diff options
author | Takashi Kajinami <tkajinam@redhat.com> | 2022-12-19 17:05:10 +0900 |
---|---|---|
committer | Akihiro Motoki <amotoki@gmail.com> | 2022-12-26 07:01:07 +0900 |
commit | 9fa98969e728b94899de113a5174a955bbc70bd1 (patch) | |
tree | d6ab505503c4e2241c880ee330de4d8fcd9fd352 | |
parent | 0add65eddcd6e70d4fbe76951d76c66ecc1a34b3 (diff) | |
download | horizon-9fa98969e728b94899de113a5174a955bbc70bd1.tar.gz |
Use OPENSTACK_ENDPOINT_TYPE by default
This is follow-up of I8438bedaf7cead452fc499e484d23690b48894d9 and
ensures the OPENSTACK_ENDPOINT_TYPE parameter is used when
OPENSTACK_KEYSTONE_ENDPOINT_TYPE is not set. This avoids backward-
incompatible change which affects deployments with endpoint type set
to non-default values.
Co-Authored-By: Akihiro Motoki <amotoki@gmail.com>
Change-Id: I94d2d3e31fc0103773fb5d3ed2f5f792e8851f78
-rw-r--r-- | doc/source/configuration/settings.rst | 6 | ||||
-rw-r--r-- | openstack_auth/backend.py | 5 | ||||
-rw-r--r-- | openstack_auth/defaults.py | 2 | ||||
-rw-r--r-- | openstack_dashboard/api/keystone.py | 3 | ||||
-rw-r--r-- | openstack_dashboard/defaults.py | 7 | ||||
-rw-r--r-- | openstack_dashboard/test/unit/api/test_keystone.py | 4 | ||||
-rw-r--r-- | releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml | 13 |
7 files changed, 21 insertions, 19 deletions
diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst index e4772aa30..055eb4e88 100644 --- a/doc/source/configuration/settings.rst +++ b/doc/source/configuration/settings.rst @@ -600,10 +600,12 @@ OPENSTACK_KEYSTONE_ENDPOINT_TYPE .. versionadded:: 23.1.0(Antelope) -Default: ``"publicURL"`` +Default: ``None`` A string which specifies the endpoint type to use for the Keystone (identity) -endpoint when looking it up in the service catalog. +endpoint when looking it up in the service catalog. This overrides +the ``OPENSTACK_ENDPOINT_TYPE`` parameter. If set to ``None``, +``OPENSTACK_ENDPOINT_TYPE`` is used for the identity endpoint. OPENSTACK_HOST -------------- diff --git a/openstack_auth/backend.py b/openstack_auth/backend.py index d3546661d..febacec2a 100644 --- a/openstack_auth/backend.py +++ b/openstack_auth/backend.py @@ -171,7 +171,10 @@ class KeystoneBackend(object): region_name = id_endpoint['region'] break - interface = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE + if settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE: + interface = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE + else: + interface = settings.OPENSTACK_ENDPOINT_TYPE endpoint = scoped_auth_ref.service_catalog.url_for( service_type='identity', diff --git a/openstack_auth/defaults.py b/openstack_auth/defaults.py index 0c93841cf..1495f52c3 100644 --- a/openstack_auth/defaults.py +++ b/openstack_auth/defaults.py @@ -28,7 +28,7 @@ OPENSTACK_KEYSTONE_URL = "http://localhost/identity/v3" # TODO(amotoki): The default value in openstack_dashboard is different: # publicURL. It should be consistent. OPENSTACK_ENDPOINT_TYPE = 'public' -OPENSTACK_KEYSTONE_ENDPOINT_TYPE = 'public' +OPENSTACK_KEYSTONE_ENDPOINT_TYPE = None OPENSTACK_SSL_NO_VERIFY = False # TODO(amotoki): Is it correct? OPENSTACK_SSL_CACERT = True diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py index f888421a6..976b61ce4 100644 --- a/openstack_dashboard/api/keystone.py +++ b/openstack_dashboard/api/keystone.py @@ -77,7 +77,8 @@ class Service(base.APIDictWrapper): super().__init__(service, *args, **kwargs) self.public_url = base.get_url_for_service(service, region, 'publicURL') - if (service and 'type' in service and service['type'] == 'identity'): + if (service.get('type') == 'identity' and + settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE): endpoint_type = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE else: endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE diff --git a/openstack_dashboard/defaults.py b/openstack_dashboard/defaults.py index ed8e90de3..bb406b99c 100644 --- a/openstack_dashboard/defaults.py +++ b/openstack_dashboard/defaults.py @@ -354,10 +354,9 @@ OPENSTACK_ENDPOINT_TYPE = 'publicURL' # value should differ from OPENSTACK_ENDPOINT_TYPE if used. SECONDARY_ENDPOINT_TYPE = None # OPENSTACK_KEYSTONE_ENDPOINT_TYPE specifies the endpoint type use from -# service catalog when looking up the Keystone (identity) endpoint. The -# default is 'publicURL' like OPENSTACK_ENDPOINT_TYPE to keep backward -# compatibility. -OPENSTACK_KEYSTONE_ENDPOINT_TYPE = 'publicURL' +# service catalog when looking up the Keystone (identity) endpoint. This +# parameter overrides OPENSTACK_ENDPOINT_TYPE. +OPENSTACK_KEYSTONE_ENDPOINT_TYPE = None # Set True to disable SSL certificate checks # (useful for self-signed certificates): diff --git a/openstack_dashboard/test/unit/api/test_keystone.py b/openstack_dashboard/test/unit/api/test_keystone.py index 0ab4d1055..4281b2611 100644 --- a/openstack_dashboard/test/unit/api/test_keystone.py +++ b/openstack_dashboard/test/unit/api/test_keystone.py @@ -119,11 +119,11 @@ class ServiceAPITests(test.APIMockTestCase): service = api.keystone.Service(identity_data, "RegionOne") self.assertEqual(u"identity (native backend)", str(service)) self.assertEqual("RegionOne", service.region) - self.assertEqual("http://public.keystone.example.com/identity/v3", + self.assertEqual("http://int.keystone.example.com/identity/v3", service.url) self.assertEqual("http://public.keystone.example.com/identity/v3", service.public_url) - self.assertEqual("public.keystone.example.com", service.host) + self.assertEqual("int.keystone.example.com", service.host) @override_settings(OPENSTACK_ENDPOINT_TYPE='publicURL') def test_service_wrapper_for_public_endpoint_type(self): diff --git a/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml b/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml index 686ffc15e..9f488cd79 100644 --- a/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml +++ b/releasenotes/notes/keystone-endpoint-type-ab4151eca35e04c0.yaml @@ -1,11 +1,8 @@ --- features: - | - Added new setting ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` that can be used to - specify the endpoint type to use when talking to the identity API. The default - is set to the value of ``OPENSTACK_ENDPOINT_TYPE`` for backward compatibility. -upgrade: - - | - If you are setting ``OPENSTACK_ENDPOINT_TYPE`` to change the default endpoint type - for Keystone you must now set ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` as the former - now only applies to other services. + Added a new setting ``OPENSTACK_KEYSTONE_ENDPOINT_TYPE`` that can be used to + specify the endpoint type to use when talking to the identity API. + By default, ``OPENSTACK_ENDPOINT_TYPE`` is still referred for the identity + API, If you would like to use a different endpoint for the identity API, + you can use this setting. |