Hello community,
here is the log from the commit of package openstack-keystone for
openSUSE:Factory checked in at 2013-08-07 20:47:10
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openstack-keystone (Old)
and /work/SRC/openSUSE:Factory/.openstack-keystone.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openstack-keystone"
Changes:
--------
--- /work/SRC/openSUSE:Factory/openstack-keystone/openstack-keystone.changes
2013-07-21 11:59:30.000000000 +0200
+++
/work/SRC/openSUSE:Factory/.openstack-keystone.new/openstack-keystone.changes
2013-08-07 20:47:12.000000000 +0200
@@ -0,0 +1,165 @@
+--------------------------------------------------------------------
+Fri Aug 2 23:59:55 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a293.ged1f967:
+ + Clear out the dependency registry between tests
+ + Handle circular dependencies
+ + Use dependency injection for assignment and identity
+ + use 'exc_info=True' instead of import traceback
+ + .gitignore eggs
+ + add OS-TRUST to links
+ + Sync DB models and migrations in keystone.assignment.backends.sql
+ + Update references with new Mailing List location
+ + V3 API need to check mandatory field when creating resources
+ + Clean up use of token_provider manager in tests
+ + Remove kwargs from manager calls where not needed.
+ + Imported Translations from Transifex
+ + Fix typo: Tenents -> Tenants
+ + Use oslo.sphinx and remove local copy of doc theme
+
+--------------------------------------------------------------------
+Thu Aug 1 23:38:01 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a265.g0368950:
+ + Use keystone.wsgi.Request for RequestClass
+ + Remove passwords from LDAP queries
+
+--------------------------------------------------------------------
+Thu Aug 1 00:03:58 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a261.gf1ac78c:
+ + Ec2 credentials table not created during testing
+ + Load backends before deploy app in client tests
+
+--------------------------------------------------------------------
+Wed Jul 31 00:04:20 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a257.g5958691:
+ + sql.Driver:authenticate() signatures should match
+
+--------------------------------------------------------------------
+Tue Jul 30 14:47:43 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a255.gc21b458:
+ + default token format/provider handling
+
+--------------------------------------------------------------------
+Mon Jul 29 23:50:12 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a253.g10fde8e:
+ + Clear cached engine when global engine changes
+ + Implement exception module i18n support
+
+--------------------------------------------------------------------
+Fri Jul 26 23:52:02 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a249.g97a5b49:
+ + Remove vestiges of Assignments from LDAP Identity Backend
+ + Scipped tests don't render as ERROR's
+
+--------------------------------------------------------------------
+Thu Jul 25 00:03:10 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a246.g0a40152:
+ + Fixing broken credential schema in sqlite.
+
+--------------------------------------------------------------------
+Tue Jul 23 23:55:12 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a245.gc6b7dd8:
+ + Deprecate kvs token backend
+ + Load app before loading legacy client in tests.
+ + Use assignment_api rather than assignment
+
+--------------------------------------------------------------------
+Mon Jul 22 00:22:50 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a240.g7fde605:
+ + Regenerate example PKI after change of defaults
+ + Return correct link for effective group roles in GET /role_assignments
+ + Deprecation warning for [signing] token_format
+ + Add [assignment].driver to sample config
+ + Remove an enumerate call
+ + Correct Spelling Mistake
+
+--------------------------------------------------------------------
+Thu Jul 18 23:48:41 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a228.g53ed50d:
+ + Support token_format for backward compatibility
+ + python3: Introduce py33 to tox.ini
+
+--------------------------------------------------------------------
+Wed Jul 17 23:49:24 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a225.gc42533f:
+ + grammar fixes in error messages
+ + update requires to prevent version cap
+
+--------------------------------------------------------------------
+Wed Jul 17 10:13:43 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a221.g2667c77:
+ + Change domain component value to org from com
+ + wsgi.BaseApplication and wsgi.Router factories should use **kwargs
+ + Python 3.x compatible use of print
+ + Add unittest for keystone.identity.backends.sql Models
+ + Don't use deprecated BaseException.message
+ + Implements Pluggable V2 Token Provider
+ + Implement role assignment inheritance (OS-INHERIT extension)
+ + Pluggable Remote User
+ + Fix XML rendering with empty auth payload.
+ + Implemented token creation without catalog response.
+ + Implement Token Binding.
