Remove dcdbsync public endpoint from keystone catalog

dcdbsync is a private service only used by dcorch in DC system to synchronize keystone resources. It's not supposed to have public endpoint in keystone catalog to expose its service on OAM IF. This update removed its public endpoint from keystone catalog. Change-Id: Idfb95ad26ea99e3ca01d78b974284909f82becc0 Closes-Bug: 1892391 Signed-off-by: Andy Ning <andy.ning@windriver.com>
2020-09-21 13:55:21 -04:00 · 2020-09-21 13:55:21 -04:00 · a7449bcb6e
parent ba15e899ca
commit a7449bcb6e
1 changed files with 12 additions and 0 deletions
--- a/modules/puppet-dcdbsync/src/dcdbsync/manifests/keystone/auth.pp
+++ b/modules/puppet-dcdbsync/src/dcdbsync/manifests/keystone/auth.pp
@ -48,4 +48,16 @@ class dcdbsync::keystone::auth (
    admin_url           => $admin_url,
    internal_url        => $internal_url,
  }
+
+  # dcdbsync is a private service only used by dcorch,
+  # its API is not exposed for public access.
+  -> exec { 'Delete public endpoint':
+    path      => '/usr/bin',
+    command   => @("CMD"/L),
+      /bin/sh -c 'source /etc/platform/openrc && \
+      openstack endpoint list --service dcorch-dbsync --interface public --format value -c ID | \
+      xargs --no-run-if-empty openstack endpoint delete'
+      | CMD
+    logoutput => true,
+  }
 }