Deprecate parameters for certificate plugins

... because certificate plugins were deprecated some time ago in
Barbican and are being removed in this cycle.

Depends-on: https://review.opendev.org/c/openstack/barbican/+/909640
Change-Id: Ie2dacb037a3d5ba8f1732ddb8f4b8ea8ded1e5ed

manifests/api.pp

@@ -157,15 +157,6 @@
 #   are defined in a list eg. ['simple_crypto','p11_crypto']
 #   Defaults to false
 #
-# [*enabled_certificate_plugins*]
-#   (optional) Enabled certificate plugins as a list.
-#   e.g. ['snakeoil_ca', 'dogtag']
-#   Defaults to $facts['os_service_default']
-#
-# [*enabled_certificate_event_plugins*]
-#   (optional) Enabled certificate event plugins as a list
-#   Defaults to $facts['os_service_default']
-#
 # [*kombu_ssl_ca_certs*]
 #   (optional) SSL certification authority file (valid only if SSL enabled).
 #   Defaults to $facts['os_service_default']
@@ -248,6 +239,16 @@
 #   (Optional) Default page size for the 'limit' paging URL parameter.
 #   Defaults to $facts['os_service_default']
 #
+# DEPRECATED PARAMETERS
+#
+# [*enabled_certificate_plugins*]
+#   (optional) Enabled certificate plugins as a list.
+#   Defaults to undef
+#
+# [*enabled_certificate_event_plugins*]
+#   (optional) Enabled certificate event plugins as a list
+#   Defaults to undef
+#
 class barbican::api (
   $package_ensure                                = 'present',
   $bind_host                                     = '0.0.0.0',
@@ -280,8 +281,6 @@ class barbican::api (
   $enabled_crypto_plugins                        = $facts['os_service_default'],
   $enabled_secret_stores                         = 'simple_crypto',
   Boolean $multiple_secret_stores_enabled        = false,
-  $enabled_certificate_plugins                   = $facts['os_service_default'],
-  $enabled_certificate_event_plugins             = $facts['os_service_default'],
   $kombu_ssl_ca_certs                            = $facts['os_service_default'],
   $kombu_ssl_certfile                            = $facts['os_service_default'],
   $kombu_ssl_keyfile                             = $facts['os_service_default'],
@@ -299,6 +298,9 @@ class barbican::api (
   $max_request_body_size                         = $facts['os_service_default'],
   $max_limit_paging                              = $facts['os_service_default'],
   $default_limit_paging                          = $facts['os_service_default'],
+  # DEPRECATED PARAMETERS
+  $enabled_certificate_plugins                   = undef,
+  $enabled_certificate_event_plugins             = undef,
 ) inherits barbican::params {
 
   include barbican::deps
@@ -306,6 +308,12 @@ class barbican::api (
   include barbican::client
   include barbican::policy
 
+  ['enabled_certificate_plugins', 'enabled_certificate_event_plugins'].each |String $opt| {
+    if getvar($opt) != undef {
+      warning("The ${opt} parameter has been deprecated and has no effect.")
+    }
+  }
+
   package { 'barbican-api':
     ensure => $package_ensure,
     name   => $::barbican::params::api_package_name,
@@ -381,8 +389,12 @@ class barbican::api (
   barbican_config {
     'secretstore/enabled_secretstore_plugins': value => $enabled_secretstore_plugins;
     'crypto/enabled_crypto_plugins':           value => $enabled_crypto_plugins;
-    'certificate/enabled_certificate_plugins':             value => $enabled_certificate_plugins;
+  }
-    'certificate_event/enabled_certificate_event_plugins': value => $enabled_certificate_event_plugins;
+
+  # TODO(tkajinam): Remove this after 2024.1 release
+  barbican_config {
+    'certificate/enabled_certificate_plugins':             ensure => absent;
+    'certificate_event/enabled_certificate_event_plugins': ensure => absent;
   }
 
