Change the default Identity endpoint to internal

In [0] the ``interface``option was added in order to allow the Identity
endpoint that is being used when validating tokens to be
configured by the deployer. Change the default to using the internal
endpoint, as that should be what most deployments will end up using.

[0] https://review.opendev.org/651790

Depends-On: https://review.opendev.org/651492
Closes-Bug: 1830002
Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb

keystonemiddleware/auth_token/_opts.py

@@ -68,9 +68,9 @@ _OPTS = [
     cfg.StrOpt('auth_version',
                help='API version of the Identity API endpoint.'),
     cfg.StrOpt('interface',
-               default='admin',
+               default='internal',
                help='Interface to use for the Identity API endpoint. Valid'
-               ' values are "public", "internal" or "admin"(default).'),
+               ' values are "public", "internal" (default) or "admin".'),
     cfg.BoolOpt('delay_auth_decision',
                 default=False,
                 help='Do not handle authorization requests within the'

keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py

@@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         west_versions = fixture.DiscoveryList(href=west_url)
 
         s = token.add_service('identity')
-        s.add_endpoint(interface='admin', url=east_url, region='east')
-        s.add_endpoint(interface='admin', url=west_url, region='west')
+        s.add_endpoint(interface='internal', url=east_url, region='east')
+        s.add_endpoint(interface='internal', url=west_url, region='west')
 
         self.requests_mock.get(auth_url, json=auth_versions)
         self.requests_mock.get(east_url, json=east_versions)
@@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
         admin_token_id = uuid.uuid4().hex
         admin_token = fixture.V3Token(project_id=self.project_id)
         s = admin_token.add_service('identity', name='keystone')
-        s.add_standard_endpoints(admin=self.KEYSTONE_URL)
+        s.add_standard_endpoints(internal=self.KEYSTONE_URL)
 
         self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL,
                                 json=admin_token,

releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml

@@ -0,0 +1,11 @@
+---
+prelude: >
+    Since the removal of the Identity API v2 Keystone no longer has any
+    special functionality that requires using the admin endpoint for it. So
+    this release changes the default endpoint being used from ``admin`` to
+    ``internal``, allowing deployments to work without an admin endpoint.
+upgrade:
+  - |
+    [`bug 1830002 <https://bugs.launchpad.net/keystonemiddleware/+bug/1830002>`_]
+    The default Identity endpoint has been changed from ``admin`` to
+    ``internal``.