remove keystone-moon

Change-Id: I80d7c9b669f19d5f6607e162de8e0e55c2f80fdd
Signed-off-by: RHE <rebirthmonkey@gmail.com>

52 files changed, 0 insertions, 557 deletions

diff --git a/keystone-moon/releasenotes/notes/.placeholder b/keystone-moon/releasenotes/notes/.placeholder
deleted file mode 100644
index e69de29b..00000000
--- a/keystone-moon/releasenotes/notes/.placeholder
+++ /dev/null
diff --git a/keystone-moon/releasenotes/notes/Assignment_V9_driver-c22be069f7baccb0.yaml b/keystone-moon/releasenotes/notes/Assignment_V9_driver-c22be069f7baccb0.yaml
deleted file mode 100644
index 89ef1082..00000000
--- a/keystone-moon/releasenotes/notes/Assignment_V9_driver-c22be069f7baccb0.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    The V8 Assignment driver interface is deprecated. Support for the V8
-    Assignment driver interface is planned to be removed in the 'O' release of
-    OpenStack.
-other:
-  - The list_project_ids_for_user(), list_domain_ids_for_user(),
-    list_user_ids_for_project(), list_project_ids_for_groups(),
-    list_domain_ids_for_groups(), list_role_ids_for_groups_on_project() and
-    list_role_ids_for_groups_on_domain() methods have been removed from the
-    V9 version of the Assignment driver.
diff --git a/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml b/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml
deleted file mode 100644
index 98306f3e..00000000
--- a/keystone-moon/releasenotes/notes/DomainSpecificRoles-fc5dd2ef74a1442c.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-features:
-  - >
-    [`blueprint domain-specific-roles <https://blueprints.launchpad.net/keystone/+spec/domain-specific-roles>`_]
-    Roles can now be optionally defined as domain specific. Domain specific
-    roles are not referenced in policy files, rather they can be used to allow
-    a domain to build their own private inference rules with implied roles. A
-    domain specific role can be assigned to a domain or project within its
-    domain, and any subset of global roles it implies will appear in a token
-    scoped to the respective domain or project. The domain specific role
-    itself, however, will not appear in the token.
diff --git a/keystone-moon/releasenotes/notes/Role_V9_driver-971c3aae14d9963d.yaml b/keystone-moon/releasenotes/notes/Role_V9_driver-971c3aae14d9963d.yaml
deleted file mode 100644
index 08bda86f..00000000
--- a/keystone-moon/releasenotes/notes/Role_V9_driver-971c3aae14d9963d.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    The V8 Role driver interface is deprecated. Support for the V8 Role driver
-    interface is planned to be removed in the 'O' release of OpenStack.
diff --git a/keystone-moon/releasenotes/notes/V9ResourceDriver-26716f97c0cc1a80.yaml b/keystone-moon/releasenotes/notes/V9ResourceDriver-26716f97c0cc1a80.yaml
deleted file mode 100644
index 8003b702..00000000
--- a/keystone-moon/releasenotes/notes/V9ResourceDriver-26716f97c0cc1a80.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-deprecations:
-  - The V8 Resource driver interface is deprecated. Support for the V8
-    Resource driver interface is planned to be removed in the 'O' release of
-    OpenStack.
diff --git a/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml b/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml
deleted file mode 100644
index 997ee64a..00000000
--- a/keystone-moon/releasenotes/notes/add-bootstrap-cli-192500228cc6e574.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-features:
-  - >
-    [`blueprint bootstrap <https://blueprints.launchpad.net/keystone/+spec/bootstrap>`_]
-    keystone-manage now supports the bootstrap command
-    on the CLI so that a keystone install can be
-    initialized without the need of the admin_token
-    filter in the paste-ini.
-security:
-  - The use of admin_token filter is insecure compared
-    to the use of a proper username/password. Historically
-    the admin_token filter has been left enabled in
-    Keystone after initialization due to the way CMS
-    systems work. Moving to an out-of-band initialization using
-    ``keystone-manage bootstrap`` will eliminate the security concerns around
-    a static shared string that conveys admin access to keystone
-    and therefore to the entire installation.
diff --git a/keystone-moon/releasenotes/notes/admin_token-a5678d712783c145.yaml b/keystone-moon/releasenotes/notes/admin_token-a5678d712783c145.yaml
deleted file mode 100644
index 8547c6d3..00000000
--- a/keystone-moon/releasenotes/notes/admin_token-a5678d712783c145.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-upgrade:
-  - >
-    [`bug 1473553 <https://bugs.launchpad.net/keystone/+bug/1473553>`_]
-    The `keystone-paste.ini` must be updated to put the ``admin_token_auth``
-    middleware before ``build_auth_context``. See the sample
-    `keystone-paste.ini` for the correct `pipeline` value. Having
-    ``admin_token_auth`` after ``build_auth_context`` is deprecated and will
-    not be supported in a future release.