+
+-------------------------------------------------------------------
+Mon Jul 15 23:34:54 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a202.gdec66cd:
+ + Implements Pluggable V3 Token Provider
+
+-------------------------------------------------------------------
+Sun Jul 14 23:51:17 UTC 2013 - [email protected]
+
+- Update to version 2013.2.a200.gdf63b9c:
+ + Add version so that pre-release versioning works
+
+-------------------------------------------------------------------
+Sat Jul 13 23:52:58 UTC 2013 - [email protected]
+
+- Update to version 2013.2.b1.198.g95a27a8:
+ + Register Extensions
+ + Sync-up crypto from oslo-incubator
+
+-------------------------------------------------------------------
+Fri Jul 12 23:53:00 UTC 2013 - [email protected]
+
+- Update to version 2013.2.b1.194.g85a5022:
+ + Add crypto dependency
+ + Sync install_venv_common from oslo
+ + Pass on arguments on Base.get_session
+ + Imported Translations from Transifex
+ + Mixed LDAP/SQL Backend.
+
+-------------------------------------------------------------------
+Thu Jul 11 23:55:05 UTC 2013 - [email protected]
+
+- Update to version 2013.2.b1.184.g41ca51c:
+ + Remove a useless arg in range()
+ + Rationalize how we get roles after authentication in the controllers
+ + Do not create LDAP Domains sub tree
+ + Remove context from get_token call in normalize_domain_id
+ + Use InnoDB for MySQL
+ + Move temporary test files into tests/tmp
+
+-------------------------------------------------------------------
+Tue Jul 9 23:55:53 UTC 2013 - [email protected]
+
+- Update to version 2013.2.b1.172.gfafdf07:
+ + assignment backend
+
+-------------------------------------------------------------------
+Tue Jul 9 16:44:01 UTC 2013 - [email protected]
+
+- add 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch
+
@@ -18,5 +182,0 @@
-
--------------------------------------------------------------------
-Mon Jul 8 11:40:08 UTC 2013 - [email protected]
-
-- switched default_catalog.templates to projects default which works
New:
----
0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openstack-keystone-doc.spec ++++++
--- /var/tmp/diff_new_pack.fdYqYT/_old 2013-08-07 20:47:13.000000000 +0200
+++ /var/tmp/diff_new_pack.fdYqYT/_new 2013-08-07 20:47:13.000000000 +0200
@@ -19,7 +19,7 @@
%define component keystone
Name: openstack-%{component}-doc
-Version: 2013.2.b1.171.gb556d8a
+Version: 2013.2.a293.ged1f967
Release: 0
Summary: OpenStack Identity Service (Keystone) - Documentation
License: Apache-2.0
@@ -30,6 +30,7 @@
BuildRequires: python-Sphinx
BuildRequires: python-base
BuildRequires: python-d2to1
+BuildRequires: python-oslo.sphinx
BuildRequires: python-pbr
BuildArch: noarch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@@ -42,12 +43,12 @@
This package contains documentation files for openstack-keystone.
%prep
-%setup -q -n keystone-2013.2.b1.171.gb556d8a
+%setup -q -n keystone-2013.2.a293.ged1f967
%openstack_cleanup_prep
%build
python setup.py build_sphinx
-rm -rf doc/build/html/.buildinfo # Remove unneeded files
+rm doc/build/html/.buildinfo # Remove unneeded files
%install
++++++ openstack-keystone.spec ++++++
--- /var/tmp/diff_new_pack.fdYqYT/_old 2013-08-07 20:47:13.000000000 +0200
+++ /var/tmp/diff_new_pack.fdYqYT/_new 2013-08-07 20:47:13.000000000 +0200
@@ -21,7 +21,7 @@
%define username openstack-%{component}
Name: openstack-%{component}
-Version: 2013.2.b1.171.gb556d8a
+Version: 2013.2.a293.ged1f967
Release: 0
Summary: OpenStack Identity Service (Keystone)
License: Apache-2.0
@@ -30,13 +30,16 @@
Source: keystone-master.tar.gz
Source1: %{name}.init
Source2: logging.conf
+Source3: default_catalog.templates
Source7: %{name}.logrotate
+Patch1: 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch
BuildRequires: openstack-suse-macros
BuildRequires: openstack-utils
BuildRequires: python-base
BuildRequires: python-d2to1
BuildRequires: python-distribute
BuildRequires: python-oslo.config
+BuildRequires: python-oslo.sphinx
BuildRequires: python-pbr
# Needed for %post section keystone-manage invocation:
BuildRequires: python-WebOb
@@ -81,7 +84,7 @@
Requires: python-PasteDeploy
Requires: python-Routes
Requires: python-SQLAlchemy >= 0.7.8
-Requires: python-WebOb >= 1.2.3
+Requires: python-WebOb >= 1.0.8
Requires: python-d2to1 >= 0.2.10
Requires: python-eventlet >= 0.9.12
Requires: python-greenlet
@@ -135,7 +138,8 @@
functionality of OpenStack Keystone.
