Merge "Deprecate (and slate for removal) UUID tokens"

2017-02-24 16:42:05 +00:00 · 2017-02-24 16:42:05 +00:00 · d4b4094dc7
parent 81107ce2cc 5896d841df
commit d4b4094dc7
3 changed files with 26 additions and 0 deletions
--- a/keystone/conf/token.py
+++ b/keystone/conf/token.py
@ -13,6 +13,7 @@
 import sys

 from oslo_config import cfg
+from oslo_log import versionutils

 from keystone.conf import utils

@ -30,6 +31,8 @@ enforce_token_bind = cfg.StrOpt(
    'enforce_token_bind',
    default='permissive',
    choices=['disabled', 'permissive', 'strict', 'required'],
+    deprecated_since=versionutils.deprecated.PIKE,
+    deprecated_for_removal=True,
    help=utils.fmt("""
 This controls the token binding enforcement policy on tokens presented to
 keystone with token binding metadata (as specified by the `[token] bind`
@ -74,6 +77,8 @@ command).
 driver = cfg.StrOpt(
    'driver',
    default='sql',
+    deprecated_since=versionutils.deprecated.PIKE,
+    deprecated_for_removal=True,
    help=utils.fmt("""
 Entry point for the token persistence backend driver in the
 `keystone.token.persistence` namespace. Keystone provides the `sql`
--- a/keystone/token/providers/uuid.py
+++ b/keystone/token/providers/uuid.py
@ -16,6 +16,8 @@

 from __future__ import absolute_import

+from oslo_log import versionutils
+
 import uuid

 from keystone.token.providers import common
@ -23,6 +25,14 @@ from keystone.token.providers import common

 class Provider(common.BaseProvider):

+    @versionutils.deprecated(
+        as_of=versionutils.deprecated.PIKE,
+        what='UUID Token Provider "[token] provider=uuid"',
+        in_favor_of='Fernet token Provider "[token] provider=fernet"',
+        remove_in=+2)
+    def __init__(self, *args, **kwargs):
+        super(Provider, self).__init__(*args, **kwargs)
+
    def _get_token_id(self, token_data):
        return uuid.uuid4().hex

--- a/releasenotes/notes/deprecated-as-of-pike-506f9aca91674550.yaml
+++ b/releasenotes/notes/deprecated-as-of-pike-506f9aca91674550.yaml
@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    * UUID token provider ``[token] provider=uuid`` has been deprecated in
+      favor of Fernet tokens ``[token] provider=fernet``. With Fernet tokens
+      becoming the default UUID tokens can be slated for removal in the R
+      release. This also deprecates token-bind support as it was never
+      implemented for fernet.
+
+    * Token persistence driver/code (SQL) is deprecated with this patch since
+      it is only used by the UUID token provider..