Deprecate member_role_id and member_role_name
``member_role_id`` and ``member_role_name`` config options are only used for V2. Instead of removing, just deprecate them because that maybe some consumers still use them for V3. This patch also removed the usage in ``keystone-manage bootstrap`` as well. Closes-bug: #1728690 bp: deprecated-as-of-queens bp: removed-as-of-queens Change-Id: Ib85479442ec68f9a67615c23e5c39bd217c9b109
This commit is contained in:
parent
964595a20f
commit
23d14f5562
@ -372,8 +372,6 @@ class BootStrap(BaseApp):
|
|||||||
|
|
||||||
self.endpoints[interface] = endpoint_ref['id']
|
self.endpoints[interface] = endpoint_ref['id']
|
||||||
|
|
||||||
self.assignment_manager.ensure_default_role()
|
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def main(cls):
|
def main(cls):
|
||||||
klass = cls()
|
klass = cls()
|
||||||
|
@ -21,6 +21,16 @@ This option has been deprecated in the N release and will be removed in the P
|
|||||||
release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
|
release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
|
||||||
""")
|
""")
|
||||||
|
|
||||||
|
|
||||||
|
_DEPRECATE_MEMBER_ID_AND_NAME = utils.fmt("""
|
||||||
|
This option was used to create a default member role for keystone v2 role
|
||||||
|
assignments, but with the removal of the v2 API it is no longer necessary to
|
||||||
|
create this default role. This option is deprecated and will be removed in the
|
||||||
|
S release. If you are depending on having a predictable role name and ID for
|
||||||
|
this member role you will need to update your tooling.
|
||||||
|
""")
|
||||||
|
|
||||||
|
|
||||||
admin_token = cfg.StrOpt(
|
admin_token = cfg.StrOpt(
|
||||||
'admin_token',
|
'admin_token',
|
||||||
secret=True,
|
secret=True,
|
||||||
@ -92,6 +102,9 @@ this should be set to 32).
|
|||||||
member_role_id = cfg.StrOpt(
|
member_role_id = cfg.StrOpt(
|
||||||
'member_role_id',
|
'member_role_id',
|
||||||
default='9fe2ff9ee4384b1894a90878d3e92bab',
|
default='9fe2ff9ee4384b1894a90878d3e92bab',
|
||||||
|
deprecated_for_removal=True,
|
||||||
|
deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
|
||||||
|
deprecated_since=versionutils.deprecated.QUEENS,
|
||||||
help=utils.fmt("""
|
help=utils.fmt("""
|
||||||
Similar to the `[DEFAULT] member_role_name` option, this represents the default
|
Similar to the `[DEFAULT] member_role_name` option, this represents the default
|
||||||
role ID used to associate users with their default projects in the v2 API. This
|
role ID used to associate users with their default projects in the v2 API. This
|
||||||
@ -104,6 +117,9 @@ which case, you should set `[DEFAULT] member_role_name` as well).
|
|||||||
member_role_name = cfg.StrOpt(
|
member_role_name = cfg.StrOpt(
|
||||||
'member_role_name',
|
'member_role_name',
|
||||||
default='_member_',
|
default='_member_',
|
||||||
|
deprecated_for_removal=True,
|
||||||
|
deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
|
||||||
|
deprecated_since=versionutils.deprecated.QUEENS,
|
||||||
help=utils.fmt("""
|
help=utils.fmt("""
|
||||||
This is the role name used in combination with the `[DEFAULT] member_role_id`
|
This is the role name used in combination with the `[DEFAULT] member_role_id`
|
||||||
option; see that option for more detail. You do not need to set this option
|
option; see that option for more detail. You do not need to set this option
|
||||||
|
@ -252,19 +252,6 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
|
|||||||
user_id,
|
user_id,
|
||||||
bootstrap.password)
|
bootstrap.password)
|
||||||
|
|
||||||
def test_bootstrap_creates_default_role(self):
|
|
||||||
bootstrap = cli.BootStrap()
|
|
||||||
try:
|
|
||||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
|
||||||
self.fail('Member Role is created and should not be.')
|
|
||||||
except exception.RoleNotFound:
|
|
||||||
pass
|
|
||||||
|
|
||||||
self._do_test_bootstrap(bootstrap)
|
|
||||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
|
||||||
self.assertEqual(role['name'], CONF.member_role_name)
|
|
||||||
self.assertEqual(role['id'], CONF.member_role_id)
|
|
||||||
|
|
||||||
|
|
||||||
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):
|
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):
|
||||||
|
|
||||||
|
@ -1,9 +1,17 @@
|
|||||||
---
|
---
|
||||||
deprecations:
|
deprecations:
|
||||||
- |
|
- >
|
||||||
The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are
|
The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are
|
||||||
deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains``
|
deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains``
|
||||||
APIs. These APIs were originally marked as deprecated during the Juno
|
APIs. These APIs were originally marked as deprecated during the Juno
|
||||||
release cycle, but we never deprecated using ``versionutils`` from oslo.
|
release cycle, but we never deprecated using ``versionutils`` from oslo.
|
||||||
More information regarding this deprecation can be found in the `patch
|
More information regarding this deprecation can be found in the `patch
|
||||||
<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation.
|
<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation.
|
||||||
|
- >
|
||||||
|
[`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
|
||||||
|
The ``member_role_id`` and ``member_role_name`` config options were used to
|
||||||
|
create a default member role for keystone v2 role assignments, but with the
|
||||||
|
removal of the v2 API it is no longer necessary to create this default
|
||||||
|
role. This option is deprecated and will be removed in the S release. If
|
||||||
|
you are depending on having a predictable role name and ID for this member
|
||||||
|
role you will need to update your tooling.
|
||||||
|
@ -0,0 +1,8 @@
|
|||||||
|
---
|
||||||
|
other:
|
||||||
|
- >
|
||||||
|
[`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
|
||||||
|
The ``keystone-manage bootstrap`` command will only create the admin role
|
||||||
|
and will no longer create a default member role. Please create any
|
||||||
|
additional roles you need after running ``bootstrap`` by using the
|
||||||
|
``openstack role create`` command.
|
Loading…
Reference in New Issue
Block a user