Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1]. [1]https://review.opendev.org/#/c/417629/ Change-Id: Ibc83b18732269ce72ae51cbd5218e1ce772ae6a8 Closes-Bug: #1902158
2 years ago · 8cee8b5eca
10 changed files with 74 additions and 73 deletions
--- a/manifests/api.pp
+++ b/manifests/api.pp
@ -252,22 +252,21 @@ class trove::api(
  }

  oslo::messaging::amqp { 'trove_config':
-    server_request_prefix  => $::trove::amqp_server_request_prefix,
-    broadcast_prefix       => $::trove::amqp_broadcast_prefix,
-    group_request_prefix   => $::trove::amqp_group_request_prefix,
-    container_name         => $::trove::amqp_container_name,
-    idle_timeout           => $::trove::amqp_idle_timeout,
-    trace                  => $::trove::amqp_trace,
-    ssl_ca_file            => $::trove::amqp_ssl_ca_file,
-    ssl_cert_file          => $::trove::amqp_ssl_cert_file,
-    ssl_key_file           => $::trove::amqp_ssl_key_file,
-    ssl_key_password       => $::trove::amqp_ssl_key_password,
-    allow_insecure_clients => $::trove::amqp_allow_insecure_clients,
-    sasl_mechanisms        => $::trove::amqp_sasl_mechanisms,
-    sasl_config_dir        => $::trove::amqp_sasl_config_dir,
-    sasl_config_name       => $::trove::amqp_sasl_config_name,
-    username               => $::trove::amqp_username,
-    password               => $::trove::amqp_password,
+    server_request_prefix => $::trove::amqp_server_request_prefix,
+    broadcast_prefix      => $::trove::amqp_broadcast_prefix,
+    group_request_prefix  => $::trove::amqp_group_request_prefix,
+    container_name        => $::trove::amqp_container_name,
+    idle_timeout          => $::trove::amqp_idle_timeout,
+    trace                 => $::trove::amqp_trace,
+    ssl_ca_file           => $::trove::amqp_ssl_ca_file,
+    ssl_cert_file         => $::trove::amqp_ssl_cert_file,
+    ssl_key_file          => $::trove::amqp_ssl_key_file,
+    ssl_key_password      => $::trove::amqp_ssl_key_password,
+    sasl_mechanisms       => $::trove::amqp_sasl_mechanisms,
+    sasl_config_dir       => $::trove::amqp_sasl_config_dir,
+    sasl_config_name      => $::trove::amqp_sasl_config_name,
+    username              => $::trove::amqp_username,
+    password              => $::trove::amqp_password,
  }

  trove::generic_service { 'api':
--- a/manifests/conductor.pp
+++ b/manifests/conductor.pp
@ -146,22 +146,21 @@ class trove::conductor(
  }

  oslo::messaging::amqp { 'trove_conductor_config':
-    server_request_prefix  => $::trove::amqp_server_request_prefix,
-    broadcast_prefix       => $::trove::amqp_broadcast_prefix,
-    group_request_prefix   => $::trove::amqp_group_request_prefix,
-    container_name         => $::trove::amqp_container_name,
-    idle_timeout           => $::trove::amqp_idle_timeout,
-    trace                  => $::trove::amqp_trace,
-    ssl_ca_file            => $::trove::amqp_ssl_ca_file,
-    ssl_cert_file          => $::trove::amqp_ssl_cert_file,
-    ssl_key_file           => $::trove::amqp_ssl_key_file,
-    ssl_key_password       => $::trove::amqp_ssl_key_password,
-    allow_insecure_clients => $::trove::amqp_allow_insecure_clients,
-    sasl_mechanisms        => $::trove::amqp_sasl_mechanisms,
-    sasl_config_dir        => $::trove::amqp_sasl_config_dir,
-    sasl_config_name       => $::trove::amqp_sasl_config_name,
-    username               => $::trove::amqp_username,
-    password               => $::trove::amqp_password,
+    server_request_prefix => $::trove::amqp_server_request_prefix,
+    broadcast_prefix      => $::trove::amqp_broadcast_prefix,
+    group_request_prefix  => $::trove::amqp_group_request_prefix,
+    container_name        => $::trove::amqp_container_name,
+    idle_timeout          => $::trove::amqp_idle_timeout,
+    trace                 => $::trove::amqp_trace,
+    ssl_ca_file           => $::trove::amqp_ssl_ca_file,
+    ssl_cert_file         => $::trove::amqp_ssl_cert_file,
+    ssl_key_file          => $::trove::amqp_ssl_key_file,
+    ssl_key_password      => $::trove::amqp_ssl_key_password,
+    sasl_mechanisms       => $::trove::amqp_sasl_mechanisms,
+    sasl_config_dir       => $::trove::amqp_sasl_config_dir,
+    sasl_config_name      => $::trove::amqp_sasl_config_name,
+    username              => $::trove::amqp_username,
+    password              => $::trove::amqp_password,
  }

