"Fossies" - the Fresh Open Source Software Archive

Member "keystone-18.0.0/releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po" (14 Oct 2020, 78602 Bytes) of package /linux/misc/openstack/keystone-18.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PO translation source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # Andi Chandler <andi@gowling.com>, 2017. #zanata
    2 # Andi Chandler <andi@gowling.com>, 2018. #zanata
    3 msgid ""
    4 msgstr ""
    5 "Project-Id-Version: keystone\n"
    6 "Report-Msgid-Bugs-To: \n"
    7 "POT-Creation-Date: 2019-09-30 20:15+0000\n"
    8 "MIME-Version: 1.0\n"
    9 "Content-Type: text/plain; charset=UTF-8\n"
   10 "Content-Transfer-Encoding: 8bit\n"
   11 "PO-Revision-Date: 2018-08-08 09:01+0000\n"
   12 "Last-Translator: Andi Chandler <andi@gowling.com>\n"
   13 "Language-Team: English (United Kingdom)\n"
   14 "Language: en_GB\n"
   15 "X-Generator: Zanata 4.3.3\n"
   16 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
   17 
   18 msgid "'/' and ',' are not allowed to be in a tag"
   19 msgstr "'/' and ',' are not allowed to be in a tag"
   20 
   21 msgid ""
   22 "**Experimental** - Domain specific configuration options can be stored in "
   23 "SQL instead of configuration files, using the new REST APIs."
   24 msgstr ""
   25 "**Experimental** - Domain specific configuration options can be stored in "
   26 "SQL instead of configuration files, using the new REST APIs."
   27 
   28 msgid ""
   29 "**Experimental** - Keystone now supports tokenless authorization with X.509 "
   30 "SSL client certificate."
   31 msgstr ""
   32 "**Experimental** - Keystone now supports tokenless authorisation with X.509 "
   33 "SSL client certificate."
   34 
   35 msgid "10.0.0"
   36 msgstr "10.0.0"
   37 
   38 msgid "10.0.1"
   39 msgstr "10.0.1"
   40 
   41 msgid "10.0.3"
   42 msgstr "10.0.3"
   43 
   44 msgid "11.0.0"
   45 msgstr "11.0.0"
   46 
   47 msgid "11.0.1"
   48 msgstr "11.0.1"
   49 
   50 msgid "11.0.3"
   51 msgstr "11.0.3"
   52 
   53 msgid "11.0.4"
   54 msgstr "11.0.4"
   55 
   56 msgid "12.0.0"
   57 msgstr "12.0.0"
   58 
   59 msgid "12.0.1"
   60 msgstr "12.0.1"
   61 
   62 msgid "13.0.0"
   63 msgstr "13.0.0"
   64 
   65 msgid "13.0.1"
   66 msgstr "13.0.1"
   67 
   68 msgid "8.0.1"
   69 msgstr "8.0.1"
   70 
   71 msgid "8.1.0"
   72 msgstr "8.1.0"
   73 
   74 msgid "9.0.0"
   75 msgstr "9.0.0"
   76 
   77 msgid "9.2.0"
   78 msgstr "9.2.0"
   79 
   80 msgid ""
   81 "A new ``secure_proxy_ssl_header`` configuration option is available when "
   82 "running keystone behind a proxy."
   83 msgstr ""
   84 "A new ``secure_proxy_ssl_header`` configuration option is available when "
   85 "running keystone behind a proxy."
   86 
   87 msgid ""
   88 "A new config option, `insecure_debug`, is added to control whether debug "
   89 "information is returned to clients. This used to be controlled by the "
   90 "`debug` option. If you'd like to return extra information to clients set the "
   91 "value to ``true``. This extra information may help an attacker."
   92 msgstr ""
   93 "A new config option, `insecure_debug`, is added to control whether debug "
   94 "information is returned to clients. This used to be controlled by the "
   95 "`debug` option. If you'd like to return extra information to clients set the "
   96 "value to ``true``. This extra information may help an attacker."
   97 
   98 msgid ""
   99 "A new interface called `list_federated_users_info` is added to shadow "
  100 "backend. It's used to get the shadow user information internally. If you are "
  101 "maintaining any out-tree shadow backends, please implement this function for "
  102 "them as well."
  103 msgstr ""
  104 "A new interface called `list_federated_users_info` is added to shadow "
  105 "backend. It's used to get the shadow user information internally. If you are "
  106 "maintaining any out-tree shadow backends, please implement this function for "
  107 "them as well."
  108 
  109 msgid ""
  110 "Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
  111 "issued tokens to validation cache thus reducing the first validation time as "
  112 "if token is already validated and token data cached."
  113 msgstr ""
  114 "Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
  115 "issued tokens to validation cache thus reducing the first validation time as "
  116 "if token is already validated and token data cached."
  117 
  118 msgid ""
  119 "Add ``keystone-manage mapping_populate`` command, which should be used when "
  120 "domain-specific LDAP backend is used."
  121 msgstr ""
  122 "Add ``keystone-manage mapping_populate`` command, which should be used when "
  123 "domain-specific LDAP backend is used."
  124 
  125 msgid ""
  126 "Add ``keystone-manage mapping_populate`` command. This command will pre-"
  127 "populate a mapping table with all users from LDAP, in order to improve "
  128 "future query performance. It should be used when an LDAP is first "
  129 "configured, or after calling ``keystone-manage mapping_purge``, before any "
  130 "queries related to the domain are made. For more information see ``keystone-"
  131 "manage mapping_populate --help``"
  132 msgstr ""
  133 "Add ``keystone-manage mapping_populate`` command. This command will pre-"
  134 "populate a mapping table with all users from LDAP, in order to improve "
  135 "future query performance. It should be used when an LDAP is first "
  136 "configured, or after calling ``keystone-manage mapping_purge``, before any "
  137 "queries related to the domain are made. For more information see ``keystone-"
  138 "manage mapping_populate --help``"
  139 
  140 msgid ""
  141 "Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
  142 "allow a user to check the status of rolling upgrades in the database."
  143 msgstr ""
  144 "Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
  145 "allow a user to check the status of rolling upgrades in the database."
  146 
  147 msgid ""
  148 "Adjust configuration tools as necessary, see the ``fixes`` section for more "
  149 "details on this change."
  150 msgstr ""
  151 "Adjust configuration tools as necessary, see the ``fixes`` section for more "
  152 "details on this change."
  153 
  154 msgid ""
  155 "Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
  156 "methods`` option are ignored when the rules are processed. Empty rules are "
  157 "not allowed. If a rule is empty due to no-valid auth methods existing within "
  158 "it, the rule is discarded at authentication time. If there are no rules or "
  159 "no valid rules for the user, authentication occurs in the default manner: "
  160 "any single configured auth method is sufficient to receive a token."
  161 msgstr ""
  162 "Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
  163 "methods`` option are ignored when the rules are processed. Empty rules are "
  164 "not allowed. If a rule is empty due to no-valid auth methods existing within "
  165 "it, the rule is discarded at authentication time. If there are no rules or "
  166 "no valid rules for the user, authentication occurs in the default manner: "
  167 "any single configured auth method is sufficient to receive a token."
  168 
  169 msgid ""
  170 "As a performance improvement, the base mapping driver's method "
  171 "``get_domain_mapping_list`` now accepts an optional named argument "
  172 "``entity_type`` that can be used to get the mappings for a given entity type "
  173 "only. As this new call signature is already used in the ``identity.core`` "
  174 "module, authors/maintainers of out-of-tree custom mapping drivers are "
  175 "expected to update their implementations of ``get_domain_mapping_list`` "
  176 "method accordingly."
  177 msgstr ""
  178 "As a performance improvement, the base mapping driver's method "
  179 "``get_domain_mapping_list`` now accepts an optional named argument "
  180 "``entity_type`` that can be used to get the mappings for a given entity type "
  181 "only. As this new call signature is already used in the ``identity.core`` "
  182 "module, authors/maintainers of out-of-tree custom mapping drivers are "
  183 "expected to update their implementations of ``get_domain_mapping_list`` "
  184 "method accordingly."
  185 
  186 msgid "Bug Fixes"
  187 msgstr "Bug Fixes"
  188 
  189 msgid ""
  190 "Certain deprecated methods from the assignment manager were removed in favor "
  191 "of the same methods in the [resource] and [role] manager."
  192 msgstr ""
  193 "Certain deprecated methods from the assignment manager were removed in "
  194 "favour of the same methods in the [resource] and [role] manager."
  195 
  196 msgid ""
  197 "Certain variables in ``keystone.conf`` now have options, which determine if "
  198 "the user's setting is valid."
  199 msgstr ""
  200 "Certain variables in ``keystone.conf`` now have options, which determine if "
  201 "the user's setting is valid."
  202 
  203 msgid "Configuring per-Identity Provider WebSSO is now supported."
  204 msgstr "Configuring per-Identity Provider WebSSO is now supported."
  205 
  206 msgid "Critical Issues"
  207 msgstr "Critical Issues"
  208 
  209 msgid "Current Series Release Notes"
  210 msgstr "Current Series Release Notes"
  211 
  212 msgid "Deprecation Notes"
  213 msgstr "Deprecation Notes"
  214 
  215 msgid ""
  216 "Domain name information can now be used in policy rules with the attribute "
  217 "``domain_name``."
  218 msgstr ""
  219 "Domain name information can now be used in policy rules with the attribute "
  220 "``domain_name``."
