user_allow_* options for ldap are deprecated

These options are deprecated in keystone and setting them either true or
false will produce a warning in Keystone.

Change-Id: Icab0d0dd5558cfb03e0a9cef738beb26d9245269
This commit is contained in:
Matt Fischer 2016-10-04 18:49:24 -06:00
parent 4d441726ad
commit eb7a9fa840
3 changed files with 26 additions and 24 deletions

View File

@ -88,18 +88,6 @@
# LDAP attribute mapped to default_project_id for users. (string value)
# Defaults to 'undef'
#
# [*user_allow_create*]
# Allow user creation in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_update*]
# Allow user updates in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_allow_delete*]
# Allow user deletion in LDAP backend. (boolean value)
# Defaults to 'undef'
#
# [*user_pass_attribute*]
# LDAP attribute mapped to password. (string value)
# Defaults to 'undef'
@ -372,6 +360,18 @@
#
# === DEPRECATED group/name
#
# [*user_allow_create*]
# Allow user creation in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
#
# [*user_allow_update*]
# Allow user updates in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
#
# [*user_allow_delete*]
# Allow user deletion in LDAP backend. (boolean value)
# Defaults to 'undef' DEPRECATED: Has no effect.
#
# == Dependencies
# == Examples
# == Authors
@ -402,9 +402,6 @@ class keystone::ldap(
$user_enabled_invert = undef,
$user_attribute_ignore = undef,
$user_default_project_id_attribute = undef,
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
$user_pass_attribute = undef,
$user_enabled_emulation = undef,
$user_enabled_emulation_dn = undef,
@ -467,6 +464,10 @@ class keystone::ldap(
$auth_pool_connection_lifetime = 60,
$package_ensure = present,
$manage_packages = true,
# DEPRECATED
$user_allow_create = undef,
$user_allow_update = undef,
$user_allow_delete = undef,
) {
include ::keystone::deps
@ -483,6 +484,11 @@ class keystone::ldap(
}
}
if $user_allow_create or $user_allow_update or $user_allow_delete {
warning("all user_allow_ options are deprecated and have no effect, \
they will be removed in the future")
}
keystone_config {
'ldap/url': value => $url;
'ldap/user': value => $user;
@ -502,9 +508,6 @@ class keystone::ldap(
'ldap/user_enabled_invert': value => $user_enabled_invert;
'ldap/user_attribute_ignore': value => $user_attribute_ignore;
'ldap/user_default_project_id_attribute': value => $user_default_project_id_attribute;
'ldap/user_allow_create': value => $user_allow_create;
'ldap/user_allow_update': value => $user_allow_update;
'ldap/user_allow_delete': value => $user_allow_delete;
'ldap/user_pass_attribute': value => $user_pass_attribute;
'ldap/user_enabled_emulation': value => $user_enabled_emulation;
'ldap/user_enabled_emulation_dn': value => $user_enabled_emulation_dn;

View File

@ -0,0 +1,5 @@
---
deprecations:
- user_allow_* options for ldap are deprecated in Keystone.
Setting these will now have no effect and these will be
removed as parameters in a future release.

View File

@ -22,9 +22,6 @@ describe 'keystone::ldap' do
:user_enabled_invert => 'False',
:user_attribute_ignore => '',
:user_default_project_id_attribute => 'defaultProject',
:user_allow_create => 'False',
:user_allow_update => 'False',
:user_allow_delete => 'False',
:user_pass_attribute => 'krbPassword',
:user_enabled_emulation => 'True',
:user_enabled_emulation_dn => 'cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com',
@ -110,9 +107,6 @@ describe 'keystone::ldap' do
is_expected.to contain_keystone_config('ldap/user_attribute_ignore').with_value('')
is_expected.to contain_keystone_config('ldap/user_default_project_id_attribute').with_value('defaultProject')
is_expected.to contain_keystone_config('ldap/user_tree_dn').with_value('cn=users,dc=example,dc=com')
is_expected.to contain_keystone_config('ldap/user_allow_create').with_value('False')
is_expected.to contain_keystone_config('ldap/user_allow_update').with_value('False')
is_expected.to contain_keystone_config('ldap/user_allow_delete').with_value('False')
is_expected.to contain_keystone_config('ldap/user_pass_attribute').with_value('krbPassword')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation').with_value('True')
is_expected.to contain_keystone_config('ldap/user_enabled_emulation_dn').with_value('cn=openstack-enabled,cn=groups,cn=accounts,dc=example,dc=com')