Remove outdated authtoken options

Outdated Keystone authtoken options have been deprecated for a while (admin_*), removing them completely from manifests, providers and tests as a first step of moving puppet-neutron to keystone::resource::authtoken usage Depends-On: I3018932a106df562e94067e037b3bc862be97b51 Depends-On: Ic9e0302ce7350a49806e0c8dad1449b84dec8613 Change-Id: I51f05efa150fe7de13df02bfe19e50f49b3b7c0c Related-bug: #1604463
2016-08-04 12:15:12 +03:00 · 2016-08-04 12:15:12 +03:00 · 436b01f542
parent 433fd1d41c
commit 436b01f542
25 changed files with 56 additions and 251 deletions
--- a/lib/puppet/provider/neutron.rb
+++ b/lib/puppet/provider/neutron.rb
@ -29,7 +29,6 @@ class Puppet::Provider::Neutron < Puppet::Provider
  end

  def self.get_neutron_credentials
-    deprecated_auth_keys = ['admin_tenant_name', 'admin_user', 'admin_password', 'identity_uri']
    auth_keys = ['project_name', 'username', 'password', 'auth_url']
    conf = neutron_conf
    if conf and conf['keystone_authtoken'] and
@ -41,15 +40,6 @@ class Puppet::Provider::Neutron < Puppet::Provider
        creds['region_name'] = conf['keystone_authtoken']['region_name'].strip
      end
      return creds
-    elsif conf and conf['keystone_authtoken'] and
-        !conf['keystone_authtoken']['admin_password'].nil? and
-        deprecated_auth_keys.all?{|k| !conf['keystone_authtoken'][k].nil?}
-      creds = Hash[ deprecated_auth_keys.map \
-                   { |k| [k, conf['keystone_authtoken'][k].strip] } ]
-      if conf['DEFAULT'] and !conf['DEFAULT']['nova_region_name'].nil?
-        creds['nova_region_name'] = conf['DEFAULT']['nova_region_name'].strip
-      end
-      return creds
    else
      raise(Puppet::Error, "File: #{conf_filename} does not contain all \
 required sections.  Neutron types will not work if neutron is not \
@ -70,24 +60,13 @@ correctly configured.")

  def self.auth_neutron(*args)
    q = neutron_credentials
-    if q.key?('admin_password')
-      authenv = {
-        :OS_AUTH_URL    => q['identity_uri'],
-        :OS_USERNAME    => q['admin_user'],
-        :OS_TENANT_NAME => q['admin_tenant_name'],
-        :OS_PASSWORD    => q['admin_password']
-      }
-    else
-      authenv = {
-        :OS_AUTH_URL     => q['auth_url'],
-        :OS_USERNAME     => q['username'],
-        :OS_PROJECT_NAME => q['project_name'],
-        :OS_PASSWORD     => q['password']
-      }
-    end
-    if q.key?('nova_region_name')
-      authenv[:OS_REGION_NAME] = q['nova_region_name']
-    elsif q.key?('region_name')
+    authenv = {
+      :OS_AUTH_URL     => q['auth_url'],
+      :OS_USERNAME     => q['username'],
+      :OS_PROJECT_NAME => q['project_name'],
+      :OS_PASSWORD     => q['password']
+    }
+    if q.key?('region_name')
      authenv[:OS_REGION_NAME] = q['region_name']
    end
    rv = nil
--- a/manifests/server.pp
+++ b/manifests/server.pp
@ -256,42 +256,6 @@
 #
 # === Deprecated Parameters
 #
-# [*identity_uri*]
-#   Deprecated. Auth plugins based authentication should be used instead
-#   (optional) Complete admin Identity API endpoint.
-#   Defaults to: 'http://localhost:35357/'
-#
-# [*auth_region*]
-#   Deprecated. Auth plugins based authentication should be used instead
-#   (optional) The authentication region. Note this value is case-sensitive and
-#   must match the endpoint region defined in Keystone.
-#   Defaults to $::os_service_default
-#
-# [*auth_tenant*]
-#   Deprecated. Auth plugins based authentication should be used instead
-#   (optional) The tenant of the auth user
-#   Defaults to services
-#
-# [*auth_user*]
-#   Deprecated. Auth plugins based authentication should be used instead
-#   (optional) The name of the auth user
-#   Defaults to neutron
-#
-# [*auth_password*]
-#   Deprecated. Auth plugins based authentication should be used instead
-#   (optional) The password to use for authentication (keystone)
-#   Defaults to false. Set a value unless you are using noauth
-#
-# [*auth_plugin*]
-#   Deprecated. keystone_auth_type should be used instead
-#   An authentication plugin to use with an OpenStack Identity server.
-#   Defaults to $::os_service_plugin
-#
-# [*tenant_name*]
-#   Deprecated. project_name should be used instead
-#   The tenant of the auth user
-#   Defaults to $::os_service_plugin
-#
 # [*ensure_lbaas_package*]
 #   Deprecated. Ensures installation of LBaaS package.
 #   LBaaS agent should be installed from neutron::agents::lbaas.
@ -352,13 +316,6 @@ class neutron::server (
  $report_interval                  = undef,
  $state_path                       = undef,
  $lock_path                        = undef,
-  $auth_password                    = false,
-  $auth_region                      = $::os_service_default,
-  $auth_tenant                      = 'services',
-  $auth_user                        = 'neutron',
-  $identity_uri                     = 'http://localhost:35357/',
-  $auth_plugin                      = $::os_service_default,
-  $tenant_name                      = $::os_service_default,
  $ensure_lbaas_package             = false,
  $min_l3_agents_per_router         = undef,
 ) inherits ::neutron::params {
@ -488,83 +445,34 @@ class neutron::server (