  oslo::log { 'trove_conductor_config':
--- a/manifests/guestagent.pp
+++ b/manifests/guestagent.pp
@ -153,22 +153,21 @@ trove::control_exchange instead.")
  }

  oslo::messaging::amqp { 'trove_guestagent_config':
-    server_request_prefix  => $::trove::amqp_server_request_prefix,
-    broadcast_prefix       => $::trove::amqp_broadcast_prefix,
-    group_request_prefix   => $::trove::amqp_group_request_prefix,
-    container_name         => $::trove::amqp_container_name,
-    idle_timeout           => $::trove::amqp_idle_timeout,
-    trace                  => $::trove::amqp_trace,
-    ssl_ca_file            => $::trove::amqp_ssl_ca_file,
-    ssl_cert_file          => $::trove::amqp_ssl_cert_file,
-    ssl_key_file           => $::trove::amqp_ssl_key_file,
-    ssl_key_password       => $::trove::amqp_ssl_key_password,
-    allow_insecure_clients => $::trove::amqp_allow_insecure_clients,
-    sasl_mechanisms        => $::trove::amqp_sasl_mechanisms,
-    sasl_config_dir        => $::trove::amqp_sasl_config_dir,
-    sasl_config_name       => $::trove::amqp_sasl_config_name,
-    username               => $::trove::amqp_username,
-    password               => $::trove::amqp_password,
+    server_request_prefix => $::trove::amqp_server_request_prefix,
+    broadcast_prefix      => $::trove::amqp_broadcast_prefix,
+    group_request_prefix  => $::trove::amqp_group_request_prefix,
+    container_name        => $::trove::amqp_container_name,
+    idle_timeout          => $::trove::amqp_idle_timeout,
+    trace                 => $::trove::amqp_trace,
+    ssl_ca_file           => $::trove::amqp_ssl_ca_file,
+    ssl_cert_file         => $::trove::amqp_ssl_cert_file,
+    ssl_key_file          => $::trove::amqp_ssl_key_file,
+    ssl_key_password      => $::trove::amqp_ssl_key_password,
+    sasl_mechanisms       => $::trove::amqp_sasl_mechanisms,
+    sasl_config_dir       => $::trove::amqp_sasl_config_dir,
+    sasl_config_name      => $::trove::amqp_sasl_config_name,
+    username              => $::trove::amqp_username,
+    password              => $::trove::amqp_password,
  }

  oslo::log { 'trove_guestagent_config':
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -138,10 +138,6 @@
 #   (Optional) Password for decrypting ssl_key_file (if encrypted)
 #   Defaults to $::os_service_default.
 #
-# [*amqp_allow_insecure_clients*]
-#   (Optional) Accept clients using either SSL or plain TCP
-#   Defaults to $::os_service_default.
-#
 # [*amqp_sasl_mechanisms*]
 #   (Optional) Space separated list of acceptable SASL mechanisms
 #   Defaults to $::os_service_default.
@ -297,6 +293,10 @@
 #   exceptions in the trove API service.
 #   Defaults to undef.
 #
+# [*amqp_allow_insecure_clients*]
+#   (Optional) Accept clients using either SSL or plain TCP
+#   Defaults to undef.
+#
 class trove(
  $default_transport_url        = $::os_service_default,
  $notification_transport_url   = $::os_service_default,
@ -323,7 +323,6 @@ class trove(
  $amqp_ssl_cert_file           = $::os_service_default,
  $amqp_ssl_key_file            = $::os_service_default,
  $amqp_ssl_key_password        = $::os_service_default,
-  $amqp_allow_insecure_clients  = $::os_service_default,
  $amqp_sasl_mechanisms         = $::os_service_default,
  $amqp_sasl_config_dir         = $::os_service_default,
  $amqp_sasl_config_name        = $::os_service_default,
@ -362,12 +361,18 @@ class trove(
  $nova_proxy_admin_pass        = undef,
  $nova_proxy_admin_tenant_name = undef,
  $os_region_name               = undef,
+  $amqp_allow_insecure_clients  = undef,
 ) {

