Simplify identity endpoint
Per the Keystone Install Guide[1] the admin endpoint is superseded in favor of a single public endpoint. As a result, the admin endpoint is no longer deployed by default. [1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components Change-Id: Ied0fb46ae8c10273fde31691b910dc2748845faf Implements: blueprint simplify-identity-endpoint
This commit is contained in:
parent
80706ed6e3
commit
7740328325
|
@ -31,8 +31,9 @@ module ::Openstack
|
||||||
# @param [String] tenant name
|
# @param [String] tenant name
|
||||||
# @return [Hash] environment
|
# @return [Hash] environment
|
||||||
def openstack_command_env(name, project, user_domain, project_domain)
|
def openstack_command_env(name, project, user_domain, project_domain)
|
||||||
identity_admin_endpoint = admin_endpoint 'identity'
|
identity_endpoint = public_endpoint 'identity'
|
||||||
auth_uri = ::URI.decode identity_admin_endpoint.to_s
|
auth_url = ::URI.decode identity_endpoint.to_s
|
||||||
|
|
||||||
pass = get_password 'user', name
|
pass = get_password 'user', name
|
||||||
{
|
{
|
||||||
'OS_USERNAME' => name,
|
'OS_USERNAME' => name,
|
||||||
|
@ -41,7 +42,7 @@ module ::Openstack
|
||||||
'OS_USER_DOMAIN_NAME' => user_domain,
|
'OS_USER_DOMAIN_NAME' => user_domain,
|
||||||
'OS_PROJECT_DOMAIN_NAME' => project_domain,
|
'OS_PROJECT_DOMAIN_NAME' => project_domain,
|
||||||
'OS_IDENTITY_API_VERSION' => '3',
|
'OS_IDENTITY_API_VERSION' => '3',
|
||||||
'OS_AUTH_URL' => auth_uri,
|
'OS_AUTH_URL' => auth_url,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -67,7 +67,7 @@ module ::Openstack
|
||||||
# Helper for creating identity_uri value for the auth_token section
|
# Helper for creating identity_uri value for the auth_token section
|
||||||
# of component config files.
|
# of component config files.
|
||||||
# The definition of identity is: the unversioned root
|
# The definition of identity is: the unversioned root
|
||||||
# admin identity endpoint e.g. https://localhost:35357/
|
# identity endpoint e.g. https://localhost:5000/
|
||||||
# This method will make sure the path is removed from the uri.
|
# This method will make sure the path is removed from the uri.
|
||||||
def identity_uri_transform(identity_uri)
|
def identity_uri_transform(identity_uri)
|
||||||
uri = ::URI.parse ::URI.encode(identity_uri.to_s)
|
uri = ::URI.parse ::URI.encode(identity_uri.to_s)
|
||||||
|
|
|
@ -15,11 +15,11 @@ describe 'openstack-common::default' do
|
||||||
|
|
||||||
describe 'openstack_command_env' do
|
describe 'openstack_command_env' do
|
||||||
before do
|
before do
|
||||||
node.set['openstack']['endpoints']['admin']['identity'] = {
|
node.set['openstack']['endpoints']['public']['identity'] = {
|
||||||
host: '127.0.0.1',
|
host: '127.0.0.1',
|
||||||
scheme: 'http',
|
scheme: 'http',
|
||||||
path: '/v3',
|
path: '/v3',
|
||||||
port: '35357',
|
port: '5000',
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
it 'returns cli enviroment' do
|
it 'returns cli enviroment' do
|
||||||
|
@ -34,7 +34,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => '3'
|
'OS_IDENTITY_API_VERSION' => '3'
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
@ -49,7 +49,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
allow(subject).to receive(:shell_out).with(
|
allow(subject).to receive(:shell_out).with(
|
||||||
|
@ -69,7 +69,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
allow(subject).to receive(:shell_out).with(
|
allow(subject).to receive(:shell_out).with(
|
||||||
|
@ -89,7 +89,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
allow(subject).to receive(:shell_out).with(
|
allow(subject).to receive(:shell_out).with(
|
||||||
|
