From 4403fe7247151d324f80b865cc2d5a0a078d25fa Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Tue, 16 Mar 2021 22:18:35 +0900 Subject: [PATCH] Deprecate support for [p11_crypto_plugin]token_label ... because this parameter was deprecated from Barbican[1]. [1] 1ca03610d7257c782b11d6bcf54074d66a79c545 Change-Id: I674862c481e66581af3070d159a8a06e2bc9e20f --- manifests/plugins/p11_crypto.pp | 23 ++++++++++++++----- ...o_plugin_token_label-a055b1ea71604914.yaml | 6 +++++ 2 files changed, 23 insertions(+), 6 deletions(-) create mode 100644 releasenotes/notes/deprecate-p11_crypto_plugin_token_label-a055b1ea71604914.yaml diff --git a/manifests/plugins/p11_crypto.pp b/manifests/plugins/p11_crypto.pp index 7a157857..50308ec2 100644 --- a/manifests/plugins/p11_crypto.pp +++ b/manifests/plugins/p11_crypto.pp @@ -23,10 +23,6 @@ # (optional) Serial number to identify PKCS#11 token # Defaults to $::os_service_default # -# [*p11_crypto_plugin_token_label*] -# (optional) Label to identify PKCS#11 token -# Defaults to $::os_service_default -# # [*p11_crypto_plugin_token_labels*] # (optional) List of comma-separated labels to identify # PKCS#11 tokens to be used. @@ -65,6 +61,12 @@ # (optional) set plugin as global default # Defaults to false # +# DEPRECATED PARAMETERS +# +# [*p11_crypto_plugin_token_label*] +# (optional) Label to identify PKCS#11 token +# Defaults to undef +# class barbican::plugins::p11_crypto ( $p11_crypto_plugin_library_path, $p11_crypto_plugin_login, @@ -72,7 +74,6 @@ class barbican::plugins::p11_crypto ( $p11_crypto_plugin_mkek_length, $p11_crypto_plugin_hmac_label, $p11_crypto_plugin_token_serial_number = $::os_service_default, - $p11_crypto_plugin_token_label = $::os_service_default, $p11_crypto_plugin_token_labels = $::os_service_default, $p11_crypto_plugin_slot_id = $::os_service_default, $p11_crypto_plugin_encryption_mechanism = $::os_service_default, @@ -81,10 +82,20 @@ class barbican::plugins::p11_crypto ( $p11_crypto_plugin_aes_gcm_generate_iv = $::os_service_default, $p11_crypto_plugin_os_locking_ok = $::os_service_default, $global_default = false, + # DEPRECATED PARAMETERS + $p11_crypto_plugin_token_label = undef, ) { include barbican::deps + if $p11_crypto_plugin_token_label != undef { + warning('The p11_crypto_plugin_token_label parameter has been deprecated. \ +Use the p11_crypto_plugin_token_labels parameter instead') + $p11_crypto_plugin_token_label_real = $p11_crypto_plugin_token_label + } else { + $p11_crypto_plugin_token_label_real = $::os_service_default + } + barbican_config { 'p11_crypto_plugin/library_path': value => $p11_crypto_plugin_library_path; 'p11_crypto_plugin/login': value => $p11_crypto_plugin_login; @@ -92,7 +103,7 @@ class barbican::plugins::p11_crypto ( 'p11_crypto_plugin/mkek_length': value => $p11_crypto_plugin_mkek_length; 'p11_crypto_plugin/hmac_label': value => $p11_crypto_plugin_hmac_label; 'p11_crypto_plugin/token_serial_number': value => $p11_crypto_plugin_token_serial_number; - 'p11_crypto_plugin/token_label': value => $p11_crypto_plugin_token_label; + 'p11_crypto_plugin/token_label': value => $p11_crypto_plugin_token_label_real; 'p11_crypto_plugin/token_labels': value => $p11_crypto_plugin_token_labels; 'p11_crypto_plugin/slot_id': value => $p11_crypto_plugin_slot_id; 'p11_crypto_plugin/encryption_mechanism': value => $p11_crypto_plugin_encryption_mechanism; diff --git a/releasenotes/notes/deprecate-p11_crypto_plugin_token_label-a055b1ea71604914.yaml b/releasenotes/notes/deprecate-p11_crypto_plugin_token_label-a055b1ea71604914.yaml new file mode 100644 index 00000000..ca2cf465 --- /dev/null +++ b/releasenotes/notes/deprecate-p11_crypto_plugin_token_label-a055b1ea71604914.yaml @@ -0,0 +1,6 @@ +--- +deprecations: + - | + The ``barbican::plugins::p11_crypto::p11_crypto_plugin_token_label`` + parameter has been deprecated. Use the ``p11_crypto_plugin_token_labels`` + parameter instead.