... | ... |
@@ -87,7 +87,7 @@ function configure_horizon { |
87 | 87 |
_horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\" |
88 | 88 |
|
89 | 89 |
_horizon_config_set $local_settings "" COMPRESS_OFFLINE True |
90 |
- _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\" |
|
90 |
+ _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"member\" |
|
91 | 91 |
|
92 | 92 |
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\" |
93 | 93 |
|
... | ... |
@@ -309,30 +309,32 @@ function configure_keystone { |
309 | 309 |
# service -- -- |
310 | 310 |
# -- -- service |
311 | 311 |
# -- -- ResellerAdmin |
312 |
-# -- -- Member |
|
312 |
+# -- -- member |
|
313 | 313 |
# demo admin admin |
314 |
-# demo demo Member, anotherrole |
|
314 |
+# demo demo member, anotherrole |
|
315 | 315 |
# alt_demo admin admin |
316 |
-# alt_demo alt_demo Member, anotherrole |
|
317 |
-# invisible_to_admin demo Member |
|
316 |
+# alt_demo alt_demo member, anotherrole |
|
317 |
+# invisible_to_admin demo member |
|
318 | 318 |
|
319 | 319 |
# Group Users Roles Project |
320 | 320 |
# ------------------------------------------------------------------ |
321 | 321 |
# admins admin admin admin |
322 |
-# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo |
|
322 |
+# nonadmins demo, alt_demo member, anotherrole demo, alt_demo |
|
323 | 323 |
|
324 | 324 |
|
325 | 325 |
# Migrated from keystone_data.sh |
326 | 326 |
function create_keystone_accounts { |
327 | 327 |
|
328 |
- # The keystone bootstrapping process (performed via keystone-manage bootstrap) |
|
329 |
- # creates an admin user, admin role and admin project. As a sanity check |
|
330 |
- # we exercise the CLI to retrieve the IDs for these values. |
|
328 |
+ # The keystone bootstrapping process (performed via keystone-manage |
|
329 |
+ # bootstrap) creates an admin user, admin role, member role, and admin |
|
330 |
+ # project. As a sanity check we exercise the CLI to retrieve the IDs for |
|
331 |
+ # these values. |
|
331 | 332 |
local admin_project |
332 | 333 |
admin_project=$(openstack project show "admin" -f value -c id) |
333 | 334 |
local admin_user |
334 | 335 |
admin_user=$(openstack user show "admin" -f value -c id) |
335 | 336 |
local admin_role="admin" |
337 |
+ local member_role="member" |
|
336 | 338 |
|
337 | 339 |
get_or_add_user_domain_role $admin_role $admin_user default |
338 | 340 |
|
... | ... |
@@ -349,17 +351,6 @@ function create_keystone_accounts { |
349 | 349 |
# role is also configurable in swift-proxy.conf |
350 | 350 |
get_or_create_role ResellerAdmin |
351 | 351 |
|
352 |
- # The Member role is used by Horizon and Swift so we need to keep it: |
|
353 |
- local member_role="member" |
|
354 |
- |
|
355 |
- # Capital Member role is legacy hard coded in Horizon / Swift |
|
356 |
- # configs. Keep it around. |
|
357 |
- get_or_create_role "Member" |
|
358 |
- |
|
359 |
- # The reality is that the rest of the roles listed below honestly |
|
360 |
- # should work by symbolic names. |
|
361 |
- get_or_create_role $member_role |
|
362 |
- |
|
363 | 352 |
# another_role demonstrates that an arbitrary role may be created and used |
364 | 353 |
# TODO(sleepsonthefloor): show how this can be used for rbac in the future! |
365 | 354 |
local another_role="anotherrole" |