@ -108,7 +108,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
allow(subject).to receive(:openstack_command).with(
|
allow(subject).to receive(:openstack_command).with(
|
||||||
|
@ -129,7 +129,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
@ -162,7 +162,7 @@ describe 'openstack-common::default' do
|
||||||
'OS_PROJECT_NAME' => 'project',
|
'OS_PROJECT_NAME' => 'project',
|
||||||
'OS_USER_DOMAIN_NAME' => 'default',
|
'OS_USER_DOMAIN_NAME' => 'default',
|
||||||
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
'OS_PROJECT_DOMAIN_NAME' => 'default',
|
||||||
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
|
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
|
||||||
'OS_IDENTITY_API_VERSION' => 3,
|
'OS_IDENTITY_API_VERSION' => 3,
|
||||||
}
|
}
|
||||||
allow(subject).to receive(:openstack_command).with(
|
allow(subject).to receive(:openstack_command).with(
|
||||||
|
|
|
@ -4,16 +4,19 @@ require 'chefspec/berkshelf'
|
||||||
|
|
||||||
ChefSpec::Coverage.start! { add_filter 'openstack-common' }
|
ChefSpec::Coverage.start! { add_filter 'openstack-common' }
|
||||||
|
|
||||||
LOG_LEVEL = :fatal
|
RSpec.configure do |config|
|
||||||
|
config.color = true
|
||||||
|
config.formatter = :documentation
|
||||||
|
config.log_level = :fatal
|
||||||
|
end
|
||||||
|
|
||||||
UBUNTU_OPTS = {
|
UBUNTU_OPTS = {
|
||||||
platform: 'ubuntu',
|
platform: 'ubuntu',
|
||||||
version: '16.04',
|
version: '16.04',
|
||||||
log_level: LOG_LEVEL,
|
|
||||||
}.freeze
|
}.freeze
|
||||||
REDHAT_OPTS = {
|
REDHAT_OPTS = {
|
||||||
platform: 'redhat',
|
platform: 'redhat',
|
||||||
version: '7.3',
|
version: '7.4',
|
||||||
log_level: LOG_LEVEL,
|
|
||||||
}.freeze
|
}.freeze
|
||||||
# We set a default platform for non-platform specific test cases
|
# We set a default platform for non-platform specific test cases
|
||||||
CHEFSPEC_OPTS = UBUNTU_OPTS
|
CHEFSPEC_OPTS = UBUNTU_OPTS
|
||||||
|
|
|
@ -89,34 +89,15 @@ describe 'Openstack uri' do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
describe '#auth_uri_transform' do
|
|
||||||
it 'preserves the original auth uri when the auth version passed is v2.0' do
|
|
||||||
auth_version = 'v2.0'
|
|
||||||
auth_uri = 'http://localhost:5000/v2.0'
|
|
||||||
expect(
|
|
||||||
subject.auth_uri_transform(auth_uri, auth_version)
|
|
||||||
).to eq(auth_uri)
|
|
||||||
end
|
|
||||||
|
|
||||||
it 'substitute /v2.0 with /v3 in the passed auth uri when auth version passed is v3.0' do
|
|
||||||
auth_version = 'v3.0'
|
|
||||||
auth_uri = 'http://localhost:5000/v2.0'
|
|
||||||
expected_auth_uri = 'http://localhost:5000/v3'
|
|
||||||
expect(
|
|
||||||
subject.auth_uri_transform(auth_uri, auth_version)
|
|
||||||
).to eq(expected_auth_uri)
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
describe '#identity_uri_transform' do
|
describe '#identity_uri_transform' do
|
||||||
it 'removes the path segment from identity admin endpoint' do
|
it 'removes the path segment from identity endpoint' do
|
||||||
expect(
|
expect(
|
||||||
subject.identity_uri_transform('http://localhost:35357/v2.0')
|
subject.identity_uri_transform('http://localhost:5000/v3')
|
||||||
).to eq('http://localhost:35357/')
|
).to eq('http://localhost:5000/')
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not effect a valid identity admin endpoint' do
|
it 'does not effect a valid identity endpoint' do
|
||||||
identity_uri = 'http://localhost:35357/'
|
identity_uri = 'http://localhost:5000/'
|
||||||
expect(
|
expect(
|
||||||
subject.identity_uri_transform(identity_uri)
|
subject.identity_uri_transform(identity_uri)
|
||||||
).to eq(identity_uri)
|
).to eq(identity_uri)
|
||||||
|
|
Loading…
Reference in New Issue