From 8f9a596fffbb262481b32191a98b9169bc1618b1 Mon Sep 17 00:00:00 2001
From: Jens Harbott <j.harbott@x-ion.de>
Date: Mon, 3 Jun 2019 11:05:29 +0000
Subject: Change the default Identity endpoint to internal

In [0] the ``interface``option was added in order to allow the Identity
endpoint that is being used when validating tokens to be
configured by the deployer. Change the default to using the internal
endpoint, as that should be what most deployments will end up using.

[0] https://review.opendev.org/651790

Depends-On: https://review.opendev.org/651492
Closes-Bug: 1830002
Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb
---
 keystonemiddleware/auth_token/_opts.py                              | 4 ++--
 .../tests/unit/auth_token/test_auth_token_middleware.py             | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'keystonemiddleware')

diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py
index 6231b6d..73debbb 100644
--- a/keystonemiddleware/auth_token/_opts.py
+++ b/keystonemiddleware/auth_token/_opts.py
@@ -68,9 +68,9 @@ _OPTS = [
     cfg.StrOpt('auth_version',
                help='API version of the Identity API endpoint.'),
     cfg.StrOpt('interface',
-               default='admin',
+               default='internal',
                help='Interface to use for the Identity API endpoint. Valid'
-               ' values are "public", "internal" or "admin"(default).'),
+               ' values are "public", "internal" (default) or "admin".'),
     cfg.BoolOpt('delay_auth_decision',
                 default=False,
                 help='Do not handle authorization requests within the'
diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
index 9ea8077..25fbf73 100644
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
         west_versions = fixture.DiscoveryList(href=west_url)
 
         s = token.add_service('identity')
-        s.add_endpoint(interface='admin', url=east_url, region='east')
-        s.add_endpoint(interface='admin', url=west_url, region='west')
+        s.add_endpoint(interface='internal', url=east_url, region='east')
+        s.add_endpoint(interface='internal', url=west_url, region='west')
 
         self.requests_mock.get(auth_url, json=auth_versions)
         self.requests_mock.get(east_url, json=east_versions)
@@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
         admin_token_id = uuid.uuid4().hex
         admin_token = fixture.V3Token(project_id=self.project_id)
         s = admin_token.add_service('identity', name='keystone')
-        s.add_standard_endpoints(admin=self.KEYSTONE_URL)
+        s.add_standard_endpoints(internal=self.KEYSTONE_URL)
 
         self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL,
                                 json=admin_token,
-- 
cgit v1.2.1