- XML support in Keystone has been removed as of Kilo. When upgrading from Juno to Kilo, it is recommended that references to XML and XmlBodyMiddleware be removed from the Keystone Paste configuration. This includes removing the XML middleware filters and the references from the public_api, admin_api, api_v3, public_version_api, admin_version_api and any other pipelines that may contain the XML filters.
- All previous extensions (OS-FEDERATION, OS-OAUTH1, OS-ENDPOINT-POLICY and OS-EP-FILTER) are now enabled by default, and are correspondingly marked as either "experimental" or "stable".
- SQL Schema Downgrades are no longer supported. This change is the result of evaluation that downward SQL migrations are not well tested and become increasingly difficult to support with the volume of data-change that occurs in many of the migrations.
- The following python libraries are now required: cryptography, msgpack-python, pysaml2 and oauthlib.
-
keystone.middleware.RequestBodySizeLimiter is now deprecated in favor of oslo_middleware.sizelimit.RequestBodySizeLimiter and will be removed in Liberty.
- Eventlet-specific configuration options such as
public_bind_host, bind_host, admin_bind_host, admin_port, public_port, public_workers, admin_workers, tcp_keepalive, tcp_keepidle have been moved from the [DEFAULT] configuration section to a new configuration section called [eventlet_server]. Similarly, Eventlet-specific SSL configuration options such as enable, certfile, keyfile, ca_certs, cert_required have been moved from the [ssl] configuration section to a new configuration section called [eventlet_server_ssl].
-
keystone.token.backends.sql has been removed in favor of keystone.token.persistence.backends.sql.
-
keystone.token.backends.kvs has been removed in favor of keystone.token.persistence.backends.kvs.
-
keystone.token.backends.memcache has been removed in favor of keystone.token.persistence.backends.memcache.
-
keystone.assignment.backends.kvs has been removed in favor of keystone.assignment.backends.sql.
-
keystone.identity.backends.kvs has been removed in favor of keystone.identity.backends.sql.
-
keystone.contrib.stats.core.StatsMiddleware has been removed in favor of external tooling.
-
keystone.catalog.backends.templated.TemplatedCatalog has been removed in favor of keystone.catalog.backends.templated.Catalog.
-
keystone.contrib.access.core.AccessLogMiddleware has been removed in favor of external access logging.
-
keystone.trust.backends.kvs has been removed in favor of keystone.trust.backends.sql.
-
[catalog] endpoint_substitution_whitelist has been removed from keystone.conf as part of a related security hardening effort.
-
[signing] token_format has been removed from keystone.conf in favor of [token] provider.
