Remove deprecated authentication options for accessing ironic

Depends-On: https://review.opendev.org/666250
Change-Id: I9326c8cf4c9732d9098a45cecdbee467f66d0449

ironic_inspector/common/ironic.py

@@ -112,42 +112,26 @@ def get_client(token=None,
     """Get Ironic client instance."""
     global IRONIC_SESSION
 
-    # NOTE: To support standalone ironic without keystone
-    # TODO(pas-ha) remove handling of deprecated opts in Rocky
-    # TODO(pas-ha) rewrite when ironicclient natively supports 'none' auth
-    # via sessions https://review.openstack.org/#/c/359061/
-    if CONF.ironic.auth_strategy == 'noauth':
-        CONF.set_override('auth_type', 'none', group='ironic')
-
     if not IRONIC_SESSION:
         IRONIC_SESSION = keystone.get_session('ironic')
 
     args = {
+        'session': IRONIC_SESSION,
         'os_ironic_api_version': api_version,
         'max_retries': CONF.ironic.max_retries,
-        'retry_interval': CONF.ironic.retry_interval}
+        'retry_interval': CONF.ironic.retry_interval
+    }
 
-    adapter_opts = dict()
+    if token is not None:
+        args['token'] = token
 
-    # TODO(pas-ha) use service auth with incoming token
-    if CONF.ironic.auth_type != 'none':
-        if token is None:
-            args['session'] = IRONIC_SESSION
-        else:
-            args['token'] = token
-
-    # TODO(pas-ha): remove handling of deprecated options in Rocky
-    if CONF.ironic.os_region and not CONF.ironic.region_name:
-        adapter_opts['region_name'] = CONF.ironic.os_region
-    if (CONF.ironic.auth_type == 'none' and
-            not CONF.ironic.endpoint_override and
-            CONF.ironic.ironic_url):
-        adapter_opts['endpoint_override'] = CONF.ironic.ironic_url
-
-    adapter = keystone.get_adapter('ironic', session=IRONIC_SESSION,
-                                   **adapter_opts)
-    endpoint = adapter.get_endpoint()
-    return client.Client(1, endpoint, **args)
+    endpoint = keystone.get_adapter('ironic',
+                                    session=IRONIC_SESSION).get_endpoint()
+    if not endpoint:
+        raise utils.Error(
+            _('Cannot find the bare metal endpoint either in Keystone or '
+              'in the configuration'), code=500)
+    return client.get_client(1, endpoint=endpoint, **args)
 
 
 def check_provision_state(node):

ironic_inspector/conf/ironic.py

@@ -22,41 +22,6 @@ SERVICE_TYPE = 'baremetal'
 
 
 _OPTS = [
-    cfg.StrOpt('os_region',
-               help=_('Keystone region used to get Ironic endpoints.'),
-               deprecated_for_removal=True,
-               deprecated_reason=_("Use [ironic]/region_name option instead "
-                                   "to configure region.")),
-    cfg.StrOpt('auth_strategy',
-               default='keystone',
-               choices=('keystone', 'noauth'),
-               help=_('Method to use for authentication: noauth or '
-                      'keystone.'),
-               deprecated_for_removal=True,
-               deprecated_reason=_("Use [ironic]/auth_type, for noauth case "
-                                   "set [ironic]/auth_type to `none` and "
-                                   "specify ironic API URL via "
-                                   "[ironic]/endpoint_override option.")),
-    cfg.StrOpt('ironic_url',
-               default='http://localhost:6385/',
-               help=_('Ironic API URL, used to set Ironic API URL when '
-                      'auth_strategy option is noauth or auth_type is "none" '
-                      'to work with standalone Ironic without keystone.'),
-               deprecated_for_removal=True,
-               deprecated_reason=_('Use [ironic]/endpoint_override option '
-                                   'to set a specific ironic API url.')),
-    cfg.StrOpt('os_service_type',
-               default='baremetal',
-               help=_('Ironic service type.'),
-               deprecated_for_removal=True,
-               deprecated_reason=_('Use [ironic]/service_type option '
-                                   'to set a specific type.')),
-    cfg.StrOpt('os_endpoint_type',
-               default='internalURL',
-               help=_('Ironic endpoint type.'),
-               deprecated_for_removal=True,
-               deprecated_reason=_('Use [ironic]/valid_interfaces option '
-                                   'to specify endpoint interfaces.')),
     cfg.IntOpt('retry_interval',
                default=2,
                help=_('Interval between retries in case of conflict error '

