1123 lines
48 KiB
Plaintext
1123 lines
48 KiB
Plaintext
# Andi Chandler <andi@gowling.com>, 2017. #zanata
|
|
# Andi Chandler <andi@gowling.com>, 2018. #zanata
|
|
msgid ""
|
|
msgstr ""
|
|
"Project-Id-Version: Keystone Release Notes\n"
|
|
"Report-Msgid-Bugs-To: \n"
|
|
"POT-Creation-Date: 2018-02-14 07:05+0000\n"
|
|
"MIME-Version: 1.0\n"
|
|
"Content-Type: text/plain; charset=UTF-8\n"
|
|
"Content-Transfer-Encoding: 8bit\n"
|
|
"PO-Revision-Date: 2018-02-03 12:22+0000\n"
|
|
"Last-Translator: Andi Chandler <andi@gowling.com>\n"
|
|
"Language-Team: English (United Kingdom)\n"
|
|
"Language: en-GB\n"
|
|
"X-Generator: Zanata 3.9.6\n"
|
|
"Plural-Forms: nplurals=2; plural=(n != 1)\n"
|
|
|
|
msgid "'/' and ',' are not allowed to be in a tag"
|
|
msgstr "'/' and ',' are not allowed to be in a tag"
|
|
|
|
msgid ""
|
|
"**Experimental** - Domain specific configuration options can be stored in "
|
|
"SQL instead of configuration files, using the new REST APIs."
|
|
msgstr ""
|
|
"**Experimental** - Domain specific configuration options can be stored in "
|
|
"SQL instead of configuration files, using the new REST APIs."
|
|
|
|
msgid ""
|
|
"**Experimental** - Keystone now supports tokenless authorization with X.509 "
|
|
"SSL client certificate."
|
|
msgstr ""
|
|
"**Experimental** - Keystone now supports tokenless authorisation with X.509 "
|
|
"SSL client certificate."
|
|
|
|
msgid "10.0.0"
|
|
msgstr "10.0.0"
|
|
|
|
msgid "10.0.1"
|
|
msgstr "10.0.1"
|
|
|
|
msgid "10.0.3"
|
|
msgstr "10.0.3"
|
|
|
|
msgid "11.0.0"
|
|
msgstr "11.0.0"
|
|
|
|
msgid "11.0.1"
|
|
msgstr "11.0.1"
|
|
|
|
msgid "11.0.3"
|
|
msgstr "11.0.3"
|
|
|
|
msgid "11.0.3-3"
|
|
msgstr "11.0.3-3"
|
|
|
|
msgid "12.0.0"
|
|
msgstr "12.0.0"
|
|
|
|
msgid "13.0.0.0b1"
|
|
msgstr "13.0.0.0b1"
|
|
|
|
msgid "13.0.0.0b2"
|
|
msgstr "13.0.0.0b2"
|
|
|
|
msgid "13.0.0.0b3"
|
|
msgstr "13.0.0.0b3"
|
|
|
|
msgid "8.0.1"
|
|
msgstr "8.0.1"
|
|
|
|
msgid "8.1.0"
|
|
msgstr "8.1.0"
|
|
|
|
msgid "9.0.0"
|
|
msgstr "9.0.0"
|
|
|
|
msgid "9.2.0"
|
|
msgstr "9.2.0"
|
|
|
|
msgid ""
|
|
"A new ``secure_proxy_ssl_header`` configuration option is available when "
|
|
"running keystone behind a proxy."
|
|
msgstr ""
|
|
"A new ``secure_proxy_ssl_header`` configuration option is available when "
|
|
"running keystone behind a proxy."
|
|
|
|
msgid ""
|
|
"A new config option, `insecure_debug`, is added to control whether debug "
|
|
"information is returned to clients. This used to be controlled by the "
|
|
"`debug` option. If you'd like to return extra information to clients set the "
|
|
"value to ``true``. This extra information may help an attacker."
|
|
msgstr ""
|
|
"A new config option, `insecure_debug`, is added to control whether debug "
|
|
"information is returned to clients. This used to be controlled by the "
|
|
"`debug` option. If you'd like to return extra information to clients set the "
|
|
"value to ``true``. This extra information may help an attacker."
|
|
|
|
msgid ""
|
|
"Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
|
|
"issued tokens to validation cache thus reducing the first validation time as "
|
|
"if token is already validated and token data cached."
|
|
msgstr ""
|
|
"Add ``cache_on_issue`` flag to ``[token]`` section that enables placing "
|
|
"issued tokens to validation cache thus reducing the first validation time as "
|
|
"if token is already validated and token data cached."
|
|
|
|
msgid ""
|
|
"Add ``keystone-manage mapping_populate`` command, which should be used when "
|
|
"domain-specific LDAP backend is used."
|
|
msgstr ""
|
|
"Add ``keystone-manage mapping_populate`` command, which should be used when "
|
|
"domain-specific LDAP backend is used."
|
|
|
|
msgid ""
|
|
"Add ``keystone-manage mapping_populate`` command. This command will pre-"
|
|
"populate a mapping table with all users from LDAP, in order to improve "
|
|
"future query performance. It should be used when an LDAP is first "
|
|
"configured, or after calling ``keystone-manage mapping_purge``, before any "
|
|
"queries related to the domain are made. For more information see ``keystone-"
|
|
"manage mapping_populate --help``"
|
|
msgstr ""
|
|
"Add ``keystone-manage mapping_populate`` command. This command will pre-"
|
|
"populate a mapping table with all users from LDAP, in order to improve "
|
|
"future query performance. It should be used when an LDAP is first "
|
|
"configured, or after calling ``keystone-manage mapping_purge``, before any "
|
|
"queries related to the domain are made. For more information see ``keystone-"
|
|
"manage mapping_populate --help``"
|
|
|
|
msgid ""
|
|
"Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
|
|
"allow a user to check the status of rolling upgrades in the database."
|
|
msgstr ""
|
|
"Added an option ``--check`` to ``keystone-manage db_sync``, the option will "
|
|
"allow a user to check the status of rolling upgrades in the database."
|
|
|
|
msgid ""
|
|
"Adjust configuration tools as necessary, see the ``fixes`` section for more "
|
|
"details on this change."
|
|
msgstr ""
|
|
"Adjust configuration tools as necessary, see the ``fixes`` section for more "
|
|
"details on this change."
|
|
|
|
msgid ""
|
|
"Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
|
|
"methods`` option are ignored when the rules are processed. Empty rules are "
|
|
"not allowed. If a rule is empty due to no-valid auth methods existing within "
|
|
"it, the rule is discarded at authentication time. If there are no rules or "
|
|
"no valid rules for the user, authentication occurs in the default manner: "
|
|
"any single configured auth method is sufficient to receive a token."
