Issue a deprecation warning for validating PKI tokens

PKI tokens have been deprecated and removed from keystone server. To get
them removed from auth_token middleware we need to deprecate it.

We issue the warning when a successful validation has occurred as all
incoming tokens get checked for if we think they are PKI and tried to
decrypt.

Change-Id: Ibc6e3378aa7c851335bcb9abbcc31572e6cef9e7
bp: deprecated-as-of-queens
This commit is contained in:
Jamie Lennox 2017-09-30 08:57:17 +10:00
parent 04735348de
commit 19e602c683
1 changed files with 7 additions and 0 deletions

View File

@ -802,6 +802,13 @@ class AuthProtocol(BaseAuthProtocol):
self.log.warning('Fetch revocation list failed, '
'fallback to online validation.')
else:
self.log.warning('auth_token middleware received a PKI/Z token. '
'This form of token is deprecated and has been '
'removed from keystone server and will be '
'removed from auth_token middleware in the Rocky '
'release. Please contact your administrator '
'about upgrading keystone and the token format.')
data = jsonutils.loads(verified)
audit_ids = None