate logging
 7325 * Added global endpoints response in XML as well
 7326 * Fix: Client and Unit Tests not correctly failing a build
 7327 *  Bug #907521.     Changes to support get roles by service
 7328 * Always Return Global Endpoints
 7329 * Added release notes
 7330 * Fixed error with database initialization
 7331 * Tests use free TCP/IP ports
 7332 * Testing Refactor - this is a squash of 6 commits - original commits are vailable for cherry-picking here:   https://github.com/ziadsawalha/keystone/commits/tests
 7333 * Added HP-IDM documentation artifacts
 7334 * whitespace
 7335 * whitespace
 7336 * make create\_tenant work for keystone api
 7337 * common ks client creation
 7338 * Fixed version response (bug 891555 and bug 843052)
 7339 * Implement Multiple Choices Response (bug 843051)
 7340 * updating of docs
 7341 * Fix LDAP schema (bug 904815)
 7342 * working on a tenant\_create test
 7343 * standardize spacing
 7344 * novaclient uses password instead of apikey
 7345 * update to use the correct repo for python-novaclient
 7346 * fix tenant auth tests
 7347 * Updated namespace
 7348 * Fixes the catalog return in d5\_compat calls
 7349 * Added: ./keystone-manage database goto <version>
 7350 * Added databased version check on startup w/ docs
 7351 * Revised in-memory sql connection path for sqlalchemy
 7352 * Clarify 'test not found' error message
 7353 * Contract fix: change IDs from xsd:ID to xsd:string
 7354 * Tenants - asserted all the things (bug 887844)
 7355 * Support for unscoped admin tokens
 7356 * LDAP: fix to keystone.ldif
 7357 * Contract fix: IDs are not Ints, they are ID or string types
 7358 * Contract fix: description optional
 7359 * Update tracer excludes for Linux
 7360 * Fixed bug 905422. Swift caching should work again.  Also fixed a few other minor syntactical stuff
 7361 * Update test\_keystone\_manage to use unittest2
 7362 * Python 2.6 subprocess.check\_output doesn't exist
 7363 * No more python path changes
 7364 * Clarified language on migration instructions
 7365 * Refactor: Workaround for python build\_sphinx failure
 7366 * Fixed some skipped tests
 7367 * Format keystone-manage output better
 7368 * Added instructions to git clone from github
 7369 * Refactor: Computing api/model module paths dynamically
 7370 * Introduces UID's & domain models (bp portable-identifiers)
 7371 * Improved test coverage of d5 compat
 7372 * Fixed: Tests returning successful (0) on failure
 7373 * D5 Compatibility Support
 7374 * Added original tenants blueprint to docs
 7375 * Fixed broken import of version info (bug 902316)
 7376 * Added missing import preventing keystone from starting (bug 901453)
 7377 * Fix some issues with new version module
 7378 * quantum\_auth\_token.py middleware fails on roles
 7379 * Removed Server class from \_\_init\_\_.py
 7380 * Fix auth\_token middleware: make \_verify\_claims not static. Fixes bug #901049
 7381 * Pylint fixes to auth\_token.py
 7382 * Split version code into its own file
 7383 * Change is\_global == 1 to is\_global == True
 7384 * Bug 897496: Remove tenant id from Glance URLs
 7385 * Refactor: move initialization code to class
 7386 * Add missing json validation
 7387 * Refactor: get rid of keystone/config.py
 7388 * Fixes missed tests and subsequently introduced bugs
 7389 * Rename .keystone-venv to .venv
 7390 * Refactor: Rename auth controller to token controller
 7391 * Added documentation
 7392 * Added SSL and memcache sample config files
 7393 * Updated auth\_token middleware caching to support memcache
 7394 * Deprecating RAX-KEY middleware
 7395 * Added argparse to support python 2.3 - 2.6
 7396 * Make bin/keystone use port settings in the config file. Fixes bug #898935
 7397 * Bug#899116: use correct module when building docs
 7398 * Minor RST changes
 7399 * Revised extension documentation
 7400 * Added documentation for SQL tables
 7401 * Remove pysqlite deps. Fixes bug #898343
 7402 * Pretty-printed JSON samples
 7403 * Added option to pretty-print JSON
 7404 * Implements blueprint keystone-swift-acls
 7405 * Updated docstring to match auth\_token.py (bug 898211)
 7406 * Bug #890801 Changes to support /extensions call. - Introduced a new extension reader to read static extension content. - Added additional rst files explaining extensions. - Removed functionality from  additional middleware that used to support /extensions call.ie RAX-KEY-extension - Removed service extension test as it was no more relavent. - Added unit test that checks toggling of extensions. - Additional notes on the conf file
 7407 * Added JSON validator; fixed samples (bug 898353)
 7408 * Fixes a number of configuration/startup bugs
 7409 * Fixed RST syntax (bug 898211)
 7410 * Revised schema migration docs
 7411 * Improved doc formatting consistency (bug 898211)
 7412 * Fixed RST syntax in doc strings (bug 898211)
 7413 * Added ssl docs to index; fixed rst syntax (bug 898211)
 7414 * Bug-897724: Added method to list endpoints specific to a service and related tests
 7415 * Eliminated debug output from sphinx\_build (bug 898211)
 7416 * Updated testing
 7417 * Fixes bug lp:897819
 7418 * Check that endpointTemplate ID is valid in endpoint add cmd (#897749)
 7419 * Added Endpoint and Endpoint Template documentation
 7420 * Bug #854104   - Changes to allow admin url to be shown only for admin users.   - Additional test asserts to verify
 7421 * Fixed memcache tests
 7422 * Update documentation and examples following API 1.1 removal
 7423 * Fixes bug 843065
 7424 * Additional middleware test coverage
 7425 * Enforce service ownership
 7426 * Add keystone\_tenant\_user\_admin option and fixes
 7427 * Make owner the user named same as tenant/account
 7428 * Restored developer default log dir
 7429 * Add default for log directory and log filenames
 7430 * Added wadls, pdfs, samples and functional test confs (bug 891093)
 7431 * Additional documentation
 7432 * ./keystone-manage endpointTemplates list missing arg (bug 891843)
 7433 * Bug #890399
 7434 * Bug #891451: Changes to support update endpointTemplates call in the WADL
 7435 * add an example for capability rbac
 7436 * make readme use code style
 7437 * add the policy code
 7438 * describe and add a policy backend
 7439 * policty stub
 7440 * re-indent
 7441 * Added timeout to bufferedhttp class and timeout setting for middleware - bug 891687
 7442 * Refactoring master to match stable/diablo fix for bug 891710
 7443 * Refactor auth\_token.py to only call out to Keystone once
 7444 * Added files missing from dist packaging (bug 891093)
 7445 * pylintrc should not be hidden (bug 891093)
 7446 * Simplified gitignore (in pursuit of bug 891093)
 7447 * Fixes typo in setup document
 7448 * Adding middleware tests
 7449 * Remove executable bit on template
 7450 * change array syntax
 7451 * updates to make compatible with middleware
 7452 * mergeish dolph's port change
 7453 * fix tests
 7454 * handle unscoped requests
 7455 * adjust default port
 7456 * Revised version status response (bug 890807)
 7457 * Refactored headers produced by middleware (bug 835087)
 7458 * move noop to identity controller
 7459 * Ignoring db migrate mgmt module to workaround bug 889287
 7460 * 'text/json' should be 'application/json' (bug 843226)
 7461 * Revised curl examples (bug 884789)
 7462 * allow setting user\_id on create
 7463 * users require a name
 7464 * pep8
 7465 * update test conf too
 7466 * cli for adding users, tenants, extras
 7467 * adjust paths and use composite apps
 7468 * add tests for extras
 7469 * add tenant crud
 7470 * oops, forgot update in crud
 7471 * add crud tests
 7472 * add crud tests
 7473 * add crud tests
 7474 * add test for create user and get user
 7475 * add test for create user and get user
 7476 * re-indent identity.py
 7477 * don't pep8 swp files
 7478 * accept data as kwargs for crud
 7479 * use the keystone app in the conf
 7480 * reorg
 7481 * re-indent service.py
