"Fossies" - the Fresh Open Source Software Archive

Member "keystone-19.0.0/releasenotes/source/locale/en_GB/LC_MESSAGES/releasenotes.po" (14 Apr 2021, 83135 Bytes) of package /linux/misc/openstack/keystone-19.0.0.tar.gz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) PO translation source code syntax highlighting (style: standard) with prefixed line numbers. Alternatively you can here view or download the uninterpreted source code file.

    1 # Andi Chandler <andi@gowling.com>, 2017. #zanata
    2 # Andi Chandler <andi@gowling.com>, 2018. #zanata
    3 # Andi Chandler <andi@gowling.com>, 2020. #zanata
    4 msgid ""
    5 msgstr ""
    6 "Project-Id-Version: Keystone Release Notes\n"
    7 "Report-Msgid-Bugs-To: \n"
    8 "POT-Creation-Date: 2021-01-08 19:54+0000\n"
    9 "MIME-Version: 1.0\n"
   10 "Content-Type: text/plain; charset=UTF-8\n"
   11 "Content-Transfer-Encoding: 8bit\n"
   12 "PO-Revision-Date: 2020-12-19 01:35+0000\n"
   13 "Last-Translator: Andi Chandler <andi@gowling.com>\n"
   14 "Language-Team: English (United Kingdom)\n"
   15 "Language: en_GB\n"
   16 "X-Generator: Zanata 4.3.3\n"
   17 "Plural-Forms: nplurals=2; plural=(n != 1)\n"
   18 
   19 msgid "'/' and ',' are not allowed to be in a tag"
   20 msgstr "'/' and ',' are not allowed to be in a tag"
   21 
   22 msgid ""
   23 "**Experimental** - Domain specific configuration options can be stored in "
   24 "SQL instead of configuration files, using the new REST APIs."
   25 msgstr ""
   26 "**Experimental** - Domain specific configuration options can be stored in "
   27 "SQL instead of configuration files, using the new REST APIs."
   28 
   29 msgid ""
   30 "**Experimental** - Keystone now supports tokenless authorization with X.509 "
   31 "SSL client certificate."
   32 msgstr ""
   33 "**Experimental** - Keystone now supports tokenless authorisation with X.509 "
   34 "SSL client certificate."
   35 
   36 msgid "10.0.0"
   37 msgstr "10.0.0"
   38 
   39 msgid "10.0.1"
   40 msgstr "10.0.1"
   41 
   42 msgid "10.0.3"
   43 msgstr "10.0.3"
   44 
   45 msgid "11.0.0"
   46 msgstr "11.0.0"
   47 
   48 msgid "11.0.1"
   49 msgstr "11.0.1"
   50 
   51 msgid "11.0.3"
   52 msgstr "11.0.3"
   53 
   54 msgid "11.0.4"
   55 msgstr "11.0.4"
   56 
   57 msgid "12.0.0"
   58 msgstr "12.0.0"
   59 
   60 msgid "12.0.1"
   61 msgstr "12.0.1"
   62 
   63 msgid "12.0.2"
   64 msgstr "12.0.2"
   65 
   66 msgid "12.0.3"
   67 msgstr "12.0.3"
   68 
   69 msgid "12.0.3-9"
   70 msgstr "12.0.3-9"
   71 
   72 msgid "13.0.0"
   73 msgstr "13.0.0"
   74 
   75 msgid "13.0.1"
   76 msgstr "13.0.1"
   77 
   78 msgid "13.0.2"
   79 msgstr "13.0.2"
   80 
   81 msgid "13.0.3"
   82 msgstr "13.0.3"
   83 
   84 msgid "14.0.0"
   85 msgstr "14.0.0"
   86 
   87 msgid "14.0.1"
   88 msgstr "14.0.1"
   89 
   90 msgid "14.1.0"
   91 msgstr "14.1.0"
   92 
   93 msgid "14.2.0"
   94 msgstr "14.2.0"
   95 
   96 msgid "14.2.0-4"
   97 msgstr "14.2.0-4"
   98 
   99 msgid "15.0.0"
  100 msgstr "15.0.0"
  101 
  102 msgid "15.0.1"
  103 msgstr "15.0.1"
  104 
  105 msgid "16.0.0"
  106 msgstr "16.0.0"
  107 
  108 msgid "16.0.1"
  109 msgstr "16.0.1"
  110 
  111 msgid "17.0.0"
  112 msgstr "17.0.0"
  113 
  114 msgid "17.0.0-6"
  115 msgstr "17.0.0-6"
  116 
  117 msgid "8.0.1"
  118 msgstr "8.0.1"
  119 
  120 msgid "8.1.0"
  121 msgstr "8.1.0"
  122 
  123 msgid "9.0.0"
  124 msgstr "9.0.0"
  125 
  126 msgid "9.2.0"
  127 msgstr "9.2.0"
  128 
  129 msgid ""
  130 "A Federated user gets an entry in the shadow-users table. This entry has a "
  131 "unique ID. It was generated using a UUID. This fix changes to reuse the "
  132 "mechanism for LDAP, where the ID is generated from the domain ID + the local "
  133 "id of the user (an attribute that uniquely ids the user from the IdP). This "
  134 "generator is specified by the configuration file. Now Both LDAP and "
  135 "Federated Ids are generated the same way. It also means that Federated IDs "
  136 "can be kept in sync between two independtent Keystone servers."
  137 msgstr ""
  138 "A Federated user gets an entry in the shadow-users table. This entry has a "
  139 "unique ID. It was generated using a UUID. This fix changes to reuse the "
  140 "mechanism for LDAP, where the ID is generated from the domain ID + the local "
  141 "id of the user (an attribute that uniquely ids the user from the IdP). This "
  142 "generator is specified by the configuration file. Now Both LDAP and "
  143 "Federated Ids are generated the same way. It also means that Federated IDs "
  144 "can be kept in sync between two independent Keystone servers."
  145 
  146 msgid ""
  147 "A new ``secure_proxy_ssl_header`` configuration option is available when "
  148 "running keystone behind a proxy."
  149 msgstr ""
  150 "A new ``secure_proxy_ssl_header`` configuration option is available when "
  151 "running keystone behind a proxy."
  152 
  153 msgid ""
  154 "A new config option, `insecure_debug`, is added to control whether debug "
  155 "information is returned to clients. This used to be controlled by the "
  156 "`debug` option. If you'd like to return extra information to clients set the "
  157 "value to ``true``. This extra information may help an attacker."
  158 msgstr ""
  159 "A new config option, `insecure_debug`, is added to control whether debug "
  160 "information is returned to clients. This used to be controlled by the "
  161 "`debug` option. If you'd like to return extra information to clients set the "
  162 "value to ``true``. This extra information may help an attacker."
  163 
  164 msgid ""
  165 "A new interface called `list_federated_users_info` is added to shadow "
  166 "backend. It's used to get the shadow user information internally. If you are "
  167 "maintaining any out-tree shadow backends, please implement this function for "
  168 "them as well."
  169 msgstr ""
  170 "A new interface called `list_federated_users_info` is added to shadow "
  171 "backend. It's used to get the shadow user information internally. If you are "
  172 "maintaining any out-tree shadow backends, please implement this function for "
  173 "them as well."
  174 
  175 msgid ""
  176 "Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
  177 "issued tokens to validation cache thus reducing the first validation time as "
  178 "if token is already validated and token data cached."
  179 msgstr ""
  180 "Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
  181 "issued tokens to validation cache thus reducing the first validation time as "
  182 "if token is already validated and token data cached."
  183 
  184 msgid ""
  185 "Add ``keystone-manage mapping_populate`` command, which should be used when "
  186 "domain-specific LDAP backend is used."
  187 msgstr ""
  188 "Add ``keystone-manage mapping_populate`` command, which should be used when "
  189 "domain-specific LDAP backend is used."
  190 
  191 msgid ""
  192 "Add ``keystone-manage mapping_populate`` command. This command will pre-"
  193 "populate a mapping table with all users from LDAP, in order to improve "
  194 "future query performance. It should be used when an LDAP is first "
  195 "configured, or after calling ``keystone-manage mapping_purge``, before any "
  196 "queries related to the domain are made. For more information see ``keystone-"
  197 "manage mapping_populate --help``"
  198 msgstr ""
  199 "Add ``keystone-manage mapping_populate`` command. This command will pre-"
  200 "populate a mapping table with all users from LDAP, in order to improve "
  201 "future query performance. It should be used when an LDAP is first "
  202 "configured, or after calling ``keystone-manage mapping_purge``, before any "
  203 "queries related to the domain are made. For more information see ``keystone-"
  204 "manage mapping_populate --help``"
  205 
  206 msgid ""
  207 "Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
  208 "allow a user to check the status of rolling upgrades in the database."
  209 msgstr ""
  210 "Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
  211 "allow a user to check the status of rolling upgrades in the database."
  212 
  213 msgid ""
  214 "Adjust configuration tools as necessary, see the ``fixes`` section for more "
  215 "details on this change."
  216 msgstr ""
  217 "Adjust configuration tools as necessary, see the ``fixes`` section for more "
  218 "details on this change."
  219 
  220 msgid ""
  221 "All policies in ``policy.v3cloudsample.json`` that are redundant with the "
  222 "defaults in code have been removed. This improves maintainability and leaves "
  223 "the ``policy.v3cloudsample.json`` policy file with only overrides. These "
  224 "overrides will eventually be moved into code or new defaults in keystone "
  225 "directly. If you're using the policies removed from ``policy.v3cloudsample."
  226 "json`` please check to see if you can migrate to the new defaults or "
  227 "continue maintaining the policy as an override."
  228 msgstr ""
  229 "All policies in ``policy.v3cloudsample.json`` that are redundant with the "
  230 "defaults in code have been removed. This improves maintainability and leaves "
  231 "the ``policy.v3cloudsample.json`` policy file with only overrides. These "
  232 "overrides will eventually be moved into code or new defaults in keystone "
  233 "directly. If you're using the policies removed from ``policy.v3cloudsample."
  234 "json`` please check to see if you can migrate to the new defaults or "
  235 "continue maintaining the policy as an override."
  236 
  237 msgid ""
  238 "Allow the creating of a domain with the additional, optional parameter of "
  239 "`explicit_domain_id` instead of auto-creating a domain_id from a uuid."
  240 msgstr ""
  241 "Allow the creating of a domain with the additional, optional parameter of "
  242 "`explicit_domain_id` instead of auto-creating a domain_id from a UUID."
