From b1030786a5a39fd77a13e5624ee8282fc9a0bb60 Mon Sep 17 00:00:00 2001 From: ZhongShengping Date: Sat, 21 Jan 2017 22:53:46 +0800 Subject: [PATCH] Deprecate group_allow_* options for ldap group_allow_* options for ldap are deprecated in Keystone. Setting these will now have no effect and these will be removed as parameters in a future release. Change-Id: Iac8a33c0d9babdf9e5bfa32ed0fa78d0aa8c7571 Closes-Bug: #1658326 --- manifests/ldap.pp | 210 +++++++++--------- ...up_allow_ldap-params-671a23e9813f1d75.yaml | 5 + spec/classes/keystone_ldap_spec.rb | 150 ++++++------- 3 files changed, 183 insertions(+), 182 deletions(-) create mode 100644 releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml diff --git a/manifests/ldap.pp b/manifests/ldap.pp index be4f75763..355487b43 100644 --- a/manifests/ldap.pp +++ b/manifests/ldap.pp @@ -260,18 +260,6 @@ # List of attributes stripped off the group on update. (list value) # Defaults to 'undef' # -# [*group_allow_create*] -# Allow group creation in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*group_allow_update*] -# Allow group update in LDAP backend. (boolean value) -# Defaults to 'undef' -# -# [*group_allow_delete*] -# Allow group deletion in LDAP backend. (boolean value) -# Defaults to 'undef' -# # [*group_additional_attribute_mapping*] # Additional attribute mappings for groups. Attribute mapping # format is :, where ldap_attr is the @@ -358,19 +346,31 @@ # LDAP support packages. # Defaults to true. # -# === DEPRECATED group/name +# === DEPRECATED PARAMETERS # # [*user_allow_create*] # Allow user creation in LDAP backend. (boolean value) -# Defaults to 'undef' DEPRECATED: Has no effect. +# Defaults to undef # # [*user_allow_update*] # Allow user updates in LDAP backend. (boolean value) -# Defaults to 'undef' DEPRECATED: Has no effect. +# Defaults to undef # # [*user_allow_delete*] # Allow user deletion in LDAP backend. (boolean value) -# Defaults to 'undef' DEPRECATED: Has no effect. +# Defaults to undef +# +# [*group_allow_create*] +# Allow group creation in LDAP backend. (boolean value) +# Defaults to undef +# +# [*group_allow_update*] +# Allow group update in LDAP backend. (boolean value) +# Defaults to undef +# +# [*group_allow_delete*] +# Allow group deletion in LDAP backend. (boolean value) +# Defaults to undef # # == Dependencies # == Examples @@ -384,90 +384,90 @@ # Copyright 2012 Puppetlabs Inc, unless otherwise noted. # class keystone::ldap( - $url = undef, - $user = undef, - $password = undef, - $suffix = undef, - $query_scope = undef, - $page_size = undef, - $user_tree_dn = undef, - $user_filter = undef, - $user_objectclass = undef, - $user_id_attribute = undef, - $user_name_attribute = undef, - $user_mail_attribute = undef, - $user_enabled_attribute = undef, - $user_enabled_mask = undef, - $user_enabled_default = undef, - $user_enabled_invert = undef, - $user_attribute_ignore = undef, - $user_default_project_id_attribute = undef, - $user_pass_attribute = undef, - $user_enabled_emulation = undef, - $user_enabled_emulation_dn = undef, - $user_additional_attribute_mapping = undef, - $project_tree_dn = undef, - $project_filter = undef, - $project_objectclass = undef, - $project_id_attribute = undef, - $project_member_attribute = undef, - $project_desc_attribute = undef, - $project_name_attribute = undef, - $project_enabled_attribute = undef, - $project_domain_id_attribute = undef, - $project_attribute_ignore = undef, - $project_allow_create = undef, - $project_allow_update = undef, - $project_allow_delete = undef, - $project_enabled_emulation = undef, - $project_enabled_emulation_dn = undef, - $project_additional_attribute_mapping= undef, - $role_tree_dn = undef, - $role_filter = undef, - $role_objectclass = undef, - $role_id_attribute = undef, - $role_name_attribute = undef, - $role_member_attribute = undef, - $role_attribute_ignore = undef, - $role_allow_create = undef, - $role_allow_update = undef, - $role_allow_delete = undef, - $role_additional_attribute_mapping = undef, - $group_tree_dn = undef, - $group_filter = undef, - $group_objectclass = undef, - $group_id_attribute = undef, - $group_name_attribute = undef, - $group_member_attribute = undef, - $group_desc_attribute = undef, - $group_attribute_ignore = undef, - $group_allow_create = undef, - $group_allow_update = undef, - $group_allow_delete = undef, - $group_additional_attribute_mapping = undef, - $chase_referrals = undef, - $use_tls = undef, - $tls_cacertdir = undef, - $tls_cacertfile = undef, - $tls_req_cert = undef, - $identity_driver = undef, - $assignment_driver = undef, - $credential_driver = undef, - $use_pool = false, - $pool_size = 10, - $pool_retry_max = 3, - $pool_retry_delay = 0.1, - $pool_connection_timeout = -1, - $pool_connection_lifetime = 600, - $use_auth_pool = false, - $auth_pool_size = 100, - $auth_pool_connection_lifetime = 60, - $package_ensure = present, - $manage_packages = true, - # DEPRECATED - $user_allow_create = undef, - $user_allow_update = undef, - $user_allow_delete = undef, + $url = undef, + $user = undef, + $password = undef, + $suffix = undef, + $query_scope = undef, + $page_size = undef, + $user_tree_dn = undef, + $user_filter = undef, + $user_objectclass = undef, + $user_id_attribute = undef, + $user_name_attribute = undef, + $user_mail_attribute = undef, + $user_enabled_attribute = undef, + $user_enabled_mask = undef, + $user_enabled_default = undef, + $user_enabled_invert = undef, + $user_attribute_ignore = undef, + $user_default_project_id_attribute = undef, + $user_pass_attribute = undef, + $user_enabled_emulation = undef, + $user_enabled_emulation_dn = undef, + $user_additional_attribute_mapping = undef, + $project_tree_dn = undef, + $project_filter = undef, + $project_objectclass = undef, + $project_id_attribute = undef, + $project_member_attribute = undef, + $project_desc_attribute = undef, + $project_name_attribute = undef, + $project_enabled_attribute = undef, + $project_domain_id_attribute = undef, + $project_attribute_ignore = undef, + $project_allow_create = undef, + $project_allow_update = undef, + $project_allow_delete = undef, + $project_enabled_emulation = undef, + $project_enabled_emulation_dn = undef, + $project_additional_attribute_mapping = undef, + $role_tree_dn = undef, + $role_filter = undef, + $role_objectclass = undef, + $role_id_attribute = undef, + $role_name_attribute = undef, + $role_member_attribute = undef, + $role_attribute_ignore = undef, + $role_allow_create = undef, + $role_allow_update = undef, + $role_allow_delete = undef, + $role_additional_attribute_mapping = undef, + $group_tree_dn = undef, + $group_filter = undef, + $group_objectclass = undef, + $group_id_attribute = undef, + $group_name_attribute = undef, + $group_member_attribute = undef, + $group_desc_attribute = undef, + $group_attribute_ignore = undef, + $group_additional_attribute_mapping = undef, + $chase_referrals = undef, + $use_tls = undef, + $tls_cacertdir = undef, + $tls_cacertfile = undef, + $tls_req_cert = undef, + $identity_driver = undef, + $assignment_driver = undef, + $credential_driver = undef, + $use_pool = false, + $pool_size = 10, + $pool_retry_max = 3, + $pool_retry_delay = 0.1, + $pool_connection_timeout = -1, + $pool_connection_lifetime = 600, + $use_auth_pool = false, + $auth_pool_size = 100, + $auth_pool_connection_lifetime = 60, + $package_ensure = present, + $manage_packages = true, + # DEPRECATED PARAMETERS + $user_allow_create = undef, + $user_allow_update = undef, + $user_allow_delete = undef, + $group_allow_create = undef, + $group_allow_update = undef, + $group_allow_delete = undef, ) { include ::keystone::deps @@ -486,7 +486,12 @@ class keystone::ldap( if $user_allow_create or $user_allow_update or $user_allow_delete { warning("all user_allow_ options are deprecated and have no effect, \ - they will be removed in the future") + they will be removed in the future release.") + } + + if $group_allow_create or $group_allow_update or $group_allow_delete { + warning("all group_allow_ options are deprecated and have no effect, \ + they will be removed in the future release.") } keystone_config { @@ -547,9 +552,6 @@ class keystone::ldap( 'ldap/group_member_attribute': value => $group_member_attribute; 'ldap/group_desc_attribute': value => $group_desc_attribute; 'ldap/group_attribute_ignore': value => $group_attribute_ignore; - 'ldap/group_allow_create': value => $group_allow_create; - 'ldap/group_allow_update': value => $group_allow_update; - 'ldap/group_allow_delete': value => $group_allow_delete; 'ldap/group_additional_attribute_mapping': value => $group_additional_attribute_mapping; 'ldap/chase_referrals': value => $chase_referrals; 'ldap/use_tls': value => $use_tls; diff --git a/releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml b/releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml new file mode 100644 index 000000000..b307467bb --- /dev/null +++ b/releasenotes/notes/deprecate-group_allow_ldap-params-671a23e9813f1d75.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - group_allow_* options for ldap are deprecated in Keystone. + Setting these will now have no effect and these will be + removed as parameters in a future release. diff --git a/spec/classes/keystone_ldap_spec.rb b/spec/classes/keystone_ldap_spec.rb index e81033b33..4d15d4ae7 100644 --- a/spec/classes/keystone_ldap_spec.rb +++ b/spec/classes/keystone_ldap_spec.rb @@ -4,82 +4,79 @@ describe 'keystone::ldap' do describe 'with basic params' do let :params do { - :url => 'ldap://foo', - :user => 'cn=foo,dc=example,dc=com', - :password => 'abcdefg', - :suffix => 'dc=example,dc=com', - :query_scope => 'sub', - :page_size => '50', - :user_tree_dn => 'cn=users,dc=example,dc=com', - :user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)', - :user_objectclass => 'inetUser', - :user_id_attribute => 'uid', - :user_name_attribute => 'cn', - :user_mail_attribute => 'mail', - :user_enabled_attribute => 'UserAccountControl', - :user_enabled_mask => '2', - :user_enabled_default => '512', - :user_enabled_invert => 'False', - :user_attribute_ignore => '', - :user_default_project_id_attribute => 'defaultProject', - :user_pass_attribute => 'krbPassword', - :user_enabled_emulation => 'True', - :user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', - :user_additional_attribute_mapping => 'description:name, gecos:name', - :project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com', - :project_filter => '', - :project_objectclass => 'organizationalUnit', - :project_id_attribute => 'ou', - :project_member_attribute => 'member', - :project_desc_attribute => 'description', - :project_name_attribute => 'ou', - :project_enabled_attribute => 'enabled', - :project_domain_id_attribute => 'businessCategory', - :project_attribute_ignore => '', - :project_allow_create => 'True', - :project_allow_update => 'True', - :project_allow_delete => 'True', - :project_enabled_emulation => 'False', - :project_enabled_emulation_dn => 'True', + :url => 'ldap://foo', + :user => 'cn=foo,dc=example,dc=com', + :password => 'abcdefg', + :suffix => 'dc=example,dc=com', + :query_scope => 'sub', + :page_size => '50', + :user_tree_dn => 'cn=users,dc=example,dc=com', + :user_filter => '(memberOf=cn=openstack,cn=groups,cn=accounts,dc=example,dc=com)', + :user_objectclass => 'inetUser', + :user_id_attribute => 'uid', + :user_name_attribute => 'cn', + :user_mail_attribute => 'mail', + :user_enabled_attribute => 'UserAccountControl', + :user_enabled_mask => '2', + :user_enabled_default => '512', + :user_enabled_invert => 'False', + :user_attribute_ignore => '', + :user_default_project_id_attribute => 'defaultProject', + :user_pass_attribute => 'krbPassword', + :user_enabled_emulation => 'True', + :user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com', + :user_additional_attribute_mapping => 'description:name, gecos:name', + :project_tree_dn => 'ou=projects,ou=openstack,dc=example,dc=com', + :project_filter => '', + :project_objectclass => 'organizationalUnit', + :project_id_attribute => 'ou', + :project_member_attribute => 'member', + :project_desc_attribute => 'description', + :project_name_attribute => 'ou', + :project_enabled_attribute => 'enabled', + :project_domain_id_attribute => 'businessCategory', + :project_attribute_ignore => '', + :project_allow_create => 'True', + :project_allow_update => 'True', + :project_allow_delete => 'True', + :project_enabled_emulation => 'False', + :project_enabled_emulation_dn => 'True', :project_additional_attribute_mapping => 'cn=enabled,ou=openstack,dc=example,dc=com', - :role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com', - :role_filter => '', - :role_objectclass => 'organizationalRole', - :role_id_attribute => 'cn', - :role_name_attribute => 'ou', - :role_member_attribute => 'roleOccupant', - :role_attribute_ignore => 'description', - :role_allow_create => 'True', - :role_allow_update => 'True', - :role_allow_delete => 'True', - :role_additional_attribute_mapping => '', - :group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', - :group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com', - :group_objectclass => 'organizationalRole', - :group_id_attribute => 'cn', - :group_name_attribute => 'cn', - :group_member_attribute => 'roleOccupant', - :group_desc_attribute => 'description', - :group_attribute_ignore => '', - :group_allow_create => 'False', - :group_allow_update => 'False', - :group_allow_delete => 'False', - :group_additional_attribute_mapping => '', - :chase_referrals => 'False', - :use_tls => 'False', - :tls_cacertdir => '/etc/ssl/certs/', - :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', - :tls_req_cert => 'demand', - :identity_driver => 'ldap', - :use_pool => 'True', - :pool_size => 20, - :pool_retry_max => 2, - :pool_retry_delay => 0.2, - :pool_connection_timeout => 222, - :pool_connection_lifetime => 222, - :use_auth_pool => 'True', - :auth_pool_size => 20, - :auth_pool_connection_lifetime => 200, + :role_tree_dn => 'ou=roles,ou=openstack,dc=example,dc=com', + :role_filter => '', + :role_objectclass => 'organizationalRole', + :role_id_attribute => 'cn', + :role_name_attribute => 'ou', + :role_member_attribute => 'roleOccupant', + :role_attribute_ignore => 'description', + :role_allow_create => 'True', + :role_allow_update => 'True', + :role_allow_delete => 'True', + :role_additional_attribute_mapping => '', + :group_tree_dn => 'ou=groups,ou=openstack,dc=example,dc=com', + :group_filter => 'cn=enabled-groups,cn=groups,cn=accounts,dc=example,dc=com', + :group_objectclass => 'organizationalRole', + :group_id_attribute => 'cn', + :group_name_attribute => 'cn', + :group_member_attribute => 'roleOccupant', + :group_desc_attribute => 'description', + :group_attribute_ignore => '', + :group_additional_attribute_mapping => '', + :chase_referrals => 'False', + :use_tls => 'False', + :tls_cacertdir => '/etc/ssl/certs/', + :tls_cacertfile => '/etc/ssl/certs/ca-certificates.crt', + :tls_req_cert => 'demand', + :identity_driver => 'ldap', + :use_pool => 'True', + :pool_size => 20, + :pool_retry_max => 2, + :pool_retry_delay => 0.2, + :pool_connection_timeout => 222, + :pool_connection_lifetime => 222, + :use_auth_pool => 'True', + :auth_pool_size => 20, + :auth_pool_connection_lifetime => 200, } end it { is_expected.to contain_package('python-ldap') } @@ -152,9 +149,6 @@ describe 'keystone::ldap' do is_expected.to contain_keystone_config('ldap/group_desc_attribute').with_value('description') is_expected.to contain_keystone_config('ldap/group_name_attribute').with_value('cn') is_expected.to contain_keystone_config('ldap/group_attribute_ignore').with_value('') - is_expected.to contain_keystone_config('ldap/group_allow_create').with_value('False') - is_expected.to contain_keystone_config('ldap/group_allow_update').with_value('False') - is_expected.to contain_keystone_config('ldap/group_allow_delete').with_value('False') is_expected.to contain_keystone_config('ldap/group_additional_attribute_mapping').with_value('') # referrals