Use configured endpoint type in url_for

The url_for function was defaulting to the public endpoint if no
specific endpoint type was passed as argument.

Also switch from admin to internal keystone endpoint by default and
replace use of a hardcoded endpoint type by the corresponding
configuration option.

As explained in [1], a recent devstack change switched off the creation
of an admin endpoint for keystone. Now that we support configuring
endpoint types, switch to using the public interface for keystone when
deploying blazar with devstack.

[1] https://review.opendev.org/c/openstack/blazar/+/816627

Change-Id: If20c20f6cfb6aa23cb6e19020301bf59044aa79c
This commit is contained in:
Pierre Riteau 2022-02-11 10:58:48 +01:00
parent 9a37ded919
commit 34b848aff2
5 changed files with 15 additions and 18 deletions

View File

@ -85,7 +85,7 @@ class MaxLeaseDurationTestCase(tests.TestCase):
dict( dict(
type='identity', endpoints=[ type='identity', endpoints=[
dict( dict(
interface='public', region=self.region, interface='internal', region=self.region,
url='https://fakeauth.com') url='https://fakeauth.com')
] ]
) )

View File

@ -116,7 +116,7 @@ class EnforcementTestCase(tests.TestCase):
dict( dict(
type='identity', endpoints=[ type='identity', endpoints=[
dict( dict(
interface='public', region=self.region, interface='internal', region=self.region,
url='https://fakeauth.com') url='https://fakeauth.com')
] ]
) )

View File

@ -14,10 +14,14 @@
# limitations under the License. # limitations under the License.
import netaddr import netaddr
from oslo_config import cfg
from blazar.manager import exceptions from blazar.manager import exceptions
CONF = cfg.CONF
def get_os_auth_host(conf): def get_os_auth_host(conf):
"""Description """Description
@ -39,9 +43,12 @@ def url_for(service_catalog, service_type, admin=False,
service_type - OpenStack service type specification service_type - OpenStack service type specification
""" """
if not endpoint_interface: if not endpoint_interface:
if service_type == 'identity':
endpoint_interface = CONF.endpoint_type
elif service_type == 'compute':
endpoint_interface = CONF.nova.endpoint_type
else:
endpoint_interface = 'public' endpoint_interface = 'public'
if admin:
endpoint_interface = 'admin'
service = None service = None
for srv in service_catalog: for srv in service_catalog:

View File

@ -43,7 +43,7 @@ Possible values:
keystone_opts = [ keystone_opts = [
cfg.StrOpt('endpoint_type', cfg.StrOpt('endpoint_type',
default='admin', default='internal',
choices=['public', 'admin', 'internal'], choices=['public', 'admin', 'internal'],
help='Type of the keystone endpoint to use. This endpoint will ' help='Type of the keystone endpoint to use. This endpoint will '
'be looked up in the keystone catalog and should be one ' 'be looked up in the keystone catalog and should be one '
@ -112,7 +112,7 @@ class BlazarKeystoneClient(object):
if not kwargs.get('auth_url'): if not kwargs.get('auth_url'):
kwargs['auth_url'] = base.url_for( kwargs['auth_url'] = base.url_for(
ctx.service_catalog, CONF.identity_service, ctx.service_catalog, CONF.identity_service,
endpoint_interface='internal', endpoint_interface=CONF.endpoint_type,
os_region_name=CONF.os_region_name) os_region_name=CONF.os_region_name)
if not kwargs.get('trust_id'): if not kwargs.get('trust_id'):
try: try:

View File

@ -39,6 +39,7 @@ function configure_blazar {
iniset $BLAZAR_CONF_FILE DEFAULT os_admin_project_name $SERVICE_TENANT_NAME iniset $BLAZAR_CONF_FILE DEFAULT os_admin_project_name $SERVICE_TENANT_NAME
iniset $BLAZAR_CONF_FILE DEFAULT identity_service $BLAZAR_IDENTITY_SERVICE_NAME iniset $BLAZAR_CONF_FILE DEFAULT identity_service $BLAZAR_IDENTITY_SERVICE_NAME
iniset $BLAZAR_CONF_FILE DEFAULT os_region_name $REGION_NAME iniset $BLAZAR_CONF_FILE DEFAULT os_region_name $REGION_NAME
iniset $BLAZAR_CONF_FILE DEFAULT endpoint_type public
# Keystone authtoken # Keystone authtoken
_blazar_setup_keystone $BLAZAR_CONF_FILE keystone_authtoken _blazar_setup_keystone $BLAZAR_CONF_FILE keystone_authtoken
@ -130,17 +131,6 @@ function create_blazar_accounts {
get_or_create_endpoint $BLAZAR_SERVICE \ get_or_create_endpoint $BLAZAR_SERVICE \
"$REGION_NAME" \ "$REGION_NAME" \
"$blazar_api_url/v1" "$blazar_api_url/v1"
# Create admin and internal endpoints for keystone. Blazar currently uses
# the admin endpoint to interact with keystone, but devstack stopped
# creating one in https://review.opendev.org/c/openstack/devstack/+/777345
KEYSTONE_SERVICE=$(get_or_create_service "keystone" \
"identity" "Keystone Identity Service")
get_or_create_endpoint $KEYSTONE_SERVICE \
"$REGION_NAME" \
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity" \
"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity"
} }