  221 
  222 msgid ""
  223 "Domains are now represented as top level projects with the attribute "
  224 "`is_domain` set to true. Such projects will appear as parents for any "
  225 "previous top level projects. Projects acting as domains can be created, "
  226 "read, updated, and deleted via either the project API or the domain API (V3 "
  227 "only)."
  228 msgstr ""
  229 "Domains are now represented as top level projects with the attribute "
  230 "`is_domain` set to true. Such projects will appear as parents for any "
  231 "previous top level projects. Projects acting as domains can be created, "
  232 "read, updated, and deleted via either the project API or the domain API (V3 "
  233 "only)."
  234 
  235 msgid ""
  236 "Each list of methods specifies a rule. If the auth methods provided by a "
  237 "user match (or exceed) the auth methods in the list, that rule is used. The "
  238 "first rule found (rules will not be processed in a specific order) that "
  239 "matches will be used. If a user has the ruleset defined as ``[[\"password\", "
  240 "\"totp\"]]`` the user must provide both password and totp auth methods (and "
  241 "both methods must succeed) to receive a token. However, if a user has a "
  242 "ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
  243 "may use the ``password`` method on it's own but would be required to use "
  244 "both ``password`` and ``totp`` if ``totp`` is specified at all."
  245 msgstr ""
  246 "Each list of methods specifies a rule. If the auth methods provided by a "
  247 "user match (or exceed) the auth methods in the list, that rule is used. The "
  248 "first rule found (rules will not be processed in a specific order) that "
  249 "matches will be used. If a user has the ruleset defined as ``[[\"password\", "
  250 "\"totp\"]]`` the user must provide both password and totp auth methods (and "
  251 "both methods must succeed) to receive a token. However, if a user has a "
  252 "ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
  253 "may use the ``password`` method on it's own but would be required to use "
  254 "both ``password`` and ``totp`` if ``totp`` is specified at all."
  255 
  256 msgid "Each project can have up to 100 tags"
  257 msgstr "Each project can have up to 100 tags"
  258 
  259 msgid "Each tag can be up to 255 characters"
  260 msgstr "Each tag can be up to 255 characters"
  261 
  262 msgid ""
  263 "Features that were \"extensions\" in previous releases (OAuth delegation, "
  264 "Federated Identity support, Endpoint Policy, etc) are now enabled by default."
  265 msgstr ""
  266 "Features that were \"extensions\" in previous releases (OAuth delegation, "
  267 "Federated Identity support, Endpoint Policy, etc) are now enabled by default."
  268 
  269 msgid ""
  270 "Fixes a bug related to the password create date.  If you deployed master "
  271 "during Newton development, the password create date may be reset. This would "
  272 "only be apparent if you have security compliance features enabled."
  273 msgstr ""
  274 "Fixes a bug related to the password create date.  If you deployed master "
  275 "during Newton development, the password create date may be reset. This would "
  276 "only be apparent if you have security compliance features enabled."
  277 
  278 msgid ""
  279 "For additional details see: `event notifications <See https://docs.openstack."
  280 "org/developer/keystone/event_notifications.html>`_"
  281 msgstr ""
  282 "For additional details see: `event notifications <See https://docs.openstack."
  283 "org/developer/keystone/event_notifications.html>`_"
  284 
  285 msgid ""
  286 "If PCI support is enabled, via the ``[security_compliance]`` configuration "
  287 "options, then the ``password_expires_at`` field will be populated with a "
  288 "timestamp. Otherwise, it will default to ``null``, indicating the password "
  289 "does not expire."
  290 msgstr ""
  291 "If PCI support is enabled, via the ``[security_compliance]`` configuration "
  292 "options, then the ``password_expires_at`` field will be populated with a "
  293 "timestamp. Otherwise, it will default to ``null``, indicating the password "
  294 "does not expire."
  295 
  296 msgid ""
  297 "If a password does not meet the specified criteria. See "
  298 "``[security_compliance] password_regex``."
  299 msgstr ""
  300 "If a password does not meet the specified criteria. See "
  301 "``[security_compliance] password_regex``."
  302 
  303 msgid ""
  304 "If a user attempts to change their password too often. See "
  305 "``[security_compliance] minimum_password_age``."
  306 msgstr ""
  307 "If a user attempts to change their password too often. See "
  308 "``[security_compliance] minimum_password_age``."
  309 
  310 msgid ""
  311 "If a user does not change their passwords at least once every X days. See "
  312 "``[security_compliance] password_expires_days``."
  313 msgstr ""
  314 "If a user does not change their passwords at least once every X days. See "
  315 "``[security_compliance] password_expires_days``."
  316 
  317 msgid ""
  318 "If a user is locked out after many failed authentication attempts. See "
  319 "``[security_compliance] lockout_failure_attempts``."
  320 msgstr ""
  321 "If a user is locked out after many failed authentication attempts. See "
  322 "``[security_compliance] lockout_failure_attempts``."
  323 
  324 msgid ""
  325 "If a user submits a new password that was recently used. See "
  326 "``[security_compliance] unique_last_password_count``."
  327 msgstr ""
  328 "If a user submits a new password that was recently used. See "
  329 "``[security_compliance] unique_last_password_count``."
  330 
  331 msgid ""
  332 "If performing rolling upgrades, set `[identity] "
  333 "rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
  334 "to continue to hash passwords in a manner that older (pre Pike release) "
  335 "keystones can still verify passwords. Once all upgrades are complete, ensure "
  336 "this option is set back to `False`."
  337 msgstr ""
  338 "If performing rolling upgrades, set `[identity] "
  339 "rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
  340 "to continue to hash passwords in a manner that older (pre Pike release) "
  341 "keystones can still verify passwords. Once all upgrades are complete, ensure "
  342 "this option is set back to `False`."
  343 
  344 msgid ""
  345 "In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
  346 "favor of the \"use\" directive, specifying an entrypoint."
  347 msgstr ""
  348 "In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
  349 "favour of the \"use\" directive, specifying an entrypoint."
  350 
  351 msgid ""
  352 "In the [resource] and [role] sections of the ``keystone.conf`` file, not "
  353 "specifying the driver and using the assignment driver is deprecated. In the "
  354 "Mitaka release, the resource and role drivers will default to the SQL driver."
  355 msgstr ""
  356 "In the [resource] and [role] sections of the ``keystone.conf`` file, not "
  357 "specifying the driver and using the assignment driver is deprecated. In the "
  358 "Mitaka release, the resource and role drivers will default to the SQL driver."
  359 
  360 msgid ""
  361 "In the case a user should be exempt from MFA Rules, regardless if they are "
  362 "set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
  363 "for that user via the user create and update API (``POST/PATCH /v3/users``) "
  364 "call. If this option is set to ``False`` the MFA rules will be ignored for "
  365 "the user. Any other value except ``False`` will result in the MFA Rules "
  366 "being processed; the option can only be a boolean (``True`` or ``False``) or "
  367 "\"None\" (which will result in the default behavior (same as ``True``) but "
  368 "the option will no longer be shown in the ``user[\"options\"]`` dictionary."
  369 msgstr ""
  370 "In the case a user should be exempt from MFA Rules, regardless if they are "
  371 "set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
  372 "for that user via the user create and update API (``POST/PATCH /v3/users``) "
  373 "call. If this option is set to ``False`` the MFA rules will be ignored for "
  374 "the user. Any other value except ``False`` will result in the MFA Rules "
  375 "being processed; the option can only be a boolean (``True`` or ``False``) or "
  376 "\"None\" (which will result in the default behaviour (same as ``True``) but "
  377 "the option will no longer be shown in the ``user[\"options\"]`` dictionary."
  378 
  379 msgid ""
  380 "In the policy.json file, we changed `identity:list_projects_for_groups` to "
  381 "`identity:list_projects_for_user`. Likewise, we changed `identity:"
  382 "list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
  383 "customized the policy.json file, you will need to make these changes. This "
  384 "was done to better support new features around federation."
  385 msgstr ""
  386 "In the policy.json file, we changed `identity:list_projects_for_groups` to "
  387 "`identity:list_projects_for_user`. Likewise, we changed `identity:"
  388 "list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
  389 "customized the policy.json file, you will need to make these changes. This "
  390 "was done to better support new features around federation."
  391 
  392 msgid ""
  393 "It is no longer possible to, via the ``paste.ini`` file to inject middleware "
  394 "into the running keystone application. This reduces the attack surface area. "
  395 "While this is not a huge reduction in surface area, it is one less potential "
  396 "place that malicious code could be loaded. Malicious middleware historically "
  397 "could collect information and/or modify the requests and responses from "
  398 "Keystone."
  399 msgstr ""
  400 "It is no longer possible to, via the ``paste.ini`` file to inject middleware "
  401 "into the running Keystone application. This reduces the attack surface area. "
  402 "While this is not a huge reduction in surface area, it is one less potential "
  403 "place that malicious code could be loaded. Malicious middleware historically "
  404 "could collect information and/or modify the requests and responses from "
  405 "Keystone."
