Browse Source

Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ic70e3adc4615b3a79a49f8cd739d7505efee91ef
Implements: blueprint simplify-identity-endpoint
Samuel Cassiba 10 months ago
parent
commit
0fb71ae5d8
4 changed files with 15 additions and 13 deletions
  1. 4
    5
      recipes/common.rb
  2. 2
    2
      recipes/identity_registration.rb
  3. 1
    1
      spec/identity_registration_spec.rb
  4. 8
    5
      spec/spec_helper.rb

+ 4
- 5
recipes/common.rb View File

@@ -52,16 +52,15 @@ db_user = node['openstack']['db']['orchestration']['username']
52 52
 db_pass = get_password 'db', 'heat'
53 53
 stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
54 54
 
55
-identity_endpoint = internal_endpoint 'identity'
56
-identity_admin_endpoint = admin_endpoint 'identity'
55
+identity_endpoint = public_endpoint 'identity'
57 56
 
58 57
 bind_services = node['openstack']['bind_service']['all']
59 58
 api_bind = bind_services['orchestration-api']
60 59
 api_cfn_bind = bind_services['orchestration-api-cfn']
61 60
 api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
62 61
 
63
-ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
64
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
62
+ec2_auth_uri = ::URI.decode identity_endpoint.to_s
63
+auth_uri = ::URI.decode identity_endpoint.to_s
65 64
 base_auth_uri = identity_uri_transform auth_uri
66 65
 
67 66
 # We need these URIs without their default path
@@ -79,7 +78,7 @@ node.default['openstack']['orchestration']['conf'].tap do |conf|
79 78
   conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
80 79
   conf['heat_api_cfn']['bind_port'] = api_cfn_bind['port']
81 80
   conf['keystone_authtoken']['auth_url'] = auth_uri
82
-  conf['trustee']['auth_url'] = identity_admin_endpoint
81
+  conf['trustee']['auth_url'] = identity_endpoint
83 82
 end
84 83
 
85 84
 # define secrets that are needed in the heat.conf

+ 2
- 2
recipes/identity_registration.rb View File

@@ -24,9 +24,9 @@ class ::Chef::Recipe
24 24
   include ::Openstack
25 25
 end
26 26
 
27
-identity_admin_endpoint = admin_endpoint 'identity'
27
+identity_endpoint = public_endpoint 'identity'
28 28
 
29
-auth_url = ::URI.decode identity_admin_endpoint.to_s
29
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']
30 30
 
31 31
 admin_heat_endpoint = admin_endpoint 'orchestration-api'
32 32
 internal_heat_endpoint = internal_endpoint 'orchestration-api'

+ 1
- 1
spec/identity_registration_spec.rb View File

@@ -10,7 +10,7 @@ describe 'openstack-orchestration::identity_registration' do
10 10
     include_context 'orchestration_stubs'
11 11
 
12 12
     connection_params = {
13
-      openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
13
+      openstack_auth_url: 'http://127.0.0.1:5000/v3/auth/tokens',
14 14
       openstack_username: 'admin',
15 15
       openstack_api_key: 'admin-pass',
16 16
       openstack_project_name: 'admin',

+ 8
- 5
spec/spec_helper.rb View File

@@ -6,16 +6,19 @@ ChefSpec::Coverage.start! { add_filter 'openstack-orchestration' }
6 6
 
7 7
 require 'chef/application'
8 8
 
9
-LOG_LEVEL = :fatal
9
+RSpec.configure do |config|
10
+  config.color = true
11
+  config.formatter = :documentation
12
+  config.log_level = :fatal
13
+end
14
+
10 15
 REDHAT_OPTS = {
11 16
   platform: 'redhat',
12
-  version: '7.3',
13
-  log_level: ::LOG_LEVEL,
17
+  version: '7.4',
14 18
 }.freeze
15 19
 UBUNTU_OPTS = {
16 20
   platform: 'ubuntu',
17 21
   version: '16.04',
18
-  log_level: ::LOG_LEVEL,
19 22
 }.freeze
20 23
 
21 24
 shared_context 'orchestration_stubs' do
@@ -207,7 +210,7 @@ shared_examples 'expects to create heat conf' do
207 210
     describe 'has trustee values' do
208 211
       it 'has default trustee values' do
209 212
         [
210
-          %r{^auth_url = http://127.0.0.1:35357/v3$},
213
+          %r{^auth_url = http://127.0.0.1:5000/v3$},
211 214
           /^auth_type = v3password$/,
212 215
           /^username = heat$/,
213 216
           /^password = heat-pass$/,

Loading…
Cancel
Save