Use identity_uri_transform for identiry_uri support
Remove deprecated keys and use identity_uri via the new transform helper method. Change-Id: I2e439b8f3d1f5a4efa0c082b8e7d88d8594a65b3 Implements: blueprint identity-uri
This commit is contained in:
parent
ded5cad8ee
commit
dd82011553
|
@ -68,6 +68,7 @@ identity_admin_endpoint = admin_endpoint 'identity-admin'
|
|||
service_pass = get_password 'service', 'openstack-bare-metal'
|
||||
|
||||
auth_uri = auth_uri_transform(identity_endpoint.to_s, node['openstack']['bare-metal']['api']['auth']['version'])
|
||||
identity_uri = identity_uri_transform(identity_admin_endpoint)
|
||||
|
||||
template '/etc/ironic/ironic.conf' do
|
||||
source 'ironic.conf.erb'
|
||||
|
@ -83,7 +84,7 @@ template '/etc/ironic/ironic.conf' do
|
|||
glance_host: image_endpoint.host,
|
||||
glance_port: image_endpoint.port,
|
||||
auth_uri: auth_uri,
|
||||
identity_admin_endpoint: identity_admin_endpoint,
|
||||
identity_uri: identity_uri,
|
||||
service_pass: service_pass
|
||||
)
|
||||
end
|
||||
|
|
|
@ -76,7 +76,13 @@ describe 'openstack-bare-metal::ironic-common' do
|
|||
it 'sets the default auth attributes' do
|
||||
[
|
||||
/^insecure=false$/,
|
||||
%r(^signing_dir=/var/cache/ironic/api$)
|
||||
%r(^signing_dir=/var/cache/ironic/api$),
|
||||
%r(^auth_uri=http://127.0.0.1:5000/v2.0$),
|
||||
%r(^identity_uri=http://127.0.0.1:35357/$),
|
||||
/^auth_version=v2.0$/,
|
||||
/^admin_user=ironic$/,
|
||||
/^admin_password=service_pass$/,
|
||||
/^admin_tenant_name=service$/
|
||||
].each do |line|
|
||||
expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
|
||||
end
|
||||
|
|
|
@ -25,13 +25,13 @@ shared_context 'bare-metal-stubs' do
|
|||
before do
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('service', anything)
|
||||
.and_return('')
|
||||
.and_return('service_pass')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('db', anything)
|
||||
.and_return('')
|
||||
.and_return('db_pass')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_password)
|
||||
.with('user', anything)
|
||||
.and_return('')
|
||||
.and_return('user_pass')
|
||||
allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
|
||||
.with('openstack_identity_bootstrap_token')
|
||||
.and_return('bootstrap-token')
|
||||
|
|
|
@ -929,38 +929,27 @@ glance_protocol=<%= @glance_scheme %>
|
|||
# Options defined in keystonemiddleware.auth_token
|
||||
#
|
||||
|
||||
# Host providing the admin Identity API endpoint (string
|
||||
# value)
|
||||
auth_host=<%= @identity_admin_endpoint.host %>
|
||||
|
||||
# Port of the admin Identity API endpoint (integer value)
|
||||
auth_port=<%= @identity_admin_endpoint.port %>
|
||||
|
||||
# Protocol of the admin Identity API endpoint(http or https)
|
||||
# (string value)
|
||||
auth_protocol=<%= @identity_admin_endpoint.scheme %>
|
||||
|
||||
# Complete public Identity API endpoint. (string value)
|
||||
auth_uri=<%= @auth_uri %>
|
||||
|
||||
# Complete admin Identity API endpoint. This should specify
|
||||
# the unversioned root endpoint e.g. https://localhost:3537/
|
||||
# the unversioned root endpoint e.g. https://localhost:35357/
|
||||
# (string value)
|
||||
identity_uri=<%= @identity_admin_endpoint.scheme %>://<%= @identity_admin_endpoint.host %>:<%= @identity_admin_endpoint.port %>
|
||||
identity_uri=<%= @identity_uri %>
|
||||
|
||||
# API version of the admin Identity API endpoint. (string
|
||||
# value)
|
||||
auth_version=<%= node['openstack']['bare-metal']['api']['auth']['version'] %>
|
||||
|
||||
# Keystone account username (string value)
|
||||
admin_user = <%= node['openstack']['bare-metal']['service_user'] %>
|
||||
admin_user=<%= node['openstack']['bare-metal']['service_user'] %>
|
||||
|
||||
# Keystone account password (string value)
|
||||
admin_password = <%= @service_pass %>
|
||||
admin_password=<%= @service_pass %>
|
||||
|
||||
# Keystone service account tenant name to validate user tokens
|
||||
# (string value)
|
||||
admin_tenant_name = <%= node['openstack']['bare-metal']['service_tenant_name'] %>
|
||||
admin_tenant_name=<%= node['openstack']['bare-metal']['service_tenant_name'] %>
|
||||
|
||||
# Do not handle authorization requests within the middleware,
|
||||
# but delegate the authorization decision to downstream WSGI
|
||||
|
|
Loading…
Reference in New Issue