From: Steven Hardy <shardy@redhat.com>
Date: Wed, 3 Aug 2016 12:39:39 +0000 (+0100)
Subject: Remove keystone PKI related parameters
X-Git-Tag: opnfv-6.0.0~1793^2
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=12b356b6875dbf0ac192fe52f4711aa746ed9eb9;p=apex-tripleo-heat-templates.git

Remove keystone PKI related parameters

These interfaces have all been deprecated by keystone, and we don't
offer any parameter interface to select PKI token format anyway,
so remove these to align with keystone reccomendations.

The keystone.conf.sample says these values may be silently ignored or
removed, so it seems reasonable to do the same here (parameter_defaults
should be ignored from old stacks).

Change-Id: Ic88d584863a98ed49fc335825fbfba7a52b0f14e
Depends-On: I8232262b928c91dcde7bea2f23fa2a7c2660719e
---

diff --git a/puppet/services/keystone.yaml b/puppet/services/keystone.yaml
index abc738d9..d45ed86e 100644
--- a/puppet/services/keystone.yaml
+++ b/puppet/services/keystone.yaml
@@ -4,24 +4,11 @@ description: >
   OpenStack Keystone service configured with Puppet
 
 parameters:
-  KeystoneCACertificate:
-    default: ''
-    description: Keystone self-signed certificate authority certificate.
-    type: string
   KeystoneEnableDBPurge:
     default: true
     description: |
         Whether to create cron job for purging soft deleted rows in Keystone database.
     type: boolean
-  KeystoneSigningCertificate:
-    default: ''
-    description: Keystone certificate for verifying token validity.
-    type: string
-  KeystoneSigningKey:
-    default: ''
-    description: Keystone key for signing tokens.
-    type: string
-    hidden: true
   KeystoneSSLCertificate:
     default: ''
     description: Keystone certificate for verifying token validity.
@@ -105,9 +92,6 @@ outputs:
               - '/keystone'
         keystone::admin_token: {get_param: AdminToken}
         keystone::roles::admin::password: {get_param: AdminPassword}
-        keystone_ca_certificate: {get_param: KeystoneCACertificate}
-        keystone_signing_key: {get_param: KeystoneSigningKey}
-        keystone_signing_certificate: {get_param: KeystoneSigningCertificate}
         keystone_ssl_certificate: {get_param: KeystoneSSLCertificate}
         keystone_ssl_certificate_key: {get_param: KeystoneSSLCertificateKey}
         keystone::enable_proxy_headers_parsing: true