openstack/puppet-keystone
Code Issues Proposed changes

Merge "Clean up the deprecated parameters of keystone::ldap_backend"

Browse Source
This commit is contained in:
Zuul 2021-03-26 09:26:55 +00:00 committed by Gerrit Code Review
commit 4df00d4a26
2 changed files with 35 additions and 327 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
manifests/ldap_backend.pp
View File

@ -242,157 +242,6 @@
# and attempts to refresh the keystone service.
# Defaults to false.
#
# === DEPRECATED group/name
#
# [*assignment_driver*]
# Assignment backend driver. (string value)
# Defaults to 'undef'
#
# [*credential_driver*]
# Credential backend driver. (string value)
# Defaults to 'undef'
#
# [*project_allow_create*]
# Allow project creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_allow_update*]
# Allow project update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_allow_delete*]
# Allow project deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*project_tree_dn*]
# Search base for projects (string value)
# Defaults to 'undef'
#
# [*project_filter*]
# LDAP search filter for projects. (string value)
# Defaults to 'undef'
#
# [*project_objectclass*]
# LDAP objectclass for projects. (string value)
# Defaults to 'undef'
#
# [*project_id_attribute*]
# LDAP attribute mapped to project id. (string value)
# Defaults to 'undef'
#
# [*project_member_attribute*]
# LDAP attribute mapped to project membership for user. (string value)
# Defaults to 'undef'
#
# [*project_name_attribute*]
# LDAP attribute mapped to project name. (string value)
# Defaults to 'undef'
#
# [*project_desc_attribute*]
# LDAP attribute mapped to project description. (string value)
# Defaults to 'undef'
#
# [*project_enabled_attribute*]
# LDAP attribute mapped to project enabled. (string value)
# Defaults to 'undef'
#
# [*project_domain_id_attribute*]
# LDAP attribute mapped to project domain_id. (string value)
# Defaults to 'undef'
#
# [*project_attribute_ignore*]
# List of attributes stripped off the project on update. (list value)
# Defaults to 'undef'
#
# [*project_enabled_emulation*]
# If true, Keystone uses an alternative method to determine if
# a project is enabled or not by checking if they are a member
# of the "project_enabled_emulation_dn" group. (boolean value)
# Defaults to 'undef'
#
# [*project_enabled_emulation_dn*]
# DN of the group entry to hold enabled projects when using
# enabled emulation. (string value)
# Defaults to 'undef'
#
# [*project_additional_attribute_mapping*]
# Additional attribute mappings for projects. Attribute
# mapping format is <ldap_attr>:<user_attr>, where ldap_attr
# is the attribute in the LDAP entry and user_attr is the
# Identity API attribute. (list value)
# Defaults to 'undef'
#
# [*role_allow_create*]
# Allow role creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_allow_update*]
# Allow role update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_allow_delete*]
# Allow role deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*role_tree_dn*]
# Search base for roles. (string value)
# Defaults to 'undef'
#
# [*role_filter*]
# LDAP search filter for roles. (string value)
# Defaults to 'undef'
#
# [*role_objectclass*]
# LDAP objectclass for roles. (string value)
# Defaults to 'undef'
#
# [*role_id_attribute*]
# LDAP attribute mapped to role id. (string value)
# Defaults to 'undef'
#
# [*role_name_attribute*]
# LDAP attribute mapped to role name. (string value)
# Defaults to 'undef'
#
# [*role_member_attribute*]
# LDAP attribute mapped to role membership. (string value)
# Defaults to 'undef'
#
# [*role_attribute_ignore*]
# List of attributes stripped off the role on update. (list value)
# Defaults to 'undef'
#
# [*role_additional_attribute_mapping*]
# Additional attribute mappings for roles. Attribute mapping
# format is <ldap_attr>:<user_attr>, where ldap_attr is the
# attribute in the LDAP entry and user_attr is the Identity
# API attribute. (list value)
# Defaults to 'undef'
#
# [*user_allow_create*]
# Allow user creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_update*]
# Allow user updates in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_delete*]
# Allow user deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_create*]
# Allow group creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_update*]
# Allow group update in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*group_allow_delete*]
# Allow group deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# == Dependencies
# == Examples
define keystone::ldap_backend(
@ -448,42 +297,6 @@ define keystone::ldap_backend(
$package_ensure = present,
$manage_packages = true,
$create_domain_entry = false,
# DEPRECATED PARAMETERS
$assignment_driver = undef,
$credential_driver = undef,
$project_allow_create = undef,
$project_allow_update = undef,
$project_allow_delete = undef,
$project_tree_dn = undef,
$project_filter = undef,
$project_objectclass = undef,
$project_id_attribute = undef,
$project_member_attribute = undef,
$project_desc_attribute = undef,
$project_name_attribute = undef,
$project_enabled_attribute = undef,
$project_domain_id_attribute = undef,
$project_attribute_ignore = undef,
$project_enabled_emulation = undef,
$project_enabled_emulation_dn = undef,
$project_additional_attribute_mapping = undef,
$role_allow_create = undef,
$role_allow_update = undef,
$role_allow_delete = undef,
$role_tree_dn = undef,
$role_filter = undef,
$role_objectclass = undef,
$role_id_attribute = undef,
$role_name_attribute = undef,
$role_member_attribute = undef,
$role_attribute_ignore = undef,
$role_additional_attribute_mapping = undef,
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$group_allow_create = undef,
$group_allow_update = undef,
$group_allow_delete = undef,
) {
include keystone::deps
@ -495,146 +308,6 @@ define keystone::ldap_backend(
