Juju Charms Collection
keystone package

Merge lp:~james-page/charms/trusty/keystone/bug-1371795 into lp:~openstack-charmers-archive/charms/trusty/keystone/next

Proposed by James Page on 2014-09-22

Status:

Merged

Merged at revision:

Proposed branch:

lp:~james-page/charms/trusty/keystone/bug-1371795

Merge into:

lp:~openstack-charmers-archive/charms/trusty/keystone/next

Diff against target:

103 lines (+33/-22)

3 files modified

hooks/keystone_context.py (+15/-1)
hooks/keystone_utils.py (+12/-17)
templates/icehouse/keystone.conf (+6/-4)

To merge this branch:

bzr merge lp:~james-page/charms/trusty/keystone/bug-1371795

High

Fix Released

Link a bug report

Reviewer	Review Type	Date Requested	Status
OpenStack Charmers		2014-09-22	Pending
Review via email: mp+235428@code.launchpad.net

Description of the change

Fixup keystone responses to unauthenticated requests when running under https

Revision history for this message

Corey Bryant (corey.bryant) wrote on 2014-09-24:

The code looks good, I just have one comment inline below about adding a test. What is the minimal additional setup for getting up and running with https endpoints? Do I just need use-https = 'yes' and https-service-endpoints = 'true' for keystone?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

James Page

Nobuto Murata

OpenStack Charmers

 === modified file 'hooks/keystone_context.py'
 --- hooks/keystone_context.py	2014-08-12 05:39:51 +0000
 +++ hooks/keystone_context.py	2014-09-22 08:44:18 +0000
@@ -94,7 +94,11 @@
      interfaces = []
      def __call__(self):
--        from keystone_utils import api_port, set_admin_token
++        from keystone_utils import (
++            api_port, set_admin_token,
++            endpoint_url, resolve_address,
++            PUBLIC, ADMIN
++        )
          ctxt = {}
          ctxt['token'] = set_admin_token(config('admin-token'))
          ctxt['admin_port'] = determine_api_port(api_port('keystone-admin'))
@@ -116,4 +120,14 @@
          if config('enable-pki') not in ['false', 'False', 'no', 'No']:
              ctxt['signing'] = True
++
++        # Base endpoint URL's which are used in keystone responses
++        # to unauthenticated requests to redirect clients to the
++        # correct auth URL.
++        ctxt['public_endpoint'] = endpoint_url(
++            resolve_address(PUBLIC),
++            api_port('keystone-public')).rstrip('v2.0')
++        ctxt['admin_endpoint'] = endpoint_url(
++            resolve_address(ADMIN),
++            api_port('keystone-admin')).rstrip('v2.0')
          return ctxt
 === modified file 'hooks/keystone_utils.py'
 --- hooks/keystone_utils.py	2014-09-05 15:24:44 +0000
 +++ hooks/keystone_utils.py	2014-09-22 08:44:18 +0000
@@ -495,26 +495,21 @@
                                   auth_port=config("admin-port"),
                                   region=region)
++def endpoint_url(ip, port):
++    proto = 'http'
++    if https():
++        proto = 'https'
++    if is_ipv6(ip):
++        ip = "[{}]".format(ip)
++    return "%s://%s:%s/v2.0" % (proto, ip, port)
++
  def create_keystone_endpoint(public_ip, service_port,
                               internal_ip, admin_ip, auth_port, region):
--    proto = 'http'
--    if https():
--        log("Setting https keystone endpoint")
--        proto = 'https'
--
--    if is_ipv6(public_ip):
--        public_ip = "[{}]".format(public_ip)
--    if is_ipv6(internal_ip):
--        internal_ip = "[{}]".format(internal_ip)
--    if is_ipv6(admin_ip):
--        admin_ip = "[{}]".format(admin_ip)
--
--    public_url = "%s://%s:%s/v2.0" % (proto, public_ip, service_port)
--    admin_url = "%s://%s:%s/v2.0" % (proto, admin_ip, auth_port)
--    internal_url = "%s://%s:%s/v2.0" % (proto, internal_ip, service_port)
--    create_endpoint_template(region, "keystone", public_url,
--                             admin_url, internal_url)
++    create_endpoint_template(region, "keystone",
++                             endpoint_url(public_ip, service_port),
++                             endpoint_url(admin_ip, auth_port),
++                             endpoint_url(internal_ip, service_port))
  def update_user_password(username, password):
 === modified file 'templates/icehouse/keystone.conf'
 --- templates/icehouse/keystone.conf	2014-08-12 05:39:51 +0000
 +++ templates/icehouse/keystone.conf	2014-09-22 08:44:18 +0000
@@ -11,6 +11,8 @@
  log_config = /etc/keystone/logging.conf
  debug = {{ debug }}
  verbose = {{ verbose }}
++public_endpoint = {{ public_endpoint }}
++admin_endpoint = {{ admin_endpoint }}
  [database]
  {% if database_host -%}
@@ -74,11 +76,11 @@
  password = {{ ldap_password }}
  suffix = {{ ldap_suffix }}
--{% if ldap_config_flags -%}
--{% for key, value in ldap_config_flags.iteritems() -%}
++{% if ldap_config_flags -%}
++{% for key, value in ldap_config_flags.iteritems() -%}
  {{ key }} = {{ value }}
--{% endfor -%}
--{% endif -%}
++{% endfor -%}
++{% endif -%}
  {% if ldap_readonly -%}
  user_allow_create = False

Juju Charms Collectionkeystone package

Merge lp:~james-page/charms/trusty/keystone/bug-1371795 into lp:~openstack-charmers-archive/charms/trusty/keystone/next

Commit message

Description of the change

Preview Diff

Subscribers

Juju Charms Collection
keystone package