diff --git a/Cargo.lock b/Cargo.lock index 1c75864f8..d7c9e6366 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4432,7 +4432,7 @@ dependencies = [ [[package]] name = "openstack-keystone" -version = "0.1.1" +version = "0.1.2" dependencies = [ "async-trait", "axum", @@ -4529,7 +4529,7 @@ dependencies = [ [[package]] name = "openstack-keystone-api-types" -version = "0.1.0" +version = "0.1.1" dependencies = [ "axum", "base64 0.22.1", @@ -4683,7 +4683,7 @@ dependencies = [ [[package]] name = "openstack-keystone-core" -version = "0.1.1" +version = "0.1.2" dependencies = [ "argon2", "async-trait", @@ -4776,7 +4776,7 @@ dependencies = [ [[package]] name = "openstack-keystone-distributed-storage" -version = "0.1.0" +version = "0.1.1" dependencies = [ "async-trait", "byteorder", diff --git a/Cargo.toml b/Cargo.toml index 87545da67..4f0de6f98 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -109,10 +109,10 @@ openstack-keystone-appcred-driver-sql = { version = "0.1", path = "crates/appcre openstack-keystone-assignment-driver-sql = { version = "0.1", path = "crates/assignment-driver-sql/" } openstack-keystone-catalog-driver-sql = { version = "0.1", path = "crates/catalog-driver-sql/" } openstack-keystone-config = { version = "0.1.0", path = "crates/config"} -openstack-keystone-core = { version = "0.1.0", path = "crates/core" } -openstack-keystone-core-types = { version = "0.1.0", path = "crates/core-types" } +openstack-keystone-core = { version = "0.1.2", path = "crates/core" } +openstack-keystone-core-types = { version = "0.1.1", path = "crates/core-types" } openstack-keystone-credential-driver-sql = { version = "0.1", path = "crates/credential-driver-sql/" } -openstack-keystone-distributed-storage = { version = "0.1.0", path = "crates/storage"} +openstack-keystone-distributed-storage = { version = "0.1.1", path = "crates/storage"} openstack-keystone-dynamic-plugin-runtime = { version = "0.1.0", path = "crates/dynamic-plugin-runtime" } openstack-keystone-storage-api = { version = "0.1.0", path = "crates/storage-api" } openstack-keystone-storage-crypto = { version = "0.1.0", path = "crates/storage-crypto" } @@ -129,7 +129,7 @@ openstack-keystone-resource-driver-sql = { version = "0.1", path = "crates/resou openstack-keystone-revoke-driver-sql = { version = "0.1", path = "crates/revoke-driver-sql/" } openstack-keystone-role-driver-sql = { version = "0.1", path = "crates/role-driver-sql/" } openstack-keystone-scim-driver-raft = { version = "0.1", path = "crates/scim-driver-raft/" } -openstack-keystone-token-driver-fernet = { version = "0.1.0", path = "crates/token-driver-fernet" } +openstack-keystone-token-driver-fernet = { version = "0.1.1", path = "crates/token-driver-fernet" } openstack-keystone-token-restriction-driver-sql = { version = "0.1", path = "crates/token-restriction-driver-sql/" } openstack-keystone-trust-driver-sql = { version = "0.1", path = "crates/trust-driver-sql/" } openstack-keystone-webauthn = { version = "0.1", path = "crates/webauthn/"} diff --git a/crates/api-key-driver-raft/CHANGELOG.md b/crates/api-key-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..6b8a7b3db --- /dev/null +++ b/crates/api-key-driver-raft/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-api-key-driver-raft-v0.1.0) - 2026-07-08 + +### Added + +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) diff --git a/crates/api-types/CHANGELOG.md b/crates/api-types/CHANGELOG.md new file mode 100644 index 000000000..f00b217c2 --- /dev/null +++ b/crates/api-types/CHANGELOG.md @@ -0,0 +1,51 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-api-types-v0.1.0...openstack-keystone-api-types-v0.1.1) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Add system-user-role assignments API ([#762](https://github.com/openstack-experimental/keystone/pull/762)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add api to list user roles on project ([#639](https://github.com/openstack-experimental/keystone/pull/639)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) + +### Fixed + +- Unify ApiClient scope validation, fix nextest filter ([#947](https://github.com/openstack-experimental/keystone/pull/947)) +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- *(tests)* Reorganize integration_api tests ([#815](https://github.com/openstack-experimental/keystone/pull/815)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) diff --git a/crates/api-types/Cargo.toml b/crates/api-types/Cargo.toml index 2eea30458..b0ea54119 100644 --- a/crates/api-types/Cargo.toml +++ b/crates/api-types/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-api-types" description = "OpenStack Keystone API types" -version = "0.1.0" +version = "0.1.1" rust-version.workspace = true edition.workspace = true license.workspace = true diff --git a/crates/appcred-driver-sql/CHANGELOG.md b/crates/appcred-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..61fc43b6f --- /dev/null +++ b/crates/appcred-driver-sql/CHANGELOG.md @@ -0,0 +1,21 