Allow control over the Keystone adminurl and internalurl endpoint

We publish the keystone /v2.0 api in the endpoints by default and the keystone v2.0 client will use the adminurl by default, not the publicurl, so we need to allow a more granular configuration of the adminurl. We also want the internalurl to stay on an internal network which is not necessarily the same of either the public or the admin network so we need to allow customization of the internalurl as well. Change-Id: I6d6ad06441514c6eca9922937dba9b521dad06db
2015-11-27 16:49:37 +01:00 · 2015-11-27 16:49:37 +01:00 · 1c79a4b996
parent 96aaff5306
commit 1c79a4b996
2 changed files with 98 additions and 14 deletions
--- a/os_cloud_config/keystone.py
+++ b/os_cloud_config/keystone.py
@ -128,7 +128,8 @@ SERVICES = {

 def initialize(host, admin_token, admin_email, admin_password,
               region='regionOne', ssl=None, public=None, user='root',
-               timeout=600, poll_interval=10, pki_setup=True):
+               timeout=600, poll_interval=10, pki_setup=True, admin=None,
+               internal=None):
    """Perform post-heat initialization of Keystone.

    :param host: ip/hostname of node where Keystone is running
@ -143,6 +144,10 @@ def initialize(host, admin_token, admin_email, admin_password,
    :param timeout: Total seconds to wait for keystone to be running
    :param poll_interval: Seconds to wait between keystone poll attempts
    :param pki_setup: Boolean for running pki_setup conditionally
+    :param admin: ip/hostname to use as the admin endpoint, if the
+        default is not suitable
+    :param internal: ip/hostname to use as the internal endpoint, if the
+        default is not suitable
    """

    keystone_v2 = _create_admin_client_v2(host, admin_token, public)
@ -152,7 +157,8 @@ def initialize(host, admin_token, admin_email, admin_password,
    _create_tenants(keystone_v2)
    _create_admin_user(keystone_v2, admin_email, admin_password)
    _grant_admin_user_roles(keystone_v3)
-    _create_keystone_endpoint(keystone_v2, host, region, ssl, public)
+    _create_keystone_endpoint(keystone_v2, host, region, ssl, public, admin,
+                              internal)
    if pki_setup:
        print("PKI initialization in init-keystone is deprecated and will be "
              "removed.")
@ -459,7 +465,8 @@ def _create_tenants(keystone):
    _create_tenant(keystone, 'service')


-def _create_keystone_endpoint(keystone, host, region, ssl, public):
+def _create_keystone_endpoint(keystone, host, region, ssl, public, admin,
+                              internal):
    """Create keystone endpoint in Keystone.

    :param keystone: keystone v2 client
@ -468,6 +475,10 @@ def _create_keystone_endpoint(keystone, host, region, ssl, public):
    :param ssl: ip/hostname to use as the ssl endpoint, if required
    :param public: ip/hostname to use as the public endpoint, if default is
        not suitable
+    :param admin: ip/hostname to use as the admin endpoint, if the
+        default is not suitable
+    :param internal: ip/hostname to use as the internal endpoint, if the
+        default is not suitable
    """
    LOG.debug('Create keystone public endpoint')
    service = _create_service(keystone, 'keystone', 'identity',
@ -477,9 +488,17 @@ def _create_keystone_endpoint(keystone, host, region, ssl, public):
        public_url = 'https://%s:13000/v2.0' % ssl
    elif public:
        public_url = 'http://%s:5000/v2.0' % public
-    _create_endpoint(keystone, region, service.id, public_url,
-                     'http://%s:35357/v2.0' % host,
-                     'http://%s:5000/v2.0' % host)
+
+    admin_url = 'http://%s:35357/v2.0' % host
+    if admin:
+        admin_url = 'http://%s:35357/v2.0' % admin
+
+    internal_url = 'http://%s:5000/v2.0' % host
+    if internal:
+        internal_url = 'http://%s:5000/v2.0' % internal
+
+    _create_endpoint(keystone, region, service.id, public_url, admin_url,
+                     internal_url)


 def _perform_pki_initialization(host, user):
--- a/os_cloud_config/tests/test_keystone.py
+++ b/os_cloud_config/tests/test_keystone.py
@ -22,15 +22,19 @@ from os_cloud_config.tests import base

 class KeystoneTest(base.TestCase):

