Add support for ingress-public

The patch has following changes:
* Change ingress relation to ingress-internal
* Add ingress-public relation in metadata
* Sync identity_service library
* Update identity section in config files to use ingress urls
* Update wsgi template to use ingress_internal

lib/charms/sunbeam_keystone_operator/v0/identity_service.py

@@ -310,6 +310,24 @@ class IdentityServiceRequires(Object):
         return self.get_remote_app_data('service-user-id')
 
 
+    @property
+    def internal_auth_url(self) -> str:
+        """Return the internal_auth_url."""
+        return self.get_remote_app_data('internal-auth-url')
+
+
+    @property
+    def admin_auth_url(self) -> str:
+        """Return the admin_auth_url."""
+        return self.get_remote_app_data('admin-auth-url')
+
+
+    @property
+    def public_auth_url(self) -> str:
+        """Return the public_auth_url."""
+        return self.get_remote_app_data('public-auth-url')
+
+
     def register_services(self, service_endpoints: dict,
                           region: str) -> None:
         """Request access to the IdentityService server."""
@@ -405,8 +423,6 @@ class IdentityServiceProvides(Object):
             for k in REQUIRED_KEYS ]
         # Validate data on the relation
         if all(values):
-            print(event.relation.id)
-            print(event.relation.name)
             service_eps = json.loads(
                 event.relation.data[event.relation.app]['service-endpoints'])
             self.on.ready_identity_service_clients.emit(
@@ -439,7 +455,10 @@ class IdentityServiceProvides(Object):
                                          service_domain: str,
                                          service_password: str,
                                          service_project: str,
-                                         service_user: str):
+                                         service_user: str,
+                                         internal_auth_url: str,
+                                         admin_auth_url: str,
+                                         public_auth_url: str):
         logging.debug("Setting identity_service connection information.")
         for relation in self.framework.model.relations[relation_name]:
             if relation.id == relation_id:
@@ -468,3 +487,6 @@ class IdentityServiceProvides(Object):
         app_data["service-user-name"] = service_user.name
         app_data["service-user-id"] = service_user.id
         app_data["service-password"] = service_password
+        app_data["internal-auth-url"] = internal_auth_url
+        app_data["admin-auth-url"] = admin_auth_url
+        app_data["public-auth-url"] = public_auth_url

metadata.yaml

@@ -28,9 +28,13 @@ requires:
     limit: 1
   identity-service:
     interface: keystone
-  ingress:
+  ingress-internal:
     interface: ingress
     limit: 1
+  ingress-public:
+    interface: ingress
+    optional: true
+    limit: 1
 provides:
   placement:
     interface: placement

src/templates/parts/section-identity

@@ -1,11 +1,14 @@
 [keystone_authtoken]
-{% if identity_service.internal_host -%}
+{% if identity_service.internal_auth_url -%}
+www_authenticate_uri = {{ identity_service.internal_auth_url }}
+auth_url = {{ identity_service.internal_auth_url }}
+{% elif identity_service.internal_host -%}
 www_authenticate_uri = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
 auth_url = {{ identity_service.internal_protocol }}://{{ identity_service.internal_host }}:{{ identity_service.internal_port }}
+{% endif -%}
 auth_type = password
 project_domain_name = {{ identity_service.service_domain_name }}
 user_domain_name = {{ identity_service.service_domain_name }}
 project_name = {{ identity_service.service_project_name }}
 username = {{ identity_service.service_user_name }}
 password = {{ identity_service.service_password }}
-{% endif -%}

src/templates/wsgi-placement-api.conf.j2

@@ -3,8 +3,8 @@ Listen {{ wsgi_config.public_port }}
     WSGIDaemonProcess placement processes=3 threads=1 user={{ wsgi_config.user }} group={{ wsgi_config.group }} \
                       display-name=%{GROUP}
     WSGIProcessGroup placement
-    {% if ingress.ingress_path -%}
-    WSGIScriptAlias {{ ingress.ingress_path }} {{ wsgi_config.wsgi_public_script }}
+    {% if ingress_internal.ingress_path -%}
+    WSGIScriptAlias {{ ingress_internal.ingress_path }} {{ wsgi_config.wsgi_public_script }}
     {% endif -%}
     WSGIScriptAlias / {{ wsgi_config.wsgi_public_script }}
     WSGIApplicationGroup %{GLOBAL}

unit_tests/test_placement_charm.py

@@ -96,7 +96,6 @@ class TestPlacementOperatorCharm(test_utils.CharmTestCase):
             username = None
             password = svcpass1
 
-
             [placement]
             randomize_allocation_candidates = true
         """