 7482 * Bug 888448: - Changes to allow validate token call return user name as per contract. - Additional test assertions to test the same. - Changes to middleware
 7483 * more dyanmic client
 7484 * get some initial identity api tests working
 7485 * update service to middleware in confs
 7486 * move around middleware
 7487 * make a composite app
 7488 * add crud methods to identity manager
 7489 * Add a new swift auth middleware
 7490 * Use TENANT\_ID if it exists, but still support X\_TENANT
 7491 * cli beginnings
 7492 * Bug 888170: Fixing references to incorrect schema
 7493 * add admin port
 7494 * add an etc dir
 7495 * Bug #888210: Changes to fix calls to use the right path
 7496 * bug 878431: Minor changes to auth\_token middleware
 7497 * add a default handler for /
 7498 * Bug #886046 Add Quantum auth middleware to Keystone source code tree
 7499 * add a stubby setup.py
 7500 * use paste for the binary
 7501 * add a trivial admin-only middleware
 7502 * update keystone sample tests, skip one
 7503 * Bug #887236: - Changes to allow extensions to be configured. - Introduced a new property that holds list of extensions that are to be enabled
 7504 * add crud info to readme
 7505 * get novaclient tests working
 7506 * add novaclient, intermediate
 7507 * add run\_tests.sh and pep8 stuff
 7508 * remove italics on Light
 7509 * modify requirements
 7510 * link diagrams
 7511 * Track post-Diablo database evolution using migrations (BP: database-migrations)
 7512 * Changed blatant hack (fixed spelling also) to 5 second timout as tests were not completing
 7513 * Use TENANT\_ID instead of TENANT for project\_id
 7514 * X.509 client authentication with Keystone.  Implements blueprint 2-way-ssl
 7515 * whitespace
 7516 * added catalog tests
 7517 * added tests for tokens
 7518 * test the other methods too
 7519 * add some tests and get others to pass
 7520 * add some failing tests
 7521 * add a default conf
 7522 * minor whitespace cleanup
 7523 * add some todo
 7524 * fixed the output message error on granting user a role
 7525 * Bug #884930 Support/Remove additional calls for for Tenant. - Supported call to get users for a tenant for a specific role. - Removed calls to get specific role for a user and to get all the roles for a specific tenant as they are not useful. - Fixed LDAP backend call to get users for a tenant. - Disabling Invalid pylint check
 7526 * adding docs to test classes, updating run\_tests.sh to match reality adding debug middleware factory adding docs on enabling debug middleware resolving pep8 issues
 7527 * Fixes LP Bug#885434 - Documentation showing multiple tenants misleading
 7528 * add example
 7529 * rst blah blah
 7530 * updated readme
 7531 * authenticate and tenants working
 7532 * working authenticate in keystoneclient
 7533 * remove test\_keystone\_compat's catalog tests
 7534 * add templated catalog backend
 7535 * Use pure version number ("2012.1") in tarball name
 7536 * Set run\_tests.sh so pep8 runs in the virtualenv
 7537 * bug 885364
 7538 * bug:884518 Changes to support passwordcredentials calls as per API contract. Minor LDAP code change to support tests
 7539 * Fixed spelling of 'Resources' (Resoruces)
 7540 * pep8 cleanup
 7541 * everything but the catalog
 7542 * Remove execute bit on keystone.conf
 7543 * Fixes LP882760.Changes to return TenantId properly as part of roles.Additional tests to support the same
 7544 * Moving contributor docs into rst (bug #843056)
 7545 * fixing search sequence to not include directory structure from os.walk()
 7546 * bug lp:882371 Standardize Json pagination structures
 7547 * get a checkout of keystoneclient
 7548 * bug lp:882233 Code changes to support API calls to fetch services/roles by name
 7549 * Removed contributor doc build info from project README (bug #843056)
 7550 * Revised documentation build process (bug #843056)
 7551 * updates to keystone documentation - install & conf bug 843056 blueprint keystone-documentation
 7552 * Specific LDAP version causing hiccups installing on latest ubuntu & fedora
 7553 * Adding the concept of creating a Keystone HTTP client in Python which can be used in Keystone and imported from Keystone to allow for easier Keystone integration
 7554 * Add .gitreview config file for gerrit
 7555 * updating keystone developer documentation updating docstrings to remove errors in automodule generation updating setup.py to generate source documentation blueprint keystone-documentation bug 843056
 7556 * Changes to support getuser by name and gettenant by name calls
 7557 * Changes to support get endpoints for token call
 7558 * Additional changes to support endpointtemplates operations.Disabling pylint msgs that dont fit
 7559 * Github markdown doens't seem to like irc:// links
 7560 * Removed 'under construction' docs provided elsewhere
 7561 * Updated self-documentation to point to docs.openstack.org
 7562 * Revised documentation
 7563 * Changes to endpoint operations as per OSKSCATALOG contract. Adding couple of pylint fixes
 7564 * Refactored version attributes
 7565 * Changes to support endpointTemplate operations as per new API.Fixed issues with command line manage stuff
 7566 * Updated Secret Q&A to extend CredentialType
 7567 * Changes to support API calls as per OS-KSCATALOG extension
 7568 * Improved CLI error feedback (bug 877504)
 7569 * authenticate working, too
 7570 * base tests on keystone-diablo/stable
 7571 * get tenants passing, yay
 7572 * flow working, added debugging
 7573 * add context to calls
 7574 * move diagram into docs dir
 7575 * refactor keystone compat and add catalog service
 7576 * added sequence diagrams for keystone compat
 7577 * Resubmitting change. Fixing issue #843226. Changes to throw appropriate faults during token validation
 7578 * bug lp:865448 change abspath to dirname in controllers/version.py to correct path problems
 7579 * Moving non core users and tenants calls to appropriate extensions
 7580 * Fix issues in the ec2 middleware
 7581 * Adding calls to get roles for user as per new format.Cleaning references to old code
 7582 * Fixes LP844959, typo in Authors file
 7583 * Changes to support roles and services calls via extensions. Change-Id: I1316633b30c2be07353dacdffb321791a4e2e231
 7584 * Simplified README
 7585 * First commit for Secret Question and Answer Extension: RAX-KSQA
 7586 * Fixing issue 854425.ie chaning token table name to tokens. Fixing issue 863667.Changes to support updation of user/tenant name as well using api calls. Fixing LDAP backend to have id independent of name.Fixing getuser call to also return name
 7587 *  Fixing bug 859937.  Removing incorrect atom feed references from roles.xsd
 7588 * Minor corrections to the middleware and wadl
 7589 * Changes to show name also for the user list
 7590 * Changes to show admin URL also as a part of json in endpoints listing
 7591 * getting closer, need to match api now
 7592 * tests running through, still failing
 7593 * add a test client
 7594 * added a test, need to get it working now
 7595 * Use the tenant name for X\_TENANT
 7596 * Fix possible\_topdir computing
 7597 * Change roleId to role.id for swift middleware
 7598 * adding in doc and setup to cover existing scripts adding doc around credentials command usage (for EC2)
 7599 
 7600 2011.3
 7601 ------
 7602 
 7603 * Updating legacy auth translation to 2.0 (bug #863661)
 7604 * Shouldn't look in /etc/init/ for config files
 7605 * Changing default admin port from 5001 to 35357, per IANA/IETF (bug #843054)
 7606 * Organizing and documenting pypi requirements
 7607 * sample data updates to remove -service from image and identity
 7608 * Refactor and unit test json auth parsing
 7609 * Error message expecting 'e' in local scope
 7610 * Do not return identical error messages twice
 7611 * Update auth examples in README
 7612 * README.md changes to point to openstack repo
 7613 * updating docs for Mac source install, no docs for mac package install relevant
 7614 * POST /tokens: Added tenant id & name to scoped tokens in XML (#862752)
