From 74fd3fe5b96b3d7c532b83b327c86d91e5ef6f9a Mon Sep 17 00:00:00 2001
From: Emilien Macchi <emilien@redhat.com>
Date: Thu, 25 Apr 2019 21:23:57 -0400
Subject: [PATCH] standalone/undercloud - post: use EndpointMap to fetch
 Keystone URL

Using EndpointMap to ensure we get the hostname/fqdn if possible
otherwise it fallbacks to the IP for Keystone public endpoint.

This is useful when the operator uses a certificate based on
hostname/fqdn and not an IP address.

Closes-Bug #1763776

(cherry picked from commit 016279b71e74700c18f2270649cb7567ae94505f)
Depends-On: I1c222fce178e164432acbfaeda8695c3cf7a6e98
Change-Id: Id8e1c6408ee6a322c61de90a52ab1eacaf0dba88
---
 ci/common/vbmc_setup.yaml                     |  5 +++
 common/deploy-steps.j2                        |  1 +
 extraconfig/post_deploy/default.yaml          |  5 +++
 extraconfig/post_deploy/standalone_post.yaml  | 43 +++----------------
 extraconfig/post_deploy/undercloud_post.yaml  | 35 +++------------
 .../notes/endpointmap-8825fcd5fa5a2ba2.yaml   |  7 +++
 6 files changed, 31 insertions(+), 65 deletions(-)
 create mode 100644 releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml

diff --git a/ci/common/vbmc_setup.yaml b/ci/common/vbmc_setup.yaml
index 444e7c6be7..003f6779fc 100644
--- a/ci/common/vbmc_setup.yaml
+++ b/ci/common/vbmc_setup.yaml
@@ -3,6 +3,11 @@ heat_template_version: rocky
 parameters:
   servers:
     type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 resources:
 
diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2
index e4b84a4f3c..5357322cb8 100644
--- a/common/deploy-steps.j2
+++ b/common/deploy-steps.j2
@@ -389,6 +389,7 @@ resources:
     type: OS::TripleO::NodeExtraConfigPost
     properties:
         servers: {get_param: [servers, {{role.name}}]}
+        EndpointMap: {get_param: EndpointMap}
 
   # The {{role.name}}PostConfig steps are in charge of
   # quiescing all services, i.e. in the Controller case,
diff --git a/extraconfig/post_deploy/default.yaml b/extraconfig/post_deploy/default.yaml
index e1676d0301..b557d69932 100644
--- a/extraconfig/post_deploy/default.yaml
+++ b/extraconfig/post_deploy/default.yaml
@@ -3,3 +3,8 @@ description: 'Extra Post Deployment Config'
 parameters:
   servers:
     type: json
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
diff --git a/extraconfig/post_deploy/standalone_post.yaml b/extraconfig/post_deploy/standalone_post.yaml
index 44ac630bc4..a2db764209 100644
--- a/extraconfig/post_deploy/standalone_post.yaml
+++ b/extraconfig/post_deploy/standalone_post.yaml
@@ -17,17 +17,6 @@ parameters:
     type: string
     description: The password for the keystone admin account, used for monitoring, querying neutron etc.
     hidden: True
-  SSLCertificate:
-    description: >
-      The content of the SSL certificate (without Key) in PEM format.
-    type: string
-    default: ""
-    hidden: True
-  PublicSSLCertificateAutogenerated:
-    default: false
-    description: >
-      Whether the public SSL certificate was autogenerated or not.
-    type: boolean
   KeystoneRegion:
     type: string
     default: 'regionOne'
@@ -36,18 +25,11 @@ parameters:
     type: string
     default: 'standalone'
     description: Cloud name for the clouds.yaml
-
-conditions:
-
-  tls_enabled:
-    or:
-    - not:
-        equals:
-        - {get_param: SSLCertificate}
-        - ""
-    - equals:
-        - {get_param: PublicSSLCertificateAutogenerated}
-        - true
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 resources:
 
@@ -71,20 +53,7 @@ resources:
       config: {get_resource: StandalonePostConfig}
       input_values:
         admin_password: {get_param: AdminPassword}
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         cloud_name: {get_param: StandaloneCloudName}
         homedir: {get_param: StandaloneHomeDir}
         region_name: {get_param: KeystoneRegion}
diff --git a/extraconfig/post_deploy/undercloud_post.yaml b/extraconfig/post_deploy/undercloud_post.yaml
index 03dc9e7016..c03d10119a 100644
--- a/extraconfig/post_deploy/undercloud_post.yaml
+++ b/extraconfig/post_deploy/undercloud_post.yaml
@@ -71,6 +71,11 @@ parameters:
     type: number
     constraints:
       - range: { min: 1000, max: 65536 }
+  EndpointMap:
+    default: {}
+    description: Mapping of service endpoint -> protocol. Typically set
+                 via parameter_defaults in the resource registry.
+    type: json
 
 conditions:
 
@@ -124,20 +129,7 @@ resources:
           - ca_file_enabled
           - {get_param: InternalTLSCAFile}
           - ''
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
 
   UndercloudCtlplaneNetworkConfig:
     type: OS::Heat::SoftwareConfig
@@ -157,20 +149,7 @@ resources:
       config: {get_resource: UndercloudCtlplaneNetworkConfig}
       input_values:
         admin_password: {get_param: AdminPassword}
-        # if SSL is enabled we use the public virtual ip as the stackrc endpoint
-        auth_url:
-          if:
-          - tls_enabled
-          - make_url:
-              scheme: https
-              host: {get_param: [DeployedServerPortMap, 'public_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 13000
-              path: /
-          - make_url:
-              scheme: http
-              host: {get_param: [DeployedServerPortMap, 'control_virtual_ip', fixed_ips, 0, ip_address]}
-              port: 5000
-              path: /
+        auth_url: {get_param: [EndpointMap, KeystonePublic, uri_no_suffix]}
         config:
           str_replace:
             template: JSON
diff --git a/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml b/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml
new file mode 100644
index 0000000000..2438bce2a1
--- /dev/null
+++ b/releasenotes/notes/endpointmap-8825fcd5fa5a2ba2.yaml
@@ -0,0 +1,7 @@
+---
+other:
+  - |
+    The EndpointMap parameter is now required by post_deploy templates.
+    So if an user overrides OS::TripleO::NodeExtraConfigPost with another
+    template, the template would need to have EndpointMap parameter to work
+    fine.