Deprecate parameters for certificate plugins
... because certificate plugins were deprecated some time ago in Barbican and are being removed in this cycle. Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640 Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed
This commit is contained in:
parent
9c0930273d
commit
d2625af949
|
@ -157,15 +157,6 @@
|
|||
# are defined in a list eg. ['simple_crypto','p11_crypto']
|
||||
# Defaults to false
|
||||
#
|
||||
# [*enabled_certificate_plugins*]
|
||||
# (optional) Enabled certificate plugins as a list.
|
||||
# e.g. ['snakeoil_ca', 'dogtag']
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*enabled_certificate_event_plugins*]
|
||||
# (optional) Enabled certificate event plugins as a list
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*kombu_ssl_ca_certs*]
|
||||
# (optional) SSL certification authority file (valid only if SSL enabled).
|
||||
# Defaults to $facts['os_service_default']
|
||||
|
@ -248,6 +239,16 @@
|
|||
# (Optional) Default page size for the 'limit' paging URL parameter.
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*enabled_certificate_plugins*]
|
||||
# (optional) Enabled certificate plugins as a list.
|
||||
# Defaults to undef
|
||||
#
|
||||
# [*enabled_certificate_event_plugins*]
|
||||
# (optional) Enabled certificate event plugins as a list
|
||||
# Defaults to undef
|
||||
#
|
||||
class barbican::api (
|
||||
$package_ensure = 'present',
|
||||
$bind_host = '0.0.0.0',
|
||||
|
@ -280,8 +281,6 @@ class barbican::api (
|
|||
$enabled_crypto_plugins = $facts['os_service_default'],
|
||||
$enabled_secret_stores = 'simple_crypto',
|
||||
Boolean $multiple_secret_stores_enabled = false,
|
||||
$enabled_certificate_plugins = $facts['os_service_default'],
|
||||
$enabled_certificate_event_plugins = $facts['os_service_default'],
|
||||
$kombu_ssl_ca_certs = $facts['os_service_default'],
|
||||
$kombu_ssl_certfile = $facts['os_service_default'],
|
||||
$kombu_ssl_keyfile = $facts['os_service_default'],
|
||||
|
@ -299,6 +298,9 @@ class barbican::api (
|
|||
$max_request_body_size = $facts['os_service_default'],
|
||||
$max_limit_paging = $facts['os_service_default'],
|
||||
$default_limit_paging = $facts['os_service_default'],
|
||||
# DEPRECATED PARAMETERS
|
||||
$enabled_certificate_plugins = undef,
|
||||
$enabled_certificate_event_plugins = undef,
|
||||
) inherits barbican::params {
|
||||
|
||||
include barbican::deps
|
||||
|
@ -306,6 +308,12 @@ class barbican::api (
|
|||
include barbican::client
|
||||
include barbican::policy
|
||||
|
||||
['enabled_certificate_plugins', 'enabled_certificate_event_plugins'].each |String $opt| {
|
||||
if getvar($opt) != undef {
|
||||
warning("The ${opt} parameter has been deprecated and has no effect.")
|
||||
}
|
||||
}
|
||||
|
||||
package { 'barbican-api':
|
||||
ensure => $package_ensure,
|
||||
name => $::barbican::params::api_package_name,
|
||||
|
@ -379,10 +387,14 @@ class barbican::api (
|
|||
|
||||
# enabled plugins
|
||||
barbican_config {
|
||||
'secretstore/enabled_secretstore_plugins': value => $enabled_secretstore_plugins;
|
||||
'crypto/enabled_crypto_plugins': value => $enabled_crypto_plugins;
|
||||
'certificate/enabled_certificate_plugins': value => $enabled_certificate_plugins;
|
||||
'certificate_event/enabled_certificate_event_plugins': value => $enabled_certificate_event_plugins;
|
||||
'secretstore/enabled_secretstore_plugins': value => $enabled_secretstore_plugins;
|
||||
'crypto/enabled_crypto_plugins': value => $enabled_crypto_plugins;
|
||||
}
|
||||
|
||||
# TODO(tkajinam): Remove this after 2024.1 release
|
||||
barbican_config {
|
||||
'certificate/enabled_certificate_plugins': ensure => absent;
|
||||
'certificate_event/enabled_certificate_event_plugins': ensure => absent;
|
||||
}
|
||||
|
||||
# enabled plugins when multiple plugins is enabled
|
||||
|
|
|
@ -27,6 +27,12 @@
|
|||
# (optional) Path to plugin NSS DB
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*global_default*]