  if ($auth_type == 'keystone') {

-    if ($auth_password == false) and ($password == false) {
-      fail('Either auth_password or password must be set when using keystone authentication.')
-    } elsif ($auth_password != false) and ($password != false) {
-      fail('auth_password and password must not be used together.')
-    } else {
-      neutron_config {
-        'keystone_authtoken/auth_uri':     value => $auth_uri;
-      }
-      neutron_api_config {
-        'filter:authtoken/auth_uri':     value => $auth_uri;
-      }
+    if $password == false {
+      fail('password must be set when using keystone authentication.')
    }

    neutron_config {
-      'keystone_authtoken/memcached_servers': value => join(any2array($memcached_servers), ',');
+      'keystone_authtoken/auth_type':           value => $keystone_auth_type;
+      'keystone_authtoken/auth_url':            value => $auth_url;
+      'keystone_authtoken/auth_uri':            value => $auth_uri;
+      'keystone_authtoken/username':            value => $username;
+      'keystone_authtoken/password':            value => $password, secret => true;
+      'keystone_authtoken/region_name':         value => $region_name;
+      'keystone_authtoken/project_domain_id':   value => $project_domain_id;
+      'keystone_authtoken/project_domain_name': value => $project_domain_name;
+      'keystone_authtoken/project_name':        value => $project_name;
+      'keystone_authtoken/user_domain_id':      value => $user_domain_id;
+      'keystone_authtoken/user_domain_name':    value => $user_domain_name;
+      'keystone_authtoken/memcached_servers':   value => join(any2array($memcached_servers), ',');
+      'keystone_authtoken/admin_tenant_name':   ensure => absent;
+      'keystone_authtoken/admin_user':          ensure => absent;
+      'keystone_authtoken/admin_password':      ensure => absent;
+      'keystone_authtoken/auth_region':         ensure => absent;
+      'keystone_authtoken/identity_uri':        ensure => absent;
    }
-
-    if $auth_password {
-
-      warning('identity_uri, auth_tenant, auth_user, auth_password, auth_region configuration options are deprecated in favor of auth_plugin and related options')
-      neutron_config {
-        'keystone_authtoken/admin_tenant_name': value => $auth_tenant;
-        'keystone_authtoken/admin_user':        value => $auth_user;
-        'keystone_authtoken/admin_password':    value => $auth_password, secret => true;
-        'keystone_authtoken/auth_region':       value => $auth_region;
-        'keystone_authtoken/identity_uri':      value => $identity_uri;
-      }
-
-      neutron_api_config {
-        'filter:authtoken/admin_tenant_name': value => $auth_tenant;
-        'filter:authtoken/admin_user':        value => $auth_user;
-        'filter:authtoken/admin_password':    value => $auth_password, secret => true;
-        'filter:authtoken/identity_uri':      value => $identity_uri;
-      }
-
-    } else {
-
-      if !is_service_default($tenant_name) {
-        warning('tenant_name configuration option is deprecated in favor of project_name')
-        $project_name_real = $tenant_name
-      } else {
-        $project_name_real = $project_name
-      }
-
-      neutron_config {
-        'keystone_authtoken/auth_url':            value => $auth_url;
-        'keystone_authtoken/username':            value => $username;
-        'keystone_authtoken/password':            value => $password, secret => true;
-        'keystone_authtoken/region_name':         value => $region_name;
-        'keystone_authtoken/project_domain_id':   value => $project_domain_id;
-        'keystone_authtoken/project_domain_name': value => $project_domain_name;
-        'keystone_authtoken/project_name':        value => $project_name_real;
-        'keystone_authtoken/user_domain_id':      value => $user_domain_id;
-        'keystone_authtoken/user_domain_name':    value => $user_domain_name;
-        'keystone_authtoken/admin_tenant_name':   ensure => absent;
-        'keystone_authtoken/admin_user':          ensure => absent;
-        'keystone_authtoken/admin_password':      ensure => absent;
-        'keystone_authtoken/auth_region':         ensure => absent;
-        'keystone_authtoken/identity_uri':        ensure => absent;
-      }
-      neutron_api_config {
-        'filter:authtoken/admin_tenant_name':   ensure => absent;
-        'filter:authtoken/admin_user':          ensure => absent;
-        'filter:authtoken/admin_password':      ensure => absent;
-        'filter:authtoken/identity_uri':        ensure => absent;
-      }
-
-      if ! is_service_default ($auth_plugin) and ($auth_plugin) {
-        warning('auth_plugin parameter is deprecated, keystone_auth_type should be used instead')
-        neutron_config {
-          'keystone_authtoken/auth_plugin': value => $auth_plugin;
-        }
-      } else {
-        neutron_config {
-          'keystone_authtoken/auth_type': value => $keystone_auth_type;
-        }
-      }
+    neutron_api_config {
+      'filter:authtoken/admin_tenant_name':   ensure => absent;
+      'filter:authtoken/admin_user':          ensure => absent;
+      'filter:authtoken/admin_password':      ensure => absent;
+      'filter:authtoken/identity_uri':        ensure => absent;
    }

