diff --git a/manifests/params.pp b/manifests/params.pp index 8a85cd8f..fecca602 100644 --- a/manifests/params.pp +++ b/manifests/params.pp @@ -34,11 +34,6 @@ class swift::params { $account_auditor_service_name = 'swift-account-auditor' $account_reaper_service_name = 'swift-account-reaper' $account_replicator_service_name = 'swift-account-replicator' - if ($::os_package_type == 'debian') { - $signing_dir = '/var/lib/swift' - }else{ - $signing_dir = '/var/cache/swift' - } } 'RedHat': { $package_name = 'openstack-swift' @@ -64,7 +59,6 @@ class swift::params { $account_auditor_service_name = 'openstack-swift-account-auditor' $account_reaper_service_name = 'openstack-swift-account-reaper' $account_replicator_service_name = 'openstack-swift-account-replicator' - $signing_dir = '/var/cache/swift' } default: { fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \ diff --git a/manifests/proxy/authtoken.pp b/manifests/proxy/authtoken.pp index 0c3af7ab..dfe7c246 100644 --- a/manifests/proxy/authtoken.pp +++ b/manifests/proxy/authtoken.pp @@ -9,10 +9,6 @@ # delegate the authorization decision to downstream WSGI components. Boolean value # Defaults to 1 # -# [*signing_dir*] -# The cache directory for signing certificates. -# Defaults to $::swift::params::signing_dir -# # [*cache*] # The cache backend to use # Optional. Defaults to 'swift.cache' @@ -75,6 +71,12 @@ # true/false # Defaults to $::os_service_default. # +# DEPRECATED PARAMETERS +# +# [*signing_dir*] +# The cache directory for signing certificates. +# Defaults to undef +# # == Authors # # Dan Bode dan@puppetlabs.com @@ -85,7 +87,6 @@ # class swift::proxy::authtoken( $delay_auth_decision = 1, - $signing_dir = $::swift::params::signing_dir, $cache = 'swift.cache', $www_authenticate_uri = 'http://127.0.0.1:5000', $auth_url = 'http://127.0.0.1:5000', @@ -99,6 +100,8 @@ class swift::proxy::authtoken( $include_service_catalog = false, $service_token_roles = $::os_service_default, $service_token_roles_required = $::os_service_default, + # DEPRECATED PARAMETERS + $signing_dir = undef ) inherits swift::params { include swift::deps @@ -111,22 +114,12 @@ Please set password parameter') $password_real = $password } - if ($::os_package_type != 'debian') { - file { $signing_dir: - ensure => directory, - mode => '0700', - owner => 'swift', - group => 'swift', - selinux_ignore_defaults => true, - require => Anchor['swift::config::begin'], - before => Anchor['swift::config::end'], - } + if $signing_dir != undef { + warning('The signing_dir parameter was deprecated and has no effect') } - swift_proxy_config { 'filter:authtoken/log_name': value => 'swift'; - 'filter:authtoken/signing_dir': value => $signing_dir; 'filter:authtoken/paste.filter_factory': value => 'keystonemiddleware.auth_token:filter_factory'; 'filter:authtoken/www_authenticate_uri': value => $www_authenticate_uri; 'filter:authtoken/auth_url': value => $auth_url; diff --git a/releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml b/releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml new file mode 100644 index 00000000..bec47175 --- /dev/null +++ b/releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml @@ -0,0 +1,5 @@ +--- +deprecations: + - | + The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated + and has no effect now. diff --git a/spec/classes/swift_proxy_authtoken_spec.rb b/spec/classes/swift_proxy_authtoken_spec.rb index 2f0e5c0b..9ef285d2 100644 --- a/spec/classes/swift_proxy_authtoken_spec.rb +++ b/spec/classes/swift_proxy_authtoken_spec.rb @@ -2,24 +2,8 @@ require 'spec_helper' describe 'swift::proxy::authtoken' do shared_examples 'swift::proxy::authtoken' do - describe 'when using the default signing directory' do - let :file_defaults do - { - :mode => '0700', - :owner => 'swift', - :group => 'swift', - } - end - - it {is_expected.to contain_file('/var/cache/swift').with( - {:ensure => 'directory', - :selinux_ignore_defaults => true}.merge(file_defaults) - )} - end - describe "when using default parameters" do it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') } - it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) } it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') } @@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do :region_name => 'region2', :cache => 'foo', :delay_auth_decision => '0', - :signing_dir => '/home/swift/keystone-signing', :service_token_roles => ['service'], :service_token_roles_required => true, } end it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') } - it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') } it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') } @@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do facts.merge(OSDefaults.get_facts()) end - let(:platform_params) do - case facts[:osfamily] - when 'Debian' - if facts[:os_package_type] == 'debian' - { :default_signing_dir => '/var/lib/swift' } - else - { :default_signing_dir => '/var/cache/swift' } - end - when 'RedHat' - { :default_signing_dir => '/var/cache/swift' } - end - end - it_configures 'swift::proxy::authtoken' end end