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    The ``admin_token_auth`` filter must now be placed before the
-    ``build_auth_context`` filter in `keystone-paste.ini`.
diff --git a/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml b/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
deleted file mode 100644
index 69b70dbb..00000000
--- a/keystone-moon/releasenotes/notes/admin_token-c634ec12fc714255.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
----
-security:
-  - The admin_token method of authentication was never intended to be
-    used for any purpose other than bootstrapping an install. However
-    many deployments had to leave the admin_token method enabled due
-    to restrictions on editing the paste file used to configure the
-    web pipelines.  To minimize the risk from this mechanism, the
-    `admin_token` configuration value now defaults to a python `None`
-    value.  In addition, if the value is set to `None`, either explicitly or
-    implicitly, the `admin_token` will not be enabled, and an attempt to
-    use it will lead to a failed authentication.
diff --git a/keystone-moon/releasenotes/notes/bp-domain-config-default-82e42d946ee7cb43.yaml b/keystone-moon/releasenotes/notes/bp-domain-config-default-82e42d946ee7cb43.yaml
deleted file mode 100644
index a78f831f..00000000
--- a/keystone-moon/releasenotes/notes/bp-domain-config-default-82e42d946ee7cb43.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`blueprint domain-config-default <https://blueprints.launchpad.net/keystone/+spec/domain-config-default>`_]
-    The Identity API now supports retrieving the default values for the
-    configuration options that can be overriden via the domain specific
-    configuration API.
diff --git a/keystone-moon/releasenotes/notes/bp-url-safe-naming-ad90d6a659f5bf3c.yaml b/keystone-moon/releasenotes/notes/bp-url-safe-naming-ad90d6a659f5bf3c.yaml
deleted file mode 100644
index 1c81d866..00000000
--- a/keystone-moon/releasenotes/notes/bp-url-safe-naming-ad90d6a659f5bf3c.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`blueprint url-safe-naming <https://blueprints.launchpad.net/keystone/+spec/url-safe-naming>`_]
-    The names of projects and domains can optionally be ensured to be url safe,
-    to support the future ability to specify projects using hierarchical
-    naming.
diff --git a/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml b/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
deleted file mode 100644
index 0d5c2034..00000000
--- a/keystone-moon/releasenotes/notes/bug-1490804-de58a9606edb31eb.yaml
+++ /dev/null
@@ -1,13 +0,0 @@
----
-features:
-  - >
-    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
-    Audit IDs are included in the token revocation list.
-security:
-  - >
-    [`bug 1490804 <https://bugs.launchpad.net/keystone/+bug/1490804>`_]
-    [`CVE-2015-7546 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7546>`_]
-    A bug is fixed where an attacker could avoid token revocation when the PKI
-    or PKIZ token provider is used. The complete remediation for this
-    vulnerability requires the corresponding fix in the keystonemiddleware
-    project.
diff --git a/keystone-moon/releasenotes/notes/bug-1519210-de76097c974f9c93.yaml b/keystone-moon/releasenotes/notes/bug-1519210-de76097c974f9c93.yaml
deleted file mode 100644
index 0b7192b1..00000000
--- a/keystone-moon/releasenotes/notes/bug-1519210-de76097c974f9c93.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`bug 1519210 <https://bugs.launchpad.net/keystone/+bug/1519210>`_]
-    A user may now opt-out of notifications by specifying a list of
-    event types using the `notification_opt_out` option in `keystone.conf`.
-    These events are never sent to a messaging service.
diff --git a/keystone-moon/releasenotes/notes/bug-1535878-change-get_project-permission-e460af1256a2c056.yaml b/keystone-moon/releasenotes/notes/bug-1535878-change-get_project-permission-e460af1256a2c056.yaml
deleted file mode 100644
index 68cb7e1d..00000000
--- a/keystone-moon/releasenotes/notes/bug-1535878-change-get_project-permission-e460af1256a2c056.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-fixes:
-  - >
-    [`bug 1535878 <https://bugs.launchpad.net/keystone/+bug/1535878>`_]
-    Originally, to perform GET /projects/{project_id}, the provided policy
-    files required a user to have at least project admin level of permission.
-    They have been updated to allow it to be performed by any user who has a
-    role on the project.
diff --git a/keystone-moon/releasenotes/notes/bug-1542417-d630b7886bb0b369.yaml b/keystone-moon/releasenotes/notes/bug-1542417-d630b7886bb0b369.yaml
deleted file mode 100644
index bc6ec728..00000000
--- a/keystone-moon/releasenotes/notes/bug-1542417-d630b7886bb0b369.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-features:
-  - >
-    [`bug 1542417 <https://bugs.launchpad.net/keystone/+bug/1542417>`_]
-    Added support for a `user_description_attribute` mapping
-    to the LDAP driver configuration.
-upgrade:
-  - >
-    The LDAP driver now also maps the user description attribute after
-    user retrieval from LDAP.
-    If this is undesired behavior for your setup, please add `description`
-    to the `user_attribute_ignore` LDAP driver config setting.
-
-    The default mapping of the description attribute is set to `description`.
-    Please adjust the LDAP driver config setting `user_description_attribute`
-    if your LDAP uses a different attribute name (for instance to `displayName`
-    in case of an AD backed LDAP).