  243 
  244 msgid ""
  245 "Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
  246 "methods`` option are ignored when the rules are processed. Empty rules are "
  247 "not allowed. If a rule is empty due to no-valid auth methods existing within "
  248 "it, the rule is discarded at authentication time. If there are no rules or "
  249 "no valid rules for the user, authentication occurs in the default manner: "
  250 "any single configured auth method is sufficient to receive a token."
  251 msgstr ""
  252 "Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
  253 "methods`` option are ignored when the rules are processed. Empty rules are "
  254 "not allowed. If a rule is empty due to no-valid auth methods existing within "
  255 "it, the rule is discarded at authentication time. If there are no rules or "
  256 "no valid rules for the user, authentication occurs in the default manner: "
  257 "any single configured auth method is sufficient to receive a token."
  258 
  259 msgid ""
  260 "Any middleware defined in Keystone's tree is no longer loaded via stevedore, "
  261 "and likewise the entry points were removed."
  262 msgstr ""
  263 "Any middleware defined in Keystone's tree is no longer loaded via Stevedore, "
  264 "and likewise the entry points were removed."
  265 
  266 msgid ""
  267 "As a performance improvement, the base mapping driver's method "
  268 "``get_domain_mapping_list`` now accepts an optional named argument "
  269 "``entity_type`` that can be used to get the mappings for a given entity type "
  270 "only. As this new call signature is already used in the ``identity.core`` "
  271 "module, authors/maintainers of out-of-tree custom mapping drivers are "
  272 "expected to update their implementations of ``get_domain_mapping_list`` "
  273 "method accordingly."
  274 msgstr ""
  275 "As a performance improvement, the base mapping driver's method "
  276 "``get_domain_mapping_list`` now accepts an optional named argument "
  277 "``entity_type`` that can be used to get the mappings for a given entity type "
  278 "only. As this new call signature is already used in the ``identity.core`` "
  279 "module, authors/maintainers of out-of-tree custom mapping drivers are "
  280 "expected to update their implementations of ``get_domain_mapping_list`` "
  281 "method accordingly."
  282 
  283 msgid "Bug Fixes"
  284 msgstr "Bug Fixes"
  285 
  286 msgid ""
  287 "Certain deprecated methods from the assignment manager were removed in favor "
  288 "of the same methods in the [resource] and [role] manager."
  289 msgstr ""
  290 "Certain deprecated methods from the assignment manager were removed in "
  291 "favour of the same methods in the [resource] and [role] manager."
  292 
  293 msgid ""
  294 "Certain variables in ``keystone.conf`` now have options, which determine if "
  295 "the user's setting is valid."
  296 msgstr ""
  297 "Certain variables in ``keystone.conf`` now have options, which determine if "
  298 "the user's setting is valid."
  299 
  300 msgid "Configuring per-Identity Provider WebSSO is now supported."
  301 msgstr "Configuring per-Identity Provider WebSSO is now supported."
  302 
  303 msgid "Critical Issues"
  304 msgstr "Critical Issues"
  305 
  306 msgid "Current Series Release Notes"
  307 msgstr "Current Series Release Notes"
  308 
  309 msgid "Deprecation Notes"
  310 msgstr "Deprecation Notes"
  311 
  312 msgid ""
  313 "Domain name information can now be used in policy rules with the attribute "
  314 "``domain_name``."
  315 msgstr ""
  316 "Domain name information can now be used in policy rules with the attribute "
  317 "``domain_name``."
  318 
  319 msgid ""
  320 "Domains are now represented as top level projects with the attribute "
  321 "`is_domain` set to true. Such projects will appear as parents for any "
  322 "previous top level projects. Projects acting as domains can be created, "
  323 "read, updated, and deleted via either the project API or the domain API (V3 "
  324 "only)."
  325 msgstr ""
  326 "Domains are now represented as top level projects with the attribute "
  327 "`is_domain` set to true. Such projects will appear as parents for any "
  328 "previous top level projects. Projects acting as domains can be created, "
  329 "read, updated, and deleted via either the project API or the domain API (V3 "
  330 "only)."
  331 
  332 msgid ""
  333 "Dropping the Python2 support in OpenStack Ussuri according to `the TC "
  334 "deprecation timeline <https://governance.openstack.org/tc/"
  335 "resolutions/20180529-python2-deprecation-timeline.html>`_"
  336 msgstr ""
  337 "Dropping the Python2 support in OpenStack Ussuri according to `the TC "
  338 "deprecation timeline <https://governance.openstack.org/tc/"
  339 "resolutions/20180529-python2-deprecation-timeline.html>`_"
  340 
  341 msgid ""
  342 "Each list of methods specifies a rule. If the auth methods provided by a "
  343 "user match (or exceed) the auth methods in the list, that rule is used. The "
  344 "first rule found (rules will not be processed in a specific order) that "
  345 "matches will be used. If a user has the ruleset defined as ``[[\"password\", "
  346 "\"totp\"]]`` the user must provide both password and totp auth methods (and "
  347 "both methods must succeed) to receive a token. However, if a user has a "
  348 "ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
  349 "may use the ``password`` method on it's own but would be required to use "
  350 "both ``password`` and ``totp`` if ``totp`` is specified at all."
  351 msgstr ""
  352 "Each list of methods specifies a rule. If the auth methods provided by a "
  353 "user match (or exceed) the auth methods in the list, that rule is used. The "
  354 "first rule found (rules will not be processed in a specific order) that "
  355 "matches will be used. If a user has the ruleset defined as ``[[\"password\", "
  356 "\"totp\"]]`` the user must provide both password and totp auth methods (and "
  357 "both methods must succeed) to receive a token. However, if a user has a "
  358 "ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
  359 "may use the ``password`` method on it's own but would be required to use "
  360 "both ``password`` and ``totp`` if ``totp`` is specified at all."
  361 
  362 msgid "Each project can have up to 100 tags"
  363 msgstr "Each project can have up to 100 tags"
  364 
  365 msgid "Each tag can be up to 255 characters"
  366 msgstr "Each tag can be up to 255 characters"
  367 
  368 msgid ""
  369 "Features that were \"extensions\" in previous releases (OAuth delegation, "
  370 "Federated Identity support, Endpoint Policy, etc) are now enabled by default."
  371 msgstr ""
  372 "Features that were \"extensions\" in previous releases (OAuth delegation, "
  373 "Federated Identity support, Endpoint Policy, etc) are now enabled by default."
  374 
  375 msgid ""
  376 "Fixes a bug related to the password create date.  If you deployed master "
  377 "during Newton development, the password create date may be reset. This would "
  378 "only be apparent if you have security compliance features enabled."
  379 msgstr ""
  380 "Fixes a bug related to the password create date.  If you deployed master "
  381 "during Newton development, the password create date may be reset. This would "
  382 "only be apparent if you have security compliance features enabled."
  383 
  384 msgid ""
  385 "For additional details see: `event notifications <See https://docs.openstack."
  386 "org/developer/keystone/event_notifications.html>`_"
  387 msgstr ""
  388 "For additional details see: `event notifications <See https://docs.openstack."
  389 "org/developer/keystone/event_notifications.html>`_"
  390 
  391 msgid ""
  392 "If PCI support is enabled, via the ``[security_compliance]`` configuration "
  393 "options, then the ``password_expires_at`` field will be populated with a "
  394 "timestamp. Otherwise, it will default to ``null``, indicating the password "
  395 "does not expire."
  396 msgstr ""
  397 "If PCI support is enabled, via the ``[security_compliance]`` configuration "
  398 "options, then the ``password_expires_at`` field will be populated with a "
  399 "timestamp. Otherwise, it will default to ``null``, indicating the password "
  400 "does not expire."
  401 
  402 msgid ""
  403 "If a password does not meet the specified criteria. See "
  404 "``[security_compliance] password_regex``."
  405 msgstr ""
  406 "If a password does not meet the specified criteria. See "
  407 "``[security_compliance] password_regex``."
  408 
  409 msgid ""
  410 "If a user attempts to change their password too often. See "
  411 "``[security_compliance] minimum_password_age``."
  412 msgstr ""
  413 "If a user attempts to change their password too often. See "
  414 "``[security_compliance] minimum_password_age``."
  415 
  416 msgid ""
  417 "If a user does not change their passwords at least once every X days. See "
  418 "``[security_compliance] password_expires_days``."
  419 msgstr ""
  420 "If a user does not change their passwords at least once every X days. See "
  421 "``[security_compliance] password_expires_days``."
  422 
  423 msgid ""
  424 "If a user is locked out after many failed authentication attempts. See "
  425 "``[security_compliance] lockout_failure_attempts``."
  426 msgstr ""
  427 "If a user is locked out after many failed authentication attempts. See "
  428 "``[security_compliance] lockout_failure_attempts``."
  429 
  430 msgid ""
  431 "If a user submits a new password that was recently used. See "
  432 "``[security_compliance] unique_last_password_count``."
  433 msgstr ""
  434 "If a user submits a new password that was recently used. See "
  435 "``[security_compliance] unique_last_password_count``."
  436 
  437 msgid ""
  438 "If expiring user group memberships are enabled via the `[federation] "
  439 "default_authorization_ttl` configuration option, or on an idp by idp basis "
  440 "by setting `authorization_ttl`, there will be a lag between when a user is "
  441 "removed from a group in an identity provider, and when that will be "
  442 "reflected in keystone. That amount of time will be equal to the last time "
  443 "the user logged in + idp ttl."
  444 msgstr ""
  445 "If expiring user group memberships are enabled via the `[federation] "
  446 "default_authorization_ttl` configuration option, or on an idp by idp basis "
  447 "by setting `authorization_ttl`, there will be a lag between when a user is "
  448 "removed from a group in an identity provider, and when that will be "
  449 "reflected in keystone. That amount of time will be equal to the last time "
  450 "the user logged in + idp ttl."
  451 
  452 msgid ""
  453 "If performing rolling upgrades, set `[identity] "
  454 "rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
  455 "to continue to hash passwords in a manner that older (pre Pike release) "
  456 "keystones can still verify passwords. Once all upgrades are complete, ensure "
  457 "this option is set back to `False`."
  458 msgstr ""
  459 "If performing rolling upgrades, set `[identity] "
  460 "rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
  461 "to continue to hash passwords in a manner that older (pre Pike release) "
  462 "keystones can still verify passwords. Once all upgrades are complete, ensure "
  463 "this option is set back to `False`."
