# SOME DESCRIPTIVE TITLE. # Copyright (C) 2015, Barbican Developers # This file is distributed under the same license as the Barbican Release Notes package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: Barbican Release Notes \n" "Report-Msgid-Bugs-To: \n" "POT-Creation-Date: 2024-12-23 11:48+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #: ../../:61 unmaintained/2023.1>:571 #: unmaintained/zed>:505 msgid "" "(For deployments overriding default policies) After upgrading, please review " "Barbican policy files and ensure that you port any rules tied to `order:put` " "are remapped to `orders:put`." msgstr "" #: ../../:5 msgid "1.0.0-5" msgstr "" #: ../../:132 unmaintained/2023.1>:423 #: unmaintained/zed>:357 msgid "10.0.0" msgstr "" #: ../../:55 msgid "10.1.0" msgstr "" #: ../../:5 msgid "10.1.0-15" msgstr "" #: ../../:394 unmaintained/victoria>:116 #: unmaintained/zed>:328 msgid "11.0.0" msgstr "" #: ../../:5 msgid "11.0.0-24" msgstr "" #: ../../:69 msgid "12.0.0" msgstr "" #: ../../:152 unmaintained/zed>:86 msgid "12.0.0.0rc1" msgstr "" #: ../../:5 msgid "12.0.1" msgstr "" #: ../../:124 unmaintained/xena>:58 #: unmaintained/zed>:58 msgid "13.0.0" msgstr "" #: ../../:5 msgid "13.0.1" msgstr "" #: ../../:71 unmaintained/yoga>:5 #: unmaintained/zed>:5 msgid "14.0.0" msgstr "" #: ../../:52 msgid "16.0.1" msgstr "" #: ../../:52 msgid "17.0.0" msgstr "" #: ../../:5 msgid "17.0.0-6" msgstr "" #: ../../:52 msgid "18.0.0" msgstr "" #: ../../:5 msgid "18.0.0-3" msgstr "" #: ../../:52 msgid "19.0.0" msgstr "" #: ../../:5 current msgid "19.0.0-14" msgstr "" #: ../../:5 msgid "19.0.0-3" msgstr "" #: ../../:5 msgid "2.0.0" msgstr "" #: ../../:5 msgid "2023.1-eom-2" msgstr "" #: ../../:5 unmaintained/2023.1>:740 #: unmaintained/zed>:674 msgid "3.0.0" msgstr "" #: ../../:5 unmaintained/2023.1>:705 #: unmaintained/zed>:639 msgid "4.0.0" msgstr "" #: ../../:5 unmaintained/2023.1>:668 #: unmaintained/zed>:602 msgid "5.0.0" msgstr "" #: ../../:53 unmaintained/2023.1>:622 #: unmaintained/zed>:556 msgid "6.0.0" msgstr "" #: ../../:5 msgid "6.0.1-12" msgstr "" #: ../../:34 unmaintained/2023.1>:544 #: unmaintained/zed>:478 msgid "7.0.0" msgstr "" #: ../../:5 msgid "7.0.0-17" msgstr "" #: ../../:5 unmaintained/2023.1>:460 #: unmaintained/zed>:394 msgid "8.0.0" msgstr "" #: ../../:5 msgid "9.0.1-21" msgstr "" #: ../../:34 stable/ussuri>:84 #: unmaintained/2023.1>:181 unmaintained/victoria>:34 unmaintained/wallaby>:98 #: unmaintained/zed>:115 msgid "" "A new \"token_labels\" option has been added to the PKCS#11 driver which " "supersedes the previous \"token_label\" option. The new option is used to " "specify a list of tokens that can be used by Barbican. This is required for " "some HSM devices that use separate tokens for load balancing. For most use " "cases the new option will just have a single token. The old option is " "deprecated, but will still be used if present." msgstr "" #: ../../:28 stable/ussuri>:78 #: unmaintained/2023.1>:175 unmaintained/victoria>:28 unmaintained/wallaby>:92 #: unmaintained/zed>:109 msgid "" "Added a new boolean option to the PKCS#11 backend: `os_locking_ok`. When " "set to True, the flag CKF_OS_LOCKING_OK will be passed to the C_Initialize " "function. The new option defaults to False." msgstr "" #: ../../:14 stable/rocky>:43 #: unmaintained/2023.1>:553 unmaintained/zed>:487 msgid "" "Added new options to the PKCS#11 Cryptographic Plugin configuration to " "enable the use of different encryption and hmac mechanisms. Added support " "for `CKM_AES_CBC` encryption in the PKCS#11 Cryptographic Plugin." msgstr "" #: ../../:14 unmaintained/2023.1>:469 #: unmaintained/zed>:403 msgid "Added new tool ``barbican-status upgrade check``." msgstr "" #: ../../:24 unmaintained/2023.1>:479 #: unmaintained/zed>:413 msgid "" "Added two new subcommands to `barbican-manage hsm` that can query the HSM to " "check if a MKEK or HMAC key with the given label already exists. See " "`barbican-manage hsm check_mkek --help` and `barbican-manage hsm check_hmac " "--help` for details." msgstr "" #: ../../:14 stable/ussuri>:64 #: unmaintained/2023.1>:161 unmaintained/victoria>:14 unmaintained/wallaby>:78 #: unmaintained/zed>:95 msgid "" "Added two options for the PKCS#11 Crypto Plugin: `[p11_crypto_plugin]/" "token_serial_number` and `[p11_crypto_plugin]/token_label`. Both are " "optional and can be used instead of `[p11_crypto_plugin]/slot_id` to " "identify the Token to be used by the PKCS#11 plugin. When either one of the " "new options is defined the plugin will search all slots on the PKCS#11 " "device for a token that matches the given value. `token_serial_number` has " "the highest precendence and other values will be ignored when this value is " "set. If `token_serial_number` is not set, then `token_label` has the next " "highest precedence and `slot_id` will be ignored. `slot_id` will be used " "when neither one of the new options is set." msgstr "" #: ../../:48 current stable/2023.2>:37 stable/2024.1>:37 #: stable/2024.2>:37 stable/queens>:41 stable/rocky>:22 stable/rocky>:81 #: stable/stein>:68 stable/train>:89 stable/ussuri>:38 stable/ussuri>:117 #: unmaintained/2023.1>:37 unmaintained/2023.1>:102 unmaintained/2023.1>:140 #: unmaintained/2023.1>:378 unmaintained/2023.1>:413 unmaintained/2023.1>:523 #: unmaintained/2023.1>:591 unmaintained/victoria>:89 #: unmaintained/victoria>:135 unmaintained/wallaby>:47 #: unmaintained/wallaby>:295 unmaintained/xena>:36 unmaintained/xena>:74 #: unmaintained/yoga>:36 unmaintained/zed>:36 unmaintained/zed>:74 #: unmaintained/zed>:312 unmaintained/zed>:347 unmaintained/zed>:457 #: unmaintained/zed>:525 msgid "Bug Fixes" msgstr "" #: ../../:85 unmaintained/2023.1>:595 #: unmaintained/zed>:529 msgid "" "By default barbican checks only the algorithm and the bit_length when " "creating a new secret. The xts-mode cuts the key in half for aes, so for " "using aes-256 with xts, you have to use a 512 bit key, but barbican allows " "only a maximum of 256 bit. A check for the mode within the " "_is_algorithm_supported method of the class SimpleCryptoPlugin was added to " "allow 512 bit keys for aes-xts in this plugin." msgstr "" #: ../../:76 unmaintained/2023.1>:645 #: unmaintained/zed>:579 msgid "CAs" msgstr "" #: ../../:72 unmaintained/2023.1>:641 #: unmaintained/zed>:575 msgid "Certificate Orders" msgstr "" #: ../../:86 msgid "Critical Issues" msgstr "" #: ../../:403 unmaintained/victoria>:125 #: unmaintained/zed>:337 msgid "" "Default for auto_db_create has been changed to False (was True). This is a " "change compared to the previous behavior, but required to protect production " "deployments from performing upgrades without control. If you wish to keep " "the auto db creation/upgrade behavior, change this to True in your " "configuration." msgstr "" #: ../../:33 stable/rocky>:14 stable/stein>:60 #: unmaintained/2023.1>:515 unmaintained/zed>:449 msgid "" "Deprecated the `generate_iv` option name. It has been renamed to " "`aes_gcm_generate_iv` to reflect the fact that it only applies to the " "CKM_AES_GCM mechanism." msgstr "" #: ../../:27 stable/rocky>:73 #: unmaintained/2023.1>:583 unmaintained/zed>:517 msgid "" "Deprecated the `p11_crypto_plugin:algoritm` option. Users should update " "their configuration to use `p11_crypto_plugin:encryption_mechanism` instead." msgstr "" #: ../../:21 current origin/stable/mitaka>:68 #: stable/2023.2>:10 stable/2024.1>:10 stable/2024.1>:77 stable/2024.2>:10 #: stable/pike>:21 stable/queens>:23 stable/queens>:68 stable/rocky>:10 #: stable/rocky>:69 stable/stein>:56 stable/train>:60 stable/ussuri>:105 #: unmaintained/2023.1>:10 unmaintained/2023.1>:256 unmaintained/2023.1>:511 #: unmaintained/2023.1>:579 unmaintained/2023.1>:637 unmaintained/2023.1>:684 #: unmaintained/victoria>:60 unmaintained/wallaby>:173 unmaintained/zed>:190 #: unmaintained/zed>:445 unmaintained/zed>:513 unmaintained/zed>:571 #: unmaintained/zed>:618 msgid "Deprecation Notes" msgstr "" #: ../../:52 current stable/2023.2>:41 stable/2024.1>:41 #: stable/2024.2>:41 unmaintained/2023.1>:41 msgid "" "Fixed Bug #2036506 - This patch replaces the hard-coded CKM_AES_CBC_PAD " "mechanism used to wrap pKEKs with an option to configure this mechanism. Two " "new options have been added to the [p11_crypto_plugin] section of the " "configuration file: `key_wrap_mechanism` and `key_wrap_generate_iv`. These " "options default to `CKM_AES_CBC_PAD` and `True` respectively to preserve " "backwards compatibility." msgstr "" #: ../../:126 unmaintained/2023.1>:417 #: unmaintained/victoria>:139 unmaintained/zed>:351 msgid "Fixed Story # 2007732: Migrations broken on MySQL 8.x." msgstr "" #: ../../:45 stable/rocky>:26 stable/stein>:72 #: unmaintained/2023.1>:527 unmaintained/zed>:461 msgid "" "Fixed Story #2004734: Added a new option `always_set_cka_sensitive` to fix " "a regression that affected Safenet HSMs. The option defaults to `True` as " "required by Safenet HSMs. Other HSMs may require it be set to `False`." msgstr "" #: ../../:78 unmaintained/2023.1>:533 #: unmaintained/zed>:467 msgid "" "Fixed Story #2004734: Added a new option 'hmac_keywrap_mechanism' to make " "the mechanism used to calculate a HMAC from an wrapped PKEK configurable. " "This was introduced because of an problem with Utimaco HSMs which throw an " "'CKR_MECHANISM_INVALID' error, e.g. when a new PKEK is generated. For " "Utimaco HSMs, 'hmac_keywrap_mechanism' should be set to 'CKM_AES_MAC' in " "barbican.conf." msgstr "" #: ../../:382 unmaintained/victoria>:93 #: unmaintained/wallaby>:299 unmaintained/zed>:316 msgid "" "Fixed Story #2006978: An admin user now can delete other users secrets by " "adjust the policy file." msgstr "" #: ../../:93 stable/ussuri>:121 #: unmaintained/2023.1>:387 unmaintained/victoria>:98 unmaintained/wallaby>:304 #: unmaintained/zed>:321 msgid "" "Fixed Story #2008649: Correctly reinitialize PKCS11 object after secondary " "failures." msgstr "" #: ../../:98 stable/ussuri>:42 #: unmaintained/2023.1>:106 unmaintained/victoria>:103 unmaintained/wallaby>:51 #: unmaintained/xena>:40 unmaintained/yoga>:40 unmaintained/zed>:40 msgid "" "Fixed Story #2009247 - Fixed the response for POST /v1/secrets/{secret-id}/" "metadata so it matches the documented behavior." msgstr "" #: ../../:104 stable/ussuri>:48 #: unmaintained/2023.1>:117 unmaintained/victoria>:109 unmaintained/wallaby>:62 #: unmaintained/xena>:51 unmaintained/yoga>:51 unmaintained/zed>:51 msgid "" "Fixed Story #2009672 - Fixed validator for Container Consumers to prevent " "500 errors." msgstr "" #: ../../:76 stable/ussuri>:25 #: unmaintained/2023.1>:89 unmaintained/victoria>:76 unmaintained/wallaby>:34 #: unmaintained/xena>:23 unmaintained/yoga>:23 unmaintained/zed>:23 msgid "" "Fixed Story #2009791: Users with the \"creator\" role on a project can now " "delete secrets owned by the project even if the user is different than the " "user that originally created the secret. Previous to this fix a user with " "the \"creator\" role was only allowed to delete a secret owned by the " "project if they were also the same user that originally created, which was " "inconsistent with the way that deletes are handled by other OpenStack " "projects that integrate with Barbican. This change does not affect private " "secrets (i.e. secrets with the \"project-access\" flag set to \"false\")." msgstr "" #: ../../:95 msgid "" "Fixed Story #2010258: Fixes a security vulnerability where the contents of " "a request query string were mistakenly being used in the RBAC policy engine." msgstr "" #: ../../:144 unmaintained/xena>:78 #: unmaintained/zed>:78 msgid "" "Fixed Story 2008335: Fixed a data encoding issue in the Hashicorp Vault " "backend that was causing errors when retrieving keys that were generated by " "the Vault Key Manager in Castellan." msgstr "" #: ../../:112 unmaintained/wallaby>:57 #: unmaintained/xena>:46 unmaintained/yoga>:46 unmaintained/zed>:46 msgid "" "Fixed Story 2009664 - Fixed the Consumer controller to be able to use the " "associated Container's ownership information in policy checks." msgstr "" #: ../../:604 unmaintained/zed>:538 msgid "" "Fixed the response code for invalid subroutes for individual secrets. The " "API was previously responding with the incorrect code \"405 - Method not " "allowed\", but now responds correctly with \"404 - Not Found\"." msgstr "" #: ../../:94 msgid "" "Fixed the response code for invalid subroutes for individual secrets. The " "API was previously responding with the incorrect code \"406 - Method not " "allowed\", but now responds correctly with \"404 - Not Found\"." msgstr "" #: ../../:60 origin/stable/mitaka>:90 msgid "" "If you are upgrading from previous version of barbican that uses the PKCS#11 " "Cryptographic Plugin driver, you will need to run the migration script" msgstr "" #: ../../:194 unmaintained/wallaby>:111 #: unmaintained/zed>:128 msgid "Implement secure-rbac for consumers resource." msgstr "" #: ../../:198 unmaintained/wallaby>:115 #: unmaintained/zed>:132 msgid "Implement secure-rbac for containers resource." msgstr "" #: ../../:202 unmaintained/wallaby>:119 #: unmaintained/zed>:136 msgid "Implement secure-rbac for orders resource." msgstr "" #: ../../:206 unmaintained/wallaby>:123 #: unmaintained/zed>:140 msgid "Implement secure-rbac for quotas resource." msgstr "" #: ../../:210 unmaintained/wallaby>:127 #: unmaintained/zed>:144 msgid "Implement secure-rbac for secretmeta resource." msgstr "" #: ../../:214 unmaintained/wallaby>:131 #: unmaintained/zed>:148 msgid "Implement secure-rbac for secrets resource." msgstr "" #: ../../:218 unmaintained/wallaby>:135 #: unmaintained/zed>:152 msgid "Implement secure-rbac for secretstores resource." msgstr "" #: ../../:222 unmaintained/wallaby>:139 #: unmaintained/zed>:156 msgid "Implement secure-rbac for transportkeys resource." msgstr "" #: ../../:190 unmaintained/wallaby>:107 #: unmaintained/zed>:124 msgid "Implement secure-rbac policy for ACLs." msgstr "" #: ../../:141 unmaintained/2023.1>:432 #: unmaintained/zed>:366 msgid "" "It is now possible for barbican-keystone-listener to listen on the same " "standard notification topic without interfering with other services by using " "the notification listener pools feature of oslo.messaging. To use it, set " "the new ``[keystone_notifications]pool_name`` option to some unique value " "(but the same for all instances of barbican-keystone-listener service). This " "feature is available only for those messaging transports of oslo.messaging " "that support it. At the moment those are rabbitmq and kafka. For more " "details see `oslo.messagind docs `_" msgstr "" #: ../../:40 msgid "Known Issues" msgstr "" #: ../../:14 unmaintained/2023.1>:677 #: unmaintained/zed>:611 msgid "" "Maintain the policy rules in code and add an oslo.policy CLI script in tox " "to generate policy sample file. The script can be called like \"oslopolicy-" "sample-generator --config-file=etc/oslo-config-generator/policy.conf\" and " "will generate a policy.yaml.sample file with the effective policy." msgstr "" #: ../../:83 msgid "" "Microversions enable clients to do a server supported version discovery, " "allowing old clients (not supporting the feature) to interact with newer " "servers." msgstr "" #: ../../:30 origin/stable/newton>:20 #: origin/stable/ocata>:20 stable/2023.2>:68 stable/2024.2>:57 stable/pike>:10 #: stable/queens>:10 stable/rocky>:39 stable/stein>:20 stable/train>:10 #: stable/ussuri>:10 stable/ussuri>:60 stable/ussuri>:137 #: unmaintained/2023.1>:129 unmaintained/2023.1>:157 unmaintained/2023.1>:428 #: unmaintained/2023.1>:475 unmaintained/2023.1>:549 unmaintained/2023.1>:673 #: unmaintained/2023.1>:720 unmaintained/2023.1>:755 unmaintained/victoria>:10 #: unmaintained/wallaby>:10 unmaintained/wallaby>:74 unmaintained/xena>:63 #: unmaintained/zed>:63 unmaintained/zed>:91 unmaintained/zed>:362 #: unmaintained/zed>:409 unmaintained/zed>:483 unmaintained/zed>:607 #: unmaintained/zed>:654 unmaintained/zed>:689 msgid "New Features" msgstr "" #: ../../:759 unmaintained/zed>:693 msgid "" "New feature to support multiple secret store plugin backends. This feature " "is not enabled by default. To use this feature, the relevant feature flag " "needs to be enabled and supporting configuration needs to be added in the " "service configuration. Once enabled, a project administrator will be able to " "specify one of the available secret store backends as a preferred secret " "store for their project secrets. This secret store preference applies only " "to new secrets (key material) created or stored within that project. " "Existing secrets are not impacted. See http://docs.openstack.org/developer/" "barbican/setup/plugin_backends.html for instructions on how to setup " "Barbican multiple backends, and the API documentation for further details." msgstr "" #: ../../:24 msgid "" "New feature to support multiple secret store plugin backends. This feature " "is not enabled by default. To use this feature, the relevant feature flag " "needs to be enabled and supporting configuration needs to be added in the " "service configuration. Once enabled, a project adminstrator will be able to " "specify one of the available secret store backends as a preferred secret " "store for their project secrets. This secret store preference applies only " "to new secrets (key material) created or stored within that project. " "Existing secrets are not impacted. See http://docs.openstack.org/developer/" "barbican/setup/plugin_backends.html for instructions on how to setup " "Barbican multiple backends, and the API documentation for further details." msgstr "" #: ../../:31 unmaintained/2023.1>:486 #: unmaintained/zed>:420 msgid "" "New framework for ``barbican-status upgrade check`` command is added. This " "framework allows adding various checks which can be run before a Barbican " "upgrade to ensure if the upgrade can be performed safely." msgstr "" #: ../../:61 msgid "" "Now Barbican uses oslo.db for database connection. The features implemented " "in oslo.db can be now leveraged in Barbican." msgstr "" #: ../../:749 unmaintained/zed>:683 msgid "" "Now within a single deployment, multiple secret store plugin backends can be " "configured and used. With this change, a project administrator can pre-" "define a preferred plugin backend for storing their secrets. New APIs are " "added to manage this project level secret store preference." msgstr "" #: ../../:14 msgid "" "Now within a single deployment, multiple secret store plugin backends can be " "configured and used. With this change, a project adminstrator can pre-define " "a preferred plugin backend for storing their secrets. New APIs are added to " "manage this project level secret store preference." msgstr "" #: ../../:48 unmaintained/2023.1>:503 #: unmaintained/zed>:437 msgid "" "Operator can now use new CLI tool ``barbican-status upgrade check`` to check " "if Barbican deployment can be safely upgraded from N-1 to N release." msgstr "" #: ../../:10 stable/pike>:32 #: stable/queens>:82 stable/rocky>:102 unmaintained/2023.1>:612 #: unmaintained/2023.1>:651 unmaintained/2023.1>:695 unmaintained/zed>:546 #: unmaintained/zed>:585 unmaintained/zed>:629 msgid "Other Notes" msgstr "" #: ../../:80 unmaintained/wallaby>:25 #: unmaintained/xena>:14 unmaintained/yoga>:14 unmaintained/zed>:14 msgid "" "Part of the fix for Story 2009664 required renaming the policy for Container " "Consumers from \"consumers:get\" to \"container_consumers:get\", \"consumers:" "post\" to \"container_consumers:post\", and \"consumers:delete\" to " "\"container_consumers:delete\". If you are using custom policies to " "override the default policies you will need to update them to use the new " "names." msgstr "" #: ../../:37 unmaintained/2023.1>:492 #: unmaintained/zed>:426 msgid "" "Port existing policy RuleDefault objects to the newer, more verbose " "DocumentedRuleDefaults." msgstr "" #: ../../:10 