%prep
-%setup -q -n keystone-2013.2.b1.171.gb556d8a
+%setup -q -n keystone-2013.2.a293.ged1f967
+%patch1 -p1
%openstack_cleanup_prep
%build
@@ -151,10 +155,10 @@
### configuration files
install -d -m 0755 %{buildroot}%{_sysconfdir}/keystone
cp %{SOURCE2} %{buildroot}%{_sysconfdir}/keystone/
+cp %{SOURCE3}
%{buildroot}%{_sysconfdir}/keystone/default_catalog.templates.sample
cp etc/keystone.conf.sample %{buildroot}%{_sysconfdir}/keystone/keystone.conf
cp etc/keystone-paste.ini %{buildroot}%{_sysconfdir}/keystone/
cp etc/policy.json %{buildroot}%{_sysconfdir}/keystone/
-cp etc/default_catalog.templates %{buildroot}%{_sysconfdir}/keystone/
install -p -D -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/%{name}
### init scripts
@@ -181,11 +185,9 @@
openstack-config --set %{keystone_conf} DEFAULT log_file keystone.log
openstack-config --set %{keystone_conf} DEFAULT log_dir /var/log/keystone
#TODO/FIXME(saschpe): Do we really want to use the file-based catalog or move
into DB by default?
-# project default is still file based catalog
openstack-config --set %{keystone_conf} catalog template_file
/etc/keystone/default_catalog.templates
openstack-config --set %{keystone_conf} catalog driver
keystone.catalog.backends.templated.TemplatedCatalog
#TODO/FIXME(saschpe): Do we want to use sqlite per default or demand
PostgreSQL right away?
-# project default is still sqlite
openstack-config --set %{keystone_conf} sql connection
sqlite:////var/lib/keystone/keystone.db
%pre
@@ -231,9 +233,8 @@
%config(noreplace) %attr(0640, root, %{groupname})
%{_sysconfdir}/%{component}/logging.conf
%config %{_sysconfdir}/%{component}/keystone-paste.ini
%config %{_sysconfdir}/%{component}/policy.json
-%config %{_sysconfdir}/%{component}/default_catalog.templates
%config(noreplace) %{_sysconfdir}/logrotate.d/%{name}
-%attr(0640, %{username}, %{groupname})
%{_sysconfdir}/%{component}/default_catalog.templates
+%attr(0640, %{username}, %{groupname})
%{_sysconfdir}/%{component}/default_catalog.templates.sample
%{_initddir}/%{name}
%{_sbindir}/rc%{name}
%{_bindir}/keystone-all
++++++ 0001-Make-pki_setup-work-with-OpenSSL-0.9.x.patch ++++++
>From a35786722531e0888a2fb5539f0bdd29494d187d Mon Sep 17 00:00:00 2001
From: Dirk Mueller <[email protected]>
Date: Tue, 9 Jul 2013 21:20:27 +0200
Subject: [PATCH] Make pki_setup work with OpenSSL 0.9.x
Support for "default" in default_md was only added
in "recent" OpenSSL versions. Use sha1 (which is what
"default" maps to anyway) for older openssl versions.
Also sync the generated openssl config file with
the defaults from OpenSSL 1.0 and newer.
Change-Id: I4ba79dbfdfc2df81cfb0f1edde23d3fbc1384637
---
keystone/common/openssl.py | 35 +++++++++++++++++++++++------------
1 file changed, 23 insertions(+), 12 deletions(-)
diff --git a/keystone/common/openssl.py b/keystone/common/openssl.py
index fa09e37..4e0469c 100644
--- a/keystone/common/openssl.py
+++ b/keystone/common/openssl.py
@@ -51,6 +51,7 @@ class BaseCertificateConfigure(object):
self.request_file_name = os.path.join(self.conf_dir, "req.pem")
self.ssl_dictionary = {'conf_dir': self.conf_dir,
'ca_cert': conf_obj.ca_certs,
+ 'default_md': 'default',
'ssl_config': self.ssl_config_file_name,
'ca_private_key': conf_obj.ca_key,
'request_file': self.request_file_name,
@@ -60,6 +61,16 @@ class BaseCertificateConfigure(object):
'valid_days': int(conf_obj.valid_days),
'cert_subject': conf_obj.cert_subject,
'ca_password': conf_obj.ca_password}
+
+ try:
+ # OpenSSL 1.0 and newer support default_md = default, olders do not
+ openssl_ver = environment.subprocess.Popen(
+ ['openssl', 'version'],
+ stdout=environment.subprocess.PIPE).stdout.read()
+ if "OpenSSL 0." in openssl_ver:
+ self.ssl_dictionary['default_md'] = 'sha1'
+ except environment.subprocess.CalledProcessError:
+ pass
self.ssl_dictionary.update(kwargs)
def _make_dirs(self, file_name):
@@ -198,7 +209,7 @@ new_certs_dir = $dir
serial = $dir/serial
database = $dir/index.txt