  include trove::deps
  include trove::policy
  include trove::params

+  if $amqp_allow_insecure_clients != undef {
+    warning('The amqp_allow_insecure_clients parameter is deprecated and \
+will be removed in a future release.')
+  }
+
  if $nova_compute_url {
    trove_config { 'DEFAULT/nova_compute_url': value => $nova_compute_url }
  }
--- a/manifests/taskmanager.pp
+++ b/manifests/taskmanager.pp
@ -200,22 +200,21 @@ the future release. Please use trove::default_neutron_networks instead.")
  }

  oslo::messaging::amqp { 'trove_taskmanager_config':
-    server_request_prefix  => $::trove::amqp_server_request_prefix,
-    broadcast_prefix       => $::trove::amqp_broadcast_prefix,
-    group_request_prefix   => $::trove::amqp_group_request_prefix,
-    container_name         => $::trove::amqp_container_name,
-    idle_timeout           => $::trove::amqp_idle_timeout,
-    trace                  => $::trove::amqp_trace,
-    ssl_ca_file            => $::trove::amqp_ssl_ca_file,
-    ssl_cert_file          => $::trove::amqp_ssl_cert_file,
-    ssl_key_file           => $::trove::amqp_ssl_key_file,
-    ssl_key_password       => $::trove::amqp_ssl_key_password,
-    allow_insecure_clients => $::trove::amqp_allow_insecure_clients,
-    sasl_mechanisms        => $::trove::amqp_sasl_mechanisms,
-    sasl_config_dir        => $::trove::amqp_sasl_config_dir,
-    sasl_config_name       => $::trove::amqp_sasl_config_name,
-    username               => $::trove::amqp_username,
-    password               => $::trove::amqp_password,
+    server_request_prefix => $::trove::amqp_server_request_prefix,
+    broadcast_prefix      => $::trove::amqp_broadcast_prefix,
+    group_request_prefix  => $::trove::amqp_group_request_prefix,
+    container_name        => $::trove::amqp_container_name,
+    idle_timeout          => $::trove::amqp_idle_timeout,
+    trace                 => $::trove::amqp_trace,
+    ssl_ca_file           => $::trove::amqp_ssl_ca_file,
+    ssl_cert_file         => $::trove::amqp_ssl_cert_file,
+    ssl_key_file          => $::trove::amqp_ssl_key_file,
+    ssl_key_password      => $::trove::amqp_ssl_key_password,
+    sasl_mechanisms       => $::trove::amqp_sasl_mechanisms,
+    sasl_config_dir       => $::trove::amqp_sasl_config_dir,
+    sasl_config_name      => $::trove::amqp_sasl_config_name,
+    username              => $::trove::amqp_username,
+    password              => $::trove::amqp_password,
  }

  if $::trove::use_neutron {
--- a/releasenotes/notes/deprecate_allow_insecure_clients-option-ac2bec38b8b002b8.yaml
+++ b/releasenotes/notes/deprecate_allow_insecure_clients-option-ac2bec38b8b002b8.yaml
@ -0,0 +1,4 @@
+---
+deprecations:
+  - allow_insecure_clients option is now deprecated for removal, the
+    parameter has no effect.
--- a/spec/classes/trove_api_spec.rb
+++ b/spec/classes/trove_api_spec.rb
@ -395,7 +395,6 @@ describe 'trove::api' do
        is_expected.to contain_trove_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>')
--- a/spec/classes/trove_conductor_spec.rb
+++ b/spec/classes/trove_conductor_spec.rb
@ -239,7 +239,6 @@ describe 'trove::conductor' do
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_conductor_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>')
--- a/spec/classes/trove_guestagent_spec.rb
+++ b/spec/classes/trove_guestagent_spec.rb
@ -256,7 +256,6 @@ describe 'trove::guestagent' do
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_guestagent_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>')
--- a/spec/classes/trove_taskmanager_spec.rb
+++ b/spec/classes/trove_taskmanager_spec.rb
@ -366,7 +366,6 @@ describe 'trove::taskmanager' do
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>')
-        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>')
        is_expected.to contain_trove_taskmanager_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>')