diff --git a/Cargo.lock b/Cargo.lock index 9cc23d662..0bed571c8 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -4335,7 +4335,7 @@ dependencies = [ [[package]] name = "openstack-keystone" -version = "0.1.1" +version = "0.1.2" dependencies = [ "async-trait", "axum", @@ -4431,7 +4431,7 @@ dependencies = [ [[package]] name = "openstack-keystone-api-types" -version = "0.1.0" +version = "0.1.1" dependencies = [ "axum", "base64 0.22.1", @@ -4585,7 +4585,7 @@ dependencies = [ [[package]] name = "openstack-keystone-core" -version = "0.1.1" +version = "0.1.2" dependencies = [ "argon2", "async-trait", @@ -4678,7 +4678,7 @@ dependencies = [ [[package]] name = "openstack-keystone-distributed-storage" -version = "0.1.0" +version = "0.1.1" dependencies = [ "async-trait", "byteorder", diff --git a/Cargo.toml b/Cargo.toml index 670484a67..09c4ecce2 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -106,10 +106,10 @@ openstack-keystone-appcred-driver-sql = { version = "0.1", path = "crates/appcre openstack-keystone-assignment-driver-sql = { version = "0.1", path = "crates/assignment-driver-sql/" } openstack-keystone-catalog-driver-sql = { version = "0.1", path = "crates/catalog-driver-sql/" } openstack-keystone-config = { version = "0.1.0", path = "crates/config"} -openstack-keystone-core = { version = "0.1.0", path = "crates/core" } -openstack-keystone-core-types = { version = "0.1.0", path = "crates/core-types" } +openstack-keystone-core = { version = "0.1.2", path = "crates/core" } +openstack-keystone-core-types = { version = "0.1.1", path = "crates/core-types" } openstack-keystone-credential-driver-sql = { version = "0.1", path = "crates/credential-driver-sql/" } -openstack-keystone-distributed-storage = { version = "0.1.0", path = "crates/storage"} +openstack-keystone-distributed-storage = { version = "0.1.1", path = "crates/storage"} openstack-keystone-dynamic-plugin-runtime = { version = "0.1.0", path = "crates/dynamic-plugin-runtime" } openstack-keystone-storage-api = { version = "0.1.0", path = "crates/storage-api" } openstack-keystone-storage-crypto = { version = "0.1.0", path = "crates/storage-crypto" } @@ -123,7 +123,7 @@ openstack-keystone-idmapping-driver-sql = { version = "0.1", path = "crates/idma openstack-keystone-resource-driver-sql = { version = "0.1", path = "crates/resource-driver-sql/" } openstack-keystone-revoke-driver-sql = { version = "0.1", path = "crates/revoke-driver-sql/" } openstack-keystone-role-driver-sql = { version = "0.1", path = "crates/role-driver-sql/" } -openstack-keystone-token-driver-fernet = { version = "0.1.0", path = "crates/token-driver-fernet" } +openstack-keystone-token-driver-fernet = { version = "0.1.1", path = "crates/token-driver-fernet" } openstack-keystone-token-restriction-driver-sql = { version = "0.1", path = "crates/token-restriction-driver-sql/" } openstack-keystone-trust-driver-sql = { version = "0.1", path = "crates/trust-driver-sql/" } openstack-keystone-webauthn = { version = "0.1", path = "crates/webauthn/"} diff --git a/crates/api-key-driver-raft/CHANGELOG.md b/crates/api-key-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..88e55b4b3 --- /dev/null +++ b/crates/api-key-driver-raft/CHANGELOG.md @@ -0,0 +1,15 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-api-key-driver-raft-v0.1.0) - 2026-07-04 + +### Added + +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) diff --git a/crates/api-types/CHANGELOG.md b/crates/api-types/CHANGELOG.md new file mode 100644 index 000000000..24d30eba0 --- /dev/null +++ b/crates/api-types/CHANGELOG.md @@ -0,0 +1,49 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-api-types-v0.1.0...openstack-keystone-api-types-v0.1.1) - 2026-07-04 + +### Added + +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Add system-user-role assignments API ([#762](https://github.com/openstack-experimental/keystone/pull/762)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add api to list user roles on project ([#639](https://github.com/openstack-experimental/keystone/pull/639)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- *(tests)* Reorganize integration_api tests ([#815](https://github.com/openstack-experimental/keystone/pull/815)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) diff --git a/crates/api-types/Cargo.toml b/crates/api-types/Cargo.toml index 2eea30458..b0ea54119 100644 --- a/crates/api-types/Cargo.toml +++ b/crates/api-types/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-api-types" description = "OpenStack Keystone API types" -version = "0.1.0" +version = "0.1.1" rust-version.workspace = true edition.workspace = true license.workspace = true diff --git a/crates/appcred-driver-sql/CHANGELOG.md b/crates/appcred-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..7d7676930 --- /dev/null +++ b/crates/appcred-driver-sql/CHANGELOG.md @@ -0,0 +1,21 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-appcred-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- *(core)* Eliminate XxxProvider enums ([#830](https://github.com/openstack-experimental/keystone/pull/830)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/assignment-driver-sql/CHANGELOG.md b/crates/assignment-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..4ef927f41 --- /dev/null +++ b/crates/assignment-driver-sql/CHANGELOG.md @@ -0,0 +1,28 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-assignment-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) diff --git a/crates/audit/CHANGELOG.md b/crates/audit/CHANGELOG.md new file mode 100644 index 000000000..be7b30290 --- /dev/null +++ b/crates/audit/CHANGELOG.md @@ -0,0 +1,16 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-audit-v0.1.0) - 2026-07-04 + +### Added + +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) diff --git a/crates/catalog-driver-sql/CHANGELOG.md b/crates/catalog-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..5c1412a64 --- /dev/null +++ b/crates/catalog-driver-sql/CHANGELOG.md @@ -0,0 +1,28 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-catalog-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/cli-manage/CHANGELOG.md b/crates/cli-manage/CHANGELOG.md new file mode 100644 index 000000000..676fb854f --- /dev/null +++ b/crates/cli-manage/CHANGELOG.md @@ -0,0 +1,35 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-cli-manage-v0.1.0) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- *(cli)* Add cli storage subcommands per ADR 0016-v2 ([#850](https://github.com/openstack-experimental/keystone/pull/850)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Unify sea-orm features ([#769](https://github.com/openstack-experimental/keystone/pull/769)) diff --git a/crates/config/CHANGELOG.md b/crates/config/CHANGELOG.md new file mode 100644 index 000000000..766910a60 --- /dev/null +++ b/crates/config/CHANGELOG.md @@ -0,0 +1,57 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-config-v0.1.0) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- Start ADR 0025 immplementation ([#911](https://github.com/openstack-experimental/keystone/pull/911)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add SO_PEERCRED peer credential validation ([#775](https://github.com/openstack-experimental/keystone/pull/775)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Enforce minimum range boundaries for security +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add keystone container with opa and policies ([#738](https://github.com/openstack-experimental/keystone/pull/738)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- *(passkey)* Prevent user enumeration ([#905](https://github.com/openstack-experimental/keystone/pull/905)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Replace Regex with str::find for db connection ([#760](https://github.com/openstack-experimental/keystone/pull/760)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) diff --git a/crates/core-types/CHANGELOG.md b/crates/core-types/CHANGELOG.md new file mode 100644 index 000000000..b4928d65a --- /dev/null +++ b/crates/core-types/CHANGELOG.md @@ -0,0 +1,57 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-core-types-v0.1.1) - 2026-07-04 + +### Added + +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Expand role info in `expand_implied_roles` ([#730](https://github.com/openstack-experimental/keystone/pull/730)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Unify state initialization in test ([#642](https://github.com/openstack-experimental/keystone/pull/642)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) diff --git a/crates/core/CHANGELOG.md b/crates/core/CHANGELOG.md new file mode 100644 index 000000000..91c1732ad --- /dev/null +++ b/crates/core/CHANGELOG.md @@ -0,0 +1,95 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.2](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-core-v0.1.1...openstack-keystone-core-v0.1.2) - 