From 0fb71ae5d88832747f35f6d305117ab2f1c61904 Mon Sep 17 00:00:00 2001
From: Samuel Cassiba <s@cassiba.com>
Date: Tue, 12 Jun 2018 22:18:17 -0700
Subject: [PATCH] Simplify identity endpoint

Per the Keystone Install Guide[1] the admin endpoint is superseded in
favor of a single public endpoint. As a result, the admin endpoint is no
longer deployed by default.

[1] https://docs.openstack.org/keystone/queens/install/keystone-install-ubuntu.html#install-and-configure-components

Change-Id: Ic70e3adc4615b3a79a49f8cd739d7505efee91ef
Implements: blueprint simplify-identity-endpoint
---
 recipes/common.rb                  |  9 ++++-----
 recipes/identity_registration.rb   |  4 ++--
 spec/identity_registration_spec.rb |  2 +-
 spec/spec_helper.rb                | 13 ++++++++-----
 4 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/recipes/common.rb b/recipes/common.rb
index 38e68fd..6edec81 100644
--- a/recipes/common.rb
+++ b/recipes/common.rb
@@ -52,16 +52,15 @@ db_user = node['openstack']['db']['orchestration']['username']
 db_pass = get_password 'db', 'heat'
 stack_domain_admin = node['openstack']['orchestration']['conf']['DEFAULT']['stack_domain_admin']
 
-identity_endpoint = internal_endpoint 'identity'
-identity_admin_endpoint = admin_endpoint 'identity'
+identity_endpoint = public_endpoint 'identity'
 
 bind_services = node['openstack']['bind_service']['all']
 api_bind = bind_services['orchestration-api']
 api_cfn_bind = bind_services['orchestration-api-cfn']
 api_cfn_endpoint = internal_endpoint 'orchestration-api-cfn'
 
-ec2_auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['ec2authtoken']['auth']['version']
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['orchestration']['api']['auth']['version']
+ec2_auth_uri = ::URI.decode identity_endpoint.to_s
+auth_uri = ::URI.decode identity_endpoint.to_s
 base_auth_uri = identity_uri_transform auth_uri
 
 # We need these URIs without their default path
@@ -79,7 +78,7 @@ node.default['openstack']['orchestration']['conf'].tap do |conf|
   conf['heat_api_cfn']['bind_host'] = bind_address api_cfn_bind
   conf['heat_api_cfn']['bind_port'] = api_cfn_bind['port']
   conf['keystone_authtoken']['auth_url'] = auth_uri
-  conf['trustee']['auth_url'] = identity_admin_endpoint
+  conf['trustee']['auth_url'] = identity_endpoint
 end
 
 # define secrets that are needed in the heat.conf
diff --git a/recipes/identity_registration.rb b/recipes/identity_registration.rb
index 9c1b9f1..45099b5 100644
--- a/recipes/identity_registration.rb
+++ b/recipes/identity_registration.rb
@@ -24,9 +24,9 @@ class ::Chef::Recipe
   include ::Openstack
 end
 
-identity_admin_endpoint = admin_endpoint 'identity'
+identity_endpoint = public_endpoint 'identity'
 
-auth_url = ::URI.decode identity_admin_endpoint.to_s
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['api']['auth']['version']
 
 admin_heat_endpoint = admin_endpoint 'orchestration-api'
 internal_heat_endpoint = internal_endpoint 'orchestration-api'
diff --git a/spec/identity_registration_spec.rb b/spec/identity_registration_spec.rb
index 4e03739..2f62064 100644
--- a/spec/identity_registration_spec.rb
+++ b/spec/identity_registration_spec.rb
@@ -10,7 +10,7 @@ describe 'openstack-orchestration::identity_registration' do
     include_context 'orchestration_stubs'
 
     connection_params = {
-      openstack_auth_url: 'http://127.0.0.1:35357/v3/auth/tokens',
+      openstack_auth_url: 'http://127.0.0.1:5000/v3/auth/tokens',
       openstack_username: 'admin',
       openstack_api_key: 'admin-pass',
       openstack_project_name: 'admin',
diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb
index 2ede2d6..f0d58cd 100644
--- a/spec/spec_helper.rb
+++ b/spec/spec_helper.rb
@@ -6,16 +6,19 @@ ChefSpec::Coverage.start! { add_filter 'openstack-orchestration' }
 
 require 'chef/application'
 
-LOG_LEVEL = :fatal
+RSpec.configure do |config|
+  config.color = true
+  config.formatter = :documentation
+  config.log_level = :fatal
+end
+
 REDHAT_OPTS = {
   platform: 'redhat',
-  version: '7.3',
-  log_level: ::LOG_LEVEL,
+  version: '7.4',
 }.freeze
 UBUNTU_OPTS = {
   platform: 'ubuntu',
   version: '16.04',
-  log_level: ::LOG_LEVEL,
 }.freeze
 
 shared_context 'orchestration_stubs' do
@@ -207,7 +210,7 @@ shared_examples 'expects to create heat conf' do
     describe 'has trustee values' do
       it 'has default trustee values' do
         [
-          %r{^auth_url = http://127.0.0.1:35357/v3$},
+          %r{^auth_url = http://127.0.0.1:5000/v3$},
           /^auth_type = v3password$/,
           /^username = heat$/,
           /^password = heat-pass$/,