  }
--- a/releasenotes/notes/remove_outdated_auth-2ecf8bdb729e48ef.yaml
+++ b/releasenotes/notes/remove_outdated_auth-2ecf8bdb729e48ef.yaml
@ -0,0 +1,3 @@
+---
+deprecations:
+  - Remove outdated auth options completely (admin_*)
--- a/spec/acceptance/basic_neutron_spec.rb
+++ b/spec/acceptance/basic_neutron_spec.rb
@ -55,8 +55,8 @@ describe 'basic neutron' do
      }
      class { '::neutron::server':
        database_connection => 'mysql+pymysql://neutron:a_big_secret@127.0.0.1/neutron?charset=utf8',
-        auth_password       => 'a_big_secret',
-        identity_uri        => 'http://127.0.0.1:35357/',
+        password            => 'a_big_secret',
+        auth_url            => 'http://127.0.0.1:35357/',
        sync_db             => true,
        service_providers   => [
          'LOADBALANCER:Haproxy:neutron_lbaas.services.loadbalancer.drivers.haproxy.plugin_driver.HaproxyOnHostPluginDriver:default',
--- a/spec/classes/neutron_keystone_auth_spec.rb
+++ b/spec/classes/neutron_keystone_auth_spec.rb
@ -42,7 +42,7 @@ describe 'neutron::keystone::auth' do

  describe 'when configuring neutron-server' do
    let :pre_condition do
-      "class { 'neutron::server': auth_password => 'test' }"
+      "class { 'neutron::server': password => 'test' }"
    end

    let :facts do
--- a/spec/classes/neutron_plugins_cisco_spec.rb
+++ b/spec/classes/neutron_plugins_cisco_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::cisco' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron': rabbit_password => 'passw0rd' }"
  end