got \"${domain_enabled}\" for identity/domain_specific_drivers_enabled \
and \"${domain_dir_enabled}\" for identity/domain_config_dir"
if $assignment_driver {
warning('keystone::assignment_driver is deprecated, has no effect and will be removed in a later release.')
}
if $credential_driver {
warning('keystone::credential_driver is deprecated, has no effect and will be removed in a later release.')
}
if $project_allow_create {
warning('keystone::project_allow_create is deprecated, has no effect and will be removed in a later release.')
}
if $project_allow_update {
warning('keystone::project_allow_update is deprecated, has no effect and will be removed in a later release.')
}
if $project_allow_delete {
warning('keystone::project_allow_delete is deprecated, has no effect and will be removed in a later release.')
}
if $project_tree_dn {
warning('keystone::project_tree_dn is deprecated, has no effect and will be removed in a later release.')
}
if $project_filter {
warning('keystone::project_filter is deprecated, has no effect and will be removed in a later release.')
}
if $project_objectclass {
warning('keystone::project_objectclass is deprecated, has no effect and will be removed in a later release.')
}
if $project_id_attribute {
warning('keystone::project_id_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_member_attribute {
warning('keystone::project_member_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_desc_attribute {
warning('keystone::project_desc_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_name_attribute {
warning('keystone::project_name_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_enabled_attribute {
warning('keystone::project_enabled_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_domain_id_attribute {
warning('keystone::project_domain_id_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $project_attribute_ignore {
warning('keystone::project_attribute_ignore is deprecated, has no effect and will be removed in a later release.')
}
if $project_enabled_emulation {
warning('keystone::project_enabled_emulation is deprecated, has no effect and will be removed in a later release.')
}
if $project_enabled_emulation_dn {
warning('keystone::project_enabled_emulation_dn is deprecated, has no effect and will be removed in a later release.')
}
if $project_additional_attribute_mapping {
warning('keystone::project_additional_attribute_mapping is deprecated, has no effect and will be removed in a later release.')
}
if $role_allow_create {
warning('keystone::role_allow_create is deprecated, has no effect and will be removed in a later release.')
}
if $role_allow_update {
warning('keystone::role_allow_update is deprecated, has no effect and will be removed in a later release.')
}
if $role_allow_delete {
warning('keystone::role_allow_delete is deprecated, has no effect and will be removed in a later release.')
}
if $role_tree_dn {
warning('keystone::role_tree_dn is deprecated, has no effect and will be removed in a later release.')
}
if $role_filter {
warning('keystone::role_filter is deprecated, has no effect and will be removed in a later release.')
}
if $role_objectclass {
warning('keystone::role_objectclass is deprecated, has no effect and will be removed in a later release.')
}
if $role_id_attribute {
warning('keystone::role_id_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $role_name_attribute {
warning('keystone::role_name_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $role_member_attribute {
warning('keystone::role_member_attribute is deprecated, has no effect and will be removed in a later release.')
}
if $role_attribute_ignore {
warning('keystone::role_attribute_ignore is deprecated, has no effect and will be removed in a later release.')
}
if $role_additional_attribute_mapping {
warning('keystone::role_additional_attribute_mapping is deprecated, has no effect and will be removed in a later release.')
}
if $user_allow_create {
warning('keystone::user_allow_create is deprecated, has no effect and will be removed in a later release.')
}
if $user_allow_update {
warning('keystone::user_allow_update is deprecated, has no effect and will be removed in a later release.')
}
if $user_allow_delete {
warning('keystone::user_allow_delete is deprecated, has no effect and will be removed in a later release.')
}
if $group_allow_create {
warning('keystone::group_allow_create is deprecated, has no effect and will be removed in a later release.')
}
if $group_allow_update {
warning('keystone::group_allow_update is deprecated, has no effect and will be removed in a later release.')
}
if $group_allow_delete {
warning('keystone::group_allow_delete is deprecated, has no effect and will be removed in a later release.')
}
if(bool2num($domain_enabled) == 0) {
fail($err_msg)
}

35
releasenotes/notes/cleanup-removed-keystone-ldap-options-342a37e2dea214d1.yaml Normal file
View File

@ -0,0 +1,35 @@
---
upgrade:
- |
The following deprecated parameters have been completely removed from
the ``keystone::ldap_backend`` resource type.
- ``project_tree_dn``
- ``project_filter``
- ``project_objectclass``
- ``project_id_attribute``
- ``project_member_attribute``
- ``project_name_attribute``
- ``project_desc_attribute``
- ``project_enabled_attribute``
- ``project_domain_id_attribute``
- ``project_attribute_ignore``
- ``project_allow_create``
- ``project_allow_update``
- ``project_allow_delete``
- ``project_enabled_emulation``
- ``project_enabled_emulation_dn``
- ``project_additional_attribute_mapping``
- ``role_tree_dn``
- ``role_filter``
- ``role_objectclass``
- ``role_id_attribute``
- ``role_name_attribute``
- ``role_member_attribute``
- ``role_attribute_ignore``
- ``role_allow_create``
- ``role_allow_update``
- ``role_allow_delete``
- ``role_additional_attribute_map``
- ``credential_driver``
- ``assignment_driver``