  464 
  465 msgid ""
  466 "In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
  467 "favor of the \"use\" directive, specifying an entrypoint."
  468 msgstr ""
  469 "In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
  470 "favour of the \"use\" directive, specifying an entrypoint."
  471 
  472 msgid ""
  473 "In the [resource] and [role] sections of the ``keystone.conf`` file, not "
  474 "specifying the driver and using the assignment driver is deprecated. In the "
  475 "Mitaka release, the resource and role drivers will default to the SQL driver."
  476 msgstr ""
  477 "In the [resource] and [role] sections of the ``keystone.conf`` file, not "
  478 "specifying the driver and using the assignment driver is deprecated. In the "
  479 "Mitaka release, the resource and role drivers will default to the SQL driver."
  480 
  481 msgid ""
  482 "In the case a user should be exempt from MFA Rules, regardless if they are "
  483 "set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
  484 "for that user via the user create and update API (``POST/PATCH /v3/users``) "
  485 "call. If this option is set to ``False`` the MFA rules will be ignored for "
  486 "the user. Any other value except ``False`` will result in the MFA Rules "
  487 "being processed; the option can only be a boolean (``True`` or ``False``) or "
  488 "\"None\" (which will result in the default behavior (same as ``True``) but "
  489 "the option will no longer be shown in the ``user[\"options\"]`` dictionary."
  490 msgstr ""
  491 "In the case a user should be exempt from MFA Rules, regardless if they are "
  492 "set, the User-Option ``multi_factor_auth_enabled`` may  be set to ``False`` "
  493 "for that user via the user create and update API (``POST/PATCH /v3/users``) "
  494 "call. If this option is set to ``False`` the MFA rules will be ignored for "
  495 "the user. Any other value except ``False`` will result in the MFA Rules "
  496 "being processed; the option can only be a boolean (``True`` or ``False``) or "
  497 "\"None\" (which will result in the default behaviour (same as ``True``) but "
  498 "the option will no longer be shown in the ``user[\"options\"]`` dictionary."
  499 
  500 msgid ""
  501 "In the policy.json file, we changed `identity:list_projects_for_groups` to "
  502 "`identity:list_projects_for_user`. Likewise, we changed `identity:"
  503 "list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
  504 "customized the policy.json file, you will need to make these changes. This "
  505 "was done to better support new features around federation."
  506 msgstr ""
  507 "In the policy.json file, we changed `identity:list_projects_for_groups` to "
  508 "`identity:list_projects_for_user`. Likewise, we changed `identity:"
  509 "list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
  510 "customized the policy.json file, you will need to make these changes. This "
  511 "was done to better support new features around federation."
  512 
  513 msgid ""
  514 "It is no longer possible to, via the ``paste.ini`` file to inject middleware "
  515 "into the running keystone application. This reduces the attack surface area. "
  516 "While this is not a huge reduction in surface area, it is one less potential "
  517 "place that malicious code could be loaded. Malicious middleware historically "
  518 "could collect information and/or modify the requests and responses from "
  519 "Keystone."
  520 msgstr ""
  521 "It is no longer possible to, via the ``paste.ini`` file to inject middleware "
  522 "into the running Keystone application. This reduces the attack surface area. "
  523 "While this is not a huge reduction in surface area, it is one less potential "
  524 "place that malicious code could be loaded. Malicious middleware historically "
  525 "could collect information and/or modify the requests and responses from "
  526 "Keystone."
  527 
  528 msgid ""
  529 "It is recommended to have the ``healthcheck`` middleware first in the "
  530 "pipeline::"
  531 msgstr ""
  532 "It is recommended to have the ``healthcheck`` middleware first in the "
  533 "pipeline::"
  534 
  535 msgid "Keystone Release Notes"
  536 msgstr "Keystone Release Notes"
  537 
  538 msgid ""
  539 "Keystone cache backends have been removed in favor of their `oslo.cache` "
  540 "counter-part. This affects:"
  541 msgstr ""
  542 "Keystone cache backends have been removed in favour of their `oslo.cache` "
  543 "counter-part. This affects:"
  544 
  545 msgid ""
  546 "Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
  547 "a fork of python-ldap and is a drop-in replacement with modifications to be "
  548 "py3 compatible."
  549 msgstr ""
  550 "Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
  551 "a fork of python-ldap and is a drop-in replacement with modifications to be "
  552 "py3 compatible."
  553 
  554 msgid ""
  555 "Keystone now supports authorizing a request token by providing a role name. "
  556 "A `role` in the `roles` parameter can include either a role name or role id, "
  557 "but not both."
  558 msgstr ""
  559 "Keystone now supports authorising a request token by providing a role name. "
  560 "A `role` in the `roles` parameter can include either a role name or role id, "
  561 "but not both."
  562 
  563 msgid ""
  564 "Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
  565 "classifiers have been added."
  566 msgstr ""
  567 "Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
  568 "classifiers have been added."
  569 
  570 msgid ""
  571 "Keystone now supports encrypted credentials at rest. In order to upgrade "
  572 "successfully to Newton, deployers must encrypt all credentials currently "
  573 "stored before contracting the database. Deployers must run `keystone-manage "
  574 "credential_setup` in order to use the credential API within Newton, or "
  575 "finish the upgrade from Mitaka to Newton. This will result in a service "
  576 "outage for the credential API where credentials will be read-only for the "
  577 "duration of the upgrade process. Once the database is contracted credentials "
  578 "will be writeable again. Database contraction phases only apply to rolling "
  579 "upgrades."
  580 msgstr ""
  581 "Keystone now supports encrypted credentials at rest. In order to upgrade "
  582 "successfully to Newton, deployers must encrypt all credentials currently "
  583 "stored before contracting the database. Deployers must run `keystone-manage "
  584 "credential_setup` in order to use the credential API within Newton, or "
  585 "finish the upgrade from Mitaka to Newton. This will result in a service "
  586 "outage for the credential API where credentials will be read-only for the "
  587 "duration of the upgrade process. Once the database is contracted credentials "
  588 "will be writeable again. Database contraction phases only apply to rolling "
  589 "upgrades."
  590 
  591 msgid ""
  592 "Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
  593 "conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
  594 "``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
  595 "See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
  596 "additional documentation."
  597 msgstr ""
  598 "Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
  599 "conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
  600 "``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
  601 "See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
  602 "additional documentation."
  603 
  604 msgid ""
  605 "Keystone supports ``$(project_id)s`` in the catalog. It works the same as ``"
  606 "$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalog "
  607 "endpoints should be updated to use ``$(project_id)s``."
  608 msgstr ""
  609 "Keystone supports ``$(project_id)s`` in the catalogue. It works the same as "
  610 "``$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalogue "
  611 "endpoints should be updated to use ``$(project_id)s``."
  612 
  613 msgid "Liberty Series Release Notes"
  614 msgstr "Liberty Series Release Notes"
  615 
  616 msgid "Mitaka Series Release Notes"
  617 msgstr "Mitaka Series Release Notes"
  618 
  619 msgid "New Features"
  620 msgstr "New Features"
  621 
  622 msgid "Newton Series Release Notes"
  623 msgstr "Newton Series Release Notes"
  624 
  625 msgid ""
  626 "Not specifying a domain during a create user, group or project call, which "
  627 "relied on falling back to the default domain, is now deprecated and will be "
  628 "removed in the N release."
  629 msgstr ""
  630 "Not specifying a domain during a create user, group or project call, which "
  631 "relied on falling back to the default domain, is now deprecated and will be "
  632 "removed in the N release."
  633 
  634 msgid ""
  635 "OSprofiler support was added. This cross-project profiling library allows to "
  636 "trace various requests through all OpenStack services that support it. To "
  637 "initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
  638 "added to the CLI command. Configuration and usage details can be foung in "
  639 "[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
  640 "api.html>`_]"
  641 msgstr ""
  642 "OSprofiler support was added. This cross-project profiling library allows to "
  643 "trace various requests through all OpenStack services that support it. To "
  644 "initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
  645 "added to the CLI command. Configuration and usage details can be foung in "
  646 "[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
  647 "api.html>`_]"
  648 
  649 msgid ""
  650 "OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
  651 "file needs to be modified to contain osprofiler middleware."
  652 msgstr ""
  653 "OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
  654 "file needs to be modified to contain osprofiler middleware."
  655 
  656 msgid "Ocata Series Release Notes"
  657 msgstr "Ocata Series Release Notes"
  658 
  659 msgid "Other Notes"
  660 msgstr "Other Notes"
  661 
  662 msgid "PKI and PKIz token formats have been removed in favor of Fernet tokens."
  663 msgstr ""
  664 "PKI and PKIz token formats have been removed in favour of Fernet tokens."
  665 
  666 msgid "Pike Series Release Notes"
  667 msgstr "Pike Series Release Notes"
  668 
  669 msgid "Prelude"
  670 msgstr "Prelude"
  671 
  672 msgid ""
  673 "Project tags are implemented following the guidelines set by the `API "
  674 "Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
  675 "html>`_"
  676 msgstr ""
  677 "Project tags are implemented following the guidelines set by the `API "
  678 "Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
  679 "html>`_"
  680 
  681 msgid "Queens Series Release Notes"
  682 msgstr "Queens Series Release Notes"
  683 
  684 msgid ""
  685 "Routes and SQL backends for the contrib extensions have been removed, they "
  686 "have been incorporated into keystone and are no longer optional. This "
  687 "affects:"
  688 msgstr ""
  689 "Routes and SQL backends for the contrib extensions have been removed, they "
  690 "have been incorporated into Keystone and are no longer optional. This "
  691 "affects:"
  692 
  693 msgid ""
  694 "Running keystone in eventlet remains deprecated and will be removed in the "
  695 "Mitaka release."
  696 msgstr ""
  697 "Running Keystone in eventlet remains deprecated and will be removed in the "
  698 "Mitaka release."
  699 
  700 msgid ""
  701 "SECURITY INFO: The MFA rules are only processed when authentication happens "
  702 "through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
  703 "circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
  704 "recommended to disable V2 authentication for full enforcement of the MFA "
  705 "rules."
  706 msgstr ""
  707 "SECURITY INFO: The MFA rules are only processed when authentication happens "
  708 "through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
  709 "circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
  710 "recommended to disable V2 authentication for full enforcement of the MFA "
  711 "rules."