|
|
msgstr ""
|
|
"Any auth methods that are not defined in ``keystone.conf`` in the ``[auth] "
|
|
"methods`` option are ignored when the rules are processed. Empty rules are "
|
|
"not allowed. If a rule is empty due to no-valid auth methods existing within "
|
|
"it, the rule is discarded at authentication time. If there are no rules or "
|
|
"no valid rules for the user, authentication occurs in the default manner: "
|
|
"any single configured auth method is sufficient to receive a token."
|
|
|
|
msgid "Bug Fixes"
|
|
msgstr "Bug Fixes"
|
|
|
|
msgid ""
|
|
"Certain deprecated methods from the assignment manager were removed in favor "
|
|
"of the same methods in the [resource] and [role] manager."
|
|
msgstr ""
|
|
"Certain deprecated methods from the assignment manager were removed in "
|
|
"favour of the same methods in the [resource] and [role] manager."
|
|
|
|
msgid ""
|
|
"Certain variables in ``keystone.conf`` now have options, which determine if "
|
|
"the user's setting is valid."
|
|
msgstr ""
|
|
"Certain variables in ``keystone.conf`` now have options, which determine if "
|
|
"the user's setting is valid."
|
|
|
|
msgid "Configuring per-Identity Provider WebSSO is now supported."
|
|
msgstr "Configuring per-Identity Provider WebSSO is now supported."
|
|
|
|
msgid "Critical Issues"
|
|
msgstr "Critical Issues"
|
|
|
|
msgid "Current Series Release Notes"
|
|
msgstr "Current Series Release Notes"
|
|
|
|
msgid "Deprecation Notes"
|
|
msgstr "Deprecation Notes"
|
|
|
|
msgid ""
|
|
"Domain name information can now be used in policy rules with the attribute "
|
|
"``domain_name``."
|
|
msgstr ""
|
|
"Domain name information can now be used in policy rules with the attribute "
|
|
"``domain_name``."
|
|
|
|
msgid ""
|
|
"Domains are now represented as top level projects with the attribute "
|
|
"`is_domain` set to true. Such projects will appear as parents for any "
|
|
"previous top level projects. Projects acting as domains can be created, "
|
|
"read, updated, and deleted via either the project API or the domain API (V3 "
|
|
"only)."
|
|
msgstr ""
|
|
"Domains are now represented as top level projects with the attribute "
|
|
"`is_domain` set to true. Such projects will appear as parents for any "
|
|
"previous top level projects. Projects acting as domains can be created, "
|
|
"read, updated, and deleted via either the project API or the domain API (V3 "
|
|
"only)."
|
|
|
|
msgid ""
|
|
"Each list of methods specifies a rule. If the auth methods provided by a "
|
|
"user match (or exceed) the auth methods in the list, that rule is used. The "
|
|
"first rule found (rules will not be processed in a specific order) that "
|
|
"matches will be used. If a user has the ruleset defined as ``[[\"password\", "
|
|
"\"totp\"]]`` the user must provide both password and totp auth methods (and "
|
|
"both methods must succeed) to receive a token. However, if a user has a "
|
|
"ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
|
|
"may use the ``password`` method on it's own but would be required to use "
|
|
"both ``password`` and ``totp`` if ``totp`` is specified at all."
|
|
msgstr ""
|
|
"Each list of methods specifies a rule. If the auth methods provided by a "
|
|
"user match (or exceed) the auth methods in the list, that rule is used. The "
|
|
"first rule found (rules will not be processed in a specific order) that "
|
|
"matches will be used. If a user has the ruleset defined as ``[[\"password\", "
|
|
"\"totp\"]]`` the user must provide both password and totp auth methods (and "
|
|
"both methods must succeed) to receive a token. However, if a user has a "
|
|
"ruleset defined as ``[[\"password\"], [\"password\", \"totp\"]]`` the user "
|
|
"may use the ``password`` method on it's own but would be required to use "
|
|
"both ``password`` and ``totp`` if ``totp`` is specified at all."
|
|
|
|
msgid "Each project can have up to 100 tags"
|
|
msgstr "Each project can have up to 100 tags"
|
|
|
|
msgid "Each tag can be up to 255 characters"
|
|
msgstr "Each tag can be up to 255 characters"
|
|
|
|
msgid ""
|
|
"Features that were \"extensions\" in previous releases (OAuth delegation, "
|
|
"Federated Identity support, Endpoint Policy, etc) are now enabled by default."
|
|
msgstr ""
|
|
"Features that were \"extensions\" in previous releases (OAuth delegation, "
|
|
"Federated Identity support, Endpoint Policy, etc) are now enabled by default."
|
|
|
|
msgid ""
|
|
"Fixes a bug related to the password create date. If you deployed master "
|
|
"during Newton development, the password create date may be reset. This would "
|
|
"only be apparent if you have security compliance features enabled."
|
|
msgstr ""
|
|
"Fixes a bug related to the password create date. If you deployed master "
|
|
"during Newton development, the password create date may be reset. This would "
|
|
"only be apparent if you have security compliance features enabled."
|
|
|
|
msgid ""
|
|
"For additional details see: `event notifications <See https://docs.openstack."
|
|
"org/developer/keystone/event_notifications.html>`_"
|
|
msgstr ""
|
|
"For additional details see: `event notifications <See https://docs.openstack."
|
|
"org/developer/keystone/event_notifications.html>`_"
|
|
|
|
msgid ""
|
|
"If PCI support is enabled, via the ``[security_compliance]`` configuration "
|
|
"options, then the ``password_expires_at`` field will be populated with a "
|
|
"timestamp. Otherwise, it will default to ``null``, indicating the password "
|
|
"does not expire."
|
|
msgstr ""
|
|
"If PCI support is enabled, via the ``[security_compliance]`` configuration "
|
|
"options, then the ``password_expires_at`` field will be populated with a "
|
|
"timestamp. Otherwise, it will default to ``null``, indicating the password "
|
|
"does not expire."
|
|
|
|
msgid ""
|
|
"If a password does not meet the specified criteria. See "
|
|
"``[security_compliance] password_regex``."
|
|
msgstr ""
|
|
"If a password does not meet the specified criteria. See "
|
|
"``[security_compliance] password_regex``."
|
|
|
|
msgid ""
|
|
"If a user attempts to change their password too often. See "
|
|
"``[security_compliance] minimum_password_age``."
|
|
msgstr ""
|
|
"If a user attempts to change their password too often. See "
|
|
"``[security_compliance] minimum_password_age``."
|
|
|
|
msgid ""
|
|
"If a user does not change their passwords at least once every X days. See "
|
|
"``[security_compliance] password_expires_days``."
