Merge "Deprecate group_allow_* options for ldap"

manifests/ldap.pp

@@ -260,18 +260,6 @@
 #   List of attributes stripped off the group on update. (list value)
 #   Defaults to 'undef'
 #
-# [*group_allow_create*]
-#   Allow group creation in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
-# [*group_allow_update*]
-#   Allow group update in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
-# [*group_allow_delete*]
-#   Allow group deletion in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
 # [*group_additional_attribute_mapping*]
 #   Additional attribute mappings for groups. Attribute mapping
 #   format is <ldap_attr>:<user_attr>, where ldap_attr is the
@@ -358,19 +346,31 @@
 #   LDAP support packages.
 #   Defaults to true.
 #
-# === DEPRECATED group/name
+# === DEPRECATED PARAMETERS
 #
 # [*user_allow_create*]
 #   Allow user creation in LDAP backend. (boolean value)
-#   Defaults to 'undef' DEPRECATED: Has no effect.
+#   Defaults to undef
 #
 # [*user_allow_update*]
 #   Allow user updates in LDAP backend. (boolean value)
-#   Defaults to 'undef' DEPRECATED: Has no effect.
+#   Defaults to undef
 #
 # [*user_allow_delete*]
 #   Allow user deletion in LDAP backend. (boolean value)
-#   Defaults to 'undef' DEPRECATED: Has no effect.
+#   Defaults to undef
+#
+# [*group_allow_create*]
+#   Allow group creation in LDAP backend. (boolean value)
+#   Defaults to undef
+#
+# [*group_allow_update*]
+#   Allow group update in LDAP backend. (boolean value)
+#   Defaults to undef
+#
+# [*group_allow_delete*]
+#   Allow group deletion in LDAP backend. (boolean value)
+#   Defaults to undef
 #
 # == Dependencies
 # == Examples
@@ -441,9 +441,6 @@ class keystone::ldap(
   $group_member_attribute               = undef,
   $group_desc_attribute                 = undef,
   $group_attribute_ignore               = undef,
-  $group_allow_create                  = undef,
-  $group_allow_update                  = undef,
-  $group_allow_delete                  = undef,
   $group_additional_attribute_mapping   = undef,
   $chase_referrals                      = undef,
   $use_tls                              = undef,
@@ -464,10 +461,13 @@ class keystone::ldap(
   $auth_pool_connection_lifetime        = 60,
   $package_ensure                       = present,
   $manage_packages                      = true,
-  # DEPRECATED
+  # DEPRECATED PARAMETERS
   $user_allow_create                    = undef,
   $user_allow_update                    = undef,
   $user_allow_delete                    = undef,
+  $group_allow_create                   = undef,
+  $group_allow_update                   = undef,
+  $group_allow_delete                   = undef,
 ) {
 
   include ::keystone::deps
@@ -486,7 +486,12 @@ class keystone::ldap(
 
   if $user_allow_create or $user_allow_update or $user_allow_delete {
     warning("all user_allow_ options are deprecated and have no effect, \
-      they will be removed in the future")
+      they will be removed in the future release.")
+  }
+
+  if $group_allow_create or $group_allow_update or $group_allow_delete {
+    warning("all group_allow_ options are deprecated and have no effect, \
+      they will be removed in the future release.")
   }
 
   keystone_config {
@@ -547,9 +552,6 @@ class keystone::ldap(
     'ldap/group_member_attribute':               value => $group_member_attribute;
     'ldap/group_desc_attribute':                 value => $group_desc_attribute;
     'ldap/group_attribute_ignore':               value => $group_attribute_ignore;
-    'ldap/group_allow_create':                   value => $group_allow_create;
-    'ldap/group_allow_update':                   value => $group_allow_update;
-    'ldap/group_allow_delete':                   value => $group_allow_delete;
     'ldap/group_additional_attribute_mapping':   value => $group_additional_attribute_mapping;
     'ldap/chase_referrals':                      value => $chase_referrals;
     'ldap/use_tls':                              value => $use_tls;

releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - group_allow_* options for ldap are deprecated in Keystone.
+    Setting these will now have no effect and these will be
+    removed as parameters in a future release.

spec/classes/keystone_ldap_spec.rb

@@ -61,9 +61,6 @@ describe 'keystone::ldap' do
         :group_member_attribute               => 'roleOccupant',
         :group_desc_attribute                 => 'description',
         :group_attribute_ignore               => '',
-        :group_allow_create => 'False',
-        :group_allow_update => 'False',
-        :group_allow_delete => 'False',
         :group_additional_attribute_mapping   => '',
         :chase_referrals                      => 'False',
         :use_tls                              => 'False',
@@ -152,9 +149,6 @@ describe 'keystone::ldap' do
       is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description')
       is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn')
       is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('')
-      is_expected.to contain_keystone_config('ldap/group_allow_create').with_value('False')
-      is_expected.to contain_keystone_config('ldap/group_allow_update').with_value('False')
-      is_expected.to contain_keystone_config('ldap/group_allow_delete').with_value('False')
       is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('')
 
       # referrals