default_days = 365
-default_md = default # use public key default MD
+default_md = %(default_md)s
preserve = no
email_in_dn = no
nameopt = default_ca
@@ -218,35 +229,35 @@ emailAddress = optional
[ req ]
default_bits = 2048 # Size of keys
default_keyfile = key.pem # name of generated keys
-default_md = default # message digest algorithm
-string_mask = nombstr # permitted characters
+string_mask = utf8only # permitted characters
distinguished_name = req_distinguished_name
req_extensions = v3_req
+x509_extensions = v3_ca
[ req_distinguished_name ]
-0.organizationName = Organization Name (company)
-organizationalUnitName = Organizational Unit Name (department, division)
-emailAddress = Email Address
-emailAddress_max = 40
-localityName = Locality Name (city, district)
-stateOrProvinceName = State or Province Name (full name)
countryName = Country Name (2 letter code)
countryName_min = 2
countryName_max = 2
+stateOrProvinceName = State or Province Name (full name)
+localityName = Locality Name (city, district)
+0.organizationName = Organization Name (company)
+organizationalUnitName = Organizational Unit Name (department, division)
commonName = Common Name (hostname, IP, or your name)
commonName_max = 64
+emailAddress = Email Address
+emailAddress_max = 64
[ v3_ca ]
basicConstraints = CA:TRUE
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always,issuer
[ v3_req ]
basicConstraints = CA:FALSE
-subjectKeyIdentifier = hash
+keyUsage = nonRepudiation, digitalSignature, keyEncipherment
[ usr_cert ]
basicConstraints = CA:FALSE
subjectKeyIdentifier = hash
-authorityKeyIdentifier = keyid:always,issuer:always
+authorityKeyIdentifier = keyid:always
"""
--
1.8.3.1
++++++ default_catalog.templates ++++++
--- /var/tmp/diff_new_pack.fdYqYT/_old 2013-08-07 20:47:13.000000000 +0200
+++ /var/tmp/diff_new_pack.fdYqYT/_new 2013-08-07 20:47:13.000000000 +0200
@@ -17,10 +17,6 @@
catalog.RegionOne.volume.internalURL =
http://%SERVICE_HOST%:8776/v1/$(tenant_id)s
catalog.RegionOne.volume.name = Volume Service
-catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696
-catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696
-catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696
-catalog.RegionOne.network.name = Network Service
catalog.RegionOne.ec2.publicURL = http://%SERVICE_HOST%:8773/services/Cloud
catalog.RegionOne.ec2.adminURL = http://%SERVICE_HOST%:8773/services/Admin
@@ -33,8 +29,22 @@
catalog.RegionOne.s3.internalURL = http://%SERVICE_HOST%:%S3_SERVICE_PORT%
catalog.RegionOne.s3.name = S3 Service
-
-catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292/v1
-catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292/v1
-catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292/v1
+catalog.RegionOne.object_store.publicURL =
http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s
+catalog.RegionOne.object_store.adminURL = http://%SERVICE_HOST%:8080/";
+catalog.RegionOne.object_store.internalURL =
http://%SERVICE_HOST%:8080/v1/AUTH_$(tenant_id)s
+catalog.RegionOne.object_store.name = Swift Service
+
+catalog.RegionOne.network.publicURL = http://%SERVICE_HOST%:9696/
+catalog.RegionOne.network.adminURL = http://%SERVICE_HOST%:9696/
+catalog.RegionOne.network.internalURL = http://%SERVICE_HOST%:9696/
+catalog.RegionOne.network.name = Neutron Service
+
+catalog.RegionOne.image.publicURL = http://%SERVICE_HOST%:9292
+catalog.RegionOne.image.adminURL = http://%SERVICE_HOST%:9292
+catalog.RegionOne.image.internalURL = http://%SERVICE_HOST%:9292
catalog.RegionOne.image.name = Image Service
+
+catalog.RegionOne.orchestration.publicURL = http://%SERVICE_HOST%:8000/v1
+catalog.RegionOne.orchestration.adminURL = http://%SERVICE_HOST%:8000/v1
+catalog.RegionOne.orchestration.internalURL = http://%SERVICE_HOST%:8000/v1
+catalog.RegionOne.orchestration.name = Heat Service
++++++ keystone-master.tar.gz ++++++
++++ 46399 lines of diff (skipped)
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
