From 140a8182e29f16689491b32559e922a199f68adc Mon Sep 17 00:00:00 2001 From: Fernando Diaz Date: Thu, 3 Nov 2016 01:24:22 +0000 Subject: [PATCH] Deprecate Cetificate Resources Begins the deprecation process for Barbican CAs API, and Barbican Certificate Orders Resource. This is done through logging deprecation schedule on API, as well as adding a warning to the documentation. Change-Id: Idbe6307fa45527aa225e61b3b1ac9ca86e7660c5 --- api-guide/source/certificates.rst | 5 +++++ api-guide/source/orders.rst | 5 +++++ barbican/api/controllers/cas.py | 8 ++++++++ barbican/api/controllers/orders.py | 6 ++++++ doc/source/api/reference/cas.rst | 5 +++++ doc/source/api/reference/certificates.rst | 6 +++++- doc/source/api/reference/orders.rst | 5 +++++ doc/source/plugin/certificate.rst | 7 +++++-- doc/source/setup/certificate.rst | 5 +++++ etc/barbican/barbican.conf | 6 ++++++ 10 files changed, 55 insertions(+), 3 deletions(-) diff --git a/api-guide/source/certificates.rst b/api-guide/source/certificates.rst index 7c97c0bea..82431ad7a 100644 --- a/api-guide/source/certificates.rst +++ b/api-guide/source/certificates.rst @@ -2,6 +2,11 @@ Certificates API - User Guide ****************************** +.. warning:: + + DEPRECATION WARNING: The Certificates API has been deprecated and will + be removed in the P release. + Barbican will be used to manage the lifecycle of x509 certificates covering operations such as initial certificate issuance, certificate re-issuance, certificate renewal and certificate revocation. At present, only the issuance of diff --git a/api-guide/source/orders.rst b/api-guide/source/orders.rst index 6f11317bb..4a775f862 100644 --- a/api-guide/source/orders.rst +++ b/api-guide/source/orders.rst @@ -11,6 +11,11 @@ The orders resource supports the following types: * asymmetric keys * certificates +.. warning:: + + DEPRECATION WARNING: The Certificates Order resource has been deprecated + and will be removed in the P release. + This user guide provides high level examples of the orders resource. It will assume you will be using a local running development environment of barbican. If you need assistance with getting set up, please reference the diff --git a/barbican/api/controllers/cas.py b/barbican/api/controllers/cas.py index 31171d3e8..5655268f2 100644 --- a/barbican/api/controllers/cas.py +++ b/barbican/api/controllers/cas.py @@ -12,6 +12,7 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_log import versionutils import pecan from six.moves.urllib import parse @@ -30,6 +31,9 @@ from barbican.tasks import certificate_resources as cert_resources LOG = utils.getLogger(__name__) +_DEPRECATION_MSG = u._LW('%s has been deprecated in the Newton release. It ' + 'will be removed in the Pike release.') + def _certificate_authority_not_found(): """Throw exception indicating certificate authority not found.""" @@ -67,6 +71,8 @@ class CertificateAuthorityController(controllers.ACLMixin): def __init__(self, ca): LOG.debug('=== Creating CertificateAuthorityController ===') + msg = _DEPRECATION_MSG % "Certificate Authorities API" + versionutils.report_deprecated_feature(LOG, msg) self.ca = ca self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() @@ -256,6 +262,8 @@ class CertificateAuthoritiesController(controllers.ACLMixin): def __init__(self): LOG.debug('Creating CertificateAuthoritiesController') + msg = _DEPRECATION_MSG % "Certificate Authorities API" + versionutils.report_deprecated_feature(LOG, msg) self.ca_repo = repo.get_ca_repository() self.project_ca_repo = repo.get_project_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository() diff --git a/barbican/api/controllers/orders.py b/barbican/api/controllers/orders.py index 126a2db9d..2624b2d1b 100644 --- a/barbican/api/controllers/orders.py +++ b/barbican/api/controllers/orders.py @@ -10,6 +10,7 @@ # License for the specific language governing permissions and limitations # under the License. +from oslo_log import versionutils import pecan from barbican import api @@ -26,6 +27,9 @@ from barbican.queue import client as async_client LOG = utils.getLogger(__name__) +_DEPRECATION_MSG = u._LW('%s has been