  712 
  713 msgid ""
  714 "Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
  715 "Only upgrades are supported."
  716 msgstr ""
  717 "Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
  718 "Only upgrades are supported."
  719 
  720 msgid "Security Issues"
  721 msgstr "Security Issues"
  722 
  723 msgid ""
  724 "See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
  725 "#project-tags>`_"
  726 msgstr ""
  727 "See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
  728 "#project-tags>`_"
  729 
  730 msgid ""
  731 "Set the following user attributes to ``True`` or ``False`` in an API "
  732 "request. To mark a user as exempt from the PCI password lockout policy::"
  733 msgstr ""
  734 "Set the following user attributes to ``True`` or ``False`` in an API "
  735 "request. To mark a user as exempt from the PCI password lockout policy::"
  736 
  737 msgid ""
  738 "Several configuration options have been deprecated, renamed, or moved to new "
  739 "sections in the ``keystone.conf`` file."
  740 msgstr ""
  741 "Several configuration options have been deprecated, renamed, or moved to new "
  742 "sections in the ``keystone.conf`` file."
  743 
  744 msgid ""
  745 "Several features were hardened, including Fernet tokens, federation, domain "
  746 "specific configurations from database and role assignments."
  747 msgstr ""
  748 "Several features were hardened, including Fernet tokens, federation, domain "
  749 "specific configurations from database and role assignments."
  750 
  751 msgid ""
  752 "Several token issuance methods from the abstract class ``keystone.token."
  753 "providers.base.Provider`` were removed (see below) in favor of a single "
  754 "method to issue tokens (``issue_token``). If using a custom token provider, "
  755 "updated the custom provider accordingly."
  756 msgstr ""
  757 "Several token issuance methods from the abstract class ``keystone.token."
  758 "providers.base.Provider`` were removed (see below) in favour of a single "
  759 "method to issue tokens (``issue_token``). If using a custom token provider, "
  760 "updated the custom provider accordingly."
  761 
  762 msgid ""
  763 "Several token validation methods from the abstract class ``keystone.token."
  764 "providers.base.Provider`` were removed (see below) in favor of a single "
  765 "method to validate tokens (``validate_token``), that has the signature "
  766 "``validate_token(self, token_ref)``. If using a custom token provider, "
  767 "update the custom provider accordingly."
  768 msgstr ""
  769 "Several token validation methods from the abstract class ``keystone.token."
  770 "providers.base.Provider`` were removed (see below) in favour of a single "
  771 "method to validate tokens (``validate_token``), that has the signature "
  772 "``validate_token(self, token_ref)``. If using a custom token provider, "
  773 "update the custom provider accordingly."
  774 
  775 msgid ""
  776 "Support for writing to LDAP has been removed. See ``Other Notes`` for more "
  777 "details."
  778 msgstr ""
  779 "Support for writing to LDAP has been removed. See ``Other Notes`` for more "
  780 "details."
  781 
  782 msgid ""
  783 "Support has now been added to send notification events on user/group "
  784 "membership. When a user is added or removed from a group a notification will "
  785 "be sent including the identifiers of both the user and the group."
  786 msgstr ""
  787 "Support has now been added to send notification events on user/group "
  788 "membership. When a user is added or removed from a group a notification will "
  789 "be sent including the identifiers of both the user and the group."
  790 
  791 msgid ""
  792 "Support was improved for out-of-tree drivers by defining stable driver "
  793 "interfaces."
  794 msgstr ""
  795 "Support was improved for out-of-tree drivers by defining stable driver "
  796 "interfaces."
  797 
  798 msgid "Tags are case sensitive"
  799 msgstr "Tags are case sensitive"
  800 
  801 msgid ""
  802 "The EC2 token middleware, deprecated in Juno, is no longer available in "
  803 "keystone. It has been moved to the keystonemiddleware package."
  804 msgstr ""
  805 "The EC2 token middleware, deprecated in Juno, is no longer available in "
  806 "Keystone. It has been moved to the keystonemiddleware package."
  807 
  808 msgid ""
  809 "The LDAP driver now also maps the user description attribute after user "
  810 "retrieval from LDAP. If this is undesired behavior for your setup, please "
  811 "add `description` to the `user_attribute_ignore` LDAP driver config setting. "
  812 "The default mapping of the description attribute is set to `description`. "
  813 "Please adjust the LDAP driver config setting `user_description_attribute` if "
  814 "your LDAP uses a different attribute name (for instance to `displayName` in "
  815 "case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
  816 "setting contains `description:description` you can remove this mapping, "
  817 "since this is now the default behavior."
  818 msgstr ""
  819 "The LDAP driver now also maps the user description attribute after user "
  820 "retrieval from LDAP. If this is undesired behaviour for your setup, please "
  821 "add `description` to the `user_attribute_ignore` LDAP driver config setting. "
  822 "The default mapping of the description attribute is set to `description`. "
  823 "Please adjust the LDAP driver config setting `user_description_attribute` if "
  824 "your LDAP uses a different attribute name (for instance to `displayName` in "
  825 "case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
  826 "setting contains `description:description` you can remove this mapping, "
  827 "since this is now the default behaviour."
  828 
  829 msgid ""
  830 "The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
  831 "users``) call; the options allow an admin to force a user to use specific "
  832 "forms of authentication or combinations of forms of authentication to get a "
  833 "token. The rules are specified as follows::"
  834 msgstr ""
  835 "The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
  836 "users``) call; the options allow an admin to force a user to use specific "
  837 "forms of authentication or combinations of forms of authentication to get a "
  838 "token. The rules are specified as follows::"
  839 
  840 msgid ""
  841 "The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
  842 "details."
  843 msgstr ""
  844 "The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
  845 "details."
  846 
  847 msgid ""
  848 "The V8 Federation driver interface is deprecated in favor of the V9 "
  849 "Federation driver interface. Support for the V8 Federation driver interface "
  850 "is planned to be removed in the 'O' release of OpenStack."
  851 msgstr ""
  852 "The V8 Federation driver interface is deprecated in favour of the V9 "
  853 "Federation driver interface. Support for the V8 Federation driver interface "
  854 "is planned to be removed in the 'O' release of OpenStack."
  855 
  856 msgid ""
  857 "The V8 Resource driver interface is deprecated. Support for the V8 Resource "
  858 "driver interface is planned to be removed in the 'O' release of OpenStack."
  859 msgstr ""
  860 "The V8 Resource driver interface is deprecated. Support for the V8 Resource "
  861 "driver interface is planned to be removed in the 'O' release of OpenStack."
  862 
  863 msgid ""
  864 "The XML middleware stub has been removed, so references to it must be "
  865 "removed from the ``keystone-paste.ini`` configuration file."
  866 msgstr ""
  867 "The XML middleware stub has been removed, so references to it must be "
  868 "removed from the ``keystone-paste.ini`` configuration file."
  869 
  870 msgid ""
  871 "The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
  872 "deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
  873 "APIs. These APIs were originally marked as deprecated during the Juno "
  874 "release cycle, but we never deprecated using ``versionutils`` from oslo. "
  875 "More information regarding this deprecation can be found in the `patch "
  876 "<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
  877 msgstr ""
  878 "The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
  879 "deprecated in favour of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
  880 "APIs. These APIs were originally marked as deprecated during the Juno "
  881 "release cycle, but we never deprecated using ``versionutils`` from oslo. "
  882 "More information regarding this deprecation can be found in the `patch "
  883 "<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
  884 
  885 msgid ""
  886 "The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
  887 "in favor of strictly immutable domain IDs."
  888 msgstr ""
  889 "The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
  890 "in favour of strictly immutable domain IDs."
  891 
  892 msgid ""
  893 "The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
  894 "the ability to change the ``domain_id`` attribute of users, groups, and "
  895 "projects. The behavior was introduced to allow deployers to migrate entities "
  896 "from one domain to another by updating the ``domain_id`` attribute of an "
  897 "entity. This functionality was deprecated in the Mitaka release is now "
  898 "removed."
  899 msgstr ""
  900 "The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
  901 "the ability to change the ``domain_id`` attribute of users, groups, and "
  902 "projects. The behaviour was introduced to allow deployers to migrate "
  903 "entities from one domain to another by updating the ``domain_id`` attribute "
  904 "of an entity. This functionality was deprecated in the Mitaka release is now "
  905 "removed."
  906 
  907 msgid ""
  908 "The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
  909 "default assignment driver if one wasn't supplied through configuration has "
  910 "been removed. Keystone only supports one assignment driver and it shouldn't "
  911 "be changed unless you're deploying a custom assignment driver."
  912 msgstr ""
  913 "The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
  914 "default assignment driver if one wasn't supplied through configuration has "
  915 "been removed. Keystone only supports one assignment driver and it shouldn't "
  916 "be changed unless you're deploying a custom assignment driver."
  917 
  918 msgid ""
  919 "The ``[endpoint_policy] enabled`` configuration option has been removed in "
  920 "favor of always enabling the endpoint policy extension."
  921 msgstr ""
  922 "The ``[endpoint_policy] enabled`` configuration option has been removed in "
  923 "favour of always enabling the endpoint policy extension."
  924 
  925 msgid ""
  926 "The ``[os_inherit] enabled`` config option has been removed, the `OS-"
  927 "INHERIT` extension is now always enabled."
  928 msgstr ""
  929 "The ``[os_inherit] enabled`` config option has been removed, the `OS-"
  930 "INHERIT` extension is now always enabled."
  931 
  932 msgid ""
  933 "The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
  934 "default resource driver if one wasn't supplied through configuration has "
  935 "been removed. Keystone only supports one resource driver and it shouldn't be "
  936 "changed unless you're deploying a custom resource driver."
  937 msgstr ""
  938 "The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
  939 "default resource driver if one wasn't supplied through configuration has "
  940 "been removed. Keystone only supports one resource driver and it shouldn't be "
  941 "changed unless you're deploying a custom resource driver."
  942 
  943 msgid ""
  944 "The ``[security_compliance] password_expires_ignore_user_ids`` option has "
  945 "been removed. Each user that should ignore password expiry should have the "
  946 "value set to \"true\" in the user's ``options`` attribute (e.g. "
  947 "``user['options']['ignore_password_expiry'] = True``) with a user update "
  948 "call."
