openstack/barbican
Code Issues Proposed changes

Deprecate Cetificate Resources

Browse Source 
Begins the deprecation process for Barbican CAs API,
and Barbican Certificate Orders Resource. This is
done through logging deprecation schedule on API,
as well as adding a warning to the documentation.

Change-Id: Idbe6307fa45527aa225e61b3b1ac9ca86e7660c5
This commit is contained in:
Fernando Diaz 2016-11-03 01:24:22 +00:00
parent d85be13550
commit 140a8182e2
10 changed files with 55 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api-guide/source/certificates.rst
View File

@ -2,6 +2,11 @@
Certificates API - User Guide Certificates API - User Guide
****************************** ******************************
.. warning::
DEPRECATION WARNING: The Certificates API has been deprecated and will
be removed in the P release.
Barbican will be used to manage the lifecycle of x509 certificates covering Barbican will be used to manage the lifecycle of x509 certificates covering
operations such as initial certificate issuance, certificate re-issuance, operations such as initial certificate issuance, certificate re-issuance,
certificate renewal and certificate revocation. At present, only the issuance of certificate renewal and certificate revocation. At present, only the issuance of

5
api-guide/source/orders.rst
View File

@ -11,6 +11,11 @@ The orders resource supports the following types:
* asymmetric keys * asymmetric keys
* certificates * certificates
.. warning::
DEPRECATION WARNING: The Certificates Order resource has been deprecated
and will be removed in the P release.
This user guide provides high level examples of the orders resource. This user guide provides high level examples of the orders resource.
It will assume you will be using a local running development environment of barbican. It will assume you will be using a local running development environment of barbican.
If you need assistance with getting set up, please reference the If you need assistance with getting set up, please reference the

8
barbican/api/controllers/cas.py
View File

@ -12,6 +12,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from oslo_log import versionutils
import pecan import pecan
from six.moves.urllib import parse from six.moves.urllib import parse
@ -30,6 +31,9 @@ from barbican.tasks import certificate_resources as cert_resources
LOG = utils.getLogger(__name__) LOG = utils.getLogger(__name__)
_DEPRECATION_MSG = u._LW('%s has been deprecated in the Newton release. It '
'will be removed in the Pike release.')
def _certificate_authority_not_found(): def _certificate_authority_not_found():
"""Throw exception indicating certificate authority not found.""" """Throw exception indicating certificate authority not found."""
@ -67,6 +71,8 @@ class CertificateAuthorityController(controllers.ACLMixin):
def __init__(self, ca): def __init__(self, ca):
LOG.debug('=== Creating CertificateAuthorityController ===') LOG.debug('=== Creating CertificateAuthorityController ===')
msg = _DEPRECATION_MSG % "Certificate Authorities API"
versionutils.report_deprecated_feature(LOG, msg)
self.ca = ca self.ca = ca
self.ca_repo = repo.get_ca_repository() self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository() self.project_ca_repo = repo.get_project_ca_repository()
@ -256,6 +262,8 @@ class CertificateAuthoritiesController(controllers.ACLMixin):
def __init__(self): def __init__(self):
LOG.debug('Creating CertificateAuthoritiesController') LOG.debug('Creating CertificateAuthoritiesController')
msg = _DEPRECATION_MSG % "Certificate Authorities API"
versionutils.report_deprecated_feature(LOG, msg)
self.ca_repo = repo.get_ca_repository() self.ca_repo = repo.get_ca_repository()
self.project_ca_repo = repo.get_project_ca_repository() self.project_ca_repo = repo.get_project_ca_repository()
self.preferred_ca_repo = repo.get_preferred_ca_repository() self.preferred_ca_repo = repo.get_preferred_ca_repository()

6
barbican/api/controllers/orders.py
View File

@ -10,6 +10,7 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
from oslo_log import versionutils
import pecan import pecan
from barbican import api from barbican import api
@ -26,6 +27,9 @@ from barbican.queue import client as async_client
LOG = utils.getLogger(__name__) LOG = utils.getLogger(__name__)
_DEPRECATION_MSG = u._LW('%s has been deprecated in the Newton release. It '
'will be removed in the Pike release.')
def _order_not_found(): def _order_not_found():
"""Throw exception indicating order not found.""" """Throw exception indicating order not found."""
@ -211,6 +215,8 @@ class OrdersController(controllers.ACLMixin):
'request_type': request_type}) 'request_type': request_type})
if order_type == models.OrderType.CERTIFICATE: if order_type == models.OrderType.CERTIFICATE:
msg = _DEPRECATION_MSG % "Certificate Order Resource"
versionutils.report_deprecated_feature(LOG, msg)
validators.validate_ca_id(project.id, body.get('meta')) validators.validate_ca_id(project.id, body.get('meta'))
if request_type == 'stored-key': if request_type == 'stored-key':
container_ref = order_meta.get('container_ref') container_ref = order_meta.get('container_ref')

