Merge "Remove deprecated options for pki token"

2020-06-08 23:14:10 +00:00 · 2020-06-08 23:14:10 +00:00 · 9ebf00d435
commit 9ebf00d435
parent a097b638a1 ca063bfd77
3 changed files with 8 additions and 40 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -432,11 +432,6 @@
 #   This setting has no affect when using WSGI.
 #   Defaults to undef
 #
-# [*cache_dir*]
-#   (Optional) Directory created when token_provider is pki. This folder is not
-#   created unless enable_pki_setup is set to True.
-#   Defaults to undef
-#
 # [*token_driver*]
 #   (Optional) Driver to use for managing tokens.
 #   Defaults to undef
@ -652,7 +647,6 @@ class keystone(
  $public_port                          = undef,
  $admin_workers                        = undef,
  $public_workers                       = undef,
-  $cache_dir                            = undef,
  $token_driver                         = undef,
  $validate_service                     = undef,
  $validate_insecure                    = undef,
@ -684,10 +678,6 @@ class keystone(
  include keystone::policy
  include keystone::cache

-  if $cache_dir {
-    warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release')
-  }
-
  if $token_driver {
    warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release')
  }
--- a/manifests/resource/authtoken.pp
+++ b/manifests/resource/authtoken.pp
@ -217,25 +217,6 @@
 #  "public", "internal" or "admin".
 #  Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#  (Optional) If true, the revocation list will be checked for cached tokens.
-#  This requires that PKI tokens are configured on the identity server.
-#  boolean value.
-#  Defaults to undef
-#
-# [*hash_algorithms*]
-#  (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#  single algorithm or multiple. The algorithms are those supported by Python
-#  standard hashlib.new(). The hashes will be tried in the order given, so put
-#  the preferred one first for performance. The result of the first hash will
-#  be stored in the cache. This will typically be set to multiple values only
-#  while migrating from a less secure algorithm to a more secure one. Once all
-#  the old tokens are expired this option should be set to a single value for
-#  better performance. List value.
-#  Defaults to undef
-#
 define keystone::resource::authtoken(
  $username,
  $password,
@ -273,22 +254,11 @@ define keystone::resource::authtoken(
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
  $interface                      = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {

  include keystone::params
  include keystone::deps

-  if $check_revocations_for_cached {
-    warning('keystone::resource::authtoken::check_revocations_for_cached is deprecated and will be removed')
-  }
-
-  if $hash_algorithms {
-    warning('keystone::resource::authtoken::hash_algorithms is deprecated and will be removed')
-  }
-
  if !is_service_default($include_service_catalog) {
    validate_legacy(Boolean, 'validate_bool', $include_service_catalog)
  }
--- a/releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml
+++ b/releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The following deprecated options for PKI token have been removed.
+
+    - ``keystone::cache_dir``
+    - ``keystone::resource::authtoken::hash_algorithms``
+    - ``keystone::resource::authtoken::check_revocations_for_cached``