Merge "Deprecate the remaining option for Keystone PKI token"

2020-06-11 16:34:46 +00:00
parent 91a9151aeb 424b861a57
commit d02e1351ce
4 changed files with 15 additions and 54 deletions
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -34,11 +34,6 @@ class swift::params {
      $account_auditor_service_name      = 'swift-account-auditor'
      $account_reaper_service_name       = 'swift-account-reaper'
      $account_replicator_service_name   = 'swift-account-replicator'
-      if ($::os_package_type == 'debian') {
-        $signing_dir = '/var/lib/swift'
-      }else{
-        $signing_dir = '/var/cache/swift'
-      }
    }
    'RedHat': {
      $package_name                      = 'openstack-swift'
@@ -64,7 +59,6 @@ class swift::params {
      $account_auditor_service_name      = 'openstack-swift-account-auditor'
      $account_reaper_service_name       = 'openstack-swift-account-reaper'
      $account_replicator_service_name   = 'openstack-swift-account-replicator'
-      $signing_dir                       = '/var/cache/swift'
    }
    default: {
      fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \
--- a/manifests/proxy/authtoken.pp
+++ b/manifests/proxy/authtoken.pp
@@ -9,10 +9,6 @@
 #   delegate the authorization decision to downstream WSGI components. Boolean value
 #   Defaults to 1
 #
-# [*signing_dir*]
-#    The cache directory for signing certificates.
-#    Defaults to $::swift::params::signing_dir
-#
 # [*cache*]
 #    The cache backend to use
 #    Optional. Defaults to 'swift.cache'
@@ -75,6 +71,12 @@
 #  true/false
 #  Defaults to $::os_service_default.
 #
+# DEPRECATED PARAMETERS
+#
+# [*signing_dir*]
+#    The cache directory for signing certificates.
+#    Defaults to undef
+#
 # == Authors
 #
 #   Dan Bode dan@puppetlabs.com
@@ -85,7 +87,6 @@
 #
 class swift::proxy::authtoken(
  $delay_auth_decision          = 1,
-  $signing_dir                  = $::swift::params::signing_dir,
  $cache                        = 'swift.cache',
  $www_authenticate_uri         = 'http://127.0.0.1:5000',
  $auth_url                     = 'http://127.0.0.1:5000',
@@ -99,6 +100,8 @@ class swift::proxy::authtoken(
  $include_service_catalog      = false,
  $service_token_roles          = $::os_service_default,
  $service_token_roles_required = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $signing_dir                  = undef
 ) inherits swift::params {

  include swift::deps
@@ -111,22 +114,12 @@ Please set password parameter')
    $password_real = $password
  }

-  if ($::os_package_type != 'debian') {
-    file { $signing_dir:
-      ensure                  => directory,
-      mode                    => '0700',
-      owner                   => 'swift',
-      group                   => 'swift',
-      selinux_ignore_defaults => true,
-      require                 => Anchor['swift::config::begin'],
-      before                  => Anchor['swift::config::end'],
-    }
+  if $signing_dir != undef {
+    warning('The signing_dir parameter was deprecated and has no effect')
  }

-
  swift_proxy_config {
    'filter:authtoken/log_name':                     value => 'swift';
-    'filter:authtoken/signing_dir':                  value => $signing_dir;
    'filter:authtoken/paste.filter_factory':         value => 'keystonemiddleware.auth_token:filter_factory';
    'filter:authtoken/www_authenticate_uri':         value => $www_authenticate_uri;
    'filter:authtoken/auth_url':                     value => $auth_url;
--- a/releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml
+++ b/releasenotes/notes/deprecate-keystone-pki-opts-c5e390dfbbf6f4d8.yaml
@@ -0,0 +1,5 @@
+---
+deprecations:
+  - |
+    The ``swift::proxy::authtoken::signing_dir`` parameter has been deprecated
+    and has no effect now.
--- a/spec/classes/swift_proxy_authtoken_spec.rb
+++ b/spec/classes/swift_proxy_authtoken_spec.rb
@@ -2,24 +2,8 @@ require 'spec_helper'

 describe 'swift::proxy::authtoken' do
  shared_examples 'swift::proxy::authtoken' do
-    describe 'when using the default signing directory' do
-      let :file_defaults do
-        {
-          :mode    => '0700',
-          :owner   => 'swift',
-          :group   => 'swift',
-        }
-      end
-
-      it {is_expected.to contain_file('/var/cache/swift').with(
-        {:ensure                  => 'directory',
-         :selinux_ignore_defaults => true}.merge(file_defaults)
-      )}
-    end
-
    describe "when using default parameters" do
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value(platform_params[:default_signing_dir]) }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@@ -46,14 +30,12 @@ describe 'swift::proxy::authtoken' do
          :region_name                  => 'region2',
          :cache                        => 'foo',
          :delay_auth_decision          => '0',
-          :signing_dir                  => '/home/swift/keystone-signing',
          :service_token_roles          => ['service'],
          :service_token_roles_required => true,
        }
      end

      it { is_expected.to contain_swift_proxy_config('filter:authtoken/log_name').with_value('swift') }
-      it { is_expected.to contain_swift_proxy_config('filter:authtoken/signing_dir').with_value('/home/swift/keystone-signing') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/paste.filter_factory').with_value('keystonemiddleware.auth_token:filter_factory') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/www_authenticate_uri').with_value('http://127.0.0.1:5000') }
      it { is_expected.to contain_swift_proxy_config('filter:authtoken/auth_url').with_value('http://127.0.0.1:5000') }
@@ -110,19 +92,6 @@ describe 'swift::proxy::authtoken' do
        facts.merge(OSDefaults.get_facts())
      end

-      let(:platform_params) do
-        case facts[:osfamily]
-        when 'Debian'
-          if facts[:os_package_type] == 'debian'
-            { :default_signing_dir => '/var/lib/swift' }
-          else
-            { :default_signing_dir => '/var/cache/swift' }
-          end
-        when 'RedHat'
-          { :default_signing_dir => '/var/cache/swift' }
-        end
-      end
-
      it_configures 'swift::proxy::authtoken'
    end
  end