|
|
msgstr ""
|
|
"If a user does not change their passwords at least once every X days. See "
|
|
"``[security_compliance] password_expires_days``."
|
|
|
|
msgid ""
|
|
"If a user is locked out after many failed authentication attempts. See "
|
|
"``[security_compliance] lockout_failure_attempts``."
|
|
msgstr ""
|
|
"If a user is locked out after many failed authentication attempts. See "
|
|
"``[security_compliance] lockout_failure_attempts``."
|
|
|
|
msgid ""
|
|
"If a user submits a new password that was recently used. See "
|
|
"``[security_compliance] unique_last_password_count``."
|
|
msgstr ""
|
|
"If a user submits a new password that was recently used. See "
|
|
"``[security_compliance] unique_last_password_count``."
|
|
|
|
msgid ""
|
|
"If performing rolling upgrades, set `[identity] "
|
|
"rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
|
|
"to continue to hash passwords in a manner that older (pre Pike release) "
|
|
"keystones can still verify passwords. Once all upgrades are complete, ensure "
|
|
"this option is set back to `False`."
|
|
msgstr ""
|
|
"If performing rolling upgrades, set `[identity] "
|
|
"rolling_upgrade_password_hash_compat` to `True`. This will instruct keystone "
|
|
"to continue to hash passwords in a manner that older (pre Pike release) "
|
|
"keystones can still verify passwords. Once all upgrades are complete, ensure "
|
|
"this option is set back to `False`."
|
|
|
|
msgid ""
|
|
"In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
|
|
"favor of the \"use\" directive, specifying an entrypoint."
|
|
msgstr ""
|
|
"In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in "
|
|
"favour of the \"use\" directive, specifying an entrypoint."
|
|
|
|
msgid ""
|
|
"In the [resource] and [role] sections of the ``keystone.conf`` file, not "
|
|
"specifying the driver and using the assignment driver is deprecated. In the "
|
|
"Mitaka release, the resource and role drivers will default to the SQL driver."
|
|
msgstr ""
|
|
"In the [resource] and [role] sections of the ``keystone.conf`` file, not "
|
|
"specifying the driver and using the assignment driver is deprecated. In the "
|
|
"Mitaka release, the resource and role drivers will default to the SQL driver."
|
|
|
|
msgid ""
|
|
"In the case a user should be exempt from MFA Rules, regardless if they are "
|
|
"set, the User-Option ``multi_factor_auth_enabled`` may be set to ``False`` "
|
|
"for that user via the user create and update API (``POST/PATCH /v3/users``) "
|
|
"call. If this option is set to ``False`` the MFA rules will be ignored for "
|
|
"the user. Any other value except ``False`` will result in the MFA Rules "
|
|
"being processed; the option can only be a boolean (``True`` or ``False``) or "
|
|
"\"None\" (which will result in the default behavior (same as ``True``) but "
|
|
"the option will no longer be shown in the ``user[\"options\"]`` dictionary."
|
|
msgstr ""
|
|
"In the case a user should be exempt from MFA Rules, regardless if they are "
|
|
"set, the User-Option ``multi_factor_auth_enabled`` may be set to ``False`` "
|
|
"for that user via the user create and update API (``POST/PATCH /v3/users``) "
|
|
"call. If this option is set to ``False`` the MFA rules will be ignored for "
|
|
"the user. Any other value except ``False`` will result in the MFA Rules "
|
|
"being processed; the option can only be a boolean (``True`` or ``False``) or "
|
|
"\"None\" (which will result in the default behaviour (same as ``True``) but "
|
|
"the option will no longer be shown in the ``user[\"options\"]`` dictionary."
|
|
|
|
msgid ""
|
|
"In the policy.json file, we changed `identity:list_projects_for_groups` to "
|
|
"`identity:list_projects_for_user`. Likewise, we changed `identity:"
|
|
"list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
|
|
"customized the policy.json file, you will need to make these changes. This "
|
|
"was done to better support new features around federation."
|
|
msgstr ""
|
|
"In the policy.json file, we changed `identity:list_projects_for_groups` to "
|
|
"`identity:list_projects_for_user`. Likewise, we changed `identity:"
|
|
"list_domains_for_groups` to `identity:list_domains_for_user`. If you have "
|
|
"customized the policy.json file, you will need to make these changes. This "
|
|
"was done to better support new features around federation."
|
|
|
|
msgid ""
|
|
"It is recommended to have the ``healthcheck`` middleware first in the "
|
|
"pipeline::"
|
|
msgstr ""
|
|
"It is recommended to have the ``healthcheck`` middleware first in the "
|
|
"pipeline::"
|
|
|
|
msgid "Keystone Release Notes"
|
|
msgstr "Keystone Release Notes"
|
|
|
|
msgid ""
|
|
"Keystone cache backends have been removed in favor of their `oslo.cache` "
|
|
"counter-part. This affects:"
|
|
msgstr ""
|
|
"Keystone cache backends have been removed in favour of their `oslo.cache` "
|
|
"counter-part. This affects:"
|
|
|
|
msgid ""
|
|
"Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
|
|
"a fork of python-ldap and is a drop-in replacement with modifications to be "
|
|
"py3 compatible."
|
|
msgstr ""
|
|
"Keystone now relies on pyldap instead of python-ldap. The pyldap library is "
|
|
"a fork of python-ldap and is a drop-in replacement with modifications to be "
|
|
"py3 compatible."
|
|
|
|
msgid ""
|
|
"Keystone now supports authorizing a request token by providing a role name. "
|
|
"A `role` in the `roles` parameter can include either a role name or role id, "
|
|
"but not both."
|
|
msgstr ""
|
|
"Keystone now supports authorising a request token by providing a role name. "
|
|
"A `role` in the `roles` parameter can include either a role name or role id, "
|
|
"but not both."
|
|
|
|
msgid ""
|
|
"Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
|
|
"classifiers have been added."
|
|
msgstr ""
|
|
"Keystone now supports being run under Python 3. The Python 3 and Python 3.4 "
|
|
"classifiers have been added."
|
|
|
|
msgid ""
|
|
"Keystone now supports encrypted credentials at rest. In order to upgrade "
|
|
"successfully to Newton, deployers must encrypt all credentials currently "
|
|
"stored before contracting the database. Deployers must run `keystone-manage "
|
|
"credential_setup` in order to use the credential API within Newton, or "
|
|
"finish the upgrade from Mitaka to Newton. This will result in a service "
|
|
"outage for the credential API where credentials will be read-only for the "
|
|
"duration of the upgrade process. Once the database is contracted credentials "
|
|
"will be writeable again. Database contraction phases only apply to rolling "
|
|
"upgrades."
