diff options
| author | Akihiro Motoki <amotoki@gmail.com> | 2022-03-25 14:08:17 +0900 |
|---|---|---|
| committer | Vishal Manchanda <manchandavishal143@gmail.com> | 2022-03-25 15:09:50 +0000 |
| commit | 3a6569960247c578441ee34c1b054da8e77f6481 (patch) | |
| tree | 04cf6b423cc76ce913b4d2e58cd8881f9bf0dbbd | |
| parent | f5620931d6de2a1951a7c76edd5b2ec801b32f0a (diff) | |
| download | horizon-3a6569960247c578441ee34c1b054da8e77f6481.tar.gz | |
Do not assume keystone admin endpoint22.1.0
keystone does not distinguish public and admin endpoints since
Train [1], so there is no need to use a separate endpoint for
keystone admin operations. admin endpoint still can be configured
but there is no functional difference anymore from other endpoints.
We do not need to require admin endpoint and can use an endpoint
specified by OPENSTACK_ENDPOINT_TYPE for all API operations.
This commit reverts commit f9bab3fe195eb13635aa70cb910d94df98d66cf3
as we no longer need the workaround.
[1] https://review.opendev.org/c/openstack/keystone/+/664246
Closes-Bug: #1950659
Change-Id: I2660fd2df8081e1d2d9c84626037f94bd9d137a5
| -rw-r--r-- | .zuul.d/tempest-and-integrated.yaml | 5 | ||||
| -rw-r--r-- | openstack_dashboard/api/keystone.py | 9 | ||||
| -rw-r--r-- | releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml | 12 |
3 files changed, 15 insertions, 11 deletions
diff --git a/.zuul.d/tempest-and-integrated.yaml b/.zuul.d/tempest-and-integrated.yaml index 52ff83eca..df2e9b52a 100644 --- a/.zuul.d/tempest-and-integrated.yaml +++ b/.zuul.d/tempest-and-integrated.yaml @@ -24,11 +24,6 @@ - ^openstack_dashboard/.*/[^/]*\.spec\.js$ - ^horizon/static/.*/[^/]*\.spec\.js$ vars: - devstack_localrc: - # NOTE: workaround for bug 1950659 - # Some horizon integration test start failing after devstack - # stop creating default keystone admin endpoint. - KEYSTONE_ADMIN_ENDPOINT: true devstack_services: horizon: true tox_envlist: integration diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py index 9eb7f1843..d248a223d 100644 --- a/openstack_dashboard/api/keystone.py +++ b/openstack_dashboard/api/keystone.py @@ -157,12 +157,9 @@ def keystoneclient(request, admin=False): if domain_token: token_id = getattr(domain_token, 'auth_token', None) - if admin: - if not policy.check((("identity", "admin_required"),), request): - raise exceptions.NotAuthorized - endpoint_type = 'adminURL' - else: - endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE + if admin and not policy.check((("identity", "admin_required"),), request): + raise exceptions.NotAuthorized + endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE # Take care of client connection caching/fetching a new client. # Admin vs. non-admin clients are cached separately for token matching. diff --git a/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml b/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml new file mode 100644 index 000000000..d84e6b012 --- /dev/null +++ b/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + Horizon no longer requires the keystone admin endpoint. keystone does + not distinguish public and admin endpoints and there is no functional + difference between public and admin endpoints. There is no need for + a separate endpoint for keystone admin operations, but horizon required + the keystone admin endpoint is configured previously. This requirement + no longer exists. An endpoint specified by ``OPENSTACK_ENDPOINT_TYPE`` + setting is used for the keystone admin operations. You can drop + the admin endpoint for keystone (unless other services require it). + [:bug:`1950659`] |