remove login and ldap auth strategies

deploy/kiali/kiali_cr.yaml

@@ -126,42 +126,18 @@ spec:
 #  auth:
 #
 # Determines what authentication strategy to use when users log into Kiali.
-# Options are "login", "anonymous", "token", "openshift", "ldap", "openid".
-# Choose "login" to use a username and password that will be stored in a secret.
+# Options are "anonymous", "token", "openshift", "openid".
 # Choose "anonymous" to allow full access to Kiali without requiring any credentials.
 # Choose "token" to allow access to Kiali using service account tokens, which controls
 #  access based on RBAC roles assigned to the service account.
 # Choose "openshift" to use the OpenShift OAuth login which controls access based on
 #  the individual's  RBAC roles in OpenShift. Not valid for non-OpenShift environments.
-# Choose "ldap" to enable LDAP based authentication. There are additional configurations for
-#  LDAP auth strategy that are required. See below for the additional LDAP configuration section.
 # Choose "openid" to enable OpenID connect based authentication. Your cluster is required to
 #  be configured to accept the tokens issued by your IdP. There are additional required
 #  configurations for this strategy. See below for the additional OpenID configuration section.
 # When empty, its value will default to "openshift" on OpenShift and "token" on Kubernetes.
 #    ---
 #    strategy: ""
-#    ---
-#    ldap:
-#      ldap_base: ""
-#
-# The binding that determines a user. For example, "CN={USERID},OU=xyz,OU=Users,OU=Accounts,DC=example,DC=com".
-#      ---
-#      ldap_bind_dn: ""
-#      ldap_group_filter: "(cn=%s)"
-#      ldap_host: ""
-#      ldap_insecure_skip_verify: false
-#      ldap_mail_id_key: "mail"
-#      ldap_member_of_key: "memberOf"
-#      ldap_port: 0
-#
-# The role filter can be used to filter the user roles using regular expressions. For example, ".*xyz.*".
-#      ---
-#      ldap_role_filter: ""
-#      ldap_search_filter: "(&(name={USERID}))"
-#      ldap_use_ssl: false
-#      ldap_user_filter: "(cn=%s)"
-#      ldap_user_id_key: "cn"
 #
 # When "openid" strategy is chosen for authentication, you will need to fill some
 # required configurations in the following openid section. The "openid" authentication strategy
@@ -350,9 +326,7 @@ spec:
 #    ---
 #    resources: {}
 #
-# The name of the secret where the Kiali credentials are found.
-# These credentials will be required when logging into Kiali.
-# Only used when auth_strategy is "login".
+# The name of a secret used by the Kiali. Reserved for future use - not currently used.
 #    ---
 #    secret_name: "kiali"
 #

molecule/null-cr-values-test/converge.yml

@@ -14,7 +14,6 @@
       that:
       - kiali_configmap.installation_tag == ""
       - kiali_configmap.additional_display_details | length == 1
-      - kiali_configmap.auth.ldap.ldap_group_filter == "(cn=%s)"
       - kiali_configmap.deployment.custom_dashboards.includes | length == 1
       - kiali_configmap.deployment.custom_dashboards.includes[0] == '*'
       - kiali_configmap.deployment.custom_dashboards.excludes | length == 1

molecule/null-cr-values-test/kiali-cr.yaml

@@ -18,7 +18,7 @@ spec:
 
   auth:
     strategy: {{ kiali.auth_strategy }}
-    ldap: null
+    openid: null
 
   deployment:
     accessible_namespaces: {{ kiali.accessible_namespaces }}

roles/default/kiali-deploy/defaults/main.yml

@@ -29,20 +29,6 @@ kiali_defaults:
       #label_selector:
 
   auth:
-    ldap:
-      ldap_base: ""
-      ldap_bind_dn: ""
-      ldap_group_filter: "(cn=%s)"
-      ldap_host: ""
-      ldap_insecure_skip_verify: false
-      ldap_mail_id_key: "mail"
-      ldap_member_of_key: "memberOf"
-      ldap_port: 0
-      ldap_role_filter: ""
-      ldap_search_filter: "(&(name={USERID}))"
-      ldap_use_ssl: false
-      ldap_user_filter: "(cn=%s)"
-      ldap_user_id_key: "cn"
     openid:
       authentication_timeout: 300
       authorization_endpoint: ""

roles/default/kiali-deploy/tasks/main.yml

@@ -343,30 +343,20 @@
     msg: "AUTH STRATEGY={{ kiali_vars.auth.strategy }}"
 - name: Confirm auth strategy is valid for OpenShift environments
   fail:
-    msg: "Invalid auth.strategy [{{ kiali_vars.auth.strategy }}]! Must be one of either 'login', 'openshift', 'ldap', 'token' or 'anonymous'"
+    msg: "Invalid auth.strategy [{{ kiali_vars.auth.strategy }}]! Must be one of either 'openshift', 'token' or 'anonymous'"
   when:
   - is_openshift == True
-  - kiali_vars.auth.strategy != 'login'
   - kiali_vars.auth.strategy != 'anonymous'
   - kiali_vars.auth.strategy != 'openshift'
-  - kiali_vars.auth.strategy != 'ldap'
   - kiali_vars.auth.strategy != 'token'
 - name: Confirm auth strategy is valid for Kubernetes environments
   fail:
-    msg: "Invalid auth.strategy [{{ kiali_vars.auth.strategy }}]! Must be one of either 'login', 'ldap', 'token', 'openid' or 'anonymous'"
+    msg: "Invalid auth.strategy [{{ kiali_vars.auth.strategy }}]! Must be one of either 'token', 'openid' or 'anonymous'"
   when:
   - is_k8s == True
-  - kiali_vars.auth.strategy != 'login'
   - kiali_vars.auth.strategy != 'anonymous'
-  - kiali_vars.auth.strategy != 'ldap'
   - kiali_vars.auth.strategy != 'token'
   - kiali_vars.auth.strategy != 'openid'
-- name: Confirm ldap configuration when auth strategy is 'ldap'
-  fail:
-    msg: "Invalid configuration for LDAP! The mandatory parameters should be provided like 'ldap_host', 'ldap_port', 'ldap_bind_dn', and 'ldap_base'"
-  when:
-  - kiali_vars.auth.strategy == "ldap"
-  - kiali_vars.auth.ldap.ldap_host == "" or kiali_vars.auth.ldap.ldap_port <= 0 or kiali_vars.auth.ldap.ldap_bind_dn == "" or kiali_vars.auth.ldap.ldap_base == ""
 - name: Confirm OpenID configuration when auth strategy is 'openid'
   fail:
     msg: "Invalid configuration for OpenID connect! The mandatory parameters should be provided: 'issuer_uri', 'client_id'. Also, the 'username_claim' cannot be set to the empty string."