Deprecate module_plugins

An upstream change in keystone has removed the requirement to define the
module_plugins for the Mellon, Openidc and Shibboleth federation
configs.

Change-Id: I9ef488df3564f5b01ba7cf8e6a7957565858e27e
This commit is contained in:
Alex Schultz 2018-04-25 15:52:09 -06:00
parent 7a35232faa
commit 73f863e21c
7 changed files with 49 additions and 64 deletions

View File

@ -26,11 +26,6 @@
# using Keystone VirtualHost on port 5000.
# (Optional) Defaults to true.
#
# [*module_plugin*]
# The plugin for authentication acording to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
# [*template_order*]
# This number indicates the order for the concat::fragment that will apply
# the shibboleth configuration to Keystone VirtualHost. The value should
@ -57,17 +52,25 @@
# the-middle (MITM) attacks.
# Defaults to undef
#
# === DEPRECATED
#
# [*module_plugin*]
# The plugin for authentication acording to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
class keystone::federation::mellon (
$methods,
$idp_name,
$protocol_name,
$admin_port = false,
$main_port = true,
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
$template_order = 331,
$package_ensure = present,
$enable_websso = false,
$trusted_dashboards = undef,
# DEPRECATED
$module_plugin = undef,
) {
include ::apache
@ -86,10 +89,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
if !('saml2' in $methods ) {
fail('Methods should contain saml2 as one of the auth methods.')
}else{
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
fail('The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped')
}
}
validate_bool($admin_port)
@ -101,8 +100,8 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
}
keystone_config {
'auth/methods': value => join(any2array($methods),',');
'auth/saml2': value => $module_plugin;
'auth/methods': value => join(any2array($methods),',');
'auth/saml2': ensure => absent;
}
if($enable_websso){

View File

@ -44,11 +44,6 @@
# using Keystone VirtualHost on port 5000.
# (Optional) Defaults to true.
#
# [*module_plugin*]
# The plugin for authentication acording to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
# [*template_order*]
# This number indicates the order for the concat::fragment that will apply
# the shibboleth configuration to Keystone VirtualHost. The value should
@ -64,6 +59,13 @@
# accepts latest or specific versions.
# Defaults to present.
#
# === DEPRECATED
#
# [*module_plugin*]
# The plugin for authentication acording to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
class keystone::federation::openidc (
$methods,
$idp_name,
@ -74,9 +76,10 @@ class keystone::federation::openidc (
$openidc_response_type = 'id_token',
$admin_port = false,
$main_port = true,
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
$template_order = 331,
$package_ensure = present,
# DEPRECATED
$module_plugin = undef,
) {
include ::apache
@ -94,10 +97,6 @@ class keystone::federation::openidc (
if !('openidc' in $methods ) {
fail('Methods should contain openidc as one of the auth methods.')
} else {
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
fail('Other plugins are not currently supported for openidc')
}
}
validate_bool($admin_port)
@ -108,8 +107,8 @@ class keystone::federation::openidc (
}
keystone_config {
'auth/methods': value => join(any2array($methods),',');
'auth/openidc': value => $module_plugin;
'auth/methods': value => join(any2array($methods),',');
'auth/openidc': ensure => absent;
}
ensure_packages([$::keystone::params::openidc_package_name], {

View File

@ -18,11 +18,6 @@
# (Required) (string or array value).
# Note: The external value should be dropped to avoid problems.
#
# [*module_plugin*]
# The plugin for authentication according to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
# [*suppress_warning*]
# A boolean value to disable the warning about not installing shibboleth on RedHat.
# (Optional) Defaults to false.
@ -52,6 +47,12 @@
# require => Anchor['openstack_extras_redhat']
# }
#
# === DEPRECATED
# [*module_plugin*]
# The plugin for authentication according to the choice made with protocol and
# module.
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
#
# == Note about Redhat osfamily
# According to puppet-apache we need to enable a new repo, but in puppet-openstack
# we won't enable any external third party repo.
@ -62,10 +63,11 @@ class keystone::federation::shibboleth(
$methods,
$admin_port = false,
$main_port = true,
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
$suppress_warning = false,
$template_order = 331,
$yum_repo_name = 'shibboleth'
$yum_repo_name = 'shibboleth',
# DEPRECATED
$module_plugin = undef,
) {
include ::apache
@ -83,10 +85,6 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
if !('saml2' in $methods ) {
fail('Methods should contain saml2 as one of the auth methods.')
}else{
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
fail('The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped')
}
}
validate_bool($admin_port)
@ -98,8 +96,8 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
}
keystone_config {
'auth/methods': value => join(any2array($methods),',');
'auth/saml2': value => $module_plugin;
'auth/methods': value => join(any2array($methods),',');
'auth/saml2': ensure => absent;
}
if $::osfamily == 'Debian' or ($::osfamily == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {

View File

@ -0,0 +1,7 @@
---
deprecations:
- |
keystone::federation::mellon::module_plugin,
keystone::federation::shibboleth::module_plugin,
keystone::federation::openidc::module_plugin have been deprecated and
are no longer used.

View File

@ -29,12 +29,6 @@ describe 'keystone::federation::mellon' do
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
end
before do
params.merge!({:methods => 'password, token, oauth1, saml2',
:module_plugin => 'keystone.auth.plugins'})
it_raises 'a Puppet::Error', /The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped/
end
before do
params.merge!({:admin_port => false,
:main_port => false})
@ -56,7 +50,7 @@ describe 'keystone::federation::mellon' do
context 'with only required parameters' do
it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
end
it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({
@ -74,7 +68,7 @@ describe 'keystone::federation::mellon' do
it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
end
it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({
@ -103,7 +97,7 @@ describe 'keystone::federation::mellon' do
it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
end
it 'should have parameters for websso in Keystone configuration' do

View File

@ -36,12 +36,6 @@ describe 'keystone::federation::openidc' do
it_raises 'a Puppet::Error', /Methods should contain openidc as one of the auth methods./
end
before do
params.merge!(:methods => 'password, token, oauth1, openidc',
:module_plugin => 'keystone.auth.plugins')
it_raises 'a Puppet:Error', /The plugin for openidc should be keystone.auth.plugins.mapped.Mapped/
end
before do
params.merge!(:admin_port => false,
:main_port => false)
@ -81,7 +75,7 @@ describe 'keystone::federation::openidc' do
context 'with only required parameters' do
it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openidc')
is_expected.to contain_keystone_config('auth/openidc').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/openidc').with_ensure('absent')
end
it { is_expected.to contain_concat__fragment('configure_openidc_on_port_5000').with({
@ -99,7 +93,7 @@ describe 'keystone::federation::openidc' do
it 'should have basic params for mellon in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openidc')
is_expected.to contain_keystone_config('auth/openidc').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/openidc').with_ensure('absent')
end
it { is_expected.to contain_concat__fragment('configure_openidc_on_port_5000').with({

View File

@ -27,12 +27,6 @@ describe 'keystone::federation::shibboleth' do
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
end
context 'wrong plugin' do
let (:params) { default_params.merge(:methods => ['password', 'token', 'oauth1', 'saml2'],
:module_plugin => 'keystone.auth.plugins') }
it_raises 'a Puppet::Error', /The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped/
end
context 'no ports' do
let (:params) { default_params.merge(:admin_port => false,
:main_port => false) }
@ -64,7 +58,7 @@ describe 'keystone::federation::shibboleth' do
let (:params) { default_params }
it 'should have basic params for shibboleth in Keystone configuration' do
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
end
end
@ -107,7 +101,7 @@ describe 'keystone::federation::shibboleth' do
}) }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it {is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
it {is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
it {
is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
:target => "10-keystone_wsgi_admin.conf",
@ -144,7 +138,7 @@ describe 'keystone::federation::shibboleth' do
}) }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
it { is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
it {
is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
:target => "10-keystone_wsgi_admin.conf",
@ -169,7 +163,7 @@ describe 'keystone::federation::shibboleth' do
}) }
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
it { is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
it { is_expected.to_not contain_concat__fragment('configure_shibboleth_on_port_35357') }
end
end