Drop admin endpoints

The admin endpoints offer no special functionality, users may talk to
the public endpoints instead. The only historic use case has been the
keystone v2 admin endpoint, but with keystone v3 API, even that is no
longer needed.

Also stop creating cache dirs that were only needed while keystone
supported PKI tokens.

[0]
https://opendev.org/openstack/openstack-chef-specs/src/branch/master/specs/ocata/all/drop-admin-endpoints.rst

Depends-On: https://review.openstack.org/652050
Change-Id: I309bf20e68e452489a24cf36472fc5c9f68cbe36

attributes/default.rb

@@ -21,7 +21,7 @@
 
 # Set the endpoints for the network service to allow all other cookbooks to
 # access and use them
-%w(public internal admin).each do |ep_type|
+%w(public internal).each do |ep_type|
   # openstack identity service endpoints (used by users and services)
   default['openstack']['endpoints'][ep_type]['network']['host'] = '127.0.0.1'
   default['openstack']['endpoints'][ep_type]['network']['scheme'] = 'http'
@@ -49,8 +49,6 @@ default['openstack']['network']['service_name'] = 'neutron'
 default['openstack']['network']['service_type'] = 'network'
 default['openstack']['network']['description'] = 'OpenStack Networking service'
 default['openstack']['network']['rabbit_server_chef_role'] = 'rabbitmq-server'
-# Keystone PKI signing directory.
-default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
 # The bridging interface driver.
 # This is used by the L3, DHCP and LBaaS agents.
 # Options are:

recipes/default.rb

@@ -48,20 +48,6 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
   end
 end
 
-directory '/var/cache/neutron' do
-  owner node['openstack']['network']['platform']['user']
-  group node['openstack']['network']['platform']['group']
-  mode 0o0700
-  action :create
-end
-
-directory node['openstack']['network']['api']['auth']['cache_dir'] do
-  owner node['openstack']['network']['platform']['user']
-  group node['openstack']['network']['platform']['group']
-  mode 0o0700
-  only_if { node['openstack']['auth']['strategy'] == 'pki' }
-end
-
 template '/etc/neutron/rootwrap.conf' do
   source 'openstack-service.conf.erb'
   cookbook 'openstack-common'

recipes/identity_registration.rb

@@ -32,7 +32,6 @@ auth_url = ::URI.decode identity_endpoint.to_s
 interfaces = {
   public: { url: public_endpoint('network') },
   internal: { url: internal_endpoint('network') },
-  admin: { url: admin_endpoint('network') },
 }
 
 service_pass = get_password 'service', 'openstack-network'
@@ -48,16 +47,15 @@ admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
 admin_project = node['openstack']['identity']['admin_project']
 admin_domain = node['openstack']['identity']['admin_domain_name']
 region = node['openstack']['region']
-
-# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
-# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
+endpoint_type = node['openstack']['identity']['endpoint_type']
 
 connection_params = {
-  openstack_auth_url:     "#{auth_url}/auth/tokens",
-  openstack_username:     admin_user,
-  openstack_api_key:      admin_pass,
-  openstack_project_name: admin_project,
-  openstack_domain_name:    admin_domain,
+  openstack_auth_url:      "#{auth_url}/auth/tokens",
+  openstack_username:      admin_user,
+  openstack_api_key:       admin_pass,
+  openstack_project_name:  admin_project,
+  openstack_domain_name:   admin_domain,
+  openstack_endpoint_type: endpoint_type,
 }
 
 # Register Network Service
@@ -77,6 +75,7 @@ interfaces.each do |interface, res|
     connection_params connection_params
   end
 end
+
 # Register Service Tenant
 openstack_project service_tenant_name do
   connection_params connection_params

spec/default_spec.rb

@@ -17,37 +17,6 @@ describe 'openstack-network' do
       end
     end
 
-    it do
-      expect(chef_run).to create_directory('/var/cache/neutron')
-        .with(owner: 'neutron',
-              group: 'neutron',
-              mode: 0o0700)
-    end
-
-    describe '/var/cache/neutron/api with pki set' do
-      before do
-        node.override['openstack']['auth']['strategy'] = 'pki'
-      end
-      it do
-        expect(chef_run).to create_directory('/var/cache/neutron/api')
-          .with(owner: 'neutron',
-                group: 'neutron',
-                mode: 0o0700)
-      end
-    end
-
-    describe '/var/cache/neutron/api with pki set' do
-      before do
-        node.override['openstack']['auth']['strategy'] = 'not_pki'
-      end
-      it do
-        expect(chef_run).not_to create_directory('/var/cache/neutron/api')
-          .with(owner: 'neutron',
-                group: 'neutron',
-                mode: 0o0700)
-      end
-    end
-
     describe '/etc/neutron/rootwrap.conf' do
       let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
       [

spec/identity_registration_spec.rb

@@ -19,6 +19,7 @@ describe 'openstack-network::identity_registration' do
       openstack_api_key: 'admin-pass',
       openstack_project_name: 'admin',
       openstack_domain_name: 'default',
+      openstack_endpoint_type: 'internalURL',
     }
     service_name = 'neutron'
     service_type = 'network'
@@ -48,7 +49,7 @@ describe 'openstack-network::identity_registration' do
     end
 
     context "registers #{service_name} endpoint" do
-      %w(admin internal public).each do |interface|
+      %w(internal public).each do |interface|
         it "#{interface} endpoint with default values" do
           expect(chef_run).to create_openstack_endpoint(
             service_type