keystone/releasenotes/notes/removed-as-of-ocata-436bb4b...

104 lines
4.4 KiB
YAML

---
prelude: >
- The PKI and PKIz token format has been removed. See ``Other Notes`` for
more details.
- Support for writing to LDAP has been removed. See ``Other Notes`` for more
details.
other:
- >
PKI and PKIz token formats have been removed in favor of Fernet tokens.
- >
Write support for the LDAP has been removed in favor of read-only support.
The following operations are no longer supported for LDAP:
* ``create user``
* ``create group``
* ``delete user``
* ``delete group``
* ``update user``
* ``update group``
* ``add user to group``
* ``remove user from group``
- >
Routes and SQL backends for the contrib extensions have been removed, they
have been incorporated into keystone and are no longer optional. This
affects:
* ``keystone/contrib/admin_crud``
* ``keystone/contrib/endpoint_filter``
* ``keystone/contrib/federation``
* ``keystone/contrib/oauth1``
* ``keystone/contrib/revoke``
* ``keystone/contrib/simple_cert``
* ``keystone/contrib/user_crud``
- >
Keystone cache backends have been removed in favor of their `oslo.cache`
counter-part. This affects:
* ``keystone/common/cache/backends/mongo``
* ``keystone/common/cache/backends/memcache_pool``
* ``keystone/common/cache/backends/noop``
- >
Several token validation methods from the abstract class ``keystone.token.providers.base.Provider``
were removed (see below) in favor of a single method to validate tokens (``validate_token``),
that has the signature ``validate_token(self, token_ref)``. If using a custom token
provider, update the custom provider accordingly.
* ``validate_v2_token``
* ``validate_v3_token``
* ``validate_non_persistent_token``
- >
Several token issuance methods from the abstract class ``keystone.token.providers.base.Provider``
were removed (see below) in favor of a single method to issue tokens (``issue_token``).
If using a custom token provider, updated the custom provider accordingly.
* ``issue_v2_token``
* ``issue_v3_token``
- >
The ``[DEFAULT] domain_id_immutable`` configuration option has been removed
in favor of strictly immutable domain IDs.
- >
The ``[endpoint_policy] enabled`` configuration option has been removed in
favor of always enabling the endpoint policy extension.
- >
The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in
favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``.
- >
The ``memcache`` and ``memcache_pool`` token persistence backends have been
removed in favor of using Fernet tokens (which require no persistence).
- >
The ``httpd/keystone.py`` file has been removed in favor of the
``keystone-wsgi-admin`` and ``keystone-wsgi-public`` scripts.
- >
The ``keystone/service.py`` file has been removed, the logic has been
moved to the ``keystone/version/service.py``.
- >
The check for admin token from ``build_auth_context`` middleware has been
removed. If your deployment requires the use of `admin token`, update
``keystone-paste.ini`` so that ``admin_token_auth`` is before
``build_auth_context`` in the paste pipelines, otherwise remove the
``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely.
- >
The ``[assignment] driver`` now defaults to ``sql``. Logic to
determine the default assignment driver if one wasn't supplied through
configuration has been removed. Keystone only supports one assignment
driver and it shouldn't be changed unless you're deploying a custom
assignment driver.
- >
The ``[resource] driver`` now defaults to ``sql``. Logic to
determine the default resource driver if one wasn't supplied through
configuration has been removed. Keystone only supports one resource
driver and it shouldn't be changed unless you're deploying a custom
resource driver.
- >
The ``[os_inherit] enabled`` config option has been removed, the `OS-INHERIT`
extension is now always enabled.
- >
The ``[DEFAULT] domain_id_immutable`` option has been removed.
This removes the ability to change the ``domain_id`` attribute of
users, groups, and projects. The behavior was introduced to allow
deployers to migrate entities from one domain to another by updating
the ``domain_id`` attribute of an entity. This functionality was
deprecated in the Mitaka release is now removed.