* Barbican now has per project quota support for limiting number of Barbican resources that can be created under a project. By default the quota is set to unlimited and can be overridden in Barbican configuration.
* Support for a rotating master key which is used for wrapping project level keys. In this lightweight approach, only the project level key (KEK) is re-wrapped with new master key (MKEK). This is currently applicable only for the PKCS11 plug-in. (http://specs.openstack.org/openstack/barbican-specs/specs/liberty/add-crypto-mkek-rotation-support-lightweight.html)
* Updated Barbican's root resource to return version information matching Keystone, Nova and Manila format. This is used by keystoneclient's versioned endpoint discovery feature.
+
* 更新Barbican's root資源返回版本訊息符合Keystone, Nova 和 Manila 格式。這是使用keystoneclient's的版本端點查詢功能。
* Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
* Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
* Added configuration for enabling sqlalchemy pool for the management of SQL connections.
* Added configuration for enabling sqlalchemy pool for the management of SQL connections.
更新Barbican's root資源返回版本訊息符合Keystone, Nova 和 Manila 格式。這是使用keystoneclient's的版本端點查詢功能。
Removed administrator endpoint as all operations are available on a regular endpoint. No separate endpoint is needed as access restrictions are enforced via Oslo policy.
Added configuration for enabling sqlalchemy pool for the management of SQL connections.
Added ability to list secrets which are accessible via ACL using GET /v1/secrets?acl-only=true request.
Improved functional test coverage around Barbican APIs related to ACL operations, RBAC policy and secrets.
Fixed issues around creation of SnakeOil CA plug-in instance.
Barbican client CLI can now take a Keystone token for authentication. Earlier only username and password based authentication was supported.
Barbican client now has ability to create and list certificate orders.