2026-07-04 + +### Added + +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Add access rule CRD to appcred provider ([#806](https://github.com/openstack-experimental/keystone/pull/806)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add endpoint CRUD to catalog provider ([#785](https://github.com/openstack-experimental/keystone/pull/785)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Validate password for compliance conformity ([#774](https://github.com/openstack-experimental/keystone/pull/774)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add region CRUD to catalog SQL driver ([#761](https://github.com/openstack-experimental/keystone/pull/761)) +- Add timing attack protection and failed auth tracking ([#758](https://github.com/openstack-experimental/keystone/pull/758)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Normalize the policy enforcer structure ([#741](https://github.com/openstack-experimental/keystone/pull/741)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Expand role info in `expand_implied_roles` ([#730](https://github.com/openstack-experimental/keystone/pull/730)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Talk to OPA over unix socket ([#701](https://github.com/openstack-experimental/keystone/pull/701)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- *(core)* Eliminate mapping race condition ([#876](https://github.com/openstack-experimental/keystone/pull/876)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- *(auth)* Close admin SVID impersonation gap ([#833](https://github.com/openstack-experimental/keystone/pull/833)) + +### Other + +- Reorganize dockerfile and deps ([#857](https://github.com/openstack-experimental/keystone/pull/857)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- *(core)* Eliminate XxxProvider enums ([#830](https://github.com/openstack-experimental/keystone/pull/830)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- *(deps)* bump hmac from 0.12.1 to 0.13.0 ([#801](https://github.com/openstack-experimental/keystone/pull/801)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Consolidate password update flows ([#778](https://github.com/openstack-experimental/keystone/pull/778)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* bump jsonwebtoken from 10.3.0 to 10.4.0 ([#707](https://github.com/openstack-experimental/keystone/pull/707)) +- Introduce dynamic plugins ([#643](https://github.com/openstack-experimental/keystone/pull/643)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split more drivers to separate crates ([#632](https://github.com/openstack-experimental/keystone/pull/632)) +- Drop unnecessary derives to help compilation ([#631](https://github.com/openstack-experimental/keystone/pull/631)) +- Drop unnecessary tracing directives ([#627](https://github.com/openstack-experimental/keystone/pull/627)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) +- Rework http client pool ([#629](https://github.com/openstack-experimental/keystone/pull/629)) +- Make assignment sql driver a standalone crate ([#626](https://github.com/openstack-experimental/keystone/pull/626)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621)) +- Split out token-fernet driver ([#620](https://github.com/openstack-experimental/keystone/pull/620)) +- Prepare slit out of the FernetTokenProvider ([#619](https://github.com/openstack-experimental/keystone/pull/619)) +- Move benchmark into the proper crate ([#614](https://github.com/openstack-experimental/keystone/pull/614)) diff --git a/crates/core/Cargo.toml b/crates/core/Cargo.toml index d25d48678..adbec95fe 100644 --- a/crates/core/Cargo.toml +++ b/crates/core/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-core" description = "OpenStack Keystone service" -version = "0.1.1" +version = "0.1.2" rust-version.workspace = true edition.workspace = true license.workspace = true diff --git a/crates/credential-driver-sql/CHANGELOG.md b/crates/credential-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..f270117a0 --- /dev/null +++ b/crates/credential-driver-sql/CHANGELOG.md @@ -0,0 +1,17 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-credential-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Enforce Null Key check at startup ([#913](https://github.com/openstack-experimental/keystone/pull/913)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) diff --git