Browse Source

Remove deprecated keystone::ldap parameters

The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_*
parameters have been removed from the answer file. Their corresponding
options were removed from Keystone long ago, and they are no longer
valid in puppet-keystone since the Rocky release.

Change-Id: Icd09dc8885731d611720be6a223c12dfef8fe621
Closes-Bug: #1927069
changes/68/789568/2
Javier Pena 2 months ago
parent
commit
e3e348153d
4 changed files with 8 additions and 114 deletions
  1. +0
    -18
      docs/packstack.rst
  2. +0
    -90
      packstack/plugins/keystone_100.py
  3. +0
    -6
      packstack/puppet/modules/packstack/manifests/keystone.pp
  4. +8
    -0
      releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml

+ 0
- 18
docs/packstack.rst View File

@ -392,15 +392,6 @@ Keystone LDAP Identity Backend Config parameters
**CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE**
Identity service LDAP attribute mapped to default_project_id for users.
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE**
Specify 'y' if you want to be able to create Identity service users through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE**
Specify 'y' if you want to be able to update Identity service users through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE**
Specify 'y' if you want to be able to delete Identity service users through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE**
Identity service LDAP attribute mapped to password.
@ -434,15 +425,6 @@ Keystone LDAP Identity Backend Config parameters
**CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE**
Comma-separated list of attributes stripped from LDAP group entry upon update.
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE**
Specify 'y' if you want to be able to create Identity service groups through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE**
Specify 'y' if you want to be able to update Identity service groups through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE**
Specify 'y' if you want to be able to delete Identity service groups through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING**
List of additional LDAP attributes used for mapping additional attribute mappings for groups. The attribute=mapping format is <ldap_attr>:<group_attr>, where ldap_attr is the attribute in the LDAP entry and group_attr is the Identity API attribute.


+ 0
- 90
packstack/plugins/keystone_100.py View File

@ -384,48 +384,6 @@ def initConfig(controller):
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-create",
"PROMPT": (
"Do you want to allow user create through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-update",
"PROMPT": (
"Do you want to allow user update through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-delete",
"PROMPT": (
"Do you want to allow user delete through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-pass-attribute",
"PROMPT": "Enter the Keystone LDAP user password attribute.",
"OPTION_LIST": [],
@ -564,48 +522,6 @@ def initConfig(controller):
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-create",
"PROMPT": (
"Do you want to allow group create through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-update",
"PROMPT": (
"Do you want to allow group update through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-delete",
"PROMPT": (
"Do you want to allow group delete through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-additional-attribute-mapping",
"PROMPT": (
"Enter the comma separated Keystone LDAP group additional "
@ -723,12 +639,6 @@ def munge_ldap_config_params(config, messages):
def is_bool(keyname):
return keyname in (
'CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE',
'CONFIG_KEYSTONE_LDAP_USE_TLS'
)


+ 0
- 6
packstack/puppet/modules/packstack/manifests/keystone.pp View File

@ -88,9 +88,6 @@ class packstack::keystone ()
user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef),
user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef),
user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef),
user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef),
user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef),
user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef),
user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef),
user_enabled_emulation => $user_enabled_emulation,
user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef),
@ -103,9 +100,6 @@ class packstack::keystone ()
group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef),
group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef),
group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef),
group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef),
group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef),
group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef),
group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef),
use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef),
tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef),


+ 8
- 0
releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml View File

@ -0,0 +1,8 @@
---
deprecations:
- |
The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_* parameters have been removed from the
answer file. Their corresponding options were removed from Keystone long
ago, and they are no longer valid in puppet-keystone since the Rocky
release.

Loading…
Cancel
Save