Use identity_uri_transform for identiry_uri support

Remove deprecated keys and use identity_uri via the new transform
helper method.

Change-Id: I2e439b8f3d1f5a4efa0c082b8e7d88d8594a65b3
Implements: blueprint identity-uri

recipes/ironic-common.rb

@@ -68,6 +68,7 @@ identity_admin_endpoint = admin_endpoint 'identity-admin'
 service_pass = get_password 'service', 'openstack-bare-metal'
 
 auth_uri = auth_uri_transform(identity_endpoint.to_s, node['openstack']['bare-metal']['api']['auth']['version'])
+identity_uri = identity_uri_transform(identity_admin_endpoint)
 
 template '/etc/ironic/ironic.conf' do
   source 'ironic.conf.erb'
@@ -83,7 +84,7 @@ template '/etc/ironic/ironic.conf' do
     glance_host: image_endpoint.host,
     glance_port: image_endpoint.port,
     auth_uri: auth_uri,
-    identity_admin_endpoint: identity_admin_endpoint,
+    identity_uri: identity_uri,
     service_pass: service_pass
   )
 end

spec/ironic-common_spec.rb

@@ -76,7 +76,13 @@ describe 'openstack-bare-metal::ironic-common' do
         it 'sets the default auth attributes' do
           [
             /^insecure=false$/,
-            %r(^signing_dir=/var/cache/ironic/api$)
+            %r(^signing_dir=/var/cache/ironic/api$),
+            %r(^auth_uri=http://127.0.0.1:5000/v2.0$),
+            %r(^identity_uri=http://127.0.0.1:35357/$),
+            /^auth_version=v2.0$/,
+            /^admin_user=ironic$/,
+            /^admin_password=service_pass$/,
+            /^admin_tenant_name=service$/
           ].each do |line|
             expect(chef_run).to render_config_file(file.name).with_section_content('keystone_authtoken', line)
           end

spec/spec_helper.rb

@@ -25,13 +25,13 @@ shared_context 'bare-metal-stubs' do
   before do
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('service', anything)
-      .and_return('')
+      .and_return('service_pass')
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('db', anything)
-      .and_return('')
+      .and_return('db_pass')
     allow_any_instance_of(Chef::Recipe).to receive(:get_password)
       .with('user', anything)
-      .and_return('')
+      .and_return('user_pass')
     allow_any_instance_of(Chef::Recipe).to receive(:get_secret)
       .with('openstack_identity_bootstrap_token')
       .and_return('bootstrap-token')

templates/default/ironic.conf.erb

@@ -929,38 +929,27 @@ glance_protocol=<%= @glance_scheme %>
 # Options defined in keystonemiddleware.auth_token
 #
 
-# Host providing the admin Identity API endpoint (string
-# value)
-auth_host=<%= @identity_admin_endpoint.host %>
-
-# Port of the admin Identity API endpoint (integer value)
-auth_port=<%= @identity_admin_endpoint.port %>
-
-# Protocol of the admin Identity API endpoint(http or https)
-# (string value)
-auth_protocol=<%= @identity_admin_endpoint.scheme %>
-
 # Complete public Identity API endpoint. (string value)
 auth_uri=<%= @auth_uri %>
 
 # Complete admin Identity API endpoint. This should specify
-# the unversioned root endpoint e.g. https://localhost:3537/
+# the unversioned root endpoint e.g. https://localhost:35357/
 # (string value)
-identity_uri=<%= @identity_admin_endpoint.scheme %>://<%= @identity_admin_endpoint.host %>:<%= @identity_admin_endpoint.port %>
+identity_uri=<%= @identity_uri %>
 
 # API version of the admin Identity API endpoint. (string
 # value)
 auth_version=<%= node['openstack']['bare-metal']['api']['auth']['version'] %>
 
 # Keystone account username (string value)
-admin_user = <%= node['openstack']['bare-metal']['service_user'] %>
+admin_user=<%= node['openstack']['bare-metal']['service_user'] %>
 
 # Keystone account password (string value)
-admin_password = <%= @service_pass %>
+admin_password=<%= @service_pass %>
 
 # Keystone service account tenant name to validate user tokens
 # (string value)
-admin_tenant_name = <%= node['openstack']['bare-metal']['service_tenant_name'] %>
+admin_tenant_name=<%= node['openstack']['bare-metal']['service_tenant_name'] %>
 
 # Do not handle authorization requests within the middleware,
 # but delegate the authorization decision to downstream WSGI