-
-    If your `user_additional_attribute_mapping` setting contains
-    `description:description` you can remove this mapping, since this is
-    now the default behavior.
diff --git a/keystone-moon/releasenotes/notes/bug_1526462-df9a3f3974d9040f.yaml b/keystone-moon/releasenotes/notes/bug_1526462-df9a3f3974d9040f.yaml
deleted file mode 100644
index 0befecd3..00000000
--- a/keystone-moon/releasenotes/notes/bug_1526462-df9a3f3974d9040f.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-features:
-  - >
-    [`bug 1526462 <https://bugs.launchpad.net/keystone/+bug/1526462>`_]
-    Support for posixGroups with OpenDirectory and UNIX when using
-    the LDAP identity driver.
diff --git a/keystone-moon/releasenotes/notes/catalog-caching-12f2532cfb71325a.yaml b/keystone-moon/releasenotes/notes/catalog-caching-12f2532cfb71325a.yaml
deleted file mode 100644
index 785fb3cf..00000000
--- a/keystone-moon/releasenotes/notes/catalog-caching-12f2532cfb71325a.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`bug 1489061 <https://bugs.launchpad.net/keystone/+bug/1489061>`_]
-    Caching has been added to catalog retrieval on a per user ID and project
-    ID basis. This affects both the v2 and v3 APIs. As a result this should
-    provide a performance benefit to fernet-based deployments.
diff --git a/keystone-moon/releasenotes/notes/catalog_project_id-519f5a70f9f7c4c6.yaml b/keystone-moon/releasenotes/notes/catalog_project_id-519f5a70f9f7c4c6.yaml
deleted file mode 100644
index e0c381d9..00000000
--- a/keystone-moon/releasenotes/notes/catalog_project_id-519f5a70f9f7c4c6.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-deprecations:
-  - Use of ``$(tenant_id)s`` in the catalog endpoints is deprecated in favor
-    of ``$(project_id)s``.
-features:
-  - Keystone supports ``$(project_id)s`` in the catalog. It works the same as
-    ``$(tenant_id)s``. Use of ``$(tenant_id)s`` is deprecated and catalog
-    endpoints should be updated to use ``$(project_id)s``.
-
diff --git a/keystone-moon/releasenotes/notes/deprecate-endpoint-policy-cfg-option-d018acab72a398a0.yaml b/keystone-moon/releasenotes/notes/deprecate-endpoint-policy-cfg-option-d018acab72a398a0.yaml
deleted file mode 100644
index ce372ede..00000000
--- a/keystone-moon/releasenotes/notes/deprecate-endpoint-policy-cfg-option-d018acab72a398a0.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    Deprecate the ``enabled`` option from ``[endpoint_policy]``, it will be
-    removed in the 'O' release, and the extension will always be enabled.
diff --git a/keystone-moon/releasenotes/notes/deprecate-memcache-token-persistence-eac88c80147ea241.yaml b/keystone-moon/releasenotes/notes/deprecate-memcache-token-persistence-eac88c80147ea241.yaml
deleted file mode 100644
index 7b9c8e08..00000000
--- a/keystone-moon/releasenotes/notes/deprecate-memcache-token-persistence-eac88c80147ea241.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    The token memcache and memcache_pool persistence
-    backends have been deprecated in favor of using
-    Fernet tokens (which require no persistence).
diff --git a/keystone-moon/releasenotes/notes/deprecate-v2-apis-894284c17be881d2.yaml b/keystone-moon/releasenotes/notes/deprecate-v2-apis-894284c17be881d2.yaml
deleted file mode 100644
index 59680274..00000000
--- a/keystone-moon/releasenotes/notes/deprecate-v2-apis-894284c17be881d2.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    Deprecated all v2.0 APIs. The keystone team recommends using v3 APIs instead.
-    Most v2.0 APIs will be removed in the 'Q' release. However, the authentication
-    APIs and EC2 APIs are indefinitely deprecated and will not be removed in
-    the 'Q' release.
diff --git a/keystone-moon/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml b/keystone-moon/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
deleted file mode 100644
index 31c7ff85..00000000
--- a/keystone-moon/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
+++ /dev/null
@@ -1,26 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    As of the Mitaka release, the PKI and PKIz token formats have been
-    deprecated. They will be removed in the 'O' release. Due to this change,
-    the `hash_algorithm` option in the `[token]` section of the
-    configuration file has also been deprecated. Also due to this change, the
-    ``keystone-manage pki_setup`` command has been deprecated as well.
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    As of the Mitaka release, write support for the LDAP driver of the Identity
-    backend has been deprecated. This includes the following operations: create user,
-    create group, delete user, delete group, update user, update group,
-    add user to group, and remove user from group. These operations will be
-    removed in the 'O' release.
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    As of the Mitaka release, the auth plugin `keystone.auth.plugins.saml2.Saml2`
-    has been deprecated. It is recommended to use `keystone.auth.plugins.mapped.Mapped`
-    instead. The ``saml2`` plugin will be removed in the 'O' release.
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    As of the Mitaka release, the simple_cert_extension is deprecated since it
-    is only used in support of the PKI and PKIz token formats.  It will be
-    removed in the 'O' release.
diff --git a/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml b/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
deleted file mode 100644
index 0c1c4f11..00000000
--- a/keystone-moon/releasenotes/notes/deprecations-c4afc19dc5324b9c.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-other:
-  - Running keystone in eventlet remains deprecated and will be removed in the
-    Mitaka release.