  949 msgstr ""
  950 "The ``[security_compliance] password_expires_ignore_user_ids`` option has "
  951 "been removed. Each user that should ignore password expiry should have the "
  952 "value set to \"true\" in the user's ``options`` attribute (e.g. "
  953 "``user['options']['ignore_password_expiry'] = True``) with a user update "
  954 "call."
  955 
  956 msgid ""
  957 "The ``compute_port`` configuration option, deprecated in Juno, is no longer "
  958 "available."
  959 msgstr ""
  960 "The ``compute_port`` configuration option, deprecated in Juno, is no longer "
  961 "available."
  962 
  963 msgid ""
  964 "The ``enabled`` config option of the ``trust`` feature is deprecated and "
  965 "will be removed in the next release. Trusts will then always be enabled."
  966 msgstr ""
  967 "The ``enabled`` config option of the ``trust`` feature is deprecated and "
  968 "will be removed in the next release. Trusts will then always be enabled."
  969 
  970 msgid ""
  971 "The ``httpd/keystone.py`` file has been removed in favor of the ``keystone-"
  972 "wsgi-admin`` and ``keystone-wsgi-public`` scripts."
  973 msgstr ""
  974 "The ``httpd/keystone.py`` file has been removed in favour of the ``keystone-"
  975 "wsgi-admin`` and ``keystone-wsgi-public`` scripts."
  976 
  977 msgid ""
  978 "The ``keystone.conf`` file now references entrypoint names for drivers. For "
  979 "example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
  980 "rather than the full module path. See the sample configuration file for "
  981 "other examples."
  982 msgstr ""
  983 "The ``keystone.conf`` file now references entrypoint names for drivers. For "
  984 "example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
  985 "rather than the full module path. See the sample configuration file for "
  986 "other examples."
  987 
  988 msgid ""
  989 "The ``keystone/service.py`` file has been removed, the logic has been moved "
  990 "to the ``keystone/version/service.py``."
  991 msgstr ""
  992 "The ``keystone/service.py`` file has been removed, the logic has been moved "
  993 "to the ``keystone/version/service.py``."
  994 
  995 msgid ""
  996 "The ``memcache`` and ``memcache_pool`` token persistence backends have been "
  997 "removed in favor of using Fernet tokens (which require no persistence)."
  998 msgstr ""
  999 "The ``memcache`` and ``memcache_pool`` token persistence backends have been "
 1000 "removed in favour of using Fernet tokens (which require no persistence)."
 1001 
 1002 msgid ""
 1003 "The ``policies`` API is deprecated. Keystone is not a policy management "
 1004 "service."
 1005 msgstr ""
 1006 "The ``policies`` API is deprecated. Keystone is not a policy management "
 1007 "service."
 1008 
 1009 msgid ""
 1010 "The ``token`` auth method typically should not be specified in any MFA "
 1011 "Rules. The ``token`` auth method will include all previous auth methods for "
 1012 "the original auth request and will match the appropriate ruleset. This is "
 1013 "intentional, as the ``token`` method is used for rescoping/changing active "
 1014 "projects."
 1015 msgstr ""
 1016 "The ``token`` auth method typically should not be specified in any MFA "
 1017 "Rules. The ``token`` auth method will include all previous auth methods for "
 1018 "the original auth request and will match the appropriate ruleset. This is "
 1019 "intentional, as the ``token`` method is used for rescoping/changing active "
 1020 "projects."
 1021 
 1022 msgid ""
 1023 "The `keystone-paste.ini` file must be updated to remove extension filters, "
 1024 "and their use in ``[pipeline:api_v3]``. Remove the following filters: "
 1025 "``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
 1026 "endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
 1027 "sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
 1028 "keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
 1029 msgstr ""
 1030 "The `keystone-paste.ini` file must be updated to remove extension filters, "
 1031 "and their use in ``[pipeline:api_v3]``. Remove the following filters: "
 1032 "``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
 1033 "endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
 1034 "sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
 1035 "keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
 1036 
 1037 msgid ""
 1038 "The `keystone-paste.ini` file must be updated to remove extension filters, "
 1039 "and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
 1040 "pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
 1041 "``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
 1042 "openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
 1043 "for guidance."
 1044 msgstr ""
 1045 "The `keystone-paste.ini` file must be updated to remove extension filters, "
 1046 "and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
 1047 "pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
 1048 "``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
 1049 "openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
 1050 "for guidance."
 1051 
 1052 msgid ""
 1053 "The `os_inherit` configuration option is disabled. In the future, this "
 1054 "option will be removed and this portion of the API will be always enabled."
 1055 msgstr ""
 1056 "The `os_inherit` configuration option is disabled. In the future, this "
 1057 "option will be removed and this portion of the API will be always enabled."
 1058 
 1059 msgid ""
 1060 "The ability to validate a trust-scoped token against the v2.0 API has been "
 1061 "removed, in favor of using the version 3 of the API."
 1062 msgstr ""
 1063 "The ability to validate a trust-scoped token against the v2.0 API has been "
 1064 "removed, in favour of using the version 3 of the API."
 1065 
 1066 msgid ""
 1067 "The admin_token method of authentication was never intended to be used for "
 1068 "any purpose other than bootstrapping an install. However many deployments "
 1069 "had to leave the admin_token method enabled due to restrictions on editing "
 1070 "the paste file used to configure the web pipelines.  To minimize the risk "
 1071 "from this mechanism, the `admin_token` configuration value now defaults to a "
 1072 "python `None` value.  In addition, if the value is set to `None`, either "
 1073 "explicitly or implicitly, the `admin_token` will not be enabled, and an "
 1074 "attempt to use it will lead to a failed authentication."
 1075 msgstr ""
 1076 "The admin_token method of authentication was never intended to be used for "
 1077 "any purpose other than bootstrapping an install. However many deployments "
 1078 "had to leave the admin_token method enabled due to restrictions on editing "
 1079 "the paste file used to configure the web pipelines.  To minimize the risk "
 1080 "from this mechanism, the `admin_token` configuration value now defaults to a "
 1081 "python `None` value.  In addition, if the value is set to `None`, either "
 1082 "explicitly or implicitly, the `admin_token` will not be enabled, and an "
 1083 "attempt to use it will lead to a failed authentication."
 1084 
 1085 msgid ""
 1086 "The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
 1087 "favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
 1088 msgstr ""
 1089 "The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
 1090 "favour of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
 1091 
 1092 msgid ""
 1093 "The catalog backend ``endpoint_filter.sql`` has been removed. It has been "
 1094 "consolidated with the ``sql`` backend, therefore replace the "
 1095 "``endpoint_filter.sql`` catalog backend with the ``sql`` backend."
 1096 msgstr ""
 1097 "The catalogue backend ``endpoint_filter.sql`` has been removed. It has been "
 1098 "consolidated with the ``sql`` backend, therefore replace the "
 1099 "``endpoint_filter.sql`` catalogue backend with the ``sql`` backend."
 1100 
 1101 msgid ""
 1102 "The check for admin token from ``build_auth_context`` middleware has been "
 1103 "removed. If your deployment requires the use of `admin token`, update "
 1104 "``keystone-paste.ini`` so that ``admin_token_auth`` is before "
 1105 "``build_auth_context`` in the paste pipelines, otherwise remove the "
 1106 "``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
 1107 msgstr ""
 1108 "The check for admin token from ``build_auth_context`` middleware has been "
 1109 "removed. If your deployment requires the use of `admin token`, update "
 1110 "``keystone-paste.ini`` so that ``admin_token_auth`` is before "
 1111 "``build_auth_context`` in the paste pipelines, otherwise remove the "
 1112 "``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
 1113 
 1114 msgid ""
 1115 "The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
 1116 "only used for rolling-upgrade from Ocata release to Pike release."
 1117 msgstr ""
 1118 "The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
 1119 "only used for rolling-upgrade from Ocata release to Pike release."
 1120 
 1121 msgid ""
 1122 "The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
 1123 "`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
 1124 "using LDAP drivers are affected. Additional configuration options are "
 1125 "available in the `[ldap]` section to tune connection pool size, etc."
 1126 msgstr ""
 1127 "The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
 1128 "`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
 1129 "using LDAP drivers are affected. Additional configuration options are "
 1130 "available in the `[ldap]` section to tune connection pool size, etc."
 1131 
 1132 msgid ""
 1133 "The credentials list call can now have its results filtered by credential "
 1134 "type."
 1135 msgstr ""
 1136 "The credentials list call can now have its results filtered by credential "
 1137 "type."
 1138 
 1139 msgid ""
 1140 "The default setting for the `os_inherit` configuration option is changed to "
 1141 "True. If it is required to continue with this portion of the API disabled, "
 1142 "then override the default setting by explicitly specifying the os_inherit "
 1143 "option as False."
 1144 msgstr ""
 1145 "The default setting for the `os_inherit` configuration option is changed to "
 1146 "True. If it is required to continue with this portion of the API disabled, "
 1147 "then override the default setting by explicitly specifying the os_inherit "
 1148 "option as False."
 1149 
 1150 msgid "The default token provider is now Fernet."
 1151 msgstr "The default token provider is now Fernet."
 1152 
 1153 msgid ""
 1154 "The external authentication plugins ExternalDefault, ExternalDomain, "
 1155 "LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
 1156 "available."
 1157 msgstr ""
 1158 "The external authentication plugins ExternalDefault, ExternalDomain, "
 1159 "LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
 1160 "available."
 1161 
 1162 msgid ""
 1163 "The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
 1164 "into the main auth middleware (``keystone.middleware.auth."
 1165 "AuthContextMiddleware``)."
 1166 msgstr ""
 1167 "The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
 1168 "into the main auth middleware (``keystone.middleware.auth."
 1169 "AuthContextMiddleware``)."
 1170 
 1171 msgid ""
 1172 "The identity backend driver interface has changed. A new method, "
 1173 "`unset_default_project_id(project_id)`, was added to unset a user's default "
 1174 "project ID for a given project ID. Custom backend implementations must "
 1175 "implement this method."
 1176 msgstr ""
 1177 "The identity backend driver interface has changed. A new method, "
 1178 "`unset_default_project_id(project_id)`, was added to unset a user's default "
 1179 "project ID for a given project ID. Custom backend implementations must "
 1180 "implement this method."
 1181 
 1182 msgid ""
 1183 "The identity backend driver interface has changed. We've added a new "
 1184 "``change_password()`` method for self service password changes. If you have "
 1185 "a custom implementation for the identity driver, you will need to implement "
 1186 "this new method."
