Remove paste
Removes all the deprecated resources for paste support in keystone which we notified about in Stein. Keystone doesn't use paste so it doesn't work in Stein either so we remove it for Train. Depends-On: https://review.opendev.org/#/c/658546/ Change-Id: Id7dfdf2f5cb9453044d39812b7cbd216b7f3eb50
This commit is contained in:
parent
a4ff243d8a
commit
553b03a132
@ -1,28 +0,0 @@
|
||||
# TODO(tobias-urdin): This is deprecated and should be removed in T release.
|
||||
Puppet::Type.type(:keystone_paste_ini).provide(
|
||||
:ini_setting,
|
||||
:parent => Puppet::Type.type(:ini_setting).provider(:ruby)
|
||||
) do
|
||||
|
||||
def section
|
||||
resource[:name].split('/', 2).first
|
||||
end
|
||||
|
||||
def setting
|
||||
resource[:name].split('/', 2).last
|
||||
end
|
||||
|
||||
def separator
|
||||
'='
|
||||
end
|
||||
|
||||
def self.file_path
|
||||
'/etc/keystone/keystone-paste.ini'
|
||||
end
|
||||
|
||||
# this needs to be removed. This has been replaced with the class method
|
||||
def file_path
|
||||
self.class.file_path
|
||||
end
|
||||
|
||||
end
|
@ -1,50 +0,0 @@
|
||||
# TODO(tobias-urdin): This is deprecated and should be removed in T release.
|
||||
Puppet::Type.newtype(:keystone_paste_ini) do
|
||||
|
||||
ensurable
|
||||
|
||||
newparam(:name, :namevar => true) do
|
||||
desc 'Section/setting name to manage from keystone/keystone-paste.ini'
|
||||
newvalues(/\S+\/\S+/)
|
||||
end
|
||||
|
||||
newproperty(:value) do
|
||||
desc 'The value of the setting to be defined.'
|
||||
munge do |value|
|
||||
Puppet.deprecation_warning('keystone_paste_ini is deprecated, has no effect and will be removed in a later release')
|
||||
|
||||
value = value.to_s.strip
|
||||
value.capitalize! if value =~ /^(true|false)$/i
|
||||
value
|
||||
end
|
||||
|
||||
def is_to_s( currentvalue )
|
||||
if resource.secret?
|
||||
return '[old secret redacted]'
|
||||
else
|
||||
return currentvalue
|
||||
end
|
||||
end
|
||||
|
||||
def should_to_s( newvalue )
|
||||
if resource.secret?
|
||||
return '[new secret redacted]'
|
||||
else
|
||||
return newvalue
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
newparam(:secret, :boolean => true) do
|
||||
desc 'Whether to hide the value from Puppet logs. Defaults to `false`.'
|
||||
|
||||
newvalues(:true, :false)
|
||||
|
||||
defaultto false
|
||||
end
|
||||
|
||||
autorequire(:package) do
|
||||
'keystone'
