2025.1 Series Release Notes¶

20.1.0-11¶

Added a new cron_triggers:publicize policy (admin_only) and enforcement on create when scope is public. Previously, the cron trigger POST endpoint hardcoded the scope to private and ignored the scope field from the request body, so cron triggers could never be created as public. The scope field is now properly passed through to the database.

Added a new dynamic_actions:publicize policy (admin_only) and enforcement on both create and update operations when scope is public. Previously, the dynamic actions POST endpoint did not persist the scope field and neither POST nor PUT enforced a publicize policy, allowing any user with create or update access to make dynamic actions public.

Added a new environments:publicize policy (admin_only) and enforcement on both create and update operations when scope is public. Previously, the environment POST endpoint did not accept the scope field in the request body and neither POST nor PUT enforced a publicize policy, allowing any user with update access to make environments public.

Added a new workbooks:publicize policy (admin_only) and enforcement on both create and update operations when scope is public. Previously, any project owner could make workbooks public as there was no publicize policy check on the workbook endpoints.

All code_sources and dynamic_actions API policies are now restricted to admin users only (admin_only). Previously, these policies defaulted to admin_or_owner, allowing any project owner to create, read, update, and delete code sources and dynamic actions. Operators who need to restore the previous behavior can override the relevant policies in their policy.yaml.

The publicize policy for workflows, actions, and event triggers is now restricted to admin users only (admin_only). Previously, any project owner could make these resources public. A new code_sources:publicize policy has also been added with the same admin_only default, and publicize checks are now enforced on both create and update operations for code sources and event triggers where they were previously missing.

Added mutually exclusive config options [action_providers]/allowlist and [action_providers]/denylist that can be used to filter what action providers is loaded.

Added mutually exclusive config options [legacy_action_provider]/allowlist and [legacy_action_provider]/denylist that can be used to filter what actions is loaded by the legacy action provider.

The action std.mistral_http will now retrun an error if the HTTP request fails. Previously the task would still go into the RUNNING state and wait to be completed by the external resource.

The coordination service inside mistral has been used only to list the mistral services list behind the endpoint v2/services. This feature is not enabled by default and needs a specific coordinator backend_url configuration to be set for mistral to answer the services list correctly. Coordination rely on the tooz project and, depending on the driver in use, may need eventlet monkeypatching. Because we want to get rid of all eventlet code inside mistral, the v2/services endpoint is now deprecated and all coordination code will be dropped in the next cycle.

The kombu RPC driver in mistral is now deprecated and will be removed in the next cycle. In the effort to keep mistral up and running, we decided to drop experimental features like kombu RPC driver, which does not bring anything more than the default oslo.messaging driver.