Remove deprecated parameters for [ssl] options

These parameters were deprecated during the previous cycle[1]. [1] 0954fea1d6 Change-Id: I67755c4181868e137928f9444fae4be09f511c36
2022-11-15 11:42:33 +09:00 · 2022-11-15 11:42:33 +09:00 · b99810d6f9
parent e19a4c3151
commit b99810d6f9
4 changed files with 11 additions and 62 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -325,32 +325,6 @@
 #   This accepts sql or template.
 #   Defaults to undef.
 #
-# [*enable_ssl*]
-#   (Optional) Toggle for SSL support on the keystone eventlet servers.
-#   (boolean value)
-#   Defaults to undef
-#
-# [*ssl_certfile*]
-#   (Optional) Path of the certfile for SSL. (string value)
-#   Defaults to undef
-#
-# [*ssl_keyfile*]
-#   (Optional) Path of the keyfile for SSL. (string value)
-#   Defaults to undef
-#
-# [*ssl_ca_certs*]
-#   (Optional) Path of the ca cert file for SSL. (string value)
-#   Defaults to undef
-#
-# [*ssl_ca_key*]
-#   (Optional) Path of the CA key file for SSL (string value)
-#   Defaults to undef
-#
-# [*ssl_cert_subject*]
-#   (Optional) SSL Certificate Subject (auto generated certificate)
-#   (string value)
-#   Defaults to undef
-#
 # == Authors
 #
 #   Dan Bode dan@puppetlabs.com
@ -417,12 +391,6 @@ class keystone(
  $amqp_durable_queues                  = $::os_service_default,
  # DEPRECATED PARAMETERS
  $catalog_type                         = undef,
-  $enable_ssl                           = undef,
-  $ssl_certfile                         = undef,
-  $ssl_keyfile                          = undef,
-  $ssl_ca_certs                         = undef,
-  $ssl_ca_key                           = undef,
-  $ssl_cert_subject                     = undef,
 ) inherits keystone::params {

  include keystone::deps
@ -436,18 +404,6 @@ class keystone(
    }
  }

-  [
-    'enable_ssl',
-    'ssl_certfile',
-    'ssl_ca_certs',
-    'ssl_ca_key',
-    'ssl_cert_subject'
-  ].each |String $ssl_opt| {
-    if getvar($ssl_opt) != undef {
-      warning("The ${ssl_opt} parameter has been deprecated and has no effect.")
-    }
-  }
-
  if $manage_policyrcd {
    # openstacklib policy_rcd only affects debian based systems.
    Policy_rcd <| title == 'keystone' |> -> Package['keystone']
@ -502,16 +458,6 @@ class keystone(
    'policy/driver': value => $policy_driver;
  }

-  # TODO(tkajinam): Remove this after Z-release
-  keystone_config {
-    'ssl/enable':       ensure => absent;
-    'ssl/certfile':     ensure => absent;
-    'ssl/keyfile':      ensure => absent;
-    'ssl/ca_certs':     ensure => absent;
-    'ssl/ca_key':       ensure => absent;
-    'ssl/cert_subject': ensure => absent;
-  }
-
  oslo::middleware { 'keystone_config':
    enable_proxy_headers_parsing => $enable_proxy_headers_parsing,
    max_request_body_size        => $max_request_body_size,
--- a/releasenotes/notes/bug-1967717-cleanup-d7ef777a60ffbce0.yaml
+++ b/releasenotes/notes/bug-1967717-cleanup-d7ef777a60ffbce0.yaml
@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    The following parameters of the ``keystone`` class have been removed.
+
+    - ``enable_ssl``
+    - ``ssl_certfile``
+    - ``ssl_keyfile``
+    - ``ssl_ca_certs``
+    - ``ssl_ca_key``
+    - ``ssl_cert_subject``
--- a/spec/classes/keystone_federation_identity_provider_spec.rb
+++ b/spec/classes/keystone_federation_identity_provider_spec.rb
@ -31,7 +31,6 @@ describe 'keystone::federation::identity_provider' do
      "include apache
       class { 'keystone':
         service_name => 'httpd',
-         enable_ssl   => true,
       }"
    end

@ -103,7 +102,6 @@ describe 'keystone::federation::identity_provider' do
    let :pre_condition do
      "class { 'keystone':
         service_name => '#{platform_params[:keystone_service]}',
-         enable_ssl   => true,
       }"
    end

--- a/spec/classes/keystone_init_spec.rb
+++ b/spec/classes/keystone_init_spec.rb
@ -39,12 +39,6 @@ describe 'keystone' do
        is_expected.to contain_keystone_config('identity/password_hash_rounds').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('revoke/driver').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_keystone_config('policy/driver').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_keystone_config('ssl/enable').with_ensure('absent')
-        is_expected.to contain_keystone_config('ssl/certfile').with_ensure('absent')
-        is_expected.to contain_keystone_config('ssl/keyfile').with_ensure('absent')
-        is_expected.to contain_keystone_config('ssl/ca_certs').with_ensure('absent')
-        is_expected.to contain_keystone_config('ssl/ca_key').with_ensure('absent')
-        is_expected.to contain_keystone_config('ssl/cert_subject').with_ensure('absent')
        is_expected.to contain_keystone_config('token/revoke_by_id').with_value(true)

        is_expected.to contain_oslo__middleware('keystone_config').with(