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-appcred-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- *(core)* Eliminate XxxProvider enums ([#830](https://github.com/openstack-experimental/keystone/pull/830)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/assignment-driver-sql/CHANGELOG.md b/crates/assignment-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..b106a0b85 --- /dev/null +++ b/crates/assignment-driver-sql/CHANGELOG.md @@ -0,0 +1,28 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-assignment-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) diff --git a/crates/audit/CHANGELOG.md b/crates/audit/CHANGELOG.md new file mode 100644 index 000000000..2aa303c0f --- /dev/null +++ b/crates/audit/CHANGELOG.md @@ -0,0 +1,16 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-audit-v0.1.0) - 2026-07-08 + +### Added + +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) diff --git a/crates/catalog-driver-sql/CHANGELOG.md b/crates/catalog-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..b36db9759 --- /dev/null +++ b/crates/catalog-driver-sql/CHANGELOG.md @@ -0,0 +1,28 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-catalog-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/cli-manage/CHANGELOG.md b/crates/cli-manage/CHANGELOG.md new file mode 100644 index 000000000..55ffd9e69 --- /dev/null +++ b/crates/cli-manage/CHANGELOG.md @@ -0,0 +1,35 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-cli-manage-v0.1.0) - 2026-07-08 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- *(cli)* Add cli storage subcommands per ADR 0016-v2 ([#850](https://github.com/openstack-experimental/keystone/pull/850)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Unify sea-orm features ([#769](https://github.com/openstack-experimental/keystone/pull/769)) diff --git a/crates/config/CHANGELOG.md b/crates/config/CHANGELOG.md new file mode 100644 index 000000000..f7d0e48fa --- /dev/null +++ b/crates/config/CHANGELOG.md @@ -0,0 +1,58 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-config-v0.1.0) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- Start ADR 0025 immplementation ([#911](https://github.com/openstack-experimental/keystone/pull/911)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add SO_PEERCRED peer credential validation ([#775](https://github.com/openstack-experimental/keystone/pull/775)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Enforce minimum range boundaries for security +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add keystone container with opa and policies ([#738](https://github.com/openstack-experimental/keystone/pull/738)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- *(passkey)* Prevent user enumeration ([#905](https://github.com/openstack-experimental/keystone/pull/905)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Replace Regex with str::find for db connection ([#760](https://github.com/openstack-experimental/keystone/pull/760)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) diff --git a/crates/core-types/CHANGELOG.md b/crates/core-types/CHANGELOG.md new file mode 100644 index 000000000..7d568daed --- /dev/null +++ b/crates/core-types/CHANGELOG.md @@ -0,0 +1,61 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-core-types-v0.1.1) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 4 (protocol surface completion) ([#929](https://github.com/openstack-experimental/keystone/pull/929)) +- *(scim)* ADR 0024 - Phase 3 ([#928](https://github.com/openstack-experimental/keystone/pull/928)) +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Expand role info in `expand_implied_roles` ([#730](https://github.com/openstack-experimental/keystone/pull/730)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Unify ApiClient scope validation, fix nextest filter ([#947](https://github.com/openstack-experimental/keystone/pull/947)) +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Unify state initialization in test ([#642](https://github.com/openstack-experimental/keystone/pull/642)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) diff --git a/crates/core/CHANGELOG.md b/crates/core/CHANGELOG.md new file mode 100644 index 000000000..afa29785f --- /dev/null +++ b/crates/core/CHANGELOG.md @@ -0,0 +1,100 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.2](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-core-v0.1.1...openstack-keystone-core-v0.1.2) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 4 (protocol surface completion) ([#929](https://github.com/openstack-experimental/keystone/pull/929)) +- *(scim)* ADR 0024 - Phase 3 ([#928](https://github.com/openstack-experimental/keystone/pull/928)) +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Add timing attack protection and failed auth tracking ([#758](https://github.com/openstack-experimental/keystone/pull/758)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Normalize the policy enforcer structure ([#741](https://github.com/openstack-experimental/keystone/pull/741)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Expand role info in `expand_implied_roles` ([#730](https://github.com/openstack-experimental/keystone/pull/730)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Talk to OPA over unix socket ([#701](https://github.com/openstack-experimental/keystone/pull/701)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) + +### Fixed + +- Unify ApiClient scope validation, fix nextest filter ([#947](https://github.com/openstack-experimental/keystone/pull/947)) +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- *(core)* Eliminate mapping race condition ([#876](https://github.com/openstack-experimental/keystone/pull/876)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- *(auth)* Close admin SVID impersonation gap ([#833](https://github.com/openstack-experimental/keystone/pull/833)) + +### Other + +- *(deps)* bump scrypt from 0.11.0 to 0.12.0 ([#923](https://github.com/openstack-experimental/keystone/pull/923)) +- Reorganize dockerfile and deps ([#857](https://github.com/openstack-experimental/keystone/pull/857)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- *(core)* Eliminate XxxProvider enums ([#830](https://github.com/openstack-experimental/keystone/pull/830)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- *(deps)* bump hmac from 0.12.1 to 0.13.0 ([#801](https://github.com/openstack-experimental/keystone/pull/801)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Consolidate password update flows ([#778](https://github.com/openstack-experimental/keystone/pull/778)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* bump jsonwebtoken from 10.3.0 to 10.4.0 ([#707](https://github.com/openstack-experimental/keystone/pull/707)) +- Introduce dynamic plugins ([#643](https://github.com/openstack-experimental/keystone/pull/643)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split more drivers to separate crates ([#632](https://github.com/openstack-experimental/keystone/pull/632)) +- Drop unnecessary derives to help compilation ([#631](https://github.com/openstack-experimental/keystone/pull/631)) +- Drop unnecessary tracing directives ([#627](https://github.com/openstack-experimental/keystone/pull/627)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) +- Rework http client pool ([#629](https://github.com/openstack-experimental/keystone/pull/629)) +- Make assignment sql driver a standalone crate ([#626](https://github.com/openstack-experimental/keystone/pull/626)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621)) +- Split out token-fernet driver ([#620](https://github.com/openstack-experimental/keystone/pull/620)) +- Prepare slit out of the FernetTokenProvider ([#619](https://github.com/openstack-experimental/keystone/pull/619)) +- Move benchmark into the proper crate ([#614](https://github.com/openstack-experimental/keystone/pull/614)) diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml index e6a90abbb..3b034376c 100644 --- a/crates/core/Cargo.toml +++ b/crates/core/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-core" description = "OpenStack Keystone service" -version = "0.1.1" +version = "0.1.2" rust-version.workspace = true edition.workspace = true license.workspace = true diff --git a/crates/credential-driver-sql/CHANGELOG.md b/crates/credential-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..0c54afdd7 --- /dev/null +++ b/crates/credential-driver-sql/CHANGELOG.md @@ -0,0 +1,17 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-credential-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Enforce Null Key check at startup ([#913](https://github.com/openstack-experimental/keystone/pull/913)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) diff --git a/crates/dynamic-plugin-runtime/CHANGELOG.md b/crates/dynamic-plugin-runtime/CHANGELOG.md new file mode 100644 index 000000000..6d1c33c37 --- /dev/null +++ b/crates/dynamic-plugin-runtime/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-dynamic-plugin-runtime-v0.1.0) - 2026-07-08 + +### Added + +- Start ADR 0025 immplementation ([#911](https://github.com/openstack-experimental/keystone/pull/911)) diff --git a/crates/federation-driver-sql/CHANGELOG.md b/crates/federation-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..8594c296f --- /dev/null +++ b/crates/federation-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-federation-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/identity-driver-sql/CHANGELOG.md b/crates/identity-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..d386280aa --- /dev/null +++ b/crates/identity-driver-sql/CHANGELOG.md @@ -0,0 +1,33 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-identity-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 3 ([#928](https://github.com/openstack-experimental/keystone/pull/928)) +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add timing attack protection and failed auth tracking ([#758](https://github.com/openstack-experimental/keystone/pull/758)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Validate password complexity before storing password ([#845](https://github.com/openstack-experimental/keystone/pull/845)) +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Consolidate password update flows ([#778](https://github.com/openstack-experimental/keystone/pull/778)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/idmapping-driver-sql/CHANGELOG.md b/crates/idmapping-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..82432790c --- /dev/null +++ b/crates/idmapping-driver-sql/CHANGELOG.md @@ -0,0 +1,23 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-idmapping-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) diff --git a/crates/k8s-auth-driver-raft/CHANGELOG.md b/crates/k8s-auth-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..3cec9523c --- /dev/null +++ b/crates/k8s-auth-driver-raft/CHANGELOG.md @@ -0,0 +1,23 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-k8s-auth-driver-raft-v0.1.0) - 2026-07-08 + +### Added + +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) diff --git a/crates/k8s-auth-driver-sql/CHANGELOG.md b/crates/k8s-auth-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..d28a6d88b --- /dev/null +++ b/crates/k8s-auth-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-k8s-auth-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/key-repository/CHANGELOG.md b/crates/key-repository/CHANGELOG.md new file mode 100644 index 000000000..5feb10ebb --- /dev/null +++ b/crates/key-repository/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-key-repository-v0.1.0) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) diff --git a/crates/keystone/CHANGELOG.md b/crates/keystone/CHANGELOG.md new file mode 100644 index 000000000..7e2f95c07 --- /dev/null +++ b/crates/keystone/CHANGELOG.md @@ -0,0 +1,109 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.2](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-v0.1.1...openstack-keystone-v0.1.2) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 4 (protocol surface completion) ([#929](https://github.com/openstack-experimental/keystone/pull/929)) +- *(scim)* ADR 0024 - Phase 3 ([#928](https://github.com/openstack-experimental/keystone/pull/928)) +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Enforce Null Key check at startup ([#913](https://github.com/openstack-experimental/keystone/pull/913)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- *(api)* Capture client IP via ConnectInfo ([#842](https://github.com/openstack-experimental/keystone/pull/842)) +- *(api)* Normalize trailing slashes in paths ([#841](https://github.com/openstack-experimental/keystone/pull/841)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Add SO_PEERCRED peer credential validation ([#775](https://github.com/openstack-experimental/keystone/pull/775)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add system-user-role assignments API ([#762](https://github.com/openstack-experimental/keystone/pull/762)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add api to list user roles on project ([#639](https://github.com/openstack-experimental/keystone/pull/639)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Normalize the policy enforcer structure ([#741](https://github.com/openstack-experimental/keystone/pull/741)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add keystone container with opa and policies ([#738](https://github.com/openstack-experimental/keystone/pull/738)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Talk to OPA over unix socket ([#701](https://github.com/openstack-experimental/keystone/pull/701)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Pass resolved token to OPA policy checks ([#927](https://github.com/openstack-experimental/keystone/pull/927)) +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Stop swagger-ui redirect loop, split main() ([#899](https://github.com/openstack-experimental/keystone/pull/899)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- ADR-0002 compliance for policy enforcement ([#882](https://github.com/openstack-experimental/keystone/pull/882)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- *(auth)* Fix token-from-token auth bounds ([#810](https://github.com/openstack-experimental/keystone/pull/810)) + +### Other + +- *(ci)* Rework skaffold setup ([#871](https://github.com/openstack-experimental/keystone/pull/871)) +- Reorganize dockerfile and deps ([#857](https://github.com/openstack-experimental/keystone/pull/857)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Add SpiFFE Raft integration test by skaffold ([#854](https://github.com/openstack-experimental/keystone/pull/854)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(federation)* Drop openidconnect dependency ([#849](https://github.com/openstack-experimental/keystone/pull/849)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- *(tests)* Reorganize integration_api tests ([#815](https://github.com/openstack-experimental/keystone/pull/815)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Upgrade spiffe dependencies ([#805](https://github.com/openstack-experimental/keystone/pull/805)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Unify sea-orm features ([#769](https://github.com/openstack-experimental/keystone/pull/769)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* bump spiffe ([#709](https://github.com/openstack-experimental/keystone/pull/709)) +- *(deps)* bump spiffe-rustls-tokio from 0.2.0 to 0.3.0 ([#706](https://github.com/openstack-experimental/keystone/pull/706)) +- Add policy enforcement into group.v3 handler ([#685](https://github.com/openstack-experimental/keystone/pull/685)) +- Split api.v3.group handlers ([#679](https://github.com/openstack-experimental/keystone/pull/679)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split more drivers to separate crates ([#632](https://github.com/openstack-experimental/keystone/pull/632)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) +- Make assignment sql driver a standalone crate ([#626](https://github.com/openstack-experimental/keystone/pull/626)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621)) +- Split out token-fernet driver ([#620](https://github.com/openstack-experimental/keystone/pull/620)) +- Prepare slit out of the FernetTokenProvider ([#619](https://github.com/openstack-experimental/keystone/pull/619)) +- Move benchmark into the proper crate ([#614](https://github.com/openstack-experimental/keystone/pull/614)) diff --git a/crates/keystone/Cargo.toml b/crates/keystone/Cargo.toml index 33b69703e..68f172cf4 100644 --- a/crates/keystone/Cargo.toml +++ b/crates/keystone/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone" description = "OpenStack Keystone service" -version = "0.1.1" +version = "0.1.2" build = "build.rs" rust-version.workspace = true edition.workspace = true diff --git a/crates/mapping-driver-raft/CHANGELOG.md b/crates/mapping-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..eff23f859 --- /dev/null +++ b/crates/mapping-driver-raft/CHANGELOG.md @@ -0,0 +1,19 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-mapping-driver-raft-v0.1.0) - 2026-07-08 + +### Added + +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) diff --git a/crates/resource-driver-sql/CHANGELOG.md b/crates/resource-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..3d805f3d9 --- /dev/null +++ b/crates/resource-driver-sql/CHANGELOG.md @@ -0,0 +1,24 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-resource-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/revoke-driver-sql/CHANGELOG.md b/crates/revoke-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..202ab54dd --- /dev/null +++ b/crates/revoke-driver-sql/CHANGELOG.md @@ -0,0 +1,22 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-revoke-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/role-driver-sql/CHANGELOG.md b/crates/role-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..bfbeddf65 --- /dev/null +++ b/crates/role-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-role-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/scim-driver-raft/CHANGELOG.md b/crates/scim-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..a1c56746d --- /dev/null +++ b/crates/scim-driver-raft/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-scim-driver-raft-v0.1.0) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 4 (protocol surface completion) ([#929](https://github.com/openstack-experimental/keystone/pull/929)) +- *(scim)* ADR 0024 - Phase 1+2 ([#925](https://github.com/openstack-experimental/keystone/pull/925)) diff --git a/crates/storage-api/CHANGELOG.md b/crates/storage-api/CHANGELOG.md new file mode 100644 index 000000000..c1e41dfc6 --- /dev/null +++ b/crates/storage-api/CHANGELOG.md @@ -0,0 +1,25 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-api-v0.1.0) - 2026-07-08 + +### Added + +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) + +### Fixed + +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) diff --git a/crates/storage-crypto-pkcs11/CHANGELOG.md b/crates/storage-crypto-pkcs11/CHANGELOG.md new file mode 100644 index 000000000..60d4281a3 --- /dev/null +++ b/crates/storage-crypto-pkcs11/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-crypto-pkcs11-v0.1.0) - 2026-07-08 + +### Added + +- *(storage)* Add PKCS#11 KEK provider crate ([#917](https://github.com/openstack-experimental/keystone/pull/917)) diff --git a/crates/storage-crypto-tpm/CHANGELOG.md b/crates/storage-crypto-tpm/CHANGELOG.md new file mode 100644 index 000000000..2ecec85b1 --- /dev/null +++ b/crates/storage-crypto-tpm/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-crypto-tpm-v0.1.0) - 2026-07-08 + +### Added + +- *(storage)* Add PKCS#11 KEK provider crate ([#917](https://github.com/openstack-experimental/keystone/pull/917)) diff --git a/crates/storage-crypto/CHANGELOG.md b/crates/storage-crypto/CHANGELOG.md new file mode 