Change the default Identity endpoint to internal

In [0] the ``interface``option was added in order to allow the Identity endpoint that is being used when validating tokens to be configured by the deployer. Change the default to using the internal endpoint, as that should be what most deployments will end up using. [0] https://review.opendev.org/651790 Depends-On: https://review.opendev.org/651492 Closes-Bug: 1830002 Change-Id: I0ce8b6d8cd408c7fac8107972e7be70839e337fb
2019-06-03 11:05:29 +00:00 · 2019-06-03 11:05:29 +00:00 · 8f9a596fff
commit 8f9a596fff
parent f6037a3d50
3 changed files with 16 additions and 5 deletions
--- a/keystonemiddleware/auth_token/_opts.py
+++ b/keystonemiddleware/auth_token/_opts.py
@ -68,9 +68,9 @@ _OPTS = [
    cfg.StrOpt('auth_version',
               help='API version of the Identity API endpoint.'),
    cfg.StrOpt('interface',
-               default='admin',
+               default='internal',
               help='Interface to use for the Identity API endpoint. Valid'
-               ' values are "public", "internal" or "admin"(default).'),
+               ' values are "public", "internal" (default) or "admin".'),
    cfg.BoolOpt('delay_auth_decision',
                default=False,
                help='Do not handle authorization requests within the'
--- a/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
+++ b/keystonemiddleware/tests/unit/auth_token/test_auth_token_middleware.py
@ -513,8 +513,8 @@ class GeneralAuthTokenMiddlewareTest(BaseAuthTokenMiddlewareTest,
        west_versions = fixture.DiscoveryList(href=west_url)

        s = token.add_service('identity')
-        s.add_endpoint(interface='admin', url=east_url, region='east')
-        s.add_endpoint(interface='admin', url=west_url, region='west')
+        s.add_endpoint(interface='internal', url=east_url, region='east')
+        s.add_endpoint(interface='internal', url=west_url, region='west')

        self.requests_mock.get(auth_url, json=auth_versions)
        self.requests_mock.get(east_url, json=east_versions)
@ -2261,7 +2261,7 @@ class AuthProtocolLoadingTests(BaseAuthTokenMiddlewareTest):
        admin_token_id = uuid.uuid4().hex
        admin_token = fixture.V3Token(project_id=self.project_id)
        s = admin_token.add_service('identity', name='keystone')
-        s.add_standard_endpoints(admin=self.KEYSTONE_URL)
+        s.add_standard_endpoints(internal=self.KEYSTONE_URL)

        self.requests_mock.post('%s/v3/auth/tokens' % self.AUTH_URL,
                                json=admin_token,
--- a/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml
+++ b/releasenotes/notes/change-default-identity-endpoint-fab39579255c31bb.yaml
@ -0,0 +1,11 @@
+---
+prelude: >
+    Since the removal of the Identity API v2 Keystone no longer has any
+    special functionality that requires using the admin endpoint for it. So
+    this release changes the default endpoint being used from ``admin`` to
+    ``internal``, allowing deployments to work without an admin endpoint.
+upgrade:
+  - |
+    [`bug 1830002 <https://bugs.launchpad.net/keystonemiddleware/+bug/1830002>`_]
+    The default Identity endpoint has been changed from ``admin`` to
+    ``internal``.