The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.
Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
... | ... |
@@ -180,8 +180,7 @@ function create_tuskar_accounts { |
180 | 180 |
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") |
181 | 181 |
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") |
182 | 182 |
|
183 |
- local tuskar_user=$(get_or_create_user "tuskar" \ |
|
184 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
183 |
+ local tuskar_user=$(get_or_create_user "tuskar" "$SERVICE_PASSWORD") |
|
185 | 184 |
get_or_add_user_role $admin_role $tuskar_user $service_tenant |
186 | 185 |
|
187 | 186 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -860,17 +860,17 @@ function get_or_create_group { |
860 | 860 |
} |
861 | 861 |
|
862 | 862 |
# Gets or creates user |
863 |
-# Usage: get_or_create_user <username> <password> <project> [<email> [<domain>]] |
|
863 |
+# Usage: get_or_create_user <username> <password> [<email> [<domain>]] |
|
864 | 864 |
function get_or_create_user { |
865 |
- if [[ ! -z "$4" ]]; then |
|
866 |
- local email="--email=$4" |
|
865 |
+ if [[ ! -z "$3" ]]; then |
|
866 |
+ local email="--email=$3" |
|
867 | 867 |
else |
868 | 868 |
local email="" |
869 | 869 |
fi |
870 | 870 |
local os_cmd="openstack" |
871 | 871 |
local domain="" |
872 |
- if [[ ! -z "$5" ]]; then |
|
873 |
- domain="--domain=$5" |
|
872 |
+ if [[ ! -z "$4" ]]; then |
|
873 |
+ domain="--domain=$4" |
|
874 | 874 |
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3" |
875 | 875 |
fi |
876 | 876 |
# Gets user id |
... | ... |
@@ -879,7 +879,6 @@ function get_or_create_user { |
879 | 879 |
$os_cmd user create \ |
880 | 880 |
$1 \ |
881 | 881 |
--password "$2" \ |
882 |
- --project $3 \ |
|
883 | 882 |
$email \ |
884 | 883 |
$domain \ |
885 | 884 |
--or-show \ |
... | ... |
@@ -110,8 +110,7 @@ function create_ceilometer_accounts { |
110 | 110 |
|
111 | 111 |
# Ceilometer |
112 | 112 |
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then |
113 |
- local ceilometer_user=$(get_or_create_user "ceilometer" \ |
|
114 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
113 |
+ local ceilometer_user=$(get_or_create_user "ceilometer" "$SERVICE_PASSWORD") |
|
115 | 114 |
get_or_add_user_role $admin_role $ceilometer_user $service_tenant |
116 | 115 |
|
117 | 116 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -348,8 +348,7 @@ function create_cinder_accounts { |
348 | 348 |
# Cinder |
349 | 349 |
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then |
350 | 350 |
|
351 |
- local cinder_user=$(get_or_create_user "cinder" \ |
|
352 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
351 |
+ local cinder_user=$(get_or_create_user "cinder" "$SERVICE_PASSWORD") |
|
353 | 352 |
get_or_add_user_role $admin_role $cinder_user $service_tenant |
354 | 353 |
|
355 | 354 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -232,15 +232,14 @@ function configure_glance { |
232 | 232 |
function create_glance_accounts { |
233 | 233 |
if is_service_enabled g-api; then |
234 | 234 |
|
235 |
- local glance_user=$(get_or_create_user "glance" \ |
|
236 |
- "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME) |
|
235 |
+ local glance_user=$(get_or_create_user "glance" "$SERVICE_PASSWORD") |
|
237 | 236 |
get_or_add_user_role service $glance_user $SERVICE_TENANT_NAME |
238 | 237 |
|
239 | 238 |
# required for swift access |
240 | 239 |
if is_service_enabled s-proxy; then |
241 | 240 |
|
242 | 241 |
local glance_swift_user=$(get_or_create_user "glance-swift" \ |
243 |
- "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com") |
|
242 |
+ "$SERVICE_PASSWORD" "glance-swift@example.com") |
|
244 | 243 |
get_or_add_user_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME |
245 | 244 |
fi |
246 | 245 |
|
... | ... |
@@ -243,8 +243,7 @@ function create_heat_accounts { |
243 | 243 |
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") |
244 | 244 |
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") |
245 | 245 |
|
246 |
- local heat_user=$(get_or_create_user "heat" \ |
|
247 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
246 |
+ local heat_user=$(get_or_create_user "heat" "$SERVICE_PASSWORD") |
|
248 | 247 |
get_or_add_user_role $admin_role $heat_user $service_tenant |
249 | 248 |
|
250 | 249 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -365,8 +365,7 @@ function create_ironic_accounts { |
365 | 365 |
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then |
366 | 366 |
# Get ironic user if exists |
367 | 367 |
|
368 |
- local ironic_user=$(get_or_create_user "ironic" \ |
|
369 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
368 |
+ local ironic_user=$(get_or_create_user "ironic" "$SERVICE_PASSWORD") |
|
370 | 369 |
get_or_add_user_role $admin_role $ironic_user $service_tenant |
371 | 370 |
|
372 | 371 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -362,8 +362,7 @@ function create_keystone_accounts { |
362 | 362 |
|
363 | 363 |
# admin |
364 | 364 |
local admin_tenant=$(get_or_create_project "admin") |
365 |
- local admin_user=$(get_or_create_user "admin" \ |
|
366 |
- "$ADMIN_PASSWORD" "$admin_tenant") |
|
365 |
+ local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD") |
|
367 | 366 |
local admin_role=$(get_or_create_role "admin") |
368 | 367 |
get_or_add_user_role $admin_role $admin_user $admin_tenant |
369 | 368 |
|
... | ... |
@@ -392,7 +391,7 @@ function create_keystone_accounts { |
392 | 392 |
# demo |
393 | 393 |
local demo_tenant=$(get_or_create_project "demo") |
394 | 394 |
local demo_user=$(get_or_create_user "demo" \ |
395 |
- "$ADMIN_PASSWORD" "$demo_tenant" "demo@example.com") |
|
395 |
+ "$ADMIN_PASSWORD" "demo@example.com") |
|
396 | 396 |
|
397 | 397 |
get_or_add_user_role $member_role $demo_user $demo_tenant |
398 | 398 |
