moves default keystone API to v3

v2.0 of the keystone API was deprecated in icehouse-2, moving to
support v3 by default.

This also fixes a bug in Horizon where if you specify v3 for the
API version and v2.0 is still the auth url, login fails.

Implements blueprint keystone-v3-default
Partial-bug: #1267636

Change-Id: Ibc4872f24125fa74230eab781b002dffdba5f5da

doc/source/installation.rst

@@ -18,7 +18,7 @@ Installing is quick and easy:
 
 #. Configure your API endpoint(s) in ``settings.py``::
 
-        OPENSTACK_KEYSTONE_URL = "http://example.com:5000/v2.0"
+        OPENSTACK_KEYSTONE_URL = "http://example.com:5000/v3"
 
 #. Include ``'keystone_auth.urls'`` somewhere in your ``urls.py`` file.
 

openstack_auth/backend.py

@@ -78,6 +78,10 @@ class KeystoneBackend(object):
         endpoint_type = getattr(
             settings, 'OPENSTACK_ENDPOINT_TYPE', 'publicURL')
 
+        # keystone client v3 does not support logging in on the v2 url any more
+        if get_keystone_version() >= 3:
+            auth_url = auth_url.replace('v2.0', 'v3')
+
         keystone_client = get_keystone_client()
         try:
             client = keystone_client.Client(

openstack_auth/tests/settings.py

@@ -31,7 +31,7 @@ MIDDLEWARE_CLASSES = [
 
 AUTHENTICATION_BACKENDS = ['openstack_auth.backend.KeystoneBackend']
 
-OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
+OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v3"
 
 ROOT_URLCONF = 'openstack_auth.tests.urls'
 
@@ -40,7 +40,7 @@ LOGIN_REDIRECT_URL = '/'
 SECRET_KEY = 'badcafe'
 
 OPENSTACK_API_VERSIONS = {
-    "identity": 2.0
+    "identity": 3
 }
 
 USE_TZ = True

openstack_auth/tests/tests.py

@@ -43,6 +43,8 @@ class OpenStackAuthTestsV2(test.TestCase):
         self.keystone_client_scoped = self.ks_client_module.Client(
             endpoint=endpoint,
             auth_ref=self.data.scoped_access_info)
+        settings.OPENSTACK_API_VERSIONS['identity'] = 2.0
+        settings.OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
 
     def tearDown(self):
         self.mox.UnsetStubs()

openstack_auth/utils.py

@@ -141,7 +141,7 @@ def is_safe_url(url, host=None):
 # Helper for figuring out keystone version
 # Implementation will change when API version discovery is available
 def get_keystone_version():
-    return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 2.0)
+    return getattr(settings, 'OPENSTACK_API_VERSIONS', {}).get('identity', 3)
 
 
 def get_keystone_client():
@@ -153,6 +153,8 @@ def get_keystone_client():
 
 def get_project_list(*args, **kwargs):
     if get_keystone_version() < 3:
+        auth_url = kwargs.get('auth_url', '').replace('v3', 'v2.0')
+        kwargs['auth_url'] = auth_url
         client = get_keystone_client().Client(*args, **kwargs)
         return client.tenants.list()
     else:

openstack_auth/views.py

@@ -136,6 +136,7 @@ def switch(request, tenant_id, redirect_field_name=REDIRECT_FIELD_NAME):
     endpoint = request.user.endpoint
     try:
         if get_keystone_version() >= 3:
+            if 'v3' not in endpoint:
                 endpoint = endpoint.replace('v2.0', 'v3')
         client = get_keystone_client().Client(tenant_id=tenant_id,
                                               token=request.user.token.id,