From ff4dc4f05b929337a4da7e6c63ddd375916d6693 Mon Sep 17 00:00:00 2001
From: Jens Harbott <j.harbott@x-ion.de>
Date: Tue, 5 Sep 2017 12:47:30 +0000
Subject: [PATCH] Set auth_uri in keystone_authtoken config section

The auth_uri option will be sent to the user when an unauthenticated
request is made. It should contain the unversioned public identity
endpoint [1].

[1] https://adam.younglogic.com/2016/06/auth_uri-vs-auth_url/
---
 recipes/common.rb | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/recipes/common.rb b/recipes/common.rb
index 3e7605c..7b859d1 100644
--- a/recipes/common.rb
+++ b/recipes/common.rb
@@ -68,18 +68,20 @@ end
 db_user = node['openstack']['db']['dns']['username']
 db_pass = get_password 'db', 'designate'
 
+public_identity_endpoint = public_endpoint 'identity'
 identity_endpoint = internal_endpoint 'identity'
 
 bind_services = node['openstack']['bind_service']['all']
 api_bind = bind_services['dns-api']
 
-auth_uri = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
+auth_url = auth_uri_transform identity_endpoint.to_s, node['openstack']['dns']['api']['auth']['version']
 
 # define attributes that are needed in designate.conf
 node.default['openstack']['dns']['conf'].tap do |conf|
   conf['service:api']['api_host'] = bind_address api_bind
   conf['service:api']['api_port'] = api_bind.port
-  conf['keystone_authtoken']['auth_url'] = auth_uri
+  conf['keystone_authtoken']['auth_uri'] = public_identity_endpoint
+  conf['keystone_authtoken']['auth_url'] = auth_url
 end
 
 # define secrets that are needed in designate.conf