Juju Charms Collection
keystone package

Merge lp:~james-page/charms/trusty/keystone/bug-1371795 into lp:~openstack-charmers-archive/charms/trusty/keystone/next

  1. Trusty Tahr (14.04)
  2. bug-1371795
  3. Merge into next
Proposed by James Page
Status: Merged
Merged at revision: 81
Proposed branch: lp:~james-page/charms/trusty/keystone/bug-1371795
Merge into: lp:~openstack-charmers-archive/charms/trusty/keystone/next
Diff against target: 103 lines (+33/-22)
3 files modified
hooks/keystone_context.py (+15/-1)
hooks/keystone_utils.py (+12/-17)
templates/icehouse/keystone.conf (+6/-4)
To merge this branch: bzr merge lp:~james-page/charms/trusty/keystone/bug-1371795
Reviewer Review Type Date Requested Status
OpenStack Charmers Pending
Review via email: mp+235428@code.launchpad.net

Description of the change

Fixup keystone responses to unauthenticated requests when running under https

To post a comment you must log in.
Revision history for this message
Corey Bryant (corey.bryant) wrote :

The code looks good, I just have one comment inline below about adding a test. What is the minimal additional setup for getting up and running with https endpoints? Do I just need use-https = 'yes' and https-service-endpoints = 'true' for keystone?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'hooks/keystone_context.py'
--- hooks/keystone_context.py 2014-08-12 05:39:51 +0000
+++ hooks/keystone_context.py 2014-09-22 08:44:18 +0000
@@ -94,7 +94,11 @@
94 interfaces = []94 interfaces = []
9595
96 def __call__(self):96 def __call__(self):
97 from keystone_utils import api_port, set_admin_token97 from keystone_utils import (
98 api_port, set_admin_token,
99 endpoint_url, resolve_address,
100 PUBLIC, ADMIN
101 )
98 ctxt = {}102 ctxt = {}
99 ctxt['token'] = set_admin_token(config('admin-token'))103 ctxt['token'] = set_admin_token(config('admin-token'))
100 ctxt['admin_port'] = determine_api_port(api_port('keystone-admin'))104 ctxt['admin_port'] = determine_api_port(api_port('keystone-admin'))
@@ -116,4 +120,14 @@
116120
117 if config('enable-pki') not in ['false', 'False', 'no', 'No']:121 if config('enable-pki') not in ['false', 'False', 'no', 'No']:
118 ctxt['signing'] = True122 ctxt['signing'] = True
123
124 # Base endpoint URL's which are used in keystone responses
125 # to unauthenticated requests to redirect clients to the
126 # correct auth URL.
127 ctxt['public_endpoint'] = endpoint_url(
128 resolve_address(PUBLIC),
129 api_port('keystone-public')).rstrip('v2.0')
130 ctxt['admin_endpoint'] = endpoint_url(
131 resolve_address(ADMIN),
132 api_port('keystone-admin')).rstrip('v2.0')
119 return ctxt133 return ctxt
120134
=== modified file 'hooks/keystone_utils.py'
--- hooks/keystone_utils.py 2014-09-05 15:24:44 +0000
+++ hooks/keystone_utils.py 2014-09-22 08:44:18 +0000
@@ -495,26 +495,21 @@
495 auth_port=config("admin-port"),495 auth_port=config("admin-port"),
496 region=region)496 region=region)
497497
498def endpoint_url(ip, port):
499 proto = 'http'
500 if https():
501 proto = 'https'
502 if is_ipv6(ip):
503 ip = "[{}]".format(ip)
504 return "%s://%s:%s/v2.0" % (proto, ip, port)
505
498506
499def create_keystone_endpoint(public_ip, service_port,507def create_keystone_endpoint(public_ip, service_port,
500 internal_ip, admin_ip, auth_port, region):508 internal_ip, admin_ip, auth_port, region):
501 proto = 'http'509 create_endpoint_template(region, "keystone",
502 if https():510 endpoint_url(public_ip, service_port),
503 log("Setting https keystone endpoint")511 endpoint_url(admin_ip, auth_port),
504 proto = 'https'512 endpoint_url(internal_ip, service_port))
505
506 if is_ipv6(public_ip):
507 public_ip = "[{}]".format(public_ip)
508 if is_ipv6(internal_ip):
509 internal_ip = "[{}]".format(internal_ip)
510 if is_ipv6(admin_ip):
511 admin_ip = "[{}]".format(admin_ip)
512
513 public_url = "%s://%s:%s/v2.0" % (proto, public_ip, service_port)
514 admin_url = "%s://%s:%s/v2.0" % (proto, admin_ip, auth_port)
515 internal_url = "%s://%s:%s/v2.0" % (proto, internal_ip, service_port)
516 create_endpoint_template(region, "keystone", public_url,
517 admin_url, internal_url)
518513
519514
520def update_user_password(username, password):515def update_user_password(username, password):
521516
=== modified file 'templates/icehouse/keystone.conf'
--- templates/icehouse/keystone.conf 2014-08-12 05:39:51 +0000
+++ templates/icehouse/keystone.conf 2014-09-22 08:44:18 +0000
@@ -11,6 +11,8 @@
11log_config = /etc/keystone/logging.conf11log_config = /etc/keystone/logging.conf
12debug = {{ debug }}12debug = {{ debug }}
13verbose = {{ verbose }}13verbose = {{ verbose }}
14public_endpoint = {{ public_endpoint }}
15admin_endpoint = {{ admin_endpoint }}
1416
15[database]17[database]
16{% if database_host -%}18{% if database_host -%}
@@ -74,11 +76,11 @@
74password = {{ ldap_password }}76password = {{ ldap_password }}
75suffix = {{ ldap_suffix }}77suffix = {{ ldap_suffix }}
7678
77{% if ldap_config_flags -%} 79{% if ldap_config_flags -%}
78{% for key, value in ldap_config_flags.iteritems() -%} 80{% for key, value in ldap_config_flags.iteritems() -%}
79{{ key }} = {{ value }}81{{ key }} = {{ value }}
80{% endfor -%} 82{% endfor -%}
81{% endif -%} 83{% endif -%}
8284
83{% if ldap_readonly -%}85{% if ldap_readonly -%}
84user_allow_create = False86user_allow_create = False

Subscribers

People subscribed via source and target branches