From a869b9c7909737d7eb6de94da8c101c3a41faa73 Mon Sep 17 00:00:00 2001
From: Stephen Finucane <sfinucan@redhat.com>
Date: Thu, 8 Mar 2018 10:08:16 +0000
Subject: [PATCH] conf: Remove 'nova.crypto' opts

These are no longer used since [1] and can be immediately removed
without a deprecation cycle.

[1] Ie1dadc6bf935f777e0cd0c54a0a21b79545714c5

Change-Id: I53aa27ff0c3e8a7a2d5bbfa338bdae59002f6e9d
---
 nova/conf/__init__.py                         |   2 -
 nova/conf/crypto.py                           | 111 ------------------
 .../remove-crypt-opts-67a1f304ae09aaeb.yaml   |  16 +++
 3 files changed, 16 insertions(+), 113 deletions(-)
 delete mode 100644 nova/conf/crypto.py
 create mode 100644 releasenotes/notes/remove-crypt-opts-67a1f304ae09aaeb.yaml

diff --git a/nova/conf/__init__.py b/nova/conf/__init__.py
index 6b2fcb82747e..309621c51696 100644
--- a/nova/conf/__init__.py
+++ b/nova/conf/__init__.py
@@ -30,7 +30,6 @@ from nova.conf import conductor
 from nova.conf import configdrive
 from nova.conf import console
 from nova.conf import consoleauth
-from nova.conf import crypto
 from nova.conf import database
 from nova.conf import devices
 from nova.conf import ephemeral_storage
@@ -83,7 +82,6 @@ conductor.register_opts(CONF)
 configdrive.register_opts(CONF)
 console.register_opts(CONF)
 consoleauth.register_opts(CONF)
-crypto.register_opts(CONF)
 database.register_opts(CONF)
 devices.register_opts(CONF)
 ephemeral_storage.register_opts(CONF)
diff --git a/nova/conf/crypto.py b/nova/conf/crypto.py
deleted file mode 100644
index 73a40234c4fe..000000000000
--- a/nova/conf/crypto.py
+++ /dev/null
@@ -1,111 +0,0 @@
-# All Rights Reserved.
-#
-#    Licensed under the Apache License, Version 2.0 (the "License"); you may
-#    not use this file except in compliance with the License. You may obtain
-#    a copy of the License at
-#
-#         http://www.apache.org/licenses/LICENSE-2.0
-#
-#    Unless required by applicable law or agreed to in writing, software
-#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
-#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
-#    License for the specific language governing permissions and limitations
-#    under the License.
-
-import os
-
-from oslo_config import cfg
-
-from nova.conf import paths
-
-crypto_opts_group = cfg.OptGroup("crypto",
-        title="Crypto Options")
-
-crypto_opts = [
-    cfg.StrOpt("ca_file",
-        default="cacert.pem",
-        deprecated_group="DEFAULT",
-        help="""
-Filename of root CA (Certificate Authority). This is a container format
-and includes root certificates.
-
-Possible values:
-
-* Any file name containing root CA, cacert.pem is default
-
-Related options:
-
-* ca_path
-"""),
-    cfg.StrOpt("key_file",
-        default=os.path.join("private", "cakey.pem"),
-        deprecated_group="DEFAULT",
-        help="""
-Filename of a private key.
-
-Related options:
-
-* keys_path
-"""),
-    cfg.StrOpt("crl_file",
-        default="crl.pem",
-        deprecated_group="DEFAULT",
-        help="""
-Filename of root Certificate Revocation List (CRL). This is a list of
-certificates that have been revoked, and therefore, entities presenting
-those (revoked) certificates should no longer be trusted.
-
-Related options:
-
-* ca_path
-"""),
-    cfg.StrOpt("keys_path",
-        default=paths.state_path_def("keys"),
-        deprecated_group="DEFAULT",
-        help="""
-Directory path where keys are located.
-
-Related options:
-
-* key_file
-"""),
-    cfg.StrOpt("ca_path",
-        default=paths.state_path_def("CA"),
-        deprecated_group="DEFAULT",
-        help="""
-Directory path where root CA is located.
-
-Related options:
-
-* ca_file
-"""),
-    cfg.BoolOpt("use_project_ca",
-        default=False,
-        deprecated_group="DEFAULT",
-        help="Option to enable/disable use of CA for each project."),
-    cfg.StrOpt("user_cert_subject",
-        default="/C=US/ST=California/O=OpenStack/"
-                "OU=NovaDev/CN=%.16s-%.16s-%s",
-        deprecated_group="DEFAULT",
-        help="""
-Subject for certificate for users, %s for
-project, user, timestamp
-"""),
-    cfg.StrOpt("project_cert_subject",
-        default="/C=US/ST=California/O=OpenStack/"
-                "OU=NovaDev/CN=project-ca-%.16s-%s",
-        deprecated_group="DEFAULT",
-        help="""
-Subject for certificate for projects, %s for
-project, timestamp
-"""),
-]
-
-
-def register_opts(conf):
-    conf.register_group(crypto_opts_group)
-    conf.register_opts(crypto_opts, crypto_opts_group)
-
-
-def list_opts():
-    return {crypto_opts_group: crypto_opts}
diff --git a/releasenotes/notes/remove-crypt-opts-67a1f304ae09aaeb.yaml b/releasenotes/notes/remove-crypt-opts-67a1f304ae09aaeb.yaml
new file mode 100644
index 000000000000..8f071e309fba
--- /dev/null
+++ b/releasenotes/notes/remove-crypt-opts-67a1f304ae09aaeb.yaml
@@ -0,0 +1,16 @@
+---
+upgrade:
+  - |
+    The following options, previously found in the ``[crypto]`` group, have
+    been removed:
+
+    - ``ca_file``
+    - ``key_file``
+    - ``crl_file``
+    - ``keys_path``
+    - ``ca_path``
+    - ``use_project_ca``
+    - ``user_cert_subject``
+    - ``project_cert_subject``
+
+    These have not been used in recent releases.