   # enabled plugins when multiple plugins is enabled

manifests/plugins/dogtag.pp

@@ -27,6 +27,12 @@
 #   (optional) Path to plugin NSS DB
 #   Defaults to $facts['os_service_default']
 #
+# [*global_default*]
+#   (optional) set plugin as global default
+#   Defaults to false
+#
+# DEPRECATED PARAMETERS
+#
 # [*dogtag_plugin_simple_cmc_profile*]
 #   (optional) Profile for simple CMC enrollment.
 #   Defaults to $facts['os_service_default']
@@ -39,10 +45,6 @@
 #   (optional) Working directory for Dogtag plugin
 #   Defaults to $facts['os_service_default']
 #
-# [*global_default*]
-#   (optional) set plugin as global default
-#   Defaults to false
-#
 class barbican::plugins::dogtag (
   $dogtag_plugin_nss_password,
   $dogtag_plugin_ensure_package     = 'present',
@@ -50,15 +52,24 @@ class barbican::plugins::dogtag (
   $dogtag_plugin_dogtag_host        = $facts['os_service_default'],
   $dogtag_plugin_dogtag_port        = $facts['os_service_default'],
   $dogtag_plugin_nss_db_path        = $facts['os_service_default'],
-  $dogtag_plugin_simple_cmc_profile = $facts['os_service_default'],
-  $dogtag_plugin_ca_expiration_time = $facts['os_service_default'],
-  $dogtag_plugin_plugin_working_dir = $facts['os_service_default'],
   $global_default                   = false,
+  # DEPRECATED PARAMETERS
+  $dogtag_plugin_simple_cmc_profile = undef,
+  $dogtag_plugin_ca_expiration_time = undef,
+  $dogtag_plugin_plugin_working_dir = undef,
 ) {
 
   include barbican::deps
   include barbican::params
 
+  [
+    'simple_cmc_profile', 'ca_expiration_time', 'plugin_working_dir'
+  ].each |String $opt| {
+    if getvar("dogtag_plugin_${opt}") != undef {
+      warning("The dogtag_plugin_${opt} parameter has been deprecated and has no effect")
+    }
+  }
+
   package {'dogtag-client':
     ensure => $dogtag_plugin_ensure_package,
     name   => $::barbican::params::dogtag_client_package,
@@ -76,8 +87,12 @@ class barbican::plugins::dogtag (
     'dogtag_plugin/dogtag_port':  value => $dogtag_plugin_dogtag_port;
     'dogtag_plugin/nss_db_path':  value => $dogtag_plugin_nss_db_path;
     'dogtag_plugin/nss_password': value => $dogtag_plugin_nss_password, secret => true;
-    'dogtag_plugin/simple_cmc_profile': value => $dogtag_plugin_simple_cmc_profile;
+  }
-    'dogtag_plugin/ca_expiration_time': value => $dogtag_plugin_ca_expiration_time;
+
-    'dogtag_plugin/plugin_working_dir': value => $dogtag_plugin_plugin_working_dir;
+  # TODO(tkajinam): Remove this after 2024.1 release
+  barbican_config {
+    'dogtag_plugin/simple_cmc_profile': ensure => absent;
+    'dogtag_plugin/ca_expiration_time': ensure => absent;
+    'dogtag_plugin/plugin_working_dir': ensure => absent;
   }
 }

releasenotes/notes/deprecate-certificate-plugin-opts-cfecb5a4692fa7fc.yaml

@@ -0,0 +1,11 @@
+---
+deprecations:
+  - |
+    The following parameters have been deprecated and have no effect now,
+    because certificate plugins have beeen removed from barbican.
+
+    - ``barbican::api::enabled_certificate_plugins``
+    - ``barbican::api::enabled_certificate_event_plugins``
+    - ``barbican::plugins::dogtag::dogtag_plugin_simple_cmc_profile``
+    - ``barbican::plugins::dogtag::dogtag_plugin_ca_expiration_time``
+    - ``barbican::plugins::dogtag::dogtag_plugin_plugin_working_dir``