-  - Using LDAP as the resource backend, i.e for projects and domains, is now
-    deprecated and will be removed in the Mitaka release.
-  - Using the full path to the driver class is deprecated in favor of using
-    the entrypoint. In the Mitaka release, the entrypoint must be used.
-  - In the [resource] and [role] sections of the ``keystone.conf`` file, not
-    specifying the driver and using the assignment driver is deprecated. In
-    the Mitaka release, the resource and role drivers will default to the SQL
-    driver.
-  - In ``keystone-paste.ini``, using ``paste.filter_factory`` is deprecated in
-    favor of the "use" directive, specifying an entrypoint.
-  - Not specifying a domain during a create user, group or project call, which
-    relied on falling back to the default domain, is now deprecated and will
-    be removed in the N release.
-  - Certain deprecated methods from the assignment manager were removed in
-    favor of the same methods in the [resource] and [role] manager.
diff --git a/keystone-moon/releasenotes/notes/enable-filter-idp-d0135f4615178cfc.yaml b/keystone-moon/releasenotes/notes/enable-filter-idp-d0135f4615178cfc.yaml
deleted file mode 100644
index f4c1bbe7..00000000
--- a/keystone-moon/releasenotes/notes/enable-filter-idp-d0135f4615178cfc.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-features:
-  - >
-    [`bug 1525317 <https://bugs.launchpad.net/keystone/+bug/1525317>`_]
-    Enable filtering of identity providers based on `id`, and `enabled`
-    attributes.
-  - >
-    [`bug 1555830 <https://bugs.launchpad.net/keystone/+bug/1555830>`_]
-    Enable filtering of service providers based on `id`, and `enabled`
-    attributes.
\ No newline at end of file
diff --git a/keystone-moon/releasenotes/notes/enable-inherit-on-default-54ac435230261a6a.yaml b/keystone-moon/releasenotes/notes/enable-inherit-on-default-54ac435230261a6a.yaml
deleted file mode 100644
index 8346285a..00000000
--- a/keystone-moon/releasenotes/notes/enable-inherit-on-default-54ac435230261a6a.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
----
-upgrade:
-  - >
-    The default setting for the `os_inherit` configuration option is
-    changed to True. If it is required to continue with this portion
-    of the API disabled, then override the default setting by explicitly
-    specifying the os_inherit option as False.
-deprecations:
-  - The `os_inherit` configuration option is disabled. In the future, this
-    option will be removed and this portion of the API will be always enabled.
diff --git a/keystone-moon/releasenotes/notes/endpoints-from-endpoint_group-project-association-7271fba600322fb6.yaml b/keystone-moon/releasenotes/notes/endpoints-from-endpoint_group-project-association-7271fba600322fb6.yaml
deleted file mode 100644
index d94db3ba..00000000
--- a/keystone-moon/releasenotes/notes/endpoints-from-endpoint_group-project-association-7271fba600322fb6.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-fixes:
-  - >
-    [`bug 1516469 <https://bugs.launchpad.net/keystone/+bug/1516469>`_]
-    Endpoints filtered by endpoint_group project association will be
-    included in the service catalog when a project scoped token is issued and
-    ``endpoint_filter.sql`` is used for the catalog driver.
diff --git a/keystone-moon/releasenotes/notes/extensions-to-core-a0d270d216d47276.yaml b/keystone-moon/releasenotes/notes/extensions-to-core-a0d270d216d47276.yaml
deleted file mode 100644
index ced7d5a7..00000000
--- a/keystone-moon/releasenotes/notes/extensions-to-core-a0d270d216d47276.yaml
+++ /dev/null
@@ -1,25 +0,0 @@
----
-upgrade:
-  - >
-    The `keystone-paste.ini` file must be updated to remove extension
-    filters, and their use in ``[pipeline:api_v3]``.
-    Remove the following filters: ``[filter:oauth1_extension]``,
-    ``[filter:federation_extension]``, ``[filter:endpoint_filter_extension]``,
-    and ``[filter:revoke_extension]``. See the sample `keystone-paste.ini
-    <https://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_
-    file for guidance.
-  - >
-    The `keystone-paste.ini` file must be updated to remove extension filters,
-    and their use in ``[pipeline:public_api]`` and ``[pipeline:admin_api]`` pipelines.
-    Remove the following filters: ``[filter:user_crud_extension]``,
-    ``[filter:crud_extension]``. See the sample `keystone-paste.ini
-    <https://git.openstack.org/cgit/openstack/keystone/tree/etc/keystone-paste.ini>`_
-    file for guidance.
-other:
-  - >
-    [`blueprint move-extensions <https://blueprints.launchpad.net/keystone/+spec/move-extensions>`_]
-    If any extension migrations are run, for example: ``keystone-manage db_sync
-    --extension endpoint_policy`` an error will be returned. This is working as
-    designed. To run these migrations simply run: ``keystone-manage db_sync``.