|
|
msgstr ""
|
|
"Keystone now supports encrypted credentials at rest. In order to upgrade "
|
|
"successfully to Newton, deployers must encrypt all credentials currently "
|
|
"stored before contracting the database. Deployers must run `keystone-manage "
|
|
"credential_setup` in order to use the credential API within Newton, or "
|
|
"finish the upgrade from Mitaka to Newton. This will result in a service "
|
|
"outage for the credential API where credentials will be read-only for the "
|
|
"duration of the upgrade process. Once the database is contracted credentials "
|
|
"will be writeable again. Database contraction phases only apply to rolling "
|
|
"upgrades."
|
|
|
|
msgid ""
|
|
"Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
|
|
"conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
|
|
"``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
|
|
"See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
|
|
"additional documentation."
|
|
msgstr ""
|
|
"Keystone now uses oslo.cache. Update the `[cache]` section of `keystone."
|
|
"conf` to point to oslo.cache backends: ``oslo_cache.memcache_pool`` or "
|
|
"``oslo_cache.mongo``. Refer to the sample configuration file for examples. "
|
|
"See `oslo.cache <http://docs.openstack.org/developer/oslo.cache>`_ for "
|
|
"additional documentation."
|
|
|
|
msgid ""
|
|
"Keystone supports ``$(project_id)s`` in the catalog. It works the same as ``"
|
|
"$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalog "
|
|
"endpoints should be updated to use ``$(project_id)s``."
|
|
msgstr ""
|
|
"Keystone supports ``$(project_id)s`` in the catalogue. It works the same as "
|
|
"``$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalogue "
|
|
"endpoints should be updated to use ``$(project_id)s``."
|
|
|
|
msgid "Liberty Series Release Notes"
|
|
msgstr "Liberty Series Release Notes"
|
|
|
|
msgid "Mitaka Series Release Notes"
|
|
msgstr "Mitaka Series Release Notes"
|
|
|
|
msgid "New Features"
|
|
msgstr "New Features"
|
|
|
|
msgid "Newton Series Release Notes"
|
|
msgstr "Newton Series Release Notes"
|
|
|
|
msgid ""
|
|
"Not specifying a domain during a create user, group or project call, which "
|
|
"relied on falling back to the default domain, is now deprecated and will be "
|
|
"removed in the N release."
|
|
msgstr ""
|
|
"Not specifying a domain during a create user, group or project call, which "
|
|
"relied on falling back to the default domain, is now deprecated and will be "
|
|
"removed in the N release."
|
|
|
|
msgid ""
|
|
"OSprofiler support was added. This cross-project profiling library allows to "
|
|
"trace various requests through all OpenStack services that support it. To "
|
|
"initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
|
|
"added to the CLI command. Configuration and usage details can be foung in "
|
|
"[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
|
|
"api.html>`_]"
|
|
msgstr ""
|
|
"OSprofiler support was added. This cross-project profiling library allows to "
|
|
"trace various requests through all OpenStack services that support it. To "
|
|
"initiate OpenStack request tracing `--profile <HMAC_KEY>` option needs to be "
|
|
"added to the CLI command. Configuration and usage details can be foung in "
|
|
"[`OSProfiler documentation <http://docs.openstack.org/developer/osprofiler/"
|
|
"api.html>`_]"
|
|
|
|
msgid ""
|
|
"OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
|
|
"file needs to be modified to contain osprofiler middleware."
|
|
msgstr ""
|
|
"OSprofiler support was introduced. To allow its usage the keystone-paste.ini "
|
|
"file needs to be modified to contain osprofiler middleware."
|
|
|
|
msgid "Ocata Series Release Notes"
|
|
msgstr "Ocata Series Release Notes"
|
|
|
|
msgid "Other Notes"
|
|
msgstr "Other Notes"
|
|
|
|
msgid "PKI and PKIz token formats have been removed in favor of Fernet tokens."
|
|
msgstr ""
|
|
"PKI and PKIz token formats have been removed in favour of Fernet tokens."
|
|
|
|
msgid "Pike Series Release Notes"
|
|
msgstr "Pike Series Release Notes"
|
|
|
|
msgid "Prelude"
|
|
msgstr "Prelude"
|
|
|
|
msgid ""
|
|
"Project tags are implemented following the guidelines set by the `API "
|
|
"Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
|
|
"html>`_"
|
|
msgstr ""
|
|
"Project tags are implemented following the guidelines set by the `API "
|
|
"Working Group <https://specs.openstack.org/openstack/api-wg/guidelines/tags."
|
|
"html>`_"
|
|
|
|
msgid ""
|
|
"Routes and SQL backends for the contrib extensions have been removed, they "
|
|
"have been incorporated into keystone and are no longer optional. This "
|
|
"affects:"
|
|
msgstr ""
|
|
"Routes and SQL backends for the contrib extensions have been removed, they "
|
|
"have been incorporated into Keystone and are no longer optional. This "
|
|
"affects:"
|
|
|
|
msgid ""
|
|
"Running keystone in eventlet remains deprecated and will be removed in the "
|
|
"Mitaka release."
|
|
msgstr ""
|
|
"Running Keystone in eventlet remains deprecated and will be removed in the "
|
|
"Mitaka release."
|
|
|
|
msgid ""
|
|
"SECURITY INFO: The MFA rules are only processed when authentication happens "
|
|
"through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
|
|
"circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
|
|
"recommended to disable V2 authentication for full enforcement of the MFA "
|
|
"rules."
|
|
msgstr ""
|
|
"SECURITY INFO: The MFA rules are only processed when authentication happens "
|
|
"through the V3 authentication APIs. If V2 Auth is enabled it is possible to "
|
|
"circumvent the MFA rules if the user can authenticate via V2 Auth API. It is "
|
|
"recommended to disable V2 authentication for full enforcement of the MFA "
|
|
"rules."
|
|
|
|
msgid ""
|
|
"Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
|
|
"Only upgrades are supported."
|
|
msgstr ""
|
|
"Schema downgrades via ``keystone-manage db_sync`` are no longer supported. "
|
|
"Only upgrades are supported."
|
|
|
|
msgid "Security Issues"
|
|
msgstr "Security Issues"
|
|
|
|
msgid ""
|
|
"See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
|
|
"#project-tags>`_"
|
|
msgstr ""
|
|
"See `Project Tags <https://developer.openstack.org/api-ref/identity/v3/"
|
|
"#project-tags>`_"
|
|
|
|
msgid ""
|
|
"Set the following user attributes to ``True`` or ``False`` in an API "
|
|
"request. To mark a user as exempt from the PCI password lockout policy::"
|
|
msgstr ""
|
|
"Set the following user attributes to ``True`` or ``False`` in an API "
|
|
"request. To mark a user as exempt from the PCI password lockout policy::"
|
|
|
|
msgid ""
|
|
"Several configuration options have been deprecated, renamed, or moved to new "
|
|
"sections in the ``keystone.conf`` file."
