Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1].

[1]https://review.opendev.org/#/c/417629/

Change-Id: I1b1d1722bb56ed78436eaa9fd5b0c6b4718c7306
Closes-Bug: #1902158

manifests/messaging/amqp.pp

@@ -28,14 +28,16 @@
 #   (Optional) Password for decrypting ssl_key_file (if encrypted)
 #   Defaults to $::os_service_default.
 #
-# [*amqp_allow_insecure_clients*]
-#   (Optional) Accept clients using either SSL or plain TCP
-#   Defaults to $::os_service_default.
-#
 # [*amqp_sasl_mechanisms*]
 #   (Optional) Space separated list of acceptable SASL mechanisms
 #   Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*amqp_allow_insecure_clients*]
+#   (Optional) Accept clients using either SSL or plain TCP
+#   Defaults to undef.
+#
 class keystone::messaging::amqp(
   $amqp_pre_settled                     = $::os_service_default,
   $amqp_idle_timeout                    = $::os_service_default,
@@ -43,21 +45,26 @@ class keystone::messaging::amqp(
   $amqp_ssl_cert_file                   = $::os_service_default,
   $amqp_ssl_key_file                    = $::os_service_default,
   $amqp_ssl_key_password                = $::os_service_default,
-  $amqp_allow_insecure_clients          = $::os_service_default,
   $amqp_sasl_mechanisms                 = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $amqp_allow_insecure_clients          = undef,
 ) {
 
   include keystone::deps
 
+  if $amqp_allow_insecure_clients != undef {
+    warning('The amqp_allow_insecure_clients parameter is deprecated and \
+will be removed in a future release.')
+  }
+
   oslo::messaging::amqp { 'keystone_config':
-    pre_settled            => $amqp_pre_settled,
-    idle_timeout           => $amqp_idle_timeout,
-    ssl_ca_file            => $amqp_ssl_ca_file,
-    ssl_cert_file          => $amqp_ssl_cert_file,
-    ssl_key_file           => $amqp_ssl_key_file,
-    ssl_key_password       => $amqp_ssl_key_password,
-    allow_insecure_clients => $amqp_allow_insecure_clients,
-    sasl_mechanisms        => $amqp_sasl_mechanisms,
+    pre_settled      => $amqp_pre_settled,
+    idle_timeout     => $amqp_idle_timeout,
+    ssl_ca_file      => $amqp_ssl_ca_file,
+    ssl_cert_file    => $amqp_ssl_cert_file,
+    ssl_key_file     => $amqp_ssl_key_file,
+    ssl_key_password => $amqp_ssl_key_password,
+    sasl_mechanisms  => $amqp_sasl_mechanisms,
   }
 
 }

releasenotes/notes/deprecate_allow_insecure_clients-option-9988aab2c5b381de.yaml

@@ -0,0 +1,4 @@
+---
+deprecations:
+  - allow_insecure_clients option is now deprecated for removal, the
+    parameter has no effect.

spec/classes/keystone_messaging_amqp_spec.rb

@@ -10,7 +10,6 @@ describe 'keystone::messaging::amqp' do
       'amqp_ssl_cert_file'          => '<SERVICE DEFAULT>',
       'amqp_ssl_key_file'           => '<SERVICE DEFAULT>',
       'amqp_ssl_key_password'       => '<SERVICE DEFAULT>',
-      'amqp_allow_insecure_clients' => '<SERVICE DEFAULT>',
       'amqp_sasl_mechanisms'        => '<SERVICE DEFAULT>',
     )}
 
@@ -19,7 +18,6 @@ describe 'keystone::messaging::amqp' do
         {
           :amqp_pre_settled            => ['rpc-cast','rpc-reply','notify'],
           :amqp_idle_timeout           => '100',
-          :amqp_allow_insecure_clients => 'yes',
           :amqp_sasl_mechanisms        => 'ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN',
         }
       end
@@ -27,7 +25,6 @@ describe 'keystone::messaging::amqp' do
       it { is_expected.to contain_class('keystone::messaging::amqp').with(
         'amqp_pre_settled'            => ['rpc-cast','rpc-reply','notify'],
         'amqp_idle_timeout'           => '100',
-        'amqp_allow_insecure_clients' => 'yes',
         'amqp_sasl_mechanisms'        => 'ANONYMOUS DIGEST-MD5 EXTERNAL PLAIN',
       )}
     end