origin/stable/newton>:10 #: origin/stable/ocata>:10 stable/2023.2>:57 stable/queens>:58 stable/stein>:10 #: unmaintained/2023.1>:465 unmaintained/2023.1>:627 unmaintained/2023.1>:710 #: unmaintained/2023.1>:745 unmaintained/zed>:399 unmaintained/zed>:561 #: unmaintained/zed>:644 unmaintained/zed>:679 msgid "Prelude" msgstr "" #: ../../:161 unmaintained/2023.1>:452 #: unmaintained/zed>:386 msgid "" "Python 2.7 support has been dropped. Last release of Barbican to support " "python 2.7 is OpenStack Train. The minimum version of Python now supported " "by Barbican is Python 3.6." msgstr "" #: ../../:50 unmaintained/2023.1>:560 #: unmaintained/zed>:494 msgid "" "Remap the `order:put` to `orders:put` to align with language in the orders " "controller." msgstr "" #: ../../:25 unmaintained/2023.1>:688 #: unmaintained/zed>:622 msgid "" "Removed application/pkix media type because Barbican will not be using media " "types for format conversion." msgstr "" #: ../../:77 msgid "" "Secret consumers do not block the secret to be deleted by the end user " "though. When an end user needs to delete a secret that has consumers, it " "can simply do it. However, deletion of secrets with consumers must be " "forced using a corresponding parameter, either in the client's CLI or in the " "client's API." msgstr "" #: ../../:34 current stable/2023.2>:23 stable/2023.2>:91 #: stable/2024.1>:23 stable/2024.1>:98 stable/2024.2>:23 stable/train>:72 #: stable/ussuri>:21 unmaintained/2023.1>:23 unmaintained/2023.1>:57 #: unmaintained/2023.1>:76 unmaintained/2023.1>:277 unmaintained/victoria>:72 #: unmaintained/wallaby>:21 unmaintained/wallaby>:194 unmaintained/xena>:10 #: unmaintained/yoga>:10 unmaintained/zed>:10 unmaintained/zed>:211 msgid "Security Issues" msgstr "" #: ../../:14 msgid "Start using reno to manage release notes." msgstr "" #: ../../:14 current msgid "" "Support for Python 3.8 has been removed. Now the minimum python version " "supported is 3.9 ." msgstr "" #: ../../:101 unmaintained/2023.1>:61 msgid "" "System scope has been removed from the RBAC policies as specified in the " "Consistent and Secure Default RBAC community goal. See: https://governance." "openstack.org/tc/goals/selected/consistent-and-secure-rbac.html APIs that " "required system scoped tokens can now be accessed by using a project scoped " "token with the \"admin\" role." msgstr "" #: ../../:64 stable/ussuri>:109 #: unmaintained/2023.1>:260 unmaintained/victoria>:64 unmaintained/wallaby>:177 #: unmaintained/zed>:194 msgid "" "The \"token_label\" option in the PKCS#11 driver is deprecated. Th new " "\"token_labels\" option should be used instead. If present, \"token_label\" " "will still be used by appending it to \"token_labels\"." msgstr "" #: ../../:72 msgid "" "The 'barbican-db-manage' script is deprecated. Use the new 'barbican-" "manage' utility instead." msgstr "" #: ../../:34 msgid "" "The 'barbican-manage' tool can be used to manage database schema changes as " "well as provision and rotate keys in the HSM backend." msgstr "" #: ../../:24 unmaintained/2023.1>:724 #: unmaintained/zed>:658 msgid "" "The 'http_proxy_to_wsgi' middleware can be used to help barbican respond " "with the correct URL refs when it's put behind a TLS proxy (such as " "HAProxy). This middleware is disabled by default, but can be enabled via a " "configuration option in the oslo_middleware group." msgstr "" #: ../../:76 msgid "" "The 'pkcs11-kek-rewrap' script is deprecated. Use the new 'barbican-manage' " "utility instead." msgstr "" #: ../../:80 msgid "" "The 'pkcs11-key-generation' script is deprecated. Use the new 'barbican-" "manage' utility instead." msgstr "" #: ../../:56 msgid "" "The Metadata API requires an update to the Database Schema. Existing " "deployments that are being upgraded to Mitaka should use the 'barbican-" "manage' utility to update the schema." msgstr "" #: ../../:19 msgid "" "The Mitaka release includes a new API to add arbitrary user-defined metadata " "to Secrets." msgstr "" #: ../../:38 current stable/2023.2>:27 stable/2024.1>:27 #: stable/2024.2>:27 unmaintained/2023.1>:27 msgid "" "The PKCS#11 backend driver has been updated to support newer Key Wrap " "mechanisms. New deployments should use CKM_AES_KEY_WRAP_KWP, but " "CKM_AES_KEY_WRAP_PAD and CKM_AES_CBC_PAD are also supported for " "compatibility with older devices that have not yet implemented PKCS#11 " "Version 3.0." msgstr "" #: ../../:25 current stable/2023.2>:14 stable/2024.1>:14 #: stable/2024.2>:14 unmaintained/2023.1>:14 msgid "" "The `[p11_crypto_plugin]hmac_keywrap_mechanism` option has been replaced by " "`[p11_crypto_plugin]hmac_mechanism`. This option was renamed to avoid " "confusion since this mechanism is only used to sign encrypted data and never " "used for key wrap encryption." msgstr "" #: ../../:71 msgid "The ``token_label`` option in the PKCS#11 driver has been removed." msgstr "" #: ../../:34 unmaintained/2023.1>:734 #: unmaintained/zed>:668 msgid "" "The barbican-api-paste.ini