Browse Source

Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: Ia08ce1ffa507572f6eff0ad24415802b0b535a13
Closes-Bug: #1902158
changes/57/760757/2
ZhongShengping 2 years ago
parent
commit
bb28a6a9a4
  1. 48
      manifests/init.pp
  2. 4
      releasenotes/notes/deprecate_allow_insecure_clients-option-aa9afdaa7fc9a08c.yaml
  3. 2
      spec/classes/heat_init_spec.rb

48
manifests/init.pp

@ -136,10 +136,6 @@
# (Optional) Password for decrypting ssl_key_file (if encrypted)
# Defaults to $::os_service_default.
#
# [*amqp_allow_insecure_clients*]
# (Optional) Accept clients using either SSL or plain TCP
# Defaults to $::os_service_default.
#
# [*amqp_sasl_mechanisms*]
# (Optional) Space separated list of acceptable SASL mechanisms
# Defaults to $::os_service_default.
@ -287,7 +283,11 @@
# [*database_max_overflow*]
# (optional) If set, use this value for max_overflow with sqlalchemy.
# Defaults to: undef.
#
# [*amqp_allow_insecure_clients*]
# (Optional) Accept clients using either SSL or plain TCP
# Defaults to undef.
#
class heat(
$package_ensure = 'present',
$keystone_ec2_uri = $::os_service_default,
@ -317,7 +317,6 @@ class heat(
$amqp_ssl_cert_file = $::os_service_default,
$amqp_ssl_key_file = $::os_service_default,
$amqp_ssl_key_password = $::os_service_default,
$amqp_allow_insecure_clients = $::os_service_default,
$amqp_sasl_mechanisms = $::os_service_default,
$amqp_sasl_config_dir = $::os_service_default,
$amqp_sasl_config_name = $::os_service_default,
@ -351,12 +350,18 @@ class heat(
$database_max_pool_size = undef,
$database_max_overflow = undef,
$sync_db = undef,
$amqp_allow_insecure_clients = undef,
) {
include heat::db
include heat::deps
include heat::params
if $amqp_allow_insecure_clients != undef {
warning('The amqp_allow_insecure_clients parameter is deprecated and \
will be removed in a future release.')
}
if $database_connection != undef {
warning('The database_connection parameter is deprecated and will be \
removed in a future realse. Use heat::db::database_connection instead')
@ -424,22 +429,21 @@ in a future release. Use heat::db::sync_db instead')
}
oslo::messaging::amqp { 'heat_config':
server_request_prefix => $amqp_server_request_prefix,
broadcast_prefix => $amqp_broadcast_prefix,
group_request_prefix => $amqp_group_request_prefix,
container_name => $amqp_container_name,
idle_timeout => $amqp_idle_timeout,
trace => $amqp_trace,
ssl_ca_file => $amqp_ssl_ca_file,
ssl_cert_file => $amqp_ssl_cert_file,
ssl_key_file => $amqp_ssl_key_file,
ssl_key_password => $amqp_ssl_key_password,
allow_insecure_clients => $amqp_allow_insecure_clients,
sasl_mechanisms => $amqp_sasl_mechanisms,
sasl_config_dir => $amqp_sasl_config_dir,
sasl_config_name => $amqp_sasl_config_name,
username => $amqp_username,
password => $amqp_password,
server_request_prefix => $amqp_server_request_prefix,
broadcast_prefix => $amqp_broadcast_prefix,
group_request_prefix => $amqp_group_request_prefix,
container_name => $amqp_container_name,
idle_timeout => $amqp_idle_timeout,
trace => $amqp_trace,
ssl_ca_file => $amqp_ssl_ca_file,
ssl_cert_file => $amqp_ssl_cert_file,
ssl_key_file => $amqp_ssl_key_file,
ssl_key_password => $amqp_ssl_key_password,
sasl_mechanisms => $amqp_sasl_mechanisms,
sasl_config_dir => $amqp_sasl_config_dir,
sasl_config_name => $amqp_sasl_config_name,
username => $amqp_username,
password => $amqp_password,
}
$www_authenticate_uri = $::heat::keystone::authtoken::www_authenticate_uri

4
releasenotes/notes/deprecate_allow_insecure_clients-option-aa9afdaa7fc9a08c.yaml

@ -0,0 +1,4 @@
---
deprecations:
- allow_insecure_clients option is now deprecated for removal, the
parameter has no effect.

2
spec/classes/heat_init_spec.rb

@ -388,7 +388,6 @@ describe 'heat' do
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>') }
@ -416,7 +415,6 @@ describe 'heat' do
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_ca_file').with_value('/path/to/ca.cert') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_cert_file').with_value('/path/to/certfile') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/ssl_key_file').with_value('/path/to/key') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>') }
it { is_expected.to contain_heat_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>') }

Loading…
Cancel
Save