ironic_inspector/test/unit/test_common_ironic.py

@@ -32,24 +32,19 @@ class TestGetClientBase(object):
     def test_get_client_with_auth_token(self, mock_client, mock_load,
                                         mock_opts, mock_adapter):
         fake_token = 'token'
-        fake_ironic_url = 'http://127.0.0.1:6385'
         mock_sess = mock.Mock()
-        mock_adapter.return_value.get_endpoint.return_value = fake_ironic_url
         mock_load.return_value = mock_sess
         ir_utils.get_client(fake_token)
-        mock_adapter.assert_called_once_with(
-            'ironic', region_name='somewhere', session=mock_sess)
-        mock_adapter.return_value.get_endpoint.assert_called_once_with()
         args = {'token': fake_token,
+                'session': mock_sess,
                 'os_ironic_api_version': ir_utils.DEFAULT_IRONIC_API_VERSION,
                 'max_retries': CONF.ironic.max_retries,
                 'retry_interval': CONF.ironic.retry_interval}
-        mock_client.assert_called_once_with(1, fake_ironic_url, **args)
+        endpoint = mock_adapter.return_value.get_endpoint.return_value
+        mock_client.assert_called_once_with(1, endpoint=endpoint, **args)
 
     def test_get_client_without_auth_token(self, mock_client, mock_load,
                                            mock_opts, mock_adapter):
-        fake_ironic_url = 'http://127.0.0.1:6385'
-        mock_adapter.return_value.get_endpoint.return_value = fake_ironic_url
         mock_sess = mock.Mock()
         mock_load.return_value = mock_sess
         ir_utils.get_client(None)
@@ -57,32 +52,31 @@ class TestGetClientBase(object):
                 'os_ironic_api_version': ir_utils.DEFAULT_IRONIC_API_VERSION,
                 'max_retries': CONF.ironic.max_retries,
                 'retry_interval': CONF.ironic.retry_interval}
-        mock_client.assert_called_once_with(1, fake_ironic_url, **args)
+        endpoint = mock_adapter.return_value.get_endpoint.return_value
+        mock_client.assert_called_once_with(1, endpoint=endpoint, **args)
 
 
 @mock.patch.object(keystone, 'get_adapter')
 @mock.patch.object(keystone, 'register_auth_opts')
 @mock.patch.object(keystone, 'get_session')
-@mock.patch.object(client, 'Client')
+@mock.patch.object(client, 'get_client', autospec=True)
 class TestGetClientAuth(TestGetClientBase, base.BaseTest):
     def setUp(self):
         super(TestGetClientAuth, self).setUp()
         ir_utils.reset_ironic_session()
         self.cfg.config(auth_strategy='keystone')
-        self.cfg.config(os_region='somewhere', group='ironic')
         self.addCleanup(ir_utils.reset_ironic_session)
 
 
 @mock.patch.object(keystone, 'get_adapter')
 @mock.patch.object(keystone, 'register_auth_opts')
 @mock.patch.object(keystone, 'get_session')
-@mock.patch.object(client, 'Client')
+@mock.patch.object(client, 'get_client', autospec=True)
 class TestGetClientNoAuth(TestGetClientBase, base.BaseTest):
     def setUp(self):
         super(TestGetClientNoAuth, self).setUp()
         ir_utils.reset_ironic_session()
         self.cfg.config(auth_strategy='noauth')
-        self.cfg.config(os_region='somewhere', group='ironic')
         self.addCleanup(ir_utils.reset_ironic_session)
 
 

releasenotes/notes/deprecated-ironic-1751ceec6295917d.yaml

@@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    The deprecated options from the ``ironic`` section ``os_region``,
+    ``auth_strategy``, ``ironic_url``, ``os_service_type`` and
+    ``os_endpoint_type`` have been removed. Please use **keystoneauth**
+    options instead.