From 17cc71c509b6b35a3cc1474c854f41d37cf6bba2 Mon Sep 17 00:00:00 2001 From: Takashi Kajinami Date: Mon, 21 Feb 2022 23:52:40 +0900 Subject: [PATCH] Deprecate usage of authtoken parameters in providers When SRBAC is completely implemented according to the current spec, each service user no longer has full admin privilege but has access limited to the actual requirement. This means that we are no longer able to use service users to create resources. This change is a prep-work to get rid of usage of the service user, currently loaded from authtoken parameters in the .conf file. Now each providers loads clouds.yaml file placed in /etc/openstack/puppet. Depends-on: https://review.opendev.org/806474 Depends-on: https://review.opendev.org/828025 Change-Id: Ia4a1edf49f1c47ea77a0197e4e7de172a3431532 --- lib/puppet/provider/glance.rb | 1 + .../provider-deprecate-at-params-88b2ee3f16ac5443.yaml | 9 +++++++++ 2 files changed, 10 insertions(+) create mode 100644 releasenotes/notes/provider-deprecate-at-params-88b2ee3f16ac5443.yaml diff --git a/lib/puppet/provider/glance.rb b/lib/puppet/provider/glance.rb index 87f2cc0c..d3726b82 100644 --- a/lib/puppet/provider/glance.rb +++ b/lib/puppet/provider/glance.rb @@ -18,6 +18,7 @@ class Puppet::Provider::Glance < Puppet::Provider::Openstack end def self.glance_request(service, action, error, properties=nil) + warning('Usage of keystone_authtoken parameters is deprecated.') properties ||= [] @credentials.username = glance_credentials['username'] @credentials.password = glance_credentials['password'] diff --git a/releasenotes/notes/provider-deprecate-at-params-88b2ee3f16ac5443.yaml b/releasenotes/notes/provider-deprecate-at-params-88b2ee3f16ac5443.yaml new file mode 100644 index 00000000..59cc2d40 --- /dev/null +++ b/releasenotes/notes/provider-deprecate-at-params-88b2ee3f16ac5443.yaml @@ -0,0 +1,9 @@ +--- +deprecations: + - | + The ``glance_image`` resource type has been using the credential written in + the ``[keystone_authtoken]`` section of ``glance-api.conf``. However this + behavior has been deprecated and now the resource type first looks for + the yaml files in ``/etc/openstack/puppet``. Make sure one of + ``clouds.yaml`` or ``admin-clouds.yaml`` (which is created by + puppet-keystone) is created in that directory.