|
||||
end
|
||||
|
||||
end
|
@ -20,15 +20,8 @@
|
||||
# NOTE: The configuration MUST NOT be already handled by this module
|
||||
# or Puppet catalog compilation will fail with duplicate resources.
|
||||
#
|
||||
#### DEPRECATED PARAMS
|
||||
#
|
||||
# [*keystone_paste_ini*]
|
||||
# (optional) Allow configuration of /etc/keystone/keystone-paste.ini options.
|
||||
#
|
||||
class keystone::config (
|
||||
$keystone_config = {},
|
||||
# DEPRECATED PARAMS
|
||||
$keystone_paste_ini = undef,
|
||||
$keystone_config = {},
|
||||
) {
|
||||
|
||||
include ::keystone::deps
|
||||
@ -36,8 +29,4 @@ class keystone::config (
|
||||
validate_legacy(Hash, 'validate_hash', $keystone_config)
|
||||
|
||||
create_resources('keystone_config', $keystone_config)
|
||||
|
||||
if $keystone_paste_ini {
|
||||
warning('keystone_paste_ini is deprecated, has no effect and will be removed in a later release')
|
||||
}
|
||||
}
|
||||
|
@ -32,12 +32,6 @@ class keystone::deps {
|
||||
# before dbsync starts
|
||||
Oslo::Db<||> -> Anchor['keystone::dbsync::begin']
|
||||
|
||||
# TODO(tobias-urdin): Remove this when keystone_paste_ini is removed.
|
||||
# paste-api.ini config should occur in the config block also.
|
||||
Anchor['keystone::config::begin']
|
||||
-> Keystone_paste_ini<||>
|
||||
~> Anchor['keystone::config::end']
|
||||
|
||||
# policy config should occur in the config block also.
|
||||
Anchor['keystone::config::begin']
|
||||
-> Openstacklib::Policy::Base<||>
|
||||
|
@ -1,18 +0,0 @@
|
||||
#
|
||||
# Class to manage and secure the keystone-paste.ini pipeline configuration.
|
||||
#
|
||||
# DEPRECATED!
|
||||
#
|
||||
# The keystone module uses the admin_token parameter in keystone.conf to
|
||||
# bootstrap the basic setup of an admin user, project, and domain. However, the
|
||||
# admin_token provides an easy vector of attack for production keystone
|
||||
# installations. Including this class will remove the admin_token_auth
|
||||
# from the paste pipeline to improve security. After this class is run,
|
||||
# future puppet runs must have an openrc file with valid keystone v3
|
||||
# admin credentials in /root/openrc available, or else must be run with
|
||||
# valid keystone v3 credentials set as environment variables.
|
||||
#
|
||||
class keystone::disable_admin_token_auth {
|
||||
|
||||
warning('keystone::disable_admin_token_auth is deprecated, has no effect and will be removed in a later release')
|
||||
}
|
@ -1,15 +0,0 @@
|
||||
# Class to disable the Keystone v2.0 API via keystone-paste.ini.
|
||||
#
|
||||
# DEPRECATED!
|
||||
#
|
||||
# This class removes the /v2.0 entries for Keystone, ensuring that the
|
||||
# only supported API's are v3. After this class is executed, the
|
||||
# standard overcloudrc file will no longer work, the user needs to
|
||||
# utilise the overcloudrc.v3 openrc file, or alternatively the clients
|
||||
# must be using valid keystone v3 credentials set as environment variables.
|
||||
#
|
||||
|
||||
class keystone::disable_v2_api {
|
||||
|
||||
warning('keystone::disable_v2_api has been deprecated, has no effect and will be removed in a later release')
|
||||
}
|
@ -528,8 +528,7 @@
|
||||
# Defaults to false
|
||||
#
|
||||
# [*enable_proxy_headers_parsing*]
|
||||
# (Optional) Enable paste middleware to handle SSL requests through
|
||||
# HTTPProxyToWSGI middleware.
|
||||
# (Optional) Enable oslo middleware to parse proxy headers.
|
||||
# Defaults to $::os_service_default.
|
||||
#
|
||||
# [*purge_config*]
|
||||
@ -543,11 +542,6 @@
|
||||
#
|
||||
# === DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*paste_config*]
|
||||
# (Optional) Name of the paste configuration file that defines the
|
||||
# available pipelines. (string value)
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*cache_dir*]
