Deprecate module_plugins
An upstream change in keystone has removed the requirement to define the module_plugins for the Mellon, Openidc and Shibboleth federation configs. Change-Id: I9ef488df3564f5b01ba7cf8e6a7957565858e27e
This commit is contained in:
Alex Schultz
@@ -26,11 +26,6 @@
|
||||
# using Keystone VirtualHost on port 5000.
|
||||
# (Optional) Defaults to true.
|
||||
#
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication acording to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
# [*template_order*]
|
||||
# This number indicates the order for the concat::fragment that will apply
|
||||
# the shibboleth configuration to Keystone VirtualHost. The value should
|
||||
@@ -57,17 +52,25 @@
|
||||
# the-middle (MITM) attacks.
|
||||
# Defaults to undef
|
||||
#
|
||||
# === DEPRECATED
|
||||
#
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication acording to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
class keystone::federation::mellon (
|
||||
$methods,
|
||||
$idp_name,
|
||||
$protocol_name,
|
||||
$admin_port = false,
|
||||
$main_port = true,
|
||||
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
|
||||
$template_order = 331,
|
||||
$package_ensure = present,
|
||||
$enable_websso = false,
|
||||
$trusted_dashboards = undef,
|
||||
# DEPRECATED
|
||||
$module_plugin = undef,
|
||||
) {
|
||||
|
||||
include ::apache
|
||||
@@ -86,10 +89,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
|
||||
|
||||
if !('saml2' in $methods ) {
|
||||
fail('Methods should contain saml2 as one of the auth methods.')
|
||||
}else{
|
||||
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
|
||||
fail('The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped')
|
||||
}
|
||||
}
|
||||
|
||||
validate_bool($admin_port)
|
||||
@@ -101,8 +100,8 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
|
||||
}
|
||||
|
||||
keystone_config {
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': value => $module_plugin;
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': ensure => absent;
|
||||
}
|
||||
|
||||
if($enable_websso){
|
||||
|
||||
@@ -44,11 +44,6 @@
|
||||
# using Keystone VirtualHost on port 5000.
|
||||
# (Optional) Defaults to true.
|
||||
#
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication acording to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
# [*template_order*]
|
||||
# This number indicates the order for the concat::fragment that will apply
|
||||
# the shibboleth configuration to Keystone VirtualHost. The value should
|
||||
@@ -64,6 +59,13 @@
|
||||
# accepts latest or specific versions.
|
||||
# Defaults to present.
|
||||
#
|
||||
# === DEPRECATED
|
||||
#
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication acording to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
class keystone::federation::openidc (
|
||||
$methods,
|
||||
$idp_name,
|
||||
@@ -74,9 +76,10 @@ class keystone::federation::openidc (
|
||||
$openidc_response_type = 'id_token',
|
||||
$admin_port = false,
|
||||
$main_port = true,
|
||||
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
|
||||
$template_order = 331,
|
||||
$package_ensure = present,
|
||||
# DEPRECATED
|
||||
$module_plugin = undef,
|
||||
) {
|
||||
|
||||
include ::apache
|
||||
@@ -94,10 +97,6 @@ class keystone::federation::openidc (
|
||||
|
||||
if !('openidc' in $methods ) {
|
||||
fail('Methods should contain openidc as one of the auth methods.')
|
||||
} else {
|
||||
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
|
||||
fail('Other plugins are not currently supported for openidc')
|
||||
}
|
||||
}
|
||||
|
||||
validate_bool($admin_port)
|
||||
@@ -108,8 +107,8 @@ class keystone::federation::openidc (
|
||||
}
|
||||
|
||||
keystone_config {
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/openidc': value => $module_plugin;
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/openidc': ensure => absent;