--- a/spec/classes/neutron_plugins_midonet_spec.rb
+++ b/spec/classes/neutron_plugins_midonet_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::midonet' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password' }
+    "class { 'neutron::server': password => 'password' }
     class { 'neutron': rabbit_password => 'passw0rd' }
     package { 'python-networking-midonet': }"
  end
--- a/spec/classes/neutron_plugins_ml2_arista_l3_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_arista_l3_spec.rb
@ -22,7 +22,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::arista::l3' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_arista_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_arista_spec.rb
@ -22,7 +22,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::arista' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_bigswitch_restproxy_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::bigswitch::restproxy' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_bigswitch_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_bigswitch_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::bigswitch' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_cisco_nexus1000v_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_nexus1000v_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::cisco::nexus1000v' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_nexus_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::cisco::nexus' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_cisco_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::cisco' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_cisco_type_nexus_vxlan_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_type_nexus_vxlan_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::cisco::type_nexus_vxlan' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_cisco_ucsm_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_cisco_ucsm_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::cisco::ucsm' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_midonet_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_midonet_spec.rb
@ -7,7 +7,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::midonet' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_opendaylight_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::opendaylight' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_ml2_ovn_spec.rb
+++ b/spec/classes/neutron_plugins_ml2_ovn_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ml2::ovn' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password' }
+    "class { 'neutron::server': password => 'password' }
     class { 'neutron': rabbit_password => 'passw0rd' }"
  end

--- a/spec/classes/neutron_plugins_nuage_spec.rb
+++ b/spec/classes/neutron_plugins_nuage_spec.rb
@ -6,7 +6,7 @@ describe 'neutron::plugins::nuage' do
    "class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.nuage.plugin.NuagePlugin' }
-     class { 'neutron::server': auth_password => 'password' }"
+     class { 'neutron::server': password => 'password' }"
  end

  let :test_facts do
--- a/spec/classes/neutron_plugins_opencontrail_spec.rb
+++ b/spec/classes/neutron_plugins_opencontrail_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::opencontrail' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password' }
+    "class { 'neutron::server': password => 'password' }
     class { 'neutron': rabbit_password => 'passw0rd' }"
  end

--- a/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb
+++ b/spec/classes/neutron_plugins_ovs_opendaylight_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::ovs::opendaylight' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password'}
+    "class { 'neutron::server': password => 'password'}
     class { 'neutron':
      rabbit_password => 'passw0rd',
      core_plugin     => 'neutron.plugins.ml2.plugin.Ml2Plugin' }"
--- a/spec/classes/neutron_plugins_plumgrid_spec.rb
+++ b/spec/classes/neutron_plugins_plumgrid_spec.rb
@ -3,7 +3,7 @@ require 'spec_helper'
 describe 'neutron::plugins::plumgrid' do

  let :pre_condition do
-    "class { 'neutron::server': auth_password => 'password' }
+    "class { 'neutron::server': password => 'password' }
     class { 'neutron': rabbit_password => 'passw0rd' }"
  end

--- a/spec/classes/neutron_server_spec.rb
+++ b/spec/classes/neutron_server_spec.rb
@ -197,16 +197,6 @@ describe 'neutron::server' do
      end
    end

-    context 'with deprecated auth_plugin parameter' do
-      before :each do
-        params.merge!(:auth_plugin => 'v2password')
-      end
-      it 'should configure auth_plugin' do
-        is_expected.to contain_neutron_config('keystone_authtoken/auth_plugin').with_value('v2password')
-        is_expected.not_to contain_neutron_config('keystone_authtoken/auth_type')
-      end
-    end
-
    context 'with a bad dhcp_load_type value' do
      before :each do
        params.merge!(:dhcp_load_type => 'badvalue')
@ -252,46 +242,7 @@ describe 'neutron::server' do
    before do
      params.delete(:password)
    end
-    it_raises 'a Puppet::Error', /Either auth_password or password must be set when using keystone authentication/
-  end
-
-  shared_examples_for 'a neutron server with incompatible authentication params' do
-    before do
-      params.merge!(
-        :auth_password => "passw0rd"
-      )
-    end
-    it_raises 'a Puppet::Error', /auth_password and password must not be used together/
-  end
-
-  shared_examples_for 'a neutron server with deprecated authentication params' do
-    before do
-      params.merge!(
-        :auth_user     => "neutron",
-        :auth_password => "passw0rd",
-        :auth_tenant   => "services",
-        :auth_region   => "MyRegion",
-        :identity_uri  => "https://foo.bar:5000/"
-      )
-      params.delete(:password)
-    end
-    it 'configures authentication middleware' do
-      is_expected.to contain_neutron_api_config('filter:authtoken/admin_tenant_name').with_value('services');
-      is_expected.to contain_neutron_api_config('filter:authtoken/admin_user').with_value('neutron');
-      is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_value('passw0rd');
-      is_expected.to contain_neutron_api_config('filter:authtoken/admin_password').with_secret( true )
-      is_expected.to contain_neutron_api_config('filter:authtoken/identity_uri').with_value('https://foo.bar:5000/');
-      is_expected.to contain_neutron_config('keystone_authtoken/admin_tenant_name').with_value('services');
-      is_expected.to contain_neutron_config('keystone_authtoken/admin_user').with_value('neutron');
-      is_expected.to contain_neutron_config('keystone_authtoken/admin_password').with_value('passw0rd');
-      is_expected.to contain_neutron_config('keystone_authtoken/admin_password').with_secret( true )
-      is_expected.to contain_neutron_config('keystone_authtoken/identity_uri').with_value('https://foo.bar:5000/');
-      is_expected.to contain_neutron_config('keystone_authtoken/auth_region').with_value('MyRegion');
-      is_expected.not_to contain_neutron_config('keystone_authtoken/project_name');
-      is_expected.not_to contain_neutron_config('keystone_authtoken/username');
-      is_expected.not_to contain_neutron_config('keystone_authtoken/password');
-      is_expected.not_to contain_neutron_config('keystone_authtoken/auth_url');
-    end
+    it_raises 'a Puppet::Error', /password must be set when using keystone authentication/
  end

