diff --git a/manifests/ldap_backend.pp b/manifests/ldap_backend.pp index 3ad48527c..359f61e71 100644 --- a/manifests/ldap_backend.pp +++ b/manifests/ldap_backend.pp @@ -242,157 +242,6 @@ # and attempts to refresh the keystone service. # Defaults to false. # -# === DEPRECATED group/name -# -# [*assignment_driver*] -# Assignment backend driver. (string value) -# Defaults to 'undef' -# -# [*credential_driver*] -# Credential backend driver. (string value) -# Defaults to 'undef' -# -# [*project_allow_create*] -# Allow project creation in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*project_allow_update*] -# Allow project update in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*project_allow_delete*] -# Allow project deletion in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*project_tree_dn*] -# Search base for projects (string value) -# Defaults to 'undef' -# -# [*project_filter*] -# LDAP search filter for projects. (string value) -# Defaults to 'undef' -# -# [*project_objectclass*] -# LDAP objectclass for projects. (string value) -# Defaults to 'undef' -# -# [*project_id_attribute*] -# LDAP attribute mapped to project id. (string value) -# Defaults to 'undef' -# -# [*project_member_attribute*] -# LDAP attribute mapped to project membership for user. (string value) -# Defaults to 'undef' -# -# [*project_name_attribute*] -# LDAP attribute mapped to project name. (string value) -# Defaults to 'undef' -# -# [*project_desc_attribute*] -# LDAP attribute mapped to project description. (string value) -# Defaults to 'undef' -# -# [*project_enabled_attribute*] -# LDAP attribute mapped to project enabled. (string value) -# Defaults to 'undef' -# -# [*project_domain_id_attribute*] -# LDAP attribute mapped to project domain_id. (string value) -# Defaults to 'undef' -# -# [*project_attribute_ignore*] -# List of attributes stripped off the project on update. (list value) -# Defaults to 'undef' -# -# [*project_enabled_emulation*] -# If true, Keystone uses an alternative method to determine if -# a project is enabled or not by checking if they are a member -# of the "project_enabled_emulation_dn" group. (boolean value) -# Defaults to 'undef' -# -# [*project_enabled_emulation_dn*] -# DN of the group entry to hold enabled projects when using -# enabled emulation. (string value) -# Defaults to 'undef' -# -# [*project_additional_attribute_mapping*] -# Additional attribute mappings for projects. Attribute -# mapping format is :, where ldap_attr -# is the attribute in the LDAP entry and user_attr is the -# Identity API attribute. (list value) -# Defaults to 'undef' -# -# [*role_allow_create*] -# Allow role creation in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*role_allow_update*] -# Allow role update in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*role_allow_delete*] -# Allow role deletion in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*role_tree_dn*] -# Search base for roles. (string value) -# Defaults to 'undef' -# -# [*role_filter*] -# LDAP search filter for roles. (string value) -# Defaults to 'undef' -# -# [*role_objectclass*] -# LDAP objectclass for roles. (string value) -# Defaults to 'undef' -# -# [*role_id_attribute*] -# LDAP attribute mapped to role id. (string value) -# Defaults to 'undef' -# -# [*role_name_attribute*] -# LDAP attribute mapped to role name. (string value) -# Defaults to 'undef' -# -# [*role_member_attribute*] -# LDAP attribute mapped to role membership. (string value) -# Defaults to 'undef' -# -# [*role_attribute_ignore*] -# List of attributes stripped off the role on update. (list value) -# Defaults to 'undef' -# -# [*role_additional_attribute_mapping*] -# Additional attribute mappings for roles. Attribute mapping -# format is :, where ldap_attr is the -# attribute in the LDAP entry and user_attr is the Identity -# API attribute. (list value) -# Defaults to 'undef' -# -# [*user_allow_create*] -# Allow user creation in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*user_allow_update*] -# Allow user updates in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*user_allow_delete*] -# Allow user deletion in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*group_allow_create*] -# Allow group creation in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*group_allow_update*] -# Allow group update in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*group_allow_delete*] -# Allow group deletion in LDAP backend. (boolean value) -# Defaults to 'undef' -# # == Dependencies # == Examples define keystone::ldap_backend( @@ -448,42 +297,6 @@ define keystone::ldap_backend( $package_ensure = present, $manage_packages = true, $create_domain_entry = false, - # DEPRECATED PARAMETERS - $assignment_driver = undef, - $credential_driver = undef, - $project_allow_create = undef, - $project_allow_update = undef, - $project_allow_delete = undef, - $project_tree_dn = undef, - $project_filter = undef, - $project_objectclass = undef, - $project_id_attribute = undef, - $project_member_attribute = undef, - $project_desc_attribute = undef, - $project_name_attribute = undef, - $project_enabled_attribute = undef, - $project_domain_id_attribute = undef, - $project_attribute_ignore = undef, - $project_enabled_emulation = undef, - $project_enabled_emulation_dn = undef, - $project_additional_attribute_mapping = undef, - $role_allow_create = undef, - $role_allow_update = undef, - $role_allow_delete = undef, - $role_tree_dn = undef, - $role_filter = undef, - $role_objectclass = undef, - $role_id_attribute = undef, - $role_name_attribute = undef, - $role_member_attribute = undef, - $role_attribute_ignore = undef, - $role_additional_attribute_mapping = undef, - $user_allow_create = undef, - $user_allow_update = undef, - $user_allow_delete = undef, - $group_allow_create = undef, - $group_allow_update = undef, - $group_allow_delete = undef, ) { include keystone::deps @@ -495,146 +308,6 @@ define keystone::ldap_backend( got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled \ and \"${domain_dir_enabled}\" for identity/domain_config_dir" - if $assignment_driver { - warning('keystone::assignment_driver is