100644 index 000000000..61ba65368 --- /dev/null +++ b/crates/storage-crypto/CHANGELOG.md @@ -0,0 +1,25 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-crypto-v0.1.0) - 2026-07-08 + +### Added + +- *(scim)* ADR 0024 - Phase 3 ([#928](https://github.com/openstack-experimental/keystone/pull/928)) +- *(storage)* Add PKCS#11 KEK provider crate ([#917](https://github.com/openstack-experimental/keystone/pull/917)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) diff --git a/crates/storage/CHANGELOG.md b/crates/storage/CHANGELOG.md new file mode 100644 index 000000000..17163bd79 --- /dev/null +++ b/crates/storage/CHANGELOG.md @@ -0,0 +1,62 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-distributed-storage-v0.1.0...openstack-keystone-distributed-storage-v0.1.1) - 2026-07-08 + +### Added + +- *(storage)* Add PKCS#11 KEK provider crate ([#917](https://github.com/openstack-experimental/keystone/pull/917)) +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- Implement background DEK re-encryption pipeline ([#898](https://github.com/openstack-experimental/keystone/pull/898)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- *(cli)* Add cli storage subcommands per ADR 0016-v2 ([#850](https://github.com/openstack-experimental/keystone/pull/850)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(adr)* Add updated revision of the DS ADR ([#795](https://github.com/openstack-experimental/keystone/pull/795)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add SetIndex/RemoveIndex storage commands ([#675](https://github.com/openstack-experimental/keystone/pull/675)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Add metadata for raft data ([#670](https://github.com/openstack-experimental/keystone/pull/670)) +- Add transaction support for Raft storage ([#669](https://github.com/openstack-experimental/keystone/pull/669)) +- Add initial benchmarks for the storage ([#668](https://github.com/openstack-experimental/keystone/pull/668)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Prepare raft storage promotion ([#659](https://github.com/openstack-experimental/keystone/pull/659)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Further polish storage crate ([#892](https://github.com/openstack-experimental/keystone/pull/892)) +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Add SpiFFE Raft integration test by skaffold ([#854](https://github.com/openstack-experimental/keystone/pull/854)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* Bump openraft to alpha17 ([#641](https://github.com/openstack-experimental/keystone/pull/641)) diff --git a/crates/storage/Cargo.toml b/crates/storage/Cargo.toml index 4c1cc37c8..d9546f2ea 100644 --- a/crates/storage/Cargo.toml +++ b/crates/storage/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-distributed-storage" description = "Keystone distributed storage based on the `openraft` and `fjall` database." -version = "0.1.0" +version = "0.1.1" edition.workspace = true license.workspace = true authors.workspace = true diff --git a/crates/token-driver-fernet/CHANGELOG.md b/crates/token-driver-fernet/CHANGELOG.md new file mode 100644 index 000000000..fd146a927 --- /dev/null +++ b/crates/token-driver-fernet/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-token-driver-fernet-v0.1.1) - 2026-07-08 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Fix msgpack decode and auth-method encoding bugs ([#895](https://github.com/openstack-experimental/keystone/pull/895)) diff --git a/crates/token-restriction-driver-sql/CHANGELOG.md b/crates/token-restriction-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..20426dcd5 --- /dev/null +++ b/crates/token-restriction-driver-sql/CHANGELOG.md @@ -0,0 +1,18 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-token-restriction-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/trust-driver-sql/CHANGELOG.md b/crates/trust-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..3ea404e77 --- /dev/null +++ b/crates/trust-driver-sql/CHANGELOG.md @@ -0,0 +1,18 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-trust-driver-sql-v0.1.0) - 2026-07-08 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/webauthn/CHANGELOG.md b/crates/webauthn/CHANGELOG.md new file mode 100644 index 000000000..a51cd9a70 --- /dev/null +++ b/crates/webauthn/CHANGELOG.md @@ -0,0 +1,48 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-webauthn-v0.1.0) - 2026-07-08 + +### Added + +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- Security improvements in the webauthn crate ([#838](https://github.com/openstack-experimental/keystone/pull/838)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add metadata for raft data ([#670](https://github.com/openstack-experimental/keystone/pull/670)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) + +### Fixed + +- *(passkey)* Prevent user enumeration ([#905](https://github.com/openstack-experimental/keystone/pull/905)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621))