  406 
  407 msgid ""
  408 "It is recommended to have the ``healthcheck`` middleware first in the "
  409 "pipeline::"
  410 msgstr ""
  411 "It is recommended to have the ``healthcheck`` middleware first in the "
  412 "pipeline::"
  413 
  414 msgid "Keystone Release Notes"
  415 msgstr "Keystone Release Notes"
  416 
  417 msgid ""
  418 "Keystone cache backends have been removed in favor of their `oslo.cache` "
  419 "counter-part. This affects:"
  420 msgstr ""
  421 "Keystone cache backends have been removed in favour of their `oslo.cache` "
  422 "counter-part. This affects:"
  423 
  424 msgid ""
  425 "Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
  426 "a fork of python-ldap and is a drop-in replacement with modifications to be "
  427 "py3 compatible."
  428 msgstr ""
  429 "Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
  430 "a fork of python-ldap and is a drop-in replacement with modifications to be "
  431 "py3 compatible."
  432 
  433 msgid ""
  434 "Keystone now supports authorizing a request token by providing a role name. "
  435 "A `role` in the `roles` parameter can include either a role name or role id, "
  436 "but not both."
  437 msgstr ""
  438 "Keystone now supports authorising a request token by providing a role name. "
  439 "A `role` in the `roles` parameter can include either a role name or role id, "
  440 "but not both."
  441 
  442 msgid ""
  443 "Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
  444 "classifiers have been added."
  445 msgstr ""
  446 "Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
  447 "classifiers have been added."
  448 
  449 msgid ""
  450 "Keystone now supports encrypted credentials at rest. In order to upgrade "
  451 "successfully to Newton, deployers must encrypt all credentials currently "
  452 "stored before contracting the database. Deployers must run `keystone-manage "
  453 "credential_setup` in order to use the credential API within Newton, or "
  454 "finish the upgrade from Mitaka to Newton. This will result in a service "
  455 "outage for the credential API where credentials will be read-only for the "
  456 "duration of the upgrade process. Once the database is contracted credentials "
  457 "will be writeable again. Database contraction phases only apply to rolling "
  458 "upgrades."
  459 msgstr ""
  460 "Keystone now supports encrypted credentials at rest. In order to upgrade "
  461 "successfully to Newton, deployers must encrypt all credentials currently "
  462 "stored before contracting the database. Deployers must run `keystone-manage "
  463 "credential_setup` in order to use the credential API within Newton, or "
  464 "finish the upgrade from Mitaka to Newton. This will result in a service "
  465 "outage for the credential API where credentials will be read-only for the "
  466 "duration of the upgrade process. Once the database is contracted credentials "
  467 "will be writeable again. Database contraction phases only apply to rolling "
  468 "upgrades."
  469 
  470 msgid ""
  471 "Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
  472 "conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
  473 "``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
  474 "See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
  475 "additional documentation."
  476 msgstr ""
  477 "Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
  478 "conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
  479 "``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
  480 "See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
  481 "additional documentation."
  482 
  483 msgid ""
  484 "Keystone supports ``$(project_id)s`` in the catalog. It works the same as ``"
  485 "$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalog "
  486 "endpoints should be updated to use ``$(project_id)s``."
  487 msgstr ""
  488 "Keystone supports ``$(project_id)s`` in the catalogue. It works the same as "
  489 "``$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalogue "
  490 "endpoints should be updated to use ``$(project_id)s``."
  491 
  492 msgid "Liberty Series Release Notes"
  493 msgstr "Liberty Series Release Notes"
  494 
  495 msgid "Mitaka Series Release Notes"
  496 msgstr "Mitaka Series Release Notes"
  497 
  498 msgid "New Features"
  499 msgstr "New Features"
  500 
  501 msgid "Newton Series Release Notes"
  502 msgstr "Newton Series Release Notes"
  503 
  504 msgid ""
  505 "Not specifying a domain during a create user, group or project call, which "
  506 "relied on falling back to the default domain, is now deprecated and will be "
  507 "removed in the N release."
  508 msgstr ""
  509 "Not specifying a domain during a create user, group or project call, which "
  510 "relied on falling back to the default domain, is now deprecated and will be "
  511 "removed in the N release."
  512 
  513 msgid ""
  514 "OSprofiler support was added. This cross-project profiling library allows to "
  515 "trace various requests through all OpenStack services that support it. To "
  516 "initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
  517 "added to the CLI command. Configuration and usage details can be foung in "
  518 "[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
  519 "api.html>`_]"
  520 msgstr ""
  521 "OSprofiler support was added. This cross-project profiling library allows to "
  522 "trace various requests through all OpenStack services that support it. To "
  523 "initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
  524 "added to the CLI command. Configuration and usage details can be foung in "
  525 "[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
  526 "api.html>`_]"
  527 
  528 msgid ""
  529 "OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
  530 "file needs to be modified to contain osprofiler middleware."
  531 msgstr ""
  532 "OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
  533 "file needs to be modified to contain osprofiler middleware."
  534 
  535 msgid "Ocata Series Release Notes"
  536 msgstr "Ocata Series Release Notes"
  537 
  538 msgid "Other Notes"
  539 msgstr "Other Notes"
  540 
  541 msgid "PKI and PKIz token formats have been removed in favor of Fernet tokens."
  542 msgstr ""
  543 "PKI and PKIz token formats have been removed in favour of Fernet tokens."
  544 
  545 msgid "Pike Series Release Notes"
  546 msgstr "Pike Series Release Notes"
  547 
  548 msgid "Prelude"
  549 msgstr "Prelude"
  550 
  551 msgid ""
  552 "Project tags are implemented following the guidelines set by the `API "
  553 "Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
  554 "html>`_"
  555 msgstr ""
  556 "Project tags are implemented following the guidelines set by the `API "
  557 "Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
  558 "html>`_"
  559 
  560 msgid "Queens Series Release Notes"
  561 msgstr "Queens Series Release Notes"
  562 
  563 msgid ""
  564 "Routes and SQL backends for the contrib extensions have been removed, they "
  565 "have been incorporated into keystone and are no longer optional. This "
  566 "affects:"
  567 msgstr ""
  568 "Routes and SQL backends for the contrib extensions have been removed, they "
  569 "have been incorporated into Keystone and are no longer optional. This "
  570 "affects:"
  571 
  572 msgid ""
  573 "Running keystone in eventlet remains deprecated and will be removed in the "
  574 "Mitaka release."
  575 msgstr ""
  576 "Running Keystone in eventlet remains deprecated and will be removed in the "
  577 "Mitaka release."
  578 
  579 msgid ""
  580 "SECURITY INFO: The MFA rules are only processed when authentication happens "
  581 "through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
  582 "circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
  583 "recommended to disable V2 authentication for full enforcement of the MFA "
  584 "rules."
  585 msgstr ""
  586 "SECURITY INFO: The MFA rules are only processed when authentication happens "
  587 "through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
  588 "circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
  589 "recommended to disable V2 authentication for full enforcement of the MFA "
  590 "rules."
  591 
  592 msgid ""
  593 "Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
  594 "Only upgrades are supported."
  595 msgstr ""
  596 "Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
  597 "Only upgrades are supported."
  598 
  599 msgid "Security Issues"
  600 msgstr "Security Issues"
  601 
  602 msgid ""
  603 "See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
  604 "#project-tags>`_"
  605 msgstr ""
  606 "See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
  607 "#project-tags>`_"
  608 
  609 msgid ""
  610 "Set the following user attributes to ``True`` or ``False`` in an API "
  611 "request. To mark a user as exempt from the PCI password lockout policy::"
  612 msgstr ""
  613 "Set the following user attributes to ``True`` or ``False`` in an API "
  614 "request. To mark a user as exempt from the PCI password lockout policy::"
  615 
  616 msgid ""
  617 "Several configuration options have been deprecated, renamed, or moved to new "
  618 "sections in the ``keystone.conf`` file."
  619 msgstr ""
  620 "Several configuration options have been deprecated, renamed, or moved to new "
  621 "sections in the ``keystone.conf`` file."
  622 
  623 msgid ""
  624 "Several features were hardened, including Fernet tokens, federation, domain "
  625 "specific configurations from database and role assignments."
  626 msgstr ""
  627 "Several features were hardened, including Fernet tokens, federation, domain "
  628 "specific configurations from database and role assignments."
  629 
  630 msgid ""
  631 "Several token issuance methods from the abstract class ``keystone.token."
  632 "providers.base.Provider`` were removed (see below) in favor of a single "
  633 "method to issue tokens (``issue_token``). If using a custom token provider, "
  634 "updated the custom provider accordingly."
  635 msgstr ""
  636 "Several token issuance methods from the abstract class ``keystone.token."
  637 "providers.base.Provider`` were removed (see below) in favour of a single "
  638 "method to issue tokens (``issue_token``). If using a custom token provider, "
  639 "updated the custom provider accordingly."
  640 
  641 msgid ""
  642 "Several token validation methods from the abstract class ``keystone.token."
  643 "providers.base.Provider`` were removed (see below) in favor of a single "
  644 "method to validate tokens (``validate_token``), that has the signature "
  645 "``validate_token(self, token_ref)``. If using a custom token provider, "
  646 "update the custom provider accordingly."
  647 msgstr ""
  648 "Several token validation methods from the abstract class ``keystone.token."
  649 "providers.base.Provider`` were removed (see below) in favour of a single "
  650 "method to validate tokens (``validate_token``), that has the signature "
  651 "``validate_token(self, token_ref)``. If using a custom token provider, "
  652 "update the custom provider accordingly."
  653 
  654 msgid ""
  655 "Support for writing to LDAP has been removed. See ``Other Notes`` for more "
  656 "details."
