puppet-heat

clients_keystone/auth_uri should not default to admin URL

Bug #1763700 reported by Pierre Riteau
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
puppet-heat
Fix Released
Undecided
Pierre Riteau

Bug Description

By default, the ::heat class configures clients_keystone/auth_uri to the value of ::heat::keystone::authtoken::auth_url, which is generally the admin endpoint on port 35357.

However, since this URI can be used by non-admin clients running inside instances, such as os-collect-config, a better default value would be to use the public Keystone endpoint, as expected by Heat.

See original description
Pierre Riteau (priteau)
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to puppet-heat (master)

Fix proposed to branch: master
Review: https://review.openstack.org/561227

Changed in puppet-heat:
assignee: nobody → Pierre Riteau (priteau)
status: New → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-heat (master)

Reviewed: https://review.openstack.org/561227
Committed: https://git.openstack.org/cgit/openstack/puppet-heat/commit/?id=564b1a7234d32dcb0c31656b67069a3e0b9a6c87
Submitter: Zuul
Branch: master

commit 564b1a7234d32dcb0c31656b67069a3e0b9a6c87
Author: Pierre Riteau <email address hidden>
Date: Fri Apr 13 14:33:12 2018 +0100

    Change clients_keystone/auth_uri default to public Keystone URL

    By default, the ::heat class configures clients_keystone/auth_uri to the
    value of ::heat::keystone::authtoken::auth_url, which is generally the
    admin endpoint on port 35357.

    However, since this URI can be used by non-admin clients running inside
    instances, such as os-collect-config, a better default value would be to
    use either the public or internal Keystone endpoint, depending on the
    deployment. This commit changes the default to the public Keystone
    endpoint defined in ::heat::keystone::authtoken::www_authenticate_uri.

    It is still possible to provide a custom value using the
    heat_clients_keystone_uri parameter.

    Change-Id: Idb0f408776ef27f16a522e4443531fd97276669b
    Closes-Bug: #1763700

Changed in puppet-heat:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/puppet-heat 13.0.0

This issue was fixed in the openstack/puppet-heat 13.0.0 release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.