From d78ac78395e05bbcce6674d7150e8ec25c3a558e Mon Sep 17 00:00:00 2001
From: Kristi Nikolla <kristi@nikolla.me>
Date: Wed, 10 Apr 2019 13:19:57 -0400
Subject: [PATCH] Deprecate [federation] federated_domain_name

Prior to introducing per idp domains, all ephemeral users lived
in the Federated domain. That is not the case anymore, since they
now live in the domain of the idp.

Change-Id: Ife501adf7b122d2c987e132dbfafe0717760c1bb
Partial-Bug: 1754048
Partial-Bug: 1829454
---
 keystone/conf/federation.py                              | 9 +++++++++
 .../notes/deprecated-as-of-train-de3fe41ff2251385.yaml   | 7 +++++++
 2 files changed, 16 insertions(+)
 create mode 100644 releasenotes/notes/deprecated-as-of-train-de3fe41ff2251385.yaml

diff --git a/keystone/conf/federation.py b/keystone/conf/federation.py
index fa3d57df58..5f1a7a5b96 100644
--- a/keystone/conf/federation.py
+++ b/keystone/conf/federation.py
@@ -11,10 +11,16 @@
 # under the License.
 
 from oslo_config import cfg
+from oslo_log import versionutils
 
 from keystone.conf import utils
 
 
+_DEPRECATED_MSG = utils.fmt("""
+This option has been superseded by ephemeral users existing in the domain
+of their identity provider.
+""")
+
 driver = cfg.StrOpt(
     'driver',
     default='sql',
@@ -44,6 +50,9 @@ could be `MELLON_IDP`.
 federated_domain_name = cfg.StrOpt(
     'federated_domain_name',
     default='Federated',
+    deprecated_for_removal=True,
+    deprecated_reason=_DEPRECATED_MSG,
+    deprecated_since=versionutils.deprecated.TRAIN,
     help=utils.fmt("""
 An arbitrary domain name that is reserved to allow federated ephemeral users to
 have a domain concept. Note that an admin will not be able to create a domain
diff --git a/releasenotes/notes/deprecated-as-of-train-de3fe41ff2251385.yaml b/releasenotes/notes/deprecated-as-of-train-de3fe41ff2251385.yaml
new file mode 100644
index 0000000000..9cdd5669a6
--- /dev/null
+++ b/releasenotes/notes/deprecated-as-of-train-de3fe41ff2251385.yaml
@@ -0,0 +1,7 @@
+---
+deprecations:
+  - |
+    [`bug 1829454 <https://bugs.launchpad.net/keystone/+bug/1829454>`_]
+    The `[federation] federated_domain_name` option is deprecated. All users
+    live in the identity provider's domain now, and the option is no longer
+    used.