 1187 msgstr ""
 1188 "The identity backend driver interface has changed. We've added a new "
 1189 "``change_password()`` method for self service password changes. If you have "
 1190 "a custom implementation for the identity driver, you will need to implement "
 1191 "this new method."
 1192 
 1193 msgid ""
 1194 "The implementation for checking database state during an upgrade with the "
 1195 "use of `keystone-manage db_sync --check` has been corrected. This allows "
 1196 "users and automation to determine what step is next in a rolling upgrade "
 1197 "based on logging and command status codes."
 1198 msgstr ""
 1199 "The implementation for checking database state during an upgrade with the "
 1200 "use of `keystone-manage db_sync --check` has been corrected. This allows "
 1201 "users and automation to determine what step is next in a rolling upgrade "
 1202 "based on logging and command status codes."
 1203 
 1204 msgid ""
 1205 "The list_project_ids_for_user(), list_domain_ids_for_user(), "
 1206 "list_user_ids_for_project(), list_project_ids_for_groups(), "
 1207 "list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
 1208 "list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
 1209 "version of the Assignment driver."
 1210 msgstr ""
 1211 "The list_project_ids_for_user(), list_domain_ids_for_user(), "
 1212 "list_user_ids_for_project(), list_project_ids_for_groups(), "
 1213 "list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and "
 1214 "list_role_ids_for_groups_on_domain() methods have been removed from the V9 "
 1215 "version of the Assignment driver."
 1216 
 1217 msgid "The method signature has changed from::"
 1218 msgstr "The method signature has changed from::"
 1219 
 1220 msgid ""
 1221 "The resource backend cannot be configured to anything but SQL if the SQL "
 1222 "Identity backend is being used. The resource backend must now be SQL which "
 1223 "allows for the use of Foreign Keys to domains/projects wherever desired. "
 1224 "This makes managing project relationships and such much more straight "
 1225 "forward. The inability to configure non-SQL resource backends has been in "
 1226 "Keystone since at least Ocata. This is eliminating some complexity and "
 1227 "preventing the need for some really ugly back-port SQL migrations in favor "
 1228 "of a better model. Resource is highly relational and should be SQL based."
 1229 msgstr ""
 1230 "The resource backend cannot be configured to anything but SQL if the SQL "
 1231 "Identity backend is being used. The resource backend must now be SQL which "
 1232 "allows for the use of Foreign Keys to domains/projects wherever desired. "
 1233 "This makes managing project relationships and such much more straight "
 1234 "forward. The inability to configure non-SQL resource backends has been in "
 1235 "Keystone since at least Ocata. This is eliminating some complexity and "
 1236 "preventing the need for some really ugly back-port SQL migrations in favour "
 1237 "of a better model. Resource is highly relational and should be SQL based."
 1238 
 1239 msgid ""
 1240 "The response's content type for creating request token or access token is "
 1241 "changed to `application/x-www-form-urlencoded`, the old value `application/x-"
 1242 "www-urlformencoded` is invalid and will no longer be used."
 1243 msgstr ""
 1244 "The response's content type for creating request token or access token is "
 1245 "changed to `application/x-www-form-urlencoded`, the old value `application/x-"
 1246 "www-urlformencoded` is invalid and will no longer be used."
 1247 
 1248 msgid ""
 1249 "The rules are specified as a list of lists. The elements of the sub-lists "
 1250 "must be strings and are intended to mirror the required authentication "
 1251 "method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
 1252 "conf`` file in the ``[auth] methods`` option."
 1253 msgstr ""
 1254 "The rules are specified as a list of lists. The elements of the sub-lists "
 1255 "must be strings and are intended to mirror the required authentication "
 1256 "method names (e.g. ``password``, ``totp``, etc) as defined in the ``keystone."
 1257 "conf`` file in the ``[auth] methods`` option."
 1258 
 1259 msgid ""
 1260 "The token provider API has removed the ``needs_persistence`` property from "
 1261 "the abstract interface. Token providers are expected to handle persistence "
 1262 "requirement if needed. This will require out-of-tree token providers to "
 1263 "remove the unused property and handle token storage."
 1264 msgstr ""
 1265 "The token provider API has removed the ``needs_persistence`` property from "
 1266 "the abstract interface. Token providers are expected to handle persistence "
 1267 "requirement if needed. This will require out-of-tree token providers to "
 1268 "remove the unused property and handle token storage."
 1269 
 1270 msgid ""
 1271 "The token_formatter utility class has been moved from under fernet to the "
 1272 "default token directory. This is to allow for the reuse of functionality "
 1273 "with other token providers. Any deployments that are specifically using the "
 1274 "fernet utils may be affected and will need to adjust accordingly."
 1275 msgstr ""
 1276 "The token_formatter utility class has been moved from under fernet to the "
 1277 "default token directory. This is to allow for the reuse of functionality "
 1278 "with other token providers. Any deployments that are specifically using the "
 1279 "fernet utils may be affected and will need to adjust accordingly."
 1280 
 1281 msgid ""
 1282 "The trusts table now has an expires_at_int column that represents the "
 1283 "expiration time as an integer instead of a datetime object. This will "
 1284 "prevent rounding errors related to the way date objects are stored in some "
 1285 "versions of MySQL. The expires_at column remains, but will be dropped in "
 1286 "Rocky."
 1287 msgstr ""
 1288 "The trusts table now has an expires_at_int column that represents the "
 1289 "expiration time as an integer instead of a datetime object. This will "
 1290 "prevent rounding errors related to the way date objects are stored in some "
 1291 "versions of MySQL. The expires_at column remains, but will be dropped in "
 1292 "Rocky."
 1293 
 1294 msgid ""
 1295 "The use of `sha512_crypt` is considered inadequate for password hashing in "
 1296 "an application like Keystone. The use of bcrypt or scrypt is recommended to "
 1297 "ensure protection against password cracking utilities if the hashes are "
 1298 "exposed. This is due to Time-Complexity requirements for computing the "
 1299 "hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
 1300 "moved to bcrypt as a default and no longer hashes new passwords (and "
 1301 "password changes) with sha512_crypt. It is recommended passwords be changed "
 1302 "after upgrade to Pike. The risk of password hash exposure is limited, but "
 1303 "for the best possible protection against cracking the hash it is recommended "
 1304 "passwords be changed after upgrade. The password change will then result in "
 1305 "a more secure hash (bcrypt by default) being used to store the password in "
 1306 "the DB."
 1307 msgstr ""
 1308 "The use of `sha512_crypt` is considered inadequate for password hashing in "
 1309 "an application like Keystone. The use of bcrypt or scrypt is recommended to "
 1310 "ensure protection against password cracking utilities if the hashes are "
 1311 "exposed. This is due to Time-Complexity requirements for computing the "
 1312 "hashes in light of modern hardware (CPU, GPU, ASIC, FPGA, etc). Keystone has "
 1313 "moved to bcrypt as a default and no longer hashes new passwords (and "
 1314 "password changes) with sha512_crypt. It is recommended passwords be changed "
 1315 "after upgrade to Pike. The risk of password hash exposure is limited, but "
 1316 "for the best possible protection against cracking the hash it is recommended "
 1317 "passwords be changed after upgrade. The password change will then result in "
 1318 "a more secure hash (bcrypt by default) being used to store the password in "
 1319 "the DB."
 1320 
 1321 msgid ""
 1322 "The use of admin_token filter is insecure compared to the use of a proper "
 1323 "username/password. Historically the admin_token filter has been left enabled "
 1324 "in Keystone after initialization due to the way CMS systems work. Moving to "
 1325 "an out-of-band initialization using ``keystone-manage bootstrap`` will "
 1326 "eliminate the security concerns around a static shared string that conveys "
 1327 "admin access to keystone and therefore to the entire installation."
 1328 msgstr ""
 1329 "The use of admin_token filter is insecure compared to the use of a proper "
 1330 "username/password. Historically the admin_token filter has been left enabled "
 1331 "in Keystone after initialisation due to the way CMS systems work. Moving to "
 1332 "an out-of-band initialisation using ``keystone-manage bootstrap`` will "
 1333 "eliminate the security concerns around a static shared string that conveys "
 1334 "admin access to Keystone and therefore to the entire installation."
 1335 
 1336 msgid ""
 1337 "Third-party extensions that extend the abstract class "
 1338 "(``ShadowUsersDriverBase``) should be updated according to the new parameter "
 1339 "names."
 1340 msgstr ""
 1341 "Third-party extensions that extend the abstract class "
 1342 "(``ShadowUsersDriverBase``) should be updated according to the new parameter "
 1343 "names."
 1344 
 1345 msgid ""
 1346 "This release adds support for Application Credentials, a new way to allow "
 1347 "applications and automated tooling to authenticate with keystone. Rather "
 1348 "than storing a username and password in an application's config file, which "
 1349 "can pose security risks, you can now create an application credential to "
 1350 "allow an application to authenticate and acquire a preset scope and role "
 1351 "assignments. This is especially useful for LDAP and federated users, who can "
 1352 "now delegate their cloud management tasks to a keystone-specific resource, "
 1353 "rather than share their externally managed credentials with keystone and "
 1354 "risk a compromise of those external systems. Users can delegate a subset of "
 1355 "their role assignments to an application credential, allowing them to "
 1356 "strategically limit their application's access to the minimum needed. Unlike "
 1357 "passwords, a user can have more than one active application credential, "
 1358 "which means they can be rotated without causing downtime for the "
 1359 "applications using them."
 1360 msgstr ""
 1361 "This release adds support for Application Credentials, a new way to allow "
 1362 "applications and automated tooling to authenticate with keystone. Rather "
 1363 "than storing a username and password in an application's config file, which "
 1364 "can pose security risks, you can now create an application credential to "
 1365 "allow an application to authenticate and acquire a preset scope and role "
 1366 "assignments. This is especially useful for LDAP and federated users, who can "
 1367 "now delegate their cloud management tasks to a keystone-specific resource, "
 1368 "rather than share their externally managed credentials with keystone and "
 1369 "risk a compromise of those external systems. Users can delegate a subset of "
 1370 "their role assignments to an application credential, allowing them to "
 1371 "strategically limit their application's access to the minimum needed. Unlike "
 1372 "passwords, a user can have more than one active application credential, "
 1373 "which means they can be rotated without causing downtime for the "
 1374 "applications using them."
 1375 
 1376 msgid "To mark a user as exempt from the PCI password expiry policy::"
 1377 msgstr "To mark a user as exempt from the PCI password expiry policy::"
 1378 
 1379 msgid "To mark a user as exempt from the PCI reset policy::"
 1380 msgstr "To mark a user as exempt from the PCI reset policy::"
 1381 
 1382 msgid "To mark a user exempt from the MFA Rules::"
 1383 msgstr "To mark a user exempt from the MFA Rules::"
 1384 
 1385 msgid "To the properly written::"
 1386 msgstr "To the properly written::"
 1387 
 1388 msgid "To::"
 1389 msgstr "To::"
 1390 
 1391 msgid ""
 1392 "Token persistence driver/code (SQL) is deprecated with this patch since it "
 1393 "is only used by the UUID token provider.."
 1394 msgstr ""
 1395 "Token persistence driver/code (SQL) is deprecated with this patch since it "
 1396 "is only used by the UUID token provider.."
 1397 
 1398 msgid "Tokens can now be cached when issued."
 1399 msgstr "Tokens can now be cached when issued."
 1400 
 1401 msgid ""
 1402 "UUID token provider ``[token] provider=uuid`` has been deprecated in favor "
 1403 "of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
 1404 "the default UUID tokens can be slated for removal in the R release. This "
 1405 "also deprecates token-bind support as it was never implemented for fernet."
 1406 msgstr ""
 1407 "UUID token provider ``[token] provider=uuid`` has been deprecated in favour "
 1408 "of Fernet tokens ``[token] provider=fernet``. With Fernet tokens becoming "
 1409 "the default UUID tokens can be slated for removal in the R release. This "
 1410 "also deprecates token-bind support as it was never implemented for fernet."
 1411 
 1412 msgid "Upgrade Notes"
 1413 msgstr "Upgrade Notes"
 1414 
 1415 msgid ""
 1416 "Use of ``$(tenant_id)s`` in the catalog endpoints is deprecated in favor of "
 1417 "``$(project_id)s``."
 1418 msgstr ""
 1419 "Use of ``$(tenant_id)s`` in the catalogue endpoints is deprecated in favour "
 1420 "of ``$(project_id)s``."
 1421 
 1422 msgid ""
 1423 "Using LDAP as the resource backend, i.e for projects and domains, is now "
 1424 "deprecated and will be removed in the Mitaka release."
 1425 msgstr ""
 1426 "Using LDAP as the resource backend, i.e for projects and domains, is now "
 1427 "deprecated and will be removed in the Mitaka release."
 1428 
 1429 msgid ""
 1430 "Using the full path to the driver class is deprecated in favor of using the "
 1431 "entrypoint. In the Mitaka release, the entrypoint must be used."
 1432 msgstr ""
 1433 "Using the full path to the driver class is deprecated in favour of using the "
 1434 "entrypoint. In the Mitaka release, the entrypoint must be used."
 1435 
 1436 msgid ""
 1437 "We have added the ``password_expires_at`` attribute to the user response "
 1438 "object."
 1439 msgstr ""
 1440 "We have added the ``password_expires_at`` attribute to the user response "
 1441 "object."
 1442 
 1443 msgid ""
 1444 "We now expose entrypoints for the ``keystone-manage`` command instead of a "
 1445 "file."
 1446 msgstr ""
 1447 "We now expose entrypoints for the ``keystone-manage`` command instead of a "
 1448 "file."
 1449 
 1450 msgid ""
 1451 "Write support for the LDAP has been removed in favor of read-only support. "
 1452 "The following operations are no longer supported for LDAP:"
 1453 msgstr ""
 1454 "Write support for the LDAP has been removed in favour of read-only support. "
 1455 "The following operations are no longer supported for LDAP:"
 1456 
 1457 msgid ""
 1458 "[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
 1459 "new PCI-DSS feature that will require users to immediately change their "
 1460 "password upon first use for new users and after an administrative password "
 1461 "reset. The new feature can be enabled by setting [security_compliance] "
 1462 "``change_password_upon_first_use`` to ``True``."
 1463 msgstr ""
 1464 "[`Bug 1645487 <https://bugs.launchpad.net/keystone/+bug/1645487>`_] Added a "
 1465 "new PCI-DSS feature that will require users to immediately change their "
 1466 "password upon first use for new users and after an administrative password "
 1467 "reset. The new feature can be enabled by setting [security_compliance] "
 1468 "``change_password_upon_first_use`` to ``True``."
 1469 
 1470 msgid ""
 1471 "[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
 1472 "default policy for listing revocation events has changed. Previously, any "
 1473 "authenticated user could list revocation events; it is now, by default, an "
 1474 "admin or service user only function. This can be changed by modifying the "
 1475 "policy file being used by keystone."
 1476 msgstr ""
 1477 "[`Bug 1649446 <https://bugs.launchpad.net/keystone/+bug/1651989>`_] The "
 1478 "default policy for listing revocation events has changed. Previously, any "
 1479 "authenticated user could list revocation events; it is now, by default, an "
 1480 "admin or service user only function. This can be changed by modifying the "
 1481 "policy file being used by Keystone."
 1482 
 1483 msgid ""
 1484 "[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
 1485 "+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
 1486 "in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
 1487 "json``. From::"
 1488 msgstr ""
 1489 "[`Related to Bug 1649446 <https://bugs.launchpad.net/keystone/"
 1490 "+bug/1649446>`_] The ``identity:list_revoke_events`` rule has been changed "
 1491 "in both sample policy files, ``policy.json`` and ``policy.v3cloudsample."
 1492 "json``. From::"
 1493 
 1494 msgid ""
 1495 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1496 "allow-expired>`_] An `allow_expired` flag is added to the token validation "
 1497 "call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
 1498 "expired. This allows for validating tokens in long running operations."
 1499 msgstr ""
 1500 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1501 "allow-expired>`_] An `allow_expired` flag is added to the token validation "
 1502 "call (``GET/HEAD  /v3/auth/tokens``) that allows fetching a token that has "
 1503 "expired. This allows for validating tokens in long running operations."
 1504 
 1505 msgid ""
 1506 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1507 "allow-expired>`_] To allow long running operations to complete services must "
 1508 "be able to fetch expired tokens via the ``allow_expired`` flag. The length "
 1509 "of time a token is retrievable for beyond its traditional expiry is managed "
 1510 "by the ``[token] allow_expired_window`` option and so the data must be "
 1511 "retrievable for this about of time. When using fernet tokens this means that "
 1512 "the key rotation period must exceed this time so that older tokens are still "
 1513 "decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
 1514 "expiration`` + ``[token] allow_expired_window`` seconds."
 1515 msgstr ""
 1516 "[`blueprint allow-expired <https://blueprints.launchpad.net/keystone/+spec/"
 1517 "allow-expired>`_] To allow long running operations to complete services must "
 1518 "be able to fetch expired tokens via the ``allow_expired`` flag. The length "
 1519 "of time a token is retrievable for beyond its traditional expiry is managed "
 1520 "by the ``[token] allow_expired_window`` option and so the data must be "
 1521 "retrievable for this about of time. When using fernet tokens this means that "
 1522 "the key rotation period must exceed this time so that older tokens are still "
 1523 "decrytable. Ensure that you do not rotate fernet keys faster than ``[token] "
 1524 "expiration`` + ``[token] allow_expired_window`` seconds."
 1525 
 1526 msgid ""
 1527 "[`blueprint application-credentials <https://blueprints.launchpad.net/"
 1528 "keystone/+spec/application-credentials>`_] Users can now create Application "
 1529 "Credentials, a new keystone resource that can provide an application with "
 1530 "the means to get a token from keystone with a preset scope and role "
 1531 "assignments. To authenticate with an application credential, an application "
 1532 "can use the normal token API with the 'application_credential' auth method."
 1533 msgstr ""
 1534 "[`blueprint application-credentials <https://blueprints.launchpad.net/"
 1535 "keystone/+spec/application-credentials>`_] Users can now create Application "
 1536 "Credentials, a new keystone resource that can provide an application with "
 1537 "the means to get a token from keystone with a preset scope and role "
 1538 "assignments. To authenticate with an application credential, an application "
 1539 "can use the normal token API with the 'application_credential' auth method."
 1540 
 1541 msgid ""
 1542 "[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
 1543 "bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
 1544 "so that a keystone install can be initialized without the need of the "
 1545 "admin_token filter in the paste-ini."
 1546 msgstr ""
 1547 "[`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/"
 1548 "bootstrap>`_] keystone-manage now supports the bootstrap command on the CLI "
 1549 "so that a keystone install can be initialised without the need of the "
 1550 "admin_token filter in the paste-ini."
 1551 
 1552 msgid ""
 1553 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1554 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
 1555 "and PKIz token formats have been deprecated. They will be removed in the 'O' "
 1556 "release. Due to this change, the `hash_algorithm` option in the `[token]` "
 1557 "section of the configuration file has also been deprecated. Also due to this "
 1558 "change, the ``keystone-manage pki_setup`` command has been deprecated as "
 1559 "well."
 1560 msgstr ""
 1561 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1562 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the PKI "
 1563 "and PKIz token formats have been deprecated. They will be removed in the 'O' "
 1564 "release. Due to this change, the `hash_algorithm` option in the `[token]` "
 1565 "section of the configuration file has also been deprecated. Also due to this "
 1566 "change, the ``keystone-manage pki_setup`` command has been deprecated as "
 1567 "well."
 1568 
 1569 msgid ""
 1570 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1571 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1572 "auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
 1573 "recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
 1574 "``saml2`` plugin will be removed in the 'O' release."
 1575 msgstr ""
 1576 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1577 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1578 "auth plugin `keystone.auth.plugins.saml2.Saml2` has been deprecated. It is "
 1579 "recommended to use `keystone.auth.plugins.mapped.Mapped` instead. The "
 1580 "``saml2`` plugin will be removed in the 'O' release."
 1581 
 1582 msgid ""
 1583 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1584 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1585 "simple_cert_extension is deprecated since it is only used in support of the "
 1586 "PKI and PKIz token formats.  It will be removed in the 'O' release."
 1587 msgstr ""
 1588 "[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/"
 1589 "keystone/+spec/deprecated-as-of-mitaka>`_] As of the Mitaka release, the "
 1590 "simple_cert_extension is deprecated since it is only used in support of the "
 1591 "PKI and PKIz token formats.  It will be removed in the 'O' release."