|
|
msgstr ""
|
|
"Several configuration options have been deprecated, renamed, or moved to new "
|
|
"sections in the ``keystone.conf`` file."
|
|
|
|
msgid ""
|
|
"Several features were hardened, including Fernet tokens, federation, domain "
|
|
"specific configurations from database and role assignments."
|
|
msgstr ""
|
|
"Several features were hardened, including Fernet tokens, federation, domain "
|
|
"specific configurations from database and role assignments."
|
|
|
|
msgid ""
|
|
"Several token issuance methods from the abstract class ``keystone.token."
|
|
"providers.base.Provider`` were removed (see below) in favor of a single "
|
|
"method to issue tokens (``issue_token``). If using a custom token provider, "
|
|
"updated the custom provider accordingly."
|
|
msgstr ""
|
|
"Several token issuance methods from the abstract class ``keystone.token."
|
|
"providers.base.Provider`` were removed (see below) in favour of a single "
|
|
"method to issue tokens (``issue_token``). If using a custom token provider, "
|
|
"updated the custom provider accordingly."
|
|
|
|
msgid ""
|
|
"Several token validation methods from the abstract class ``keystone.token."
|
|
"providers.base.Provider`` were removed (see below) in favor of a single "
|
|
"method to validate tokens (``validate_token``), that has the signature "
|
|
"``validate_token(self, token_ref)``. If using a custom token provider, "
|
|
"update the custom provider accordingly."
|
|
msgstr ""
|
|
"Several token validation methods from the abstract class ``keystone.token."
|
|
"providers.base.Provider`` were removed (see below) in favour of a single "
|
|
"method to validate tokens (``validate_token``), that has the signature "
|
|
"``validate_token(self, token_ref)``. If using a custom token provider, "
|
|
"update the custom provider accordingly."
|
|
|
|
msgid ""
|
|
"Support for writing to LDAP has been removed. See ``Other Notes`` for more "
|
|
"details."
|
|
msgstr ""
|
|
"Support for writing to LDAP has been removed. See ``Other Notes`` for more "
|
|
"details."
|
|
|
|
msgid ""
|
|
"Support has now been added to send notification events on user/group "
|
|
"membership. When a user is added or removed from a group a notification will "
|
|
"be sent including the identifiers of both the user and the group."
|
|
msgstr ""
|
|
"Support has now been added to send notification events on user/group "
|
|
"membership. When a user is added or removed from a group a notification will "
|
|
"be sent including the identifiers of both the user and the group."
|
|
|
|
msgid ""
|
|
"Support was improved for out-of-tree drivers by defining stable driver "
|
|
"interfaces."
|
|
msgstr ""
|
|
"Support was improved for out-of-tree drivers by defining stable driver "
|
|
"interfaces."
|
|
|
|
msgid "Tags are case sensitive"
|
|
msgstr "Tags are case sensitive"
|
|
|
|
msgid ""
|
|
"The EC2 token middleware, deprecated in Juno, is no longer available in "
|
|
"keystone. It has been moved to the keystonemiddleware package."
|
|
msgstr ""
|
|
"The EC2 token middleware, deprecated in Juno, is no longer available in "
|
|
"Keystone. It has been moved to the keystonemiddleware package."
|
|
|
|
msgid ""
|
|
"The LDAP driver now also maps the user description attribute after user "
|
|
"retrieval from LDAP. If this is undesired behavior for your setup, please "
|
|
"add `description` to the `user_attribute_ignore` LDAP driver config setting. "
|
|
"The default mapping of the description attribute is set to `description`. "
|
|
"Please adjust the LDAP driver config setting `user_description_attribute` if "
|
|
"your LDAP uses a different attribute name (for instance to `displayName` in "
|
|
"case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
|
|
"setting contains `description:description` you can remove this mapping, "
|
|
"since this is now the default behavior."
|
|
msgstr ""
|
|
"The LDAP driver now also maps the user description attribute after user "
|
|
"retrieval from LDAP. If this is undesired behaviour for your setup, please "
|
|
"add `description` to the `user_attribute_ignore` LDAP driver config setting. "
|
|
"The default mapping of the description attribute is set to `description`. "
|
|
"Please adjust the LDAP driver config setting `user_description_attribute` if "
|
|
"your LDAP uses a different attribute name (for instance to `displayName` in "
|
|
"case of an AD backed LDAP). If your `user_additional_attribute_mapping` "
|
|
"setting contains `description:description` you can remove this mapping, "
|
|
"since this is now the default behaviour."
|
|
|
|
msgid ""
|
|
"The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
|
|
"users``) call; the options allow an admin to force a user to use specific "
|
|
"forms of authentication or combinations of forms of authentication to get a "
|
|
"token. The rules are specified as follows::"
|
|
msgstr ""
|
|
"The MFA rules are set via the user create and update API (``POST/PATCH /v3/"
|
|
"users``) call; the options allow an admin to force a user to use specific "
|
|
"forms of authentication or combinations of forms of authentication to get a "
|
|
"token. The rules are specified as follows::"
|
|
|
|
msgid ""
|
|
"The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
|
|
"details."
|
|
msgstr ""
|
|
"The PKI and PKIz token format has been removed. See ``Other Notes`` for more "
|
|
"details."
|
|
|
|
msgid ""
|
|
"The V8 Federation driver interface is deprecated in favor of the V9 "
|
|
"Federation driver interface. Support for the V8 Federation driver interface "
|
|
"is planned to be removed in the 'O' release of OpenStack."
|
|
msgstr ""
|
|
"The V8 Federation driver interface is deprecated in favour of the V9 "
|
|
"Federation driver interface. Support for the V8 Federation driver interface "
|
|
"is planned to be removed in the 'O' release of OpenStack."
|
|
|
|
msgid ""
|
|
"The V8 Resource driver interface is deprecated. Support for the V8 Resource "
|
|
"driver interface is planned to be removed in the 'O' release of OpenStack."
|
|
msgstr ""
|
|
"The V8 Resource driver interface is deprecated. Support for the V8 Resource "
|
|
"driver interface is planned to be removed in the 'O' release of OpenStack."
|
|
|
|
msgid ""
|
|
"The XML middleware stub has been removed, so references to it must be "
|
|
"removed from the ``keystone-paste.ini`` configuration file."
|
|
msgstr ""
|
|
"The XML middleware stub has been removed, so references to it must be "
|
|
"removed from the ``keystone-paste.ini`` configuration file."
