x
/
packstack
Code Issues Proposed changes

Remove deprecated keystone::ldap parameters 

The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_*
parameters have been removed from the answer file. Their corresponding
options were removed from Keystone long ago, and they are no longer
valid in puppet-keystone since the Rocky release.

Change-Id: Icd09dc8885731d611720be6a223c12dfef8fe621
Closes-Bug: #1927069
This commit is contained in:
Javier Pena 2021-05-04 15:18:33 +02:00
parent 33517d4b22
commit e3e348153d
4 changed files with 8 additions and 114 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
docs/packstack.rst
View File

@ -392,15 +392,6 @@ Keystone LDAP Identity Backend Config parameters
**CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE** **CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE**
Identity service LDAP attribute mapped to default_project_id for users. Identity service LDAP attribute mapped to default_project_id for users.
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE**
Specify 'y' if you want to be able to create Identity service users through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE**
Specify 'y' if you want to be able to update Identity service users through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE**
Specify 'y' if you want to be able to delete Identity service users through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE** **CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE**
Identity service LDAP attribute mapped to password. Identity service LDAP attribute mapped to password.
@ -434,15 +425,6 @@ Keystone LDAP Identity Backend Config parameters
**CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE** **CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE**
Comma-separated list of attributes stripped from LDAP group entry upon update. Comma-separated list of attributes stripped from LDAP group entry upon update.
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE**
Specify 'y' if you want to be able to create Identity service groups through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE**
Specify 'y' if you want to be able to update Identity service groups through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE**
Specify 'y' if you want to be able to delete Identity service groups through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y']
**CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING** **CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING**
List of additional LDAP attributes used for mapping additional attribute mappings for groups. The attribute=mapping format is <ldap_attr>:<group_attr>, where ldap_attr is the attribute in the LDAP entry and group_attr is the Identity API attribute. List of additional LDAP attributes used for mapping additional attribute mappings for groups. The attribute=mapping format is <ldap_attr>:<group_attr>, where ldap_attr is the attribute in the LDAP entry and group_attr is the Identity API attribute.

90
packstack/plugins/keystone_100.py
View File

@ -384,48 +384,6 @@ def initConfig(controller):
"NEED_CONFIRM": False, "NEED_CONFIRM": False,
"CONDITION": False}, "CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-create",
"PROMPT": (
"Do you want to allow user create through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-update",
"PROMPT": (
"Do you want to allow user update through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-allow-delete",
"PROMPT": (
"Do you want to allow user delete through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-user-pass-attribute", {"CMD_OPTION": "keystone-ldap-user-pass-attribute",
"PROMPT": "Enter the Keystone LDAP user password attribute.", "PROMPT": "Enter the Keystone LDAP user password attribute.",
"OPTION_LIST": [], "OPTION_LIST": [],
@ -564,48 +522,6 @@ def initConfig(controller):
"NEED_CONFIRM": False, "NEED_CONFIRM": False,
"CONDITION": False}, "CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-create",
"PROMPT": (
"Do you want to allow group create through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-update",
"PROMPT": (
"Do you want to allow group update through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-allow-delete",
"PROMPT": (
"Do you want to allow group delete through Keystone (n or y)."
),
"OPTION_LIST": ['n', 'y'],
"VALIDATORS": [validators.validate_options],
"DEFAULT_VALUE": 'n',
"MASK_INPUT": False,
"LOOSE_VALIDATION": False,
"CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE',
"USE_DEFAULT": False,
"NEED_CONFIRM": False,
"CONDITION": False},
{"CMD_OPTION": "keystone-ldap-group-additional-attribute-mapping", {"CMD_OPTION": "keystone-ldap-group-additional-attribute-mapping",
"PROMPT": ( "PROMPT": (
"Enter the comma separated Keystone LDAP group additional " "Enter the comma separated Keystone LDAP group additional "
@ -723,12 +639,6 @@ def munge_ldap_config_params(config, messages):
def is_bool(keyname): def is_bool(keyname):
return keyname in ( return keyname in (
'CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', 'CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE',
'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE',
'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE',
'CONFIG_KEYSTONE_LDAP_USE_TLS' 'CONFIG_KEYSTONE_LDAP_USE_TLS'
) )

6
packstack/puppet/modules/packstack/manifests/keystone.pp
View File

@ -88,9 +88,6 @@ class packstack::keystone ()
user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef), user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef),
user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef), user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef),
user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef), user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef),
user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef),
user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef),
user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef),
user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef), user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef),
user_enabled_emulation => $user_enabled_emulation, user_enabled_emulation => $user_enabled_emulation,
user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef), user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef),
@ -103,9 +100,6 @@ class packstack::keystone ()
group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef), group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef),
group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef), group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef),
group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef), group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef),
group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef),
group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef),
group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef),
group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef), group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef),
use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef), use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef),
tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef), tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef),

8
releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml Normal file
View File

@ -0,0 +1,8 @@
---
deprecations:
- |
The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and
CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_* parameters have been removed from the
answer file. Their corresponding options were removed from Keystone long
ago, and they are no longer valid in puppet-keystone since the Rocky
release.