Change clients_keystone/auth_uri default to public Keystone URL

By default, the ::heat class configures clients_keystone/auth_uri to the
value of ::heat::keystone::authtoken::auth_url, which is generally the
admin endpoint on port 35357.

However, since this URI can be used by non-admin clients running inside
instances, such as os-collect-config, a better default value would be to
use either the public or internal Keystone endpoint, depending on the
deployment. This commit changes the default to the public Keystone
endpoint defined in ::heat::keystone::authtoken::www_authenticate_uri.

It is still possible to provide a custom value using the
heat_clients_keystone_uri parameter.

Change-Id: Idb0f408776ef27f16a522e4443531fd97276669b
Closes-Bug: #1763700
This commit is contained in:
Pierre Riteau 2018-04-13 14:33:12 +01:00
parent 8adb596e33
commit 564b1a7234
3 changed files with 10 additions and 2 deletions

View File

@ -470,6 +470,7 @@ instead.")
password => $amqp_password,
}
$auth_uri = $::heat::keystone::authtoken::www_authenticate_uri
$auth_url = $::heat::keystone::authtoken::auth_url
$keystone_username = $::heat::keystone::authtoken::username
$keystone_password = $::heat::keystone::authtoken::password
@ -478,7 +479,7 @@ instead.")
if (defined($heat_clients_keystone_uri)) {
$heat_clients_keystone_uri_real = $heat_clients_keystone_uri
} else {
$heat_clients_keystone_uri_real = $auth_url
$heat_clients_keystone_uri_real = $auth_uri
}

View File

@ -0,0 +1,7 @@
---
upgrade:
- |
The default for the clients_keystone/auth_uri configuration parameter has
been updated to use the public Keystone endpoint rather than the admin
endpoint, as expected by Heat. To continue using the admin endpoint, use
the heat_clients_keystone_uri parameter of the ::heat class.

View File

@ -138,7 +138,7 @@ describe 'heat' do
end
it 'configures auth_uri for clients_keystone' do
is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:35357/' )
is_expected.to contain_heat_config('clients_keystone/auth_uri').with_value( 'http://127.0.0.1:5000/' )
end
it 'configures endpoint_type for clients' do