deprecated, has no effect and will be removed in a later release.') - } - - if $credential_driver { - warning('keystone::credential_driver is deprecated, has no effect and will be removed in a later release.') - } - - if $project_allow_create { - warning('keystone::project_allow_create is deprecated, has no effect and will be removed in a later release.') - } - - if $project_allow_update { - warning('keystone::project_allow_update is deprecated, has no effect and will be removed in a later release.') - } - - if $project_allow_delete { - warning('keystone::project_allow_delete is deprecated, has no effect and will be removed in a later release.') - } - - if $project_tree_dn { - warning('keystone::project_tree_dn is deprecated, has no effect and will be removed in a later release.') - } - - if $project_filter { - warning('keystone::project_filter is deprecated, has no effect and will be removed in a later release.') - } - - if $project_objectclass { - warning('keystone::project_objectclass is deprecated, has no effect and will be removed in a later release.') - } - - if $project_id_attribute { - warning('keystone::project_id_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_member_attribute { - warning('keystone::project_member_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_desc_attribute { - warning('keystone::project_desc_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_name_attribute { - warning('keystone::project_name_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_enabled_attribute { - warning('keystone::project_enabled_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_domain_id_attribute { - warning('keystone::project_domain_id_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $project_attribute_ignore { - warning('keystone::project_attribute_ignore is deprecated, has no effect and will be removed in a later release.') - } - - if $project_enabled_emulation { - warning('keystone::project_enabled_emulation is deprecated, has no effect and will be removed in a later release.') - } - - if $project_enabled_emulation_dn { - warning('keystone::project_enabled_emulation_dn is deprecated, has no effect and will be removed in a later release.') - } - - if $project_additional_attribute_mapping { - warning('keystone::project_additional_attribute_mapping is deprecated, has no effect and will be removed in a later release.') - } - - if $role_allow_create { - warning('keystone::role_allow_create is deprecated, has no effect and will be removed in a later release.') - } - - if $role_allow_update { - warning('keystone::role_allow_update is deprecated, has no effect and will be removed in a later release.') - } - - if $role_allow_delete { - warning('keystone::role_allow_delete is deprecated, has no effect and will be removed in a later release.') - } - - if $role_tree_dn { - warning('keystone::role_tree_dn is deprecated, has no effect and will be removed in a later release.') - } - - if $role_filter { - warning('keystone::role_filter is deprecated, has no effect and will be removed in a later release.') - } - - if $role_objectclass { - warning('keystone::role_objectclass is deprecated, has no effect and will be removed in a later release.') - } - - if $role_id_attribute { - warning('keystone::role_id_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $role_name_attribute { - warning('keystone::role_name_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $role_member_attribute { - warning('keystone::role_member_attribute is deprecated, has no effect and will be removed in a later release.') - } - - if $role_attribute_ignore { - warning('keystone::role_attribute_ignore is deprecated, has no effect and will be removed in a later release.') - } - - if $role_additional_attribute_mapping { - warning('keystone::role_additional_attribute_mapping is deprecated, has no effect and will be removed in a later release.') - } - - if $user_allow_create { - warning('keystone::user_allow_create is deprecated, has no effect and will be removed in a later release.') - } - - if $user_allow_update { - warning('keystone::user_allow_update is deprecated, has no effect and will be removed in a later release.') - } - - if $user_allow_delete { - warning('keystone::user_allow_delete is deprecated, has no effect and will be removed in a later release.') - } - - if $group_allow_create { - warning('keystone::group_allow_create is deprecated, has no effect and will be removed in a later release.') - } - - if $group_allow_update { - warning('keystone::group_allow_update is deprecated, has no effect and will be removed in a later release.') - } - - if $group_allow_delete { - warning('keystone::group_allow_delete is deprecated, has no effect and will be removed in a later release.') - } - if(bool2num($domain_enabled) == 0) { fail($err_msg) } diff --git a/releasenotes/notes/cleanup-removed-keystone-ldap-options-342a37e2dea214d1.yaml b/releasenotes/notes/cleanup-removed-keystone-ldap-options-342a37e2dea214d1.yaml new file mode 100644 index 000000000..c75a96a32 --- /dev/null +++ b/releasenotes/notes/cleanup-removed-keystone-ldap-options-342a37e2dea214d1.yaml @@ -0,0 +1,35 @@ +--- +upgrade: + - | + The following deprecated parameters have been completely removed from + the ``keystone::ldap_backend`` resource type. + + - ``project_tree_dn`` + - ``project_filter`` + - ``project_objectclass`` + - ``project_id_attribute`` + - ``project_member_attribute`` + - ``project_name_attribute`` + - ``project_desc_attribute`` + - ``project_enabled_attribute`` + - ``project_domain_id_attribute`` + - ``project_attribute_ignore`` + - ``project_allow_create`` + - ``project_allow_update`` + - ``project_allow_delete`` + - ``project_enabled_emulation`` + - ``project_enabled_emulation_dn`` + - ``project_additional_attribute_mapping`` + - ``role_tree_dn`` + - ``role_filter`` + - ``role_objectclass`` + - ``role_id_attribute`` + - ``role_name_attribute`` + - ``role_member_attribute`` + - ``role_attribute_ignore`` + - ``role_allow_create`` + - ``role_allow_update`` + - ``role_allow_delete`` + - ``role_additional_attribute_map`` + - ``credential_driver`` + - ``assignment_driver``