Remove PKI/PKIZ support

Keystone server no longer supports PKI/PKIZ. This change removes
keystonemiddleware's support of PKI/PKIZ and associated code.

Change-Id: I9a6639a2aa3774be61972d57f38220f66fd5c0e8
closes-bug: #1649735
partial-bug: #1736985

1 files changed, 15 insertions, 1 deletions

diff --git a/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml b/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
index 06741d3..a624c39 100644
--- a/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
+++ b/releasenotes/notes/bug-1649735-3c68f3243e474775.yaml
@@ -4,5 +4,19 @@ fixes:
     [`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
     The auth_token middleware no longer attempts to retrieve the revocation
     list from the Keystone server. The deprecated options
-    `check_revocations_for_cached` and `check_revocations_for_cached` have been
+    `revocations_cache_time` and `check_revocations_for_cached` have been
     removed.
+
+    Keystone no longer issues PKI/PKIZ tokens and now keystonemiddleware's
+    Support for PKI/PKIZ and associated offline validation has been removed.
+    This includes the deprecated config options `signing_dir`, and
+    `hash_algorithms`.
+
+upgrade:
+  - >
+    [`bug 1649735 <https://bugs.launchpad.net/keystone/+bug/1649735>`_]
+    Keystonemiddleware no longer supports PKI/PKIZ tokens, all
+    associated offline validation has been removed. The configuration
+    options `signing_dir`, and `hash_algorithms` have been removed, if
+    they still exist in your configuration(s), they are now safe to remove.
+    Please consider utilizing the newer fernet or JWS token formats.
\ No newline at end of file