 7615 * Updated guides.Have recompiled to use the latest examples
 7616 * Fix bug 861546
 7617 * Fix swift middleware with regard to latest changes
 7618 * Changes to support getTenants to behave differntly for admin users when invoked as a service api or admin api
 7619 * Changes to stored hashed password in backends. Using passlib a password hashing library. Using sha512. Setting hashing to be the default behavior
 7620 * Changes to WADLs to refer actual types
 7621 * Revised docstring
 7622 * Added /etc/init/keystone.conf to list of known configuration paths
 7623 * Revising tenant IDs & Names in samples (#854228)
 7624 * Authenticating against non-existent tenant (fixed #859927)
 7625 * Adds list of dependencies to dev install
 7626 * Fixed Anne's email address & list position (alphabetical)
 7627 * Added support for scoping by tenantName
 7628 * Changes to return groups as a part of RAXKSGRP extension.Also fixed incorrect schema version references in wadls and examples
 7629 * Changes to support authenticate call to accept token as per agreed format
 7630 * Minor changes to wadl
 7631 * Making type mandatory as per sandy's request and minor fixes to wadl examples. Adding Ann as an author
 7632 * Changes to structures to support authenticate using token. Minor wadl fixes. Adding Anne as an author
 7633 * Removing token element from token.xsd
 7634 * Update to token.xsd to allow element token as a root element in relation tu bug: https://bugs.launchpad.net/keystone/+bug/855216 - apiKeyCredentials Samples casing apiKey update
 7635 * Changes to support endpoint template addition/listing by service names. Changes to list service details as well
 7636 * Modified apiKeyCredentials to extend single entity and use restriction
 7637 * Reorder params in User() constructor
 7638 * Fix for bug 856857 - add user.name to User() constructor to re-align param
 7639 * Fix for bug 856846 - cast ints to string in users\_get\_by\_tenant\_get\_page so that they can be joined
 7640 * POST /tokens: A chronicle of missing features
 7641 * Fixes issues with ldap tests
 7642 * Get Service Catalog from token
 7643 * Fixes auth\_token middleware to allow admin users in nova
 7644 * Initial set of changes to move role operations to extensions
 7645 * Updating guide wrt wadl changes
 7646 * Minor Changes to extension WADL
 7647 * Changes to support auth catalog as per new format
 7648 * Changes to docs
 7649 * Adding tenantid to user roles and endpoints
 7650 * Fixes bug 855823
 7651 * Add code removed in https://code.launchpad.net/~vishvananda/nova/remove-keystone-middleware/+merge/76297 to keystone
 7652 * Added support for HEAD /tokens/{token\_id} Changed POST /tokens response container from 'auth' to 'access'
 7653 * Making identity-admin.wadl well-formed
 7654 * Converting to new doc format for included code samples
 7655 * Changing authenticate request content xml as well as json
 7656 * GET /tokens/{token\_id}: Exposing both role ID's and Name's
 7657 * Renaming 'roleRef' container to 'role'
 7658 * Renaming 'roleRefs' container to 'roles'
 7659 * Renaming GET /tokens/{token\_id} response container to 'access'
 7660 * Revised samples
 7661 * Fixed path issues with keystone-import
 7662 * Update validate\_service\_or\_keystone\_admin\_token so that it doesn't cause exceptions if the admin or service admin haven't been configured
 7663 * Changing/introducing actual extension json/xml snippets. Adding updated documents
 7664 * Backend-managed role & service ID's (bug #834683)
 7665 * Initial Changes to move service operations to extensions
 7666 * Docs,wadls,samples,initial code to support RAX-KSKEY and OS-KSEC2 extensions. Removed tenant id from being part of endpoints
 7667 * Glance Auth Token Middleware fix
 7668 * Sorted AUTHORS list
 7669 * adding imports from Nova for roles, tenants, users and credentials
 7670 * Update keystone-manage commands to convert tenant name to id. Fixes #lp849007
 7671 * 1.Changed all Json paginated collection structure. 2.Introduced a type for credential type (path param) and change wadls and xsds. 3.Added List Users call. 4.Changed Endpoint creation example
 7672 * Don't import keystone.test unless we are in testing. Fixes #lp848267
 7673 * Add toggle to run tests in-process, w/ realtime progress feedback
 7674 * Add ability to run fakeldap in memory
 7675 * Added backend-managed primary key to User and Tenant model
 7676 * Introducing doc to support OS-KSCATALOG extensions.Adding new calls to OS-KSADM extension document
 7677 * Adding initial document for OS-KSADM-admin extension.Related changes on wadl,json,xsd etc
 7678 * Fixing sample content
 7679 * Adding new doc.Changes to sample xmls and jsons
 7680 * Validation content and relavant changes
 7681 * Minor fixes on xsds and sample xmls
 7682 * Fixing existing wadl.Completing wadl for extension OS-KSADM
 7683 * Fix invocations of TemplateError.  This exception takes precisely three parameters, so I've added a fake location (0, 0) to keep it happy
 7684 * Adding wadl for OS-KSCATALOG extension.Fixing existing xsds.Fixing service wadls. Merging changes. Change-Id: Id29dc19cbc89f47e21329e531fc33bd66c14cf61
 7685 * Update Nova and Glance paste config examples
 7686 * Various documentation-related changes
 7687 * Consolidating xsds. Splitting contrib to admin and service
 7688 * Adding guides for groups extension
 7689 * Fix host/port split code in authenticate\_ec2. Resolves an AttributeError: 'Ec2Credentials' object has no attribute 'partition' exception that can occur for EC2 auth validations
 7690 * Adding guide for RAX-KSKEY-service extension. Adding guide for OS-KSEC2-service extension
 7691 * Fix NameError exceptions in add\_credentials. Adds test case on creating credentials
 7692 * Redefining credential types. Defining additional extensions and renaming extensions. Removed wadls that are not needed
 7693 * Fix for duplicate <any> tag on credentials.xsd
 7694 * Move tools/tracer into the keystone code. Fixes ImportError's when running keystone as a .deb package
 7695 * Fixed error where endpoints returned for tenant instead of token
 7696 * Updated the AUTHORS file to test the new rpc script and workflow
 7697 * Update rfc.sh to use 'true'
 7698 * Made it possible to integrate with external LDAP
 7699 *     Dev guide rebuild and minor fixes
 7700 * Updates to samples, XSDs, and WADLs
 7701 * Added AUTHORS, .mailmap and generate\_authors.sh
 7702 * Changes to support endpoint template updates
 7703 * Fixes bug 831574. Adds missing sys import
 7704 * Updated schema to reflect id and name changes to Users and Tenants
 7705 * Updated guides and samples
 7706 * Additional contract changes
 7707 * Sample changes
 7708 * Atom links on Token
 7709 * Cleanup service it endpoint catalog
 7710 * Removed redundant function from base user api
 7711 * Updated samples
 7712 * Fixed reference to unassigned variable
 7713 * Reworked XSDs and WADL to support auth and access elements
 7714 * Remove more group stuff
 7715 * Removed OSX files that shouldn't be in git
 7716 * Documentation cleanups
 7717 * Banished .DS\_Store
 7718 * Add rfc.sh for git review
 7719 * Wrong common namespace
 7720 * XSD & sample updates
 7721 * Added more missing files to MANIFEST.in
 7722 * hanges to allow test to work on python 2.6.\*
 7723 * Cleaned up come issues with python2.6
 7724 * Refactored manage.py to be both testable and useful for testing
 7725 * Sample changes to support v2.0 api
 7726 * Sample changes to support v2.0 api
 7727 * Admin WADL Revisions
 7728 * Add the files in keystone/test/etc
 7729 * Add run\_tests.\* to the MANIFEST.in
 7730 * Keystone manage.py cleanup
 7731 * Tests running on in-memory sqlite db
 7732 * Additional changes to fix minor service support stuff and increase test coverage. Also making validate token call available using service admin tokens
 7733 * Made all sample data loading in one script
 7734 * Minor fix to run\_tests
 7735 * Contract changes
 7736 * Admin WADL updates