  657 msgstr ""
  658 "Support for writing to LDAP has been removed. See ``Other Notes`` for more "
  659 "details."
  660 
  661 msgid ""
  662 "Support has now been added to send notification events on user/group "
  663 "membership. When a user is added or removed from a group a notification will "
  664 "be sent including the identifiers of both the user and the group."
  665 msgstr ""
  666 "Support has now been added to send notification events on user/group "
  667 "membership. When a user is added or removed from a group a notification will "
  668 "be sent including the identifiers of both the user and the group."
  669 
  670 msgid ""
  671 "Support was improved for out-of-tree drivers by defining stable driver "
  672 "interfaces."
  673 msgstr ""
  674 "Support was improved for out-of-tree drivers by defining stable driver "
  675 "interfaces."
  676 
  677 msgid "Tags are case sensitive"
  678 msgstr "Tags are case sensitive"
  679 
  680 msgid ""
  681 "The EC2 token middleware, deprecated in Juno, is no longer available in "
  682 "keystone. It has been moved to the keystonemiddleware package."
  683 msgstr ""
  684 "The EC2 token middleware, deprecated in Juno, is no longer available in "
  685 "Keystone. It has been moved to the keystonemiddleware package."
  686 
  687 msgid ""
  688 "The LDAP driver now also maps the user description attribute after user "
  689 "retrieval from LDAP. If this is undesired behavior for your setup, please "
  690 "add `description` to the `user_attribute_ignore` LDAP driver config setting. "
  691 "The default mapping of the description attribute is set to `description`. "
  692 "Please adjust the LDAP driver config setting `user_description_attribute` if "
  693 "your LDAP uses a different attribute name (for instance to `displayName` in "
  694 "case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
  695 "setting contains `description:description` you can remove this mapping, "
  696 "since this is now the default behavior."
  697 msgstr ""
  698 "The LDAP driver now also maps the user description attribute after user "
  699 "retrieval from LDAP. If this is undesired behaviour for your setup, please "
  700 "add `description` to the `user_attribute_ignore` LDAP driver config setting. "
  701 "The default mapping of the description attribute is set to `description`. "
  702 "Please adjust the LDAP driver config setting `user_description_attribute` if "
  703 "your LDAP uses a different attribute name (for instance to `displayName` in "
  704 "case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
  705 "setting contains `description:description` you can remove this mapping, "
  706 "since this is now the default behaviour."
  707 
  708 msgid ""
  709 "The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
  710 "users``) call; the options allow an admin to force a user to use specific "
  711 "forms of authentication or combinations of forms of authentication to get a "
  712 "token. The rules are specified as follows::"
  713 msgstr ""
  714 "The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
  715 "users``) call; the options allow an admin to force a user to use specific "
  716 "forms of authentication or combinations of forms of authentication to get a "
  717 "token. The rules are specified as follows::"
  718 
  719 msgid ""
  720 "The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
  721 "details."
  722 msgstr ""
  723 "The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
  724 "details."
  725 
  726 msgid ""
  727 "The V8 Federation driver interface is deprecated in favor of the V9 "
  728 "Federation driver interface. Support for the V8 Federation driver interface "
  729 "is planned to be removed in the 'O' release of OpenStack."
  730 msgstr ""
  731 "The V8 Federation driver interface is deprecated in favour of the V9 "
  732 "Federation driver interface. Support for the V8 Federation driver interface "
  733 "is planned to be removed in the 'O' release of OpenStack."
  734 
  735 msgid ""
  736 "The V8 Resource driver interface is deprecated. Support for the V8 Resource "
  737 "driver interface is planned to be removed in the 'O' release of OpenStack."
  738 msgstr ""
  739 "The V8 Resource driver interface is deprecated. Support for the V8 Resource "
  740 "driver interface is planned to be removed in the 'O' release of OpenStack."
  741 
  742 msgid ""
  743 "The XML middleware stub has been removed, so references to it must be "
  744 "removed from the ``keystone-paste.ini`` configuration file."
  745 msgstr ""
  746 "The XML middleware stub has been removed, so references to it must be "
  747 "removed from the ``keystone-paste.ini`` configuration file."
  748 
  749 msgid ""
  750 "The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
  751 "deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
  752 "APIs. These APIs were originally marked as deprecated during the Juno "
  753 "release cycle, but we never deprecated using ``versionutils`` from oslo. "
  754 "More information regarding this deprecation can be found in the `patch "
  755 "<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
  756 msgstr ""
  757 "The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
  758 "deprecated in favour of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
  759 "APIs. These APIs were originally marked as deprecated during the Juno "
  760 "release cycle, but we never deprecated using ``versionutils`` from oslo. "
  761 "More information regarding this deprecation can be found in the `patch "
  762 "<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
  763 
  764 msgid ""
  765 "The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
  766 "in favor of strictly immutable domain IDs."
  767 msgstr ""
  768 "The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
  769 "in favour of strictly immutable domain IDs."
  770 
  771 msgid ""
  772 "The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
  773 "the ability to change the ``domain_id`` attribute of users, groups, and "
  774 "projects. The behavior was introduced to allow deployers to migrate entities "
  775 "from one domain to another by updating the ``domain_id`` attribute of an "
  776 "entity. This functionality was deprecated in the Mitaka release is now "
  777 "removed."
  778 msgstr ""
  779 "The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
  780 "the ability to change the ``domain_id`` attribute of users, groups, and "
  781 "projects. The behaviour was introduced to allow deployers to migrate "
  782 "entities from one domain to another by updating the ``domain_id`` attribute "
  783 "of an entity. This functionality was deprecated in the Mitaka release is now "
  784 "removed."
  785 
  786 msgid ""
  787 "The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
  788 "default assignment driver if one wasn't supplied through configuration has "
  789 "been removed. Keystone only supports one assignment driver and it shouldn't "
  790 "be changed unless you're deploying a custom assignment driver."
  791 msgstr ""
  792 "The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
  793 "default assignment driver if one wasn't supplied through configuration has "
  794 "been removed. Keystone only supports one assignment driver and it shouldn't "
  795 "be changed unless you're deploying a custom assignment driver."
  796 
  797 msgid ""
  798 "The ``[endpoint_policy] enabled`` configuration option has been removed in "
  799 "favor of always enabling the endpoint policy extension."
  800 msgstr ""
  801 "The ``[endpoint_policy] enabled`` configuration option has been removed in "
  802 "favour of always enabling the endpoint policy extension."
  803 
  804 msgid ""
  805 "The ``[os_inherit] enabled`` config option has been removed, the `OS-"
  806 "INHERIT` extension is now always enabled."
  807 msgstr ""
  808 "The ``[os_inherit] enabled`` config option has been removed, the `OS-"
  809 "INHERIT` extension is now always enabled."
  810 
  811 msgid ""
  812 "The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
  813 "default resource driver if one wasn't supplied through configuration has "
  814 "been removed. Keystone only supports one resource driver and it shouldn't be "
  815 "changed unless you're deploying a custom resource driver."
  816 msgstr ""
  817 "The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
  818 "default resource driver if one wasn't supplied through configuration has "
  819 "been removed. Keystone only supports one resource driver and it shouldn't be "
  820 "changed unless you're deploying a custom resource driver."
  821 
  822 msgid ""
  823 "The ``[security_compliance] password_expires_ignore_user_ids`` option has "
  824 "been removed. Each user that should ignore password expiry should have the "
  825 "value set to \"true\" in the user's ``options`` attribute (e.g. "
  826 "``user['options']['ignore_password_expiry'] = True``) with a user update "
  827 "call."
  828 msgstr ""
  829 "The ``[security_compliance] password_expires_ignore_user_ids`` option has "
  830 "been removed. Each user that should ignore password expiry should have the "
  831 "value set to \"true\" in the user's ``options`` attribute (e.g. "
  832 "``user['options']['ignore_password_expiry'] = True``) with a user update "
  833 "call."
  834 
  835 msgid ""
  836 "The ``compute_port`` configuration option, deprecated in Juno, is no longer "
  837 "available."
  838 msgstr ""
  839 "The ``compute_port`` configuration option, deprecated in Juno, is no longer "
  840 "available."
  841 
  842 msgid ""
  843 "The ``enabled`` config option of the ``trust`` feature is deprecated and "
  844 "will be removed in the next release. Trusts will then always be enabled."
  845 msgstr ""
  846 "The ``enabled`` config option of the ``trust`` feature is deprecated and "
  847 "will be removed in the next release. Trusts will then always be enabled."
  848 
  849 msgid ""
  850 "The ``httpd/keystone.py`` file has been removed in favor of the ``keystone-"
  851 "wsgi-admin`` and ``keystone-wsgi-public`` scripts."
  852 msgstr ""
  853 "The ``httpd/keystone.py`` file has been removed in favour of the ``keystone-"
  854 "wsgi-admin`` and ``keystone-wsgi-public`` scripts."
  855 
  856 msgid ""
  857 "The ``keystone.conf`` file now references entrypoint names for drivers. For "
  858 "example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
  859 "rather than the full module path. See the sample configuration file for "
  860 "other examples."
  861 msgstr ""
  862 "The ``keystone.conf`` file now references entrypoint names for drivers. For "
  863 "example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
  864 "rather than the full module path. See the sample configuration file for "
  865 "other examples."
  866 
  867 msgid ""
  868 "The ``keystone/service.py`` file has been removed, the logic has been moved "
  869 "to the ``keystone/version/service.py``."
