Translations:ReleaseNotes/Liberty/142/en


 * Added the ability for project administrators to create certificate authorities per project. Also, project administrators are able to define and manage a set of preferred certificate authorities (CAs) per project.  This allows projects to achieve project specific security domains.
 * Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
 * Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
 * Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
 * Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
 * Added configuration for enabling sqlalchemy pool for the management of SQL connections.
 * Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
 * Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
 * Fixed issues around creation of SnakeOil CA plug-in instance.
 * Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
 * Barbican client now has ability to create and list certificate orders.