From f2c7a86cfa3f9f460e902a7a6b3e087e1b0f3805 Mon Sep 17 00:00:00 2001
From: Takashi Kajinami <kajinamit@oss.nttdata.com>
Date: Tue, 17 Sep 2024 00:22:48 +0900
Subject: [PATCH] Deprecate management of manila v2 user

Manila does not require the dedicated keystone user for share v2 API.
Deprecate the functionality to create the additional keystone user for
share v2 API to get rid of the unnecessary complexity.

Change-Id: I2ccc58e70e1c2734c6c3ef765d89a0898989429f
---
 manifests/keystone/auth.pp                    | 58 +++++++++++--------
 ...recate-share-v2-user-82b59ca6db8741d3.yaml | 12 ++++
 2 files changed, 45 insertions(+), 25 deletions(-)
 create mode 100644 releasenotes/notes/deprecate-share-v2-user-82b59ca6db8741d3.yaml

diff --git a/manifests/keystone/auth.pp b/manifests/keystone/auth.pp
index 5c1163ba..5e1f7066 100644
--- a/manifests/keystone/auth.pp
+++ b/manifests/keystone/auth.pp
@@ -79,30 +79,10 @@
 #   This url should *not* contain any trailing '/'.
 #   Defaults to 'http://127.0.0.1:8786/v1/%(tenant_id)s'
 #
-# [*password_v2*]
-#   (Optional) Password for Manila v2 user.
-#   Defaults to undef.
-#
-# [*email_v2*]
-#   (Optional) Email for Manila v2 user.
-#   Defaults to 'manilav2@localhost'.
-#
-# [*auth_name_v2*]
-#   (Optional) Username for Manila v2 service.
-#   Defaults to 'manilav2'.
-#
 # [*configure_endpoint_v2*]
 #   (Optional) Should Manila v2 endpoint be configured?
 #   Defaults to true.
 #
-# [*configure_user_v2*]
-#   (Optional) Should the v2 service user be configured?
-#   Defaults to false
-#
-# [*configure_user_role_v2*]
-#   (Optional) Should the admin role be configured for the v2 service user?
-#   Defaults to false
-#
 # [*service_type_v2*]
 #   (Optional) Type of service v2. Optional.
 #   Defaults to 'sharev2'.
@@ -126,6 +106,28 @@
 #   This url should *not* contain any trailing '/'.
 #   Defaults to 'http://127.0.0.1:8786/v2'
 #
+# DEPRECATED PARAMETERS
+#
+# [*password_v2*]
+#   (Optional) Password for Manila v2 user.
+#   Defaults to undef.
+#
+# [*email_v2*]
+#   (Optional) Email for Manila v2 user.
+#   Defaults to 'manilav2@localhost'.
+#
+# [*auth_name_v2*]
+#   (Optional) Username for Manila v2 service.
+#   Defaults to 'manilav2'.
+#
+# [*configure_user_v2*]
+#   (Optional) Should the v2 service user be configured?
+#   Defaults to false
+#
+# [*configure_user_role_v2*]
+#   (Optional) Should the admin role be configured for the v2 service user?
+#   Defaults to false
+#
 # === Examples
 #
 #  class { 'manila::keystone::auth':
@@ -136,13 +138,10 @@
 #
 class manila::keystone::auth (
   String[1] $password,
-  Optional[String[1]] $password_v2           = undef,
-  String[1] $auth_name_v2                    = 'manilav2',
   String[1] $auth_name                       = 'manila',
   String[1] $service_name                    = 'manila',
   String[1] $service_name_v2                 = 'manilav2',
   String[1] $email                           = 'manila@localhost',
-  String[1] $email_v2                        = 'manilav2@localhost',
   String[1] $tenant                          = 'services',
   Array[String[1]] $roles                    = ['admin'],
   String[1] $system_scope                    = 'all',
@@ -150,9 +149,7 @@ class manila::keystone::auth (
   Boolean $configure_endpoint                = true,
   Boolean $configure_endpoint_v2             = true,
   Boolean $configure_user                    = true,
-  Boolean $configure_user_v2                 = false,
   Boolean $configure_user_role               = true,
-  Boolean $configure_user_role_v2            = false,
   String[1] $service_type                    = 'share',
   String[1] $service_type_v2                 = 'sharev2',
   String[1] $service_description             = 'Manila Service',
@@ -164,6 +161,12 @@ class manila::keystone::auth (
   Keystone::EndpointUrl $admin_url_v2        = 'http://127.0.0.1:8786/v2',
   Keystone::EndpointUrl $internal_url        = 'http://127.0.0.1:8786/v1/%(tenant_id)s',
   Keystone::EndpointUrl $internal_url_v2     = 'http://127.0.0.1:8786/v2',
+  # DEPRECATED PARAMETERS
+  Optional[String[1]] $password_v2           = undef,
+  String[1] $auth_name_v2                    = 'manilav2',
+  String[1] $email_v2                        = 'manilav2@localhost',
+  Boolean $configure_user_v2                 = false,
+  Boolean $configure_user_role_v2            = false,
 ) {
 
   include manila::deps
@@ -171,6 +174,11 @@ class manila::keystone::auth (
   Keystone::Resource::Service_identity['manila'] -> Anchor['manila::service::end']
   Keystone::Resource::Service_identity['manilav2'] -> Anchor['manila::service::end']
 
+  if $configure_user_v2 or $configure_user_role_v2 {
+    warning("Management of share v2 user has been deprecated and will be removed \
+and will be removed in a future release.")
+  }
+
   # for interface backward compatibility, we can't enforce to set a new parameter
   # so we take 'password' parameter by default but allow to override it.
   if ! $password_v2 {
diff --git a/releasenotes/notes/deprecate-share-v2-user-82b59ca6db8741d3.yaml b/releasenotes/notes/deprecate-share-v2-user-82b59ca6db8741d3.yaml
new file mode 100644
index 00000000..25656772
--- /dev/null
+++ b/releasenotes/notes/deprecate-share-v2-user-82b59ca6db8741d3.yaml
@@ -0,0 +1,12 @@
+---
+deprecations:
+  - |
+    Management of manila v2 user by the ``manila::keystone::auth`` class has
+    been deprecated and will be removed in a future release. Because of this
+    change the following parameters of the auth class have been deprecated.
+
+    - ``password_v2``
+    - ``email_v2``
+    - ``auth_name_v2``
+    - ``configure_user_v2``
+    - ``configure_user_role_v2``