get_or_add_user_role $admin_role $admin_user $demo_tenant |
... | ... |
@@ -513,8 +513,7 @@ function create_neutron_accounts { |
513 | 513 |
|
514 | 514 |
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then |
515 | 515 |
|
516 |
- local neutron_user=$(get_or_create_user "neutron" \ |
|
517 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
516 |
+ local neutron_user=$(get_or_create_user "neutron" "$SERVICE_PASSWORD") |
|
518 | 517 |
get_or_add_user_role $service_role $neutron_user $service_tenant |
519 | 518 |
|
520 | 519 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -359,8 +359,7 @@ function create_nova_accounts { |
359 | 359 |
# Nova |
360 | 360 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
361 | 361 |
|
362 |
- local nova_user=$(get_or_create_user "nova" \ |
|
363 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
362 |
+ local nova_user=$(get_or_create_user "nova" "$SERVICE_PASSWORD") |
|
364 | 363 |
get_or_add_user_role $admin_role $nova_user $service_tenant |
365 | 364 |
|
366 | 365 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -64,8 +64,7 @@ function create_sahara_accounts { |
64 | 64 |
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") |
65 | 65 |
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") |
66 | 66 |
|
67 |
- local sahara_user=$(get_or_create_user "sahara" \ |
|
68 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
67 |
+ local sahara_user=$(get_or_create_user "sahara" "$SERVICE_PASSWORD") |
|
69 | 68 |
get_or_add_user_role $admin_role $sahara_user $service_tenant |
70 | 69 |
|
71 | 70 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -594,8 +594,7 @@ function create_swift_accounts { |
594 | 594 |
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }") |
595 | 595 |
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }") |
596 | 596 |
|
597 |
- local swift_user=$(get_or_create_user "swift" \ |
|
598 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
597 |
+ local swift_user=$(get_or_create_user "swift" "$SERVICE_PASSWORD") |
|
599 | 598 |
get_or_add_user_role $admin_role $swift_user $service_tenant |
600 | 599 |
|
601 | 600 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -611,21 +610,18 @@ function create_swift_accounts { |
611 | 611 |
|
612 | 612 |
local swift_tenant_test1=$(get_or_create_project swifttenanttest1) |
613 | 613 |
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1" |
614 |
- SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \ |
|
615 |
- "$swift_tenant_test1" "test@example.com") |
|
614 |
+ SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com") |
|
616 | 615 |
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" |
617 | 616 |
get_or_add_user_role $admin_role $SWIFT_USER_TEST1 $swift_tenant_test1 |
618 | 617 |
|
619 |
- local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \ |
|
620 |
- "$swift_tenant_test1" "test3@example.com") |
|
618 |
+ local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com") |
|
621 | 619 |
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3" |
622 | 620 |
get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1 |
623 | 621 |
|
624 | 622 |
local swift_tenant_test2=$(get_or_create_project swifttenanttest2) |
625 | 623 |
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2" |
626 | 624 |
|
627 |
- local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \ |
|
628 |
- "$swift_tenant_test2" "test2@example.com") |
|
625 |
+ local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com") |
|
629 | 626 |
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2" |
630 | 627 |
get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2 |
631 | 628 |
|
... | ... |
@@ -634,8 +630,8 @@ function create_swift_accounts { |
634 | 634 |
|
635 | 635 |
local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain) |
636 | 636 |
die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4" |
637 |
- local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \ |
|
638 |
- $swift_tenant_test4 "test4@example.com" $swift_domain) |
|
637 |
+ |
|
638 |
+ local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain) |
|
639 | 639 |
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4" |
640 | 640 |
get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4 |
641 | 641 |
} |
... | ... |
@@ -502,7 +502,7 @@ function create_tempest_accounts { |
502 | 502 |
# Tempest has some tests that validate various authorization checks |
503 | 503 |
# between two regular users in separate tenants |
504 | 504 |
get_or_create_project alt_demo |
505 |
- get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com" |
|
505 |
+ get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com" |
|
506 | 506 |
get_or_add_user_role Member alt_demo alt_demo |
507 | 507 |
fi |
508 | 508 |
} |
... | ... |
@@ -84,8 +84,7 @@ function create_trove_accounts { |
84 | 84 |
|
85 | 85 |
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then |
86 | 86 |
|
87 |
- local trove_user=$(get_or_create_user "trove" \ |
|
88 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
87 |
+ local trove_user=$(get_or_create_user "trove" "$SERVICE_PASSWORD") |
|
89 | 88 |
get_or_add_user_role $service_role $trove_user $service_tenant |
90 | 89 |
|
91 | 90 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
... | ... |
@@ -218,8 +218,7 @@ function create_zaqar_accounts { |
218 | 218 |
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") |
219 | 219 |
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") |
220 | 220 |
|
221 |
- local zaqar_user=$(get_or_create_user "zaqar" \ |
|
222 |
- "$SERVICE_PASSWORD" $service_tenant) |
|
221 |
+ local zaqar_user=$(get_or_create_user "zaqar" "$SERVICE_PASSWORD") |
|
223 | 222 |
get_or_add_user_role $ADMIN_ROLE $zaqar_user $service_tenant |
224 | 223 |
|
225 | 224 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |