From 34b848aff2363e8c72a0b0f0f2d37d0ac415a2f5 Mon Sep 17 00:00:00 2001
From: Pierre Riteau <pierre@stackhpc.com>
Date: Fri, 11 Feb 2022 10:58:48 +0100
Subject: [PATCH] Use configured endpoint type in url_for

The url_for function was defaulting to the public endpoint if no
specific endpoint type was passed as argument.

Also switch from admin to internal keystone endpoint by default and
replace use of a hardcoded endpoint type by the corresponding
configuration option.

As explained in [1], a recent devstack change switched off the creation
of an admin endpoint for keystone. Now that we support configuring
endpoint types, switch to using the public interface for keystone when
deploying blazar with devstack.

[1] https://review.opendev.org/c/openstack/blazar/+/816627

Change-Id: If20c20f6cfb6aa23cb6e19020301bf59044aa79c
---
 .../filters/test_max_lease_duration_filter.py       |  2 +-
 blazar/tests/enforcement/test_enforcement.py        |  2 +-
 blazar/utils/openstack/base.py                      | 13 ++++++++++---
 blazar/utils/openstack/keystone.py                  |  4 ++--
 devstack/plugin.sh                                  | 12 +-----------
 5 files changed, 15 insertions(+), 18 deletions(-)

diff --git a/blazar/tests/enforcement/filters/test_max_lease_duration_filter.py b/blazar/tests/enforcement/filters/test_max_lease_duration_filter.py
index c78c00c6..5167ecde 100755
--- a/blazar/tests/enforcement/filters/test_max_lease_duration_filter.py
+++ b/blazar/tests/enforcement/filters/test_max_lease_duration_filter.py
@@ -85,7 +85,7 @@ class MaxLeaseDurationTestCase(tests.TestCase):
             dict(
                 type='identity', endpoints=[
                     dict(
-                        interface='public', region=self.region,
+                        interface='internal', region=self.region,
                         url='https://fakeauth.com')
                 ]
             )
diff --git a/blazar/tests/enforcement/test_enforcement.py b/blazar/tests/enforcement/test_enforcement.py
index 0bb8dc2e..78437ade 100755
--- a/blazar/tests/enforcement/test_enforcement.py
+++ b/blazar/tests/enforcement/test_enforcement.py
@@ -116,7 +116,7 @@ class EnforcementTestCase(tests.TestCase):
             dict(
                 type='identity', endpoints=[
                     dict(
-                        interface='public', region=self.region,
+                        interface='internal', region=self.region,
                         url='https://fakeauth.com')
                 ]
             )
diff --git a/blazar/utils/openstack/base.py b/blazar/utils/openstack/base.py
index 4a76460f..df9b3394 100644
--- a/blazar/utils/openstack/base.py
+++ b/blazar/utils/openstack/base.py
@@ -14,10 +14,14 @@
 # limitations under the License.
 
 import netaddr
+from oslo_config import cfg
 
 from blazar.manager import exceptions
 
 
+CONF = cfg.CONF
+
+
 def get_os_auth_host(conf):
     """Description
 
@@ -39,9 +43,12 @@ def url_for(service_catalog, service_type, admin=False,
     service_type - OpenStack service type specification
     """
     if not endpoint_interface:
-        endpoint_interface = 'public'
-    if admin:
-        endpoint_interface = 'admin'
+        if service_type == 'identity':
+            endpoint_interface = CONF.endpoint_type
+        elif service_type == 'compute':
+            endpoint_interface = CONF.nova.endpoint_type
+        else:
+            endpoint_interface = 'public'
 
     service = None
     for srv in service_catalog:
diff --git a/blazar/utils/openstack/keystone.py b/blazar/utils/openstack/keystone.py
index c111b134..cd6e65df 100644
--- a/blazar/utils/openstack/keystone.py
+++ b/blazar/utils/openstack/keystone.py
@@ -43,7 +43,7 @@ Possible values:
 
 keystone_opts = [
     cfg.StrOpt('endpoint_type',
-               default='admin',
+               default='internal',
                choices=['public', 'admin', 'internal'],
                help='Type of the keystone endpoint to use. This endpoint will '
                     'be looked up in the keystone catalog and should be one '
@@ -112,7 +112,7 @@ class BlazarKeystoneClient(object):
             if not kwargs.get('auth_url'):
                 kwargs['auth_url'] = base.url_for(
                     ctx.service_catalog, CONF.identity_service,
-                    endpoint_interface='internal',
+                    endpoint_interface=CONF.endpoint_type,
                     os_region_name=CONF.os_region_name)
             if not kwargs.get('trust_id'):
                 try:
diff --git a/devstack/plugin.sh b/devstack/plugin.sh
index 127157b6..cb417994 100644
--- a/devstack/plugin.sh
+++ b/devstack/plugin.sh
@@ -39,6 +39,7 @@ function configure_blazar {
     iniset $BLAZAR_CONF_FILE DEFAULT os_admin_project_name $SERVICE_TENANT_NAME
     iniset $BLAZAR_CONF_FILE DEFAULT identity_service $BLAZAR_IDENTITY_SERVICE_NAME
     iniset $BLAZAR_CONF_FILE DEFAULT os_region_name $REGION_NAME
+    iniset $BLAZAR_CONF_FILE DEFAULT endpoint_type public
 
     # Keystone authtoken
     _blazar_setup_keystone $BLAZAR_CONF_FILE keystone_authtoken
@@ -130,17 +131,6 @@ function create_blazar_accounts {
     get_or_create_endpoint $BLAZAR_SERVICE \
         "$REGION_NAME" \
         "$blazar_api_url/v1"
-
-    # Create admin and internal endpoints for keystone. Blazar currently uses
-    # the admin endpoint to interact with keystone, but devstack stopped
-    # creating one in https://review.opendev.org/c/openstack/devstack/+/777345
-    KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
-        "identity" "Keystone Identity Service")
-    get_or_create_endpoint $KEYSTONE_SERVICE \
-        "$REGION_NAME" \
-        "${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
-        "${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
-        "${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity"
 }