diff options
| -rw-r--r-- | .zuul.d/tempest-and-integrated.yaml | 5 | ||||
| -rw-r--r-- | openstack_dashboard/api/keystone.py | 9 | ||||
| -rw-r--r-- | releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml | 12 |
3 files changed, 15 insertions, 11 deletions
diff --git a/.zuul.d/tempest-and-integrated.yaml b/.zuul.d/tempest-and-integrated.yaml index 52ff83eca..df2e9b52a 100644 --- a/.zuul.d/tempest-and-integrated.yaml +++ b/.zuul.d/tempest-and-integrated.yaml @@ -24,11 +24,6 @@ - ^openstack_dashboard/.*/[^/]*\.spec\.js$ - ^horizon/static/.*/[^/]*\.spec\.js$ vars: - devstack_localrc: - # NOTE: workaround for bug 1950659 - # Some horizon integration test start failing after devstack - # stop creating default keystone admin endpoint. - KEYSTONE_ADMIN_ENDPOINT: true devstack_services: horizon: true tox_envlist: integration diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py index 9eb7f1843..d248a223d 100644 --- a/openstack_dashboard/api/keystone.py +++ b/openstack_dashboard/api/keystone.py @@ -157,12 +157,9 @@ def keystoneclient(request, admin=False): if domain_token: token_id = getattr(domain_token, 'auth_token', None) - if admin: - if not policy.check((("identity", "admin_required"),), request): - raise exceptions.NotAuthorized - endpoint_type = 'adminURL' - else: - endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE + if admin and not policy.check((("identity", "admin_required"),), request): + raise exceptions.NotAuthorized + endpoint_type = settings.OPENSTACK_ENDPOINT_TYPE # Take care of client connection caching/fetching a new client. # Admin vs. non-admin clients are cached separately for token matching. diff --git a/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml b/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml new file mode 100644 index 000000000..d84e6b012 --- /dev/null +++ b/releasenotes/notes/keystone-admin-endpoint-no-longer-required-06a8d29dfdb3b1cd.yaml @@ -0,0 +1,12 @@ +--- +upgrade: + - | + Horizon no longer requires the keystone admin endpoint. keystone does + not distinguish public and admin endpoints and there is no functional + difference between public and admin endpoints. There is no need for + a separate endpoint for keystone admin operations, but horizon required + the keystone admin endpoint is configured previously. This requirement + no longer exists. An endpoint specified by ``OPENSTACK_ENDPOINT_TYPE`` + setting is used for the keystone admin operations. You can drop + the admin endpoint for keystone (unless other services require it). + [:bug:`1950659`] |