Browse code
Convert identity defaults to keystone v3 api
At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.
Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
Jamie Lennox authored on 2015/05/29 17:36:40Showing 2 changed files
| ... | ... |
@@ -687,16 +687,13 @@ function policy_add {
|
| 687 | 687 |
# Usage: get_or_create_domain <name> <description> |
| 688 | 688 |
function get_or_create_domain {
|
| 689 | 689 |
local domain_id |
| 690 |
- local os_url="$KEYSTONE_SERVICE_URI_V3" |
|
| 691 | 690 |
# Gets domain id |
| 692 | 691 |
domain_id=$( |
| 693 | 692 |
# Gets domain id |
| 694 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
| 695 |
- --os-identity-api-version=3 domain show $1 \ |
|
| 693 |
+ openstack domain show $1 \ |
|
| 696 | 694 |
-f value -c id 2>/dev/null || |
| 697 | 695 |
# Creates new domain |
| 698 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
| 699 |
- --os-identity-api-version=3 domain create $1 \ |
|
| 696 |
+ openstack domain create $1 \ |
|
| 700 | 697 |
--description "$2" \ |
| 701 | 698 |
-f value -c id |
| 702 | 699 |
) |
| ... | ... |
@@ -707,13 +704,11 @@ function get_or_create_domain {
|
| 707 | 707 |
# Usage: get_or_create_group <groupname> <domain> [<description>] |
| 708 | 708 |
function get_or_create_group {
|
| 709 | 709 |
local desc="${3:-}"
|
| 710 |
- local os_url="$KEYSTONE_SERVICE_URI_V3" |
|
| 711 | 710 |
local group_id |
| 712 | 711 |
# Gets group id |
| 713 | 712 |
group_id=$( |
| 714 | 713 |
# Creates new group with --or-show |
| 715 |
- openstack --os-token=$OS_TOKEN --os-url=$os_url \ |
|
| 716 |
- --os-identity-api-version=3 group create $1 \ |
|
| 714 |
+ openstack group create $1 \ |
|
| 717 | 715 |
--domain $2 --description "$desc" --or-show \ |
| 718 | 716 |
-f value -c id |
| 719 | 717 |
) |
| ... | ... |
@@ -735,8 +730,6 @@ function get_or_create_user {
|
| 735 | 735 |
openstack user create \ |
| 736 | 736 |
$1 \ |
| 737 | 737 |
--password "$2" \ |
| 738 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 739 |
- --os-identity-api-version=3 \ |
|
| 740 | 738 |
--domain=$3 \ |
| 741 | 739 |
$email \ |
| 742 | 740 |
--or-show \ |
| ... | ... |
@@ -751,9 +744,7 @@ function get_or_create_project {
|
| 751 | 751 |
local project_id |
| 752 | 752 |
project_id=$( |
| 753 | 753 |
# Creates new project with --or-show |
| 754 |
- openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 755 |
- --os-identity-api-version=3 \ |
|
| 756 |
- project create $1 \ |
|
| 754 |
+ openstack project create $1 \ |
|
| 757 | 755 |
--domain=$2 \ |
| 758 | 756 |
--or-show -f value -c id |
| 759 | 757 |
) |
| ... | ... |
@@ -767,8 +758,6 @@ function get_or_create_role {
|
| 767 | 767 |
role_id=$( |
| 768 | 768 |
# Creates role with --or-show |
| 769 | 769 |
openstack role create $1 \ |
| 770 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 771 |
- --os-identity-api-version=3 \ |
|
| 772 | 770 |
--or-show -f value -c id |
| 773 | 771 |
) |
| 774 | 772 |
echo $role_id |
| ... | ... |
@@ -781,8 +770,6 @@ function get_or_add_user_project_role {
|
| 781 | 781 |
# Gets user role id |
| 782 | 782 |
user_role_id=$(openstack role list \ |
| 783 | 783 |
--user $2 \ |
| 784 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 785 |
- --os-identity-api-version=3 \ |
|
| 786 | 784 |
--column "ID" \ |
| 787 | 785 |
--project $3 \ |
| 788 | 786 |
--column "Name" \ |
| ... | ... |
@@ -793,8 +780,6 @@ function get_or_add_user_project_role {
|
| 793 | 793 |
$1 \ |
| 794 | 794 |
--user $2 \ |
| 795 | 795 |
--project $3 \ |
| 796 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 797 |
- --os-identity-api-version=3 \ |
|
| 798 | 796 |
| grep " id " | get_field 2) |
| 799 | 797 |
fi |
| 800 | 798 |
echo $user_role_id |
| ... | ... |
@@ -806,21 +791,15 @@ function get_or_add_group_project_role {
|
| 806 | 806 |
local group_role_id |
| 807 | 807 |
