From ea6fe1da5d980e0f329c8b3abfa19d25400f366c Mon Sep 17 00:00:00 2001
From: "Dr. Jens Harbott" <harbott@osism.tech>
Date: Fri, 5 Nov 2021 22:16:34 +0100
Subject: Stop using an admin endpoint by default

With V3 of the identity API, we no longer need to have a dedicated admin
endpoint, so stop requesting one by default, allowing deployments to
actually work without one.

Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Change-Id: I96cc9c14008bcc59992d06c89f8f50895390f11e
---
 keystoneclient/httpclient.py                          | 19 ++++++++++++++-----
 keystoneclient/tests/unit/v3/test_auth.py             |  4 ++--
 keystoneclient/tests/unit/v3/utils.py                 |  1 +
 .../switch-default-interface-v3-dcd7167196ace531.yaml |  7 +++++++
 4 files changed, 24 insertions(+), 7 deletions(-)
 create mode 100644 releasenotes/notes/switch-default-interface-v3-dcd7167196ace531.yaml

diff --git a/keystoneclient/httpclient.py b/keystoneclient/httpclient.py
index 8d157ce..1e94dab 100644
--- a/keystoneclient/httpclient.py
+++ b/keystoneclient/httpclient.py
@@ -221,7 +221,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
     :param string service_name: The default service_name for URL discovery.
                                 default: None (optional)
     :param string interface: The default interface for URL discovery.
-                             default: admin (optional)
+                             default: admin (v2), public (v3). (optional)
     :param string endpoint_override: Always use this endpoint URL for requests
                                      for this client. (optional)
     :param auth: An auth plugin to use instead of the session one. (optional)
@@ -248,7 +248,7 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
                  domain_name=None, project_id=None, project_name=None,
                  project_domain_id=None, project_domain_name=None,
                  trust_id=None, session=None, service_name=None,
-                 interface='admin', endpoint_override=None, auth=None,
+                 interface='default', endpoint_override=None, auth=None,
                  user_agent=USER_AGENT, connect_retries=None, **kwargs):
         # set baseline defaults
         self.user_id = None
@@ -372,12 +372,21 @@ class HTTPClient(baseclient.Client, base.BaseAuthPlugin):
         self.session = session
         self.domain = ''
 
-        # NOTE(jamielennox): unfortunately we can't just use **kwargs here as
-        # it would incompatibly limit the kwargs that can be passed to __init__
-        # try and keep this list in sync with adapter.Adapter.__init__
         version = (
             _discover.normalize_version_number(self.version) if self.version
             else None)
+
+        # NOTE(frickler): If we know we have v3, use the public interface as
+        # default, otherwise keep the historic default of admin
+        if interface == 'default':
+            if version == (3, 0):
+                interface = 'public'
+            else:
+                interface = 'admin'
+
+        # NOTE(jamielennox): unfortunately we can't just use **kwargs here as
+        # it would incompatibly limit the kwargs that can be passed to __init__
+        # try and keep this list in sync with adapter.Adapter.__init__
         self._adapter = _KeystoneAdapter(session,
                                          service_type='identity',
                                          service_name=service_name,
diff --git a/keystoneclient/tests/unit/v3/test_auth.py b/keystoneclient/tests/unit/v3/test_auth.py
index 9f87977..d3c44ad 100644
--- a/keystoneclient/tests/unit/v3/test_auth.py
+++ b/keystoneclient/tests/unit/v3/test_auth.py
@@ -232,7 +232,7 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase):
 
         self.stub_auth(json=self.TEST_RESPONSE_DICT)
         self.stub_url('GET', [fake_url], json=fake_resp,
-                      base_url=self.TEST_ADMIN_IDENTITY_ENDPOINT)
+                      base_url=self.TEST_PUBLIC_IDENTITY_ENDPOINT)
 
         # Creating a HTTPClient not using session is deprecated.
         with self.deprecations.expect_deprecations_here():
@@ -335,7 +335,7 @@ class AuthenticateAgainstKeystoneTests(utils.TestCase):
 
         self.stub_auth(json=self.TEST_RESPONSE_DICT)
         self.stub_url('GET', [fake_url], json=fake_resp,
-                      base_url=self.TEST_ADMIN_IDENTITY_ENDPOINT)
+                      base_url=self.TEST_PUBLIC_IDENTITY_ENDPOINT)
 
         # Creating a HTTPClient not using session is deprecated.
         with self.deprecations.expect_deprecations_here():
diff --git a/keystoneclient/tests/unit/v3/utils.py b/keystoneclient/tests/unit/v3/utils.py
index 22430fa..e7d8b8d 100644
--- a/keystoneclient/tests/unit/v3/utils.py
+++ b/keystoneclient/tests/unit/v3/utils.py
@@ -48,6 +48,7 @@ class UnauthenticatedTestCase(utils.TestCase):
 class TestCase(UnauthenticatedTestCase):
 
     TEST_ADMIN_IDENTITY_ENDPOINT = "http://127.0.0.1:35357/v3"
+    TEST_PUBLIC_IDENTITY_ENDPOINT = "http://127.0.0.1:5000/v3"
 
     TEST_SERVICE_CATALOG = [{
         "endpoints": [{
diff --git a/releasenotes/notes/switch-default-interface-v3-dcd7167196ace531.yaml b/releasenotes/notes/switch-default-interface-v3-dcd7167196ace531.yaml
new file mode 100644
index 0000000..90709c0
--- /dev/null
+++ b/releasenotes/notes/switch-default-interface-v3-dcd7167196ace531.yaml
@@ -0,0 +1,7 @@
+---
+features:
+  - |
+    For sessions using the v3 Identity API, the default interface has been
+    switched from ``admin`` to ``public``. This allows deployments to get rid
+    of the admin endpoint, which functionally is no longer necessary with the
+    v3 API.
-- 
cgit v1.2.1