From e1ef491c24980757c23e14f75485c123470e9f5c Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Thu, 16 Nov 2023 15:02:36 +0900
Subject: [PATCH] Stop reading keystone_authtoken options

Using credentials in keystone_authtoken options for neutron_* resources
was deprecated some cycles ago[1].

[1] 46d690052234a3e6a47116f924cb74bc72e0a8ea

Change-Id: Ifbec239a21dfd84991164877594f110fc01b0688
---
 lib/puppet/provider/neutron.rb                | 96 -------------------
 ...ading-authtoken-opts-0d90c7414c95017f.yaml | 12 +++
 spec/unit/provider/neutron_spec.rb            | 61 ------------
 3 files changed, 12 insertions(+), 157 deletions(-)
 create mode 100644 releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml
 delete mode 100644 spec/unit/provider/neutron_spec.rb

diff --git a/lib/puppet/provider/neutron.rb b/lib/puppet/provider/neutron.rb
index 3a66c8b46..a425cf428 100644
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@@ -1,8 +1,3 @@
-# Add openstacklib code to $LOAD_PATH so that we can load this during
-# standalone compiles without error.
-File.expand_path('../../../../openstacklib/lib', File.dirname(__FILE__)).tap { |dir| $LOAD_PATH.unshift(dir) unless $LOAD_PATH.include?(dir) }
-
-require 'puppet/util/inifile'
 require 'puppet/provider/openstack'
 require 'puppet/provider/openstack/auth'
 require 'puppet/provider/openstack/credentials'
@@ -13,97 +8,6 @@ class Puppet::Provider::Neutron < Puppet::Provider::Openstack
 
   initvars
 
-  def self.request(service, action, properties=nil)
-    begin
-      super
-    rescue Puppet::Error::OpenstackAuthInputError => error
-      neutron_request(service, action, error, properties)
-    end
-  end
-
-  def self.neutron_request(service, action, error, properties=nil)
-    warning('Usage of keystone_authtoken parameters is deprecated.')
-    properties ||= []
-    @credentials.username = neutron_credentials['username']
-    @credentials.password = neutron_credentials['password']
-    @credentials.project_name = neutron_credentials['project_name']
-    @credentials.auth_url = auth_endpoint
-    @credentials.user_domain_name = neutron_credentials['user_domain_name']
-    @credentials.project_domain_name = neutron_credentials['project_domain_name']
-    if neutron_credentials['region_name']
-      @credentials.region_name = neutron_credentials['region_name']
-    end
-    raise error unless @credentials.set?
-    Puppet::Provider::Openstack.request(service, action, properties, @credentials)
-  end
-
-  def self.conf_filename
-    '/etc/neutron/neutron.conf'
-  end
-
-  def self.neutron_conf
-    return @neutron_conf if @neutron_conf
-    @neutron_conf = Puppet::Util::IniConfig::File.new
-    @neutron_conf.read(conf_filename)
-    @neutron_conf
-  end
-
-  def self.neutron_credentials
-    @neutron_credentials ||= get_neutron_credentials
-  end
-
-  def neutron_credentials
-    self.class.neutron_credentials
-  end
-
-  def self.get_neutron_credentials
-    #needed keys for authentication
-    auth_keys = ['auth_url', 'project_name', 'username', 'password']
-    conf = neutron_conf
-    if conf and conf['keystone_authtoken'] and
-        auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
-      creds = Hash[ auth_keys.map \
-                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
-
-      if !conf['keystone_authtoken']['region_name'].nil?
-        creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
-      end
-
-      if !conf['keystone_authtoken']['project_domain_name'].nil?
-        creds['project_domain_name'] = conf['keystone_authtoken']['project_domain_name'].strip
-      else
-        creds['project_domain_name'] = 'Default'
-      end
-
-      if !conf['keystone_authtoken']['user_domain_name'].nil?
-        creds['user_domain_name'] = conf['keystone_authtoken']['user_domain_name'].strip
-      else
-        creds['user_domain_name'] = 'Default'
-      end
-
-      return creds
-    else
-      raise(Puppet::Error, "File: #{conf_filename} does not contain all " +
-            "required sections.  Neutron types will not work if neutron is not " +
-            "correctly configured.")
-    end
-  end
-
-  def self.get_auth_endpoint
-    q = neutron_credentials
-    "#{q['auth_url']}"
-  end
-
-  def self.auth_endpoint
-    @auth_endpoint ||= get_auth_endpoint
-  end
-
-  def self.reset
-    @neutron_conf        = nil
-    @neutron_credentials = nil
-    @auth_endpoint       = nil
-  end
-
   def self.get_network_name(id)
     network = self.request('network', 'show', [id])
     return network[:name]
diff --git a/releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml b/releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml
new file mode 100644
index 000000000..04f7972b3
--- /dev/null
+++ b/releasenotes/notes/stop-reading-authtoken-opts-0d90c7414c95017f.yaml
@@ -0,0 +1,12 @@
+---
+upgrade:
+  - |
+    The following resource types no longer attempts to load user credentials
+    from the ``[keystone_authtoken]`` section in ``neutron.conf``.
+
+    - ``neutron_network``
+    - ``neutron_subnet``
+    - ``neutron_port``
+    - ``neutron_router``
+    - ``neutron_router_interface``
+    - ``neutron_security_group``
diff --git a/spec/unit/provider/neutron_spec.rb b/spec/unit/provider/neutron_spec.rb
deleted file mode 100644
index 3817bba58..000000000
--- a/spec/unit/provider/neutron_spec.rb
+++ /dev/null
@@ -1,61 +0,0 @@
-require 'puppet'
-require 'spec_helper'
-require 'puppet/provider/neutron'
-require 'tempfile'
-
-describe Puppet::Provider::Neutron do
-
-  def klass
-    described_class
-  end
-
-  let :credential_hash do
-    {
-      'project_name'        => 'admin_tenant',
-      'username'            => 'admin',
-      'password'            => 'password',
-      'auth_url'            => 'https://192.168.56.210:5000/v3/',
-      'project_domain_name' => 'Default',
-      'user_domain_name'    => 'Default',
-    }
-  end
-
-  let :credential_error do
-    /Neutron types will not work/
-  end
-
-  let :exec_error do
-    /Neutron or Keystone API is not available/
-  end
-
-  after :each do
-    klass.reset
-  end
-
-  describe 'when determining credentials' do
-
-    it 'should fail if config is empty' do
-      conf = {}
-      expect(klass).to receive(:neutron_conf).and_return(conf)
-      expect do
-        klass.neutron_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-
-    it 'should fail if config does not have keystone_authtoken section.' do
-      conf = {'foo' => 'bar'}
-      expect(klass).to receive(:neutron_conf).and_return(conf)
-      expect do
-        klass.neutron_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-
-    it 'should fail if config does not contain all auth params' do
-      conf = {'keystone_authtoken' => {'invalid_value' => 'foo'}}
-      expect(klass).to receive(:neutron_conf).and_return(conf)
-      expect do
-       klass.neutron_credentials
-      end.to raise_error(Puppet::Error, credential_error)
-    end
-  end
-end