Merge "deprecate pki_setup from keystone-manage"

2016-02-05 07:37:22 +00:00 · 2016-02-05 07:37:22 +00:00 · bf1f509776
parent df6b223e21 0f306111fb
commit bf1f509776
3 changed files with 11 additions and 3 deletions
--- a/doc/source/man/keystone-manage.rst
+++ b/doc/source/man/keystone-manage.rst
@ -48,7 +48,7 @@ Available commands:
 * ``fernet_setup``: Setup a Fernet key repository.
 * ``mapping_purge``: Purge the identity mapping table.
 * ``mapping_engine``: Test your federation mapping rules.
-* ``pki_setup``: Initialize the certificates used to sign tokens.
+* ``pki_setup``: Initialize the certificates used to sign tokens. **deprecated**
 * ``saml_idp_metadata``: Generate identity provider metadata.
 * ``ssl_setup``: Generate certificates for SSL.
 * ``token_flush``: Purge expired tokens.
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@ -20,6 +20,7 @@ import uuid

 from oslo_config import cfg
 from oslo_log import log
+from oslo_log import versionutils
 from oslo_serialization import jsonutils
 import pbr.version

@ -313,13 +314,19 @@ class PKISetup(BaseCertificateSetup):
    """Set up Key pairs and certificates for token signing and verification.

    This is NOT intended for production use, see Keystone Configuration
-    documentation for details.
+    documentation for details. As of the Mitaka release, this command has
+    been DEPRECATED and may be removed in the 'O' release.
    """

    name = 'pki_setup'

    @classmethod
    def main(cls):
+        versionutils.report_deprecated_feature(
+            LOG,
+            _LW("keystone-manage pki_setup is deprecated as of Mitaka in "
+                "favor of not using PKI tokens and may be removed in 'O' "
+                "release."))
        LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
                        'production use.'))
        keystone_user_id, keystone_group_id = cls.get_user_group()
--- a/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
+++ b/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
@ -5,7 +5,8 @@ deprecations:
    As of the Mitaka release, the PKI and PKIz token formats have been
    deprecated. They will be removed in the 'O' release. Due to this change,
    the ``hash_algorithm`` option in the ``[token]`` section of the
-    configuration file has also been deprecated.
+    configuration file has also been deprecated. Also due to this change, the
+    ``keystone-manage pki_setup`` command has been deprecated as well.
  - >
    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
    As of the Mitaka release, write support for the LDAP driver of the Identity