diff --git a/manifests/init.pp b/manifests/init.pp index 2133a46b8..cac1d7052 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -433,11 +433,6 @@ # This setting has no affect when using WSGI. # Defaults to undef # -# [*cache_dir*] -# (Optional) Directory created when token_provider is pki. This folder is not -# created unless enable_pki_setup is set to True. -# Defaults to undef -# # [*token_driver*] # (Optional) Driver to use for managing tokens. # Defaults to undef @@ -653,7 +648,6 @@ class keystone( $public_port = undef, $admin_workers = undef, $public_workers = undef, - $cache_dir = undef, $token_driver = undef, $validate_service = undef, $validate_insecure = undef, @@ -685,10 +679,6 @@ class keystone( include keystone::policy include keystone::cache - if $cache_dir { - warning('keystone::cache_dir is deprecated, has no effect and will be removed in a later release') - } - if $token_driver { warning('keystone::token_driver is deprecated, has no effect and will be removed in a later release') } diff --git a/manifests/resource/authtoken.pp b/manifests/resource/authtoken.pp index 99bf8a0d6..471a38ad2 100644 --- a/manifests/resource/authtoken.pp +++ b/manifests/resource/authtoken.pp @@ -217,25 +217,6 @@ # "public", "internal" or "admin". # Defaults to $::os_service_default. # -# DEPRECATED PARAMETERS -# -# [*check_revocations_for_cached*] -# (Optional) If true, the revocation list will be checked for cached tokens. -# This requires that PKI tokens are configured on the identity server. -# boolean value. -# Defaults to undef -# -# [*hash_algorithms*] -# (Optional) Hash algorithms to use for hashing PKI tokens. This may be a -# single algorithm or multiple. The algorithms are those supported by Python -# standard hashlib.new(). The hashes will be tried in the order given, so put -# the preferred one first for performance. The result of the first hash will -# be stored in the cache. This will typically be set to multiple values only -# while migrating from a less secure algorithm to a more secure one. Once all -# the old tokens are expired this option should be set to a single value for -# better performance. List value. -# Defaults to undef -# define keystone::resource::authtoken( $username, $password, @@ -273,22 +254,11 @@ define keystone::resource::authtoken( $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, $interface = $::os_service_default, - # DEPRECATED PARAMETERS - $check_revocations_for_cached = undef, - $hash_algorithms = undef, ) { include keystone::params include keystone::deps - if $check_revocations_for_cached { - warning('keystone::resource::authtoken::check_revocations_for_cached is deprecated and will be removed') - } - - if $hash_algorithms { - warning('keystone::resource::authtoken::hash_algorithms is deprecated and will be removed') - } - if !is_service_default($include_service_catalog) { validate_legacy(Boolean, 'validate_bool', $include_service_catalog) } diff --git a/releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml b/releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml new file mode 100644 index 000000000..e00d9c85d --- /dev/null +++ b/releasenotes/notes/cleanup-deprecated-pki-a083ebdce715569e.yaml @@ -0,0 +1,8 @@ +--- +upgrade: + - | + The following deprecated options for PKI token have been removed. + + - ``keystone::cache_dir`` + - ``keystone::resource::authtoken::hash_algorithms`` + - ``keystone::resource::authtoken::check_revocations_for_cached``