8a66ef6354
This is the first step of several to remove PKI token support in keystone. A large issue in removing PKI support is support for the revocation list must be maintained. This patch removes support for the token format, it's surrounding tests and examples that are generated. Additionally, some wording has been changed around the CLI and config options to make the distinction between keys and certs used for PKI tokens and those used for getting the revocation list (a list of tokens that are revoked, which is signed). Future patches will: - Remove the keystone-manage commands for generating certs - Modify the revocation list (at /auth/tokens/OS-PKI/revoked) to return a 403 if pki is not configured (instead of raising a 500). We cannot remove the API as that would break an API contract. - Options to configure PKI will be marked as deprecated - If PKI is configured a normal signed list will be returned (same behavior as today) - Follow up patch to keystonemiddleware will make sure auth_token does not rely on the revocation api at all. Related-Bug: 1626778 Related-Bug: 1626779 Co-Authored-By: Boris Bobrov <bbobrov@mirantis.com> bp removed-as-of-ocata Change-Id: Icf1ebced44a675c88fb66a6c0431208ff5181574
Building Docs
Developer documentation is generated using Sphinx. To build this documentation, run the following from the root of the repository:
$ tox -e docsThe documentation will be built at doc/build/.