Deprecate certs commands and APIs

The nova-cert service was deprecated in Newton: 789edad0e811d866551bec18dc7729541105f59d We're going to remove the nova-cert service and os-certificates API from the server in Pike, so we need to also get started on the deprecation in the client. Part of blueprint remove-nova-cert Change-Id: If3e1e40947a8ad3f665f6a96d46de8cef6a2a190
openstack · Apr 6, 2017 · b6aea66 · b6aea66
1 parent 9ca9ae6
commit b6aea66
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 8 deletions.
diff --git a/novaclient/tests/unit/v2/test_certs.py b/novaclient/tests/unit/v2/test_certs.py
@@ -11,6 +11,8 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
+import mock
+
 from novaclient.tests.unit.fixture_data import certs as data
 from novaclient.tests.unit.fixture_data import client
 from novaclient.tests.unit import utils
@@ -26,14 +28,18 @@ class CertsTest(utils.FixturedTestCase):
     scenarios = [('original', {'client_fixture_class': client.V1}),
                  ('session', {'client_fixture_class': client.SessionV1})]
 
-    def test_create_cert(self):
+    @mock.patch('warnings.warn')
+    def test_create_cert(self, mock_warn):
         cert = self.cs.certs.create()
         self.assert_request_id(cert, fakes.FAKE_REQUEST_ID_LIST)
         self.assert_called('POST', '/os-certificates')
         self.assertIsInstance(cert, self.cert_type)
+        self.assertEqual(1, mock_warn.call_count)
 
-    def test_get_root_cert(self):
+    @mock.patch('warnings.warn')
+    def test_get_root_cert(self, mock_warn):
         cert = self.cs.certs.get()
         self.assert_request_id(cert, fakes.FAKE_REQUEST_ID_LIST)
         self.assert_called('GET', '/os-certificates/root')
         self.assertIsInstance(cert, self.cert_type)
+        self.assertEqual(1, mock_warn.call_count)
diff --git a/novaclient/v2/certs.py b/novaclient/v2/certs.py
@@ -16,27 +16,38 @@
 #    under the License.
 
 """
-Certificate interface.
+DEPRECATED Certificate interface.
 """
 
+import warnings
+
 from novaclient import base
+from novaclient.i18n import _
+
+CERT_DEPRECATION_WARNING = (
+    _('The nova-cert service is deprecated. This API binding will be removed '
+      'in the first major release after the Nova server 16.0.0 Pike release.')
+)
 
 
 class Certificate(base.Resource):
+    """DEPRECATED"""
     def __repr__(self):
         return ("<Certificate: private_key=[%s bytes] data=[%s bytes]>" %
                 (len(self.private_key) if self.private_key else 0,
                  len(self.data)))
 
 
 class CertificateManager(base.Manager):
-    """Manage :class:`Certificate` resources."""
+    """DEPRECATED Manage :class:`Certificate` resources."""
     resource_class = Certificate
 
     def create(self):
-        """Create a x509 certificate for a user in tenant."""
+        """DEPRECATED Create a x509 certificate for a user in tenant."""
+        warnings.warn(CERT_DEPRECATION_WARNING, DeprecationWarning)
         return self._create('/os-certificates', {}, 'certificate')
 
     def get(self):
-        """Get root certificate."""
+        """DEPRECATED Get root certificate."""
+        warnings.warn(CERT_DEPRECATION_WARNING, DeprecationWarning)
         return self._get("/os-certificates/root", 'certificate')
diff --git a/novaclient/v2/shell.py b/novaclient/v2/shell.py
@@ -27,6 +27,7 @@
 import pprint
 import sys
 import time
+import warnings
 
 from oslo_utils import netutils
 from oslo_utils import strutils
@@ -48,6 +49,11 @@
 
 logger = logging.getLogger(__name__)
 
+CERT_DEPRECATION_WARNING = (
+    _('The nova-cert service is deprecated. This command will be removed '
+      'in the first major release after the Nova server 16.0.0 Pike release.')
+)
+
 
 CLIENT_BDM2_KEYS = {
     'id': 'uuid',
@@ -2794,7 +2800,8 @@ def simplify_usage(u):
     default='cert.pem',
     help=_('Filename for the X.509 certificate. [Default: cert.pem]'))
 def do_x509_create_cert(cs, args):
-    """Create x509 cert for a user in tenant."""
+    """DEPRECATED Create x509 cert for a user in tenant."""
+    warnings.warn(CERT_DEPRECATION_WARNING, DeprecationWarning)
 
     if os.path.exists(args.pk_filename):
         raise exceptions.CommandError(_("Unable to write privatekey - %s "
@@ -2825,7 +2832,8 @@ def do_x509_create_cert(cs, args):
     default='cacert.pem',
     help=_('Filename to write the x509 root cert.'))
 def do_x509_get_root_cert(cs, args):
-    """Fetch the x509 root cert."""
+    """DEPRECATED Fetch the x509 root cert."""
+    warnings.warn(CERT_DEPRECATION_WARNING, DeprecationWarning)
     if os.path.exists(args.filename):
         raise exceptions.CommandError(_("Unable to write x509 root cert - \
                                       %s exists.") % args.filename)

diff --git a/releasenotes/notes/deprecate-certs-1558d8e3b7888938.yaml b/releasenotes/notes/deprecate-certs-1558d8e3b7888938.yaml
@@ -0,0 +1,7 @@
+---
+deprecations:
+  - |
+    The ``nova x509-create-cert`` and ``nova x509-get-root-cert`` commands
+    and ``novaclient.v2.certs`` API binding are now deprecated and will be
+    removed in the first major release after the Nova server 16.0.0 Pike
+    release.