deprecate pki_setup from keystone-manage

with PKI deprecated, we should also deprecate this command bp: deprecated-as-of-mitaka Closes-Bug: 1541201 Change-Id: If0600fc52084d1bb2acaadb05d858e4b69ff48eb
2016-02-04 01:09:16 -05:00 · 2016-02-04 01:09:16 -05:00 · 0f306111fb
commit 0f306111fb
parent 6a4926b863
3 changed files with 11 additions and 3 deletions
--- a/doc/source/man/keystone-manage.rst
+++ b/doc/source/man/keystone-manage.rst
@ -48,7 +48,7 @@ Available commands:
 * ``fernet_setup``: Setup a Fernet key repository.
 * ``mapping_purge``: Purge the identity mapping table.
 * ``mapping_engine``: Test your federation mapping rules.
-* ``pki_setup``: Initialize the certificates used to sign tokens.
+* ``pki_setup``: Initialize the certificates used to sign tokens. **deprecated**
 * ``saml_idp_metadata``: Generate identity provider metadata.
 * ``ssl_setup``: Generate certificates for SSL.
 * ``token_flush``: Purge expired tokens.
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@ -20,6 +20,7 @@ import uuid

 from oslo_config import cfg
 from oslo_log import log
+from oslo_log import versionutils
 from oslo_serialization import jsonutils
 import pbr.version

@ -313,13 +314,19 @@ class PKISetup(BaseCertificateSetup):
    """Set up Key pairs and certificates for token signing and verification.

    This is NOT intended for production use, see Keystone Configuration
-    documentation for details.
+    documentation for details. As of the Mitaka release, this command has
+    been DEPRECATED and may be removed in the 'O' release.
    """

    name = 'pki_setup'

    @classmethod
    def main(cls):
+        versionutils.report_deprecated_feature(
+            LOG,
+            _LW("keystone-manage pki_setup is deprecated as of Mitaka in "
+                "favor of not using PKI tokens and may be removed in 'O' "
+                "release."))
        LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
                        'production use.'))
        keystone_user_id, keystone_group_id = cls.get_user_group()
--- a/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
+++ b/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
@ -5,7 +5,8 @@ deprecations:
    As of the Mitaka release, the PKI and PKIz token formats have been
    deprecated. They will be removed in the 'O' release. Due to this change,
    the ``hash_algorithm`` option in the ``[token]`` section of the
-    configuration file has also been deprecated.
+    configuration file has also been deprecated. Also due to this change, the
+    ``keystone-manage pki_setup`` command has been deprecated as well.
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, write support for the LDAP driver of the Identity