  870 msgstr ""
  871 "The ``keystone/service.py`` file has been removed, the logic has been moved "
  872 "to the ``keystone/version/service.py``."
  873 
  874 msgid ""
  875 "The ``memcache`` and ``memcache_pool`` token persistence backends have been "
  876 "removed in favor of using Fernet tokens (which require no persistence)."
  877 msgstr ""
  878 "The ``memcache`` and ``memcache_pool`` token persistence backends have been "
  879 "removed in favour of using Fernet tokens (which require no persistence)."
  880 
  881 msgid ""
  882 "The ``policies`` API is deprecated. Keystone is not a policy management "
  883 "service."
  884 msgstr ""
  885 "The ``policies`` API is deprecated. Keystone is not a policy management "
  886 "service."
  887 
  888 msgid ""
  889 "The ``token`` auth method typically should not be specified in any MFA "
  890 "Rules. The ``token`` auth method will include all previous auth methods for "
  891 "the original auth request and will match the appropriate ruleset. This is "
  892 "intentional, as the ``token`` method is used for rescoping/changing active "
  893 "projects."
  894 msgstr ""
  895 "The ``token`` auth method typically should not be specified in any MFA "
  896 "Rules. The ``token`` auth method will include all previous auth methods for "
  897 "the original auth request and will match the appropriate ruleset. This is "
  898 "intentional, as the ``token`` method is used for rescoping/changing active "
  899 "projects."
  900 
  901 msgid ""
  902 "The `keystone-paste.ini` file must be updated to remove extension filters, "
  903 "and their use in ``[pipeline:api_v3]``. Remove the following filters: "
  904 "``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
  905 "endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
  906 "sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
  907 "keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
  908 msgstr ""
  909 "The `keystone-paste.ini` file must be updated to remove extension filters, "
  910 "and their use in ``[pipeline:api_v3]``. Remove the following filters: "
  911 "``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
  912 "endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
  913 "sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
  914 "keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
  915 
  916 msgid ""
  917 "The `keystone-paste.ini` file must be updated to remove extension filters, "
  918 "and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
  919 "pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
  920 "``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
  921 "openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
  922 "for guidance."
  923 msgstr ""
  924 "The `keystone-paste.ini` file must be updated to remove extension filters, "
  925 "and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
  926 "pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
  927 "``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
  928 "openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
  929 "for guidance."
  930 
  931 msgid ""
  932 "The `os_inherit` configuration option is disabled. In the future, this "
  933 "option will be removed and this portion of the API will be always enabled."
  934 msgstr ""
  935 "The `os_inherit` configuration option is disabled. In the future, this "
  936 "option will be removed and this portion of the API will be always enabled."
  937 
  938 msgid ""
  939 "The ability to validate a trust-scoped token against the v2.0 API has been "
  940 "removed, in favor of using the version 3 of the API."
  941 msgstr ""
  942 "The ability to validate a trust-scoped token against the v2.0 API has been "
  943 "removed, in favour of using the version 3 of the API."
  944 
  945 msgid ""
  946 "The admin_token method of authentication was never intended to be used for "
  947 "any purpose other than bootstrapping an install. However many deployments "
  948 "had to leave the admin_token method enabled due to restrictions on editing "
  949 "the paste file used to configure the web pipelines.  To minimize the risk "
  950 "from this mechanism, the `admin_token` configuration value now defaults to a "
  951 "python `None` value.  In addition, if the value is set to `None`, either "
  952 "explicitly or implicitly, the `admin_token` will not be enabled, and an "
  953 "attempt to use it will lead to a failed authentication."
  954 msgstr ""
  955 "The admin_token method of authentication was never intended to be used for "
  956 "any purpose other than bootstrapping an install. However many deployments "
  957 "had to leave the admin_token method enabled due to restrictions on editing "
  958 "the paste file used to configure the web pipelines.  To minimize the risk "
  959 "from this mechanism, the `admin_token` configuration value now defaults to a "
  960 "python `None` value.  In addition, if the value is set to `None`, either "
  961 "explicitly or implicitly, the `admin_token` will not be enabled, and an "
  962 "attempt to use it will lead to a failed authentication."
  963 
  964 msgid ""
  965 "The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
  966 "favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
  967 msgstr ""
  968 "The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
  969 "favour of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
  970 
  971 msgid ""
  972 "The catalog backend ``endpoint_filter.sql`` has been removed. It has been "
  973 "consolidated with the ``sql`` backend, therefore replace the "
  974 "``endpoint_filter.sql`` catalog backend with the ``sql`` backend."
  975 msgstr ""
  976 "The catalogue backend ``endpoint_filter.sql`` has been removed. It has been "
  977 "consolidated with the ``sql`` backend, therefore replace the "
  978 "``endpoint_filter.sql`` catalogue backend with the ``sql`` backend."
  979 
  980 msgid ""
  981 "The check for admin token from ``build_auth_context`` middleware has been "
  982 "removed. If your deployment requires the use of `admin token`, update "
  983 "``keystone-paste.ini`` so that ``admin_token_auth`` is before "
  984 "``build_auth_context`` in the paste pipelines, otherwise remove the "
  985 "``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
  986 msgstr ""
  987 "The check for admin token from ``build_auth_context`` middleware has been "
  988 "removed. If your deployment requires the use of `admin token`, update "
  989 "``keystone-paste.ini`` so that ``admin_token_auth`` is before "
  990 "``build_auth_context`` in the paste pipelines, otherwise remove the "
  991 "``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
  992 
  993 msgid ""
  994 "The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
  995 "only used for rolling-upgrade from Ocata release to Pike release."
  996 msgstr ""
  997 "The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
  998 "only used for rolling-upgrade from Ocata release to Pike release."
  999 
 1000 msgid ""
 1001 "The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
 1002 "`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
 1003 "using LDAP drivers are affected. Additional configuration options are "
 1004 "available in the `[ldap]` section to tune connection pool size, etc."
 1005 msgstr ""
 1006 "The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
 1007 "`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
 1008 "using LDAP drivers are affected. Additional configuration options are "
 1009 "available in the `[ldap]` section to tune connection pool size, etc."
 1010 
 1011 msgid ""
 1012 "The credentials list call can now have its results filtered by credential "
 1013 "type."
 1014 msgstr ""
 1015 "The credentials list call can now have its results filtered by credential "
 1016 "type."
 1017 
 1018 msgid ""
 1019 "The default setting for the `os_inherit` configuration option is changed to "
 1020 "True. If it is required to continue with this portion of the API disabled, "
 1021 "then override the default setting by explicitly specifying the os_inherit "
 1022 "option as False."
 1023 msgstr ""
 1024 "The default setting for the `os_inherit` configuration option is changed to "
 1025 "True. If it is required to continue with this portion of the API disabled, "
 1026 "then override the default setting by explicitly specifying the os_inherit "
 1027 "option as False."
 1028 
 1029 msgid "The default token provider is now Fernet."
 1030 msgstr "The default token provider is now Fernet."
 1031 
 1032 msgid ""
 1033 "The external authentication plugins ExternalDefault, ExternalDomain, "
 1034 "LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
 1035 "available."
 1036 msgstr ""
 1037 "The external authentication plugins ExternalDefault, ExternalDomain, "
 1038 "LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
 1039 "available."
 1040 
 1041 msgid ""
 1042 "The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
 1043 "into the main auth middleware (``keystone.middleware.auth."
 1044 "AuthContextMiddleware``)."
 1045 msgstr ""
 1046 "The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
 1047 "into the main auth middleware (``keystone.middleware.auth."
 1048 "AuthContextMiddleware``)."
 1049 
 1050 msgid ""
 1051 "The identity backend driver interface has changed. A new method, "
 1052 "`unset_default_project_id(project_id)`, was added to unset a user's default "
 1053 "project ID for a given project ID. Custom backend implementations must "
 1054 "implement this method."
 1055 msgstr ""
 1056 "The identity backend driver interface has changed. A new method, "
 1057 "`unset_default_project_id(project_id)`, was added to unset a user's default "
 1058 "project ID for a given project ID. Custom backend implementations must "
 1059 "implement this method."
 1060 
 1061 msgid ""
 1062 "The identity backend driver interface has changed. We've added a new "
 1063 "``change_password()`` method for self service password changes. If you have "
 1064 "a custom implementation for the identity driver, you will need to implement "
 1065 "this new method."
 1066 msgstr ""
 1067 "The identity backend driver interface has changed. We've added a new "
 1068 "``change_password()`` method for self service password changes. If you have "
 1069 "a custom implementation for the identity driver, you will need to implement "
 1070 "this new method."
 1071 
 1072 msgid ""
 1073 "The implementation for checking database state during an upgrade with the "
 1074 "use of `keystone-manage db_sync --check` has been corrected. This allows "
 1075 "users and automation to determine what step is next in a rolling upgrade "
 1076 "based on logging and command status codes."
 1077 msgstr ""
 1078 "The implementation for checking database state during an upgrade with the "
 1079 "use of `keystone-manage db_sync --check` has been corrected. This allows "
 1080 "users and automation to determine what step is next in a rolling upgrade "
 1081 "based on logging and command status codes."
 1082 
 1083 msgid ""
 1084 "The list_project_ids_for_user(), list_domain_ids_for_user(), "
 1085 "list_user_ids_for_project(), list_project_ids_for_groups(), "
 1086 "list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
 1087 "list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
 1088 "version of the Assignment driver."
