openstack/puppet-heat
Code Issues Proposed changes

Change clients_keystone/auth_uri default to public Keystone URL

Browse Source 
By default, the ::heat class configures clients_keystone/auth_uri to the
value of ::heat::keystone::authtoken::auth_url, which is generally the
admin endpoint on port 35357.

However, since this URI can be used by non-admin clients running inside
instances, such as os-collect-config, a better default value would be to
use either the public or internal Keystone endpoint, depending on the
deployment. This commit changes the default to the public Keystone
endpoint defined in ::heat::keystone::authtoken::www_authenticate_uri.

It is still possible to provide a custom value using the
heat_clients_keystone_uri parameter.

Change-Id: Idb0f408776ef27f16a522e4443531fd97276669b
Closes-Bug: #1763700
This commit is contained in:
Pierre Riteau
2018-04-13 14:33:12 +01:00
parent 8adb596e33
commit 564b1a7234
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
manifests/init.pp
View File

@@ -470,6 +470,7 @@ instead.")
password => $amqp_password, password => $amqp_password,
} }
$auth_uri = $::heat::keystone::authtoken::www_authenticate_uri
$auth_url = $::heat::keystone::authtoken::auth_url $auth_url = $::heat::keystone::authtoken::auth_url
$keystone_username = $::heat::keystone::authtoken::username $keystone_username = $::heat::keystone::authtoken::username
$keystone_password = $::heat::keystone::authtoken::password $keystone_password = $::heat::keystone::authtoken::password
@@ -478,7 +479,7 @@ instead.")
if (defined($heat_clients_keystone_uri)) { if (defined($heat_clients_keystone_uri)) {
$heat_clients_keystone_uri_real = $heat_clients_keystone_uri $heat_clients_keystone_uri_real = $heat_clients_keystone_uri
} else { } else {
$heat_clients_keystone_uri_real = $auth_url $heat_clients_keystone_uri_real = $auth_uri
} }

7
releasenotes/notes/change_clients_keystone_auth_uri_default-72ba554b846f2193.yaml Normal file
View File

@@ -0,0 +1,7 @@
---
upgrade:
- |
The default for the clients_keystone/auth_uri configuration parameter has
been updated to use the public Keystone endpoint rather than the admin
endpoint, as expected by Heat. To continue using the admin endpoint, use
the heat_clients_keystone_uri parameter of the ::heat class.

2
spec/classes/heat_init_spec.rb
View File

@@ -138,7 +138,7 @@ describe 'heat' do
end end
it 'configures auth_uri for clients_keystone' do it 'configures auth_uri for clients_keystone' do
is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:35357/' ) is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:5000/' )
end end
it 'configures endpoint_type for clients' do it 'configures endpoint_type for clients' do