|
|
|
|
msgid ""
|
|
"The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
|
|
"deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
|
|
"APIs. These APIs were originally marked as deprecated during the Juno "
|
|
"release cycle, but we never deprecated using ``versionutils`` from oslo. "
|
|
"More information regarding this deprecation can be found in the `patch "
|
|
"<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
|
|
msgstr ""
|
|
"The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are "
|
|
"deprecated in favour of the ``/v3/auth/projects`` and ``/v3/auth/domains`` "
|
|
"APIs. These APIs were originally marked as deprecated during the Juno "
|
|
"release cycle, but we never deprecated using ``versionutils`` from oslo. "
|
|
"More information regarding this deprecation can be found in the `patch "
|
|
"<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation."
|
|
|
|
msgid ""
|
|
"The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
|
|
"in favor of strictly immutable domain IDs."
|
|
msgstr ""
|
|
"The ``[DEFAULT] domain_id_immutable`` configuration option has been removed "
|
|
"in favour of strictly immutable domain IDs."
|
|
|
|
msgid ""
|
|
"The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
|
|
"the ability to change the ``domain_id`` attribute of users, groups, and "
|
|
"projects. The behavior was introduced to allow deployers to migrate entities "
|
|
"from one domain to another by updating the ``domain_id`` attribute of an "
|
|
"entity. This functionality was deprecated in the Mitaka release is now "
|
|
"removed."
|
|
msgstr ""
|
|
"The ``[DEFAULT] domain_id_immutable`` option has been removed. This removes "
|
|
"the ability to change the ``domain_id`` attribute of users, groups, and "
|
|
"projects. The behaviour was introduced to allow deployers to migrate "
|
|
"entities from one domain to another by updating the ``domain_id`` attribute "
|
|
"of an entity. This functionality was deprecated in the Mitaka release is now "
|
|
"removed."
|
|
|
|
msgid ""
|
|
"The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
|
|
"default assignment driver if one wasn't supplied through configuration has "
|
|
"been removed. Keystone only supports one assignment driver and it shouldn't "
|
|
"be changed unless you're deploying a custom assignment driver."
|
|
msgstr ""
|
|
"The ``[assignment] driver`` now defaults to ``sql``. Logic to determine the "
|
|
"default assignment driver if one wasn't supplied through configuration has "
|
|
"been removed. Keystone only supports one assignment driver and it shouldn't "
|
|
"be changed unless you're deploying a custom assignment driver."
|
|
|
|
msgid ""
|
|
"The ``[endpoint_policy] enabled`` configuration option has been removed in "
|
|
"favor of always enabling the endpoint policy extension."
|
|
msgstr ""
|
|
"The ``[endpoint_policy] enabled`` configuration option has been removed in "
|
|
"favour of always enabling the endpoint policy extension."
|
|
|
|
msgid ""
|
|
"The ``[os_inherit] enabled`` config option has been removed, the `OS-"
|
|
"INHERIT` extension is now always enabled."
|
|
msgstr ""
|
|
"The ``[os_inherit] enabled`` config option has been removed, the `OS-"
|
|
"INHERIT` extension is now always enabled."
|
|
|
|
msgid ""
|
|
"The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
|
|
"default resource driver if one wasn't supplied through configuration has "
|
|
"been removed. Keystone only supports one resource driver and it shouldn't be "
|
|
"changed unless you're deploying a custom resource driver."
|
|
msgstr ""
|
|
"The ``[resource] driver`` now defaults to ``sql``. Logic to determine the "
|
|
"default resource driver if one wasn't supplied through configuration has "
|
|
"been removed. Keystone only supports one resource driver and it shouldn't be "
|
|
"changed unless you're deploying a custom resource driver."
|
|
|
|
msgid ""
|
|
"The ``[security_compliance] password_expires_ignore_user_ids`` option has "
|
|
"been removed. Each user that should ignore password expiry should have the "
|
|
"value set to \"true\" in the user's ``options`` attribute (e.g. "
|
|
"``user['options']['ignore_password_expiry'] = True``) with a user update "
|
|
"call."
|
|
msgstr ""
|
|
"The ``[security_compliance] password_expires_ignore_user_ids`` option has "
|
|
"been removed. Each user that should ignore password expiry should have the "
|
|
"value set to \"true\" in the user's ``options`` attribute (e.g. "
|
|
"``user['options']['ignore_password_expiry'] = True``) with a user update "
|
|
"call."
|
|
|
|
msgid ""
|
|
"The ``compute_port`` configuration option, deprecated in Juno, is no longer "
|
|
"available."
|
|
msgstr ""
|
|
"The ``compute_port`` configuration option, deprecated in Juno, is no longer "
|
|
"available."
|
|
|
|
msgid ""
|
|
"The ``enabled`` config option of the ``trust`` feature is deprecated and "
|
|
"will be removed in the next release. Trusts will then always be enabled."
|
|
msgstr ""
|
|
"The ``enabled`` config option of the ``trust`` feature is deprecated and "
|
|
"will be removed in the next release. Trusts will then always be enabled."
|
|
|
|
msgid ""
|
|
"The ``httpd/keystone.py`` file has been removed in favor of the ``keystone-"
|
|
"wsgi-admin`` and ``keystone-wsgi-public`` scripts."
|
|
msgstr ""
|
|
"The ``httpd/keystone.py`` file has been removed in favour of the ``keystone-"
|
|
"wsgi-admin`` and ``keystone-wsgi-public`` scripts."
|
|
|
|
msgid ""
|
|
"The ``keystone.conf`` file now references entrypoint names for drivers. For "
|
|
"example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
|
|
"rather than the full module path. See the sample configuration file for "
|
|
"other examples."
|
|
msgstr ""
|
|
"The ``keystone.conf`` file now references entrypoint names for drivers. For "
|
|
"example, the drivers are now specified as \"sql\", \"ldap\", \"uuid\", "
|
|
"rather than the full module path. See the sample configuration file for "
|
|
"other examples."
|
|
|
|
msgid ""
|
|
"The ``keystone/service.py`` file has been removed, the logic has been moved "
|
|
"to the ``keystone/version/service.py``."
|
|
msgstr ""
|
|
"The ``keystone/service.py`` file has been removed, the logic has been moved "
|
|
"to the ``keystone/version/service.py``."
|
|
|
|
msgid ""
|
|
"The ``memcache`` and ``memcache_pool`` token persistence backends have been "
|
|
"removed in favor of using Fernet tokens (which require no persistence)."
|
|
msgstr ""
|
|
"The ``memcache`` and ``memcache_pool`` token persistence backends have been "
|
|
"removed in favour of using Fernet tokens (which require no persistence)."
|
|
|
|
msgid ""
|
|
"The ``policies`` API is deprecated. Keystone is not a policy management "
|
|
"service."
|
|
msgstr ""
|
|
"The ``policies`` API is deprecated. Keystone is not a policy management "
|
|
"service."