|
||||
}
|
||||
|
||||
ensure_packages([$::keystone::params::openidc_package_name], {
|
||||
|
||||
@@ -18,11 +18,6 @@
|
||||
# (Required) (string or array value).
|
||||
# Note: The external value should be dropped to avoid problems.
|
||||
#
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication according to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
# [*suppress_warning*]
|
||||
# A boolean value to disable the warning about not installing shibboleth on RedHat.
|
||||
# (Optional) Defaults to false.
|
||||
@@ -52,6 +47,12 @@
|
||||
# require => Anchor['openstack_extras_redhat']
|
||||
# }
|
||||
#
|
||||
# === DEPRECATED
|
||||
# [*module_plugin*]
|
||||
# The plugin for authentication according to the choice made with protocol and
|
||||
# module.
|
||||
# (Optional) Defaults to 'keystone.auth.plugins.mapped.Mapped' (string value)
|
||||
#
|
||||
# == Note about Redhat osfamily
|
||||
# According to puppet-apache we need to enable a new repo, but in puppet-openstack
|
||||
# we won't enable any external third party repo.
|
||||
@@ -62,10 +63,11 @@ class keystone::federation::shibboleth(
|
||||
$methods,
|
||||
$admin_port = false,
|
||||
$main_port = true,
|
||||
$module_plugin = 'keystone.auth.plugins.mapped.Mapped',
|
||||
$suppress_warning = false,
|
||||
$template_order = 331,
|
||||
$yum_repo_name = 'shibboleth'
|
||||
$yum_repo_name = 'shibboleth',
|
||||
# DEPRECATED
|
||||
$module_plugin = undef,
|
||||
) {
|
||||
|
||||
include ::apache
|
||||
@@ -83,10 +85,6 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
||||
|
||||
if !('saml2' in $methods ) {
|
||||
fail('Methods should contain saml2 as one of the auth methods.')
|
||||
}else{
|
||||
if ($module_plugin != 'keystone.auth.plugins.mapped.Mapped') {
|
||||
fail('The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped')
|
||||
}
|
||||
}
|
||||
|
||||
validate_bool($admin_port)
|
||||
@@ -98,8 +96,8 @@ Apache + Shibboleth SP setups, where a REMOTE_USER env variable is always set, e
|
||||
}
|
||||
|
||||
keystone_config {
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': value => $module_plugin;
|
||||
'auth/methods': value => join(any2array($methods),',');
|
||||
'auth/saml2': ensure => absent;
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' or ($::osfamily == 'RedHat' and (defined(Yumrepo[$yum_repo_name])) or defined(Package['shibboleth'])) {
|
||||
|
||||
@@ -0,0 +1,7 @@
|
||||
---
|
||||
deprecations:
|
||||
- |
|
||||
keystone::federation::mellon::module_plugin,
|
||||
keystone::federation::shibboleth::module_plugin,
|
||||
keystone::federation::openidc::module_plugin have been deprecated and
|
||||
are no longer used.