  shared_examples_for 'VPNaaS, FWaaS and LBaaS package installation' do
@ -395,8 +346,6 @@ describe 'neutron::server' do

    it_configures 'a neutron server'
    it_configures 'a neutron server with broken authentication'
-    it_configures 'a neutron server with incompatible authentication params'
-    it_configures 'a neutron server with deprecated authentication params'
    it_configures 'a neutron server without database synchronization'
  end

@ -415,8 +364,6 @@ describe 'neutron::server' do

    it_configures 'a neutron server'
    it_configures 'a neutron server with broken authentication'
-    it_configures 'a neutron server with incompatible authentication params'
-    it_configures 'a neutron server with deprecated authentication params'
    it_configures 'a neutron server without database synchronization'
  end
 end
--- a/spec/unit/provider/neutron_spec.rb
+++ b/spec/unit/provider/neutron_spec.rb
@ -18,16 +18,6 @@ describe Puppet::Provider::Neutron do
    }
  end

-  let :deprecated_credential_hash do
-    {
-      'admin_tenant_name' => 'new_tenant',
-      'admin_user'        => 'new_user',
-      'admin_password'    => 'new_password',
-      'identity_uri'      => 'https://192.168.56.210:35357/v2.0',
-      'nova_region_name'  => 'NEW_REGION',
-    }
-  end
-
  let :credential_error do
    /Neutron types will not work/
  end
@ -66,15 +56,6 @@ describe Puppet::Provider::Neutron do
      end.to raise_error(Puppet::Error, credential_error)
    end

-    it 'should find region_name if specified' do
-      conf = {
-        'keystone_authtoken' => credential_hash,
-        'DEFAULT' => { 'nova_region_name' => 'REGION_NAME' }
-      }
-      klass.expects(:neutron_conf).returns(conf)
-      klass.neutron_credentials['nova_region_name'] == 'REGION_NAME'
-    end
-
  end

  describe 'when invoking the neutron cli' do
@ -91,19 +72,6 @@ describe Puppet::Provider::Neutron do
      klass.auth_neutron('test_retries')
    end

-    it 'should set deprecated auth credentials in the environment' do
-      authenv = {
-        :OS_AUTH_URL    => deprecated_credential_hash['identity_uri'],
-        :OS_USERNAME    => deprecated_credential_hash['admin_user'],
-        :OS_TENANT_NAME => deprecated_credential_hash['admin_tenant_name'],
-        :OS_PASSWORD    => deprecated_credential_hash['admin_password'],
-        :OS_REGION_NAME => 'NEW_REGION',
-      }
-      klass.expects(:get_neutron_credentials).with().returns(deprecated_credential_hash)
-      klass.expects(:withenv).with(authenv)
-      klass.auth_neutron('test_retries')
-    end
-
    it 'should set region in the environment if needed' do
      authenv = {
        :OS_AUTH_URL     => credential_hash['auth_url'],