Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ied0fb46ae8c10273fde31691b910dc2748845faf
Implements: blueprint simplify-identity-endpoint
This commit is contained in:
Samuel Cassiba 2018-06-12 21:44:33 -07:00
parent 80706ed6e3
commit 7740328325
5 changed files with 26 additions and 41 deletions

View File

@ -31,8 +31,9 @@ module ::Openstack
# @param [String] tenant name
# @return [Hash] environment
def openstack_command_env(name, project, user_domain, project_domain)
identity_admin_endpoint = admin_endpoint 'identity'
auth_uri = ::URI.decode identity_admin_endpoint.to_s
identity_endpoint = public_endpoint 'identity'
auth_url = ::URI.decode identity_endpoint.to_s
pass = get_password 'user', name
{
'OS_USERNAME' => name,
@ -41,7 +42,7 @@ module ::Openstack
'OS_USER_DOMAIN_NAME' => user_domain,
'OS_PROJECT_DOMAIN_NAME' => project_domain,
'OS_IDENTITY_API_VERSION' => '3',
'OS_AUTH_URL' => auth_uri,
'OS_AUTH_URL' => auth_url,
}
end

View File

@ -67,7 +67,7 @@ module ::Openstack
# Helper for creating identity_uri value for the auth_token section
# of component config files.
# The definition of identity is: the unversioned root
# admin identity endpoint e.g. https://localhost:35357/
# identity endpoint e.g. https://localhost:5000/
# This method will make sure the path is removed from the uri.
def identity_uri_transform(identity_uri)
uri = ::URI.parse ::URI.encode(identity_uri.to_s)

View File

@ -15,11 +15,11 @@ describe 'openstack-common::default' do
describe 'openstack_command_env' do
before do
node.set['openstack']['endpoints']['admin']['identity'] = {
node.set['openstack']['endpoints']['public']['identity'] = {
host: '127.0.0.1',
scheme: 'http',
path: '/v3',
port: '35357',
port: '5000',
}
end
it 'returns cli enviroment' do
@ -34,7 +34,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => '3'
)
end
@ -49,7 +49,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
@ -69,7 +69,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
@ -89,7 +89,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:shell_out).with(
@ -108,7 +108,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:openstack_command).with(
@ -129,7 +129,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
end
@ -162,7 +162,7 @@ describe 'openstack-common::default' do
'OS_PROJECT_NAME' => 'project',
'OS_USER_DOMAIN_NAME' => 'default',
'OS_PROJECT_DOMAIN_NAME' => 'default',
'OS_AUTH_URL' => 'http://127.0.0.1:35357/v3',
'OS_AUTH_URL' => 'http://127.0.0.1:5000/v3',
'OS_IDENTITY_API_VERSION' => 3,
}
allow(subject).to receive(:openstack_command).with(

View File

@ -4,16 +4,19 @@ require 'chefspec/berkshelf'
ChefSpec::Coverage.start! { add_filter 'openstack-common' }
LOG_LEVEL = :fatal
RSpec.configure do |config|
config.color = true
config.formatter = :documentation
config.log_level = :fatal
end
UBUNTU_OPTS = {
platform: 'ubuntu',
version: '16.04',
log_level: LOG_LEVEL,
}.freeze
REDHAT_OPTS = {
platform: 'redhat',
version: '7.3',
log_level: LOG_LEVEL,
version: '7.4',
}.freeze
# We set a default platform for non-platform specific test cases
CHEFSPEC_OPTS = UBUNTU_OPTS

View File

@ -89,34 +89,15 @@ describe 'Openstack uri' do
end
end
describe '#auth_uri_transform' do
it 'preserves the original auth uri when the auth version passed is v2.0' do
auth_version = 'v2.0'
auth_uri = 'http://localhost:5000/v2.0'
expect(
subject.auth_uri_transform(auth_uri, auth_version)
).to eq(auth_uri)
end
it 'substitute /v2.0 with /v3 in the passed auth uri when auth version passed is v3.0' do
auth_version = 'v3.0'
auth_uri = 'http://localhost:5000/v2.0'
expected_auth_uri = 'http://localhost:5000/v3'
expect(
subject.auth_uri_transform(auth_uri, auth_version)
).to eq(expected_auth_uri)
end
end
describe '#identity_uri_transform' do
it 'removes the path segment from identity admin endpoint' do
it 'removes the path segment from identity endpoint' do
expect(
subject.identity_uri_transform('http://localhost:35357/v2.0')
).to eq('http://localhost:35357/')
subject.identity_uri_transform('http://localhost:5000/v3')
).to eq('http://localhost:5000/')
end
it 'does not effect a valid identity admin endpoint' do
identity_uri = 'http://localhost:35357/'
it 'does not effect a valid identity endpoint' do
identity_uri = 'http://localhost:5000/'
expect(
subject.identity_uri_transform(identity_uri)
).to eq(identity_uri)