-    The complete list of affected extensions are: ``oauth1``, ``federation``,
-    ``endpoint_filter``, ``endpoint_policy``, and ``revoke``.
diff --git a/keystone-moon/releasenotes/notes/federation-group-ids-mapping-6c56120d65a5cb22.yaml b/keystone-moon/releasenotes/notes/federation-group-ids-mapping-6c56120d65a5cb22.yaml
deleted file mode 100644
index 04d45dae..00000000
--- a/keystone-moon/releasenotes/notes/federation-group-ids-mapping-6c56120d65a5cb22.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-features:
-  - >
-   [`blueprint federation-group-ids-mapped-without-domain-reference <https://blueprints.launchpad.net/keystone/+spec/federation-group-ids-mapped-without-domain-reference>`_]
-   Enhanced the federation mapping engine to allow for group IDs to be
-   referenced without a domain ID.
diff --git a/keystone-moon/releasenotes/notes/httpd-keystone-d51b7335559b09c8.yaml b/keystone-moon/releasenotes/notes/httpd-keystone-d51b7335559b09c8.yaml
deleted file mode 100644
index 86bb378e..00000000
--- a/keystone-moon/releasenotes/notes/httpd-keystone-d51b7335559b09c8.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    The file ``httpd/keystone.py`` has been deprecated in favor of
-    ``keystone-wsgi-admin`` and ``keystone-wsgi-public`` and may be
-    removed in the 'O' release.
diff --git a/keystone-moon/releasenotes/notes/impl-templated-catalog-1d8f6333726b34f8.yaml b/keystone-moon/releasenotes/notes/impl-templated-catalog-1d8f6333726b34f8.yaml
deleted file mode 100644
index 3afd9159..00000000
--- a/keystone-moon/releasenotes/notes/impl-templated-catalog-1d8f6333726b34f8.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-other:
-  - >
-    [`bug 1367113 <https://bugs.launchpad.net/keystone/+bug/1367113>`_]
-    The "get entity" and "list entities" functionality for the KVS catalog
-    backend has been reimplemented to use the data from the catalog template.
-    Previously this would only act on temporary data that was created at
-    runtime. The create, update and delete entity functionality now raises
-    an exception.
diff --git a/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml b/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
deleted file mode 100644
index 065fd541..00000000
--- a/keystone-moon/releasenotes/notes/implied-roles-026f401adc0f7fb6.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
----
-features:
-  - >
-   [`blueprint implied-roles <https://blueprints.launchpad.net/keystone/+spec/implied-roles>`_]
-   Keystone now supports creating implied roles. Role inference rules can now
-   be added to indicate when the assignment of one role implies the assignment
-   of another. The rules are of the form `prior_role` implies
-   `implied_role`. At token generation time, user/group assignments of roles
-   that have implied roles will be expanded to also include such roles in the
-   token. The expansion of implied roles is controlled by the
-   `prohibited_implied_role` option in the `[assignment]`
-   section of `keystone.conf`.
diff --git a/keystone-moon/releasenotes/notes/insecure_reponse-2a168230709bc8e7.yaml b/keystone-moon/releasenotes/notes/insecure_reponse-2a168230709bc8e7.yaml
deleted file mode 100644
index ba11ab2a..00000000
--- a/keystone-moon/releasenotes/notes/insecure_reponse-2a168230709bc8e7.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-upgrade:
-  - A new config option, `insecure_debug`, is added to control whether debug
-    information is returned to clients. This used to be controlled by the
-    `debug` option. If you'd like to return extra information to clients
-    set the value to ``true``. This extra information may help an attacker.
-
diff --git a/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml b/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
deleted file mode 100644
index a0c2b3bb..00000000
--- a/keystone-moon/releasenotes/notes/is-admin-24b34238c83b3a82.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
----
-features:
-  - >
-    [`bug 96869 <https://bugs.launchpad.net/keystone/+bug/968696>`_]
-    A pair of configuration options have been added to the ``[resource]``
-    section to specify a special ``admin`` project:
-    ``admin_project_domain_name`` and ``admin_project_name``.  If these are
-    defined, any scoped token issued for that project will have an additional
-    identifier ``is_admin_project`` added to the token. This identifier can then
-    be checked by the policy rules in the policy files of the services when
-    evaluating access control policy for an API. Keystone does not yet
-    support the ability for a project acting as a domain to be the
-    admin project.  That will be added once the rest of the code for
-    projects acting as domains is merged.
diff --git a/keystone-moon/releasenotes/notes/ldap-conn-pool-enabled-90df94652f1ded53.yaml b/keystone-moon/releasenotes/notes/ldap-conn-pool-enabled-90df94652f1ded53.yaml
deleted file mode 100644
index c26eeb3f..00000000
--- a/keystone-moon/releasenotes/notes/ldap-conn-pool-enabled-90df94652f1ded53.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-upgrade:
-  - >
-    The configuration options for LDAP connection pooling, `[ldap] use_pool`
-    and `[ldap] use_auth_pool`, are now both enabled by default. Only
-    deployments using LDAP drivers are affected. Additional configuration
-    options are available in the `[ldap]` section to tune connection pool size,
-    etc.
diff --git a/keystone-moon/releasenotes/notes/ldap-emulation-91c4d535eb9c3d10.yaml b/keystone-moon/releasenotes/notes/ldap-emulation-91c4d535eb9c3d10.yaml
deleted file mode 100644
index 1d097ae3..00000000
--- a/keystone-moon/releasenotes/notes/ldap-emulation-91c4d535eb9c3d10.yaml
+++ /dev/null
@@ -1,8 +0,0 @@
----
-features:
-  - >
-    [`bug 1515302 <https://bugs.launchpad.net/keystone/+bug/1515302>`_]
-    Two new configuration options have been added to the `[ldap]` section.
