From 19e602c683583969c35d5e454bc41e02125ca455 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@gmail.com>
Date: Sat, 30 Sep 2017 08:57:17 +1000
Subject: [PATCH] Issue a deprecation warning for validating PKI tokens

PKI tokens have been deprecated and removed from keystone server. To get
them removed from auth_token middleware we need to deprecate it.

We issue the warning when a successful validation has occurred as all
incoming tokens get checked for if we think they are PKI and tried to
decrypt.

Change-Id: Ibc6e3378aa7c851335bcb9abbcc31572e6cef9e7
bp: deprecated-as-of-queens
---
 keystonemiddleware/auth_token/__init__.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/keystonemiddleware/auth_token/__init__.py b/keystonemiddleware/auth_token/__init__.py
index 6cb1f93c..689c8179 100644
--- a/keystonemiddleware/auth_token/__init__.py
+++ b/keystonemiddleware/auth_token/__init__.py
@@ -802,6 +802,13 @@ class AuthProtocol(BaseAuthProtocol):
             self.log.warning('Fetch revocation list failed, '
                              'fallback to online validation.')
         else:
+            self.log.warning('auth_token middleware received a PKI/Z token. '
+                             'This form of token is deprecated and has been '
+                             'removed from keystone server and will be '
+                             'removed from auth_token middleware in the Rocky '
+                             'release. Please contact your administrator '
+                             'about upgrading keystone and the token format.')
+
             data = jsonutils.loads(verified)
 
             audit_ids = None