diff options
author | Jens Harbott <j.harbott@x-ion.de> | 2019-06-03 11:05:29 +0000 |
---|---|---|
committer | Jens Harbott (frickler) <j.harbott@x-ion.de> | 2020-06-14 16:20:05 +0000 |
commit | 8f9a596fffbb262481b32191a98b9169bc1618b1 (patch) | |
tree | 29b2d454c62b3e5db55077b48e0bd49a680a4291 | |
parent | f6037a3d50a80d8c2e0044c8f72d23dddb0d7203 (diff) | |
download | keystonemiddleware-8f9a596fffbb262481b32191a98b9169bc1618b1.tar.gz |
Change the default Identity endpoint to internal
In [0] the ``interface``option was added in order to allow the Identity
endpoint that is being used when validating tokens to be
configured by the deployer. Change the default to using the internal
endpoint, as that should be what most deployments will end up using.
[0] https://review.opendev.org/651790
Depends-On: https://review.opendev.org/651492
Closes-Bug: 1830002
Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb
3 files changed, 16 insertions, 5 deletions
diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py index 6231b6d..73debbb 100644 --- a/keystonemiddleware/auth_token/_opts.py +++ b/keystonemiddleware/auth_token/_opts.py @@ -68,9 +68,9 @@ _OPTS = [ cfg.StrOpt('auth_version', help='API version of the Identity API endpoint.'), cfg.StrOpt('interface', - default='admin', + default='internal', help='Interface to use for the Identity API endpoint. Valid' - ' values are "public", "internal" or "admin"(default).'), + ' values are "public", "internal" (default) or "admin".'), cfg.BoolOpt('delay_auth_decision', default=False, help='Do not handle authorization requests within the' diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 9ea8077..25fbf73 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, west_versions = fixture.DiscoveryList(href=west_url) s = token.add_service('identity') - s.add_endpoint(interface='admin', url=east_url, region='east') - s.add_endpoint(interface='admin', url=west_url, region='west') + s.add_endpoint(interface='internal', url=east_url, region='east') + s.add_endpoint(interface='internal', url=west_url, region='west') self.requests_mock.get(auth_url, json=auth_versions) self.requests_mock.get(east_url, json=east_versions) @@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest): admin_token_id = uuid.uuid4().hex admin_token = fixture.V3Token(project_id=self.project_id) s = admin_token.add_service('identity', name='keystone') - s.add_standard_endpoints(admin=self.KEYSTONE_URL) + s.add_standard_endpoints(internal=self.KEYSTONE_URL) self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL, json=admin_token, diff --git a/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml new file mode 100644 index 0000000..48e9506 --- /dev/null +++ b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml @@ -0,0 +1,11 @@ +--- +prelude: > + Since the removal of the Identity API v2 Keystone no longer has any + special functionality that requires using the admin endpoint for it. So + this release changes the default endpoint being used from ``admin`` to + ``internal``, allowing deployments to work without an admin endpoint. +upgrade: + - | + [`bug 1830002 <https://bugs.launchpad.net/keystonemiddleware/+bug/1830002>`_] + The default Identity endpoint has been changed from ``admin`` to + ``internal``. |