From bb4431126b80be4805f1072442676797e6019576 Mon Sep 17 00:00:00 2001
From: Sean Dague <sean@dague.net>
Date: Wed, 19 Apr 2017 16:22:42 -0400
Subject: [PATCH] Try to remove /identity_admin

We should be able to operate without the identity admin endpoint,
given that in v3 it's all the same. This floats that out there to see
if we can or not.

Change-Id: Ic233f6b43dd1e3cfdadff0f18aba4ea78825a996
---
 lib/keystone | 14 ++++++--------
 lib/tempest  |  4 ++++
 2 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/lib/keystone b/lib/keystone
index 75a06791de..fd1e29ce28 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -113,8 +113,9 @@ if is_service_enabled tls-proxy; then
     KEYSTONE_SERVICE_PROTOCOL="https"
 fi
 
-KEYSTONE_AUTH_URI=${KEYSTONE_AUTH_PROTOCOL}://${KEYSTONE_AUTH_HOST}/identity_admin
 KEYSTONE_SERVICE_URI=${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}/identity
+# for compat
+KEYSTONE_AUTH_URI=$KEYSTONE_SERVICE_URI
 
 # V3 URIs
 KEYSTONE_AUTH_URI_V3=$KEYSTONE_AUTH_URI/v3
@@ -141,6 +142,7 @@ function is_keystone_enabled {
 # runs that a clean run would need to clean up
 function cleanup_keystone {
     if [[ "$WSGI_MODE" == "uwsgi" ]]; then
+        # TODO: remove admin at pike-2
         remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
         remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
         sudo rm -f $(apache_site_config_for keystone-wsgi-public)
@@ -543,11 +545,7 @@ function start_keystone {
         tail_log key /var/log/$APACHE_NAME/keystone.log
         tail_log key-access /var/log/$APACHE_NAME/keystone_access.log
     else # uwsgi
-        # TODO(sdague): we should really get down to a single keystone here
-        enable_service key-p
-        enable_service key-a
-        run_process key-p "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
-        run_process key-a "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_ADMIN_UWSGI_CONF" ""
+        run_process keystone "$KEYSTONE_BIN_DIR/uwsgi --ini $KEYSTONE_PUBLIC_UWSGI_CONF" ""
     fi
 
     echo "Waiting for keystone to start..."
@@ -578,9 +576,9 @@ function stop_keystone {
         disable_apache_site keystone
         restart_apache_server
     else
-        stop_process key-p
-        stop_process key-a
+        stop_process keystone
         remove_uwsgi_config "$KEYSTONE_PUBLIC_UWSGI_CONF" "$KEYSTONE_PUBLIC_UWSGI"
+        # TODO(remove in at pike-2)
         remove_uwsgi_config "$KEYSTONE_ADMIN_UWSGI_CONF" "$KEYSTONE_ADMIN_UWSGI"
     fi
     # Kill the Keystone screen window
diff --git a/lib/tempest b/lib/tempest
index f19686a862..c5853c9a83 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -278,6 +278,10 @@ function configure_tempest {
         iniset $TEMPEST_CONFIG identity-feature-enabled api_v2 False
     fi
     iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v3}
+    if [[ "$TEMPEST_AUTH_VERSION" != "v2.0" ]]; then
+        # we're going to disable v2 admin unless we're using v2.0 by default.
+        iniset $TEMPEST_CONFIG identity-feature-enabled api_v2_admin False
+    fi
 
     if is_service_enabled tls-proxy; then
         iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE