openstack
/
deb-keystone
Code Issues Proposed changes

Add the deprecated_since to deprecated options 

Oslo config supports a deprecated_since parameter to add further
detail on when an option was deprecated. In that way, it's also
easier to know when n+2 releases has passed and the option is
ready for removal.

Change-Id: I26285897ff7c8c38192b7e1a34bb66b2b2e7e13f
This commit is contained in:
Eric Brown 2016-09-02 17:02:24 -07:00
parent 32af31f509
commit c7a5f41132
7 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
keystone/conf/default.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -151,6 +152,7 @@ domain_id_immutable = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_MUTABLE_DOMAIN_IDS,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Set this to false if you want to enable the ability for user, group and project
entities to be moved between domains by updating their `domain_id` attribute.
@ -175,6 +177,7 @@ secure_proxy_ssl_header = cfg.StrOpt(
default='HTTP_X_FORWARDED_PROTO',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_PROXY_SSL,
deprecated_since=versionutils.deprecated.NEWTON,
help=utils.fmt("""
The HTTP header used to determine the scheme for the original request, even if
it was removed by an SSL terminating proxy.

2
keystone/conf/endpoint_policy.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -24,6 +25,7 @@ The option to enable the OS-ENDPOINT-POLICY API extension has been deprecated
in the M release and will be removed in the O release. The OS-ENDPOINT-POLICY
API extension will be enabled by default.
"""),
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Enable endpoint-policy functionality, which allows policies to be associated
with either specific endpoints, or endpoints of a given service type.

5
keystone/conf/eventlet_server.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -32,6 +33,7 @@ public_bind_host = cfg.StrOpt(
],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The IP address of the network interface for the public service to listen on.
"""))
@ -43,6 +45,7 @@ public_port = cfg.PortOpt(
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The port number for the public service to listen on.
"""))
@ -57,6 +60,7 @@ admin_bind_host = cfg.StrOpt(
],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The IP address of the network interface for the admin service to listen on.
"""))
@ -68,6 +72,7 @@ admin_port = cfg.PortOpt(
deprecated_group='DEFAULT',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_EVENTLET_MSG,
deprecated_since=versionutils.deprecated.KILO,
help=utils.fmt("""
The port number for the admin service to listen on.
"""))

12
keystone/conf/ldap.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -58,6 +59,7 @@ use_dumb_member = cfg.BoolOpt(
default=False,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If true, keystone will add a dummy member based on the `[ldap] dumb_member`
option when creating new groups. This is required if the object class for
@ -70,6 +72,7 @@ dumb_member = cfg.StrOpt(
default='cn=dumb,dc=nonexistent',
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
DN of the "dummy member" to use when `[ldap] use_dumb_member` is enabled. This
option is only used for write operations.
@ -80,6 +83,7 @@ allow_subtree_delete = cfg.BoolOpt(
default=False,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Delete subtrees using the subtree delete control. Only enable this option if
your LDAP server supports subtree deletion. This option is only used for write
@ -245,6 +249,7 @@ user_attribute_ignore = cfg.ListOpt(
default=['default_project_id'],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
List of user attributes to ignore on create and update. This is only used for
write operations.
@ -262,6 +267,7 @@ user_allow_create = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to create users in the LDAP server.
"""))
@ -271,6 +277,7 @@ user_allow_update = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to update users in the LDAP server.
"""))
@ -280,6 +287,7 @@ user_allow_delete = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to delete users in the LDAP server.
"""))
@ -388,6 +396,7 @@ group_attribute_ignore = cfg.ListOpt(
default=[],
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
List of group attributes to ignore on create and update. This is only used for
write operations.
@ -398,6 +407,7 @@ group_allow_create = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to create groups in the LDAP server.
"""))
@ -407,6 +417,7 @@ group_allow_update = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to update groups in the LDAP server.
"""))
@ -416,6 +427,7 @@ group_allow_delete = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATED_LDAP_WRITE,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
If enabled, keystone is allowed to delete groups in the LDAP server.
"""))

2
keystone/conf/os_inherit.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import utils
@ -27,6 +28,7 @@ enabled = cfg.BoolOpt(
default=True,
deprecated_for_removal=True,
deprecated_reason=_DEPRECATE_INHERIT_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
This allows domain-based role assignments to be inherited to projects owned by
that domain, or from parent projects to child projects.

8
keystone/conf/signing.py
View File

@ -11,6 +11,7 @@
# under the License.
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import constants
from keystone.conf import utils
@ -21,6 +22,7 @@ certfile = cfg.StrOpt(
default=constants._CERTFILE,
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Absolute path to the public certificate file to use for signing PKI and PKIZ
tokens. Set this together with `[signing] keyfile`. For non-production
@ -34,6 +36,7 @@ keyfile = cfg.StrOpt(
default=constants._KEYFILE,
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Absolute path to the private key file to use for signing PKI and PKIZ tokens.
Set this together with `[signing] certfile`. There is no reason to set this
@ -44,6 +47,7 @@ ca_certs = cfg.StrOpt(
'ca_certs',
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
default='/etc/keystone/ssl/certs/ca.pem',
help=utils.fmt("""
Absolute path to the public certificate authority (CA) file to use when
@ -59,6 +63,7 @@ ca_key = cfg.StrOpt(
default='/etc/keystone/ssl/private/cakey.pem',
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Absolute path to the private certificate authority (CA) key file to use when
creating self-signed certificates with `keystone-manage pki_setup`. Set this
@ -74,6 +79,7 @@ key_size = cfg.IntOpt(
min=1024,
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
Key size (in bits) to use when generating a self-signed token signing
certificate. There is no reason to set this option unless you are using a `pki`
@ -86,6 +92,7 @@ valid_days = cfg.IntOpt(
default=3650,
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
The validity period (in days) to use when generating a self-signed token
signing certificate. There is no reason to set this option unless you are using
@ -97,6 +104,7 @@ cert_subject = cfg.StrOpt(
'cert_subject',
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
default=('/C=US/ST=Unset/L=Unset/O=Unset/CN=www.example.com'),
help=utils.fmt("""
The certificate subject to use when generating a self-signed token signing

2
keystone/conf/token.py
View File

@ -14,6 +14,7 @@ import hashlib
import sys
from oslo_config import cfg
from oslo_log import versionutils
from keystone.conf import constants
from keystone.conf import utils
@ -138,6 +139,7 @@ hash_algorithm = cfg.StrOpt(
choices=hash_choices,
deprecated_for_removal=True,
deprecated_reason=constants._DEPRECATE_PKI_MSG,
deprecated_since=versionutils.deprecated.MITAKA,
help=utils.fmt("""
This controls the hash algorithm to use to uniquely identify PKI tokens without
having to transmit the entire token to keystone (which may be several