Remove deprecated pki related options

The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed. Change-Id: Ia0324cac87fbaf64ca5b1ec2b0dfa60b655569b4
2019-08-15 11:51:36 +08:00 · 2019-08-15 11:51:36 +08:00 · 13b4ac6418
commit 13b4ac6418
parent 1e028c69f0
3 changed files with 5 additions and 60 deletions
--- a/manifests/keystone/authtoken.pp
+++ b/manifests/keystone/authtoken.pp
@ -177,25 +177,6 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to undef.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to undef.
-#
 class nova::keystone::authtoken(
  $username                       = 'nova',
  $password                       = $::os_service_default,
@ -231,9 +212,6 @@ class nova::keystone::authtoken(
  $token_cache_time               = $::os_service_default,
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {

  include ::nova::deps
@ -242,14 +220,6 @@ class nova::keystone::authtoken(
    fail('Please set password for nova service user')
  }

-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
  keystone::resource::authtoken { 'nova_config':
    username                       => $username,
    password                       => $password,
--- a/manifests/metadata/novajoin/authtoken.pp
+++ b/manifests/metadata/novajoin/authtoken.pp
@ -161,25 +161,6 @@
 #   (in seconds). Set to -1 to disable caching completely. Integer value
 #   Defaults to $::os_service_default.
 #
-# === Deprecated parameters
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to $::os_service_default.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to $::os_service_default.
-#
 class nova::metadata::novajoin::authtoken(
  $username                       = 'novajoin',
  $password                       = $::os_service_default,
@ -213,23 +194,12 @@ class nova::metadata::novajoin::authtoken(
  $manage_memcache_package        = false,
  $region_name                    = $::os_service_default,
  $token_cache_time               = $::os_service_default,
-  ## DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {

  if is_service_default($password) {
    fail('Please set password for novajoin service user')
  }

-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached is deprecated, will be removed and has no effect')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms is deprecated, will be removed and has no effect')
-  }
-
  keystone::resource::authtoken { 'novajoin_config':
    username                       => $username,
    password                       => $password,
--- a/releasenotes/notes/remove_deprecated_pki_related_options-88466f6a00bbd2e3.yaml
+++ b/releasenotes/notes/remove_deprecated_pki_related_options-88466f6a00bbd2e3.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The deprecated pki related options check_revocations_for_cached and
+    hash_algorithms option has been removed.