a/crates/dynamic-plugin-runtime/CHANGELOG.md b/crates/dynamic-plugin-runtime/CHANGELOG.md new file mode 100644 index 000000000..85bb6c08a --- /dev/null +++ b/crates/dynamic-plugin-runtime/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-dynamic-plugin-runtime-v0.1.0) - 2026-07-04 + +### Added + +- Start ADR 0025 immplementation ([#911](https://github.com/openstack-experimental/keystone/pull/911)) diff --git a/crates/federation-driver-sql/CHANGELOG.md b/crates/federation-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..e1e73ab69 --- /dev/null +++ b/crates/federation-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-federation-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/identity-driver-sql/CHANGELOG.md b/crates/identity-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..d5d2543d2 --- /dev/null +++ b/crates/identity-driver-sql/CHANGELOG.md @@ -0,0 +1,31 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-identity-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add timing attack protection and failed auth tracking ([#758](https://github.com/openstack-experimental/keystone/pull/758)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Validate password complexity before storing password ([#845](https://github.com/openstack-experimental/keystone/pull/845)) +- Align "extra" property handling ([#787](https://github.com/openstack-experimental/keystone/pull/787)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Consolidate password update flows ([#778](https://github.com/openstack-experimental/keystone/pull/778)) +- Further align workspace features ([#772](https://github.com/openstack-experimental/keystone/pull/772)) diff --git a/crates/idmapping-driver-sql/CHANGELOG.md b/crates/idmapping-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..706baedb9 --- /dev/null +++ b/crates/idmapping-driver-sql/CHANGELOG.md @@ -0,0 +1,23 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-idmapping-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) diff --git a/crates/k8s-auth-driver-raft/CHANGELOG.md b/crates/k8s-auth-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..74070d19c --- /dev/null +++ b/crates/k8s-auth-driver-raft/CHANGELOG.md @@ -0,0 +1,23 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-k8s-auth-driver-raft-v0.1.0) - 2026-07-04 + +### Added + +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) diff --git a/crates/k8s-auth-driver-sql/CHANGELOG.md b/crates/k8s-auth-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..727ad4935 --- /dev/null +++ b/crates/k8s-auth-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-k8s-auth-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/key-repository/CHANGELOG.md b/crates/key-repository/CHANGELOG.md new file mode 100644 index 000000000..6971779c6 --- /dev/null +++ b/crates/key-repository/CHANGELOG.md @@ -0,0 +1,14 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-key-repository-v0.1.0) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) diff --git a/crates/keystone/CHANGELOG.md b/crates/keystone/CHANGELOG.md new file mode 100644 index 000000000..4c4447ccd --- /dev/null +++ b/crates/keystone/CHANGELOG.md @@ -0,0 +1,105 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.2](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-v0.1.1...openstack-keystone-v0.1.2) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- *(credential)* Enforce Null Key check at startup ([#913](https://github.com/openstack-experimental/keystone/pull/913)) +- *(credential)* Implement Phase 3 of ADR 0019 ([#909](https://github.com/openstack-experimental/keystone/pull/909)) +- *(credential)* Implement ADR 0019 phases 1-2 ([#897](https://github.com/openstack-experimental/keystone/pull/897)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- Implement stateless SCIM ingress auth (ADR 0021) ([#891](https://github.com/openstack-experimental/keystone/pull/891)) +- *(audit)* Complete ADR-0023 audit implementation ([#887](https://github.com/openstack-experimental/keystone/pull/887)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- Audit framework (ADR-0023) phase 3 ([#880](https://github.com/openstack-experimental/keystone/pull/880)) +- *(auth)* Password hashing parity with Python Keystone ([#859](https://github.com/openstack-experimental/keystone/pull/859)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- Migrate federation to new mapping engine ([#839](https://github.com/openstack-experimental/keystone/pull/839)) +- *(api)* Capture client IP via ConnectInfo ([#842](https://github.com/openstack-experimental/keystone/pull/842)) +- *(api)* Normalize trailing slashes in paths ([#841](https://github.com/openstack-experimental/keystone/pull/841)) +- ADR-0020 mapping phase 4 ([#818](https://github.com/openstack-experimental/keystone/pull/818)) +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Add service CRUD to the catalog provider ([#773](https://github.com/openstack-experimental/keystone/pull/773)) +- Add SO_PEERCRED peer credential validation ([#775](https://github.com/openstack-experimental/keystone/pull/775)) +- Return 401 on roleless scoped contexts ([#742](https://github.com/openstack-experimental/keystone/pull/742)) +- Add system-user-role assignments API ([#762](https://github.com/openstack-experimental/keystone/pull/762)) +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Add api to list user roles on project ([#639](https://github.com/openstack-experimental/keystone/pull/639)) +- Add domain CRUD operations ([#743](https://github.com/openstack-experimental/keystone/pull/743)) +- Add spiffe binding API ([#740](https://github.com/openstack-experimental/keystone/pull/740)) +- Normalize the policy enforcer structure ([#741](https://github.com/openstack-experimental/keystone/pull/741)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Add keystone container with opa and policies ([#738](https://github.com/openstack-experimental/keystone/pull/738)) +- Add Admin interface over the UDS ([#735](https://github.com/openstack-experimental/keystone/pull/735)) +- Add spiffe provider ([#733](https://github.com/openstack-experimental/keystone/pull/733)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Talk to OPA over unix socket ([#701](https://github.com/openstack-experimental/keystone/pull/701)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Stop swagger-ui redirect loop, split main() ([#899](https://github.com/openstack-experimental/keystone/pull/899)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) +- ADR-0002 compliance for policy enforcement ([#882](https://github.com/openstack-experimental/keystone/pull/882)) +- *(k8s_auth)* Flatten k8s.aud claim from JWT TokenReview ([#834](https://github.com/openstack-experimental/keystone/pull/834)) +- *(auth)* Fix token-from-token auth bounds ([#810](https://github.com/openstack-experimental/keystone/pull/810)) + +### Other + +- *(ci)* Rework skaffold setup ([#871](https://github.com/openstack-experimental/keystone/pull/871)) +- Reorganize dockerfile and deps ([#857](https://github.com/openstack-experimental/keystone/pull/857)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Add SpiFFE Raft integration test by skaffold ([#854](https://github.com/openstack-experimental/keystone/pull/854)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(federation)* Drop openidconnect dependency ([#849](https://github.com/openstack-experimental/keystone/pull/849)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) +- *(tests)* Reorganize integration_api tests ([#815](https://github.com/openstack-experimental/keystone/pull/815)) +- mapping engine phase 3 - migrate SPIFFE ([#811](https://github.com/openstack-experimental/keystone/pull/811)) +- Upgrade spiffe dependencies ([#805](https://github.com/openstack-experimental/keystone/pull/805)) +- Rename identity_mapping to idmapping ([#788](https://github.com/openstack-experimental/keystone/pull/788)) +- Unify sea-orm features ([#769](https://github.com/openstack-experimental/keystone/pull/769)) +- Make resolve_implied_roles optional ([#764](https://github.com/openstack-experimental/keystone/pull/764)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* bump spiffe ([#709](https://github.com/openstack-experimental/keystone/pull/709)) +- *(deps)* bump spiffe-rustls-tokio from 0.2.0 to 0.3.0 ([#706](https://github.com/openstack-experimental/keystone/pull/706)) +- Add policy enforcement into group.v3 handler ([#685](https://github.com/openstack-experimental/keystone/pull/685)) +- Split api.v3.group handlers ([#679](https://github.com/openstack-experimental/keystone/pull/679)) +- Small optimization of the derives ([#638](https://github.com/openstack-experimental/keystone/pull/638)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Split out remaining sql drivers ([#633](https://github.com/openstack-experimental/keystone/pull/633)) +- Split