Deprecate allow_insecure_clients option

The allow_insecure_clients has been deprecated[1]. [1]https://review.opendev.org/#/c/417629/ Change-Id: I35d388bc026496defea9cd6883b8a4618ba18b98 Closes-Bug: #1902158
2 years ago · 16f773dab3
3 changed files with 32 additions and 22 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -196,10 +196,6 @@
 #   (Optional) Debug: dump AMQP frames to stdout.
 #   Defaults to $::os_service_default
 #
-# [*amqp_allow_insecure_clients*]
-#   (Optional) Accept clients using either SSL or plain TCP.
-#   Defaults to $::os_service_default
-#
 # [*amqp_sasl_config_name*]
 #   (Optional) Name of configuration file (without .conf suffix).
 #   Defaults to $::os_service_default
@ -232,6 +228,12 @@
 #   in the watcher config.
 #   Defaults to false.
 #
+# DEPRECATED PARAMETERS
+#
+# [*amqp_allow_insecure_clients*]
+#   (Optional) Accept clients using either SSL or plain TCP.
+#   Defaults to undef.
+#
 # === Authors
 #
 # Daniel Pawlik  <daniel.pawlik@corp.ovh.com>
@ -280,7 +282,6 @@ class watcher (
  $amqp_ssl_cert_file                   = $::os_service_default,
  $amqp_broadcast_prefix                = $::os_service_default,
  $amqp_trace                           = $::os_service_default,
-  $amqp_allow_insecure_clients          = $::os_service_default,
  $amqp_sasl_config_name                = $::os_service_default,
  $amqp_sasl_config_dir                 = $::os_service_default,
  $amqp_group_request_prefix            = $::os_service_default,
@ -288,6 +289,8 @@ class watcher (
  $notification_transport_url           = $::os_service_default,
  $notification_driver                  = $::os_service_default,
  $notification_topics                  = $::os_service_default,
+  # DEPRECATED PARAMETERS
+  $amqp_allow_insecure_clients          = undef,
 ) {

  include openstacklib::openstackclient
@ -297,6 +300,11 @@ class watcher (
  include watcher::policy
  include watcher::db

+  if $amqp_allow_insecure_clients != undef {
+    warning('The amqp_allow_insecure_clients parameter is deprecated and \
+will be removed in a future release.')
+  }
+
  package { 'watcher':
    ensure => $package_ensure,
    name   => $::watcher::params::common_package_name,
@ -338,22 +346,21 @@ class watcher (
  }

  oslo::messaging::amqp { 'watcher_config':
-    username               => $amqp_username,
-    password               => $amqp_password,
-    server_request_prefix  => $amqp_server_request_prefix,
-    broadcast_prefix       => $amqp_broadcast_prefix,
-    group_request_prefix   => $amqp_group_request_prefix,
-    container_name         => $amqp_container_name,
-    idle_timeout           => $amqp_idle_timeout,
-    trace                  => $amqp_trace,
-    ssl_ca_file            => $amqp_ssl_ca_file,
-    ssl_cert_file          => $amqp_ssl_cert_file,
-    ssl_key_file           => $amqp_ssl_key_file,
-    ssl_key_password       => $amqp_ssl_key_password,
-    allow_insecure_clients => $amqp_allow_insecure_clients,
-    sasl_mechanisms        => $amqp_sasl_mechanisms,
-    sasl_config_dir        => $amqp_sasl_config_dir,
-    sasl_config_name       => $amqp_sasl_config_name,
+    username              => $amqp_username,
+    password              => $amqp_password,
+    server_request_prefix => $amqp_server_request_prefix,
+    broadcast_prefix      => $amqp_broadcast_prefix,
+    group_request_prefix  => $amqp_group_request_prefix,
+    container_name        => $amqp_container_name,
+    idle_timeout          => $amqp_idle_timeout,
+    trace                 => $amqp_trace,
+    ssl_ca_file           => $amqp_ssl_ca_file,
+    ssl_cert_file         => $amqp_ssl_cert_file,
+    ssl_key_file          => $amqp_ssl_key_file,
+    ssl_key_password      => $amqp_ssl_key_password,
+    sasl_mechanisms       => $amqp_sasl_mechanisms,
+    sasl_config_dir       => $amqp_sasl_config_dir,
+    sasl_config_name      => $amqp_sasl_config_name,
  }

  oslo::messaging::default { 'watcher_config':
--- a/releasenotes/notes/deprecate_allow_insecure_clients-option-8440060a378c7306.yaml
+++ b/releasenotes/notes/deprecate_allow_insecure_clients-option-8440060a378c7306.yaml
@ -0,0 +1,4 @@
+---
+deprecations:
+  - allow_insecure_clients option is now deprecated for removal, the
+    parameter has no effect.
--- a/spec/classes/watcher_init_spec.rb
+++ b/spec/classes/watcher_init_spec.rb
@ -184,7 +184,6 @@ describe 'watcher' do
          is_expected.to contain_watcher_config('oslo_messaging_amqp/ssl_cert_file').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_watcher_config('oslo_messaging_amqp/ssl_key_file').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_watcher_config('oslo_messaging_amqp/ssl_key_password').with_value('<SERVICE DEFAULT>')
-          is_expected.to contain_watcher_config('oslo_messaging_amqp/allow_insecure_clients').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_watcher_config('oslo_messaging_amqp/sasl_mechanisms').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_watcher_config('oslo_messaging_amqp/sasl_config_dir').with_value('<SERVICE DEFAULT>')
          is_expected.to contain_watcher_config('oslo_messaging_amqp/sasl_config_name').with_value('<SERVICE DEFAULT>')