Remove keystone::federation::mellon::trusted_dashboards

... because it was deprecated a while ago[1]. [1] 8e44af162bdcd9161db775bdf3abbbb55f91682c Change-Id: I84363c2908f0c92781d0cc6b5c9f6dbd941c3ef7
2020-04-26 22:25:53 +09:00 · 2020-04-26 22:25:53 +09:00 · 8ba6471847
commit 8ba6471847
parent 6382396f09
3 changed files with 4 additions and 25 deletions
--- a/manifests/federation/mellon.pp
+++ b/manifests/federation/mellon.pp
@ -38,15 +38,6 @@
 #
 # === DEPRECATED
 #
-# [*trusted_dashboards*]
-#   (optional) URL list of trusted horizon servers.
-#   This setting ensures that keystone only sends token data back to trusted
-#   servers. This is performed as a precaution, specifically to prevent man-in-
-#   the-middle (MITM) attacks.
-#   It is recommended to use the keystone::federation class to set the
-#   trusted_dashboards configuration instead of this parameter.
-#   Defaults to undef
-#
 # [*admin_port*]
 #  A boolean value to ensure that you want to configure K2K Federation
 #  using Keystone VirtualHost on port 35357.
@ -65,7 +56,6 @@ class keystone::federation::mellon (
  $package_ensure     = present,
  $enable_websso      = false,
  # DEPRECATED
-  $trusted_dashboards = undef,
  $admin_port         = undef,
  $main_port          = undef,
 ) {
@ -74,11 +64,6 @@ class keystone::federation::mellon (
  include keystone::deps
  include keystone::params

-  if ($trusted_dashboards) {
-    warning("keystone::federation::mellon::trusted_dashboards is deprecated \
-in Stein and will be removed in future releases")
-  }
-
  if $admin_port or $main_port {
    warning('keystone::federation::mellon::admin_port and main_port are deprecated and have no effect')
  }
@ -105,11 +90,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
  }

  if($enable_websso){
-    if($trusted_dashboards){
-      keystone_config {
-        'federation/trusted_dashboard': value => join(any2array($trusted_dashboards),',');
-      }
-    }
    keystone_config {
      'mapped/remote_id_attribute': value => 'MELLON_IDP';
    }
--- a/releasenotes/notes/remove-federation-mellon-trusted_dashboards-c876d52588ed71da.yaml
+++ b/releasenotes/notes/remove-federation-mellon-trusted_dashboards-c876d52588ed71da.yaml
@ -0,0 +1,4 @@
+---
+deprecations:
+  - |
+    The ``keystone::federation::mellon::trusted_dashboards`` has been removed.
--- a/spec/classes/keystone_federation_mellon_spec.rb
+++ b/spec/classes/keystone_federation_mellon_spec.rb
@ -58,10 +58,6 @@ describe 'keystone::federation::mellon' do
      before do
        params.merge!({
          :enable_websso => true,
-          :trusted_dashboards => [
-            'http://acme.horizon.com/auth/websso/',
-            'http://beta.horizon.com/auth/websso/',
-          ],
        })
      end

@ -72,7 +68,6 @@ describe 'keystone::federation::mellon' do

      it 'should have parameters for websso in Keystone configuration' do
        is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP')
-        is_expected.to contain_keystone_config('federation/trusted_dashboard').with_value('http://acme.horizon.com/auth/websso/,http://beta.horizon.com/auth/websso/')
      end

      it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({