 1592 
 1593 msgid ""
 1594 "[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
 1595 "was introduced in Queens that resulted in system role assignments being "
 1596 "returned when querying the role assignments API for a specific role. The "
 1597 "issue is fixed and the list of roles returned from ``GET /v3/"
 1598 "role_assignments?role.id={role_id}`` respects system role assignments."
 1599 msgstr ""
 1600 "[`bug 1748970 <https://bugs.launchpad.net/keystone/+bug/1748970>`_] A bug "
 1601 "was introduced in Queens that resulted in system role assignments being "
 1602 "returned when querying the role assignments API for a specific role. The "
 1603 "issue is fixed and the list of roles returned from ``GET /v3/"
 1604 "role_assignments?role.id={role_id}`` respects system role assignments."
 1605 
 1606 msgid ""
 1607 "[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
 1608 "system role assignment will be removed when the user is deleted."
 1609 msgstr ""
 1610 "[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_] A user's "
 1611 "system role assignment will be removed when the user is deleted."
 1612 
 1613 msgid ""
 1614 "[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
 1615 "group's system role assignments are removed when the group is deleted."
 1616 msgstr ""
 1617 "[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_] A "
 1618 "group's system role assignments are removed when the group is deleted."
 1619 
 1620 msgid ""
 1621 "[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
 1622 "now can have the resource option ``lock_password`` set which prevents the "
 1623 "user from utilizing the self-service password change API. Valid values are "
 1624 "``True``, ``False``, or \"None\" (where ``None`` clears the option)."
 1625 msgstr ""
 1626 "[`bug 1755874 <https://bugs.launchpad.net/keystone/+bug/1755874>`_] Users "
 1627 "now can have the resource option ``lock_password`` set which prevents the "
 1628 "user from utilizing the self-service password change API. Valid values are "
 1629 "``True``, ``False``, or \"None\" (where ``None`` clears the option)."
 1630 
 1631 msgid ""
 1632 "[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
 1633 "filtering projects based on tags, the filtering will now be performed by "
 1634 "matching a subset containing the given tags against projects, rather than "
 1635 "exact matching. Providing more tags when performing a search will yield more "
 1636 "exact results while less will return any projects that match the given tags "
 1637 "but could contain other tags as well."
 1638 msgstr ""
 1639 "[`bug 1756190 <https://bugs.launchpad.net/keystone/+bug/1756190>`_] When "
 1640 "filtering projects based on tags, the filtering will now be performed by "
 1641 "matching a subset containing the given tags against projects, rather than "
 1642 "exact matching. Providing more tags when performing a search will yield more "
 1643 "exact results while less will return any projects that match the given tags "
 1644 "but could contain other tags as well."
 1645 
 1646 msgid ""
 1647 "[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
 1648 "previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
 1649 "command would purge all mapping incorrectly instead of only purging the "
 1650 "specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
 1651 "`` now purges only specified type mappings as expected."
 1652 msgstr ""
 1653 "[`bug 1757022 <https://bugs.launchpad.net/keystone/+bug/1757022>`_] In "
 1654 "previous releases,  ``keystone-manage mapping_purge --type {user,group}`` "
 1655 "command would purge all mapping incorrectly instead of only purging the "
 1656 "specified type mappings. ``keystone-manage mapping_purge --type {user,group}"
 1657 "`` now purges only specified type mappings as expected."
 1658 
 1659 msgid ""
 1660 "[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
 1661 "``keystone-manage token_flush`` command no longer establishes a connection "
 1662 "to a database, or persistence backend. It's usage should be removed if "
 1663 "you're using a supported non-persistent token format. If you're relying on "
 1664 "external token providers that write tokens to disk and would like to "
 1665 "maintain this functionality, please consider porting it to a separate tool."
 1666 msgstr ""
 1667 "[`bug 1759289 <https://bugs.launchpad.net/keystone/+bug/1759289>`_] The "
 1668 "``keystone-manage token_flush`` command no longer establishes a connection "
 1669 "to a database, or persistence backend. It's usage should be removed if "
 1670 "you're using a supported non-persistent token format. If you're relying on "
 1671 "external token providers that write tokens to disk and would like to "
 1672 "maintain this functionality, please consider porting it to a separate tool."
 1673 
 1674 msgid ""
 1675 "[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
 1676 "deleting a shadow user, the related cache info is not invalidated so that "
 1677 "Keystone will raise 404 UserNotFound error when authenticating with the "
 1678 "previous federation info. This bug has been fixed now."
 1679 msgstr ""
 1680 "[`bug 1760205 <https://bugs.launchpad.net/keystone/+bug/1760205>`_] When "
 1681 "deleting a shadow user, the related cache info is not invalidated so that "
 1682 "Keystone will raise 404 UserNotFound error when authenticating with the "
 1683 "previous federation info. This bug has been fixed now."
 1684 
 1685 msgid "``delete group``"
 1686 msgstr "``delete group``"
 1687 
 1688 msgid "``delete user``"
 1689 msgstr "``delete user``"
 1690 
 1691 msgid "``issue_v2_token``"
 1692 msgstr "``issue_v2_token``"
 1693 
 1694 msgid "``issue_v3_token``"
 1695 msgstr "``issue_v3_token``"
 1696 
 1697 msgid ""
 1698 "``keystone-manage db_sync`` will no longer create the Default domain. This "
 1699 "domain is used as the domain for any users created using the legacy v2.0 "
 1700 "API. A default domain is created by ``keystone-manage bootstrap`` and when a "
 1701 "user or project is created using the legacy v2.0 API."
 1702 msgstr ""
 1703 "``keystone-manage db_sync`` will no longer create the Default domain. This "
 1704 "domain is used as the domain for any users created using the legacy v2.0 "
 1705 "API. A default domain is created by ``keystone-manage bootstrap`` and when a "
 1706 "user or project is created using the legacy v2.0 API."
 1707 
 1708 msgid "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"
 1709 msgstr "``keystone.common.kvs.backends.inmemdb.MemoryBackend``"
 1710 
 1711 msgid "``keystone.common.kvs.backends.memcached.MemcachedBackend``"
 1712 msgstr "``keystone.common.kvs.backends.memcached.MemcachedBackend``"
 1713 
 1714 msgid "``keystone.token.persistence.backends.kvs.Token``"
 1715 msgstr "``keystone.token.persistence.backends.kvs.Token``"
 1716 
 1717 msgid "``keystone/common/cache/backends/memcache_pool``"
 1718 msgstr "``keystone/common/cache/backends/memcache_pool``"
 1719 
 1720 msgid "``keystone/common/cache/backends/mongo``"
 1721 msgstr "``keystone/common/cache/backends/mongo``"
 1722 
 1723 msgid "``keystone/common/cache/backends/noop``"
 1724 msgstr "``keystone/common/cache/backends/noop``"
 1725 
 1726 msgid "``keystone/contrib/admin_crud``"
 1727 msgstr "``keystone/contrib/admin_crud``"
 1728 
 1729 msgid "``keystone/contrib/endpoint_filter``"
 1730 msgstr "``keystone/contrib/endpoint_filter``"
 1731 
 1732 msgid "``keystone/contrib/federation``"
 1733 msgstr "``keystone/contrib/federation``"
 1734 
 1735 msgid "``keystone/contrib/oauth1``"
 1736 msgstr "``keystone/contrib/oauth1``"
 1737 
 1738 msgid "``keystone/contrib/revoke``"
 1739 msgstr "``keystone/contrib/revoke``"
 1740 
 1741 msgid "``keystone/contrib/simple_cert``"
 1742 msgstr "``keystone/contrib/simple_cert``"
 1743 
 1744 msgid "``keystone/contrib/user_crud``"
 1745 msgstr "``keystone/contrib/user_crud``"
 1746 
 1747 msgid ""
 1748 "``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
 1749 "added to SAML assertion in order to map user and project domains, "
 1750 "respectively."
 1751 msgstr ""
 1752 "``openstack_user_domain`` and ``openstack_project_domain`` attributes were "
 1753 "added to SAML assertion in order to map user and project domains, "
 1754 "respectively."
 1755 
 1756 msgid "``remove user from group``"
 1757 msgstr "``remove user from group``"
 1758 
 1759 msgid "``update group``"
 1760 msgstr "``update group``"
 1761 
 1762 msgid "``update user``"
 1763 msgstr "``update user``"
 1764 
 1765 msgid "``validate_non_persistent_token``"
 1766 msgstr "``validate_non_persistent_token``"
 1767 
 1768 msgid "``validate_v2_token``"
 1769 msgstr "``validate_v2_token``"
 1770 
 1771 msgid "``validate_v3_token``"
 1772 msgstr "``validate_v3_token``"
 1773 
 1774 msgid "all config options under ``[kvs]`` in `keystone.conf`"
 1775 msgstr "all config options under ``[kvs]`` in `keystone.conf`"
 1776 
 1777 msgid "and will return a list of mappings for a given domain ID."
 1778 msgstr "and will return a list of mappings for a given domain ID."
 1779 
 1780 msgid "eq - password expires at the timestamp"
 1781 msgstr "eq - password expires at the timestamp"
 1782 
 1783 msgid "gt - password expires after the timestamp"
 1784 msgstr "gt - password expires after the timestamp"
 1785 
 1786 msgid "gte - password expires at or after the timestamp"
 1787 msgstr "gte - password expires at or after the timestamp"
 1788 
 1789 msgid "lt - password expires before the timestamp"
 1790 msgstr "lt - password expires before the timestamp"
 1791 
 1792 msgid "lte - password expires at or before timestamp"
 1793 msgstr "lte - password expires at or before timestamp"
 1794 
 1795 msgid "neq - password expires not at the timestamp"
 1796 msgstr "neq - password expires not at the timestamp"
 1797 
 1798 msgid ""
 1799 "stats_monitoring and stats_reporting paste filters have been removed, so "
 1800 "references to it must be removed from the ``keystone-paste.ini`` "
 1801 "configuration file."
 1802 msgstr ""
 1803 "stats_monitoring and stats_reporting paste filters have been removed, so "
 1804 "references to it must be removed from the ``keystone-paste.ini`` "
 1805 "configuration file."
 1806 
 1807 msgid "the config option ``[memcached] servers`` in `keystone.conf`"
 1808 msgstr "the config option ``[memcached] servers`` in `keystone.conf`"
 1809 
 1810 msgid "to::"
 1811 msgstr "to::"