 7737 * Port of glance-control to keystone.  This will make writing certain keystone integration functional tests a little easier to do
 7738 * Updates to XML and JSON changes for validateToken
 7739 * Added pylint message count as run\_tests.sh -l
 7740 * Added reponse handling for xsd static file rendering III Extra extension tests (for RS-KEY)
 7741 * Creating an artificial whitespace merge conflict
 7742 * Moved run\_test logic into abstract class
 7743 * Git-ignore python coverage data
 7744 * Added reponse handling for xsd static file rendering
 7745 * Additional tests and minor changes to support services CRUD
 7746 * Added reponse handling for xsd static file rendering
 7747 * Schema updates. Split WADLs and extensions and got xsds to compile
 7748 * Ziads changes and fixes for them
 7749 * Added check\_password to abstract backend user API
 7750 * Doc changes, including service catalog xsd
 7751 * Fixed service-bound roles implementation in LDAP backend
 7752 * Removed ldap names import from fakeldap module
 7753 * fix ec2 and add keystone-manage command for creating credentials
 7754 * Legacy auth fix and doc, wadl, and xsd updates
 7755 * Replacing tokens with the dummy tokens from sampledata.sh
 7756 * Add option for running coverage with unit2
 7757 * Adding curl documentation and additional installation doc. Also updated man documentation for keystone-manage
 7758 * Changes to improve performance
 7759 * Removed the need to set PYTHONPATH before tests
 7760 * Back to zero PEP8 violations
 7761 * Schema and WADL updates
 7762 * Adding documentation to WADL
 7763 * Correct 401, 305, and www-authenticate responses
 7764 * Correct 401, 305, and www-authenticate responses
 7765 * Correct 401, 305, and www-authenticate responses
 7766 * Added xsd content, update static controller, and static tests
 7767 * Updated wadl
 7768 * Fix LDAP requires to compatible version
 7769 * Moved password check logic to backend
 7770 * Changes to delete dependencies when services,endpoint\_templates,roles are being deleted. PEP8 and Pylint fixes.Also do ldap related changes
 7771 * Add LDAP schema
 7772 * Add wrapper for real LDAP connection with logging and type converting
 7773 * Fix console and debug logging
 7774 * Redux: Add proper simple\_bind\_s to fakeldap
 7775 * Adds support for authenticating via ec2 signatures
 7776 * Changes to allow additional calls to support endpoint template CRUD and additional checks on existing method
 7777 *  Committer: Joe Savak <joe3963@joe3963-VirtualBox.(none)>
 7778 * Refactoring business logic behind GET /tenants to make it less convoluted
 7779 * Moved run\_tests.py to match other projects
 7780 * Revert "Add proper simple\_bind\_s to fakeldap, removed all imports from ldap."
 7781 * Add proper simple\_bind\_s to fakeldap, removed all imports from ldap
 7782 * Gets Keystone a bit more inline with the way that other OpenStack projects run tests. Basically, adds the standard run\_tests.sh script, modifies the run\_tests.py script to do the following:
 7783 * Changes to support CRUD on services/roles
 7784 * Issue #115: Added support for testing multiple keystone configurations (sql-only, memcache, ldap)
 7785 * Added automatic test discovery to unit tests  and removed all dead tests
 7786 * PEP8 fixes... all of them
 7787 * Small licensing change to test Gerrit
 7788 * Small change to test Gerrit
 7789 * Fix brain-o--we may not need project\_ref, but we do need to create the project!
 7790 * updated README with more accurate swift info
 7791 * Determine is\_admin based on 'Admin' role; remove dead project\_ref code; pass auth\_token into request context; pass user\_id/project\_id into request context instead of their refs
 7792 * Added support for versioned openstack MIME types
 7793 *  #16 Changes to remove unused group clls
 7794 * Add unittest2 to pip requires for testing
 7795 * #66 Change in variable cases
 7796 * #66 Change in variable cases
 7797 * Changes to make cache time configurable
 7798 * Changes to store tokens using memcache #66
 7799 * Changes suggested by Ziad.Adding validateToken operation
 7800 * Flow diagram to support keystone service registration
 7801 * Restored identity.wadl w/ system test
 7802 * pylint fixes for role api
 7803 * Removing attribute duplicated from superclass; causes an issue in py 2.7
 7804 * pylint fixes for tenant-group unit tests
 7805 * pylint fixes for server unit tests
 7806 * Making the API version configurable per API request
 7807 * PEP8 fixes for system tests
 7808 * Issue #13: Added support for Accept-appropriate 404 responses w/ tests for json & xml
 7809 * Simple change to test gerrit
 7810 * Document how to allow anonymous access
 7811 * Sigh. Proofreading..
 7812 * Update README with instructions to fix segfault
 7813 * These changes make no sense--I didn't do them, and I'm in sync!
 7814 * Add middleware for glance integration
 7815 * #3 Preventing creation of users with empty user id and pwds
 7816 * Fixing naming conflict with builtin function next()
 7817 * This makes the use of set\_enabled more clear
 7818 * Fixes failing test introduced after disabled check remove
 7819 * Changes to allow password updates even when the user is disabled.Also fixed failing tests
 7820 * Disabled users should now be returned by GET /users/{user\_id}
 7821 * Updating a disabled user (via xml) should now succeed
 7822 * Updating a disabled user should now succeed
 7823 * Noted potential issue, but I'm not sure if this is dead code or not anyway?
 7824 * Assigned Base API classes so downstream code knows what to expect
 7825 * Adding missing class variable declaration
 7826 * Cleaning up unit tests
 7827 * Removes disabled checks from get\_user and update\_user
 7828 * Fixing module-level variable naming issues
 7829 * Improving variable naming consistency
 7830 * Avoiding overloading of built-in: type()
 7831 * Fixing indentation
 7832 * Specified python-ldap version, which appears to avoid the packaging issues we've experienced
 7833 * Added missing import
 7834 * More LDAP tweaks
 7835 * LDAP backend updates
 7836 * More test fixes
 7837 * Fixed deprecation warning
 7838 * Updated test to allow for additional role
 7839 * Restored UnauthorizedFaults to token validation requests
 7840 * Fix for issue #85
 7841 * - System test framework can now assert specific response codes automatically - Revised system test for issue #85 based on clarification from Ziad - Added system test to attempt admin action using a service token
 7842 * Adds the member role to sampledata, gives it to joeuser
 7843 * PEP8 fixes
 7844 * Formatting
 7845 * Merged duplicate code
 7846 * Add first implementation of LDAP backend
 7847 * Added (failing) system test for issue #13
 7848 * Minor cleanup
 7849 * Made all API methods raise NotImplementedError if they are not implemented in backend
 7850 * Made delete\_all\_endpoint calm if there is nothing to do
 7851 * Fixed bug causing request body setting to fail
 7852 * Add check to sqlalchemy backed to prevent loud crush
 7853 * Tweaked import\_module to clearly import module if it can
 7854 * Removed hardcoded references to sql backends
 7855 * Add exception throwing and logging to keystone-manage
 7856 * Merging keystone.auth\_protocols package into keystone.middleware
 7857 * - Added 'automatic' admin authentication to KeystoneTestCase using bootstrapped user - Added system tests for admin & service authentication - Abstracted '/v2.0' path prefix away from system tests - Added simple uuid function to generate data for system tests (random number gen w/ seeds might work better?) - Refactored issue #85 tests with setUp & tearDown methods
 7858 * Clarifying test case
 7859 * Fixed minor pylint issues
 7860 * Removed tenant id from admin user
 7861 * Move dev guide to OpenStack
 7862 * Commented out failing request, until it's review
 7863 * Wrote test case for github issue #85
 7864 * Formatting change
 7865 * Was this a typo or an incredibly lame joke?
