diff --git a/magnum/conf/trust.py b/magnum/conf/trust.py index eb5c826e8b..07e174da8a 100644 --- a/magnum/conf/trust.py +++ b/magnum/conf/trust.py @@ -53,7 +53,10 @@ trust_opts = [ 'by the trustor')), cfg.StrOpt('trustee_keystone_interface', default='public', - help=_('Auth interface used by instances/trustee')) + help=_('Auth interface used by instances/trustee')), + cfg.StrOpt('trustee_keystone_region_name', + help=_('Region in Identity service catalog to use for ' + 'communication with the OpenStack service.')) ] diff --git a/magnum/drivers/heat/template_def.py b/magnum/drivers/heat/template_def.py index 0511a5faa7..397b53c45c 100755 --- a/magnum/drivers/heat/template_def.py +++ b/magnum/drivers/heat/template_def.py @@ -255,10 +255,14 @@ class BaseTemplateDefinition(TemplateDefinition): else: extra_params['trust_id'] = "" - extra_params['auth_url'] = osc.url_for( - service_type='identity', - interface=CONF.trust.trustee_keystone_interface, - version=3) + kwargs = { + 'service_type': 'identity', + 'interface': CONF.trust.trustee_keystone_interface, + 'version': 3 + } + if CONF.trust.trustee_keystone_region_name: + kwargs['region_name'] = CONF.trust.trustee_keystone_region_name + extra_params['auth_url'] = osc.url_for(**kwargs) return super(BaseTemplateDefinition, self).get_params(context, cluster_template, cluster, diff --git a/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml b/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml new file mode 100644 index 0000000000..f465caee19 --- /dev/null +++ b/releasenotes/notes/bug-2002981-trustee-auth-region-name-37796a4e6a274fb8.yaml @@ -0,0 +1,8 @@ +--- +fixes: + - | + Add `trustee_keystone_region_name` optional parameter to the `trust` + section. This parameter is useful for multi-regional OpenStack + installations with different Identity service for every region. + In such installation it is necessary to specify a region when searching + for `auth_url` to authenticate a trustee user.