diff options
| author | Morgan Fainberg <morgan.fainberg@gmail.com> | 2018-10-26 12:33:28 -0700 |
|---|---|---|
| committer | Colleen Murphy <colleen.murphy@suse.de> | 2019-06-19 12:16:47 -0700 |
| commit | b3e84aafc0302b1a87754f438696794076ba844f (patch) | |
| tree | 701b96a859805c08470f41fdaf6d97283f2b2c89 /keystonemiddleware/auth_token/_opts.py | |
| parent | 3e62d25dacb4282609d897f8a9cf08c3603b12d7 (diff) | |
| download | keystonemiddleware-b3e84aafc0302b1a87754f438696794076ba844f.tar.gz | |
Remove PKI/PKIZ support
Keystone server no longer supports PKI/PKIZ. This change removes
keystonemiddleware's support of PKI/PKIZ and associated code.
Change-Id: I9a6639a2aa3774be61972d57f38220f66fd5c0e8
closes-bug: #1649735
partial-bug: #1736985
Diffstat (limited to 'keystonemiddleware/auth_token/_opts.py')
| -rw-r--r-- | keystonemiddleware/auth_token/_opts.py | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py index 6231b6d..b551407 100644 --- a/keystonemiddleware/auth_token/_opts.py +++ b/keystonemiddleware/auth_token/_opts.py @@ -99,13 +99,6 @@ _OPTS = [ cfg.BoolOpt('insecure', default=False, help='Verify HTTPS connections.'), cfg.StrOpt('region_name', help='The region in which the identity server can be found.'), - cfg.StrOpt('signing_dir', - deprecated_for_removal=True, - deprecated_reason='PKI token format is no longer supported.', - deprecated_since='Ocata', - help='Directory used to cache files related to PKI tokens. This' - ' option has been deprecated in the Ocata release and will be' - ' removed in the P release.'), cfg.ListOpt('memcached_servers', deprecated_name='memcache_servers', help='Optionally specify a list of memcached server(s) to' @@ -172,19 +165,6 @@ _OPTS = [ ' unknown the token will be rejected. "required" any form of' ' token binding is needed to be allowed. Finally the name of a' ' binding method that must be present in tokens.'), - cfg.ListOpt('hash_algorithms', default=['md5'], - deprecated_for_removal=True, - deprecated_reason='PKI token format is no longer supported.', - deprecated_since='Ocata', - help='Hash algorithms to use for hashing PKI tokens. This may' - ' be a single algorithm or multiple. The algorithms are those' - ' supported by Python standard hashlib.new(). The hashes will' - ' be tried in the order given, so put the preferred one first' - ' for performance. The result of the first hash will be stored' - ' in the cache. This will typically be set to multiple values' - ' only while migrating from a less secure algorithm to a more' - ' secure one. Once all the old tokens are expired this option' - ' should be set to a single value for better performance.'), cfg.ListOpt('service_token_roles', default=['service'], help='A choice of roles that must be present in a service' ' token. Service tokens are allowed to request that an expired' |