deprecated in the Newton release. It ' + 'will be removed in the Pike release.') + def _order_not_found(): """Throw exception indicating order not found.""" @@ -211,6 +215,8 @@ class OrdersController(controllers.ACLMixin): 'request_type': request_type}) if order_type == models.OrderType.CERTIFICATE: + msg = _DEPRECATION_MSG % "Certificate Order Resource" + versionutils.report_deprecated_feature(LOG, msg) validators.validate_ca_id(project.id, body.get('meta')) if request_type == 'stored-key': container_ref = order_meta.get('container_ref') diff --git a/doc/source/api/reference/cas.rst b/doc/source/api/reference/cas.rst index 82472d549..b0ad2503a 100644 --- a/doc/source/api/reference/cas.rst +++ b/doc/source/api/reference/cas.rst @@ -2,6 +2,11 @@ Certificates Authorities API - Reference **************************************** +.. warning:: + + DEPRECATION WARNING: The Certificates Authorities API has been deprecated + and will be removed in the P release. + Barbican provides an API to interact with certificate authorities (CAs). For an introduction to CAs and how Barbican manages them, see the `Certificate Authorities User's Guide `__. diff --git a/doc/source/api/reference/certificates.rst b/doc/source/api/reference/certificates.rst index 0ffe0d3b0..e2dbb73b0 100644 --- a/doc/source/api/reference/certificates.rst +++ b/doc/source/api/reference/certificates.rst @@ -2,6 +2,11 @@ Certificates API - Reference **************************** +.. warning:: + + DEPRECATION WARNING: The Certificates API has been deprecated and will + be removed in the P release. + .. _reference_post_certificate_orders: POST /v1/orders @@ -149,4 +154,3 @@ HTTP Status Codes +------+-----------------------------------------------------------------------------+ | 415 | Unsupported media type | +------+-----------------------------------------------------------------------------+ - diff --git a/doc/source/api/reference/orders.rst b/doc/source/api/reference/orders.rst index 30318e7c9..579ffcb39 100644 --- a/doc/source/api/reference/orders.rst +++ b/doc/source/api/reference/orders.rst @@ -2,6 +2,11 @@ Orders API - Reference ********************** +.. warning:: + + DEPRECATION WARNING: The Certificates Order resource has been deprecated + and will be removed in the P release. + .. _get_orders: GET /v1/orders diff --git a/doc/source/plugin/certificate.rst b/doc/source/plugin/certificate.rst index 85809cf2d..2040fb0ac 100644 --- a/doc/source/plugin/certificate.rst +++ b/doc/source/plugin/certificate.rst @@ -4,6 +4,11 @@ Certificate Plugin Development ============================== +.. warning:: + + DEPRECATION WARNING: The Certificates Plugin has been deprecated and will + be removed in the P release. + This guide describes how to develop a custom certificate plugin for use by Barbican. @@ -23,8 +28,6 @@ plugins: similar interactions as with Symantec. - - ``certificate_manager`` Module ============================== diff --git a/doc/source/setup/certificate.rst b/doc/source/setup/certificate.rst index 21240c4d0..8fd59ccd5 100644 --- a/doc/source/setup/certificate.rst +++ b/doc/source/setup/certificate.rst @@ -1,6 +1,11 @@ Setting up Certificate Plugins ============================== +.. warning:: + + DEPRECATION WARNING: The Certificates Plugin has been deprecated and will + be removed in the P release. + Using the SnakeOil CA plugin ---------------------------- diff --git a/etc/barbican/barbican.conf b/etc/barbican/barbican.conf index 48f1b05b2..e0c5f3681 100644 --- a/etc/barbican/barbican.conf +++ b/etc/barbican/barbican.conf @@ -322,6 +322,10 @@ ca_certs = '/path/to/certs/LocalCA.crt' # ================= Certificate plugin =================== + +# DEPRECATION WARNING: The Certificates Plugin has been deprecated +# and will be removed in the P release. + [certificate] namespace = barbican.certificate.plugin enabled_certificate_plugins = simple_certificate @@ -338,6 +342,8 @@ ca_cert_chain_path = /etc/barbican/snakeoil-ca.chain ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b subca_cert_key_directory=/etc/barbican/snakeoil-cas +# ======================================================== + [cors] #