 7866 * Added missing imports and fixed a few pylint issues
 7867 * Improved dict formatting
 7868 * Improved readability a bit
 7869 * Abstracted underlying HTTP behavior away from RestfulTestCase Added 'automatic' JSON body encoding (TODO: automatic XML encoding) Improved user-feedback on automatic response status assertion
 7870 * Added run\_tests.py to keystone.test.system, which uses bootstrap db script
 7871 * Added bootstrap configuration script (with admin user assigned an Admin role)
 7872 * Added 'automatic' token auth for each API
 7873 * Refactored port configuration strategy to allow a single test case to address both the admin and service API's
 7874 * Added automatic json/xml parsing to system test framework
 7875 * Added system test discovery to run\_tests.py
 7876 * Added system tests for content type handling and url rewriting
 7877 * Updated tests to reflect last bug fix
 7878 * Extracted sample test from framework and moved system test framework into \_\_init\_\_
 7879 * Converted system test framework to use httplib
 7880 * Initial system test approach, using urllib2
 7881 * Fixed bug: traceback thrown when the path '/' is requested
 7882 * Updated \*unused\* tests to reflect refactored API's
 7883 * Removed some useless/dead code
 7884 * Cleaned up authentication tests
 7885 * Improved readability slightly
 7886 * Moved db imports to config module Removed useless try/except blocks
 7887 * Organized imports
 7888 * Simplified a few util functions
 7889 * Fixed line length
 7890 * Renamed service API configuration options
 7891 * Renamed ServiceApi router module
 7892 * Renamed ServiceApi router
 7893 * Cleaned up keystone.logic
 7894 * Removed unused logger
 7895 * Refactored routers and controllers into their own modules (issue #44)
 7896 * Fixed doc string
 7897 * Improved PEP8 compliance
 7898 * Fixed spelling
 7899 * Removed unused import
 7900 * Slightly simplified base wsgi router
 7901 * Added note about run\_tests.py to readme
 7902 * Organized imports
 7903 * Improved readme consistency
 7904 * pep8
 7905 * Pylint an pep8 fixes
 7906 * Fixing bug reported using with swift
 7907 * Fixed default content type behavior (was defaulting to XML)
 7908 * Removed redundant action mappings (for version controller)
 7909 * Renamed exthandler to urlrewritefilter to better illustrate it's purpose
 7910 * Minor comment change
 7911 * Refactored URL extensions handling (for .json/.xml) Added universal support for optional trailing slashes
 7912 * Return users in a tenant as part of a many-to-many relationship
 7913 * Added import, autoformatting
 7914 * Removed unused imports
 7915 * Moved exthandler to keystone.middleware
 7916 * \*\* keystone.conf refactoring \*\*
 7917 * Fixed 'is\_xml\_response' function, which had no clear intention
 7918 * Removed unused function
 7919 * Rewrote .json/.xml extension handler with additional unit test
 7920 * Added links to readme
 7921 * Added python-ldap to pip-requires
 7922 * Initialized LDAP backend
 7923 * Various fixes for test running
 7924 * Commented out suspicious unit tests.....
 7925 * Added test automation script
 7926 * Cleaned up file
 7927 * Added missing test files to test collection
 7928 * Made unit tests executable from the cmd line
 7929 * Added test\_auth to list of unit tests
 7930 * Update auth test to account for generic service names
 7931 * Changes to make Admin for keystone configurable.#27
 7932 * Remove old initializers
 7933 * Changes to introduce BaseAPI to support multiple back ends
 7934 * Changes to support dynamic loading of models
 7935 * Adding list of todos
 7936 * Initial changes to support multiple backends
 7937 * Fixed identity.wadl response - issue #71#
 7938 * Recompiled devguide with endpoints and templates
 7939 * Removed unnecessary symlink
 7940 * Changes to support endpoints and endpointemplates (renaming BaseUrls and BaseURLRefs)
 7941 * Make swift middleware live where it should
 7942 * Remove swift-y bits from generic token auth
 7943 * Changes on Sample data
 7944 * Code changes to support global endpointTemplates
 7945 * Swift-specific middleware
 7946 * Issue 31: Switching default ports to 5000/5001 (public/admin)
 7947 * Fixed readme instructions for Nova - Issue #55
 7948 * Fixed requires for development and in readme
 7949 * Bringing back the changes to support endpointTemplates and endpoints
 7950 * Readme fix
 7951 * Edited keystone/auth\_protocols/nova\_auth\_token.py via GitHub
 7952 * Issue 32: Updated readme to reflect fix for issue 32 (removed 'cd bin' prefixes before several commands)
 7953 * (Related to) Issue 32: bin/sampledata.sh cannot be executed outside of bin/
 7954 * Issue 32: ./bin/keystone cannot be executed outside of bin/
 7955 * Issue 31: Reverted ports to 8080/8081 while the issue is under discussion
 7956 * Adding endpoint related files
 7957 * Updated readme to reflect docs/ -> doc/ change Added tools/pip-requires-dev for depelopment dependencies
 7958 * Basic authorization for swift
 7959 * Republished developer guide for Jun 21, 2011
 7960 * Updated token validation sample xml (dev guide)
 7961 * Updated dev guide publish date
 7962 * Added developer guide build folder to git ignore list
 7963 * Auto-formatted and syntacically validated every JSON example in the doc guide
 7964 * working with dashboard
 7965 * add get\_tenants
 7966 * rudimentary login working
 7967 * most bits working
 7968 * initial
 7969 * Reverting change thats not needed
 7970 * Fixing some of the failing tests
 7971 * Merging changes from trunk
 7972 * demo of membership using keystone in sampledata
 7973 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7974 * Fixed formatting, imports
 7975 * Issue 31: Updated docs and examples
 7976 * Committing unit test configuration for issue 31
 7977 * Issue 31: Changed default ports to 80/8080
 7978 * Issue #8: Renamed primary key of Token to 'id'
 7979 * Name changes BaseURLRefs to EndPoints and BaseURLs to  EndpointTemplates
 7980 * Changes to hash password
 7981 * Restored tools.tracer to bin/ scripts; included fix for empty frames
 7982 * Merging changes
 7983 * Removed unused import
 7984 * Removed redundant sentence in dev guide
 7985 * Removed unused imports in bin/
 7986 * Fix for keystone issue 41: https://github.com/rackspace/keystone/issues/41
 7987 * Merging changes from rackspace
 7988 * Fixed spelling error
 7989 * Changes to include support for paginations
 7990 * Fixing existing methods on wadl
 7991 * Fixed broken unit test code
 7992 * Refactored api function names to avoid redundancy with new module names
 7993 * Changes to wadl to support user operations
 7994 * Refactored DB API into modules by model
 7995 * Pep8 changes
 7996 * Changes to allow user creation without a tenant
 7997 * for got to change a 1.1 to 1.0
 7998 * dash needs both 1.0 and 1.1 compatability - need to fix that!
