--- prelude: > - The PKI and PKIz token format has been removed. See ``Other Notes`` for more details. other: - > PKI and PKIz token formats have been removed in favor of Fernet tokens. - > Routes and SQL backends for the contrib extensions have been removed, they have been incorporated into keystone and are no longer optional. This affects: * ``keystone/contrib/admin_crud`` * ``keystone/contrib/endpoint_filter`` * ``keystone/contrib/federation`` * ``keystone/contrib/oauth1`` * ``keystone/contrib/revoke`` * ``keystone/contrib/simple_cert`` * ``keystone/contrib/user_crud`` - > Keystone cache backends have been removed in favor of their `oslo.cache` counter-part. This affects: * ``keystone/common/cache/backends/mongo`` * ``keystone/common/cache/backends/memcache_pool`` * ``keystone/common/cache/backends/noop`` - > The ``[DEFAULT] domain_id_immutable`` configuration option has been removed in favor of strictly immutable domain IDs. - > The ``[endpoint_policy] enabled`` configuration option has been removed in favor of always enabling the endpoint policy extension. - > The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``. - > The ``memcache`` and ``memcache_pool`` token persistence backends have been removed in favor of using Fernet tokens (which require no persistence). - > The ``httpd/keystone.py`` file has been removed in favor of the ``keystone-wsgi-admin`` and ``keystone-wsgi-public`` scripts. - > The ``keystone/service.py`` file has been removed, the logic has been moved to the ``keystone/version/service.py``. - > The check for admin token from ``build_auth_context`` middleware has been removed. If your deployment requires the use of `admin token`, update ``keystone-paste.ini`` so that ``admin_token_auth`` is before ``build_auth_context`` in the paste pipelines, otherwise remove the ``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely. - > The ``CONF [assignment] driver`` now defaults to ``sql``. Logic to determine the default assignment driver if one wasn't supplied through configuration has been removed. Keystone only supports one assignment driver and it shouldn't be changed unless you're deploying a custom assignment driver. - > The ``CONF [resource] driver`` now defaults to ``sql``. Logic to determine the default resource driver if one wasn't supplied through configuration has been removed. Keystone only supports one resource driver and it shouldn't be changed unless you're deploying a custom resource driver. - > Removed the config option ``[os_inherit] enabled`` as the OS-INHERIT extension is now always enabled.