user_allow_* options for ldap are deprecated

These options are deprecated in keystone and setting them either true or false will produce a warning in Keystone. Change-Id: Icab0d0dd5558cfb03e0a9cef738beb26d9245269
2016-10-04 18:49:24 -06:00 · 2016-10-04 18:49:24 -06:00 · eb7a9fa840
parent 4d441726ad
commit eb7a9fa840
3 changed files with 26 additions and 24 deletions
--- a/manifests/ldap.pp
+++ b/manifests/ldap.pp
@ -88,18 +88,6 @@
 #   LDAP attribute mapped to default_project_id for users. (string value)
 #   Defaults to 'undef'
 #
-# [*user_allow_create*]
-#   Allow user creation in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
-# [*user_allow_update*]
-#   Allow user updates in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
-# [*user_allow_delete*]
-#   Allow user deletion in LDAP backend. (boolean value)
-#   Defaults to 'undef'
-#
 # [*user_pass_attribute*]
 #   LDAP attribute mapped to password. (string value)
 #   Defaults to 'undef'
@ -372,6 +360,18 @@
 #
 # === DEPRECATED group/name
 #
+# [*user_allow_create*]
+#   Allow user creation in LDAP backend. (boolean value)
+#   Defaults to 'undef' DEPRECATED: Has no effect.
+#
+# [*user_allow_update*]
+#   Allow user updates in LDAP backend. (boolean value)
+#   Defaults to 'undef' DEPRECATED: Has no effect.
+#
+# [*user_allow_delete*]
+#   Allow user deletion in LDAP backend. (boolean value)
+#   Defaults to 'undef' DEPRECATED: Has no effect.
+#
 # == Dependencies
 # == Examples
 # == Authors
@ -402,9 +402,6 @@ class keystone::ldap(
  $user_enabled_invert                 = undef,
  $user_attribute_ignore               = undef,
  $user_default_project_id_attribute   = undef,
-  $user_allow_create                   = undef,
-  $user_allow_update                   = undef,
-  $user_allow_delete                   = undef,
  $user_pass_attribute                 = undef,
  $user_enabled_emulation              = undef,
  $user_enabled_emulation_dn           = undef,
@ -467,6 +464,10 @@ class keystone::ldap(
  $auth_pool_connection_lifetime       = 60,
  $package_ensure                      = present,
  $manage_packages                     = true,
+  # DEPRECATED
+  $user_allow_create                   = undef,
+  $user_allow_update                   = undef,
+  $user_allow_delete                   = undef,
 ) {

  include ::keystone::deps
@ -483,6 +484,11 @@ class keystone::ldap(
    }
  }

+  if $user_allow_create or $user_allow_update or $user_allow_delete {
+    warning("all user_allow_ options are deprecated and have no effect, \
+      they will be removed in the future")
+  }
+
  keystone_config {
    'ldap/url':                                  value => $url;
    'ldap/user':                                 value => $user;
@ -502,9 +508,6 @@ class keystone::ldap(
    'ldap/user_enabled_invert':                  value => $user_enabled_invert;
    'ldap/user_attribute_ignore':                value => $user_attribute_ignore;
    'ldap/user_default_project_id_attribute':    value => $user_default_project_id_attribute;
-    'ldap/user_allow_create':                    value => $user_allow_create;
-    'ldap/user_allow_update':                    value => $user_allow_update;
-    'ldap/user_allow_delete':                    value => $user_allow_delete;
    'ldap/user_pass_attribute':                  value => $user_pass_attribute;
    'ldap/user_enabled_emulation':               value => $user_enabled_emulation;
    'ldap/user_enabled_emulation_dn':            value => $user_enabled_emulation_dn;
--- a/releasenotes/notes/deprecate-user_allow_ldap-params-0b8b6d2a53d7d818.yaml
+++ b/releasenotes/notes/deprecate-user_allow_ldap-params-0b8b6d2a53d7d818.yaml
@ -0,0 +1,5 @@
+---
+deprecations:
+  - user_allow_* options for ldap are deprecated in Keystone.
+    Setting these will now have no effect and these will be
+    removed as parameters in a future release.
--- a/spec/classes/keystone_ldap_spec.rb
+++ b/spec/classes/keystone_ldap_spec.rb
@ -22,9 +22,6 @@ describe 'keystone::ldap' do
        :user_enabled_invert => 'False',
        :user_attribute_ignore => '',
        :user_default_project_id_attribute => 'defaultProject',
-        :user_allow_create => 'False',
-        :user_allow_update => 'False',
-        :user_allow_delete => 'False',
        :user_pass_attribute => 'krbPassword',
        :user_enabled_emulation => 'True',
        :user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
@ -110,9 +107,6 @@ describe 'keystone::ldap' do
      is_expected.to contain_keystone_config('ldap/user_attribute_ignore').with_value('')
      is_expected.to contain_keystone_config('ldap/user_default_project_id_attribute').with_value('defaultProject')
      is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
-      is_expected.to contain_keystone_config('ldap/user_allow_create').with_value('False')
-      is_expected.to contain_keystone_config('ldap/user_allow_update').with_value('False')
-      is_expected.to contain_keystone_config('ldap/user_allow_delete').with_value('False')
      is_expected.to contain_keystone_config('ldap/user_pass_attribute').with_value('krbPassword')
      is_expected.to contain_keystone_config('ldap/user_enabled_emulation').with_value('True')
      is_expected.to contain_keystone_config('ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com')