 7999 * nova needs 1.0 api currently
 8000 * Some field validations
 8001 * Merged docs
 8002 * make sampledata executable again
 8003 * Admin for nova doesn't take a tenant
 8004 * add keystone to its own service catalog
 8005 * Fixed error on UrlExtensionFilterTest
 8006 * Fixed imports; improved PEP8 formatting compliance
 8007 * Fixed imports in keystone.common
 8008 * Removed unused imports and denoted unused variables
 8009 * Fixed imports in auth\_protocols
 8010 * Removed duplicated function
 8011 * Added coverage to pip development requirements
 8012 * Fixed relative & unused imports
 8013 * Adding py init to functional tests
 8014 * Created pip requirements file for development env (added sphinx python doc generation to start)
 8015 * Added pydev files to gitignore
 8016 * Added py init files to directories already being referenced as modules
 8017 * Users must have tenants or nova breaks
 8018 * Doc updates and dev requires
 8019 * Resolved conflicts
 8020 * To PUT or to POST
 8021 * Fixed v1.0 auth test to account for cdn baseURL order
 8022 * Support for GET /v2.0/users and add cdn back to sampledata for v1.0 support
 8023 * Update the baseURL data pushed into glance
 8024 * Fix symlinks after docs -> doc rename
 8025 * Adding call to modify tenant.Adding more tests and fixing minor issue
 8026 * Added pip requirements file for testing environments
 8027 * Grammar corrections
 8028 * Adds Sphinx build ability and RST documentation
 8029 * Removing unused references to UserTenantAssociation
 8030 * Introduced a method to get all users @Users resource.Also moved the method to get user groups out of tenant scope
 8031 * Changed BaseURLs to OpenStack names
 8032 * Test fixes
 8033 * Seperating user calls from tenants
 8034 * Improved README formatting/consistency
 8035 * Updated paths to unit/function tests in README
 8036 * Updated docs: sampledata.sh can't be executed outside of bin/
 8037 * Added Routes and httplib2 to production dependencies
 8038 * Correcting typo
 8039 * Setup.py fix
 8040 * Readd test folder
 8041 * Forgot to add doc file
 8042 * Moved tests to keystone folder and removed old management tools - issue #26
 8043 * Updated SWIFT endpoint default
 8044 * Update to dev guide explaining admin call auth requirements
 8045 * Update sample data and keystone-manage for local install of OpenStack
 8046 * Put updated Swift Quickstart into README.md
 8047 * API v2.0 Proposal
 8048 * Doc updates.Minor keyston-manage changes
 8049 * Doc updates
 8050 * Doc updates
 8051 * set nova admin role if keystone user has "Admin" role
 8052 * keystone repo is now at github.com/rackspace/keystone
 8053 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 8054 * Add Admin API tests for v2 authentication
 8055 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 8056 * Rename file.Ziad suggestion
 8057 * Name changes suggested by Ziad
 8058 * Minor fixes
 8059 * Code cleanup
 8060 * PEP8 changes
 8061 * Removing redundant files
 8062 * Changing to legacy auth to standard wsgi middleware.Name change of some of the files
 8063 * Changing to legacy auth to standard wsgi middleware
 8064 * Introducing new frontend component to handle rackspace legacy calls
 8065 * Introducing new frontend component to handle rackspace legacy calls
 8066 * keystone repo is now at github.com/rackspace/keystone
 8067 * Add success test for GET /v2.0/tokens/<TOKEN\_ID> in json and xml
 8068 * Add Admin API tests for v2 authentication
 8069 * Add test verifying a missing tenantId key in the password creds works properly in JSON
 8070 * Removing debug print
 8071 * Changes to return service urls for Auth1.0 style calls
 8072 * Changes to return service urls for Auth1.0 style calls
 8073 * Updating tests and sample data
 8074 * Merging changes from rackspace
 8075 * Changes to support service catalog
 8076 * pep8
 8077 * Added URLs to sampledata
 8078 * Support for listing BaseURL refs in keystone-manage
 8079 * Support transforming service catalog
 8080 * Removing remerged comments
 8081 * Adding roles as comma seperated values on a single header
 8082 * Changes to support getTenants call for user with admin privelage and regular user
 8083 * Add more test cases for v2 authentication for bad requests and unauthorized results
 8084 * Add test case for verifying GET /v2.0/tokens returns 404 Not Found
 8085 * It's possible to authenticate through the Admin API
 8086 * Changes on auth basic middleware component to return roles.Also changes on the application to return roles not tied to a tenant
 8087 * Update the sample to reflect some minor enhancements to the base framework
 8088 * Add test for validate\_token
 8089 * Save expiration data for later comparison
 8090 * Don't need to fiddle around with user tokens here, just admin tokens
 8091 * Get and revoke both admin and user tokens..
 8092 * Merging changes
 8093 * Bah, somehow my sample data failed to include Admin as admin's role
 8094 * Merging changes
 8095 * Merging changes
 8096 * Merging changes
 8097 * Meging changes
 8098 * Changes to also return role references as a part of user when get token call is made for a specific tenant
 8099 * Use un-spaced exception names..
 8100 * Try to use an admin credential to revoke the token
 8101 * Split the Keystone service from the Admin service so we can test both
 8102 * The API is a moving target; update the test
 8103 * Support for listing roles in keystone-manage
 8104 * Adds unit testing base class that takes care of much of the tedium around setting up test fixtures. This first commit just demoes the new test case functionality with a new test case /test/unit/test\_authn\_v2.py
 8105 * pep8
 8106 * Fixed issue #6
 8107 * Support POST /tokens only - issue #5
 8108 * Added quick start guide to integrating Swift and Keystone; fixed setup.py tokenauth filter installation
 8109 * Added role and user data to sampledata.sh
 8110 * Additional unit tests for base url refs.Minor code refactorings
 8111 * Changes to support baseurlrefs operations
 8112 * MD cleanup
 8113 * md futzing
 8114 * More readme cleanup
 8115 * Merged DTest tests and moved ini file to examples/paste
 8116 * moved paste example to examples
 8117 * Readme updates
 8118 * Just making sure leading whitespace is stripped if automated
 8119 * to->too
 8120 * Updated dev guide
 8121 * Add a sample to document how to create tests
 8122 * Add a test for authenticate/revoke\_token
 8123 * Ensure that --username, --password, and --keystone are given
 8124 * Build base classes for tests
 8125 * Documentation fixes to versions
 8126 * Build the skeleton necessary to run tests
 8127 * Add x\_auth\_token header to most methods
 8128 * Make sure we don't lose the body completely if we can't json.load() it
 8129 * Add debugging messages
 8130 * Add a property to get the RESTClient instance
 8131 * Fix up get()/put()/post()/delete() calls to make\_req()
 8132 * Deal with the case that no headers are provided
 8133 * Deal more intelligently with empty strings
 8134 * Listing technologies to integrate
 8135 * Um, queries are supposed to be optional, all others required
 8136 * Properly join relative paths
 8137 * Apparently "/token" is actually spelled "/tokens"
 8138 * Accidentally left out the reqwrapper argument
 8139 * Sketch in a basis for the Keystone API 2.0
 8140 * Make argument order a little more natural
 8141 * Fixing unit tests.Introduced support for global roles
 8142 * Don't let self.\_path be the empty string
 8143 * self.\_scheme isn't set yet
 8144 * Don't add a field if there isn't one..
