Remove deprecated Neutron authentication options

Change-Id: Iab4d570426336c1e85888b4bb21ff26bb1200761

ironic/common/keystone.py

@@ -115,7 +115,9 @@ def get_endpoint(group, **adapter_kwargs):
     """
     result = get_adapter(group, **adapter_kwargs).get_endpoint()
     if not result:
-        service_type = adapter_kwargs.get('service_type', 'baremetal')
+        service_type = adapter_kwargs.get(
+            'service_type',
+            getattr(getattr(CONF, group), 'service_type', group))
         endpoint_type = adapter_kwargs.get('endpoint_type', 'internal')
         raise exception.CatalogNotFound(
             service_type=service_type, endpoint_type=endpoint_type)

ironic/common/neutron.py

@@ -48,8 +48,7 @@ def _get_neutron_session():
     if not _NEUTRON_SESSION:
         _NEUTRON_SESSION = keystone.get_session(
             'neutron',
-            # TODO(pas-ha) remove in Rocky
-            timeout=CONF.neutron.timeout or CONF.neutron.url_timeout)
+            timeout=CONF.neutron.timeout)
     return _NEUTRON_SESSION
 
 
@@ -63,21 +62,8 @@ def get_client(token=None, context=None):
     session = _get_neutron_session()
     service_auth = keystone.get_auth('neutron')
 
-    # TODO(pas-ha) remove in Rocky, always simply load from config
-    # 'noauth' then would correspond to 'auth_type=none' and
-    # 'endpoint_override'
-    adapter_params = {}
-    if (CONF.neutron.auth_strategy == 'noauth'
-            and CONF.neutron.auth_type is None):
-        CONF.set_override('auth_type', 'none', group='neutron')
-        if not CONF.neutron.endpoint_override:
-            adapter_params['endpoint_override'] = (CONF.neutron.url
-                                                   or DEFAULT_NEUTRON_URL)
-    else:
-        if CONF.neutron.url and not CONF.neutron.endpoint_override:
-            adapter_params['endpoint_override'] = CONF.neutron.url
     endpoint = keystone.get_endpoint('neutron', session=session,
-                                     auth=service_auth, **adapter_params)
+                                     auth=service_auth)
 
     user_auth = None
     if CONF.neutron.auth_type != 'none' and context.auth_token:

ironic/conf/neutron.py

@@ -20,25 +20,6 @@ from ironic.common.i18n import _
 from ironic.conf import auth
 
 opts = [
-    cfg.StrOpt('url',
-               deprecated_for_removal=True,
-               deprecated_reason=_("Use [neutron]/endpoint_override option "
-                                   "instead. It has no default value and must "
-                                   "be set explicitly if required to connect "
-                                   "to specific neutron URL, for example "
-                                   "in stand alone mode when "
-                                   "[neutron]/auth_type is 'none'."),
-               help=_("URL for connecting to neutron. "
-                      "Default value translates to 'http://$my_ip:9696' "
-                      "when auth_strategy is 'noauth', "
-                      "and to discovery from Keystone catalog "
-                      "when auth_strategy is 'keystone'.")),
-    cfg.IntOpt('url_timeout',
-               default=30,
-               deprecated_for_removal=True,
-               deprecated_reason=_("Set the desired value explicitly using "
-                                   "the [neutron]/timeout option instead."),
-               help=_('Timeout value for connecting to neutron in seconds.')),
     cfg.IntOpt('port_setup_delay',
                default=0,
                min=0,
@@ -47,20 +28,6 @@ opts = [
     cfg.IntOpt('retries',
                default=3,
                help=_('Client retries in the case of a failed request.')),
-    cfg.StrOpt('auth_strategy',
-               default='keystone',
-               choices=[('keystone', _('use the Identity service for '
-                                       'authentication')),
-                        ('noauth', _('no authentication'))],
-               deprecated_for_removal=True,
-               deprecated_reason=_("To configure neutron for noauth mode, "
-                                   "set [neutron]/auth_type = none and "
-                                   "[neutron]/endpoint_override="
-                                   "<NEUTRON_API_URL> instead"),
-               help=_('Authentication strategy to use when connecting to '
-                      'neutron. Running neutron in noauth mode (related to '
-                      'but not affected by this setting) is insecure and '
-                      'should only be used for testing.')),
     cfg.StrOpt('cleaning_network',
                help=_('Neutron network UUID or name for the ramdisk to be '
                       'booted into for cleaning nodes. Required for "neutron" '

ironic/tests/unit/common/test_neutron.py

@@ -16,7 +16,6 @@ from keystoneauth1 import loading as kaloading
 import mock
 from neutronclient.common import exceptions as neutron_client_exc
 from neutronclient.v2_0 import client
-from oslo_config import cfg
 from oslo_utils import uuidutils
 
 from ironic.common import context
@@ -125,30 +124,10 @@ class TestNeutronClient(base.TestCase):
                                              auth=mock.sentinel.auth)
         self.assertEqual(0, mock_sauth.call_count)
 
-    def test_get_neutron_client_with_deprecated_opts(self, mock_client_init,
-                                                     mock_session,
-                                                     mock_adapter, mock_auth,
-                                                     mock_sauth):
-        self.config(url='neutron_url',
-                    url_timeout=10,
-                    timeout=None,
-                    service_type=None,
-                    group='neutron')
-        mock_adapter.return_value = adapter = mock.Mock()
-        adapter.get_endpoint.return_value = 'neutron_url'
-        self._call_and_assert_client(mock_client_init, 'neutron_url')
-        mock_session.assert_called_once_with('neutron', timeout=10)
-        mock_adapter.assert_called_once_with('neutron',
-                                             session=mock.sentinel.session,
-                                             auth=mock.sentinel.auth,
-                                             endpoint_override='neutron_url')
-
     def test_get_neutron_client_noauth(self, mock_client_init, mock_session,
                                        mock_adapter, mock_auth, mock_sauth):
-        self.config(auth_strategy='noauth',
-                    endpoint_override='neutron_url',
-                    url_timeout=None,
-                    auth_type=None,
+        self.config(endpoint_override='neutron_url',
+                    auth_type='none',
                     timeout=10,
                     group='neutron')
         mock_adapter.return_value = adapter = mock.Mock()
@@ -164,11 +143,6 @@ class TestNeutronClient(base.TestCase):
         mock_auth.assert_called_once_with('neutron')
         self.assertEqual(0, mock_sauth.call_count)
 
-    def test_out_range_auth_strategy(self, mock_client_init, mock_session,
-                                     mock_adapter, mock_auth, mock_eauth):
-        self.assertRaises(ValueError, cfg.CONF.set_override,
-                          'auth_strategy', 'fake', 'neutron')
-
 
 class TestNeutronNetworkActions(db_base.DbTestCase):
 

ironic/tests/unit/dhcp/test_factory.py

@@ -31,8 +31,8 @@ class TestDHCPFactory(base.TestCase):
 
     def setUp(self):
         super(TestDHCPFactory, self).setUp()
-        self.config(url='test-url',
-                    url_timeout=30,
+        self.config(endpoint_override='test-url',
+                    timeout=30,
                     group='neutron')
         dhcp_factory.DHCPFactory._dhcp_provider = None
         self.addCleanup(setattr, dhcp_factory.DHCPFactory,

releasenotes/notes/deprecated-neutron-ops-79abab5b013b7939.yaml

@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The deprecated options ``url``, ``url_timeout`` and ``auth_strategy`` from
+    the ``[neutron]`` section have been removed. Use ``endpoint_override``,
+    ``timeout`` and ``auth_type`` respectively.