Deprecate use_user_token parameter

Parameter 'use_user_token' in glance-api.conf
was considered as harmful and not acceptable
for real deployments, because if it's disabled,
it changes system behaviour and allows any regular
user to perform requests with admin credentials.

In functional tests the default value was set
to True to prevent possible failures in the future.

Besides, several admin authN parameters were
deprecated as well, because they are useless without
'use_user_token'.

All required information was added to related
documentation sections, sample config file was
updated as well.

https://wiki.openstack.org/wiki/OSSN/OSSN-0060

Change-Id: Icfef49d787fa58e2af2e60e4fdc96633c5f0c010
Related-bug: #1493448

doc/source/configuring.rst

@@ -277,10 +277,21 @@ Optional. Default: ``600``.
 The period of time, in seconds, that the API server will wait for a registry
 request to complete. A value of '0' implies no timeout.
 
+.. note::
+   ``use_user_token``, ``admin_user``, ``admin_password``,
+   ``admin_tenant_name``, ``auth_url``, ``auth_strategy`` and ``auth_region``
+   options were considered harmful and have been deprecated in M release.
+   They will be removed in O release. For more information read
+   `OSSN-0060 <https://wiki.openstack.org/wiki/OSSN/OSSN-0060>`_.
+   Related functionality with uploading big images has been implemented with
+   Keystone trusts support.
+
 * ``use_user_token=True``
 
 Optional. Default: True
 
+DEPRECATED. This option will be removed in O release.
+
 Pass the user token through for API requests to the registry.
 
 If 'use_user_token' is not in effect then admin credentials can be
@@ -288,11 +299,10 @@ specified (see below). If admin credentials are specified then they are
 used to generate a token; this token rather than the original user's
 token is used for requests to the registry.
 
-To prevent failures with token expiration during big files upload,
-it is recommended to set this parameter to False.
-
 * ``admin_user=USER``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the username.
 
@@ -300,6 +310,8 @@ Optional. Default: None
 
 * ``admin_password=PASSWORD``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the password.
 
@@ -307,6 +319,8 @@ Optional. Default: None
 
 * ``admin_tenant_name=TENANTNAME``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the tenant name.
 
@@ -314,6 +328,8 @@ Optional. Default: None
 
 * ``auth_url=URL``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the Keystone endpoint.
 
@@ -321,13 +337,17 @@ Optional. Default: None
 
 * ``auth_strategy=STRATEGY``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the auth strategy.
 
-Optional. Default: keystone
+Optional. Default: noauth
 
 * ``auth_region=REGION``
 
+DEPRECATED. This option will be removed in O release.
+
 If 'use_user_token' is not in effect then admin credentials can be
 specified. Use this parameter to specify the region.
 

etc/glance-api.conf

@@ -252,33 +252,75 @@
 # upload, it is recommended to set this parameter to False.If
 # "use_user_token" is not in effect, then admin credentials can be
 # specified. (boolean value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #use_user_token = true
 
 # The administrators user name. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_user = <None>
 
 # The administrators password. If "use_user_token" is not in effect,
 # then admin credentials can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_password = <None>
 
 # The tenant name of the administrative user. If "use_user_token" is
 # not in effect, then admin tenant name can be specified. (string
 # value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #admin_tenant_name = <None>
 
 # The URL to the keystone service. If "use_user_token" is not in
 # effect and using keystone auth, then URL of keystone can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_url = <None>
 
 # The strategy to use for authentication. If "use_user_token" is not
 # in effect, then auth strategy can be specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_strategy = noauth
 
 # The region for the authentication service. If "use_user_token" is
 # not in effect and using keystone auth, then region name can be
 # specified. (string value)
+# This option is deprecated for removal.
+# Its value may be silently ignored in the future.
+# Reason: This option was considered harmful and has been deprecated
+# in M release. It will be removed in O release. For more information
+# read OSSN-0060. Related functionality with uploading big images has
+# been implemented with Keystone trusts support.
 #auth_region = <None>
 
 # The protocol to use for communication with the registry server.

glance/registry/client/__init__.py

@@ -51,8 +51,17 @@ registry_client_opts = [
                       'value of 0 implies no timeout.')),
 ]
 
+_DEPRECATE_USE_USER_TOKEN_MSG = ('This option was considered harmful and '
+                                 'has been deprecated in M release. It will '
+                                 'be removed in O release. For more '
+                                 'information read OSSN-0060. '
+                                 'Related functionality with uploading big '
+                                 'images has been implemented with Keystone '
+                                 'trusts support.')
+
 registry_client_ctx_opts = [
-    cfg.BoolOpt('use_user_token', default=True,
+    cfg.BoolOpt('use_user_token', default=True, deprecated_for_removal=True,
+                deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                 help=_('Whether to pass through the user token when '
                        'making requests to the registry. To prevent '
                        'failures with token expiration during big '
@@ -60,28 +69,34 @@ registry_client_ctx_opts = [
                        'parameter to False.'
                        'If "use_user_token" is not in effect, then '
                        'admin credentials can be specified.')),
-    cfg.StrOpt('admin_user', secret=True,
+    cfg.StrOpt('admin_user', secret=True, deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The administrators user name. '
                       'If "use_user_token" is not in effect, then '
                       'admin credentials can be specified.')),
-    cfg.StrOpt('admin_password', secret=True,
+    cfg.StrOpt('admin_password', secret=True, deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The administrators password. '
                       'If "use_user_token" is not in effect, then '
                       'admin credentials can be specified.')),
-    cfg.StrOpt('admin_tenant_name', secret=True,
+    cfg.StrOpt('admin_tenant_name', secret=True, deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The tenant name of the administrative user. '
                       'If "use_user_token" is not in effect, then '
                       'admin tenant name can be specified.')),
-    cfg.StrOpt('auth_url',
+    cfg.StrOpt('auth_url', deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The URL to the keystone service. '
                       'If "use_user_token" is not in effect and '
                       'using keystone auth, then URL of keystone '
                       'can be specified.')),
-    cfg.StrOpt('auth_strategy', default='noauth',
+    cfg.StrOpt('auth_strategy', default='noauth', deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The strategy to use for authentication. '
                       'If "use_user_token" is not in effect, then '
                       'auth strategy can be specified.')),
-    cfg.StrOpt('auth_region',
+    cfg.StrOpt('auth_region', deprecated_for_removal=True,
+               deprecated_reason=_DEPRECATE_USE_USER_TOKEN_MSG,
                help=_('The region for the authentication service. '
                       'If "use_user_token" is not in effect and '
                       'using keystone auth, then region name can '

glance/tests/functional/__init__.py

@@ -87,7 +87,7 @@ class Server(object):
         self.process_pid = None
         self.server_module = None
         self.stop_kill = False
-        self.use_user_token = False
+        self.use_user_token = True
         self.send_identity_credentials = False
 
     def write_conf(self, **kwargs):

releasenotes/notes/deprecate-glance-api-opts-23bdbd1ad7625999.yaml

@@ -0,0 +1,8 @@
+---
+deprecations:
+
+  - The use_user_token, admin_user, admin_password, admin_tenant_name,
+    auth_url, auth_strategy and auth_region options in the [DEFAULT]
+    configuration section in glance-api.conf are deprecated, and will
+    be removed in the O release.
+    See https://wiki.openstack.org/wiki/OSSN/OSSN-0060