diff --git a/docs/packstack.rst b/docs/packstack.rst index d34e1b8b5..1bb11e9c9 100755 --- a/docs/packstack.rst +++ b/docs/packstack.rst @@ -392,15 +392,6 @@ Keystone LDAP Identity Backend Config parameters **CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE** Identity service LDAP attribute mapped to default_project_id for users. -**CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE** - Specify 'y' if you want to be able to create Identity service users through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y'] - -**CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE** - Specify 'y' if you want to be able to update Identity service users through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y'] - -**CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE** - Specify 'y' if you want to be able to delete Identity service users through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y'] - **CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE** Identity service LDAP attribute mapped to password. @@ -434,15 +425,6 @@ Keystone LDAP Identity Backend Config parameters **CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE** Comma-separated list of attributes stripped from LDAP group entry upon update. -**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE** - Specify 'y' if you want to be able to create Identity service groups through the Identity service interface; specify 'n' if you will create directly in the LDAP backend. ['n', 'y'] - -**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE** - Specify 'y' if you want to be able to update Identity service groups through the Identity service interface; specify 'n' if you will update directly in the LDAP backend. ['n', 'y'] - -**CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE** - Specify 'y' if you want to be able to delete Identity service groups through the Identity service interface; specify 'n' if you will delete directly in the LDAP backend. ['n', 'y'] - **CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING** List of additional LDAP attributes used for mapping additional attribute mappings for groups. The attribute=mapping format is :, where ldap_attr is the attribute in the LDAP entry and group_attr is the Identity API attribute. diff --git a/packstack/plugins/keystone_100.py b/packstack/plugins/keystone_100.py index 861fb8754..cb376581a 100644 --- a/packstack/plugins/keystone_100.py +++ b/packstack/plugins/keystone_100.py @@ -384,48 +384,6 @@ def initConfig(controller): "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "keystone-ldap-user-allow-create", - "PROMPT": ( - "Do you want to allow user create through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - - {"CMD_OPTION": "keystone-ldap-user-allow-update", - "PROMPT": ( - "Do you want to allow user update through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - - {"CMD_OPTION": "keystone-ldap-user-allow-delete", - "PROMPT": ( - "Do you want to allow user delete through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "keystone-ldap-user-pass-attribute", "PROMPT": "Enter the Keystone LDAP user password attribute.", "OPTION_LIST": [], @@ -564,48 +522,6 @@ def initConfig(controller): "NEED_CONFIRM": False, "CONDITION": False}, - {"CMD_OPTION": "keystone-ldap-group-allow-create", - "PROMPT": ( - "Do you want to allow group create through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - - {"CMD_OPTION": "keystone-ldap-group-allow-update", - "PROMPT": ( - "Do you want to allow group update through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - - {"CMD_OPTION": "keystone-ldap-group-allow-delete", - "PROMPT": ( - "Do you want to allow group delete through Keystone (n or y)." - ), - "OPTION_LIST": ['n', 'y'], - "VALIDATORS": [validators.validate_options], - "DEFAULT_VALUE": 'n', - "MASK_INPUT": False, - "LOOSE_VALIDATION": False, - "CONF_NAME": 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', - "USE_DEFAULT": False, - "NEED_CONFIRM": False, - "CONDITION": False}, - {"CMD_OPTION": "keystone-ldap-group-additional-attribute-mapping", "PROMPT": ( "Enter the comma separated Keystone LDAP group additional " @@ -723,12 +639,6 @@ def munge_ldap_config_params(config, messages): def is_bool(keyname): return keyname in ( 'CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', - 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', - 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', - 'CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', - 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', - 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', - 'CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', 'CONFIG_KEYSTONE_LDAP_USE_TLS' ) diff --git a/packstack/puppet/modules/packstack/manifests/keystone.pp b/packstack/puppet/modules/packstack/manifests/keystone.pp index b5b573e62..fc52c216b 100644 --- a/packstack/puppet/modules/packstack/manifests/keystone.pp +++ b/packstack/puppet/modules/packstack/manifests/keystone.pp @@ -88,9 +88,6 @@ class packstack::keystone () user_enabled_invert => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_INVERT', undef), user_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ATTRIBUTE_IGNORE', undef), user_default_project_id_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_DEFAULT_PROJECT_ID_ATTRIBUTE', undef), - user_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_CREATE', undef), - user_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_UPDATE', undef), - user_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ALLOW_DELETE', undef), user_pass_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_PASS_ATTRIBUTE', undef), user_enabled_emulation => $user_enabled_emulation, user_enabled_emulation_dn => hiera_undef('CONFIG_KEYSTONE_LDAP_USER_ENABLED_EMULATION_DN', undef), @@ -103,9 +100,6 @@ class packstack::keystone () group_member_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_MEMBER_ATTRIBUTE', undef), group_desc_attribute => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_DESC_ATTRIBUTE', undef), group_attribute_ignore => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ATTRIBUTE_IGNORE', undef), - group_allow_create => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_CREATE', undef), - group_allow_update => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_UPDATE', undef), - group_allow_delete => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_DELETE', undef), group_additional_attribute_mapping => hiera_undef('CONFIG_KEYSTONE_LDAP_GROUP_ADDITIONAL_ATTRIBUTE_MAPPING', undef), use_tls => hiera_undef('CONFIG_KEYSTONE_LDAP_USE_TLS', undef), tls_cacertdir => hiera_undef('CONFIG_KEYSTONE_LDAP_TLS_CACERTDIR', undef), diff --git a/releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml b/releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml new file mode 100644 index 000000000..d4d7f5ac3 --- /dev/null +++ b/releasenotes/notes/Remove-deprecated-keystone-ldap-params-848d0eaf7a24273e.yaml @@ -0,0 +1,8 @@ +--- +deprecations: + - | + The CONFIG_KEYSTONE_LDAP_USER_ALLOW_* and + CONFIG_KEYSTONE_LDAP_GROUP_ALLOW_* parameters have been removed from the + answer file. Their corresponding options were removed from Keystone long + ago, and they are no longer valid in puppet-keystone since the Rocky + release.