|
||||
# (Optional) Directory created when token_provider is pki. This folder is not
|
||||
# created unless enable_pki_setup is set to True.
|
||||
@ -686,7 +680,6 @@ class keystone(
|
||||
# DEPRECATED PARAMETERS
|
||||
$admin_workers = $::os_workers,
|
||||
$public_workers = $::os_workers,
|
||||
$paste_config = undef,
|
||||
$cache_dir = undef,
|
||||
$token_driver = undef,
|
||||
) inherits keystone::params {
|
||||
@ -695,11 +688,6 @@ class keystone(
|
||||
include ::keystone::logging
|
||||
include ::keystone::policy
|
||||
|
||||
# TODO(tobias-urdin): Remove when paste_config is removed.
|
||||
if $paste_config {
|
||||
warning('keystone::paste_config is deprecated, has no effect and will be removed in a later release')
|
||||
}
|
||||
|
||||
if $cache_dir {
|
||||
warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release')
|
||||
}
|
||||
|
6
releasenotes/notes/remove-paste-9b4a67cbe869e2bf.yaml
Normal file
6
releasenotes/notes/remove-paste-9b4a67cbe869e2bf.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
upgrade:
|
||||
- |
|
||||
The deprecated resources keystone_paste_ini, keystone::config::keystone_paste_config,
|
||||
keystone::disable_admin_token_auth, keystone::disable_v2_api and keystone::paste_config
|
||||
is removed.
|
@ -1,29 +0,0 @@
|
||||
#
|
||||
# these tests are a little concerning b/c they are hacking around the
|
||||
# modulepath, so these tests will not catch issues that may eventually arise
|
||||
# related to loading these plugins.
|
||||
# I could not, for the life of me, figure out how to programatcally set the modulepath
|
||||
$LOAD_PATH.push(
|
||||
File.join(
|
||||
File.dirname(__FILE__),
|
||||
'..',
|
||||
'..',
|
||||
'..',
|
||||
'fixtures',
|
||||
'modules',
|
||||
'inifile',
|
||||
'lib')
|
||||
)
|
||||
require 'spec_helper'
|
||||
provider_class = Puppet::Type.type(:keystone_paste_ini).provider(:ini_setting)
|
||||
describe provider_class do
|
||||
|
||||
it 'should allow setting to be set explicitly' do
|
||||
resource = Puppet::Type::Keystone_paste_ini.new(
|
||||
{:name => 'dude/foo', :value => 'bar'}
|
||||
)
|
||||
provider = provider_class.new(resource)
|
||||
expect(provider.section).to eq('dude')
|
||||
expect(provider.setting).to eq('foo')
|
||||
end
|
||||
end
|
@ -1,35 +0,0 @@
|
||||
# TODO(tobias-urdin): This is deprecated and should be removed in T release.
|
||||
require 'spec_helper'
|
||||
# this hack is required for now to ensure that the path is set up correctly
|
||||
# to retrieve the parent provider
|
||||
$LOAD_PATH.push(
|
||||
File.join(
|
||||
File.dirname(__FILE__),
|
||||
'..',
|
||||
'..',
|
||||
'fixtures',
|
||||
'modules',
|
||||
'inifile',
|
||||
'lib')
|
||||
)
|
||||
require 'puppet/type/keystone_paste_ini'
|
||||
describe 'Puppet::Type.type(:keystone_paste_ini)' do
|
||||
before :each do
|
||||
@keystone_paste_ini = Puppet::Type.type(:keystone_paste_ini).new(:name => 'DEFAULT/foo', :value => 'bar')
|
||||
end
|
||||
it 'should accept a valid value' do
|
||||
@keystone_paste_ini[:value] = 'bar'
|
||||
expect(@keystone_paste_ini[:value]).to eq('bar')
|
||||
end
|
||||
|
||||
it 'should autorequire the package that install the file' do
|
||||
catalog = Puppet::Resource::Catalog.new
|
||||
package = Puppet::Type.type(:package).new(:name => 'keystone')
|
||||
catalog.add_resource package, @keystone_paste_ini
|
||||
dependency = @keystone_paste_ini.autorequire
|
||||
expect(dependency.size).to eq(1)
|
||||
expect(dependency[0].target).to eq(@keystone_paste_ini)
|
||||
expect(dependency[0].source).to eq(package)
|
||||
end
|
||||
|
||||
end
|
Loading…
Reference in New Issue
Block a user