|
|
|
|
msgid ""
|
|
"The ``token`` auth method typically should not be specified in any MFA "
|
|
"Rules. The ``token`` auth method will include all previous auth methods for "
|
|
"the original auth request and will match the appropriate ruleset. This is "
|
|
"intentional, as the ``token`` method is used for rescoping/changing active "
|
|
"projects."
|
|
msgstr ""
|
|
"The ``token`` auth method typically should not be specified in any MFA "
|
|
"Rules. The ``token`` auth method will include all previous auth methods for "
|
|
"the original auth request and will match the appropriate ruleset. This is "
|
|
"intentional, as the ``token`` method is used for rescoping/changing active "
|
|
"projects."
|
|
|
|
msgid ""
|
|
"The `keystone-paste.ini` file must be updated to remove extension filters, "
|
|
"and their use in ``[pipeline:api_v3]``. Remove the following filters: "
|
|
"``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
|
|
"endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
|
|
"sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
|
|
"keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
|
|
msgstr ""
|
|
"The `keystone-paste.ini` file must be updated to remove extension filters, "
|
|
"and their use in ``[pipeline:api_v3]``. Remove the following filters: "
|
|
"``[filter:oauth1_extension]``, ``[filter:federation_extension]``, ``[filter:"
|
|
"endpoint_filter_extension]``, and ``[filter:revoke_extension]``. See the "
|
|
"sample `keystone-paste.ini <https://git.openstack.org/cgit/openstack/"
|
|
"keystone/tree/etc/keystone-paste.ini>`_ file for guidance."
|
|
|
|
msgid ""
|
|
"The `keystone-paste.ini` file must be updated to remove extension filters, "
|
|
"and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
|
|
"pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
|
|
"``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
|
|
"openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
|
|
"for guidance."
|
|
msgstr ""
|
|
"The `keystone-paste.ini` file must be updated to remove extension filters, "
|
|
"and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` "
|
|
"pipelines. Remove the following filters: ``[filter:user_crud_extension]``, "
|
|
"``[filter:crud_extension]``. See the sample `keystone-paste.ini <https://git."
|
|
"openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_ file "
|
|
"for guidance."
|
|
|
|
msgid ""
|
|
"The `os_inherit` configuration option is disabled. In the future, this "
|
|
"option will be removed and this portion of the API will be always enabled."
|
|
msgstr ""
|
|
"The `os_inherit` configuration option is disabled. In the future, this "
|
|
"option will be removed and this portion of the API will be always enabled."
|
|
|
|
msgid ""
|
|
"The ability to validate a trust-scoped token against the v2.0 API has been "
|
|
"removed, in favor of using the version 3 of the API."
|
|
msgstr ""
|
|
"The ability to validate a trust-scoped token against the v2.0 API has been "
|
|
"removed, in favour of using the version 3 of the API."
|
|
|
|
msgid ""
|
|
"The admin_token method of authentication was never intended to be used for "
|
|
"any purpose other than bootstrapping an install. However many deployments "
|
|
"had to leave the admin_token method enabled due to restrictions on editing "
|
|
"the paste file used to configure the web pipelines. To minimize the risk "
|
|
"from this mechanism, the `admin_token` configuration value now defaults to a "
|
|
"python `None` value. In addition, if the value is set to `None`, either "
|
|
"explicitly or implicitly, the `admin_token` will not be enabled, and an "
|
|
"attempt to use it will lead to a failed authentication."
|
|
msgstr ""
|
|
"The admin_token method of authentication was never intended to be used for "
|
|
"any purpose other than bootstrapping an install. However many deployments "
|
|
"had to leave the admin_token method enabled due to restrictions on editing "
|
|
"the paste file used to configure the web pipelines. To minimize the risk "
|
|
"from this mechanism, the `admin_token` configuration value now defaults to a "
|
|
"python `None` value. In addition, if the value is set to `None`, either "
|
|
"explicitly or implicitly, the `admin_token` will not be enabled, and an "
|
|
"attempt to use it will lead to a failed authentication."
|
|
|
|
msgid ""
|
|
"The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
|
|
"favor of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
|
|
msgstr ""
|
|
"The auth plugin ``keystone.auth.plugins.saml2.Saml2`` has been removed in "
|
|
"favour of the auth plugin ``keystone.auth.plugins.mapped.Mapped``."
|
|
|
|
msgid ""
|
|
"The catalog backend ``endpoint_filter.sql`` has been removed. It has been "
|
|
"consolidated with the ``sql`` backend, therefore replace the "
|
|
"``endpoint_filter.sql`` catalog backend with the ``sql`` backend."
|
|
msgstr ""
|
|
"The catalogue backend ``endpoint_filter.sql`` has been removed. It has been "
|
|
"consolidated with the ``sql`` backend, therefore replace the "
|
|
"``endpoint_filter.sql`` catalogue backend with the ``sql`` backend."
|
|
|
|
msgid ""
|
|
"The check for admin token from ``build_auth_context`` middleware has been "
|
|
"removed. If your deployment requires the use of `admin token`, update "
|
|
"``keystone-paste.ini`` so that ``admin_token_auth`` is before "
|
|
"``build_auth_context`` in the paste pipelines, otherwise remove the "
|
|
"``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
|
|
msgstr ""
|
|
"The check for admin token from ``build_auth_context`` middleware has been "
|
|
"removed. If your deployment requires the use of `admin token`, update "
|
|
"``keystone-paste.ini`` so that ``admin_token_auth`` is before "
|
|
"``build_auth_context`` in the paste pipelines, otherwise remove the "
|
|
"``admin_token_auth`` middleware from ``keystone-paste.ini`` entirely."
|
|
|
|
msgid ""
|
|
"The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
|
|
"only used for rolling-upgrade from Ocata release to Pike release."
|
|
msgstr ""
|
|
"The config option ``rolling_upgrade_password_hash_compat`` is removed. It is "
|
|
"only used for rolling-upgrade from Ocata release to Pike release."
|
|
|
|
msgid ""
|
|
"The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
|
|
"`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
|
|
"using LDAP drivers are affected. Additional configuration options are "
|
|
"available in the `[ldap]` section to tune connection pool size, etc."
|
|
msgstr ""
|
|
"The configuration options for LDAP connection pooling, `[ldap] use_pool` and "
|
|
"`[ldap] use_auth_pool`, are now both enabled by default. Only deployments "
|
|
"using LDAP drivers are affected. Additional configuration options are "
|
|
"available in the `[ldap]` section to tune connection pool size, etc."
|
|
|
|
msgid ""
|
|
"The credentials list call can now have its results filtered by credential "
|
|
"type."
|
|
msgstr ""
|
|
"The credentials list call can now have its results filtered by credential "
|
|
"type."
