From 2c644bdb05348e7e104d983ded7d05497a708744 Mon Sep 17 00:00:00 2001
From: Eyal <eyal.bar-ilan@nokia.com>
Date: Thu, 2 Aug 2018 15:57:41 +0300
Subject: [PATCH] expose the user info url as a configuration

Change-Id: Ia19c00b04a380fe862b7a67061d9ece2b34ad1ab
---
 mistral/auth/keycloak.py | 2 +-
 mistral/config.py        | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/mistral/auth/keycloak.py b/mistral/auth/keycloak.py
index 19dceb4d3..060a6a46f 100644
--- a/mistral/auth/keycloak.py
+++ b/mistral/auth/keycloak.py
@@ -68,7 +68,7 @@ class KeycloakAuthHandler(auth.AuthHandler):
         # to use user info endpoint which also takes exactly one parameter
         # (access token) and replies with error if token is invalid.
         user_info_endpoint = (
-            "%s/realms/%s/protocol/openid-connect/userinfo" %
+            ("%s" + CONF.keycloak_oidc.user_info_endpoint_url) %
             (CONF.keycloak_oidc.auth_url, realm_name)
         )
 
diff --git a/mistral/config.py b/mistral/config.py
index b0a4393c5..b480223df 100644
--- a/mistral/config.py
+++ b/mistral/config.py
@@ -455,7 +455,12 @@ keycloak_oidc_opts = [
         'insecure',
         default=False,
         help=_('If True, SSL/TLS certificate verification is disabled')
-    )
+    ),
+    cfg.StrOpt(
+        'user_info_endpoint_url',
+        default='/realms/%s/protocol/openid-connect/userinfo',
+        help='Endpoint against which authorization will be performed'
+    ),
 ]
 
 openstack_actions_opts = [