Deprecate usage of authtoken parameters in providers

When SRBAC is completely implemented according to the current spec,
each service user no longer has full admin privilege but has access
limited to the actual requirement. This means that we are no longer
able to use service users to create resources.

This change is a prep-work to get rid of usage of the service user,
currently loaded from authtoken parameters in the .conf file. Now
each providers loads clouds.yaml file placed in /etc/openstack/puppet.

Depends-on: https://review.opendev.org/806474
Depends-on: https://review.opendev.org/828025
Change-Id: I55436944a6cdeca7786cd07580d21643094d2d8e
This commit is contained in:
Takashi Kajinami 2022-02-21 23:57:53 +09:00
parent 9664dbf907
commit 46d6900522
2 changed files with 17 additions and 0 deletions

View File

@ -23,6 +23,7 @@ class Puppet::Provider::Neutron < Puppet::Provider::Openstack
end
def self.neutron_request(service, action, error, properties=nil)
warning('Usage of keystone_authtoken parameters is deprecated.')
properties ||= []
@credentials.username = neutron_credentials['username']
@credentials.password = neutron_credentials['password']

View File

@ -0,0 +1,16 @@
---
deprecations:
- |
The following resource types have been using the credential written in
the ``[keystone_authtoken]`` section of ``neutron.conf``. However this
behavior has been deprecated and now these resource types first look for
the yaml files in ``/etc/openstack/puppet``. Make sure one of
``clouds.yaml`` or ``admin-clouds.yaml`` (which is created by
puppet-keystone) is created in that directory.
- ``neutron_network``
- ``neutron_subnet``
- ``neutron_port``
- ``neutron_router``
- ``neutron_router_interface``
- ``neutron_security_group``