more drivers to separate crates ([#632](https://github.com/openstack-experimental/keystone/pull/632)) +- Split config into standalone crate ([#628](https://github.com/openstack-experimental/keystone/pull/628)) +- Make assignment sql driver a standalone crate ([#626](https://github.com/openstack-experimental/keystone/pull/626)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Slim down api-types crate ([#622](https://github.com/openstack-experimental/keystone/pull/622)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621)) +- Split out token-fernet driver ([#620](https://github.com/openstack-experimental/keystone/pull/620)) +- Prepare slit out of the FernetTokenProvider ([#619](https://github.com/openstack-experimental/keystone/pull/619)) +- Move benchmark into the proper crate ([#614](https://github.com/openstack-experimental/keystone/pull/614)) diff --git a/crates/keystone/Cargo.toml b/crates/keystone/Cargo.toml index a3ac4c378..53c99f0a4 100644 --- a/crates/keystone/Cargo.toml +++ b/crates/keystone/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone" description = "OpenStack Keystone service" -version = "0.1.1" +version = "0.1.2" build = "build.rs" rust-version.workspace = true edition.workspace = true diff --git a/crates/mapping-driver-raft/CHANGELOG.md b/crates/mapping-driver-raft/CHANGELOG.md new file mode 100644 index 000000000..c806f9b8c --- /dev/null +++ b/crates/mapping-driver-raft/CHANGELOG.md @@ -0,0 +1,19 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-mapping-driver-raft-v0.1.0) - 2026-07-04 + +### Added + +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) diff --git a/crates/resource-driver-sql/CHANGELOG.md b/crates/resource-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..26f13c04a --- /dev/null +++ b/crates/resource-driver-sql/CHANGELOG.md @@ -0,0 +1,24 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-resource-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Add bootstrap cli command ([#809](https://github.com/openstack-experimental/keystone/pull/809)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) + +### Other + +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/revoke-driver-sql/CHANGELOG.md b/crates/revoke-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..a9fc28ee9 --- /dev/null +++ b/crates/revoke-driver-sql/CHANGELOG.md @@ -0,0 +1,22 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-revoke-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/role-driver-sql/CHANGELOG.md b/crates/role-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..1e31129ef --- /dev/null +++ b/crates/role-driver-sql/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-role-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Add role-imply rest api ([#750](https://github.com/openstack-experimental/keystone/pull/750)) +- Add role imply API ([#749](https://github.com/openstack-experimental/keystone/pull/749)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/storage-api/CHANGELOG.md b/crates/storage-api/CHANGELOG.md new file mode 100644 index 000000000..6d6d005f4 --- /dev/null +++ b/crates/storage-api/CHANGELOG.md @@ -0,0 +1,25 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-api-v0.1.0) - 2026-07-04 + +### Added + +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) + +### Fixed + +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) + +### Other + +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) diff --git a/crates/storage-crypto/CHANGELOG.md b/crates/storage-crypto/CHANGELOG.md new file mode 100644 index 000000000..1040e126f --- /dev/null +++ b/crates/storage-crypto/CHANGELOG.md @@ -0,0 +1,23 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-storage-crypto-v0.1.0) - 2026-07-04 + +### Added + +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) diff --git a/crates/storage/CHANGELOG.md b/crates/storage/CHANGELOG.md new file mode 100644 index 000000000..11335e7bb --- /dev/null +++ b/crates/storage/CHANGELOG.md @@ -0,0 +1,61 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/compare/openstack-keystone-distributed-storage-v0.1.0...openstack-keystone-distributed-storage-v0.1.1) - 2026-07-04 + +### Added + +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- Implement background DEK re-encryption pipeline ([#898](https://github.com/openstack-experimental/keystone/pull/898)) +- ADR 0021 admin surface, simulate-access, and janitor ([#896](https://github.com/openstack-experimental/keystone/pull/896)) +- *(storage)* Cert validity and SVID TTL enforcement ([#886](https://github.com/openstack-experimental/keystone/pull/886)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- *(storage)* Add SPIFFE mTLS support to Raft gRPC ([#852](https://github.com/openstack-experimental/keystone/pull/852)) +- *(cli)* Add cli storage subcommands per ADR 0016-v2 ([#850](https://github.com/openstack-experimental/keystone/pull/850)) +- *(storage)* Complete ADR-0016-v2 ([#844](https://github.com/openstack-experimental/keystone/pull/844)) +- *(storage)* implement ADR 0016-v2 Phases 1-4 — encrypted storage with quarantine ([#840](https://github.com/openstack-experimental/keystone/pull/840)) +- *(mapping)* ADR-0020 phase 2 ([#807](https://github.com/openstack-experimental/keystone/pull/807)) +- *(adr)* Add updated revision of the DS ADR ([#795](https://github.com/openstack-experimental/keystone/pull/795)) +- *(mapping)* ADR-0020 (mapping engine) phase 1 ([#794](https://github.com/openstack-experimental/keystone/pull/794)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add SetIndex/RemoveIndex storage commands ([#675](https://github.com/openstack-experimental/keystone/pull/675)) +- Add basic healthcheck endpoint ([#671](https://github.com/openstack-experimental/keystone/pull/671)) +- Add metadata for raft data ([#670](https://github.com/openstack-experimental/keystone/pull/670)) +- Add transaction support for Raft storage ([#669](https://github.com/openstack-experimental/keystone/pull/669)) +- Add initial benchmarks for the storage ([#668](https://github.com/openstack-experimental/keystone/pull/668)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) +- Prepare raft storage promotion ([#659](https://github.com/openstack-experimental/keystone/pull/659)) +- Make raft storage available through state ([#657](https://github.com/openstack-experimental/keystone/pull/657)) +- Introduce the keystone-manage cli managing raft ([#656](https://github.com/openstack-experimental/keystone/pull/656)) + +### Fixed + +- Finalize ADR 0021 work ([#906](https://github.com/openstack-experimental/keystone/pull/906)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- Further polish storage crate ([#892](https://github.com/openstack-experimental/keystone/pull/892)) +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) +- Resolve raft replication state races ([#884](https://github.com/openstack-experimental/keystone/pull/884)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) +- *(core)* Remove spiffe crate dependency ([#858](https://github.com/openstack-experimental/keystone/pull/858)) +- Add SpiFFE Raft integration test by skaffold ([#854](https://github.com/openstack-experimental/keystone/pull/854)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- *(deps)* Bump openraft to alpha17 ([#641](https://github.com/openstack-experimental/keystone/pull/641)) diff --git a/crates/storage/Cargo.toml b/crates/storage/Cargo.toml index e5cb2919a..cc0437bba 100644 --- a/crates/storage/Cargo.toml +++ b/crates/storage/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "openstack-keystone-distributed-storage" description = "Keystone distributed storage based on the `openraft` and `fjall` database." -version = "0.1.0" +version = "0.1.1" edition.workspace = true license.workspace = true authors.workspace = true diff --git a/crates/token-driver-fernet/CHANGELOG.md b/crates/token-driver-fernet/CHANGELOG.md new file mode 100644 index 000000000..ba708511e --- /dev/null +++ b/crates/token-driver-fernet/CHANGELOG.md @@ -0,0 +1,20 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.1](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-token-driver-fernet-v0.1.1) - 2026-07-04 + +### Added + +- *(fernet)* Unify credential/token key repositories ([#915](https://github.com/openstack-experimental/keystone/pull/915)) +- Add user update functionality ([#747](https://github.com/openstack-experimental/keystone/pull/747)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Fixed + +- Fix msgpack decode and auth-method encoding bugs ([#895](https://github.com/openstack-experimental/keystone/pull/895)) diff --git a/crates/token-restriction-driver-sql/CHANGELOG.md b/crates/token-restriction-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..5f6fb42f0 --- /dev/null +++ b/crates/token-restriction-driver-sql/CHANGELOG.md @@ -0,0 +1,18 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-token-restriction-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/trust-driver-sql/CHANGELOG.md b/crates/trust-driver-sql/CHANGELOG.md new file mode 100644 index 000000000..794c35bdd --- /dev/null +++ b/crates/trust-driver-sql/CHANGELOG.md @@ -0,0 +1,18 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-trust-driver-sql-v0.1.0) - 2026-07-04 + +### Added + +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) + +### Other + +- Move jsonwebtoken to keystone crate ([#820](https://github.com/openstack-experimental/keystone/pull/820)) diff --git a/crates/webauthn/CHANGELOG.md b/crates/webauthn/CHANGELOG.md new file mode 100644 index 000000000..7c1b1a5e1 --- /dev/null +++ b/crates/webauthn/CHANGELOG.md @@ -0,0 +1,48 @@ +# Changelog + +All notable changes to this project will be documented in this file. + +The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), +and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). + +## [Unreleased] + +## [0.1.0](https://github.com/openstack-experimental/keystone/releases/tag/openstack-keystone-webauthn-v0.1.0) - 2026-07-04 + +### Added + +- Prepare PKCS#11/TPM KEK support in storage ([#907](https://github.com/openstack-experimental/keystone/pull/907)) +- *(audit)* Implement CADF audit framework Phase 2 ([#872](https://github.com/openstack-experimental/keystone/pull/872)) +- *(storage)* SPIFFE checks, RBAC, rate limiting, auto-join ([#861](https://github.com/openstack-experimental/keystone/pull/861)) +- *(storage)* Harden preflight and erase dev KEK ([#860](https://github.com/openstack-experimental/keystone/pull/860)) +- Security improvements in the webauthn crate ([#838](https://github.com/openstack-experimental/keystone/pull/838)) +- Add inter-provider event notification system ([#784](https://github.com/openstack-experimental/keystone/pull/784)) +- Make drivers more dynamic ([#737](https://github.com/openstack-experimental/keystone/pull/737)) +- Introduce SecurityContext ([#710](https://github.com/openstack-experimental/keystone/pull/710)) +- Add skeleton for the spiffe mTLS integration ([#695](https://github.com/openstack-experimental/keystone/pull/695)) +- Implement ConfigManager for config watching ([#691](https://github.com/openstack-experimental/keystone/pull/691)) +- Improve the code ([#686](https://github.com/openstack-experimental/keystone/pull/686)) +- Add k8s-auth raft driver ([#676](https://github.com/openstack-experimental/keystone/pull/676)) +- Add metadata for raft data ([#670](https://github.com/openstack-experimental/keystone/pull/670)) +- Add raft support under skaffold ([#667](https://github.com/openstack-experimental/keystone/pull/667)) +- Introduce raft backend for webauthn ([#658](https://github.com/openstack-experimental/keystone/pull/658)) + +### Fixed + +- *(passkey)* Prevent user enumeration ([#905](https://github.com/openstack-experimental/keystone/pull/905)) +- *(ci)* Prepare workflows for merge queue ([#902](https://github.com/openstack-experimental/keystone/pull/902)) +- *(webauthn)* Rotate raft ceremony-state keyspaces ([#890](https://github.com/openstack-experimental/keystone/pull/890)) + +### Other + +- *(deps)* Batch update dependencies ([#875](https://github.com/openstack-experimental/keystone/pull/875)) +- Wrap ServiceState under ExecutionContext ([#856](https://github.com/openstack-experimental/keystone/pull/856)) +- *(storage)* Decouple core from storage ([#832](https://github.com/openstack-experimental/keystone/pull/832)) +- Update raft drivers mocking ([#791](https://github.com/openstack-experimental/keystone/pull/791)) +- Add mock raft storage for unittest ([#790](https://github.com/openstack-experimental/keystone/pull/790)) +- Make core crates a workspace dependency ([#736](https://github.com/openstack-experimental/keystone/pull/736)) +- Redesign SecurityContext with two-phase validation ([#717](https://github.com/openstack-experimental/keystone/pull/717)) +- Split the core-types crate ([#640](https://github.com/openstack-experimental/keystone/pull/640)) +- Move assignment parameters resolution to driver ([#625](https://github.com/openstack-experimental/keystone/pull/625)) +- Introduce features in api-types crate ([#624](https://github.com/openstack-experimental/keystone/pull/624)) +- Split out webauthn into crate ([#621](https://github.com/openstack-experimental/keystone/pull/621))