 1089 msgstr ""
 1090 "The list_project_ids_for_user(), list_domain_ids_for_user(), "
 1091 "list_user_ids_for_project(), list_project_ids_for_groups(), "
 1092 "list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
 1093 "list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
 1094 "version of the Assignment driver."
 1095 
 1096 msgid "The method signature has changed from::"
 1097 msgstr "The method signature has changed from::"
 1098 
 1099 msgid ""
 1100 "The resource backend cannot be configured to anything but SQL if the SQL "
 1101 "Identity backend is being used. The resource backend must now be SQL which "
 1102 "allows for the use of Foreign Keys to domains/projects wherever desired. "
 1103 "This makes managing project relationships and such much more straight "
 1104 "forward. The inability to configure non-SQL resource backends has been in "
 1105 "Keystone since at least Ocata. This is eliminating some complexity and "
 1106 "preventing the need for some really ugly back-port SQL migrations in favor "
 1107 "of a better model. Resource is highly relational and should be SQL based."
 1108 msgstr ""
 1109 "The resource backend cannot be configured to anything but SQL if the SQL "
 1110 "Identity backend is being used. The resource backend must now be SQL which "
 1111 "allows for the use of Foreign Keys to domains/projects wherever desired. "
 1112 "This makes managing project relationships and such much more straight "
 1113 "forward. The inability to configure non-SQL resource backends has been in "
 1114 "Keystone since at least Ocata. This is eliminating some complexity and "
 1115 "preventing the need for some really ugly back-port SQL migrations in favour "
 1116 "of a better model. Resource is highly relational and should be SQL based."
 1117 
 1118 msgid ""
 1119 "The response's content type for creating request token or access token is "
 1120 "changed to `application/x-www-form-urlencoded`, the old value `application/x-"
 1121 "www-urlformencoded` is invalid and will no longer be used."
 1122 msgstr ""
 1123 "The response's content type for creating request token or access token is "
 1124 "changed to `application/x-www-form-urlencoded`, the old value `application/x-"
 1125 "www-urlformencoded` is invalid and will no longer be used."
 1126 
 1127 msgid ""
 1128 "The rules are specified as a list of lists. The elements of the sub-lists "
 1129 "must be strings and are intended to mirror the required authentication "
 1130 "method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
 1131 "conf`` file in the ``[auth] methods`` option."
 1132 msgstr ""
 1133 "The rules are specified as a list of lists. The elements of the sub-lists "
 1134 "must be strings and are intended to mirror the required authentication "
 1135 "method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
 1136 "conf`` file in the ``[auth] methods`` option."
 1137 
 1138 msgid ""
 1139 "The token provider API has removed the ``needs_persistence`` property from "
 1140 "the abstract interface. Token providers are expected to handle persistence "
 1141 "requirement if needed. This will require out-of-tree token providers to "
 1142 "remove the unused property and handle token storage."
 1143 msgstr ""
 1144 "The token provider API has removed the ``needs_persistence`` property from "
 1145 "the abstract interface. Token providers are expected to handle persistence "
 1146 "requirement if needed. This will require out-of-tree token providers to "
 1147 "remove the unused property and handle token storage."
 1148 
 1149 msgid ""
 1150 "The token_formatter utility class has been moved from under fernet to the "
 1151 "default token directory. This is to allow for the reuse of functionality "
 1152 "with other token providers. Any deployments that are specifically using the "
 1153 "fernet utils may be affected and will need to adjust accordingly."
 1154 msgstr ""
 1155 "The token_formatter utility class has been moved from under fernet to the "
 1156 "default token directory. This is to allow for the reuse of functionality "
 1157 "with other token providers. Any deployments that are specifically using the "
 1158 "fernet utils may be affected and will need to adjust accordingly."
 1159 
 1160 msgid ""
 1161 "The trusts table now has an expires_at_int column that represents the "
 1162 "expiration time as an integer instead of a datetime object. This will "
 1163 "prevent rounding errors related to the way date objects are stored in some "
 1164 "versions of MySQL. The expires_at column remains, but will be dropped in "
 1165 "Rocky."
 1166 msgstr ""
 1167 "The trusts table now has an expires_at_int column that represents the "
 1168 "expiration time as an integer instead of a datetime object. This will "
 1169 "prevent rounding errors related to the way date objects are stored in some "
 1170 "versions of MySQL. The expires_at column remains, but will be dropped in "
 1171 "Rocky."
 1172 
 1173 msgid ""
 1174 "The use of `sha512_crypt` is considered inadequate for password hashing in "
 1175 "an application like Keystone. The use of bcrypt or scrypt is recommended to "
 1176 "ensure protection against password cracking utilities if the hashes are "
 1177 "exposed. This is due to Time-Complexity requirements for computing the "
 1178 "hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
 1179 "moved to bcrypt as a default and no longer hashes new passwords (and "
 1180 "password changes) with sha512_crypt. It is recommended passwords be changed "
 1181 "after upgrade to Pike. The risk of password hash exposure is limited, but "
 1182 "for the best possible protection against cracking the hash it is recommended "
 1183 "passwords be changed after upgrade. The password change will then result in "
 1184 "a more secure hash (bcrypt by default) being used to store the password in "
 1185 "the DB."
 1186 msgstr ""
 1187 "The use of `sha512_crypt` is considered inadequate for password hashing in "
 1188 "an application like Keystone. The use of bcrypt or scrypt is recommended to "
 1189 "ensure protection against password cracking utilities if the hashes are "
 1190 "exposed. This is due to Time-Complexity requirements for computing the "
 1191 "hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
 1192 "moved to bcrypt as a default and no longer hashes new passwords (and "
 1193 "password changes) with sha512_crypt. It is recommended passwords be changed "
 1194 "after upgrade to Pike. The risk of password hash exposure is limited, but "
 1195 "for the best possible protection against cracking the hash it is recommended "
 1196 "passwords be changed after upgrade. The password change will then result in "
 1197 "a more secure hash (bcrypt by default) being used to store the password in "
 1198 "the DB."
 1199 
 1200 msgid ""
 1201 "The use of admin_token filter is insecure compared to the use of a proper "
 1202 "username/password. Historically the admin_token filter has been left enabled "
 1203 "in Keystone after initialization due to the way CMS systems work. Moving to "
 1204 "an out-of-band initialization using ``keystone-manage bootstrap`` will "
 1205 "eliminate the security concerns around a static shared string that conveys "
 1206 "admin access to keystone and therefore to the entire installation."
 1207 msgstr ""
 1208 "The use of admin_token filter is insecure compared to the use of a proper "
 1209 "username/password. Historically the admin_token filter has been left enabled "
 1210 "in Keystone after initialisation due to the way CMS systems work. Moving to "
 1211 "an out-of-band initialisation using ``keystone-manage bootstrap`` will "
 1212 "eliminate the security concerns around a static shared string that conveys "
 1213 "admin access to Keystone and therefore to the entire installation."
 1214 
 1215 msgid ""
 1216 "Third-party extensions that extend the abstract class "
 1217 "(``ShadowUsersDriverBase``) should be updated according to the new parameter "
 1218 "names."
 1219 msgstr ""
 1220 "Third-party extensions that extend the abstract class "
 1221 "(``ShadowUsersDriverBase``) should be updated according to the new parameter "
 1222 "names."
 1223 
 1224 msgid ""
 1225 "This release adds support for Application Credentials, a new way to allow "
 1226 "applications and automated tooling to authenticate with keystone. Rather "
 1227 "than storing a username and password in an application's config file, which "
 1228 "can pose security risks, you can now create an application credential to "
 1229 "allow an application to authenticate and acquire a preset scope and role "
 1230 "assignments. This is especially useful for LDAP and federated users, who can "
 1231 "now delegate their cloud management tasks to a keystone-specific resource, "
 1232 "rather than share their externally managed credentials with keystone and "
 1233 "risk a compromise of those external systems. Users can delegate a subset of "
 1234 "their role assignments to an application credential, allowing them to "
 1235 "strategically limit their application's access to the minimum needed. Unlike "
 1236 "passwords, a user can have more than one active application credential, "
 1237 "which means they can be rotated without causing downtime for the "
 1238 "applications using them."
 1239 msgstr ""
 1240 "This release adds support for Application Credentials, a new way to allow "
 1241 "applications and automated tooling to authenticate with keystone. Rather "
 1242 "than storing a username and password in an application's config file, which "
 1243 "can pose security risks, you can now create an application credential to "
 1244 "allow an application to authenticate and acquire a preset scope and role "
 1245 "assignments. This is especially useful for LDAP and federated users, who can "
 1246 "now delegate their cloud management tasks to a keystone-specific resource, "
 1247 "rather than share their externally managed credentials with keystone and "
 1248 "risk a compromise of those external systems. Users can delegate a subset of "
 1249 "their role assignments to an application credential, allowing them to "
 1250 "strategically limit their application's access to the minimum needed. Unlike "
 1251 "passwords, a user can have more than one active application credential, "
 1252 "which means they can be rotated without causing downtime for the "
 1253 "applications using them."
