openstack/puppet-keystone
Code Issues Proposed changes

Remove keystone::federation::mellon::trusted_dashboards

Browse Source 
... because it was deprecated a while ago[1].

[1] 8e44af162b
Change-Id: I84363c2908f0c92781d0cc6b5c9f6dbd941c3ef7
This commit is contained in:
Takashi Kajinami
2020-04-26 22:25:53 +09:00
parent 6382396f09
commit 8ba6471847
3 changed files with 4 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
manifests/federation/mellon.pp
View File

@@ -38,15 +38,6 @@
# #
# === DEPRECATED # === DEPRECATED
# #
# [*trusted_dashboards*]
# (optional) URL list of trusted horizon servers.
# This setting ensures that keystone only sends token data back to trusted
# servers. This is performed as a precaution, specifically to prevent man-in-
# the-middle (MITM) attacks.
# It is recommended to use the keystone::federation class to set the
# trusted_dashboards configuration instead of this parameter.
# Defaults to undef
#
# [*admin_port*] # [*admin_port*]
# A boolean value to ensure that you want to configure K2K Federation # A boolean value to ensure that you want to configure K2K Federation
# using Keystone VirtualHost on port 35357. # using Keystone VirtualHost on port 35357.
@@ -65,7 +56,6 @@ class keystone::federation::mellon (
$package_ensure = present, $package_ensure = present,
$enable_websso = false, $enable_websso = false,
# DEPRECATED # DEPRECATED
$trusted_dashboards = undef,
$admin_port = undef, $admin_port = undef,
$main_port = undef, $main_port = undef,
) { ) {
@@ -74,11 +64,6 @@ class keystone::federation::mellon (
include keystone::deps include keystone::deps
include keystone::params include keystone::params
if ($trusted_dashboards) {
warning("keystone::federation::mellon::trusted_dashboards is deprecated \
in Stein and will be removed in future releases")
}
if $admin_port or $main_port { if $admin_port or $main_port {
warning('keystone::federation::mellon::admin_port and main_port are deprecated and have no effect') warning('keystone::federation::mellon::admin_port and main_port are deprecated and have no effect')
} }
@@ -105,11 +90,6 @@ Apache + Mellon SP setups, where a REMOTE_USER env variable is always set, even
} }
if($enable_websso){ if($enable_websso){
if($trusted_dashboards){
keystone_config {
'federation/trusted_dashboard': value => join(any2array($trusted_dashboards),',');
}
}
keystone_config { keystone_config {
'mapped/remote_id_attribute': value => 'MELLON_IDP'; 'mapped/remote_id_attribute': value => 'MELLON_IDP';
} }

4
releasenotes/notes/remove-federation-mellon-trusted_dashboards-c876d52588ed71da.yaml Normal file
View File

@@ -0,0 +1,4 @@
---
deprecations:
- |
The ``keystone::federation::mellon::trusted_dashboards`` has been removed.

5
spec/classes/keystone_federation_mellon_spec.rb
View File

@@ -58,10 +58,6 @@ describe 'keystone::federation::mellon' do
before do before do
params.merge!({ params.merge!({
:enable_websso => true, :enable_websso => true,
:trusted_dashboards => [
'http://acme.horizon.com/auth/websso/',
'http://beta.horizon.com/auth/websso/',
],
}) })
end end
@@ -72,7 +68,6 @@ describe 'keystone::federation::mellon' do
it 'should have parameters for websso in Keystone configuration' do it 'should have parameters for websso in Keystone configuration' do
is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP') is_expected.to contain_keystone_config('mapped/remote_id_attribute').with_value('MELLON_IDP')
is_expected.to contain_keystone_config('federation/trusted_dashboard').with_value('http://acme.horizon.com/auth/websso/,http://beta.horizon.com/auth/websso/')
end end
it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({ it { is_expected.to contain_concat__fragment('configure_mellon_keystone').with({