 8145 * Create a simple means of building a REST-based API
 8146 * Fixing unit tests for user and groups
 8147 * Docs
 8148 * Link fix
 8149 * API Spec updates
 8150 * More /token -> /tokens fixes
 8151 * /tokens instead of /token
 8152 * Prep for move to git@github.com:rackspace/keystone.git
 8153 * Made URL relative
 8154 * pep-8 and minor mapping fix
 8155 * Dev guide update - BaseURLs and Roles
 8156 * Update docs on how to use nova.sh to deploy openstack on cloud servers
 8157 * Changes to support calls to getBaseUrls
 8158 * Changes to support /tokens on docbook and minor roleref changes
 8159 * Changes to support roleref calls
 8160 * Updated to use X\_USER as decided in Issue 49
 8161 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8162 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8163 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8164 * user should be what keystone returns
 8165 * Fixed issue #54
 8166 * Updated to use X\_USER as decided in Issue 49
 8167 * Updated with feedback from https://github.com/khussein/keystone/issues/49#issuecomment-1237312
 8168 * Fix for issue 49 - parse X\_AUTHORIZATION header for user\_id
 8169 * Minor changes to the document
 8170 * Changes to unique relationship definition
 8171 * Adding more tests for roleref operations
 8172 * Fixed issue where user tenant not returned in GET /token - related to issue #49
 8173 * Changes to support /tokens on docbook and minor roleref changes
 8174 * Changes to support roleref calls
 8175 * user should be what keystone returns
 8176 * midnight typo
 8177 * Added examples readme
 8178 * Fixed issue #54
 8179 * Link to latest dev guide in readme
 8180 * Instructions to run with Nova
 8181 * Documentation update and new API spec
 8182 * Updates to README
 8183 * Updates to README
 8184 * Updates to README
 8185 * Updates to README
 8186 * Updates to README
 8187 * Updates to README
 8188 * Fix up broken setup.py scripts list
 8189 * -Removed .project file from project and added it to .gitignore -Moved pylintrc -> .pylintrc, personal preference that this file should be available, but not seen -Moved echo to examples directory, seemed a bit odd to be in the top level -Moved management directory to tools, seemed a bit odd to be in the top level -Moved pip-requires to tools/, and updated the reference to it in README.md
 8190 * Fix the identity.wadl symlink
 8191 * keystone src directory needs symlinked
 8192 * remove copy&paste ware from nova\_auth\_token and use auth\_token middleware
 8193 * Flow diagrams
 8194 * simple flow diagrams
 8195 * Multi-tenant token fixes
 8196 * Fixed invalid tenant authentication
 8197 * Fix error in tenant\_is\_empty (model has changed)
 8198 * Fixed debug/verbose flag processing
 8199 * update readme
 8200 * keep nova\_auth\_token in keystone
 8201 * Changes to support /Roles calls.Removing create call from being exposed as of now
 8202 * Changes to support /Roles calls.Description included
 8203 * Changes to support /Roles calls
 8204 * Readme merge
 8205 * Readme updaes for load testing
 8206 * hack nova\_auth\_token to work
 8207 * removing unused library
 8208 * Changes to support roles and baseurls on wadl
 8209 * Changes to support roles and baseurls on wadl
 8210 * Changes to support roles and baseURLs
 8211 * missed some nova reqs
 8212 * information on using nova\_auth\_token
 8213 * lazy provisioning for nova
 8214 * readme fixes
 8215 * Merged in anotherjesse's changes
 8216 * New model working with echo\_client.py
 8217 * Missed a file
 8218 * Added tracing and modified model
 8219 * echo\_client should be executable
 8220 * move nova's path injection to management scripts
 8221 * server.py/version.py shouldn't be executable while cli tools should
 8222 * spacing for readme
 8223 * Add keystone-manage to support bootstrapping Keystone with add user command
 8224 * Setup.py update
 8225 * Updated logging and parameterization for bin scripts
 8226 * Minor readme fixes
 8227 * Simplified running Keystone and Updated readme
 8228 * v1 compatibility and Service/Admin API split
 8229 * DocBook Changes
 8230 * Merging HCL changes - pull 40
 8231 * Changes to support baseurls and roles on the document.Adding sample files
 8232 * Changes to support baseurls and roles on the document
 8233 * Adding xsds to support roles and baseurls
 8234 * More version fixes
 8235 * Initial commit
 8236 * Make config compatible with legacy
 8237 * Move to v2.0
 8238 * Changes to move the db settings to conf file
 8239 * removing bottle
 8240 * Adding Accept header to is\_xml\_response logic
 8241 * Removing bottle dependencies
 8242 * Mae Pylintrc, reordered imports made pep8 of the  files
 8243 * Foundation for some server and auth unit tests
 8244 * Added as per HACKING  Files
 8245 * pylint fixes
 8246 * fixes
 8247 * fixed test cases
 8248 * Merged api,service,server,test\_common
 8249 * Added test cases for add user to a tenanat
 8250 * multi token test cases and bug fixes
 8251 * Moved all Server functions to utils.py
 8252 * Fixed failing test - bug introduced in cleanup
 8253 * Added pylint and cleanup from last commit
 8254 * Merged pull 37. Removes bottle, adds configuration, and adds daemonization
 8255 * fixed pylint
 8256 * fixed bugs
 8257 * fixes
 8258 * fixes
 8259 * removed backslashes
 8260 * Added functionality add user to a tenant
 8261 * fixes
 8262 * Pep8 test\_users.py
 8263 * checking SSLv3 problems
 8264 * checking SSLv3 problems
 8265 * checking SSLv3 problems
 8266 * checking git push problems
 8267 * Optimised test\_users.py
 8268 * Modified the README and README.md
 8269 * fixed bug raised when included exthandler
 8270 * Removed unwanted file
 8271 * removed unused run method
 8272 * Added PEP8 to test cases
 8273 * Removed importing objects from keystone
 8274 * pylintrc optimization
 8275 * optimization of test cases and handling multi token
 8276 * fixes
 8277 * Nochanges
 8278 * Modified the README for keystone-control issue
 8279 * Modified the README
 8280 * Added PEP8 for remaining test cases
 8281 * PEP8 for test cases by praveena
 8282 * renamed test\_identity.py to test\_keystone
 8283 * added pidfile and removed print statement from test\_common
 8284 * fixes
 8285 * removed print statement
 8286 * Added keystone.log to ignore list
 8287 * Modified  server.py tenant group URL to fix failing test cases
 8288 * Added \*.log to gitignore
 8289 * neglect changes
 8290 * Added new script to run all tests
 8291 * Modified and tests. Tests groups throwing some minor errors still
 8292 * Modified and commented the code
 8293 * Split the test cases into individual files Fixed Bugs of api
 8294 * Made PEP8 of server
 8295 * Too much of duplication and incomplete conflict resolution in test\_identity.py
 8296 * Sisirhs changes
 8297 * Sai and Praveena's Changes
 8298 * Added missing tests,  mad e enable and disable password work
 8299 * merged conflicts
 8300 * test cases modfications and bug fixes
 8301 * Renamed  to server.py and added  top dir in config
 8302 * Added the keystone  top dir in configuration
 8303 * Modified the README
 8304 * latest updates
 8305 * latest updates
 8306 * new merge with installation fixes
 8307 * A brief README for the auth-server
 8308 * Added keystone-control
 8309 * chasing tenant group bug
 8310 * Added tests for the URL extension middleware
 8311 * modified keystone-control and reshuffling of file names
 8312 * Adding unit test for the URL extension handler
 8313 * Modified test cases
 8314 * Yes, I modified, but I wont commit
 8315 * merged Sai changes
 8316 * Installation of keystone done
 8317 * corrects charset=utf=8
 8318 * Working on echo server
 8319 * one more push
 8320 * move the template code from bottle into a separate file:
 8321 * modified auth\_server.py
 8322 * Added echod and renamed echo.py to server.py
 8323 * Minor cleanup + pep8
 8324 * merging changes from sai branch
 8325 * saving changes to auth\_server.py
 8326 * get version implementation s Please enter the commit message for your changes. Lines starting
 8327 * get\_version\_info is still not working
 8328 * in the middle of get\_version\_info
 8329 * Modified test\_identity
 8330 * removed .auth.serve.py.swp
 8331 * Added some more functions through Routes and mapper
 8332 * Update for Abdul
 8333 * My Changes part 2
 8334 * modified Resposne to resp=Response()
 8335 * My Changes
 8336 * minor tweak
 8337 * Some more cleaning up of git merges
 8338 * Cleaning up of git merges
 8339 * Added glance type of eventlet, because of its plug and play which meets the need of running everything independently if needed
 8340 * pep8 and fixes
 8341 * Readme updates
 8342 * Removed keystone.db - should be generated by ORM
 8343 * Removed extra files from last commit
 8344 * Removed Global groups tests, which still needs to be tested. Updated README on how to run unit test
 8345 * Deleted keystone.db
 8346 * Merged pagination
 8347 * Git problems - lingering commit
 8348 * Renamed identity.py to server.py and added bin directory
