Browse Source

Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: I1b1d1722bb56ed78436eaa9fd5b0c6b4718c7306
Closes-Bug: #1902158
changes/64/760764/2
ZhongShengping 2 years ago
parent
commit
3eb8b2bb15
  1. 33
      manifests/messaging/amqp.pp
  2. 4
      releasenotes/notes/deprecate_allow_insecure_clients-option-9988aab2c5b381de.yaml
  3. 3
      spec/classes/keystone_messaging_amqp_spec.rb

33
manifests/messaging/amqp.pp

@ -28,14 +28,16 @@
# (Optional) Password for decrypting ssl_key_file (if encrypted)
# Defaults to $::os_service_default.
#
# [*amqp_allow_insecure_clients*]
# (Optional) Accept clients using either SSL or plain TCP
# Defaults to $::os_service_default.
#
# [*amqp_sasl_mechanisms*]
# (Optional) Space separated list of acceptable SASL mechanisms
# Defaults to $::os_service_default.
#
# DEPRECATED PARAMETERS
#
# [*amqp_allow_insecure_clients*]
# (Optional) Accept clients using either SSL or plain TCP
# Defaults to undef.
#
class keystone::messaging::amqp(
$amqp_pre_settled = $::os_service_default,
$amqp_idle_timeout = $::os_service_default,
@ -43,21 +45,26 @@ class keystone::messaging::amqp(
$amqp_ssl_cert_file = $::os_service_default,
$amqp_ssl_key_file = $::os_service_default,
$amqp_ssl_key_password = $::os_service_default,
$amqp_allow_insecure_clients = $::os_service_default,
$amqp_sasl_mechanisms = $::os_service_default,
# DEPRECATED PARAMETERS
$amqp_allow_insecure_clients = undef,
) {
include keystone::deps
if $amqp_allow_insecure_clients != undef {
warning('The amqp_allow_insecure_clients parameter is deprecated and \
will be removed in a future release.')
}
oslo::messaging::amqp { 'keystone_config':
pre_settled => $amqp_pre_settled,
idle_timeout => $amqp_idle_timeout,
ssl_ca_file => $amqp_ssl_ca_file,
ssl_cert_file => $amqp_ssl_cert_file,
ssl_key_file => $amqp_ssl_key_file,
ssl_key_password => $amqp_ssl_key_password,
allow_insecure_clients => $amqp_allow_insecure_clients,
sasl_mechanisms => $amqp_sasl_mechanisms,
pre_settled => $amqp_pre_settled,
idle_timeout => $amqp_idle_timeout,
ssl_ca_file => $amqp_ssl_ca_file,
ssl_cert_file => $amqp_ssl_cert_file,
ssl_key_file => $amqp_ssl_key_file,
ssl_key_password => $amqp_ssl_key_password,
sasl_mechanisms => $amqp_sasl_mechanisms,
}
}

4
releasenotes/notes/deprecate_allow_insecure_clients-option-9988aab2c5b381de.yaml

@ -0,0 +1,4 @@
---
deprecations:
- allow_insecure_clients option is now deprecated for removal, the
parameter has no effect.

3
spec/classes/keystone_messaging_amqp_spec.rb

@ -10,7 +10,6 @@ describe 'keystone::messaging::amqp' do
'amqp_ssl_cert_file' => '<SERVICE DEFAULT>',
'amqp_ssl_key_file' => '<SERVICE DEFAULT>',
'amqp_ssl_key_password' => '<SERVICE DEFAULT>',
'amqp_allow_insecure_clients' => '<SERVICE DEFAULT>',
'amqp_sasl_mechanisms' => '<SERVICE DEFAULT>',
)}
@ -19,7 +18,6 @@ describe 'keystone::messaging::amqp' do
{
:amqp_pre_settled => ['rpc-cast','rpc-reply','notify'],
:amqp_idle_timeout => '100',
:amqp_allow_insecure_clients => 'yes',
:amqp_sasl_mechanisms => 'ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN',
}
end
@ -27,7 +25,6 @@ describe 'keystone::messaging::amqp' do
it { is_expected.to contain_class('keystone::messaging::amqp').with(
'amqp_pre_settled' => ['rpc-cast','rpc-reply','notify'],
'amqp_idle_timeout' => '100',
'amqp_allow_insecure_clients' => 'yes',
'amqp_sasl_mechanisms' => 'ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN',
)}
end

Loading…
Cancel
Save