Remove deprecated pki related options

The deprecated pki related options check_revocations_for_cached and hash_algorithms option has been removed. Change-Id: I3e592a880f9c20a55abb6c8807ba9f111175deef
2019-08-15 11:51:37 +08:00 · 2019-08-15 11:51:37 +08:00 · 3c1fcfd2dc
parent eed5498144
commit 3c1fcfd2dc
3 changed files with 5 additions and 60 deletions
--- a/manifests/api/authtoken.pp
+++ b/manifests/api/authtoken.pp
@ -178,25 +178,6 @@
 #   a future release and should be enabled if possible.
 #   Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to undef.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to undef.
-#
 class ironic::api::authtoken(
  $username                       = 'ironic',
  $password                       = $::os_service_default,
@ -232,9 +213,6 @@ class ironic::api::authtoken(
  $token_cache_time               = $::os_service_default,
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {

  include ::ironic::deps
@ -243,14 +221,6 @@ class ironic::api::authtoken(
    fail('Please set password for Ironic API service user')
  }

-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
  keystone::resource::authtoken { 'ironic_config':
    username                       => $username,
    password                       => $password,
--- a/manifests/inspector/authtoken.pp
+++ b/manifests/inspector/authtoken.pp
@ -177,25 +177,6 @@
 #   true/false
 #   Defaults to $::os_service_default.
 #
-# DEPRECATED PARAMETERS
-#
-# [*check_revocations_for_cached*]
-#   (Optional) If true, the revocation list will be checked for cached tokens.
-#   This requires that PKI tokens are configured on the identity server.
-#   boolean value.
-#   Defaults to undef.
-#
-# [*hash_algorithms*]
-#   (Optional) Hash algorithms to use for hashing PKI tokens. This may be a
-#   single algorithm or multiple. The algorithms are those supported by Python
-#   standard hashlib.new(). The hashes will be tried in the order given, so put
-#   the preferred one first for performance. The result of the first hash will
-#   be stored in the cache. This will typically be set to multiple values only
-#   while migrating from a less secure algorithm to a more secure one. Once all
-#   the old tokens are expired this option should be set to a single value for
-#   better performance. List value.
-#   Defaults to undef.
-#
 class ironic::inspector::authtoken(
  $username                       = 'ironic',
  $password                       = $::os_service_default,
@ -231,9 +212,6 @@ class ironic::inspector::authtoken(
  $token_cache_time               = $::os_service_default,
  $service_token_roles            = $::os_service_default,
  $service_token_roles_required   = $::os_service_default,
-  # DEPRECATED PARAMETERS
-  $check_revocations_for_cached   = undef,
-  $hash_algorithms                = undef,
 ) {

  include ::ironic::deps
@ -242,14 +220,6 @@ class ironic::inspector::authtoken(
    fail('Please set password for Ironic Inspector service user')
  }

-  if $check_revocations_for_cached {
-    warning('check_revocations_for_cached parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
-  if $hash_algorithms {
-    warning('hash_algorithms parameter is deprecated, has no effect and will be removed in the future.')
-  }
-
  keystone::resource::authtoken { 'ironic_inspector_config':
    username                       => $username,
    password                       => $password,
--- a/releasenotes/notes/remove_deprecated_pki_related_options-84e2b4658d012b1b.yaml
+++ b/releasenotes/notes/remove_deprecated_pki_related_options-84e2b4658d012b1b.yaml
@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The deprecated pki related options check_revocations_for_cached and
+    hash_algorithms option has been removed.