From 6259f69c9fe0f61057e7b56f90c880c9fe150c4c Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Wed, 12 Feb 2025 23:19:51 +0900
Subject: [PATCH] ldap: Deprecate support for core driver options

Recent keystone recommends using domain specific backend to use ldap
identity driver instead of replacing the common driver.

Also assignment driver and credential driver do not support anything
other than sql so these options are not needed to use ldap.

Change-Id: Ib2bd17ef7a39a6c0358ebf62ad2a57356f7d5c90
---
 manifests/ldap.pp                             | 45 +++++++++++--------
 ...eprecate-driver-opts-9f3c370b3bfe7e8e.yaml |  9 ++++
 2 files changed, 36 insertions(+), 18 deletions(-)
 create mode 100644 releasenotes/notes/ldap-deprecate-driver-opts-9f3c370b3bfe7e8e.yaml

diff --git a/manifests/ldap.pp b/manifests/ldap.pp
index 7cd723fe0..43b012ed1 100644
--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
@@ -179,10 +179,6 @@
 #   Valid options for tls_req_cert are demand, never, and allow. (string value)
 #   Defaults to $facts['os_service_default']
 #
-# [*identity_driver*]
-#   Identity backend driver. (string value)
-#   Defaults to $facts['os_service_default']
-#
 # [*use_pool*]
 #   Enable LDAP connection pooling. (boolean value)
 #   Defaults to $facts['os_service_default']
@@ -220,14 +216,6 @@
 #   End user auth connection lifetime in seconds. (integer value)
 #   Defaults to $facts['os_service_default']
 #
-# [*credential_driver*]
-#   Credential backend driver. (string value)
-#   Defaults to $facts['os_service_default']
-#
-# [*assignment_driver*]
-#   Assignment backend driver. (string value)
-#   Defaults to $facts['os_service_default']
-#
 # [*package_ensure*]
 #   (optional) Desired ensure state of packages.
 #   accepts latest or specific versions.
@@ -238,6 +226,20 @@
 #   LDAP support packages.
 #   Defaults to true.
 #
+# DEPRECATED PARAMETERS
+#
+# [*identity_driver*]
+#   Identity backend driver. (string value)
+#   Defaults to undef
+#
+# [*credential_driver*]
+#   Credential backend driver. (string value)
+#   Defaults to undef
+#
+# [*assignment_driver*]
+#   Assignment backend driver. (string value)
+#   Defaults to undef
+#
 # == Authors
 #
 #   Dan Bode dan@puppetlabs.com
@@ -287,9 +289,6 @@ class keystone::ldap(
     = $facts['os_service_default'],
   $tls_cacertfile                       = $facts['os_service_default'],
   $tls_req_cert                         = $facts['os_service_default'],
-  $identity_driver                      = $facts['os_service_default'],
-  $assignment_driver                    = $facts['os_service_default'],
-  $credential_driver                    = $facts['os_service_default'],
   $use_pool                             = $facts['os_service_default'],
   $pool_size                            = $facts['os_service_default'],
   $pool_retry_max                       = $facts['os_service_default'],
@@ -301,10 +300,20 @@ class keystone::ldap(
   $auth_pool_connection_lifetime        = $facts['os_service_default'],
   $package_ensure                       = present,
   Boolean $manage_packages              = true,
+  # DEPRECATED PARAMETERS
+  $identity_driver                      = undef,
+  $assignment_driver                    = undef,
+  $credential_driver                    = undef,
 ) inherits keystone::params {
 
   include keystone::deps
 
+  ['identity_driver', 'assignment_driver', 'credential_driver'].each |String $driver_opt| {
+    if getvar($driver_opt) != undef {
+      warning("The ${driver_opt} parameter is deprecated and will be removed.")
+    }
+  }
+
   if $manage_packages {
     ensure_resource('package',  'python-ldappool', {
       ensure => $package_ensure,
@@ -367,8 +376,8 @@ class keystone::ldap(
     'ldap/use_auth_pool':                        value => $use_auth_pool;
     'ldap/auth_pool_size':                       value => $auth_pool_size;
     'ldap/auth_pool_connection_lifetime':        value => $auth_pool_connection_lifetime;
-    'identity/driver':                           value => $identity_driver;
-    'credential/driver':                         value => $credential_driver;
-    'assignment/driver':                         value => $assignment_driver;
+    'identity/driver':                           value => pick($identity_driver, $::facts['os_service_default']);
+    'credential/driver':                         value => pick($credential_driver, $::facts['os_service_default']);
+    'assignment/driver':                         value => pick($assignment_driver, $::facts['os_service_default']);
   }
 }
diff --git a/releasenotes/notes/ldap-deprecate-driver-opts-9f3c370b3bfe7e8e.yaml b/releasenotes/notes/ldap-deprecate-driver-opts-9f3c370b3bfe7e8e.yaml
new file mode 100644
index 000000000..21c9986e5
--- /dev/null
+++ b/releasenotes/notes/ldap-deprecate-driver-opts-9f3c370b3bfe7e8e.yaml
@@ -0,0 +1,9 @@
+---
+deprecations:
+  - |
+    The following parameters of the ``keystone::ldap`` class have been
+    deprecated and will be removed in a future release.
+
+    - ``identity_driver``
+    - ``assignment_driver``
+    - ``credential_driver``