configuration file for the paste pipeline was " "updated to add the http_proxy_to_wsgi middleware." msgstr "" #: ../../:66 msgid "" "The certificate plugin and the certificate event plugin were both removed, " "because these were used for deprecated certificate resources." msgstr "" #: ../../:335 unmaintained/wallaby>:252 #: unmaintained/zed>:269 msgid "" "The current policy allows all users except those with the audit role to list " "a secrets metadata keys and get the metadata values. The new desired policy " "will restrict this to members. For backwards compatibility, the old " "policies remain in effect, but they are deprecated and will be removed in " "future, leaving the more restrictive new policy." msgstr "" #: ../../:313 unmaintained/wallaby>:230 #: unmaintained/zed>:247 msgid "" "The current policy allows all users except those with the audit role to list " "orders or retrieve an orders metadata. The new desired policy will restrict " "this to members. For backwards compatibility, the old policies remain in " "effect, but they are deprecated and will be removed in future, leaving the " "more restrictive new policy." msgstr "" #: ../../:369 unmaintained/wallaby>:286 #: unmaintained/zed>:303 msgid "" "The current policy allows users with the admin role to add or delete " "transport keys. This interface was only ever intended to be used by system " "admins, and so it has been restricted using the new policy to the system " "admin only (admins with system_scope:all)." msgstr "" #: ../../:363 unmaintained/wallaby>:280 #: unmaintained/zed>:297 msgid "" "The current policy only allows users with the admin role to list and get " "secretstore resources. The new policy allows all users to perform these " "operations." msgstr "" #: ../../:327 unmaintained/wallaby>:244 #: unmaintained/zed>:261 msgid "" "The current policy only allows users with the key-manager:service-admin role " "to list, get, add, update or delete project quotas. The new policy allows " "system readers to list quotas and get quotas for specific projects and " "system admins (role:admin and system_scope:all) to add, update and delete " "project quotas." msgstr "" #: ../../:43 stable/ussuri>:14 #: unmaintained/2023.1>:133 unmaintained/victoria>:43 unmaintained/wallaby>:14 #: unmaintained/xena>:67 unmaintained/zed>:67 msgid "" "The default maximum secret size has been increased from 10 kB to 20 kb, and " "the default maximum request size has been increased from 15 kB to 25 kB." msgstr "" #: ../../:242 unmaintained/wallaby>:159 #: unmaintained/zed>:176 msgid "" "The default value of ``[oslo_policy] policy_file`` config option has been " "changed from ``policy.json`` to ``policy.yaml``. Operators who are utilizing " "customized or previously generated static policy JSON files (which are not " "needed by default), should generate new policy files or convert them in YAML " "format. Use the `oslopolicy-convert-json-to-yaml `_ tool to " "convert a JSON to YAML formatted policy file in backward compatible way." msgstr "" #: ../../:61 msgid "" "The deprecated certificate order resource was removed. Because of this, " "create order API no longer accepts ``certificate`` type." msgstr "" #: ../../:81 msgid "" "The following database options in the ``[DEFAULT]`` section were renamed and " "moved to the ``[database]`` section." msgstr "" #: ../../:72 msgid "" "The following deprecated database options were effectively removed. Use the " "equivalent oslo.db library options instead." msgstr "" #: ../../:48 stable/ussuri>:93 #: unmaintained/2023.1>:226 unmaintained/victoria>:48 unmaintained/wallaby>:143 #: unmaintained/zed>:160 msgid "" "The hsm subcommand for the barbican-manage command line tool no longer " "requires any parameters at run time. If any value used by the PKCS#11 value " "is needed it will be taken from /etc/barbican/barbican.conf. You may " "continue to specify any values on the command line, and those will take " "precedence over the values specified in barbican.conf, so any existing " "scripts that use barbican-manage should continue to work as expected." msgstr "" #: ../../:289 unmaintained/wallaby>:206 #: unmaintained/zed>:223 msgid "" "The new secure-rbac policy allows ACLs to be modified or deleted by members " "of a project. This is a change from the previous policy which only allowed " "these operations by the project admin or the secret or container creators." msgstr "" #: ../../:295 unmaintained/wallaby>:212 #: unmaintained/zed>:229 msgid "" "The new secure-rbac policy allows consumers to be added and deleted by " "members. This is a change from the previous policy which only allowed the " "secret's creator or admins or those that had a read acl on the secret." msgstr "" #: ../../:307 unmaintained/wallaby>:224 #: unmaintained/zed>:241 msgid "" "The new secure-rbac policy allows for container deletion by members. This is " "a change from the previous policy that only allowed deletion by the creator " "or the project