# Gets group role id |
| 808 | 808 |
group_role_id=$(openstack role list \ |
| 809 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 810 |
- --os-identity-api-version=3 \ |
|
| 811 | 809 |
--group $2 \ |
| 812 | 810 |
--project $3 \ |
| 813 | 811 |
-c "ID" -f value) |
| 814 | 812 |
if [[ -z "$group_role_id" ]]; then |
| 815 | 813 |
# Adds role to group and get it |
| 816 | 814 |
openstack role add $1 \ |
| 817 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 818 |
- --os-identity-api-version=3 \ |
|
| 819 | 815 |
--group $2 \ |
| 820 | 816 |
--project $3 |
| 821 | 817 |
group_role_id=$(openstack role list \ |
| 822 |
- --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 823 |
- --os-identity-api-version=3 \ |
|
| 824 | 818 |
--group $2 \ |
| 825 | 819 |
--project $3 \ |
| 826 | 820 |
-c "ID" -f value) |
| ... | ... |
@@ -838,8 +817,6 @@ function get_or_create_service {
|
| 838 | 838 |
openstack service show $2 -f value -c id 2>/dev/null || |
| 839 | 839 |
# Creates new service if not exists |
| 840 | 840 |
openstack service create \ |
| 841 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
| 842 |
- --os-identity-api-version=3 \ |
|
| 843 | 841 |
$2 \ |
| 844 | 842 |
--name $1 \ |
| 845 | 843 |
--description="$3" \ |
| ... | ... |
@@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface {
|
| 858 | 858 |
# gets support for this, the check for the region name can be removed. |
| 859 | 859 |
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772 |
| 860 | 860 |
endpoint_id=$(openstack endpoint list \ |
| 861 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
| 862 |
- --os-identity-api-version=3 \ |
|
| 863 | 861 |
--service $1 \ |
| 864 | 862 |
--interface $2 \ |
| 865 | 863 |
--region $4 \ |
| ... | ... |
@@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface {
|
| 867 | 867 |
if [[ -z "$endpoint_id" ]]; then |
| 868 | 868 |
# Creates new endpoint |
| 869 | 869 |
endpoint_id=$(openstack endpoint create \ |
| 870 |
- --os-url $KEYSTONE_SERVICE_URI_V3 \ |
|
| 871 |
- --os-identity-api-version=3 \ |
|
| 872 | 870 |
$1 $2 $3 --region $4 -f value -c id) |
| 873 | 871 |
fi |
| 874 | 872 |
|
| ... | ... |
@@ -987,13 +987,15 @@ if is_service_enabled keystone; then |
| 987 | 987 |
start_keystone |
| 988 | 988 |
fi |
| 989 | 989 |
|
| 990 |
+ export OS_IDENTITY_API_VERSION=3 |
|
| 991 |
+ |
|
| 990 | 992 |
# Set up a temporary admin URI for Keystone |
| 991 |
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0 |
|
| 993 |
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3 |
|
| 992 | 994 |
|
| 993 | 995 |
if is_service_enabled tls-proxy; then |
| 994 | 996 |
export OS_CACERT=$INT_CA_DIR/ca-chain.pem |
| 995 | 997 |
# Until the client support is fixed, just use the internal endpoint |
| 996 |
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0 |
|
| 998 |
+ SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3 |
|
| 997 | 999 |
fi |
| 998 | 1000 |
|
| 999 | 1001 |
# Setup OpenStackClient token-endpoint auth |
| ... | ... |
@@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then |
| 1021 | 1021 |
# Begone token auth |
| 1022 | 1022 |
unset OS_TOKEN OS_URL |
| 1023 | 1023 |
|
| 1024 |
- # force set to use v2 identity authentication even with v3 commands |
|
| 1025 |
- export OS_AUTH_TYPE=v2password |
|
| 1026 |
- |
|
| 1027 | 1024 |
# Set up password auth credentials now that Keystone is bootstrapped |
| 1028 |
- export OS_AUTH_URL=$SERVICE_ENDPOINT |
|
| 1029 |
- export OS_TENANT_NAME=admin |
|
| 1025 |
+ export OS_AUTH_URL=$KEYSTONE_AUTH_URI |
|
| 1030 | 1026 |
export OS_USERNAME=admin |
| 1027 |
+ export OS_USER_DOMAIN_ID=default |
|
| 1031 | 1028 |
export OS_PASSWORD=$ADMIN_PASSWORD |
| 1029 |
+ export OS_PROJECT_NAME=admin |
|
| 1030 |
+ export OS_PROJECT_DOMAIN_ID=default |
|
| 1032 | 1031 |
export OS_REGION_NAME=$REGION_NAME |
| 1033 | 1032 |
fi |
| 1034 | 1033 |
|