|
||||
# (optional) set plugin as global default
|
||||
# Defaults to false
|
||||
#
|
||||
# DEPRECATED PARAMETERS
|
||||
#
|
||||
# [*dogtag_plugin_simple_cmc_profile*]
|
||||
# (optional) Profile for simple CMC enrollment.
|
||||
# Defaults to $facts['os_service_default']
|
||||
|
@ -39,10 +45,6 @@
|
|||
# (optional) Working directory for Dogtag plugin
|
||||
# Defaults to $facts['os_service_default']
|
||||
#
|
||||
# [*global_default*]
|
||||
# (optional) set plugin as global default
|
||||
# Defaults to false
|
||||
#
|
||||
class barbican::plugins::dogtag (
|
||||
$dogtag_plugin_nss_password,
|
||||
$dogtag_plugin_ensure_package = 'present',
|
||||
|
@ -50,15 +52,24 @@ class barbican::plugins::dogtag (
|
|||
$dogtag_plugin_dogtag_host = $facts['os_service_default'],
|
||||
$dogtag_plugin_dogtag_port = $facts['os_service_default'],
|
||||
$dogtag_plugin_nss_db_path = $facts['os_service_default'],
|
||||
$dogtag_plugin_simple_cmc_profile = $facts['os_service_default'],
|
||||
$dogtag_plugin_ca_expiration_time = $facts['os_service_default'],
|
||||
$dogtag_plugin_plugin_working_dir = $facts['os_service_default'],
|
||||
$global_default = false,
|
||||
# DEPRECATED PARAMETERS
|
||||
$dogtag_plugin_simple_cmc_profile = undef,
|
||||
$dogtag_plugin_ca_expiration_time = undef,
|
||||
$dogtag_plugin_plugin_working_dir = undef,
|
||||
) {
|
||||
|
||||
include barbican::deps
|
||||
include barbican::params
|
||||
|
||||
[
|
||||
'simple_cmc_profile', 'ca_expiration_time', 'plugin_working_dir'
|
||||
].each |String $opt| {
|
||||
if getvar("dogtag_plugin_${opt}") != undef {
|
||||
warning("The dogtag_plugin_${opt} parameter has been deprecated and has no effect")
|
||||
}
|
||||
}
|
||||
|
||||
package {'dogtag-client':
|
||||
ensure => $dogtag_plugin_ensure_package,
|
||||
name => $::barbican::params::dogtag_client_package,
|
||||
|
@ -71,13 +82,17 @@ class barbican::plugins::dogtag (
|
|||
}
|
||||
|
||||
barbican_config {
|
||||
'dogtag_plugin/pem_path': value => $dogtag_plugin_pem_path;
|
||||
'dogtag_plugin/dogtag_host': value => $dogtag_plugin_dogtag_host;
|
||||
'dogtag_plugin/dogtag_port': value => $dogtag_plugin_dogtag_port;
|
||||
'dogtag_plugin/nss_db_path': value => $dogtag_plugin_nss_db_path;
|
||||
'dogtag_plugin/nss_password': value => $dogtag_plugin_nss_password, secret => true;
|
||||
'dogtag_plugin/simple_cmc_profile': value => $dogtag_plugin_simple_cmc_profile;
|
||||
'dogtag_plugin/ca_expiration_time': value => $dogtag_plugin_ca_expiration_time;
|
||||
'dogtag_plugin/plugin_working_dir': value => $dogtag_plugin_plugin_working_dir;
|
||||
'dogtag_plugin/pem_path': value => $dogtag_plugin_pem_path;
|
||||
'dogtag_plugin/dogtag_host': value => $dogtag_plugin_dogtag_host;
|
||||
'dogtag_plugin/dogtag_port': value => $dogtag_plugin_dogtag_port;
|
||||
'dogtag_plugin/nss_db_path': value => $dogtag_plugin_nss_db_path;
|
||||
'dogtag_plugin/nss_password': value => $dogtag_plugin_nss_password, secret => true;
|
||||
}
|
||||
|
||||
# TODO(tkajinam): Remove this after 2024.1 release
|
||||
barbican_config {
|
||||
'dogtag_plugin/simple_cmc_profile': ensure => absent;
|
||||
'dogtag_plugin/ca_expiration_time': ensure => absent;
|
||||
'dogtag_plugin/plugin_working_dir': ensure => absent;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
---
|
||||
deprecations:
|
||||
- |
|
||||
The following parameters have been deprecated and have no effect now,
|
||||
because certificate plugins have beeen removed from barbican.
