diff --git a/lib/horizon b/lib/horizon index f953f5cc01..ab6e758409 100644 --- a/lib/horizon +++ b/lib/horizon @@ -97,7 +97,14 @@ function init_horizon { _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\" _horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\" - _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\"" + + if [ "$ENABLE_IDENTITY_V2" == "False" ]; then + # Only Identity v3 API is available; then use it with v3 auth tokens + _horizon_config_set $local_settings "" OPENSTACK_API_VERSIONS {\"identity\":\"v3\"} + _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v3\"" + else + _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_URL "\"${KEYSTONE_SERVICE_PROTOCOL}://${KEYSTONE_SERVICE_HOST}:${KEYSTONE_SERVICE_PORT}/v2.0\"" + fi if [ -f $SSL_BUNDLE_FILE ]; then _horizon_config_set $local_settings "" OPENSTACK_SSL_CACERT \"${SSL_BUNDLE_FILE}\" diff --git a/lib/keystone b/lib/keystone index b0907c74a7..7a949cf96f 100644 --- a/lib/keystone +++ b/lib/keystone @@ -197,6 +197,12 @@ function configure_keystone { KEYSTONE_PASTE_INI="$KEYSTONE_CONF" fi + if [ "$ENABLE_IDENTITY_V2" == "False" ]; then + # Only Identity v3 API should be available; then disable v2 pipelines + inidelete $KEYSTONE_PASTE_INI composite:main \\/v2.0 + inidelete $KEYSTONE_PASTE_INI composite:admin \\/v2.0 + fi + configure_keystone_extensions # Rewrite stock ``keystone.conf`` diff --git a/lib/tempest b/lib/tempest index 5599684eef..059709dbb8 100644 --- a/lib/tempest +++ b/lib/tempest @@ -310,7 +310,15 @@ function configure_tempest { iniset $TEMPEST_CONFIG identity admin_tenant_id $ADMIN_TENANT_ID iniset $TEMPEST_CONFIG identity admin_domain_name $ADMIN_DOMAIN_NAME fi - iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2} + if [ "$ENABLE_IDENTITY_V2" == "False" ]; then + # Only Identity v3 is available; then skip Identity API v2 tests + iniset $TEMPEST_CONFIG identity-feature-enabled v2_api False + # In addition, use v3 auth tokens for running all Tempest tests + iniset $TEMPEST_CONFIG identity auth_version v3 + else + iniset $TEMPEST_CONFIG identity auth_version ${TEMPEST_AUTH_VERSION:-v2} + fi + if is_ssl_enabled_service "key" || is_service_enabled tls-proxy; then iniset $TEMPEST_CONFIG identity ca_certificates_file $SSL_BUNDLE_FILE fi diff --git a/stackrc b/stackrc index 938a09a56d..09ba3e9807 100644 --- a/stackrc +++ b/stackrc @@ -87,9 +87,6 @@ TEMPEST_SERVICES="" # Set the default Nova APIs to enable NOVA_ENABLED_APIS=ec2,osapi_compute,metadata -# Configure Identity API version: 2.0, 3 -IDENTITY_API_VERSION=2.0 - # Whether to use 'dev mode' for screen windows. Dev mode works by # stuffing text into the screen windows so that a developer can use # ctrl-c, up-arrow, enter to restart the service. Starting services @@ -106,6 +103,22 @@ elif [[ -f $RC_DIR/.localrc.auto ]]; then source $RC_DIR/.localrc.auto fi +# Configure Identity API version: 2.0, 3 +IDENTITY_API_VERSION=${IDENTITY_API_VERSION:-2.0} + +# Set the option ENABLE_IDENTITY_V2 to True. It defines whether the DevStack +# deployment will be deploying the Identity v2 pipelines. If this option is set +# to ``False``, DevStack will: i) disable Identity v2; ii) configure Tempest to +# skip Identity v2 specific tests; and iii) configure Horizon to use Identity +# v3. When this option is set to ``False``, the option IDENTITY_API_VERSION +# will to be set to ``3`` in order to make DevStack register the Identity +# endpoint as v3. This flag is experimental and will be used as basis to +# identify the projects which still have issues to operate with Identity v3. +ENABLE_IDENTITY_V2=$(trueorfalse True ENABLE_IDENTITY_V2) +if [ "$ENABLE_IDENTITY_V2" == "False" ]; then + IDENTITY_API_VERSION=3 +fi + # Enable use of Python virtual environments. Individual project use of # venvs are controlled by the PROJECT_VENV array; every project with # an entry in the array will be installed into the named venv.