Merge "Drop admin endpoints"

attributes/default.rb

@@ -21,7 +21,7 @@
 
 # Set the endpoints for the network service to allow all other cookbooks to
 # access and use them
-%w(public internal admin).each do |ep_type|
+%w(public internal).each do |ep_type|
   # openstack identity service endpoints (used by users and services)
   default['openstack']['endpoints'][ep_type]['network']['host'] = '127.0.0.1'
   default['openstack']['endpoints'][ep_type]['network']['scheme'] = 'http'
@@ -49,8 +49,6 @@ default['openstack']['network']['service_name'] = 'neutron'
 default['openstack']['network']['service_type'] = 'network'
 default['openstack']['network']['description'] = 'OpenStack Networking service'
 default['openstack']['network']['rabbit_server_chef_role'] = 'rabbitmq-server'
-# Keystone PKI signing directory.
-default['openstack']['network']['api']['auth']['cache_dir'] = '/var/cache/neutron/api'
 # The bridging interface driver.
 # This is used by the L3, DHCP and LBaaS agents.
 # Options are:

recipes/default.rb

@@ -48,20 +48,6 @@ node['openstack']['db']['python_packages'][db_type].each do |pkg|
   end
 end
 
-directory '/var/cache/neutron' do
-  owner node['openstack']['network']['platform']['user']
-  group node['openstack']['network']['platform']['group']
-  mode 0o0700
-  action :create
-end
-
-directory node['openstack']['network']['api']['auth']['cache_dir'] do
-  owner node['openstack']['network']['platform']['user']
-  group node['openstack']['network']['platform']['group']
-  mode 0o0700
-  only_if { node['openstack']['auth']['strategy'] == 'pki' }
-end
-
 template '/etc/neutron/rootwrap.conf' do
   source 'openstack-service.conf.erb'
   cookbook 'openstack-common'

recipes/identity_registration.rb

@@ -32,7 +32,6 @@ auth_url = ::URI.decode identity_endpoint.to_s
 interfaces = {
   public: { url: public_endpoint('network') },
   internal: { url: internal_endpoint('network') },
-  admin: { url: admin_endpoint('network') },
 }
 
 service_pass = get_password 'service', 'openstack-network'
@@ -48,16 +47,15 @@ admin_pass = get_password 'user', node['openstack']['identity']['admin_user']
 admin_project = node['openstack']['identity']['admin_project']
 admin_domain = node['openstack']['identity']['admin_domain_name']
 region = node['openstack']['region']
-
-# Do not configure a service/endpoint in keystone for heat-api-cloudwatch(Bug #1167927),
-# See discussions on https://bugs.launchpad.net/heat/+bug/1167927
+endpoint_type = node['openstack']['identity']['endpoint_type']
 
 connection_params = {
-  openstack_auth_url:     "#{auth_url}/auth/tokens",
-  openstack_username:     admin_user,
-  openstack_api_key:      admin_pass,
-  openstack_project_name: admin_project,
-  openstack_domain_name:    admin_domain,
+  openstack_auth_url:      "#{auth_url}/auth/tokens",
+  openstack_username:      admin_user,
+  openstack_api_key:       admin_pass,
+  openstack_project_name:  admin_project,
+  openstack_domain_name:   admin_domain,
+  openstack_endpoint_type: endpoint_type,
 }
 
 # Register Network Service
@@ -77,6 +75,7 @@ interfaces.each do |interface, res|
     connection_params connection_params
   end
 end
+
 # Register Service Tenant
 openstack_project service_tenant_name do
   connection_params connection_params

spec/default_spec.rb

@@ -17,37 +17,6 @@ describe 'openstack-network' do
       end
     end
 
-    it do
-      expect(chef_run).to create_directory('/var/cache/neutron')
-        .with(owner: 'neutron',
-              group: 'neutron',
-              mode: 0o0700)
-    end
-
-    describe '/var/cache/neutron/api with pki set' do
-      before do
-        node.override['openstack']['auth']['strategy'] = 'pki'
-      end
-      it do
-        expect(chef_run).to create_directory('/var/cache/neutron/api')
-          .with(owner: 'neutron',
-                group: 'neutron',
-                mode: 0o0700)
-      end
-    end
-
-    describe '/var/cache/neutron/api with pki set' do
-      before do
-        node.override['openstack']['auth']['strategy'] = 'not_pki'
-      end
-      it do
-        expect(chef_run).not_to create_directory('/var/cache/neutron/api')
-          .with(owner: 'neutron',
-                group: 'neutron',
-                mode: 0o0700)
-      end
-    end
-
     describe '/etc/neutron/rootwrap.conf' do
       let(:file) { chef_run.template('/etc/neutron/rootwrap.conf') }
       [

spec/identity_registration_spec.rb

@@ -19,6 +19,7 @@ describe 'openstack-network::identity_registration' do
       openstack_api_key: 'admin-pass',
       openstack_project_name: 'admin',
       openstack_domain_name: 'default',
+      openstack_endpoint_type: 'internalURL',
     }
     service_name = 'neutron'
     service_type = 'network'
@@ -48,7 +49,7 @@ describe 'openstack-network::identity_registration' do
     end
 
     context "registers #{service_name} endpoint" do
-      %w(admin internal public).each do |interface|
+      %w(internal public).each do |interface|
         it "#{interface} endpoint with default values" do
           expect(chef_run).to create_openstack_endpoint(
             service_type