 1254 
 1255 msgid "To mark a user as exempt from the PCI password expiry policy::"
 1256 msgstr "To mark a user as exempt from the PCI password expiry policy::"
 1257 
 1258 msgid "To mark a user as exempt from the PCI reset policy::"
 1259 msgstr "To mark a user as exempt from the PCI reset policy::"
 1260 
 1261 msgid "To mark a user exempt from the MFA Rules::"
 1262 msgstr "To mark a user exempt from the MFA Rules::"
 1263 
 1264 msgid "To the properly written::"
 1265 msgstr "To the properly written::"
 1266 
 1267 msgid "To::"
 1268 msgstr "To::"
 1269 
 1270 msgid ""
 1271 "Token persistence driver/code (SQL) is deprecated with this patch since it "
 1272 "is only used by the UUID token provider.."
 1273 msgstr ""
 1274 "Token persistence driver/code (SQL) is deprecated with this patch since it "
 1275 "is only used by the UUID token provider.."
 1276 
 1277 msgid "Tokens can now be cached when issued."
 1278 msgstr "Tokens can now be cached when issued."
 1279 
 1280 msgid ""
 1281 "UUID token provider ``[token] provider=uuid`` has been deprecated in favor "
 1282 "of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
 1283 "the default UUID tokens can be slated for removal in the R release. This "
 1284 "also deprecates token-bind support as it was never implemented for fernet."
 1285 msgstr ""
 1286 "UUID token provider ``[token] provider=uuid`` has been deprecated in favour "
 1287 "of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
 1288 "the default UUID tokens can be slated for removal in the R release. This "
 1289 "also deprecates token-bind support as it was never implemented for fernet."
 1290 
 1291 msgid "Upgrade Notes"
 1292 msgstr "Upgrade Notes"
 1293 
 1294 msgid ""
 1295 "Use of ``$(tenant_id)s`` in the catalog endpoints is deprecated in favor of "
 1296 "``$(project_id)s``."
 1297 msgstr ""
 1298 "Use of ``$(tenant_id)s`` in the catalogue endpoints is deprecated in favour "
 1299 "of ``$(project_id)s``."
 1300 
 1301 msgid ""
 1302 "Using LDAP as the resource backend, i.e for projects and domains, is now "
 1303 "deprecated and will be removed in the Mitaka release."
 1304 msgstr ""
 1305 "Using LDAP as the resource backend, i.e for projects and domains, is now "
 1306 "deprecated and will be removed in the Mitaka release."
 1307 
 1308 msgid ""
 1309 "Using the full path to the driver class is deprecated in favor of using the "
 1310 "entrypoint. In the Mitaka release, the entrypoint must be used."
 1311 msgstr ""
 1312 "Using the full path to the driver class is deprecated in favour of using the "
 1313 "entrypoint. In the Mitaka release, the entrypoint must be used."
 1314 
 1315 msgid ""
 1316 "We have added the ``password_expires_at`` attribute to the user response "
 1317 "object."
 1318 msgstr ""
 1319 "We have added the ``password_expires_at`` attribute to the user response "
 1320 "object."
 1321 
 1322 msgid ""
 1323 "We now expose entrypoints for the ``keystone-manage`` command instead of a "
 1324 "file."
 1325 msgstr ""
 1326 "We now expose entrypoints for the ``keystone-manage`` command instead of a "
 1327 "file."
 1328 
 1329 msgid ""
 1330 "Write support for the LDAP has been removed in favor of read-only support. "
 1331 "The following operations are no longer supported for LDAP:"
 1332 msgstr ""
 1333 "Write support for the LDAP has been removed in favour of read-only support. "
 1334 "The following operations are no longer supported for LDAP:"
 1335 
 1336 msgid ""
 1337 "[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
 1338 "new PCI-DSS feature that will require users to immediately change their "
 1339 "password upon first use for new users and after an administrative password "
 1340 "reset. The new feature can be enabled by setting [security_compliance] "
 1341 "``change_password_upon_first_use`` to ``True``."
 1342 msgstr ""
 1343 "[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
 1344 "new PCI-DSS feature that will require users to immediately change their "
 1345 "password upon first use for new users and after an administrative password "
 1346 "reset. The new feature can be enabled by setting [security_compliance] "
 1347 "``change_password_upon_first_use`` to ``True``."
 1348 
 1349 msgid ""
 1350 "[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
 1351 "default policy for listing revocation events has changed. Previously, any "
 1352 "authenticated user could list revocation events; it is now, by default, an "
 1353 "admin or service user only function. This can be changed by modifying the "
 1354 "policy file being used by keystone."
 1355 msgstr ""
 1356 "[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
 1357 "default policy for listing revocation events has changed. Previously, any "
 1358 "authenticated user could list revocation events; it is now, by default, an "
 1359 "admin or service user only function. This can be changed by modifying the "
 1360 "policy file being used by Keystone."
 1361 
 1362 msgid ""
 1363 "[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
 1364 "+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
 1365 "in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
 1366 "json``. From::"
 1367 msgstr ""
 1368 "[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
 1369 "+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
 1370 "in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
 1371 "json``. From::"
 1372 
 1373 msgid ""
 1374 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1375 "allow-expired>`_] An `allow_expired` flag is added to the token validation "
 1376 "call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
 1377 "expired. This allows for validating tokens in long running operations."
 1378 msgstr ""
 1379 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1380 "allow-expired>`_] An `allow_expired` flag is added to the token validation "
 1381 "call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
 1382 "expired. This allows for validating tokens in long running operations."
 1383 
 1384 msgid ""
 1385 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1386 "allow-expired>`_] To allow long running operations to complete services must "
 1387 "be able to fetch expired tokens via the ``allow_expired`` flag. The length "
 1388 "of time a token is retrievable for beyond its traditional expiry is managed "
 1389 "by the ``[token] allow_expired_window`` option and so the data must be "
 1390 "retrievable for this about of time. When using fernet tokens this means that "
 1391 "the key rotation period must exceed this time so that older tokens are still "
 1392 "decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
 1393 "expiration`` + ``[token] allow_expired_window`` seconds."
 1394 msgstr ""
 1395 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1396 "allow-expired>`_] To allow long running operations to complete services must "
 1397 "be able to fetch expired tokens via the ``allow_expired`` flag. The length "
 1398 "of time a token is retrievable for beyond its traditional expiry is managed "
 1399 "by the ``[token] allow_expired_window`` option and so the data must be "
 1400 "retrievable for this about of time. When using fernet tokens this means that "
 1401 "the key rotation period must exceed this time so that older tokens are still "
 1402 "decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
 1403 "expiration`` + ``[token] allow_expired_window`` seconds."
 1404 
 1405 msgid ""
 1406 "[`blueprint application-credentials <https://blueprints.launchpad.net/"
 1407 "keystone/+spec/application-credentials>`_] Users can now create Application "
 1408 "Credentials, a new keystone resource that can provide an application with "
 1409 "the means to get a token from keystone with a preset scope and role "
 1410 "assignments. To authenticate with an application credential, an application "
 1411 "can use the normal token API with the 'application_credential' auth method."
 1412 msgstr ""
 1413 "[`blueprint application-credentials <https://blueprints.launchpad.net/"
 1414 "keystone/+spec/application-credentials>`_] Users can now create Application "
 1415 "Credentials, a new keystone resource that can provide an application with "
 1416 "the means to get a token from keystone with a preset scope and role "
 1417 "assignments. To authenticate with an application credential, an application "
 1418 "can use the normal token API with the 'application_credential' auth method."
 1419 
 1420 msgid ""
 1421 "[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
 1422 "bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
 1423 "so that a keystone install can be initialized without the need of the "
 1424 "admin_token filter in the paste-ini."
 1425 msgstr ""
 1426 "[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
 1427 "bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
 1428 "so that a keystone install can be initialised without the need of the "
 1429 "admin_token filter in the paste-ini."
 1430 
 1431 msgid ""
 1432 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1433 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
 1434 "and PKIz token formats have been deprecated. They will be removed in the 'O' "
 1435 "release. Due to this change, the `hash_algorithm` option in the `[token]` "
 1436 "section of the configuration file has also been deprecated. Also due to this "
 1437 "change, the ``keystone-manage pki_setup`` command has been deprecated as "
 1438 "well."
 1439 msgstr ""
 1440 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1441 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
 1442 "and PKIz token formats have been deprecated. They will be removed in the 'O' "
 1443 "release. Due to this change, the `hash_algorithm` option in the `[token]` "
 1444 "section of the configuration file has also been deprecated. Also due to this "
 1445 "change, the ``keystone-manage pki_setup`` command has been deprecated as "
 1446 "well."
 1447 
 1448 msgid ""
 1449 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1450 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1451 "auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
 1452 "recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
 1453 "``saml2`` plugin will be removed in the 'O' release."
 1454 msgstr ""
 1455 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1456 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1457 "auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
 1458 "recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
 1459 "``saml2`` plugin will be removed in the 'O' release."
 1460 
 1461 msgid ""
 1462 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1463 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1464 "simple_cert_extension is deprecated since it is only used in support of the "
 1465 "PKI and PKIz token formats.  It will be removed in the 'O' release."
 1466 msgstr ""
 1467 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1468 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1469 "simple_cert_extension is deprecated since it is only used in support of the "
 1470 "PKI and PKIz token formats.  It will be removed in the 'O' release."
 1471 
 1472 msgid ""
 1473 "[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
 1474 "was introduced in Queens that resulted in system role assignments being "
 1475 "returned when querying the role assignments API for a specific role. The "
 1476 "issue is fixed and the list of roles returned from ``GET /v3/"
 1477 "role_assignments?role.id={role_id}`` respects system role assignments."