|
||||
|
||||
- ``barbican::api::enabled_certificate_plugins``
|
||||
- ``barbican::api::enabled_certificate_event_plugins``
|
||||
- ``barbican::plugins::dogtag::dogtag_plugin_simple_cmc_profile``
|
||||
- ``barbican::plugins::dogtag::dogtag_plugin_ca_expiration_time``
|
||||
- ``barbican::plugins::dogtag::dogtag_plugin_plugin_working_dir``
|
|
@ -59,8 +59,6 @@ describe 'barbican::api' do
|
|||
:enabled => true,
|
||||
:enabled_secretstore_plugins => ['<SERVICE DEFAULT>'],
|
||||
:enabled_crypto_plugins => ['<SERVICE DEFAULT>'],
|
||||
:enabled_certificate_plugins => ['<SERVICE DEFAULT>'],
|
||||
:enabled_certificate_event_plugins => ['<SERVICE DEFAULT>'],
|
||||
:auth_strategy => 'keystone',
|
||||
:service_name => platform_params[:service_name],
|
||||
:enable_proxy_headers_parsing => '<SERVICE DEFAULT>',
|
||||
|
@ -107,8 +105,6 @@ describe 'barbican::api' do
|
|||
:kombu_compression => 'gzip',
|
||||
:enabled_secretstore_plugins => ['dogtag_crypto', 'store_crypto', 'kmip'],
|
||||
:enabled_crypto_plugins => ['simple_crypto'],
|
||||
:enabled_certificate_plugins => ['simple_certificate', 'dogtag'],
|
||||
:enabled_certificate_event_plugins => ['simple_certificate_event', 'foo_event'],
|
||||
:max_allowed_secret_in_bytes => 20000,
|
||||
:max_allowed_request_size_in_bytes => 2000000,
|
||||
:enable_proxy_headers_parsing => false,
|
||||
|
@ -195,10 +191,6 @@ describe 'barbican::api' do
|
|||
.with_value(param_hash[:enabled_secretstore_plugins])
|
||||
is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \
|
||||
.with_value(param_hash[:enabled_crypto_plugins])
|
||||
is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \
|
||||
.with_value(param_hash[:enabled_certificate_plugins])
|
||||
is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \
|
||||
.with_value(param_hash[:enabled_certificate_event_plugins])
|
||||
end
|
||||
|
||||
it 'configures plugins in multiple plugin config' do
|
||||
|
|
|
@ -22,15 +22,12 @@ require 'spec_helper'
|
|||
describe 'barbican::plugins::dogtag' do
|
||||
let :default_params do
|
||||
{
|
||||
:dogtag_plugin_ensure_package => 'present',
|
||||
:dogtag_plugin_pem_path => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_dogtag_host => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_dogtag_port => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_nss_db_path => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_simple_cmc_profile => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_ca_expiration_time => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_plugin_working_dir => '<SERVICE DEFAULT>',
|
||||
:global_default => false,
|
||||
:dogtag_plugin_ensure_package => 'present',
|
||||
:dogtag_plugin_pem_path => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_dogtag_host => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_dogtag_port => '<SERVICE DEFAULT>',
|
||||
:dogtag_plugin_nss_db_path => '<SERVICE DEFAULT>',
|
||||
:global_default => false,
|
||||
}
|
||||
end
|
||||
|
||||
|
@ -39,15 +36,12 @@ describe 'barbican::plugins::dogtag' do
|
|||
:dogtag_plugin_nss_password => 'password',
|
||||
},
|
||||
{
|
||||
:dogtag_plugin_pem_path => 'path_to_pem_file',
|
||||
:dogtag_plugin_dogtag_host => 'dogtag_host',
|
||||
:dogtag_plugin_dogtag_port => '1234',
|
||||
:dogtag_plugin_nss_db_path => 'path_to_nss_db',
|
||||
:dogtag_plugin_nss_password => 'password',
|
||||
:dogtag_plugin_simple_cmc_profile => 'caServerCert',
|
||||
:dogtag_plugin_ca_expiration_time => '100',
|
||||
:dogtag_plugin_plugin_working_dir => 'path_to_working_dir',
|
||||
:global_default => true,
|
||||
:dogtag_plugin_pem_path => 'path_to_pem_file',
|
||||
:dogtag_plugin_dogtag_host => 'dogtag_host',
|
||||
:dogtag_plugin_dogtag_port => '1234',
|
||||
:dogtag_plugin_nss_db_path => 'path_to_nss_db',
|
||||
:dogtag_plugin_nss_password => 'password',
|
||||
:global_default => true,
|
||||
}
|
||||
].each do |param_set|
|
||||
context "when #{param_set == {} ? "using default" : "specifying"} class parameters" do
|
||||
|
@ -71,9 +65,6 @@ describe 'barbican::plugins::dogtag' do
|
|||
should contain_barbican_config('dogtag_plugin/dogtag_port').with_value(param_hash[:dogtag_plugin_dogtag_port])
|
||||
should contain_barbican_config('dogtag_plugin/nss_db_path').with_value(param_hash[:dogtag_plugin_nss_db_path])
|
||||
should contain_barbican_config('dogtag_plugin/nss_password').with_value(param_hash[:dogtag_plugin_nss_password]).with_secret(true)
|
||||
should contain_barbican_config('dogtag_plugin/simple_cmc_profile').with_value(param_hash[:dogtag_plugin_simple_cmc_profile])
|
||||
should contain_barbican_config('dogtag_plugin/ca_expiration_time').with_value(param_hash[:dogtag_plugin_ca_expiration_time])
|
||||
should contain_barbican_config('dogtag_plugin/plugin_working_dir').with_value(param_hash[:dogtag_plugin_plugin_working_dir])
|
||||
should contain_barbican_config('secretstore:dogtag/secret_store_plugin').with_value('dogtag_crypto')
|
||||
should contain_barbican_config('secretstore:dogtag/global_default').with_value(param_hash[:global_default])
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue