- XML support in Keystone has been removed as of Kilo. When upgrading from Juno to Kilo, it is recommended that references to XML and XmlBodyMiddleware be removed from the Keystone Paste configuration. This includes removing the XML middleware filters and the references from the public_api, admin_api, api_v3, public_version_api, admin_version_api and any other pipelines that may contain the XML filters.
- All previous extensions (OS-FEDERATION, OS-OAUTH1, OS-ENDPOINT-POLICY and OS-EP-FILTER) are now enabled by default, and are correspondingly marked as either "experimental" or "stable".
- SQL Schema Downgrades are no longer supported. This change is the result of evaluation that downward SQL migrations are not well tested and become increasingly difficult to support with the volume of data-change that occurs in many of the migrations.
- The following python libraries are now required: cryptography, msgpack-python, pysaml2 and oauthlib.
-
keystone.middleware.RequestBodySizeLimiter
is now deprecated in favor of oslo_middleware.sizelimit.RequestBodySizeLimiter
and will be removed in Liberty.
- Eventlet-specific configuration options such as
public_bind_host
, bind_host
, admin_bind_host
, admin_port
, public_port
, public_workers
, admin_workers
, tcp_keepalive
, tcp_keepidle
have been moved from the [DEFAULT]
configuration section to a new configuration section called [eventlet_server]
. Similarly, Eventlet-specific SSL configuration options such as enable
, certfile
, keyfile
, ca_certs
, cert_required
have been moved from the [ssl]
configuration section to a new configuration section called [eventlet_server_ssl]
.
-
keystone.token.backends.sql
has been removed in favor of keystone.token.persistence.backends.sql
.
-
keystone.token.backends.kvs
has been removed in favor of keystone.token.persistence.backends.kvs
.
-
keystone.token.backends.memcache
has been removed in favor of keystone.token.persistence.backends.memcache
.
-
keystone.assignment.backends.kvs
has been removed in favor of keystone.assignment.backends.sql
.
-
keystone.identity.backends.kvs
has been removed in favor of keystone.identity.backends.sql
.
-
keystone.contrib.stats.core.StatsMiddleware
has been removed in favor of external tooling.
-
keystone.catalog.backends.templated.TemplatedCatalog
has been removed in favor of keystone.catalog.backends.templated.Catalog
.
-
keystone.contrib.access.core.AccessLogMiddleware
has been removed in favor of external access logging.
-
keystone.trust.backends.kvs
has been removed in favor of keystone.trust.backends.sql
.
-
[catalog] endpoint_substitution_whitelist
has been removed from keystone.conf
as part of a related security hardening effort.
-
[signing] token_format
has been removed from keystone.conf
in favor of [token] provider
.