From 8f9a596fffbb262481b32191a98b9169bc1618b1 Mon Sep 17 00:00:00 2001 From: Jens Harbott Date: Mon, 3 Jun 2019 11:05:29 +0000 Subject: [PATCH] Change the default Identity endpoint to internal In [0] the ``interface``option was added in order to allow the Identity endpoint that is being used when validating tokens to be configured by the deployer. Change the default to using the internal endpoint, as that should be what most deployments will end up using. [0] https://review.opendev.org/651790 Depends-On: https://review.opendev.org/651492 Closes-Bug: 1830002 Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb --- keystonemiddleware/auth_token/_opts.py | 4 ++-- .../unit/auth_token/test_auth_token_middleware.py | 6 +++--- ...ge-default-identity-endpoint-fab39579255c31bb.yaml | 11 +++++++++++ 3 files changed, 16 insertions(+), 5 deletions(-) create mode 100644 releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml diff --git a/keystonemiddleware/auth_token/_opts.py b/keystonemiddleware/auth_token/_opts.py index 6231b6db..73debbb9 100644 --- a/keystonemiddleware/auth_token/_opts.py +++ b/keystonemiddleware/auth_token/_opts.py @@ -68,9 +68,9 @@ _OPTS = [ cfg.StrOpt('auth_version', help='API version of the Identity API endpoint.'), cfg.StrOpt('interface', - default='admin', + default='internal', help='Interface to use for the Identity API endpoint. Valid' - ' values are "public", "internal" or "admin"(default).'), + ' values are "public", "internal" (default) or "admin".'), cfg.BoolOpt('delay_auth_decision', default=False, help='Do not handle authorization requests within the' diff --git a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py index 9ea80770..25fbf73d 100644 --- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py +++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py @@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest, west_versions = fixture.DiscoveryList(href=west_url) s = token.add_service('identity') - s.add_endpoint(interface='admin', url=east_url, region='east') - s.add_endpoint(interface='admin', url=west_url, region='west') + s.add_endpoint(interface='internal', url=east_url, region='east') + s.add_endpoint(interface='internal', url=west_url, region='west') self.requests_mock.get(auth_url, json=auth_versions) self.requests_mock.get(east_url, json=east_versions) @@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest): admin_token_id = uuid.uuid4().hex admin_token = fixture.V3Token(project_id=self.project_id) s = admin_token.add_service('identity', name='keystone') - s.add_standard_endpoints(admin=self.KEYSTONE_URL) + s.add_standard_endpoints(internal=self.KEYSTONE_URL) self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL, json=admin_token, diff --git a/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml new file mode 100644 index 00000000..48e9506d --- /dev/null +++ b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml @@ -0,0 +1,11 @@ +--- +prelude: > + Since the removal of the Identity API v2 Keystone no longer has any + special functionality that requires using the admin endpoint for it. So + this release changes the default endpoint being used from ``admin`` to + ``internal``, allowing deployments to work without an admin endpoint. +upgrade: + - | + [`bug 1830002 `_] + The default Identity endpoint has been changed from ``admin`` to + ``internal``.