Browse Source

Remove pki related options

check_revocations_for_cached and hash_algorithms are deprecated for
removel because of PKI token format is no longer supported. We can
remove them.

Change-Id: Ieaf6176f0308bbf051e7b4dcd7e9fea793c5bc36
Closes-Bug: #1804562
Closes-Bug: #1804720
tags/1.0.0
ZhongShengping 6 months ago
parent
commit
6a76a88bbd
2 changed files with 0 additions and 27 deletions
  1. 0
    21
      manifests/keystone/authtoken.pp
  2. 0
    6
      spec/classes/senlin_keystone_authtoken_spec.rb

+ 0
- 21
manifests/keystone/authtoken.pp View File

@@ -62,12 +62,6 @@
62 62
 #   (Optional) Required if identity server requires client certificate
63 63
 #   Defaults to $::os_service_default.
64 64
 #
65
-# [*check_revocations_for_cached*]
66
-#   (Optional) If true, the revocation list will be checked for cached tokens.
67
-#   This requires that PKI tokens are configured on the identity server.
68
-#   boolean value.
69
-#   Defaults to $::os_service_default.
70
-#
71 65
 # [*delay_auth_decision*]
72 66
 #   (Optional) Do not handle authorization requests within the middleware, but
73 67
 #   delegate the authorization decision to downstream WSGI components. Boolean
@@ -84,17 +78,6 @@
84 78
 #   must be present in tokens. String value.
85 79
 #   Defaults to $::os_service_default.
86 80
 #
87
-# [*hash_algorithms*]
88
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
89
-#   single algorithm or multiple. The algorithms are those supported by Python
90
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
91
-#   the preferred one first for performance. The result of the first hash will
92
-#   be stored in the cache. This will typically be set to multiple values only
93
-#   while migrating from a less secure algorithm to a more secure one. Once all
94
-#   the old tokens are expired this option should be set to a single value for
95
-#   better performance. List value.
96
-#   Defaults to $::os_service_default.
97
-#
98 81
 # [*http_connect_timeout*]
99 82
 #   (Optional) Request timeout value for communicating with Identity API
100 83
 #   server.
@@ -192,10 +175,8 @@ class senlin::keystone::authtoken(
192 175
   $cache                          = $::os_service_default,
193 176
   $cafile                         = $::os_service_default,
194 177
   $certfile                       = $::os_service_default,
195
-  $check_revocations_for_cached   = $::os_service_default,
196 178
   $delay_auth_decision            = $::os_service_default,
197 179
   $enforce_token_bind             = $::os_service_default,
198
-  $hash_algorithms                = $::os_service_default,
199 180
   $http_connect_timeout           = $::os_service_default,
200 181
   $http_request_max_retries       = $::os_service_default,
201 182
   $include_service_catalog        = $::os_service_default,
@@ -231,10 +212,8 @@ class senlin::keystone::authtoken(
231 212
     cache                          => $cache,
232 213
     cafile                         => $cafile,
233 214
     certfile                       => $certfile,
234
-    check_revocations_for_cached   => $check_revocations_for_cached,
235 215
     delay_auth_decision            => $delay_auth_decision,
236 216
     enforce_token_bind             => $enforce_token_bind,
237
-    hash_algorithms                => $hash_algorithms,
238 217
     http_connect_timeout           => $http_connect_timeout,
239 218
     http_request_max_retries       => $http_request_max_retries,
240 219
     include_service_catalog        => $include_service_catalog,

+ 0
- 6
spec/classes/senlin_keystone_authtoken_spec.rb View File

@@ -25,10 +25,8 @@ describe 'senlin::keystone::authtoken' do
25 25
         is_expected.to contain_senlin_config('keystone_authtoken/cache').with_value('<SERVICE DEFAULT>')
26 26
         is_expected.to contain_senlin_config('keystone_authtoken/cafile').with_value('<SERVICE DEFAULT>')
27 27
         is_expected.to contain_senlin_config('keystone_authtoken/certfile').with_value('<SERVICE DEFAULT>')
28
-        is_expected.to contain_senlin_config('keystone_authtoken/check_revocations_for_cached').with_value('<SERVICE DEFAULT>')
29 28
         is_expected.to contain_senlin_config('keystone_authtoken/delay_auth_decision').with_value('<SERVICE DEFAULT>')
30 29
         is_expected.to contain_senlin_config('keystone_authtoken/enforce_token_bind').with_value('<SERVICE DEFAULT>')
31
-        is_expected.to contain_senlin_config('keystone_authtoken/hash_algorithms').with_value('<SERVICE DEFAULT>')
32 30
         is_expected.to contain_senlin_config('keystone_authtoken/http_connect_timeout').with_value('<SERVICE DEFAULT>')
33 31
         is_expected.to contain_senlin_config('keystone_authtoken/http_request_max_retries').with_value('<SERVICE DEFAULT>')
34 32
         is_expected.to contain_senlin_config('keystone_authtoken/include_service_catalog').with_value('<SERVICE DEFAULT>')
@@ -64,10 +62,8 @@ describe 'senlin::keystone::authtoken' do
64 62
           :cache                                => 'somevalue',
65 63
           :cafile                               => '/opt/stack/data/cafile.pem',
66 64
           :certfile                             => 'certfile.crt',
67
-          :check_revocations_for_cached         => false,
68 65
           :delay_auth_decision                  => false,
69 66
           :enforce_token_bind                   => 'permissive',
70
-          :hash_algorithms                      => 'md5',
71 67
           :http_connect_timeout                 => '300',
72 68
           :http_request_max_retries             => '3',
73 69
           :include_service_catalog              => true,
@@ -102,10 +98,8 @@ describe 'senlin::keystone::authtoken' do
102 98
         is_expected.to contain_senlin_config('keystone_authtoken/cache').with_value(params[:cache])
103 99
         is_expected.to contain_senlin_config('keystone_authtoken/cafile').with_value(params[:cafile])
104 100
         is_expected.to contain_senlin_config('keystone_authtoken/certfile').with_value(params[:certfile])
105
-        is_expected.to contain_senlin_config('keystone_authtoken/check_revocations_for_cached').with_value(params[:check_revocations_for_cached])
106 101
         is_expected.to contain_senlin_config('keystone_authtoken/delay_auth_decision').with_value(params[:delay_auth_decision])
107 102
         is_expected.to contain_senlin_config('keystone_authtoken/enforce_token_bind').with_value(params[:enforce_token_bind])
108
-        is_expected.to contain_senlin_config('keystone_authtoken/hash_algorithms').with_value(params[:hash_algorithms])
109 103
         is_expected.to contain_senlin_config('keystone_authtoken/http_connect_timeout').with_value(params[:http_connect_timeout])
110 104
         is_expected.to contain_senlin_config('keystone_authtoken/http_request_max_retries').with_value(params[:http_request_max_retries])
111 105
         is_expected.to contain_senlin_config('keystone_authtoken/include_service_catalog').with_value(params[:include_service_catalog])

Loading…
Cancel
Save