Deprecate the remaining option for Keystone PKI token

... because it was already removed from keystonemiddleware[1].

[1] b3e84aafc0302b1a87754f438696794076ba844f

Change-Id: I123ab64e77076d2eada6c9cdc4f6526398b071d1

manifests/params.pp

@@ -34,11 +34,6 @@ class swift::params {
       $account_auditor_service_name      = 'swift-account-auditor'
       $account_reaper_service_name       = 'swift-account-reaper'
       $account_replicator_service_name   = 'swift-account-replicator'
-      if ($::os_package_type == 'debian') {
-        $signing_dir = '/var/lib/swift'
-      }else{
-        $signing_dir = '/var/cache/swift'
-      }
     }
     'RedHat': {
       $package_name                      = 'openstack-swift'
@@ -64,7 +59,6 @@ class swift::params {
       $account_auditor_service_name      = 'openstack-swift-account-auditor'
       $account_reaper_service_name       = 'openstack-swift-account-reaper'
       $account_replicator_service_name   = 'openstack-swift-account-replicator'
-      $signing_dir                       = '/var/cache/swift'
     }
     default: {
       fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \

manifests/proxy/authtoken.pp

@@ -9,10 +9,6 @@
 #   delegate the authorization decision to downstream WSGI components. Boolean value
 #   Defaults to 1
 #
-# [*signing_dir*]
-#    The cache directory for signing certificates.
-#    Defaults to $::swift::params::signing_dir
-#
 # [*cache*]
 #    The cache backend to use
 #    Optional. Defaults to 'swift.cache'
@@ -75,6 +71,12 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*signing_dir*]
+#    The cache directory for signing certificates.
+#    Defaults to undef
+#
 # == Authors
 #
 #   Dan Bode dan@puppetlabs.com
@@ -85,7 +87,6 @@
 #
 class swift::proxy::authtoken(
   $delay_auth_decision          = 1,
-  $signing_dir                  = $::swift::params::signing_dir,
   $cache                        = 'swift.cache',
   $www_authenticate_uri         = 'http://127.0.0.1:5000',
   $auth_url                     = 'http://127.0.0.1:5000',
@@ -99,6 +100,8 @@ class swift::proxy::authtoken(
   $include_service_catalog      = false,
   $service_token_roles          = $::os_service_default,
   $service_token_roles_required = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $signing_dir                  = undef
 ) inherits swift::params {
 
   include swift::deps
@@ -111,22 +114,12 @@ Please set password parameter')
     $password_real = $password
   }
 
-  if ($::os_package_type != 'debian') {
+  if $signing_dir != undef {
-    file { $signing_dir:
+    warning('The signing_dir parameter was deprecated and has no effect')
-      ensure                  => directory,
-      mode                    => '0700',
-      owner                   => 'swift',
-      group                   => 'swift',
-      selinux_ignore_defaults => true,
-      require                 => Anchor['swift::config::begin'],
-      before                  => Anchor['swift::config::end'],
-    }
   }
 
-
   swift_proxy_config {
     'filter:authtoken/log_name':                     value => 'swift';
-    'filter:authtoken/signing_dir':                  value => $signing_dir;
     'filter:authtoken/paste.filter_factory':         value => 'keystonemiddleware.auth_token:filter_factory';
     'filter:authtoken/www_authenticate_uri':         value => $www_authenticate_uri;
     'filter:authtoken/auth_url':                     value => $auth_url;

releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml

@@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated
+    and has no effect now.

spec/classes/swift_proxy_authtoken_spec.rb

@@ -2,24 +2,8 @@ require 'spec_helper'
 
 describe 'swift::proxy::authtoken' do
   shared_examples 'swift::proxy::authtoken' do
-    describe 'when using the default signing directory' do
-      let :file_defaults do
-        {
-          :mode    => '0700',
-          :owner   => 'swift',
-          :group   => 'swift',
-        }
-      end
-
-      it {is_expected.to contain_file('/var/cache/swift').with(
-        {:ensure                  => 'directory',
-         :selinux_ignore_defaults => true}.merge(file_defaults)
-      )}
-    end
-
     describe "when using default parameters" do
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do
           :region_name                  => 'region2',
           :cache                        => 'foo',
           :delay_auth_decision          => '0',
-          :signing_dir                  => '/home/swift/keystone-signing',
           :service_token_roles          => ['service'],
           :service_token_roles_required => true,
         }
       end
 
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
       it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do
         facts.merge(OSDefaults.get_facts())
       end
 
-      let(:platform_params) do
-        case facts[:osfamily]
-        when 'Debian'
-          if facts[:os_package_type] == 'debian'
-            { :default_signing_dir => '/var/lib/swift' }
-          else
-            { :default_signing_dir => '/var/cache/swift' }
-          end
-        when 'RedHat'
-          { :default_signing_dir => '/var/cache/swift' }
-        end
-      end
-
       it_configures 'swift::proxy::authtoken'
     end
   end