Use configured endpoint type in url_for
The url_for function was defaulting to the public endpoint if no specific endpoint type was passed as argument. Also switch from admin to internal keystone endpoint by default and replace use of a hardcoded endpoint type by the corresponding configuration option. As explained in [1], a recent devstack change switched off the creation of an admin endpoint for keystone. Now that we support configuring endpoint types, switch to using the public interface for keystone when deploying blazar with devstack. [1] https://review.opendev.org/c/openstack/blazar/+/816627 Change-Id: If20c20f6cfb6aa23cb6e19020301bf59044aa79c
This commit is contained in:
parent
9a37ded919
commit
34b848aff2
@ -85,7 +85,7 @@ class MaxLeaseDurationTestCase(tests.TestCase):
|
|||||||
dict(
|
dict(
|
||||||
type='identity', endpoints=[
|
type='identity', endpoints=[
|
||||||
dict(
|
dict(
|
||||||
interface='public', region=self.region,
|
interface='internal', region=self.region,
|
||||||
url='https://fakeauth.com')
|
url='https://fakeauth.com')
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
@ -116,7 +116,7 @@ class EnforcementTestCase(tests.TestCase):
|
|||||||
dict(
|
dict(
|
||||||
type='identity', endpoints=[
|
type='identity', endpoints=[
|
||||||
dict(
|
dict(
|
||||||
interface='public', region=self.region,
|
interface='internal', region=self.region,
|
||||||
url='https://fakeauth.com')
|
url='https://fakeauth.com')
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
@ -14,10 +14,14 @@
|
|||||||
# limitations under the License.
|
# limitations under the License.
|
||||||
|
|
||||||
import netaddr
|
import netaddr
|
||||||
|
from oslo_config import cfg
|
||||||
|
|
||||||
from blazar.manager import exceptions
|
from blazar.manager import exceptions
|
||||||
|
|
||||||
|
|
||||||
|
CONF = cfg.CONF
|
||||||
|
|
||||||
|
|
||||||
def get_os_auth_host(conf):
|
def get_os_auth_host(conf):
|
||||||
"""Description
|
"""Description
|
||||||
|
|
||||||
@ -39,9 +43,12 @@ def url_for(service_catalog, service_type, admin=False,
|
|||||||
service_type - OpenStack service type specification
|
service_type - OpenStack service type specification
|
||||||
"""
|
"""
|
||||||
if not endpoint_interface:
|
if not endpoint_interface:
|
||||||
|
if service_type == 'identity':
|
||||||
|
endpoint_interface = CONF.endpoint_type
|
||||||
|
elif service_type == 'compute':
|
||||||
|
endpoint_interface = CONF.nova.endpoint_type
|
||||||
|
else:
|
||||||
endpoint_interface = 'public'
|
endpoint_interface = 'public'
|
||||||
if admin:
|
|
||||||
endpoint_interface = 'admin'
|
|
||||||
|
|
||||||
service = None
|
service = None
|
||||||
for srv in service_catalog:
|
for srv in service_catalog:
|
||||||
|
@ -43,7 +43,7 @@ Possible values:
|
|||||||
|
|
||||||
keystone_opts = [
|
keystone_opts = [
|
||||||
cfg.StrOpt('endpoint_type',
|
cfg.StrOpt('endpoint_type',
|
||||||
default='admin',
|
default='internal',
|
||||||
choices=['public', 'admin', 'internal'],
|
choices=['public', 'admin', 'internal'],
|
||||||
help='Type of the keystone endpoint to use. This endpoint will '
|
help='Type of the keystone endpoint to use. This endpoint will '
|
||||||
'be looked up in the keystone catalog and should be one '
|
'be looked up in the keystone catalog and should be one '
|
||||||
@ -112,7 +112,7 @@ class BlazarKeystoneClient(object):
|
|||||||
if not kwargs.get('auth_url'):
|
if not kwargs.get('auth_url'):
|
||||||
kwargs['auth_url'] = base.url_for(
|
kwargs['auth_url'] = base.url_for(
|
||||||
ctx.service_catalog, CONF.identity_service,
|
ctx.service_catalog, CONF.identity_service,
|
||||||
endpoint_interface='internal',
|
endpoint_interface=CONF.endpoint_type,
|
||||||
os_region_name=CONF.os_region_name)
|
os_region_name=CONF.os_region_name)
|
||||||
if not kwargs.get('trust_id'):
|
if not kwargs.get('trust_id'):
|
||||||
try:
|
try:
|
||||||
|
@ -39,6 +39,7 @@ function configure_blazar {
|
|||||||
iniset $BLAZAR_CONF_FILE DEFAULT os_admin_project_name $SERVICE_TENANT_NAME
|
iniset $BLAZAR_CONF_FILE DEFAULT os_admin_project_name $SERVICE_TENANT_NAME
|
||||||
iniset $BLAZAR_CONF_FILE DEFAULT identity_service $BLAZAR_IDENTITY_SERVICE_NAME
|
iniset $BLAZAR_CONF_FILE DEFAULT identity_service $BLAZAR_IDENTITY_SERVICE_NAME
|
||||||
iniset $BLAZAR_CONF_FILE DEFAULT os_region_name $REGION_NAME
|
iniset $BLAZAR_CONF_FILE DEFAULT os_region_name $REGION_NAME
|
||||||
|
iniset $BLAZAR_CONF_FILE DEFAULT endpoint_type public
|
||||||
|
|
||||||
# Keystone authtoken
|
# Keystone authtoken
|
||||||
_blazar_setup_keystone $BLAZAR_CONF_FILE keystone_authtoken
|
_blazar_setup_keystone $BLAZAR_CONF_FILE keystone_authtoken
|
||||||
@ -130,17 +131,6 @@ function create_blazar_accounts {
|
|||||||
get_or_create_endpoint $BLAZAR_SERVICE \
|
get_or_create_endpoint $BLAZAR_SERVICE \
|
||||||
"$REGION_NAME" \
|
"$REGION_NAME" \
|
||||||
"$blazar_api_url/v1"
|
"$blazar_api_url/v1"
|
||||||
|
|
||||||
# Create admin and internal endpoints for keystone. Blazar currently uses
|
|
||||||
# the admin endpoint to interact with keystone, but devstack stopped
|
|
||||||
# creating one in https://review.opendev.org/c/openstack/devstack/+/777345
|
|
||||||
KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
|
|
||||||
"identity" "Keystone Identity Service")
|
|
||||||
get_or_create_endpoint $KEYSTONE_SERVICE \
|
|
||||||
"$REGION_NAME" \
|
|
||||||
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
|
|
||||||
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
|
|
||||||
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity"
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user