spec/classes/barbican_api_spec.rb

@@ -59,8 +59,6 @@ describe 'barbican::api' do
         :enabled                                       => true,
         :enabled_secretstore_plugins                   => ['<SERVICE DEFAULT>'],
         :enabled_crypto_plugins                        => ['<SERVICE DEFAULT>'],
-        :enabled_certificate_plugins                   => ['<SERVICE DEFAULT>'],
-        :enabled_certificate_event_plugins             => ['<SERVICE DEFAULT>'],
         :auth_strategy                                 => 'keystone',
         :service_name                                  => platform_params[:service_name],
         :enable_proxy_headers_parsing                  => '<SERVICE DEFAULT>',
@@ -107,8 +105,6 @@ describe 'barbican::api' do
         :kombu_compression                             => 'gzip',
         :enabled_secretstore_plugins                   => ['dogtag_crypto', 'store_crypto', 'kmip'],
         :enabled_crypto_plugins                        => ['simple_crypto'],
-        :enabled_certificate_plugins                   => ['simple_certificate', 'dogtag'],
-        :enabled_certificate_event_plugins             => ['simple_certificate_event', 'foo_event'],
         :max_allowed_secret_in_bytes                   => 20000,
         :max_allowed_request_size_in_bytes             => 2000000,
         :enable_proxy_headers_parsing                  => false,
@@ -195,10 +191,6 @@ describe 'barbican::api' do
             .with_value(param_hash[:enabled_secretstore_plugins])
           is_expected.to contain_barbican_config('crypto/enabled_crypto_plugins') \
             .with_value(param_hash[:enabled_crypto_plugins])
-          is_expected.to contain_barbican_config('certificate/enabled_certificate_plugins') \
-            .with_value(param_hash[:enabled_certificate_plugins])
-          is_expected.to contain_barbican_config('certificate_event/enabled_certificate_event_plugins') \
-            .with_value(param_hash[:enabled_certificate_event_plugins])
         end
 
         it 'configures plugins in multiple plugin config' do

spec/classes/barbican_plugins_dogtag_spec.rb

@@ -27,9 +27,6 @@ describe 'barbican::plugins::dogtag' do
       :dogtag_plugin_dogtag_host    => '<SERVICE DEFAULT>',
       :dogtag_plugin_dogtag_port    => '<SERVICE DEFAULT>',
       :dogtag_plugin_nss_db_path    => '<SERVICE DEFAULT>',
-      :dogtag_plugin_simple_cmc_profile => '<SERVICE DEFAULT>',
-      :dogtag_plugin_ca_expiration_time => '<SERVICE DEFAULT>',
-      :dogtag_plugin_plugin_working_dir => '<SERVICE DEFAULT>',
       :global_default               => false,
     }
   end
@@ -44,9 +41,6 @@ describe 'barbican::plugins::dogtag' do
        :dogtag_plugin_dogtag_port  => '1234',
        :dogtag_plugin_nss_db_path  => 'path_to_nss_db',
        :dogtag_plugin_nss_password => 'password',
-       :dogtag_plugin_simple_cmc_profile => 'caServerCert',
-       :dogtag_plugin_ca_expiration_time => '100',
-       :dogtag_plugin_plugin_working_dir => 'path_to_working_dir',
        :global_default             => true,
       }
     ].each do |param_set|
@@ -71,9 +65,6 @@ describe 'barbican::plugins::dogtag' do
           should contain_barbican_config('dogtag_plugin/dogtag_port').with_value(param_hash[:dogtag_plugin_dogtag_port])
           should contain_barbican_config('dogtag_plugin/nss_db_path').with_value(param_hash[:dogtag_plugin_nss_db_path])
           should contain_barbican_config('dogtag_plugin/nss_password').with_value(param_hash[:dogtag_plugin_nss_password]).with_secret(true)
-          should contain_barbican_config('dogtag_plugin/simple_cmc_profile').with_value(param_hash[:dogtag_plugin_simple_cmc_profile])
-          should contain_barbican_config('dogtag_plugin/ca_expiration_time').with_value(param_hash[:dogtag_plugin_ca_expiration_time])
-          should contain_barbican_config('dogtag_plugin/plugin_working_dir').with_value(param_hash[:dogtag_plugin_plugin_working_dir])
           should contain_barbican_config('secretstore:dogtag/secret_store_plugin').with_value('dogtag_crypto')
           should contain_barbican_config('secretstore:dogtag/global_default').with_value(param_hash[:global_default])
         }