|
|
|
|
msgid ""
|
|
"The default setting for the `os_inherit` configuration option is changed to "
|
|
"True. If it is required to continue with this portion of the API disabled, "
|
|
"then override the default setting by explicitly specifying the os_inherit "
|
|
"option as False."
|
|
msgstr ""
|
|
"The default setting for the `os_inherit` configuration option is changed to "
|
|
"True. If it is required to continue with this portion of the API disabled, "
|
|
"then override the default setting by explicitly specifying the os_inherit "
|
|
"option as False."
|
|
|
|
msgid "The default token provider is now Fernet."
|
|
msgstr "The default token provider is now Fernet."
|
|
|
|
msgid ""
|
|
"The external authentication plugins ExternalDefault, ExternalDomain, "
|
|
"LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
|
|
"available."
|
|
msgstr ""
|
|
"The external authentication plugins ExternalDefault, ExternalDomain, "
|
|
"LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no longer "
|
|
"available."
|
|
|
|
msgid ""
|
|
"The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
|
|
"into the main auth middleware (``keystone.middleware.auth."
|
|
"AuthContextMiddleware``)."
|
|
msgstr ""
|
|
"The functionality of the ``ADMIN_TOKEN`` remains, but has been incorporated "
|
|
"into the main auth middleware (``keystone.middleware.auth."
|
|
"AuthContextMiddleware``)."
|
|
|
|
msgid ""
|
|
"The identity backend driver interface has changed. A new method, "
|
|
"`unset_default_project_id(project_id)`, was added to unset a user's default "
|
|
"project ID for a given project ID. Custom backend implementations must "
|
|
"implement this method."
|
|
msgstr ""
|
|
"The identity backend driver interface has changed. A new method, "
|
|
"`unset_default_project_id(project_id)`, was added to unset a user's default "
|
|
"project ID for a given project ID. Custom backend implementations must "
|
|
"implement this method."
|
|
|
|
msgid ""
|
|
"The identity backend driver interface has changed. We've added a new "
|
|
"``change_password()`` method for self service password changes. If you have "
|
|
"a custom implementation for the identity driver, you will need to implement "
|
|
"this new method."
|
|
msgstr ""
|
|
"The identity backend driver interface has changed. We've added a new "
|
|
"``change_password()`` method for self service password changes. If you have "
|
|
"a custom implementation for the identity driver, you will need to implement "
|
|
"this new method."
|
|
|
|
msgid ""
|
|
"The implementation for checking database state during an upgrade with the "
|
|
"use of `keystone-manage db_sync --check` has been corrected. This allows "
|
|
"users and automation to determine what step is next in a rolling upgrade "
|
|
"based on logging and command status codes."
|
|
msgstr ""
|
|
"The implementation for checking database state during an upgrade with the "
|
|
"use of `keystone-manage db_sync --check` has been corrected. This allows "
|
|
"users and automation to determine what step is next in a rolling upgrade "
|
|
"based on logging and command status codes."
|
|
|
|
msgid "The method signature has changed from::"
|
|
msgstr "The method signature has changed from::"
|
|
|
|
msgid "``keystone.token.persistence.backends.kvs.Token``"
|
|
msgstr "``keystone.token.persistence.backends.kvs.Token``"
|
|
|
|
msgid "``keystone/common/cache/backends/memcache_pool``"
|
|
msgstr "``keystone/common/cache/backends/memcache_pool``"
|
|
|
|
msgid "``keystone/common/cache/backends/mongo``"
|
|
msgstr "``keystone/common/cache/backends/mongo``"
|
|
|
|
msgid "``keystone/common/cache/backends/noop``"
|
|
msgstr "``keystone/common/cache/backends/noop``"
|
|
|
|
msgid "``keystone/contrib/admin_crud``"
|
|
msgstr "``keystone/contrib/admin_crud``"
|
|
|
|
msgid "``keystone/contrib/endpoint_filter``"
|
|
msgstr "``keystone/contrib/endpoint_filter``"
|
|
|
|
msgid "``keystone/contrib/federation``"
|
|
msgstr "``keystone/contrib/federation``"
|
|
|
|
msgid "``keystone/contrib/oauth1``"
|
|
msgstr "``keystone/contrib/oauth1``"
|
|
|
|
msgid "``keystone/contrib/revoke``"
|
|
msgstr "``keystone/contrib/revoke``"
|
|
|
|
msgid "``keystone/contrib/simple_cert``"
|
|
msgstr "``keystone/contrib/simple_cert``"
|
|
|
|
msgid "``keystone/contrib/user_crud``"
|
|
msgstr "``keystone/contrib/user_crud``"
|
|
|
|
msgid "``update user``"
|
|
msgstr "``update user``"
|
|
|
|
msgid "``validate_non_persistent_token``"
|
|
msgstr "``validate_non_persistent_token``"
|
|
|
|
msgid "``validate_v2_token``"
|
|
msgstr "``validate_v2_token``"
|
|
|
|
msgid "``validate_v3_token``"
|
|
msgstr "``validate_v3_token``"
|
|
|
|
msgid "all config options under ``[kvs]`` in `keystone.conf`"
|
|
msgstr "all config options under ``[kvs]`` in `keystone.conf`"
|
|
|
|
msgid "and will return a list of mappings for a given domain ID."
|
|
msgstr "and will return a list of mappings for a given domain ID."
|
|
|
|
msgid "eq - password expires at the timestamp"
|
|
msgstr "eq - password expires at the timestamp"
|
|
|
|
msgid "gt - password expires after the timestamp"
|
|
msgstr "gt - password expires after the timestamp"
|
|
|
|
msgid "gte - password expires at or after the timestamp"
|
|
msgstr "gte - password expires at or after the timestamp"
|
|
|
|
msgid "lt - password expires before the timestamp"
|
|
msgstr "lt - password expires before the timestamp"
|
|
|
|
msgid "lte - password expires at or before timestamp"
|
|
msgstr "lte - password expires at or before timestamp"
|
|
|
|
msgid "neq - password expires not at the timestamp"
|
|
msgstr "neq - password expires not at the timestamp"
|
|
|
|
msgid ""
|
|
"stats_monitoring and stats_reporting paste filters have been removed, so "
|
|
"references to it must be removed from the ``keystone-paste.ini`` "
|
|
"configuration file."
|
|
msgstr ""
|
|
"stats_monitoring and stats_reporting paste filters have been removed, so "
|
|
"references to it must be removed from the ``keystone-paste.ini`` "
|
|
"configuration file."
|
|
|
|
msgid "the config option ``[memcached] servers`` in `keystone.conf`"
|
|
msgstr "the config option ``[memcached] servers`` in `keystone.conf`"
|
|
|
|
msgid "to::"
|
|
msgstr "to::"
|