Open Stack

If you hit the root page of many of the services (keystone, glance-api, 
cinder and nova-api at least), the output will include the available 
versions and their URLs.

These URLs are more or less hardcoded, with a config override.

In keystone these are public_endpoint and admin_endpoint, in glance-api 
it is public_endpoint, etc.

This works fine for the default cases but falls down if you want to put 
a proxy in front of it, I'm testing the TLS-proxy case. The advertised 
values by default are unsecured which caused all sorts of interesting 
failures in devstack.

These values are already available in the service catalog. I can fix 
this short-term by setting values URLs in devstack but that is a hack at 
best. It should either pull the values out of the catalog with each 
request, or perhaps more performant, cache the values for some period.

Here is an example with the config options set in devstack with the 
tls-proxy service enabled:

% curl  https://localhost:5000
{"versions": {"values": [{"status": "stable", "updated": 
"2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", 
"type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", 
"links": [{"href": "https://localhost:5000/v3/", "rel": "self"}]}, 
{"status": "stable", "updated": "2014-04-17T00:00:00Z", "media-types": 
[{"base": "application/json", "type": 
"application/vnd.openstack.identity-v2.0+json"}], "id": "v2.0", "links": 
[{"href": "https://localhost:5000/v2.0/", "rel": "self"}, {"href": 
"http://docs.openstack.org/", "type": "text/html", "rel": 
"describedby"}]}]}}

Here are two reviews demonstrating the issue that are blocked because 
fixing it in the config is not the best way to fix this overall:

https://review.openstack.org/187346
https://review.openstack.org/188879

So in short, how should we address this? How will the fixes be 
coordinated, as we don't need four or five different solutions to the 
same problem?

rob