Remove UUID and PKI Keystone token format support

This has been removed by the Keystone project as of [1].

[1] - https://review.openstack.org/543060

Change-Id: I29c08c958ed83b4245f20e73f4fec4841635e85d

README.md

@@ -174,7 +174,7 @@ the current matrix of available tests:
 
 |     -          | scenario000 | scenario001 | scenario002 | scenario003 |
 |:--------------:|:-----------:|:-----------:|:-----------:|:------------:
-| keystone       |   FERNET    |   FERNET    |    UUID     |    FERNET   |
+| keystone       |   FERNET    |   FERNET    |    FERNET   |    FERNET   |
 | glance         |             |    file     |    swift    |     file    |
 | nova           |      X      |      X      |      X      |      X      |
 | neutron        |      X      |      X      |      X      |      X      |

docs/packstack.rst

@@ -333,7 +333,7 @@ Keystone Config parameters
     Identity service API version string. ['v2.0', 'v3']
 
 **CONFIG_KEYSTONE_TOKEN_FORMAT**
-    Identity service token format (UUID, PKI or FERNET). The recommended format for new deployments is FERNET. ['UUID', 'PKI', 'FERNET']
+    Identity service token format (FERNET). Since Rocky, only FERNET is supported. ['FERNET']
 
 **CONFIG_KEYSTONE_IDENTITY_BACKEND**
     Type of Identity service backend (sql or ldap). ['sql', 'ldap']

packstack/plugins/keystone_100.py

@@ -151,7 +151,7 @@ def initConfig(controller):
 
             {"CMD_OPTION": "keystone-token-format",
              "PROMPT": "Enter the Keystone token format.",
-             "OPTION_LIST": ['UUID', 'PKI', 'FERNET'],
+             "OPTION_LIST": ['FERNET'],
              "VALIDATORS": [validators.validate_options],
              "DEFAULT_VALUE": 'FERNET',
              "MASK_INPUT": False,

packstack/puppet/modules/packstack/manifests/keystone.pp

@@ -6,11 +6,6 @@ class packstack::keystone ()
     $keystone_cfg_ks_db_pw = hiera('CONFIG_KEYSTONE_DB_PW')
     $keystone_cfg_mariadb_host = hiera('CONFIG_MARIADB_HOST_URL')
     $keystone_token_provider_str = downcase(hiera('CONFIG_KEYSTONE_TOKEN_FORMAT'))
-    if $keystone_token_provider_str == 'fernet' {
-      $enable_fernet_setup = true
-    } else {
-      $enable_fernet_setup = false
-    }
     $keystone_url = regsubst(regsubst(hiera('CONFIG_KEYSTONE_PUBLIC_URL'),'/v2.0',''),'/v3','')
     $keystone_admin_url = hiera('CONFIG_KEYSTONE_ADMIN_URL')
 
@@ -39,7 +34,7 @@ class packstack::keystone ()
       admin_password      => hiera('CONFIG_KEYSTONE_ADMIN_PW'),
       database_connection => "mysql+pymysql://keystone_admin:${keystone_cfg_ks_db_pw}@${keystone_cfg_mariadb_host}/keystone",
       token_provider      => "${keystone_token_provider_str}",
-      enable_fernet_setup => $enable_fernet_setup,
+      enable_fernet_setup => true,
       debug               => hiera('CONFIG_DEBUG_MODE'),
       service_name        => 'httpd',
       enable_ssl          => $keystone_use_ssl,

releasenotes/notes/Remove-PKI-and-UUID-Keystone-token-formats-618f4b0dc4cf782f.yaml

@@ -0,0 +1,6 @@
+---
+deprecations:
+  - |
+    Keystone has removed support for token formats other than Fernet in
+    https://review.openstack.org/543060. Thus, support for those token
+    formats has been removed from Packstack.

tests/scenario002.sh

@@ -40,7 +40,6 @@ $SUDO packstack ${ADDITIONAL_ARGS} \
           --os-neutron-vpnaas-install=n \
           --os-sahara-install=y \
           --os-trove-install=y \
-          --keystone-token-format=UUID \
           --provision-uec-kernel-url="/tmp/cirros/cirros-0.3.5-x86_64-vmlinuz" \
           --provision-uec-ramdisk-url="/tmp/cirros/cirros-0.3.5-x86_64-initrd" \
           --provision-uec-disk-url="/tmp/cirros/cirros-0.3.5-x86_64-disk.img" \