diff options
author | Zuul <zuul@review.opendev.org> | 2022-12-15 17:50:38 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2022-12-15 17:50:38 +0000 |
commit | 0add65eddcd6e70d4fbe76951d76c66ecc1a34b3 (patch) | |
tree | 50687937a6bad8da1a88f12a62ada56b2866edcf /openstack_dashboard | |
parent | 5fa494131023e4e56e1d5ab26a2adb72c9799c49 (diff) | |
parent | b22a6d65f7722eca9f6c264ee4b4a65ed2f0d031 (diff) | |
download | horizon-0add65eddcd6e70d4fbe76951d76c66ecc1a34b3.tar.gz |
Merge "Add OPENSTACK_KEYSTONE_ENDPOINT_TYPE config opt"
Diffstat (limited to 'openstack_dashboard')
-rw-r--r-- | openstack_dashboard/api/keystone.py | 12 | ||||
-rw-r--r-- | openstack_dashboard/defaults.py | 5 | ||||
-rw-r--r-- | openstack_dashboard/test/unit/api/test_keystone.py | 21 |
3 files changed, 32 insertions, 6 deletions
diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py index cfaebfeab..f888421a6 100644 --- a/openstack_dashboard/api/keystone.py +++ b/openstack_dashboard/api/keystone.py @@ -77,8 +77,11 @@ class Service(base.APIDictWrapper): super().__init__(service, *args, **kwargs) self.public_url = base.get_url_for_service(service, region, 'publicURL') - self.url = base.get_url_for_service(service, region, - settings.OPENSTACK_ENDPOINT_TYPE) + if (service and 'type' in service and service['type'] == 'identity'): + endpoint_type = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE + else: + endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE + self.url = base.get_url_for_service(service, region, endpoint_type) if self.url: self.host = parse.urlparse(self.url).hostname else: @@ -160,7 +163,7 @@ def keystoneclient(request, admin=False, force_scoped=False): if admin and not policy.check((("identity", "admin_required"),), request): raise exceptions.NotAuthorized - endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE + endpoint_type = settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE # Take care of client connection caching/fetching a new client. # Admin vs. non-admin clients are cached separately for token matching. @@ -464,7 +467,8 @@ def user_verify_admin_password(request, admin_password): # verify if it's correct. client = keystone_client_v3 try: - endpoint = _get_endpoint_url(request, 'publicURL') + endpoint = _get_endpoint_url( + request, settings.OPENSTACK_KEYSTONE_ENDPOINT_TYPE) insecure = settings.OPENSTACK_SSL_NO_VERIFY cacert = settings.OPENSTACK_SSL_CACERT client.Client( diff --git a/openstack_dashboard/defaults.py b/openstack_dashboard/defaults.py index 8d8e4ae8a..ed8e90de3 100644 --- a/openstack_dashboard/defaults.py +++ b/openstack_dashboard/defaults.py @@ -353,6 +353,11 @@ OPENSTACK_ENDPOINT_TYPE = 'publicURL' # external to the OpenStack environment. The default is None. This # value should differ from OPENSTACK_ENDPOINT_TYPE if used. SECONDARY_ENDPOINT_TYPE = None +# OPENSTACK_KEYSTONE_ENDPOINT_TYPE specifies the endpoint type use from +# service catalog when looking up the Keystone (identity) endpoint. The +# default is 'publicURL' like OPENSTACK_ENDPOINT_TYPE to keep backward +# compatibility. +OPENSTACK_KEYSTONE_ENDPOINT_TYPE = 'publicURL' # Set True to disable SSL certificate checks # (useful for self-signed certificates): diff --git a/openstack_dashboard/test/unit/api/test_keystone.py b/openstack_dashboard/test/unit/api/test_keystone.py index 71e8a6314..0ab4d1055 100644 --- a/openstack_dashboard/test/unit/api/test_keystone.py +++ b/openstack_dashboard/test/unit/api/test_keystone.py @@ -93,8 +93,8 @@ class RoleAPITests(test.APIMockTestCase): class ServiceAPITests(test.APIMockTestCase): - @override_settings(OPENSTACK_ENDPOINT_TYPE='internalURL') - def test_service_wrapper_for_internal_endpoint_type(self): + @override_settings(OPENSTACK_KEYSTONE_ENDPOINT_TYPE='internalURL') + def test_service_wrapper_for_keystone_endpoint_type(self): catalog = self.service_catalog identity_data = api.base.get_service_from_catalog(catalog, "identity") # 'Service' class below requires 'id', so populate it here. @@ -107,6 +107,23 @@ class ServiceAPITests(test.APIMockTestCase): self.assertEqual("http://public.keystone.example.com/identity/v3", service.public_url) self.assertEqual("int.keystone.example.com", service.host) + # Verify that the behavior of other services wanting public endpoint + self.test_service_wrapper_service_in_region_for_public_endpoint_type() + + @override_settings(OPENSTACK_ENDPOINT_TYPE='internalURL') + def test_service_wrapper_for_internal_endpoint_type(self): + catalog = self.service_catalog + identity_data = api.base.get_service_from_catalog(catalog, "identity") + # 'Service' class below requires 'id', so populate it here. + identity_data['id'] = 1 + service = api.keystone.Service(identity_data, "RegionOne") + self.assertEqual(u"identity (native backend)", str(service)) + self.assertEqual("RegionOne", service.region) + self.assertEqual("http://public.keystone.example.com/identity/v3", + service.url) + self.assertEqual("http://public.keystone.example.com/identity/v3", + service.public_url) + self.assertEqual("public.keystone.example.com", service.host) @override_settings(OPENSTACK_ENDPOINT_TYPE='publicURL') def test_service_wrapper_for_public_endpoint_type(self): |