Deprecate (and slate for removal) UUID tokens

Deprecate UUID token provider. With fernet tokens being made the
default, the UUID tokens are much like PKI tokens, an aging relic
of Keystone-Times-Past. Keystone is consolidating token issuance
and validation to the most effective form.

This also deprecates the following:

* token-bind capabilities, as that is a feature that was at best
  partially implemented in UUID and PKI tokens, with explicit
  non-support in Fernet.

* token-persistence driver and explicit token persistence code.

Change-Id: I724169a49ce12d8dd514471c34ac2b752eb98c8a
bp: deprecated-as-of-pike
This commit is contained in:
Morgan Fainberg 2017-02-02 11:26:56 -08:00
parent 9c474958b1
commit 5896d841df
3 changed files with 26 additions and 0 deletions

View File

@ -13,6 +13,7 @@
import sys
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -30,6 +31,8 @@ enforce_token_bind = cfg.StrOpt(
'enforce_token_bind',
default='permissive',
choices=['disabled', 'permissive', 'strict', 'required'],
deprecated_since=versionutils.deprecated.PIKE,
deprecated_for_removal=True,
help=utils.fmt("""
This controls the token binding enforcement policy on tokens presented to
keystone with token binding metadata (as specified by the `[token] bind`
@ -74,6 +77,8 @@ command).
driver = cfg.StrOpt(
'driver',
default='sql',
deprecated_since=versionutils.deprecated.PIKE,
deprecated_for_removal=True,
help=utils.fmt("""
Entry point for the token persistence backend driver in the
`keystone.token.persistence` namespace. Keystone provides the `sql`

View File

@ -16,6 +16,8 @@
from __future__ import absolute_import
from oslo_log import versionutils
import uuid
from keystone.token.providers import common
@ -23,6 +25,14 @@ from keystone.token.providers import common
class Provider(common.BaseProvider):
@versionutils.deprecated(
as_of=versionutils.deprecated.PIKE,
what='UUID Token Provider "[token] provider=uuid"',
in_favor_of='Fernet token Provider "[token] provider=fernet"',
remove_in=+2)
def __init__(self, *args, **kwargs):
super(Provider, self).__init__(*args, **kwargs)
def _get_token_id(self, token_data):
return uuid.uuid4().hex

View File

@ -0,0 +1,11 @@
---
deprecations:
- |
* UUID token provider ``[token] provider=uuid`` has been deprecated in
favor of Fernet tokens ``[token] provider=fernet``. With Fernet tokens
becoming the default UUID tokens can be slated for removal in the R
release. This also deprecates token-bind support as it was never
implemented for fernet.
* Token persistence driver/code (SQL) is deprecated with this patch since
it is only used by the UUID token provider..