Merge "deprecate pki_setup from keystone-manage"
This commit is contained in:
commit
bf1f509776
|
@ -48,7 +48,7 @@ Available commands:
|
||||||
* ``fernet_setup``: Setup a Fernet key repository.
|
* ``fernet_setup``: Setup a Fernet key repository.
|
||||||
* ``mapping_purge``: Purge the identity mapping table.
|
* ``mapping_purge``: Purge the identity mapping table.
|
||||||
* ``mapping_engine``: Test your federation mapping rules.
|
* ``mapping_engine``: Test your federation mapping rules.
|
||||||
* ``pki_setup``: Initialize the certificates used to sign tokens.
|
* ``pki_setup``: Initialize the certificates used to sign tokens. **deprecated**
|
||||||
* ``saml_idp_metadata``: Generate identity provider metadata.
|
* ``saml_idp_metadata``: Generate identity provider metadata.
|
||||||
* ``ssl_setup``: Generate certificates for SSL.
|
* ``ssl_setup``: Generate certificates for SSL.
|
||||||
* ``token_flush``: Purge expired tokens.
|
* ``token_flush``: Purge expired tokens.
|
||||||
|
|
|
@ -20,6 +20,7 @@ import uuid
|
||||||
|
|
||||||
from oslo_config import cfg
|
from oslo_config import cfg
|
||||||
from oslo_log import log
|
from oslo_log import log
|
||||||
|
from oslo_log import versionutils
|
||||||
from oslo_serialization import jsonutils
|
from oslo_serialization import jsonutils
|
||||||
import pbr.version
|
import pbr.version
|
||||||
|
|
||||||
|
@ -313,13 +314,19 @@ class PKISetup(BaseCertificateSetup):
|
||||||
"""Set up Key pairs and certificates for token signing and verification.
|
"""Set up Key pairs and certificates for token signing and verification.
|
||||||
|
|
||||||
This is NOT intended for production use, see Keystone Configuration
|
This is NOT intended for production use, see Keystone Configuration
|
||||||
documentation for details.
|
documentation for details. As of the Mitaka release, this command has
|
||||||
|
been DEPRECATED and may be removed in the 'O' release.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
name = 'pki_setup'
|
name = 'pki_setup'
|
||||||
|
|
||||||
@classmethod
|
@classmethod
|
||||||
def main(cls):
|
def main(cls):
|
||||||
|
versionutils.report_deprecated_feature(
|
||||||
|
LOG,
|
||||||
|
_LW("keystone-manage pki_setup is deprecated as of Mitaka in "
|
||||||
|
"favor of not using PKI tokens and may be removed in 'O' "
|
||||||
|
"release."))
|
||||||
LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
|
LOG.warning(_LW('keystone-manage pki_setup is not recommended for '
|
||||||
'production use.'))
|
'production use.'))
|
||||||
keystone_user_id, keystone_group_id = cls.get_user_group()
|
keystone_user_id, keystone_group_id = cls.get_user_group()
|
||||||
|
|
|
@ -5,7 +5,8 @@ deprecations:
|
||||||
As of the Mitaka release, the PKI and PKIz token formats have been
|
As of the Mitaka release, the PKI and PKIz token formats have been
|
||||||
deprecated. They will be removed in the 'O' release. Due to this change,
|
deprecated. They will be removed in the 'O' release. Due to this change,
|
||||||
the ``hash_algorithm`` option in the ``[token]`` section of the
|
the ``hash_algorithm`` option in the ``[token]`` section of the
|
||||||
configuration file has also been deprecated.
|
configuration file has also been deprecated. Also due to this change, the
|
||||||
|
``keystone-manage pki_setup`` command has been deprecated as well.
|
||||||
- >
|
- >
|
||||||
[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
|
[`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
|
||||||
As of the Mitaka release, write support for the LDAP driver of the Identity
|
As of the Mitaka release, write support for the LDAP driver of the Identity
|
||||||
|
|
Loading…
Reference in New Issue