Deprecate LDAP auth (#1969)

deprecate external auth related configuration issue: https://issues.redhat.com/browse/AAP-29476
2026-03-26 21:33:14 +00:00 · 2024-10-08 18:25:23 +02:00
parent ae86cb3d13
commit 848cf17d0b
11 changed files with 33 additions and 16 deletions
--- a/roles/backup/tasks/secrets.yml
+++ b/roles/backup/tasks/secrets.yml
@@ -14,6 +14,7 @@
    - route_tls_secret
    # ingress_tls_secret is deprecated in favor of ingress_hosts.tls_secret
    - ingress_tls_secret
+    # LDAP is deprecated
    - ldap_cacert_secret
    - bundle_cacert_secret
    - ee_pull_credentials_secret
--- a/roles/installer/defaults/main.yml
+++ b/roles/installer/defaults/main.yml
@@ -442,11 +442,11 @@ projects_storage_access_mode: ReadWriteMany

 ca_trust_bundle: "/etc/pki/tls/certs/ca-bundle.crt"

-# Secret to lookup that provides the LDAP CACert trusted bundle
+# Secret to lookup that provides the LDAP CACert trusted bundle (Deprecated)
 #
 ldap_cacert_secret: ''

-# Secret to lookup that provides the LDAP bind password
+# Secret to lookup that provides the LDAP bind password (Deprecated)
 ldap_password_secret: ''

 # Secret to lookup that provides the custom CA trusted bundle
--- a/roles/installer/tasks/install.yml
+++ b/roles/installer/tasks/install.yml
@@ -44,12 +44,12 @@
 - name: Include secret key configuration tasks
  include_tasks: secret_key_configuration.yml

- name: Load LDAP CAcert certificate
+- name: Load LDAP CAcert certificate (Deprecated)
  include_tasks: load_ldap_cacert_secret.yml
  when:
  - ldap_cacert_secret != ''

- name: Load ldap bind password
+- name: Load ldap bind password (Deprecated)
  include_tasks: load_ldap_password_secret.yml
  when:
  - ldap_password_secret != ''
--- a/roles/installer/tasks/load_ldap_cacert_secret.yml
+++ b/roles/installer/tasks/load_ldap_cacert_secret.yml
@@ -1,4 +1,11 @@
 ---
+- name: Log LDAP deprecated message if applicable
+  debug:
+    msg: |
+      [DEPRECATION WARNING] LDAP is deprecated, but ldap_cacert_secret configuration is set.
+  when:
+    - ldap_cacert_secret != ''
+
 - name: Retrieve LDAP CA Certificate Secret
  k8s_info:
    kind: Secret
--- a/roles/installer/tasks/load_ldap_password_secret.yml
+++ b/roles/installer/tasks/load_ldap_password_secret.yml
@@ -1,4 +1,11 @@
 ---
+- name: Log LDAP deprecated message if applicable
+  debug:
+    msg: |
+        [DEPRECATION WARNING] LDAP is deprecated, but ldap_password_secret configuration is set.
+  when:
+    - ldap_password_secret != ''
+
 - name: Retrieve LDAP bind password Secret
  k8s_info:
    kind: Secret
--- a/roles/installer/vars/main.yml
+++ b/roles/installer/vars/main.yml
@@ -1,6 +1,7 @@
 ---
 postgres_initdb_args: '--auth-host=scram-sha-256'
 postgres_host_auth_method: 'scram-sha-256'
+# LDAP is deprecated
 ldap_cacert_ca_crt: ''
 bundle_ca_crt: ''
 projects_existing_claim: ''