Deprecating API v2.0

Keystone team decided to deprecate v2.0 on Mitaka.

DocImpact: The keystone team recommends using v3 of our Identity API, so we
decided to formally deprecate API v2.0 on Mitaka. Authentication
routes and EC2 routes will not be deprecated for now, they will be kept
around indefinitely.

Partially implements: bp deprecated-as-of-mitaka

Co-Authored-By: Steve Martinelli <stevemar@ca.ibm.com>
Change-Id: Ie3e484f08edd5acd3c89e76ba6a5c24d660a116d

keystone/assignment/controllers.py

@@ -40,7 +40,7 @@ LOG = log.getLogger(__name__)
 class TenantAssignment(controller.V2Controller):
     """The V2 Project APIs that are processing assignments."""
 
-    @controller.v2_deprecated
+    @controller.v2_auth_deprecated
     def get_projects_for_token(self, context, **kw):
         """Get valid tenants for token based on token used to authenticate.
 

keystone/common/controller.py

@@ -36,21 +36,39 @@ CONF = cfg.CONF
 
 
 def v2_deprecated(f):
-    """No-op decorator in preparation for deprecating Identity API v2.
-
-    This is a placeholder for the pending deprecation of v2. The implementation
-    of this decorator can be replaced with::
-
-        from oslo_log import versionutils
+    @six.wraps(f)
+    def wrapper(*args, **kwargs):
+        deprecated = versionutils.deprecated(
+            what=f.__name__ + ' of the v2 API',
+            as_of=versionutils.deprecated.MITAKA,
+            in_favor_of='a similar function in the v3 API',
+            remove_in=+4)
+        return deprecated(f)
+    return wrapper()
 
 
-        v2_deprecated = versionutils.deprecated(
-            what='v2 API',
-            as_of=versionutils.deprecated.JUNO,
-            in_favor_of='v3 API')
+def v2_ec2_deprecated(f):
+    @six.wraps(f)
+    def wrapper(*args, **kwargs):
+        deprecated = versionutils.deprecated(
+            what=f.__name__ + ' of the v2 EC2 APIs',
+            as_of=versionutils.deprecated.MITAKA,
+            in_favor_of=('a similar function in the v3 Credential APIs'),
+            remove_in=0)
+        return deprecated(f)
+    return wrapper()
 
-    """
-    return f
+
+def v2_auth_deprecated(f):
+    @six.wraps(f)
+    def wrapper(*args, **kwargs):
+        deprecated = versionutils.deprecated(
+            what=f.__name__ + ' of the v2 Authentication APIs',
+            as_of=versionutils.deprecated.MITAKA,
+            in_favor_of=('a similar function in the v3 Authentication APIs'),
+            remove_in=0)
+        return deprecated(f)
+    return wrapper()
 
 
 def _build_policy_check_credentials(self, action, context, kwargs):

keystone/contrib/ec2/controllers.py

@@ -261,7 +261,7 @@ class Ec2ControllerCommon(object):
 @dependency.requires('policy_api', 'token_provider_api')
 class Ec2Controller(Ec2ControllerCommon, controller.V2Controller):
 
-    @controller.v2_deprecated
+    @controller.v2_ec2_deprecated
     def authenticate(self, context, credentials=None, ec2Credentials=None):
         (user_ref, tenant_ref, metadata_ref, roles_ref,
          catalog_ref) = self._authenticate(credentials=credentials,
@@ -281,27 +281,27 @@ class Ec2Controller(Ec2ControllerCommon, controller.V2Controller):
             auth_token_data, roles_ref, catalog_ref)
         return token_data
 
-    @controller.v2_deprecated
+    @controller.v2_ec2_deprecated
     def get_credential(self, context, user_id, credential_id):
         if not self._is_admin(context):
             self._assert_identity(context, user_id)
         return super(Ec2Controller, self).get_credential(user_id,
                                                          credential_id)
 
-    @controller.v2_deprecated
+    @controller.v2_ec2_deprecated
     def get_credentials(self, context, user_id):
         if not self._is_admin(context):
             self._assert_identity(context, user_id)
         return super(Ec2Controller, self).get_credentials(user_id)
 
-    @controller.v2_deprecated
+    @controller.v2_ec2_deprecated
     def create_credential(self, context, user_id, tenant_id):
         if not self._is_admin(context):
             self._assert_identity(context, user_id)
         return super(Ec2Controller, self).create_credential(context, user_id,
                                                             tenant_id)
 
-    @controller.v2_deprecated
+    @controller.v2_ec2_deprecated
     def delete_credential(self, context, user_id, credential_id):
         if not self._is_admin(context):
             self._assert_identity(context, user_id)

keystone/token/controllers.py

@@ -59,7 +59,7 @@ class Auth(controller.V2Controller):
             data = cert_file.read()
         return data
 
-    @controller.v2_deprecated
+    @controller.v2_auth_deprecated
     def authenticate(self, context, auth=None):
         """Authenticate credentials and return a token.
 

releasenotes/notes/deprecate-v2-apis-894284c17be881d2.yaml

@@ -0,0 +1,8 @@
+---
+deprecations:
+  - >
+    [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
+    Deprecated all v2.0 APIs. The keystone team recommends using v3 APIs instead.
+    Most v2.0 APIs will be removed in the 'Q' release. However, the authentication
+    APIs and EC2 APIs are indefinitely deprecated and will not be removed in
+    the 'Q' release.