From e82d93c1c0c0696fc1644a3b16cc1817b0f585a9 Mon Sep 17 00:00:00 2001 From: ZhongShengping Date: Thu, 15 Aug 2019 11:51:36 +0800 Subject: [PATCH] Remove deprecated pki related options The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed. Change-Id: Ib692f55fa267e9fbe17d94c5116f244be02b2107 --- manifests/api/authtoken.pp | 30 ------------------- manifests/registry/authtoken.pp | 30 ------------------- ..._pki_related_options-bc4c9c7169048ddf.yaml | 5 ++++ 3 files changed, 5 insertions(+), 60 deletions(-) create mode 100644 releasenotes/notes/remove_deprecated_pki_related_options-bc4c9c7169048ddf.yaml diff --git a/manifests/api/authtoken.pp b/manifests/api/authtoken.pp index c2eb8ab7..3e241d14 100644 --- a/manifests/api/authtoken.pp +++ b/manifests/api/authtoken.pp @@ -167,25 +167,6 @@ # true/false # Defaults to $::os_service_default. # -# DEPRECATED PARAMETERS -# -# [*check_revocations_for_cached*] -# (Optional) If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. -# boolean value. -# Defaults to undef. -# -# [*hash_algorithms*] -# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will -# be stored in the cache. This will typically be set to multiple values only -# while migrating from a less secure algorithm to a more secure one. Once all -# the old tokens are expired this option should be set to a single value for -# better performance. List value. -# Defaults to undef. -# class glance::api::authtoken( $username = 'glance', $password = $::os_service_default, @@ -220,9 +201,6 @@ class glance::api::authtoken( $region_name = $::os_service_default, $token_cache_time = $::os_service_default, $service_token_roles_required = $::os_service_default, - # DEPRECATED PARAMETERS - $check_revocations_for_cached = undef, - $hash_algorithms = undef, ) { include ::glance::deps @@ -231,14 +209,6 @@ class glance::api::authtoken( fail('Please set password for Glance service user') } - if $check_revocations_for_cached { - warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.') - } - - if $hash_algorithms { - warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.') - } - keystone::resource::authtoken { 'glance_api_config': username => $username, password => $password, diff --git a/manifests/registry/authtoken.pp b/manifests/registry/authtoken.pp index ac8674d2..ff57ada4 100644 --- a/manifests/registry/authtoken.pp +++ b/manifests/registry/authtoken.pp @@ -167,25 +167,6 @@ # true/false # Defaults to $::os_service_default. # -# DEPRECATED PARAMETERS -# -# [*check_revocations_for_cached*] -# (Optional) If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. -# boolean value. -# Defaults to undef. -# -# [*hash_algorithms*] -# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will -# be stored in the cache. This will typically be set to multiple values only -# while migrating from a less secure algorithm to a more secure one. Once all -# the old tokens are expired this option should be set to a single value for -# better performance. List value. -# Defaults to undef. -# class glance::registry::authtoken( $username = 'glance', $password = $::os_service_default, @@ -220,9 +201,6 @@ class glance::registry::authtoken( $region_name = $::os_service_default, $token_cache_time = $::os_service_default, $service_token_roles_required = $::os_service_default, - # DEPRECATED PARAMETERS - $check_revocations_for_cached = undef, - $hash_algorithms = undef, ) { include ::glance::deps @@ -231,14 +209,6 @@ class glance::registry::authtoken( fail('Please set password for Glance service user') } - if $check_revocations_for_cached { - warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.') - } - - if $hash_algorithms { - warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.') - } - keystone::resource::authtoken { 'glance_registry_config': username => $username, password => $password, diff --git a/releasenotes/notes/remove_deprecated_pki_related_options-bc4c9c7169048ddf.yaml b/releasenotes/notes/remove_deprecated_pki_related_options-bc4c9c7169048ddf.yaml new file mode 100644 index 00000000..62af34f1 --- /dev/null +++ b/releasenotes/notes/remove_deprecated_pki_related_options-bc4c9c7169048ddf.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The deprecated pki related options check_revocations_for_cached and + hash_algorithms option has been removed.