From c973c8fe70bd6e190d9dab3dcc4021617fd5cd5c Mon Sep 17 00:00:00 2001 From: Colleen Murphy Date: Fri, 29 Dec 2017 19:53:21 +0100 Subject: [PATCH] Deprecate [trust]/enabled option It's currently possible to disable the trusts API and trusts are therefore essentially an API extension and not a first-class member of the keystone API. By now, trusts are a widely-used feature and are essential for services like Heat. Allowing optional APIs is an interoperability nightmare that we should discourage. This patch marks the config flag to enable trusts as deprecated so that in the future it will not be possible to disable it. bp deprecated-as-of-queens Change-Id: Iac454ddf7878b8f2705e7abb44181f1a19af015f --- keystone/conf/trust.py | 7 +++++++ .../notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml | 3 +++ 2 files changed, 10 insertions(+) diff --git a/keystone/conf/trust.py b/keystone/conf/trust.py index 1c1067f522..17f59ce637 100644 --- a/keystone/conf/trust.py +++ b/keystone/conf/trust.py @@ -11,6 +11,7 @@ # under the License. from oslo_config import cfg +from oslo_log import versionutils from keystone.conf import utils @@ -18,6 +19,12 @@ from keystone.conf import utils enabled = cfg.BoolOpt( 'enabled', default=True, + deprecated_for_removal=True, + deprecated_reason=utils.fmt(""" +Disabling the trusts API is deprecated. This option will be removed in the +next release and trusts will always be enabled. +"""), + deprecated_since=versionutils.deprecated.QUEENS, help=utils.fmt(""" Delegation and impersonation features using trusts can be optionally disabled. """)) diff --git a/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml b/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml index 3beed0b25f..643a560f3d 100644 --- a/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml +++ b/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml @@ -15,3 +15,6 @@ deprecations: role. This option is deprecated and will be removed in the S release. If you are depending on having a predictable role name and ID for this member role you will need to update your tooling. + - > + The ``enabled`` config option of the ``trust`` feature is deprecated and + will be removed in the next release. Trusts will then always be enabled.