Change clients_keystone/auth_uri default to public Keystone URL

By default, the ::heat class configures clients_keystone/auth_uri to the value of ::heat::keystone::authtoken::auth_url, which is generally the admin endpoint on port 35357. However, since this URI can be used by non-admin clients running inside instances, such as os-collect-config, a better default value would be to use either the public or internal Keystone endpoint, depending on the deployment. This commit changes the default to the public Keystone endpoint defined in ::heat::keystone::authtoken::www_authenticate_uri. It is still possible to provide a custom value using the heat_clients_keystone_uri parameter. Change-Id: Idb0f408776ef27f16a522e4443531fd97276669b Closes-Bug: #1763700
2018-04-13 14:33:12 +01:00 · 2018-04-13 14:33:12 +01:00 · 564b1a7234
commit 564b1a7234
parent 8adb596e33
3 changed files with 10 additions and 2 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -470,6 +470,7 @@ instead.")
    password               => $amqp_password,
  }

+  $auth_uri = $::heat::keystone::authtoken::www_authenticate_uri
  $auth_url = $::heat::keystone::authtoken::auth_url
  $keystone_username = $::heat::keystone::authtoken::username
  $keystone_password = $::heat::keystone::authtoken::password
@ -478,7 +479,7 @@ instead.")
  if (defined($heat_clients_keystone_uri)) {
    $heat_clients_keystone_uri_real = $heat_clients_keystone_uri
  } else {
-    $heat_clients_keystone_uri_real = $auth_url
+    $heat_clients_keystone_uri_real = $auth_uri
  }


--- a/releasenotes/notes/change_clients_keystone_auth_uri_default-72ba554b846f2193.yaml
+++ b/releasenotes/notes/change_clients_keystone_auth_uri_default-72ba554b846f2193.yaml
@ -0,0 +1,7 @@
+---
+upgrade:
+  - |
+    The default for the clients_keystone/auth_uri configuration parameter has
+    been updated to use the public Keystone endpoint rather than the admin
+    endpoint, as expected by Heat. To continue using the admin endpoint, use
+    the heat_clients_keystone_uri parameter of the ::heat class.
--- a/spec/classes/heat_init_spec.rb
+++ b/spec/classes/heat_init_spec.rb
@ -138,7 +138,7 @@ describe 'heat' do
    end

    it 'configures auth_uri for clients_keystone' do
-      is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:35357/' )
+      is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:5000/' )
    end

    it 'configures endpoint_type for clients' do