 1478 msgstr ""
 1479 "[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
 1480 "was introduced in Queens that resulted in system role assignments being "
 1481 "returned when querying the role assignments API for a specific role. The "
 1482 "issue is fixed and the list of roles returned from ``GET /v3/"
 1483 "role_assignments?role.id={role_id}`` respects system role assignments."
 1484 
 1485 msgid ""
 1486 "[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
 1487 "system role assignment will be removed when the user is deleted."
 1488 msgstr ""
 1489 "[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
 1490 "system role assignment will be removed when the user is deleted."
 1491 
 1492 msgid ""
 1493 "[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
 1494 "group's system role assignments are removed when the group is deleted."
 1495 msgstr ""
 1496 "[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
 1497 "group's system role assignments are removed when the group is deleted."
 1498 
 1499 msgid ""
 1500 "[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
 1501 "now can have the resource option ``lock_password`` set which prevents the "
 1502 "user from utilizing the self-service password change API. Valid values are "
 1503 "``True``, ``False``, or \"None\" (where ``None`` clears the option)."
 1504 msgstr ""
 1505 "[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
 1506 "now can have the resource option ``lock_password`` set which prevents the "
 1507 "user from utilizing the self-service password change API. Valid values are "
 1508 "``True``, ``False``, or \"None\" (where ``None`` clears the option)."
 1509 
 1510 msgid ""
 1511 "[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
 1512 "filtering projects based on tags, the filtering will now be performed by "
 1513 "matching a subset containing the given tags against projects, rather than "
 1514 "exact matching. Providing more tags when performing a search will yield more "
 1515 "exact results while less will return any projects that match the given tags "
 1516 "but could contain other tags as well."
 1517 msgstr ""
 1518 "[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
 1519 "filtering projects based on tags, the filtering will now be performed by "
 1520 "matching a subset containing the given tags against projects, rather than "
 1521 "exact matching. Providing more tags when performing a search will yield more "
 1522 "exact results while less will return any projects that match the given tags "
 1523 "but could contain other tags as well."
 1524 
 1525 msgid ""
 1526 "[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
 1527 "previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
 1528 "command would purge all mapping incorrectly instead of only purging the "
 1529 "specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
 1530 "`` now purges only specified type mappings as expected."
 1531 msgstr ""
 1532 "[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
 1533 "previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
 1534 "command would purge all mapping incorrectly instead of only purging the "
 1535 "specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
 1536 "`` now purges only specified type mappings as expected."
 1537 
 1538 msgid ""
 1539 "[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
 1540 "``keystone-manage token_flush`` command no longer establishes a connection "
 1541 "to a database, or persistence backend. It's usage should be removed if "
 1542 "you're using a supported non-persistent token format. If you're relying on "
 1543 "external token providers that write tokens to disk and would like to "
 1544 "maintain this functionality, please consider porting it to a separate tool."
 1545 msgstr ""
 1546 "[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
 1547 "``keystone-manage token_flush`` command no longer establishes a connection "
 1548 "to a database, or persistence backend. It's usage should be removed if "
 1549 "you're using a supported non-persistent token format. If you're relying on "
 1550 "external token providers that write tokens to disk and would like to "
 1551 "maintain this functionality, please consider porting it to a separate tool."
 1552 
 1553 msgid ""
 1554 "[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
 1555 "deleting a shadow user, the related cache info is not invalidated so that "
 1556 "Keystone will raise 404 UserNotFound error when authenticating with the "
 1557 "previous federation info. This bug has been fixed now."
 1558 msgstr ""
 1559 "[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
 1560 "deleting a shadow user, the related cache info is not invalidated so that "
 1561 "Keystone will raise 404 UserNotFound error when authenticating with the "
 1562 "previous federation info. This bug has been fixed now."
 1563 
 1564 msgid "``delete group``"
 1565 msgstr "``delete group``"
 1566 
 1567 msgid "``delete user``"
 1568 msgstr "``delete user``"
 1569 
 1570 msgid "``issue_v2_token``"
 1571 msgstr "``issue_v2_token``"
 1572 
 1573 msgid "``issue_v3_token``"
 1574 msgstr "``issue_v3_token``"
 1575 
 1576 msgid ""
 1577 "``keystone-manage db_sync`` will no longer create the Default domain. This "
 1578 "domain is used as the domain for any users created using the legacy v2.0 "
 1579 "API. A default domain is created by ``keystone-manage bootstrap`` and when a "
 1580 "user or project is created using the legacy v2.0 API."
 1581 msgstr ""
 1582 "``keystone-manage db_sync`` will no longer create the Default domain. This "
 1583 "domain is used as the domain for any users created using the legacy v2.0 "
 1584 "API. A default domain is created by ``keystone-manage bootstrap`` and when a "
 1585 "user or project is created using the legacy v2.0 API."
 1586 
 1587 msgid "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"
 1588 msgstr "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"
 1589 
 1590 msgid "``keystone.common.kvs.backends.memcached.MemcachedBackend``"
 1591 msgstr "``keystone.common.kvs.backends.memcached.MemcachedBackend``"
 1592 
 1593 msgid "``keystone.token.persistence.backends.kvs.Token``"
 1594 msgstr "``keystone.token.persistence.backends.kvs.Token``"
 1595 
 1596 msgid "``keystone/common/cache/backends/memcache_pool``"
 1597 msgstr "``keystone/common/cache/backends/memcache_pool``"
 1598 
 1599 msgid "``keystone/common/cache/backends/mongo``"
 1600 msgstr "``keystone/common/cache/backends/mongo``"
 1601 
 1602 msgid "``keystone/common/cache/backends/noop``"
 1603 msgstr "``keystone/common/cache/backends/noop``"
 1604 
 1605 msgid "``keystone/contrib/admin_crud``"
 1606 msgstr "``keystone/contrib/admin_crud``"
 1607 
 1608 msgid "``keystone/contrib/endpoint_filter``"
 1609 msgstr "``keystone/contrib/endpoint_filter``"
 1610 
 1611 msgid "``keystone/contrib/federation``"
 1612 msgstr "``keystone/contrib/federation``"
 1613 
 1614 msgid "``keystone/contrib/oauth1``"
 1615 msgstr "``keystone/contrib/oauth1``"
 1616 
 1617 msgid "``keystone/contrib/revoke``"
 1618 msgstr "``keystone/contrib/revoke``"
 1619 
 1620 msgid "``keystone/contrib/simple_cert``"
 1621 msgstr "``keystone/contrib/simple_cert``"
 1622 
 1623 msgid "``keystone/contrib/user_crud``"
 1624 msgstr "``keystone/contrib/user_crud``"
 1625 
 1626 msgid ""
 1627 "``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
 1628 "added to SAML assertion in order to map user and project domains, "
 1629 "respectively."
 1630 msgstr ""
 1631 "``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
 1632 "added to SAML assertion in order to map user and project domains, "
 1633 "respectively."
 1634 
 1635 msgid "``remove user from group``"
 1636 msgstr "``remove user from group``"
 1637 
 1638 msgid "``update group``"
 1639 msgstr "``update group``"
 1640 
 1641 msgid "``update user``"
 1642 msgstr "``update user``"
 1643 
 1644 msgid "``validate_non_persistent_token``"
 1645 msgstr "``validate_non_persistent_token``"
 1646 
 1647 msgid "``validate_v2_token``"
 1648 msgstr "``validate_v2_token``"
 1649 
 1650 msgid "``validate_v3_token``"
 1651 msgstr "``validate_v3_token``"
 1652 
 1653 msgid "all config options under ``[kvs]`` in `keystone.conf`"
 1654 msgstr "all config options under ``[kvs]`` in `keystone.conf`"
 1655 
 1656 msgid "and will return a list of mappings for a given domain ID."
 1657 msgstr "and will return a list of mappings for a given domain ID."
 1658 
 1659 msgid "eq - password expires at the timestamp"
 1660 msgstr "eq - password expires at the timestamp"
 1661 
 1662 msgid "gt - password expires after the timestamp"
 1663 msgstr "gt - password expires after the timestamp"
 1664 
 1665 msgid "gte - password expires at or after the timestamp"
 1666 msgstr "gte - password expires at or after the timestamp"
 1667 
 1668 msgid "lt - password expires before the timestamp"
 1669 msgstr "lt - password expires before the timestamp"
 1670 
 1671 msgid "lte - password expires at or before timestamp"
 1672 msgstr "lte - password expires at or before timestamp"
 1673 
 1674 msgid "neq - password expires not at the timestamp"
 1675 msgstr "neq - password expires not at the timestamp"
 1676 
 1677 msgid ""
 1678 "stats_monitoring and stats_reporting paste filters have been removed, so "
 1679 "references to it must be removed from the ``keystone-paste.ini`` "
 1680 "configuration file."
 1681 msgstr ""
 1682 "stats_monitoring and stats_reporting paste filters have been removed, so "
 1683 "references to it must be removed from the ``keystone-paste.ini`` "
 1684 "configuration file."
 1685 
 1686 msgid "the config option ``[memcached] servers`` in `keystone.conf`"
 1687 msgstr "the config option ``[memcached] servers`` in `keystone.conf`"
 1688 
 1689 msgid "to::"
 1690 msgstr "to::"