From 9ebbcac6f88eb28d3ec9eef45776ca27a33baf59 Mon Sep 17 00:00:00 2001
From: Steve Martinelli <stevemar@ca.ibm.com>
Date: Fri, 11 Dec 2015 02:22:08 -0500
Subject: [PATCH] Deprecate `hash_algorithm` config option

The PKI and PKIz drivers are now deprecated, but one of the
config options that only works for PKI has not been deprecated.

implements bp: deprecated-as-of-mitaka

Change-Id: I55d5fb2a2678dccd8638b0460921ba6f8e76da6a
---
 keystone/common/config.py                                     | 4 ++++
 .../notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml       | 4 +++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/keystone/common/config.py b/keystone/common/config.py
index 9ca3493090..3663d58bfb 100644
--- a/keystone/common/config.py
+++ b/keystone/common/config.py
@@ -295,6 +295,10 @@ FILE_OPTIONS = {
                     'allow_rescoped_scoped_token to false prevents a user '
                     'from exchanging a scoped token for any other token.'),
         cfg.StrOpt('hash_algorithm', default='md5',
+                   deprecated_for_removal=True,
+                   deprecated_reason='PKI token support has been deprecated '
+                                     'in the M release and will be removed '
+                                     'in the O release.',
                    help='The hash algorithm to use for PKI tokens. This can '
                         'be set to any algorithm that hashlib supports. '
                         'WARNING: Before changing this value, the auth_token '
diff --git a/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml b/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
index fe9d9fe77b..9de697a826 100644
--- a/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
+++ b/releasenotes/notes/deprecated-as-of-mitaka-8534e43fa40c1d09.yaml
@@ -3,4 +3,6 @@ deprecations:
   - >
     [`blueprint deprecated-as-of-mitaka <https://blueprints.launchpad.net/keystone/+spec/deprecated-as-of-mitaka>`_]
     As of the Mitaka release, the PKI and PKIz token formats have been
-    deprecated. They will be removed in the 'O' release.
+    deprecated. They will be removed in the 'O' release. Due to this change,
+    the ``hash_algorithm`` option in the ``[token]`` section of the
+    configuration file has also been deprecated.