Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ic70e3adc4615b3a79a49f8cd739d7505efee91ef
Implements: blueprint simplify-identity-endpoint
This commit is contained in:
Samuel Cassiba 2018-06-12 22:18:17 -07:00
parent b9af23547c
commit 0fb71ae5d8
4 changed files with 15 additions and 13 deletions

View File

@ -52,16 +52,15 @@ db_user = node['openstack']['db']['orchestration']['username']
db_pass = get_password 'db', 'heat'
stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
identity_endpoint = internal_endpoint 'identity'
identity_admin_endpoint = admin_endpoint 'identity'
identity_endpoint = public_endpoint 'identity'
bind_services = node['openstack']['bind_service']['all']
api_bind = bind_services['orchestration-api']
api_cfn_bind = bind_services['orchestration-api-cfn']
api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
ec2_auth_uri = ::URI.decode identity_endpoint.to_s
auth_uri = ::URI.decode identity_endpoint.to_s
base_auth_uri = identity_uri_transform auth_uri
# We need these URIs without their default path
@ -79,7 +78,7 @@ node.default['openstack']['orchestration']['conf'].tap do |conf|
conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
conf['heat_api_cfn']['bind_port'] = api_cfn_bind['port']
conf['keystone_authtoken']['auth_url'] = auth_uri
conf['trustee']['auth_url'] = identity_admin_endpoint
conf['trustee']['auth_url'] = identity_endpoint
end
# define secrets that are needed in the heat.conf

View File

@ -24,9 +24,9 @@ class ::Chef::Recipe
include ::Openstack
end
identity_admin_endpoint = admin_endpoint 'identity'
identity_endpoint = public_endpoint 'identity'
auth_url = ::URI.decode identity_admin_endpoint.to_s
auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']
admin_heat_endpoint = admin_endpoint 'orchestration-api'
internal_heat_endpoint = internal_endpoint 'orchestration-api'

View File

@ -10,7 +10,7 @@ describe 'openstack-orchestration::identity_registration' do
include_context 'orchestration_stubs'
connection_params = {
openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
openstack_auth_url: 'http://127.0.0.1:5000/v3/auth/tokens',
openstack_username: 'admin',
openstack_api_key: 'admin-pass',
openstack_project_name: 'admin',

View File

@ -6,16 +6,19 @@ ChefSpec::Coverage.start! { add_filter 'openstack-orchestration' }
require 'chef/application'
LOG_LEVEL = :fatal
RSpec.configure do |config|
config.color = true
config.formatter = :documentation
config.log_level = :fatal
end
REDHAT_OPTS = {
platform: 'redhat',
version: '7.3',
log_level: ::LOG_LEVEL,
version: '7.4',
}.freeze
UBUNTU_OPTS = {
platform: 'ubuntu',
version: '16.04',
log_level: ::LOG_LEVEL,
}.freeze
shared_context 'orchestration_stubs' do
@ -207,7 +210,7 @@ shared_examples 'expects to create heat conf' do
describe 'has trustee values' do
it 'has default trustee values' do
[
%r{^auth_url = http://127.0.0.1:35357/v3$},
%r{^auth_url = http://127.0.0.1:5000/v3$},
/^auth_type = v3password$/,
/^username = heat$/,
/^password = heat-pass$/,