|
||||
@@ -29,12 +29,6 @@ describe 'keystone::federation::mellon' do
|
||||
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
|
||||
end
|
||||
|
||||
before do
|
||||
params.merge!({:methods => 'password, token, oauth1, saml2',
|
||||
:module_plugin => 'keystone.auth.plugins'})
|
||||
it_raises 'a Puppet::Error', /The plugin for saml and mellon should be keystone.auth.plugins.mapped.Mapped/
|
||||
end
|
||||
|
||||
before do
|
||||
params.merge!({:admin_port => false,
|
||||
:main_port => false})
|
||||
@@ -56,7 +50,7 @@ describe 'keystone::federation::mellon' do
|
||||
context 'with only required parameters' do
|
||||
it 'should have basic params for mellon in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({
|
||||
@@ -74,7 +68,7 @@ describe 'keystone::federation::mellon' do
|
||||
|
||||
it 'should have basic params for mellon in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat__fragment('configure_mellon_on_port_5000').with({
|
||||
@@ -103,7 +97,7 @@ describe 'keystone::federation::mellon' do
|
||||
|
||||
it 'should have basic params for mellon in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
||||
end
|
||||
|
||||
it 'should have parameters for websso in Keystone configuration' do
|
||||
|
||||
@@ -36,12 +36,6 @@ describe 'keystone::federation::openidc' do
|
||||
it_raises 'a Puppet::Error', /Methods should contain openidc as one of the auth methods./
|
||||
end
|
||||
|
||||
before do
|
||||
params.merge!(:methods => 'password, token, oauth1, openidc',
|
||||
:module_plugin => 'keystone.auth.plugins')
|
||||
it_raises 'a Puppet:Error', /The plugin for openidc should be keystone.auth.plugins.mapped.Mapped/
|
||||
end
|
||||
|
||||
before do
|
||||
params.merge!(:admin_port => false,
|
||||
:main_port => false)
|
||||
@@ -81,7 +75,7 @@ describe 'keystone::federation::openidc' do
|
||||
context 'with only required parameters' do
|
||||
it 'should have basic params for mellon in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openidc')
|
||||
is_expected.to contain_keystone_config('auth/openidc').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/openidc').with_ensure('absent')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat__fragment('configure_openidc_on_port_5000').with({
|
||||
@@ -99,7 +93,7 @@ describe 'keystone::federation::openidc' do
|
||||
|
||||
it 'should have basic params for mellon in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, openidc')
|
||||
is_expected.to contain_keystone_config('auth/openidc').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/openidc').with_ensure('absent')
|
||||
end
|
||||
|
||||
it { is_expected.to contain_concat__fragment('configure_openidc_on_port_5000').with({
|
||||
|
||||
@@ -27,12 +27,6 @@ describe 'keystone::federation::shibboleth' do
|
||||
it_raises 'a Puppet::Error', /Methods should contain saml2 as one of the auth methods./
|
||||
end
|
||||
|
||||
context 'wrong plugin' do
|
||||
let (:params) { default_params.merge(:methods => ['password', 'token', 'oauth1', 'saml2'],
|
||||
:module_plugin => 'keystone.auth.plugins') }
|
||||
it_raises 'a Puppet::Error', /The plugin for saml and shibboleth should be keystone.auth.plugins.mapped.Mapped/
|
||||
end
|
||||
|
||||
context 'no ports' do
|
||||
let (:params) { default_params.merge(:admin_port => false,
|
||||
:main_port => false) }
|
||||
@@ -64,7 +58,7 @@ describe 'keystone::federation::shibboleth' do
|
||||
let (:params) { default_params }
|
||||
it 'should have basic params for shibboleth in Keystone configuration' do
|
||||
is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped')
|
||||
is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent')
|
||||
end
|
||||
end
|
||||
|
||||
@@ -107,7 +101,7 @@ describe 'keystone::federation::shibboleth' do
|
||||
}) }
|
||||
|
||||
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
|
||||
it {is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
|
||||
it {is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
|
||||
it {
|
||||
is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
|
||||
:target => "10-keystone_wsgi_admin.conf",
|
||||
@@ -144,7 +138,7 @@ describe 'keystone::federation::shibboleth' do
|
||||
}) }
|
||||
|
||||
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
|
||||
it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
|
||||
it { is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
|
||||
it {
|
||||
is_expected.to contain_concat__fragment('configure_shibboleth_on_port_35357').with({
|
||||
:target => "10-keystone_wsgi_admin.conf",
|
||||
@@ -169,7 +163,7 @@ describe 'keystone::federation::shibboleth' do
|
||||
}) }
|
||||
|
||||
it { is_expected.to contain_keystone_config('auth/methods').with_value('password, token, saml2') }
|
||||
it { is_expected.to contain_keystone_config('auth/saml2').with_value('keystone.auth.plugins.mapped.Mapped') }
|
||||
it { is_expected.to contain_keystone_config('auth/saml2').with_ensure('absent') }
|
||||
it { is_expected.to_not contain_concat__fragment('configure_shibboleth_on_port_35357') }
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user