-    `user_enabled_emulation_use_group_config` and
-    `project_enabled_emulation_use_group_config`, which allow deployers to
-    choose if they want to override the default group LDAP schema option.
diff --git a/keystone-moon/releasenotes/notes/list_limit-ldap-support-5d31d51466fc49a6.yaml b/keystone-moon/releasenotes/notes/list_limit-ldap-support-5d31d51466fc49a6.yaml
deleted file mode 100644
index 4e5f5458..00000000
--- a/keystone-moon/releasenotes/notes/list_limit-ldap-support-5d31d51466fc49a6.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-features:
-  - >
-    [`bug 1501698 <https://bugs.launchpad.net/keystone/+bug/1501698>`_]
-    Support parameter `list_limit` when LDAP is used as
-    identity backend.
diff --git a/keystone-moon/releasenotes/notes/list_role_assignment_names-33aedc1e521230b6.yaml b/keystone-moon/releasenotes/notes/list_role_assignment_names-33aedc1e521230b6.yaml
deleted file mode 100644
index 267ece71..00000000
--- a/keystone-moon/releasenotes/notes/list_role_assignment_names-33aedc1e521230b6.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`bug 1479569 <https://bugs.launchpad.net/keystone/+bug/1479569>`_]
-    Names have been added to list role assignments
-    (GET /role_assignments?include_names=True), rather than returning
-    just the internal IDs of the objects the names are also returned.
diff --git a/keystone-moon/releasenotes/notes/migration_squash-f655329ddad7fc2a.yaml b/keystone-moon/releasenotes/notes/migration_squash-f655329ddad7fc2a.yaml
deleted file mode 100644
index c7d9d412..00000000
--- a/keystone-moon/releasenotes/notes/migration_squash-f655329ddad7fc2a.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-upgrade:
-  - >
-    [`bug 1541092 <https://bugs.launchpad.net/keystone/+bug/1541092>`_]
-    Only database upgrades from Kilo and newer are supported.
diff --git a/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml b/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
deleted file mode 100644
index 06e1db2c..00000000
--- a/keystone-moon/releasenotes/notes/new_features-e33d793d8a5ca76a.yaml
+++ /dev/null
@@ -1,21 +0,0 @@
----
-features:
-  - >
-    **Experimental** - Domain specific configuration options can be stored in
-    SQL instead of configuration files, using the new REST APIs.
-  - >
-    **Experimental** - Keystone now supports tokenless authorization with
-    X.509 SSL client certificate.
-  - Configuring per-Identity Provider WebSSO is now supported.
-  - >
-    ``openstack_user_domain`` and ``openstack_project_domain`` attributes were
-    added to SAML assertion in order to map user and project domains,
-    respectively.
-  - The credentials list call can now have its results filtered by credential
-    type.
-  - Support was improved for out-of-tree drivers by defining stable driver
-    interfaces.
-  - Several features were hardened, including Fernet tokens, federation,
-    domain specific configurations from database and role assignments.
-  - Certain variables in ``keystone.conf`` now have options, which determine
-    if the user's setting is valid.
diff --git a/keystone-moon/releasenotes/notes/no-default-domain-2161ada44bf7a3f7.yaml b/keystone-moon/releasenotes/notes/no-default-domain-2161ada44bf7a3f7.yaml
deleted file mode 100644
index a449ad67..00000000
--- a/keystone-moon/releasenotes/notes/no-default-domain-2161ada44bf7a3f7.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-other:
-  - >
-    ``keystone-manage db_sync`` will no longer create the Default domain. This
-    domain is used as the domain for any users created using the legacy v2.0
-    API. A default domain is created by ``keystone-manage bootstrap`` and when
-    a user or project is created using the legacy v2.0 API.
diff --git a/keystone-moon/releasenotes/notes/notify-on-user-group-membership-8c0136ee0484e255.yaml b/keystone-moon/releasenotes/notes/notify-on-user-group-membership-8c0136ee0484e255.yaml
deleted file mode 100644
index d80ab826..00000000
--- a/keystone-moon/releasenotes/notes/notify-on-user-group-membership-8c0136ee0484e255.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-fixes:
-  - Support has now been added to send notification events
-    on user/group membership. When a user is added or removed
-    from a group a notification will be sent including the
-    identifiers of both the user and the group.
diff --git a/keystone-moon/releasenotes/notes/oslo.cache-a9ce47bfa8809efa.yaml b/keystone-moon/releasenotes/notes/oslo.cache-a9ce47bfa8809efa.yaml
deleted file mode 100644
index dc989154..00000000
--- a/keystone-moon/releasenotes/notes/oslo.cache-a9ce47bfa8809efa.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
----
-upgrade:
-  - >
-    Keystone now uses oslo.cache. Update the `[cache]` section of
-    `keystone.conf` to point to oslo.cache backends:
-    ``oslo_cache.memcache_pool`` or ``oslo_cache.mongo``. Refer to the
-    sample configuration file for examples. See `oslo.cache
-    <http://docs.openstack.org/developer/oslo.cache>`_ for additional
-    documentation.