-    def assert_endpoint(self, host, region='regionOne', public_endpoint=None):
+    def assert_endpoint(self, host, region='regionOne', public_endpoint=None,
+                        admin_endpoint=None, internal_endpoint=None):
        self.client.services.create.assert_called_once_with(
            'keystone', 'identity', description='Keystone Identity Service')
        if public_endpoint is None:
            public_endpoint = 'http://%s:5000/v2.0' % host
+        if admin_endpoint is None:
+            admin_endpoint = 'http://%s:35357/v2.0' % host
+        if internal_endpoint is None:
+            internal_endpoint = 'http://%s:5000/v2.0' % host
        self.client.endpoints.create.assert_called_once_with(
            region, self.client.services.create.return_value.id,
-            public_endpoint, 'http://%s:35357/v2.0' % host,
-            'http://192.0.0.3:5000/v2.0')
+            public_endpoint, admin_endpoint, internal_endpoint)

    def assert_calls_in_grant_admin_user_roles(self):
        self.client_v3.roles.list.assert_has_calls([mock.call(name='admin')])
@ -195,7 +199,7 @@ class KeystoneTest(base.TestCase):

        keystone._create_keystone_endpoint(
            self.client, '192.0.0.3', 'regionOne', 'keystone.example.com',
-            None)
+            None, None, None)
        public_endpoint = 'https://keystone.example.com:13000/v2.0'
        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint)

@ -206,8 +210,9 @@ class KeystoneTest(base.TestCase):
        self.client.endpoints.findall.return_value = []

        keystone._create_keystone_endpoint(
-            self.client, '192.0.0.3', 'regionOne', None, 'keystone.internal')
-        public_endpoint = 'http://keystone.internal:5000/v2.0'
+            self.client, '192.0.0.3', 'regionOne', None, 'keystone.public',
+            None, None)
+        public_endpoint = 'http://keystone.public:5000/v2.0'
        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint)

    def test_create_keystone_endpoint_ssl_and_public(self):
@ -218,10 +223,70 @@ class KeystoneTest(base.TestCase):

        keystone._create_keystone_endpoint(
            self.client, '192.0.0.3', 'regionOne', 'keystone.example.com',
-            'keystone.internal')
+            'keystone.public', None, None)
        public_endpoint = 'https://keystone.example.com:13000/v2.0'
        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint)

+    def test_create_keystone_endpoint_public_and_admin(self):
+        self._patch_client()
+
+        self.client.services.findall.return_value = []
+        self.client.endpoints.findall.return_value = []
+
+        keystone._create_keystone_endpoint(
+            self.client, '192.0.0.3', 'regionOne', None, 'keystone.public',
+            'keystone.admin', None)
+        public_endpoint = 'http://keystone.public:5000/v2.0'
+        admin_endpoint = 'http://keystone.admin:35357/v2.0'
+        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint,
+                             admin_endpoint=admin_endpoint)
+
+    def test_create_keystone_endpoint_ssl_public_and_admin(self):
+        self._patch_client()
+
+        self.client.services.findall.return_value = []
+        self.client.endpoints.findall.return_value = []
+
+        keystone._create_keystone_endpoint(
+            self.client, '192.0.0.3', 'regionOne', 'keystone.example.com',
+            'keystone.public', 'keystone.admin', None)
+        public_endpoint = 'https://keystone.example.com:13000/v2.0'
+        admin_endpoint = 'http://keystone.admin:35357/v2.0'
+        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint,
+                             admin_endpoint=admin_endpoint)
+
+    def test_create_keystone_endpoint_public_admin_and_internal(self):
+        self._patch_client()
+
+        self.client.services.findall.return_value = []
+        self.client.endpoints.findall.return_value = []
+
+        keystone._create_keystone_endpoint(
+            self.client, '192.0.0.3', 'regionOne', None, 'keystone.public',
+            'keystone.admin', 'keystone.internal')
+        public_endpoint = 'http://keystone.public:5000/v2.0'
+        admin_endpoint = 'http://keystone.admin:35357/v2.0'
+        internal_endpoint = 'http://keystone.internal:5000/v2.0'
+        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint,
+                             admin_endpoint=admin_endpoint,
+                             internal_endpoint=internal_endpoint)
+
+    def test_create_keystone_endpoint_ssl_public_admin_and_internal(self):
+        self._patch_client()
+
+        self.client.services.findall.return_value = []
+        self.client.endpoints.findall.return_value = []
+
+        keystone._create_keystone_endpoint(
+            self.client, '192.0.0.3', 'regionOne', 'keystone.example.com',
+            'keystone.public', 'keystone.admin', 'keystone.internal')
+        public_endpoint = 'https://keystone.example.com:13000/v2.0'
+        admin_endpoint = 'http://keystone.admin:35357/v2.0'
+        internal_endpoint = 'http://keystone.internal:5000/v2.0'
+        self.assert_endpoint('192.0.0.3', public_endpoint=public_endpoint,
+                             admin_endpoint=admin_endpoint,
+                             internal_endpoint=internal_endpoint)
+
    def test_create_keystone_endpoint_region(self):
        self._patch_client()

@ -229,7 +294,7 @@ class KeystoneTest(base.TestCase):
        self.client.endpoints.findall.return_value = []

        keystone._create_keystone_endpoint(
-            self.client, '192.0.0.3', 'regionTwo', None, None)
+            self.client, '192.0.0.3', 'regionTwo', None, None, None, None)
        self.assert_endpoint('192.0.0.3', region='regionTwo')

    @mock.patch('time.sleep')