From b4722f6f1fe69c30d34392a87f2ff120c0759d50 Mon Sep 17 00:00:00 2001
From: ZhongShengping <chdzsp@163.com>
Date: Mon, 2 Nov 2020 14:42:03 +0800
Subject: [PATCH] Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: I0bd365036e8a06e906775966e9ff189c5f7fd463
Closes-Bug: #1902158
---
 manifests/init.pp                             | 53 +++++++++++--------
 ...ecure_clients-option-bece7e26e5a65503.yaml |  4 ++
 spec/classes/ceilometer_init_spec.rb          |  2 -
 3 files changed, 34 insertions(+), 25 deletions(-)
 create mode 100644 releasenotes/notes/deprecate_allow_insecure_clients-option-bece7e26e5a65503.yaml

diff --git a/manifests/init.pp b/manifests/init.pp
index c15193a1..7736ba14 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -185,10 +185,6 @@
 #   (Optional) Password for decrypting ssl_key_file (if encrypted)
 #   Defaults to $::os_service_default.
 #
-# [*amqp_allow_insecure_clients*]
-#   (Optional) Accept clients using either SSL or plain TCP
-#   Defaults to $::os_service_default.
-#
 # [*amqp_sasl_mechanisms*]
 #   (Optional) Space separated list of acceptable SASL mechanisms
 #   Defaults to $::os_service_default.
@@ -227,6 +223,12 @@
 #   IP address.
 #   Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*amqp_allow_insecure_clients*]
+#   (Optional) Accept clients using either SSL or plain TCP
+#   Defaults to undef.
+#
 class ceilometer(
   $http_timeout                       = '600',
   $telemetry_secret                   = false,
@@ -267,7 +269,6 @@ class ceilometer(
   $amqp_ssl_cert_file                 = $::os_service_default,
   $amqp_ssl_key_file                  = $::os_service_default,
   $amqp_ssl_key_password              = $::os_service_default,
-  $amqp_allow_insecure_clients        = $::os_service_default,
   $amqp_sasl_mechanisms               = $::os_service_default,
   $amqp_sasl_config_dir               = $::os_service_default,
   $amqp_sasl_config_name              = $::os_service_default,
@@ -277,11 +278,18 @@ class ceilometer(
   $snmpd_readonly_user_password       = $::os_service_default,
   $purge_config                       = false,
   $host                               = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $amqp_allow_insecure_clients        = undef,
 ) {
 
   include ceilometer::deps
   include ceilometer::params
 
+  if $amqp_allow_insecure_clients != undef {
+    warning('The amqp_allow_insecure_clients parameter is deprecated and \
+will be removed in a future release.')
+  }
+
   group { 'ceilometer':
     ensure  => present,
     name    => 'ceilometer',
@@ -324,24 +332,23 @@ class ceilometer(
   }
 
   oslo::messaging::amqp { 'ceilometer_config':
-    server_request_prefix  => $amqp_server_request_prefix,
-    broadcast_prefix       => $amqp_broadcast_prefix,
-    group_request_prefix   => $amqp_group_request_prefix,
-    container_name         => $amqp_container_name,
-    idle_timeout           => $amqp_idle_timeout,
-    trace                  => $amqp_trace,
-    rpc_address_prefix     => $amqp_rpc_address_prefix,
-    notify_address_prefix  => $amqp_notify_address_prefix,
-    ssl_ca_file            => $amqp_ssl_ca_file,
-    ssl_cert_file          => $amqp_ssl_cert_file,
-    ssl_key_file           => $amqp_ssl_key_file,
-    ssl_key_password       => $amqp_ssl_key_password,
-    allow_insecure_clients => $amqp_allow_insecure_clients,
-    sasl_mechanisms        => $amqp_sasl_mechanisms,
-    sasl_config_dir        => $amqp_sasl_config_dir,
-    sasl_config_name       => $amqp_sasl_config_name,
-    username               => $amqp_username,
-    password               => $amqp_password,
+    server_request_prefix => $amqp_server_request_prefix,
+    broadcast_prefix      => $amqp_broadcast_prefix,
+    group_request_prefix  => $amqp_group_request_prefix,
+    container_name        => $amqp_container_name,
+    idle_timeout          => $amqp_idle_timeout,
+    trace                 => $amqp_trace,
+    rpc_address_prefix    => $amqp_rpc_address_prefix,
+    notify_address_prefix => $amqp_notify_address_prefix,
+    ssl_ca_file           => $amqp_ssl_ca_file,
+    ssl_cert_file         => $amqp_ssl_cert_file,
+    ssl_key_file          => $amqp_ssl_key_file,
+    ssl_key_password      => $amqp_ssl_key_password,
+    sasl_mechanisms       => $amqp_sasl_mechanisms,
+    sasl_config_dir       => $amqp_sasl_config_dir,
+    sasl_config_name      => $amqp_sasl_config_name,
+    username              => $amqp_username,
+    password              => $amqp_password,
   }
 
   # Once we got here, we can act as an honey badger on the rpc used.
diff --git a/releasenotes/notes/deprecate_allow_insecure_clients-option-bece7e26e5a65503.yaml b/releasenotes/notes/deprecate_allow_insecure_clients-option-bece7e26e5a65503.yaml
new file mode 100644
index 00000000..72dff754
--- /dev/null
+++ b/releasenotes/notes/deprecate_allow_insecure_clients-option-bece7e26e5a65503.yaml
@@ -0,0 +1,4 @@
+---
+deprecations:
+  - allow_insecure_clients option is now deprecated for removal, the
+    parameter has no effect.
diff --git a/spec/classes/ceilometer_init_spec.rb b/spec/classes/ceilometer_init_spec.rb
index dec9cf14..c5e89856 100644
--- a/spec/classes/ceilometer_init_spec.rb
+++ b/spec/classes/ceilometer_init_spec.rb
@@ -331,7 +331,6 @@ describe 'ceilometer' do
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>') }
-      it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>') }
@@ -359,7 +358,6 @@ describe 'ceilometer' do
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_ca_file').with_value('/path/to/ca.cert') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_cert_file').with_value('/path/to/certfile') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/ssl_key_file').with_value('/path/to/key') }
-      it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>') }
       it { is_expected.to contain_ceilometer_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>') }