Deprecate member_role_id and member_role_name

``member_role_id`` and ``member_role_name`` config options are only used for V2. Instead of removing, just deprecate them because that maybe some consumers still use them for V3. This patch also removed the usage in ``keystone-manage bootstrap`` as well. Closes-bug: #1728690 bp: deprecated-as-of-queens bp: removed-as-of-queens Change-Id: Ib85479442ec68f9a67615c23e5c39bd217c9b109
2017-11-23 15:17:24 +08:00 · 2017-11-23 15:17:24 +08:00 · 23d14f5562
parent 964595a20f
commit 23d14f5562
5 changed files with 33 additions and 16 deletions
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@ -372,8 +372,6 @@ class BootStrap(BaseApp):

                self.endpoints[interface] = endpoint_ref['id']

-        self.assignment_manager.ensure_default_role()
-
    @classmethod
    def main(cls):
        klass = cls()
--- a/keystone/conf/default.py
+++ b/keystone/conf/default.py
@ -21,6 +21,16 @@ This option has been deprecated in the N release and will be removed in the P
 release. Use oslo.middleware.http_proxy_to_wsgi configuration instead.
 """)

+
+_DEPRECATE_MEMBER_ID_AND_NAME = utils.fmt("""
+This option was used to create a default member role for keystone v2 role
+assignments, but with the removal of the v2 API it is no longer necessary to
+create this default role. This option is deprecated and will be removed in the
+S release. If you are depending on having a predictable role name and ID for
+this member role you will need to update your tooling.
+""")
+
+
 admin_token = cfg.StrOpt(
    'admin_token',
    secret=True,
@ -92,6 +102,9 @@ this should be set to 32).
 member_role_id = cfg.StrOpt(
    'member_role_id',
    default='9fe2ff9ee4384b1894a90878d3e92bab',
+    deprecated_for_removal=True,
+    deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
+    deprecated_since=versionutils.deprecated.QUEENS,
    help=utils.fmt("""
 Similar to the `[DEFAULT] member_role_name` option, this represents the default
 role ID used to associate users with their default projects in the v2 API. This
@ -104,6 +117,9 @@ which case, you should set `[DEFAULT] member_role_name` as well).
 member_role_name = cfg.StrOpt(
    'member_role_name',
    default='_member_',
+    deprecated_for_removal=True,
+    deprecated_reason=_DEPRECATE_MEMBER_ID_AND_NAME,
+    deprecated_since=versionutils.deprecated.QUEENS,
    help=utils.fmt("""
 This is the role name used in combination with the `[DEFAULT] member_role_id`
 option; see that option for more detail. You do not need to set this option
--- a/keystone/tests/unit/test_cli.py
+++ b/keystone/tests/unit/test_cli.py
@ -252,19 +252,6 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
            user_id,
            bootstrap.password)

-    def test_bootstrap_creates_default_role(self):
-        bootstrap = cli.BootStrap()
-        try:
-            role = bootstrap.role_manager.get_role(CONF.member_role_id)
-            self.fail('Member Role is created and should not be.')
-        except exception.RoleNotFound:
-            pass
-
-        self._do_test_bootstrap(bootstrap)
-        role = bootstrap.role_manager.get_role(CONF.member_role_id)
-        self.assertEqual(role['name'], CONF.member_role_name)
-        self.assertEqual(role['id'], CONF.member_role_id)
-

 class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):

--- a/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml
+++ b/releasenotes/notes/deprecated-as-of-queens-8ad7f826e4f08f57.yaml
@ -1,9 +1,17 @@
 ---
 deprecations:
-  - |
+  - >
    The ``/OS-FEDERATION/projects`` and ``/OS-FEDERATION/domains`` APIs are
    deprecated in favor of the ``/v3/auth/projects`` and ``/v3/auth/domains``
    APIs. These APIs were originally marked as deprecated during the Juno
    release cycle, but we never deprecated using ``versionutils`` from oslo.
    More information regarding this deprecation can be found in the `patch
    <https://review.openstack.org/#/c/115423/>`_ that proposed the deprecation.
+  - >
+    [`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
+    The ``member_role_id`` and ``member_role_name`` config options were used to
+    create a default member role for keystone v2 role assignments, but with the
+    removal of the v2 API it is no longer necessary to create this default
+    role. This option is deprecated and will be removed in the S release. If
+    you are depending on having a predictable role name and ID for this member
+    role you will need to update your tooling.
--- a/releasenotes/notes/removed-as-of-queens-94c04e88c08f89aa.yaml
+++ b/releasenotes/notes/removed-as-of-queens-94c04e88c08f89aa.yaml
@ -0,0 +1,8 @@
+---
+other:
+  - >
+    [`bug 1728690 <https://bugs.launchpad.net/keystone/+bug/1728690>`_]
+    The ``keystone-manage bootstrap`` command will only create the admin role
+    and will no longer create a default member role. Please create any
+    additional roles you need after running ``bootstrap`` by using the
+    ``openstack role create`` command.