admin." msgstr "" #: ../../:357 unmaintained/wallaby>:274 #: unmaintained/zed>:291 msgid "" "The new secure-rbac policy allows for secret deletion by members. This is a " "change from the previous policy that only allowed deletion by the creator or " "the project admin." msgstr "" #: ../../:321 unmaintained/wallaby>:238 #: unmaintained/zed>:255 msgid "" "The new secure-rbac policy allows for secret deletion by members. This is a " "change from the previous policy that only allowed deletion by the project " "admin." msgstr "" #: ../../:344 unmaintained/wallaby>:261 #: unmaintained/zed>:278 msgid "" "The new secure-rbac policy allows for secret metadata addition, modification " "and deletion by members. This is a change from the previous policy that " "only allowed deletion by the project admin or the secret creator." msgstr "" #: ../../:351 unmaintained/wallaby>:268 #: unmaintained/zed>:285 msgid "" "The new secure-rbac policy allows for two-step secret creation to be done by " "any member. This is a change from the previous policy that only allowed " "step two to be performed by the creator." msgstr "" #: ../../:301 unmaintained/wallaby>:218 #: unmaintained/zed>:235 msgid "" "The new secure-rbac policy allows secrets to be added and removed from " "containers by members. This is a change from the previous policy which only " "allowed admins to add and remove secrets." msgstr "" #: ../../:281 unmaintained/wallaby>:198 #: unmaintained/zed>:215 msgid "" "The new secure-rbac policy does not allow listing ACLs for private secrets " "or private containers. This is a change from the previous policy which " "allowed listing ACLs of private secrets or private containers by users with " "some role assignments on the project. The previous policy is deprecated, " "but it will continue to be used until it is removed in a future release." msgstr "" #: ../../:72 msgid "" "The secret consumers functionality allows other OpenStack projects, such as " "Cinder and Glance, to name a few, to register consumers of secrets. This is " "useful when a project wants to make an end user aware that it is using the " "secret." msgstr "" #: ../../:44 msgid "" "The service will encounter errors if you attempt to run this new release " "using data stored by a previous version of the PKCS#11 Cryptographic Plugin " "that has not yet been migrated for this release. The logged errors will " "look like" msgstr "" #: ../../:14 unmaintained/2023.1>:714 #: unmaintained/zed>:648 msgid "This release adds http_proxy_to_wsgi middleware to the pipeline." msgstr "" #: ../../:14 msgid "" "This release includes a new command line utility 'barbican-manage' that " "consolidates and supersedes the separate HSM and database management scripts." msgstr "" #: ../../:24 msgid "" "This release includes significant improvements to the performance of the " "PKCS#11 Cryptographic Plugin driver. These changes will require a data " "migration of any existing data stored by previous versions of the PKCS#11 " "backend." msgstr "" #: ../../:62 unmaintained/2023.1>:631 #: unmaintained/zed>:565 msgid "" "This release notify that we will remove Certificate Orders and CAs from API." msgstr "" #: ../../:102 msgid "" "This release uses Secure RBAC by default (See: https://governance.openstack." "org/tc/goals/selected/consistent-and-secure-rbac.html ) To opt out of this " "change and continue using the legacy policies set " "enforce_new_defaults=False and enforce_scope=False in the [oslo_policy] " "section of barbican.conf." msgstr "" #: ../../:61 msgid "" "This version adds support to the secret consumers and microversions " "functionalities. The detailed secret consumers specification can be found " "on . Microversions allow clients to interact with Barbican " "server to gather information on minimum and maximum versions supported by " "the server. More information can be found on ." msgstr "" #: ../../:10 current origin/stable/mitaka>:52 #: origin/stable/ocata>:30 stable/2024.1>:57 stable/2024.2>:68 stable/rocky>:57 #: stable/stein>:44 stable/ussuri>:157 unmaintained/2023.1>:238 #: unmaintained/2023.1>:399 unmaintained/2023.1>:448 unmaintained/2023.1>:499 #: unmaintained/2023.1>:567 unmaintained/2023.1>:730 unmaintained/victoria>:121 #: unmaintained/wallaby>:155 unmaintained/zed>:172 unmaintained/zed>:333 #: unmaintained/zed>:382 unmaintained/zed>:433 unmaintained/zed>:501 #: unmaintained/zed>:664 msgid "Upgrade Notes" msgstr "" #: ../../:266 unmaintained/wallaby>:183 #: unmaintained/zed>:200 msgid "" "Use of JSON policy files was deprecated by the ``oslo.policy`` library " "during the Victoria development cycle. As a result, this deprecation is " "being noted in the Wallaby cycle with an anticipated future removal of " "support by ``oslo.policy``. As such operators will need to convert to YAML " "policy files. Please see the upgrade notes for details on migration of any " "custom policy files." msgstr "" #: ../../:86 unmaintained/2023.1>:655 #: unmaintained/zed>:589 