From fe7b4e3267a8b79336b6a80cb384b9d975046b45 Mon Sep 17 00:00:00 2001
From: Pavlo Shchelokovskyy <shchelokovskyy@gmail.com>
Date: Thu, 15 Dec 2016 16:39:13 +0200
Subject: [PATCH] Update config sample

all changes are from inspector dependencies.

Change-Id: Ib226a32716458ac6b22f2d13b60d08a49461cdfe
---
 example.conf | 66 +++++++++++++++++++++++++++++++++++++---------------
 1 file changed, 47 insertions(+), 19 deletions(-)

diff --git a/example.conf b/example.conf
index 8fff7e519..102b28fc0 100644
--- a/example.conf
+++ b/example.conf
@@ -135,7 +135,7 @@
 
 # Log output to standard error. This option is ignored if
 # log_config_append is set. (boolean value)
-#use_stderr = true
+#use_stderr = false
 
 # Format string to use for log messages with context. (string value)
 #logging_context_format_string = %(asctime)s.%(msecs)03d %(process)d %(levelname)s %(name)s [%(request_id)s %(user_identity)s] %(instance)s%(message)s
@@ -171,6 +171,19 @@
 # (string value)
 #instance_uuid_format = "[instance: %(uuid)s] "
 
+# Interval, number of seconds, of log rate limiting. (integer value)
+#rate_limit_interval = 0
+
+# Maximum number of logged messages per rate_limit_interval. (integer
+# value)
+#rate_limit_burst = 0
+
+# Log level name used by rate limiting: CRITICAL, ERROR, INFO,
+# WARNING, DEBUG or empty string. Logs with level greater or equal to
+# rate_limit_except_level are not filtered. An empty string means that
+# all levels are filtered. (string value)
+#rate_limit_except_level = CRITICAL
+
 # Enables or disables fatal status of deprecations. (boolean value)
 #fatal_deprecations = false
 
@@ -626,7 +639,12 @@
 # The region in which the identity server can be found. (string value)
 #region_name = <None>
 
-# Directory used to cache files related to PKI tokens. (string value)
+# DEPRECATED: Directory used to cache files related to PKI tokens.
+# This option has been deprecated in the Ocata release and will be
+# removed in the P release. (string value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #signing_dir = <None>
 
 # Optionally specify a list of memcached server(s) to use for caching.
@@ -641,11 +659,15 @@
 # value)
 #token_cache_time = 300
 
-# Determines the frequency at which the list of revoked tokens is
-# retrieved from the Identity service (in seconds). A high number of
-# revocation events combined with a low cache duration may
-# significantly reduce performance. Only valid for PKI tokens.
-# (integer value)
+# DEPRECATED: Determines the frequency at which the list of revoked
+# tokens is retrieved from the Identity service (in seconds). A high
+# number of revocation events combined with a low cache duration may
+# significantly reduce performance. Only valid for PKI tokens. This
+# option has been deprecated in the Ocata release and will be removed
+# in the P release. (integer value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #revocation_cache_time = 10
 
 # (Optional) If defined, indicate whether token data should be
@@ -700,20 +722,26 @@
 # binding method that must be present in tokens. (string value)
 #enforce_token_bind = permissive
 
-# If true, the revocation list will be checked for cached tokens. This
-# requires that PKI tokens are configured on the identity server.
-# (boolean value)
+# DEPRECATED: If true, the revocation list will be checked for cached
+# tokens. This requires that PKI tokens are configured on the identity
+# server. (boolean value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #check_revocations_for_cached = false
 
-# Hash algorithms to use for hashing PKI tokens. This may be a single
-# algorithm or multiple. The algorithms are those supported by Python
-# standard hashlib.new(). The hashes will be tried in the order given,
-# so put the preferred one first for performance. The result of the
-# first hash will be stored in the cache. This will typically be set
-# to multiple values only while migrating from a less secure algorithm
-# to a more secure one. Once all the old tokens are expired this
-# option should be set to a single value for better performance. (list
-# value)
+# DEPRECATED: Hash algorithms to use for hashing PKI tokens. This may
+# be a single algorithm or multiple. The algorithms are those
+# supported by Python standard hashlib.new(). The hashes will be tried
+# in the order given, so put the preferred one first for performance.
+# The result of the first hash will be stored in the cache. This will
+# typically be set to multiple values only while migrating from a less
+# secure algorithm to a more secure one. Once all the old tokens are
+# expired this option should be set to a single value for better
+# performance. (list value)
+# This option is deprecated for removal since Ocata.
+# Its value may be silently ignored in the future.
+# Reason: PKI token format is no longer supported.
 #hash_algorithms = md5
 
 # Authentication type to load (string value)