conf: remove deprecated ironic options

Ironic configuration options that were used for a deprecated Identity v2
API have been removed.

Change-Id: I2dfe76b7b8be22c490aed8cf76cd7e921979845c
Implements: bp centralize-config-options-ocata

nova/conf/ironic.py

@@ -29,43 +29,13 @@ If using the Ironic driver following options must be set:
 * password
 * project_domain_id or project_domain_name
 * user_domain_id or user_domain_name
-
-Please note that if you are using Identity v2 API (deprecated),
-you don't need to provide domain information, since domains are
-a v3 concept.
 """)
 
-# FIXME(clenimar): The following deprecated auth options are kept for backwards
-# compatibility. Please remove them as soon as we drop its support:
-# `admin_username`, `admin_password`, `admin_url` and `admin_tenant_name`.
 ironic_options = [
     cfg.StrOpt(
         'api_endpoint',
         sample_default='http://ironic.example.org:6385/',
         help='URL override for the Ironic API endpoint.'),
-    cfg.StrOpt(
-        'admin_username',
-        deprecated_for_removal=True,
-        deprecated_since='14.0.0',
-        help='Ironic keystone admin name. '
-             'Use ``username`` instead.'),
-    cfg.StrOpt(
-        'admin_password',
-        secret=True,
-        deprecated_for_removal=True,
-        deprecated_since='14.0.0',
-        help='Ironic keystone admin password. '
-             'Use ``password`` instead.'),
-    cfg.StrOpt(
-        'admin_url',
-        deprecated_for_removal=True,
-        help='Keystone public API endpoint. '
-             'Use ``auth_url`` instead.'),
-    cfg.StrOpt(
-        'admin_tenant_name',
-        deprecated_for_removal=True,
-        help='Ironic keystone tenant name. '
-             'Use ``project_name`` instead.'),
     cfg.IntOpt(
         'api_max_retries',
         # TODO(raj_singh): Change this default to some sensible number

nova/tests/unit/virt/ironic/test_client_wrapper.py

@@ -76,37 +76,6 @@ class IronicClientWrapperTestCase(test.NoDBTestCase):
                     'ironic_url': None}
         mock_ir_cli.assert_called_once_with(1, **expected)
 
-    @mock.patch.object(keystoneauth1.session, 'Session')
-    @mock.patch.object(keystoneauth1.identity, 'V2Password')
-    @mock.patch.object(ironic_client, 'get_client')
-    def test__get_session_legacy(self, mock_ir_cli, mock_plugin, mock_session):
-        """Create a keystoneauth1 Session with a v2Password auth plugin."""
-        mock_plugin.return_value = 'v2password'
-        ironicclient = client_wrapper.IronicClientWrapper()
-        # dummy call to have _get_client() called
-        ironicclient.call("node.list")
-        expected = {'auth': 'v2password',
-                    'timeout': CONF.ironic.timeout,
-                    'cert': CONF.ironic.certfile,
-                    'verify': True}
-        mock_session.assert_called_once_with(**expected)
-
-    @mock.patch.object(keystoneauth1.identity, 'V2Password')
-    @mock.patch.object(keystoneauth1.loading, 'load_auth_from_conf_options')
-    def test__get_auth_plugin_legacy(self, mock_loader, mock_v2password):
-        """The plugin loader fails to load an auth plugin from proper
-        parameters, returning None. Take the legacy path and load a v2Password
-        plugin from deprecated, legacy auth parameters.
-        """
-        ironicclient = client_wrapper.IronicClientWrapper()
-        mock_loader.return_value = None
-        ironicclient._get_auth_plugin()
-        auth = {'auth_url': CONF.ironic.admin_url,
-                'username': CONF.ironic.admin_username,
-                'password': CONF.ironic.admin_password,
-                'tenant_name': CONF.ironic.admin_tenant_name}
-        mock_v2password.assert_called_once_with(**auth)
-
     @mock.patch.object(client_wrapper.IronicClientWrapper, '_multi_getattr')
     @mock.patch.object(client_wrapper.IronicClientWrapper, '_get_client')
     def test_call_fail_exception(self, mock_get_client, mock_multi_getattr):

nova/virt/ironic/client_wrapper.py

@@ -15,7 +15,6 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-from keystoneauth1 import identity
 from keystoneauth1 import loading as ks_loading
 from oslo_log import log as logging
 from oslo_utils import importutils
@@ -23,7 +22,6 @@ from oslo_utils import importutils
 import nova.conf
 from nova import exception
 from nova.i18n import _
-from nova.i18n import _LW
 
 
 LOG = logging.getLogger(__name__)
@@ -69,24 +67,6 @@ class IronicClientWrapper(object):
         auth_plugin = ks_loading.load_auth_from_conf_options(CONF,
                                                              IRONIC_GROUP.name)
 
-        # If no plugin name is defined, load a v2Password plugin from the
-        # deprecated, legacy auth options in [ironic] group.
-        if auth_plugin is None:
-            LOG.warning(_LW("Couldn't find adequate authentication options "
-                            "under the [ironic] group of nova.conf. Falling "
-                            "to legacy auth options: admin_username, "
-                            "admin_password, admin_tenant_name and admin_url. "
-                            "Please note that these options are deprecated "
-                            "and won't be supported anymore in a future "
-                            "release."))
-            legacy_auth = {
-                'username': CONF.ironic.admin_username,
-                'password': CONF.ironic.admin_password,
-                'tenant_name': CONF.ironic.admin_tenant_name,
-                'auth_url': CONF.ironic.admin_url
-            }
-            auth_plugin = identity.V2Password(**legacy_auth)
-
         return auth_plugin
 
     def _get_client(self, retry_on_conflict=True):

releasenotes/notes/remove_deprecated_ironic_conf_opt-0bff87f16412d4b8.yaml

@@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    Ironic configuration options that were used for a deprecated Identity v2
+    API have been removed from ``ironic`` group. Below is the detailed list of
+    removed options:
+
+    - admin_usernale
+    - admin_password
+    - admin_url
+    - admin_tenant_name