msgid "" "Why are we deprecating Certificate Issuance? There are a few reasons that " "were considered for this decision. First, there does not seem to be a lot " "of interest in the community to fully develop the Certificate Authority " "integration with Barbican. We have a few outstanding blueprints that are " "needed to make Certificate Issuance fully functional, but so far no one has " "committed to getting the work done. Additionally, we've had very little buy-" "in from public Certificate Authorities. Both Symantec and Digicert were " "interested in integration in the past, but that interest didn't materialize " "into robust CA plugins like we hoped it would. Secondly, there have been new " "developments in the space of Certificate Authorities since we started " "Barbican. The most significant of these was the launch of the Let's Encrypt " "public CA along with the definition of the ACME protocol for certificate " "issuance. We believe that future certificate authority services would do " "good to implement the ACME standard, which is quite different than the API " "the Barbican team had developed. Lastly, deprecating Certificate Issuance " "within Barbican will simplify both the architecture and deployment of " "Barbican. This will allow us to focus on the features that Barbican does " "well -- the secure storage of secret material." msgstr "" #: ../../:92 unmaintained/2023.1>:661 #: unmaintained/zed>:595 msgid "" "Will Barbican still be able to store Certificates? Yes, absolutely! The " "only thing we're deprecating is the plugin interface that talks to " "Certificate Authorities and associated APIs. While you will not be able to " "use Barbican to issue a new certificate, you will always be able to securely " "store any certificates in Barbican, including those issued by public CAs or " "internal CAs." msgstr "" #: ../../:46 msgid "" "``'P11CryptoPluginException: HSM returned response code: 0xc0L " "CKR_SIGNATURE_INVALID'``" msgstr "" #: ../../:75 msgid "``[DEFAULT] sql_connection``" msgstr "" #: ../../:84 msgid "``[DEFAULT] sql_connection`` was renamed to ``[database] connection``" msgstr "" #: ../../:76 msgid "``[DEFAULT] sql_idle_timeout``" msgstr "" #: ../../:85 msgid "" "``[DEFAULT] sql_idle_timeout`` was renamed to ``[database] " "connection_recycle_time``" msgstr "" #: ../../:77 msgid "``[DEFAULT] sql_max_retries``" msgstr "" #: ../../:87 msgid "``[DEFAULT] sql_max_retries`` was renamed to ``[database] max_retries``" msgstr "" #: ../../:80 msgid "``[DEFAULT] sql_pool_max_overflow``" msgstr "" #: ../../:91 msgid "" "``[DEFAULT] sql_pool_max_overflow`` was renamed to ``[database] " "max_overflow``" msgstr "" #: ../../:79 msgid "``[DEFAULT] sql_pool_size``" msgstr "" #: ../../:90 msgid "``[DEFAULT] sql_pool_size`` was renamed to `[database] max_pool_size``" msgstr "" #: ../../:78 msgid "``[DEFAULT] sql_retry_interval``" msgstr "" #: ../../:88 msgid "" "``[DEFAULT] sql_retry_interval`` was renamed to ``[database] retry_interval``" msgstr "" #: ../../:62 origin/stable/mitaka>:92 msgid "``python barbican/cmd/pkcs11_migrate_kek_signatures.py``" msgstr "" #: ../../:106 unmaintained/2023.1>:616 #: unmaintained/zed>:550 msgid "" "default value of 'control_exchange' in 'barbican.conf' has been changed to " "'keystone'." msgstr "" #: ../../:36 unmaintained/2023.1>:699 #: unmaintained/zed>:633 msgid "" "oslo-config-generator is now used to generate a barbican.conf.sample file" msgstr "" #: ../source/2023.1.rst:3 msgid "2023.1 Series Release Notes" msgstr "" #: ../source/2023.2.rst:3 msgid "2023.2 Series Release Notes" msgstr "" #: ../source/2024.1.rst:3 msgid "2024.1 Series Release Notes" msgstr "" #: ../source/2024.2.rst:3 msgid "2024.2 Series Release Notes" msgstr "" #: ../source/index.rst:3 msgid "Barbican Release Notes" msgstr "" #: ../source/index.rst:5 msgid "Contents:" msgstr "" #: ../source/liberty.rst:3 msgid "Liberty Series Release Notes" msgstr "" #: ../source/mitaka.rst:3 msgid "Mitaka Series Release Notes" msgstr "" #: ../source/newton.rst:3 msgid "Newton Series Release Notes" msgstr "" #: ../source/ocata.rst:3 msgid "Ocata Series Release Notes" msgstr "" #: ../source/pike.rst:3 msgid "Pike Series Release Notes" msgstr "" #: ../source/queens.rst:3 msgid "Queens Series Release Notes" msgstr "" #: ../source/rocky.rst:3 msgid "Rocky Series Release Notes" msgstr "" #: ../source/stein.rst:3 msgid "Stein Series Release Notes" msgstr "" #: ../source/train.rst:3 msgid "Train Series Release Notes" msgstr "" #: ../source/unreleased.rst:3 msgid "Current Series Release Notes" msgstr "" #: ../source/ussuri.rst:3 msgid "Ussuri Series Release Notes" msgstr "" #: ../source/victoria.rst:3 msgid "Victoria Series Release Notes" msgstr "" #: ../source/wallaby.rst:3 msgid "Wallaby Series Release Notes" msgstr "" #: ../source/xena.rst:3 msgid "Xena Series Release Notes" msgstr "" #: ../source/yoga.rst:3 msgid "Yoga Series Release Notes" msgstr "" #: ../source/zed.rst:3 msgid "Zed Series Release Notes" msgstr ""