Deprecate member_role_id and member_role_name
``member_role_id`` and ``member_role_name`` config options are only used for V2. Instead of removing, just deprecate them because that maybe some consumers still use them for V3. This patch also removed the usage in ``keystone-manage bootstrap`` as well. Closes-bug: #1728690 bp: deprecated-as-of-queens bp: removed-as-of-queens Change-Id: Ib85479442ec68f9a67615c23e5c39bd217c9b109
This commit is contained in:
parent
964595a20f
commit
23d14f5562
@ -372,8 +372,6 @@ class BootStrap(BaseApp):
|
||||
|
||||
self.endpoints[interface] = endpoint_ref['id']
|
||||
|
||||
self.assignment_manager.ensure_default_role()
|
||||
|
||||
@classmethod
|
||||
def main(cls):
|
||||
klass = cls()
|
||||
|
@ -21,6 +21,16 @@ This option has been deprecated in the N release and will be removed in the P
|
||||
release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
|
||||
""")
|
||||
|
||||
|
||||
_DEPRECATE_MEMBER_ID_AND_NAME = utils.fmt("""
|
||||
This option was used to create a default member role for keystone v2 role
|
||||
assignments, but with the removal of the v2 API it is no longer necessary to
|
||||
create this default role. This option is deprecated and will be removed in the
|
||||
S release. If you are depending on having a predictable role name and ID for
|
||||
this member role you will need to update your tooling.
|
||||
""")
|
||||
|
||||
|
||||
admin_token = cfg.StrOpt(
|
||||
'admin_token',
|
||||
secret=True,
|
||||
@ -92,6 +102,9 @@ this should be set to 32).
|
||||
member_role_id = cfg.StrOpt(
|
||||
'member_role_id',
|
||||
default='9fe2ff9ee4384b1894a90878d3e92bab',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
|
||||
deprecated_since=versionutils.deprecated.QUEENS,
|
||||
help=utils.fmt("""
|
||||
Similar to the `[DEFAULT] member_role_name` option, this represents the default
|
||||
role ID used to associate users with their default projects in the v2 API. This
|
||||
@ -104,6 +117,9 @@ which case, you should set `[DEFAULT] member_role_name` as well).
|
||||
member_role_name = cfg.StrOpt(
|
||||
'member_role_name',
|
||||
default='_member_',
|
||||
deprecated_for_removal=True,
|
||||
deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
|
||||
deprecated_since=versionutils.deprecated.QUEENS,
|
||||
help=utils.fmt("""
|
||||
This is the role name used in combination with the `[DEFAULT] member_role_id`
|
||||
option; see that option for more detail. You do not need to set this option
|
||||
|
@ -252,19 +252,6 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
|
||||
user_id,
|
||||
bootstrap.password)
|
||||
|
||||
def test_bootstrap_creates_default_role(self):
|
||||
bootstrap = cli.BootStrap()
|
||||
try:
|
||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
||||
self.fail('Member Role is created and should not be.')
|
||||
except exception.RoleNotFound:
|
||||
pass
|
||||
|
||||
self._do_test_bootstrap(bootstrap)
|
||||
role = bootstrap.role_manager.get_role(CONF.member_role_id)
|
||||
self.assertEqual(role['name'], CONF.member_role_name)
|
||||
self.assertEqual(role['id'], CONF.member_role_id)
|
||||
|
||||
|
||||
class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):
|
||||
|
||||
|
@ -1,9 +1,17 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
- >
|
||||
The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are
|
||||
deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains``
|
||||
APIs. These APIs were originally marked as deprecated during the Juno
|
||||
release cycle, but we never deprecated using ``versionutils`` from oslo.
|
||||
More information regarding this deprecation can be found in the `patch
|
||||
<https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation.
|
||||
- >
|
||||
[`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
|
||||
The ``member_role_id`` and ``member_role_name`` config options were used to
|
||||
create a default member role for keystone v2 role assignments, but with the
|
||||
removal of the v2 API it is no longer necessary to create this default
|
||||
role. This option is deprecated and will be removed in the S release. If
|
||||
you are depending on having a predictable role name and ID for this member
|
||||
role you will need to update your tooling.
|
||||
|
@ -0,0 +1,8 @@
|
||||
---
|
||||
other:
|
||||
- >
|
||||
[`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
|
||||
The ``keystone-manage bootstrap`` command will only create the admin role
|
||||
and will no longer create a default member role. Please create any
|
||||
additional roles you need after running ``bootstrap`` by using the
|
||||
``openstack role create`` command.
|
Loading…
Reference in New Issue
Block a user