Use OPENSTACK_ENDPOINT_TYPE by default

This is follow-up of I8438bedaf7cead452fc499e484d23690b48894d9 and
ensures the OPENSTACK_ENDPOINT_TYPE parameter is used when
OPENSTACK_KEYSTONE_ENDPOINT_TYPE is not set. This avoids backward-
incompatible change which affects deployments with endpoint type set
to non-default values.

Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I94d2d3e31fc0103773fb5d3ed2f5f792e8851f78

7 files changed, 21 insertions, 19 deletions

diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst
index e4772aa30..055eb4e88 100644
--- a/doc/source/configuration/settings.rst
+++ b/doc/source/configuration/settings.rst
@@ -600,10 +600,12 @@ OPENSTACK_KEYSTONE_ENDPOINT_TYPE
 
 .. versionadded:: 23.1.0(Antelope)
 
-Default: ``"publicURL"``
+Default: ``None``
 
 A string which specifies the endpoint type to use for the Keystone (identity)
-endpoint when looking it up in the service catalog.
+endpoint when looking it up in the service catalog. This overrides
+the ``OPENSTACK_ENDPOINT_TYPE`` parameter. If set to ``None``,
+``OPENSTACK_ENDPOINT_TYPE`` is used for the identity endpoint.
 
 OPENSTACK_HOST
 --------------
diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py
index d3546661d..febacec2a 100644
--- a/openstack_auth/backend.py
+++ b/openstack_auth/backend.py
@@ -171,7 +171,10 @@ class KeystoneBackend(object):
                 region_name = id_endpoint['region']
                 break
 
-        interface = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE
+        if settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE:
+            interface = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE
+        else:
+            interface = settings.OPENSTACK_ENDPOINT_TYPE
 
         endpoint = scoped_auth_ref.service_catalog.url_for(
             service_type='identity',
diff --git a/openstack_auth/defaults.py b/openstack_auth/defaults.py
index 0c93841cf..1495f52c3 100644
--- a/openstack_auth/defaults.py
+++ b/openstack_auth/defaults.py
@@ -28,7 +28,7 @@ OPENSTACK_KEYSTONE_URL = "http://localhost/identity/v3"
 # TODO(amotoki): The default value in openstack_dashboard is different:
 # publicURL. It should be consistent.
 OPENSTACK_ENDPOINT_TYPE = 'public'
-OPENSTACK_KEYSTONE_ENDPOINT_TYPE = 'public'
+OPENSTACK_KEYSTONE_ENDPOINT_TYPE = None
 OPENSTACK_SSL_NO_VERIFY = False
 # TODO(amotoki): Is it correct?
 OPENSTACK_SSL_CACERT = True
diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py
index f888421a6..976b61ce4 100644
--- a/openstack_dashboard/api/keystone.py
+++ b/openstack_dashboard/api/keystone.py
@@ -77,7 +77,8 @@ class Service(base.APIDictWrapper):
         super().__init__(service, *args, **kwargs)
         self.public_url = base.get_url_for_service(service, region,
                                                    'publicURL')
-        if (service and 'type' in service and service['type'] == 'identity'):
+        if (service.get('type') == 'identity' and
+                settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE):
             endpoint_type = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE
         else:
             endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE
diff --git a/openstack_dashboard/defaults.py b/openstack_dashboard/defaults.py
index ed8e90de3..bb406b99c 100644
--- a/openstack_dashboard/defaults.py
+++ b/openstack_dashboard/defaults.py
@@ -354,10 +354,9 @@ OPENSTACK_ENDPOINT_TYPE = 'publicURL'
 # value should differ from OPENSTACK_ENDPOINT_TYPE if used.
 SECONDARY_ENDPOINT_TYPE = None
 # OPENSTACK_KEYSTONE_ENDPOINT_TYPE specifies the endpoint type use from
-# service catalog when looking up the Keystone (identity) endpoint. The
-# default is 'publicURL' like OPENSTACK_ENDPOINT_TYPE to keep backward
-# compatibility.
-OPENSTACK_KEYSTONE_ENDPOINT_TYPE = 'publicURL'
+# service catalog when looking up the Keystone (identity) endpoint. This
+# parameter overrides OPENSTACK_ENDPOINT_TYPE.
+OPENSTACK_KEYSTONE_ENDPOINT_TYPE = None
 
 # Set True to disable SSL certificate checks
 # (useful for self-signed certificates):
diff --git a/openstack_dashboard/test/unit/api/test_keystone.py b/openstack_dashboard/test/unit/api/test_keystone.py
index 0ab4d1055..4281b2611 100644
--- a/openstack_dashboard/test/unit/api/test_keystone.py
+++ b/openstack_dashboard/test/unit/api/test_keystone.py
@@ -119,11 +119,11 @@ class ServiceAPITests(test.APIMockTestCase):
         service = api.keystone.Service(identity_data, "RegionOne")
         self.assertEqual(u"identity (native backend)", str(service))
         self.assertEqual("RegionOne", service.region)
-        self.assertEqual("http://public.keystone.example.com/identity/v3",
+        self.assertEqual("http://int.keystone.example.com/identity/v3",
                          service.url)
         self.assertEqual("http://public.keystone.example.com/identity/v3",
                          service.public_url)
-        self.assertEqual("public.keystone.example.com", service.host)
+        self.assertEqual("int.keystone.example.com", service.host)
 
     @override_settings(OPENSTACK_ENDPOINT_TYPE='publicURL')
     def test_service_wrapper_for_public_endpoint_type(self):
diff --git a/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml b/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml
index 686ffc15e..9f488cd79 100644
--- a/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml
+++ b/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml
@@ -1,11 +1,8 @@
 ---
 features:
   - |
-    Added new setting ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` that can be used to
-    specify the endpoint type to use when talking to the identity API. The default
-    is set to the value of ``OPENSTACK_ENDPOINT_TYPE`` for backward compatibility.
-upgrade:
-  - |
-    If you are setting ``OPENSTACK_ENDPOINT_TYPE`` to change the default endpoint type
-    for Keystone you must now set ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` as the former
-    now only applies to other services.
+    Added a new setting ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` that can be used to
+    specify the endpoint type to use when talking to the identity API.
+    By default, ``OPENSTACK_ENDPOINT_TYPE`` is still referred for the identity
+    API, If you would like to use a different endpoint for the identity API,
+    you can use this setting.