-deprecations:
-  - >
-    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
-    ``keystone.common.cache.backends.memcache_pool``,
-    ``keystone.common.cache.backends.mongo``, and
-    ``keystone.common.cache.backends.noop`` are deprecated in favor of
-    oslo.cache backends. The keystone backends will be removed in the 'O'
-    release.
diff --git a/keystone-moon/releasenotes/notes/projects_as_domains-3ea8a58b4c2965e1.yaml b/keystone-moon/releasenotes/notes/projects_as_domains-3ea8a58b4c2965e1.yaml
deleted file mode 100644
index 7845df9a..00000000
--- a/keystone-moon/releasenotes/notes/projects_as_domains-3ea8a58b4c2965e1.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - Domains are now represented as top level projects with the attribute
-    `is_domain` set to true. Such projects will appear as parents for any
-    previous top level projects. Projects acting as domains can be created,
-    read, updated, and deleted via either the project API or the domain API
-    (V3 only).
diff --git a/keystone-moon/releasenotes/notes/remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml b/keystone-moon/releasenotes/notes/remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml
deleted file mode 100644
index 0c591dcc..00000000
--- a/keystone-moon/releasenotes/notes/remove-trust-auth-support-from-v2-de316c9ba46d556d.yaml
+++ /dev/null
@@ -1,4 +0,0 @@
----
-other:
-  - The ability to validate a trust-scoped token against the v2.0 API has been
-    removed, in favor of using the version 3 of the API.
diff --git a/keystone-moon/releasenotes/notes/removed-as-of-mitaka-9ff14f87d0b98e7e.yaml b/keystone-moon/releasenotes/notes/removed-as-of-mitaka-9ff14f87d0b98e7e.yaml
deleted file mode 100644
index b0964c95..00000000
--- a/keystone-moon/releasenotes/notes/removed-as-of-mitaka-9ff14f87d0b98e7e.yaml
+++ /dev/null
@@ -1,44 +0,0 @@
----
-other:
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Removed ``extras`` from token responses. These fields should not be
-    necessary and a well-defined API makes this field redundant. This was
-    deprecated in the Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Removed ``RequestBodySizeLimiter`` from keystone middleware. The keystone
-    team suggests using ``oslo_middleware.sizelimit.RequestBodySizeLimiter``
-    instead. This was deprecated in the Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Notifications with event_type ``identity.created.role_assignment`` and
-    ``identity.deleted.role_assignment`` have been removed. The keystone team
-    suggests listening for ``identity.role_assignment.created`` and
-    ``identity.role_assignment.deleted`` instead. This was deprecated in the
-    Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Removed ``check_role_for_trust`` from the trust controller, ensure policy
-    files do not refer to this target. This was deprecated in the Kilo
-    release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Removed Catalog KVS backend (``keystone.catalog.backends.sql.Catalog``).
-    This was deprecated in the Icehouse release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    The LDAP backend for Assignment has been removed. This was deprecated in
-    the Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    The LDAP backend for Resource has been removed. This was deprecated in
-    the Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    The LDAP backend for Role has been removed. This was deprecated in the
-    Kilo release.
-  - >
-    [`blueprint removed-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/removed-as-of-mitaka>`_]
-    Removed Revoke KVS backend (``keystone.revoke.backends.kvs.Revoke``).
-    This was deprecated in the Juno release.
diff --git a/keystone-moon/releasenotes/notes/request_context-e143ba9c446a5952.yaml b/keystone-moon/releasenotes/notes/request_context-e143ba9c446a5952.yaml
deleted file mode 100644
index b00153db..00000000
--- a/keystone-moon/releasenotes/notes/request_context-e143ba9c446a5952.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
----
-features:
-  - >
-    [`bug 1500222 <https://bugs.launchpad.net/keystone/+bug/1500222>`_]
-    Added information such as: user ID, project ID, and domain ID to log
-    entries. As a side effect of this change, both the user's domain ID and
-    project's domain ID are now included in the auth context.
diff --git a/keystone-moon/releasenotes/notes/revert-v2-token-issued-for-non-default-domain-25ea5337f158ef13.yaml b/keystone-moon/releasenotes/notes/revert-v2-token-issued-for-non-default-domain-25ea5337f158ef13.yaml
deleted file mode 100644
index cc28c7f3..00000000
--- a/keystone-moon/releasenotes/notes/revert-v2-token-issued-for-non-default-domain-25ea5337f158ef13.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-fixes:
-  - >
-    [`bug 1527759 <https://bugs.launchpad.net/keystone/+bug/1527759>`_]
-    Reverted the change that eliminates the ability to get
-    a V2 token with a user or project that is not in the
-    default domain. This change broke real-world deployments
-    that utilized the ability to authenticate via V2 API
-    with a user not in the default domain or with a
-    project not in the default domain. The deployer
-    is being convinced to update code to properly handle
-    V3 auth but the fix broke expected and tested
-    behavior.
