Remove deprecated options for pki token

This patch removes the remaining options related to pki token, which
were deprecated a while ago[1]

[1] a25e8ee970

Change-Id: I913b9223dc00817423d8eb1866abcfe09cddeb94

manifests/init.pp

@@ -433,11 +433,6 @@
 #   This setting has no affect when using WSGI.
 #   Defaults to undef
 #
-# [*cache_dir*]
-#   (Optional) Directory created when token_provider is pki. This folder is not
-#   created unless enable_pki_setup is set to True.
-#   Defaults to undef
-#
 # [*token_driver*]
 #   (Optional) Driver to use for managing tokens.
 #   Defaults to undef
@@ -653,7 +648,6 @@ class keystone(
   $public_port                          = undef,
   $admin_workers                        = undef,
   $public_workers                       = undef,
-  $cache_dir                            = undef,
   $token_driver                         = undef,
   $validate_service                     = undef,
   $validate_insecure                    = undef,
@@ -685,10 +679,6 @@ class keystone(
   include keystone::policy
   include keystone::cache
 
-  if $cache_dir {
-    warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release')
-  }
-
   if $token_driver {
     warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release')
   }

manifests/resource/authtoken.pp

@@ -217,25 +217,6 @@
 #  "public", "internal" or "admin".
 #  Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#  (Optional) If true, the revocation list will be checked for cached tokens.
-#  This requires that PKI tokens are configured on the identity server.
-#  boolean value.
-#  Defaults to undef
-#
-# [*hash_algorithms*]
-#  (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#  single algorithm or multiple. The algorithms are those supported by Python
-#  standard hashlib.new(). The hashes will be tried in the order given, so put
-#  the preferred one first for performance. The result of the first hash will
-#  be stored in the cache. This will typically be set to multiple values only
-#  while migrating from a less secure algorithm to a more secure one. Once all
-#  the old tokens are expired this option should be set to a single value for
-#  better performance. List value.
-#  Defaults to undef
-#
 define keystone::resource::authtoken(
   $username,
   $password,
@@ -273,22 +254,11 @@ define keystone::resource::authtoken(
   $service_token_roles            = $::os_service_default,
   $service_token_roles_required   = $::os_service_default,
   $interface                      = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {
 
   include keystone::params
   include keystone::deps
 
-  if $check_revocations_for_cached {
-    warning('keystone::resource::authtoken::check_revocations_for_cached is deprecated and will be removed')
-  }
-
-  if $hash_algorithms {
-    warning('keystone::resource::authtoken::hash_algorithms is deprecated and will be removed')
-  }
-
   if !is_service_default($include_service_catalog) {
     validate_legacy(Boolean, 'validate_bool', $include_service_catalog)
   }

releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml

@@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The following deprecated options for PKI token have been removed.
+
+    - ``keystone::cache_dir``
+    - ``keystone::resource::authtoken::hash_algorithms``
+    - ``keystone::resource::authtoken::check_revocations_for_cached``