 8349 * Adding router to requires. Updating standards in HACKING. Removing schema (generated from ORM)
 8350 * Added pagination functionality and tenant\_group functionality with unit tests
 8351 * Removing unused imports
 8352 * Removing unused function
 8353 * unwanted file
 8354 * added the code that would go to hussein repo
 8355 * Added tenant groups in identity, created test cases for tenant groups
 8356 * Added latest changes to sirish branch with pagination for get tenants
 8357 * Annotate TODOs
 8358 * argument handling in echo.py
 8359 * getting pep8-y with it
 8360 * Merged conflicts
 8361 * Basic auth and refactor
 8362 * more pep8
 8363 * testing merging
 8364 * get \_tenants pagination updates
 8365 * Merging keystone code
 8366 * Basic Auth support
 8367 * 17: query extension works
 8368 * Issue 17: Adding tests
 8369 * removed \r chararcter from unit directory
 8370 * removed windows newline characters from management folder
 8371 * removed unwanted files
 8372 * Adding First kestone repo
 8373 * Add Description File
 8374 * sai added by sai
 8375 * Foo2
 8376 * Foo
 8377 * Initial
 8378 * Minor changes + call using WSGI instead of bottle
 8379 * Restored remoteauth
 8380 * Reverted accidental(?) WADL deletion >:-(
 8381 * Renamed protocol modules to auth\_[type] Renamed PAPIAuth to RemoteAuth - better documented it and added redirect to auth\_token (to stop using this) Cleaned up ini files and ini file handling (removed hard-coded defaults)
 8382 * simple json cleanups for tests
 8383 * pep8-ize
 8384 * Added protocol stubs (openid and basic auth)
 8385 * Renamed delegated to 'delay\_auth\_decision' Remove PAPIAuth Rename folder to Auth\_protocols (that is where we add protocol components)Get\_request -> get\_content Make protocol module more generic (prepare for superclassing and multiple protocol support Refactor Auth\_protocol\_token If no token, bail out quick (clearer) same with if app Break out headers: - here is what is coming in - here is what we add - explain the X in headers: extended header
 8386 * Updated Readme, and added TODO
 8387 * Added XML/Json tests to the identity and updated the README
 8388 * Fixed issue with standalone install
 8389 * Updated readme
 8390 * Fixed remote proxy issue
 8391 * draft remote proxy: needs fixing
 8392 * Updated readme and echo\_client
 8393 * Adding remote echo ini file
 8394 * Fixes to middleware, ini parameters, and support for running echo remotely
 8395 * replaced localhost with config
 8396 * modifide middleware; echo\_client works
 8397 * Fixing and documenting middleware
 8398 * Merged pull request #30 from cloudbuilders/master
 8399 * Updated management scripts to use SQLAlchemy
 8400 * Fixed SQLAlchemy db location to keystone directory
 8401 * Added unit tests and updated the README.md on how to run it
 8402 * made echo test work
 8403 * get\_request is actually init model from request contents
 8404 * missed simplejson assumption
 8405 * finish removing simplejson
 8406 * pythonizing
 8407 * update fault to be pythonic
 8408 * remove unpythonic properties from atom and tenant
 8409 * error decorator and logging unhandled errors
 8410 * missed auth\_data
 8411 * fix typos
 8412 * more pythonic
 8413 * we don't need properties yet
 8414 * use string formating
 8415 * use relative import in init
 8416 * fixed paste configs to run without eggs
 8417 * Fixed mistake in port for echo service
 8418 * Added echo\_client.py
 8419 * keystone.db should be in keystone dir
 8420 * pep8 / whitespace
 8421 * gitignore pyc files
 8422 * split out running and installing sections in readme
 8423 * allow apps to be run without setup.py
 8424 * add command for test database to readme
 8425 * echo has a separate setup.py
 8426 * httplib2 isn't used
 8427 * spacing
 8428 * add httplib2 to deps and sort them
 8429 * Added pip-requires and updated readme to include missing deps
 8430 * explict installs for python libraries
 8431 * update readme formating
 8432 * update readme to be markdown
 8433 * Updated readme
 8434 * Doc fixes
 8435 * Friendly error message if a user is not associated with a tenant
 8436 * Ensure schema complience assertion is on in all tests
 8437 * Whoops, details element is optional in faults
 8438 * Remove identity (1) stuff and renamed identity2 to identity
 8439 * Added wadl and xsd contract links
 8440 * Adjust reletive links in schema
 8441 * Comment seperators
 8442 * Init version links
 8443 * Initial version support
 8444 * Initial extensions support
 8445 * Initial update tenant
 8446 * Make sure we don't delete non-empty tenants
 8447 * Initial delete tenant
 8448 * Initial getTenant
 8449 * Minor updates to tests
 8450 * Initial implementation of get tenants
 8451 * added unit tests in test/unit/test\_keystone.py
 8452 * Initial create tenant
 8453 * Minor bug when serializing tenant to JSON
 8454 * Schema update
 8455 * Whoops forgot 409 in JSON as well!
 8456 * Whoops missed 409 on create tenant
 8457 * setup.py fix
 8458 * Minor fixes
 8459 * pep-8 cleanup of model
 8460 * More pep-8 cleanup
 8461 * Minor fixes
 8462 * Some pep-8 cleanup
 8463 * Initial revoke token
 8464 * Initial support for authenticate
 8465 * Whoops, bad user data
 8466 * Initial working validate token
 8467 * Whoops need to convert datetimes to iso format
 8468 * Test updates
 8469 * tokenId should not be a string!
 8470 * Cleaned up validate token call
 8471 * Full check admin token with soap ui tests
 8472 * Some SQL testing scripts
 8473 * Initial check admin token from db
 8474 * made identity.py pep8 compliant
 8475 * Better error handling
 8476 * Initial full response to authenticate token, still having issues with errors
 8477 * Stubb for token calls
 8478 * Initial prototype of default token based auth protocol
 8479 * Initial deserialization of tenant
 8480 * Initial deserialization of password credentials
 8481 * SQL Alchemy additions: Token
 8482 * SQL Alchemy additions
 8483 * Whoops pep8
 8484 * Output serialization of faults
 8485 * XML and JSON rendering on tenant/s
 8486 * Translations of auth to XML and JSON
 8487 * Sample service.py with sqlalchemy
 8488 * Fixed relative path issue
 8489 * sqlalchemy draft
 8490 * Initial service.py
 8491 * Cleaned up setup.py
 8492 * Added collections
 8493 * Initial atom link type
 8494 * Initial fault type
 8495 * Initial tenant type
 8496 * PEP-8 for echo.py
 8497 * Initial auth types
 8498 * Readme update
 8499 * Fixed identity.py and some styling
 8500 * Minor updates
 8501 * Keystone WSGI and eventlet
 8502 * Corrected how to run echo service
 8503 * Replaced paster with eventlet for echo service
 8504 * Added create tables in README and modified keystone.db to reflect the new schema
 8505 * Merged identity functions second time
 8506 * Sync
 8507 * Whoops should have never checked this in
 8508 * all management files except user add and delete from group
 8509 * Management files except for add/delete user from group
 8510 * Updated README
 8511 * Setup PasteDeploy and configured PAPIAuth
 8512 * reorganization of files
 8513 * Add SOAPUI projects
 8514 * Resolved Conflicts
 8515 * Removed Conflicts
 8516 * dos2unix
 8517 * Deleted IDE files
 8518 * Importing from DevTeam
 8519 * Import from DevTeam
 8520 * updates DevTeam
 8521 * Code by Dev Team
 8522 * Added Power API Auth Middleware
 8523 * removed unused libraries
 8524 * Dev Team: validate\_token , create\_user ( created for test purpose) and update\_tenant
 8525 * Added to README
 8526 * Fixed bug in echo.py
 8527 * Whoops forgot auth header
 8528 * Instructions for soapUI
 8529 * Add WADL links for convenience
 8530 * Initial work into paste deploy...commen out for now
 8531 * Added echo.wadl
 8532 * Fixed for case with missing accept header
 8533 * Added content nagotiation
 8534 * Use XSL to convert
 8535 * Better quote handling
 8536 * Add JSON transform
 8537 * Whoops samples don't match
 8538 * XSD for echo service
 8539 * Initial echo service
 8540 * Updates to identity.py and README
 8541 * Added X-Auth-Token
 8542 * Added extensions
 8543 * Updated errors for extension requests
 8544 * Added getTenant, updateTenant, deleteTenant
 8545 * Added get and create tenants
 8546 * Initial WADL with token operations
 8547 * Added faults
 8548 * Remove refrences to usernameConflict and groupConflict
 8549 * Added common extensions
 8550 * Added api.xsd schema index
 8551 * Added XSD 1.1 and atom linking support
 8552 * Made the tenant xsd extensible
 8553 * Initial tenant xsd
 8554 * Made the token schema extensible
 8555 * Initial token schema
 8556 * Groups should have ids instead of names?
 8557 * Added Creating Tenants, JSON only
 8558 * Remove mention of service catalog
 8559 * Updated samples
 8560 * Updated pubdate
 8561 * Updates to intro section
 8562 * Updated concepts
 8563 * Better entities in document
 8564 * Removed init section from docs, we'll get to them later
 8565 * Added Dependencies section
 8566 * Added License & Create/Delete user management CLI
 8567 * Initial docs import
 8568 * Created DB with users table, simple schema
 8569 * first commit