diff --git a/keystone-moon/releasenotes/notes/s3-aws-v4-c6cb75ce8d2289d4.yaml b/keystone-moon/releasenotes/notes/s3-aws-v4-c6cb75ce8d2289d4.yaml
deleted file mode 100644
index 85fcd6d8..00000000
--- a/keystone-moon/releasenotes/notes/s3-aws-v4-c6cb75ce8d2289d4.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-features:
-  - >
-    [`bug 1473042 <https://bugs.launchpad.net/keystone/+bug/1473042>`_]
-    Keystone's S3 compatibility support can now authenticate using AWS
-    Signature Version 4.
diff --git a/keystone-moon/releasenotes/notes/totp-40d93231714c6a20.yaml b/keystone-moon/releasenotes/notes/totp-40d93231714c6a20.yaml
deleted file mode 100644
index fcfdb049..00000000
--- a/keystone-moon/releasenotes/notes/totp-40d93231714c6a20.yaml
+++ /dev/null
@@ -1,9 +0,0 @@
----
-features:
-  - >
-   [`blueprint totp-auth <https://blueprints.launchpad.net/keystone/+spec/totp-auth>`_]
-   Keystone now supports authenticating via Time-based One-time Password (TOTP).
-   To enable this feature, add the ``totp`` auth plugin to the `methods`
-   option in the `[auth]` section of `keystone.conf`. More information
-   about using TOTP can be found in `keystone's developer documentation
-   <http://docs.openstack.org/developer/keystone/auth-totp.html>`_.
diff --git a/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml b/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
deleted file mode 100644
index be8282ce..00000000
--- a/keystone-moon/releasenotes/notes/upgrade_notes-ca81f5d531ab3522.yaml
+++ /dev/null
@@ -1,31 +0,0 @@
----
-upgrade:
-  - The EC2 token middleware, deprecated in Juno, is no longer available in
-    keystone. It has been moved to the keystonemiddleware package.
-  - The ``compute_port`` configuration option, deprecated in Juno, is no longer
-    available.
-  - The XML middleware stub has been removed, so references to it must be
-    removed from the ``keystone-paste.ini`` configuration file.
-  - stats_monitoring and stats_reporting paste filters have been removed, so
-    references to it must be removed from the ``keystone-paste.ini``
-    configuration file.
-  - The external authentication plugins ExternalDefault, ExternalDomain,
-    LegacyDefaultDomain, and LegacyDomain, deprecated in Icehouse, are no
-    longer available.
-  - The ``keystone.conf`` file now references entrypoint names for drivers.
-    For example, the drivers are now specified as "sql", "ldap", "uuid",
-    rather than the full module path. See the sample configuration file for
-    other examples.
-  - We now expose entrypoints for the ``keystone-manage`` command instead of a
-    file.
-  - Schema downgrades via ``keystone-manage db_sync`` are no longer supported.
-    Only upgrades are supported.
-  - Features that were "extensions" in previous releases (OAuth delegation,
-    Federated Identity support, Endpoint Policy, etc) are now enabled by
-    default.
-  - A new ``secure_proxy_ssl_header`` configuration option is available when
-    running keystone behind a proxy.
-  - Several configuration options have been deprecated, renamed, or moved to
-    new sections in the ``keystone.conf`` file.
-  - Domain name information can now be used in policy rules with the attribute
-    ``domain_name``.
diff --git a/keystone-moon/releasenotes/notes/v3-endpoints-in-v2-list-b0439816938713d6.yaml b/keystone-moon/releasenotes/notes/v3-endpoints-in-v2-list-b0439816938713d6.yaml
deleted file mode 100644
index ae184605..00000000
--- a/keystone-moon/releasenotes/notes/v3-endpoints-in-v2-list-b0439816938713d6.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-fixes:
-  - >
-    [`bug 1480270 <https://bugs.launchpad.net/keystone/+bug/1480270>`_]
-    Endpoints created when using v3 of the keystone REST API will now be
-    included when listing endpoints via the v2.0 API.
diff --git a/keystone-moon/releasenotes/notes/v9FederationDriver-cbebcf5f97e1eae2.yaml b/keystone-moon/releasenotes/notes/v9FederationDriver-cbebcf5f97e1eae2.yaml
deleted file mode 100644
index 7db04c81..00000000
--- a/keystone-moon/releasenotes/notes/v9FederationDriver-cbebcf5f97e1eae2.yaml
+++ /dev/null
@@ -1,5 +0,0 @@
----
-deprecations:
-  - The V8 Federation driver interface is deprecated in favor of the V9
-    Federation driver interface. Support for the V8 Federation driver
-    interface is planned to be removed in the 'O' release of OpenStack.
diff --git a/keystone-moon/releasenotes/notes/x509-auth-df0a229780b8e3ff.yaml b/keystone-moon/releasenotes/notes/x509-auth-df0a229780b8e3ff.yaml
deleted file mode 100644
index 421acd6d..00000000
--- a/keystone-moon/releasenotes/notes/x509-auth-df0a229780b8e3ff.yaml
+++ /dev/null
@@ -1,6 +0,0 @@
----
-features:
-  - >
-   [`blueprint x509-ssl-client-cert-authn <https://blueprints.launchpad.net/keystone/+spec/x509-ssl-client-cert-authn>`_]
-   Keystone now supports tokenless client SSL x.509 certificate authentication
-   and authorization.