From 9f2e3882d5ff23c8a33633d35e3b93ffebbc7a8e Mon Sep 17 00:00:00 2001 From: ZhongShengping Date: Mon, 2 Nov 2020 14:42:04 +0800 Subject: [PATCH] Deprecate allow_insecure_clients option The allow_insecure_clients has been deprecated[1]. [1]https://review.opendev.org/#/c/417629/ Change-Id: I1130125fb877146ea8b0c531f1ef5854aa211c33 Closes-Bug: #1902158 --- manifests/init.pp | 46 ++++++++++--------- ...ecure_clients-option-b5c923ad2661efc2.yaml | 4 ++ spec/classes/nova_init_spec.rb | 1 - 3 files changed, 29 insertions(+), 22 deletions(-) create mode 100644 releasenotes/notes/deprecate_allow_insecure_clients-option-b5c923ad2661efc2.yaml diff --git a/manifests/init.pp b/manifests/init.pp index 56fc0c483..8874a8aeb 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -146,10 +146,6 @@ # (Optional) Password for decrypting ssl_key_file (if encrypted) # Defaults to $::os_service_default. # -# [*amqp_allow_insecure_clients*] -# (Optional) Accept clients using either SSL or plain TCP -# Defaults to $::os_service_default. -# # [*amqp_sasl_mechanisms*] # (Optional) Space separated list of acceptable SASL mechanisms # Defaults to $::os_service_default. @@ -427,6 +423,10 @@ # (optional) If set, use this value for max_overflow with sqlalchemy. # Defaults to: undef. # +# [*amqp_allow_insecure_clients*] +# (Optional) Accept clients using either SSL or plain TCP +# Defaults to undef. +# class nova( $ensure_package = 'present', $block_device_allocate_retries = $::os_service_default, @@ -459,7 +459,6 @@ class nova( $amqp_ssl_cert_file = $::os_service_default, $amqp_ssl_key_file = $::os_service_default, $amqp_ssl_key_password = $::os_service_default, - $amqp_allow_insecure_clients = $::os_service_default, $amqp_sasl_mechanisms = $::os_service_default, $amqp_sasl_config_dir = $::os_service_default, $amqp_sasl_config_name = $::os_service_default, @@ -519,6 +518,7 @@ class nova( $database_max_retries = undef, $database_retry_interval = undef, $database_max_overflow = undef, + $amqp_allow_insecure_clients = undef, ) inherits nova::params { include nova::deps @@ -532,6 +532,11 @@ class nova( warning('enabled_ssl_apis is empty but use_ssl is set to true') } + if $amqp_allow_insecure_clients != undef { + warning('The amqp_allow_insecure_clients parameter is deprecated and \ +will be removed in a future release.') + } + if $os_region_name != undef { warning('The os_region_name parameter is deprecated and will be removed \ in a future release. Use nova::cinder::os_region_name instead') @@ -719,22 +724,21 @@ but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.") } oslo::messaging::amqp { 'nova_config': - server_request_prefix => $amqp_server_request_prefix, - broadcast_prefix => $amqp_broadcast_prefix, - group_request_prefix => $amqp_group_request_prefix, - container_name => $amqp_container_name, - idle_timeout => $amqp_idle_timeout, - trace => $amqp_trace, - ssl_ca_file => $amqp_ssl_ca_file, - ssl_cert_file => $amqp_ssl_cert_file, - ssl_key_file => $amqp_ssl_key_file, - ssl_key_password => $amqp_ssl_key_password, - allow_insecure_clients => $amqp_allow_insecure_clients, - sasl_mechanisms => $amqp_sasl_mechanisms, - sasl_config_dir => $amqp_sasl_config_dir, - sasl_config_name => $amqp_sasl_config_name, - username => $amqp_username, - password => $amqp_password, + server_request_prefix => $amqp_server_request_prefix, + broadcast_prefix => $amqp_broadcast_prefix, + group_request_prefix => $amqp_group_request_prefix, + container_name => $amqp_container_name, + idle_timeout => $amqp_idle_timeout, + trace => $amqp_trace, + ssl_ca_file => $amqp_ssl_ca_file, + ssl_cert_file => $amqp_ssl_cert_file, + ssl_key_file => $amqp_ssl_key_file, + ssl_key_password => $amqp_ssl_key_password, + sasl_mechanisms => $amqp_sasl_mechanisms, + sasl_config_dir => $amqp_sasl_config_dir, + sasl_config_name => $amqp_sasl_config_name, + username => $amqp_username, + password => $amqp_password, } # SSL Options diff --git a/releasenotes/notes/deprecate_allow_insecure_clients-option-b5c923ad2661efc2.yaml b/releasenotes/notes/deprecate_allow_insecure_clients-option-b5c923ad2661efc2.yaml new file mode 100644 index 000000000..72dff7546 --- /dev/null +++ b/releasenotes/notes/deprecate_allow_insecure_clients-option-b5c923ad2661efc2.yaml @@ -0,0 +1,4 @@ +--- +deprecations: + - allow_insecure_clients option is now deprecated for removal, the + parameter has no effect. diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb index 08e82b72c..fdde4a3fb 100644 --- a/spec/classes/nova_init_spec.rb +++ b/spec/classes/nova_init_spec.rb @@ -307,7 +307,6 @@ describe 'nova' do is_expected.to contain_nova_config('oslo_messaging_amqp/ssl_cert_file').with_value('') is_expected.to contain_nova_config('oslo_messaging_amqp/ssl_key_file').with_value('') is_expected.to contain_nova_config('oslo_messaging_amqp/ssl_key_password').with_value('') - is_expected.to contain_nova_config('oslo_messaging_amqp/allow_insecure_clients').with_value('') is_expected.to contain_nova_config('oslo_messaging_amqp/sasl_mechanisms').with_value('') is_expected.to contain_nova_config('oslo_messaging_amqp/sasl_config_dir').with_value('') is_expected.to contain_nova_config('oslo_messaging_amqp/sasl_config_name').with_value('')