Deprecate parameters for native ssl support

Glance removed native ssl support during Ussuri cycle[1]. This change deprecates the remaining parameters to set up the feature, so that we can remove these ineffective parameters in a future release. [1] 06b2465f598c014451c244d47c2ded4f1e2c6947 Closes-Bug: #1965776 Change-Id: Ie4a984a4b7136304425588856eabff2e60d1cbba
2022-03-21 23:54:44 +09:00
parent c91d71879f
commit 2a2f349d8a
3 changed files with 31 additions and 44 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@@ -106,18 +106,6 @@
 #   in the api config.
 #   Defaults to false.
 #
-# [*cert_file*]
-#   (optinal) Certificate file to use when starting API server securely
-#   Defaults to $::os_service_default
-#
-# [*key_file*]
-#   (optional) Private key file to use when starting API server securely
-#   Defaults to $::os_service_default
-#
-# [*ca_file*]
-#   (optional) CA certificate file to use to verify connecting clients
-#   Defaults to $::os_service_default
-#
 # [*enforce_secure_rbac*]
 #  (optional) Enabled enforcing authorization based on common RBAC personas.
 #  Defaults to $::os_service_default
@@ -288,6 +276,18 @@
 #   (optional) The amount of time in seconds to delay before performing a delete.
 #   Defaults to undef
 #
+# [*cert_file*]
+#   (optinal) Certificate file to use when starting API server securely
+#   Defaults to undef
+#
+# [*key_file*]
+#   (optional) Private key file to use when starting API server securely
+#   Defaults to undef
+#
+# [*ca_file*]
+#   (optional) CA certificate file to use to verify connecting clients
+#   Defaults to undef
+#
 class glance::api(
  $package_ensure                       = 'present',
  $bind_host                            = $::os_service_default,
@@ -304,9 +304,6 @@ class glance::api(
  $filesystem_store_file_perm           = $::os_service_default,
  $location_strategy                    = $::os_service_default,
  $purge_config                         = false,
-  $cert_file                            = $::os_service_default,
-  $key_file                             = $::os_service_default,
-  $ca_file                              = $::os_service_default,
  $enforce_secure_rbac                  = $::os_service_default,
  $use_keystone_limits                  = $::os_service_default,
  $enabled_backends                     = undef,
@@ -353,6 +350,9 @@ class glance::api(
  $validate                             = undef,
  $validation_options                   = undef,
  $scrub_time                           = undef,
+  $cert_file                            = undef,
+  $key_file                             = undef,
+  $ca_file                              = undef,
 ) inherits glance {

  include glance::deps
@@ -379,6 +379,12 @@ glance::backend::multistore::cinder::cinder_os_region_name instead.')
    'DEFAULT/scrub_time': ensure => absent;
  }

+  ['cert_file', 'key_file', 'ca_file'].each |String $ssl_opt| {
+    if getvar($ssl_opt) != undef {
+      warning("The ${ssl_opt} parameter has been deprecated and has no effect.")
+    }
+  }
+
  if $sync_db {
    include glance::db::sync
    include glance::db::metadefs
@@ -581,13 +587,6 @@ enabled_backends instead.')
    max_request_body_size        => $max_request_body_size,
  }

-  # SSL Options
-  glance_api_config {
-    'DEFAULT/cert_file': value => $cert_file;
-    'DEFAULT/key_file' : value => $key_file;
-    'DEFAULT/ca_file'  : value => $ca_file;
-  }
-
  if $keymgr_backend != undef {
    warning('The keymgr_backend parameter is deprecated. Use the glance::key_manager class')
    include glance::key_manager
--- a/releasenotes/notes/deprecate-native-ssl-b35cc074d5cf11aa.yaml
+++ b/releasenotes/notes/deprecate-native-ssl-b35cc074d5cf11aa.yaml
@@ -0,0 +1,10 @@
+---
+deprecations:
+  - |
+    The following parameters of the ``glance::api`` class have been deprecated
+    and now have no effect. Thse parameters have been unused by Glance since
+    Glance removed native ssl support.
+
+    - ``cert_file``
+    - ``key_file``
+    - ``ca_file``
--- a/spec/classes/glance_api_spec.rb
+++ b/spec/classes/glance_api_spec.rb
@@ -203,12 +203,6 @@ describe 'glance::api' do
          is_expected.to contain_glance_api_config('taskflow_executor/conversion_format').with_value(param_hash[:conversion_format])
        end

-        it 'is_expected.to have no ssl options' do
-          is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('<SERVICE DEFAULT>')
-          is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('<SERVICE DEFAULT>')
-          is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('<SERVICE DEFAULT>')
-        end
-
        it 'is_expected.to have no formats set' do
          is_expected.to contain_glance_api_config('image_format/container_formats').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_glance_api_config('image_format/disk_formats').with_value('<SERVICE DEFAULT>')
@@ -293,22 +287,6 @@ describe 'glance::api' do
      )}
    end

-    describe 'with ssl options' do
-      let :params do
-        default_params.merge({
-          :ca_file                   => '/tmp/ca_file',
-          :cert_file                 => '/tmp/cert_file',
-          :key_file                  => '/tmp/key_file',
-        })
-      end
-
-      context 'with ssl options' do
-        it { is_expected.to contain_glance_api_config('DEFAULT/ca_file').with_value('/tmp/ca_file') }
-        it { is_expected.to contain_glance_api_config('DEFAULT/cert_file').with_value('/tmp/cert_file') }
-        it { is_expected.to contain_glance_api_config('DEFAULT/key_file').with_value('/tmp/key_file') }
-      end
-    end
-
    describe 'with formats options with strings' do
      let :params do
        default_params.merge({