5
doc/source/api/reference/cas.rst
View File

@ -2,6 +2,11 @@
Certificates Authorities API - Reference Certificates Authorities API - Reference
**************************************** ****************************************
.. warning::
DEPRECATION WARNING: The Certificates Authorities API has been deprecated
and will be removed in the P release.
Barbican provides an API to interact with certificate authorities (CAs). For Barbican provides an API to interact with certificate authorities (CAs). For
an introduction to CAs and how Barbican manages them, see the an introduction to CAs and how Barbican manages them, see the
`Certificate Authorities User's Guide <http://developer.openstack.org/api-guide/key-manager/cas.html>`__. `Certificate Authorities User's Guide <http://developer.openstack.org/api-guide/key-manager/cas.html>`__.

6
doc/source/api/reference/certificates.rst
View File

@ -2,6 +2,11 @@
Certificates API - Reference Certificates API - Reference
**************************** ****************************
.. warning::
DEPRECATION WARNING: The Certificates API has been deprecated and will
be removed in the P release.
.. _reference_post_certificate_orders: .. _reference_post_certificate_orders:
POST /v1/orders POST /v1/orders
@ -149,4 +154,3 @@ HTTP Status Codes
+------+-----------------------------------------------------------------------------+ +------+-----------------------------------------------------------------------------+
| 415 | Unsupported media type | | 415 | Unsupported media type |
+------+-----------------------------------------------------------------------------+ +------+-----------------------------------------------------------------------------+

5
doc/source/api/reference/orders.rst
View File

@ -2,6 +2,11 @@
Orders API - Reference Orders API - Reference
********************** **********************
.. warning::
DEPRECATION WARNING: The Certificates Order resource has been deprecated
and will be removed in the P release.
.. _get_orders: .. _get_orders:
GET /v1/orders GET /v1/orders

7
doc/source/plugin/certificate.rst
View File

@ -4,6 +4,11 @@
Certificate Plugin Development Certificate Plugin Development
============================== ==============================
.. warning::
DEPRECATION WARNING: The Certificates Plugin has been deprecated and will
be removed in the P release.
This guide describes how to develop a custom certificate plugin for use by This guide describes how to develop a custom certificate plugin for use by
Barbican. Barbican.
@ -23,8 +28,6 @@ plugins:
similar interactions as with Symantec. similar interactions as with Symantec.
``certificate_manager`` Module ``certificate_manager`` Module
============================== ==============================

5
doc/source/setup/certificate.rst
View File

@ -1,6 +1,11 @@
Setting up Certificate Plugins Setting up Certificate Plugins
============================== ==============================
.. warning::
DEPRECATION WARNING: The Certificates Plugin has been deprecated and will
be removed in the P release.
Using the SnakeOil CA plugin Using the SnakeOil CA plugin
---------------------------- ----------------------------

6
etc/barbican/barbican.conf
View File

@ -322,6 +322,10 @@ ca_certs = '/path/to/certs/LocalCA.crt'
# ================= Certificate plugin =================== # ================= Certificate plugin ===================
# DEPRECATION WARNING: The Certificates Plugin has been deprecated
# and will be removed in the P release.
[certificate] [certificate]
namespace = barbican.certificate.plugin namespace = barbican.certificate.plugin
enabled_certificate_plugins = simple_certificate enabled_certificate_plugins = simple_certificate
@ -338,6 +342,8 @@ ca_cert_chain_path = /etc/barbican/snakeoil-ca.chain
ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b ca_cert_pkcs7_path = /etc/barbican/snakeoil-ca.p7b
subca_cert_key_directory=/etc/barbican/snakeoil-cas subca_cert_key_directory=/etc/barbican/snakeoil-cas
# ========================================================
[cors] [cors]
# #