Browse code
Add devstack-system-admin for system scoped actions
Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.
Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6
Monty Taylor authored on 2019/01/09 00:29:16Showing 2 changed files
| ... | ... |
@@ -120,6 +120,17 @@ function write_clouds_yaml {
|
| 120 | 120 |
--os-password $ADMIN_PASSWORD \ |
| 121 | 121 |
--os-project-name admin |
| 122 | 122 |
|
| 123 |
+ # admin with a system-scoped token -> devstack-system |
|
| 124 |
+ $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \ |
|
| 125 |
+ --file $CLOUDS_YAML \ |
|
| 126 |
+ --os-cloud devstack-system-admin \ |
|
| 127 |
+ --os-region-name $REGION_NAME \ |
|
| 128 |
+ $CA_CERT_ARG \ |
|
| 129 |
+ --os-auth-url $KEYSTONE_SERVICE_URI \ |
|
| 130 |
+ --os-username admin \ |
|
| 131 |
+ --os-password $ADMIN_PASSWORD \ |
|
| 132 |
+ --os-system-scope all |
|
| 133 |
+ |
|
| 123 | 134 |
# CLean up any old clouds.yaml files we had laying around |
| 124 | 135 |
rm -f $(eval echo ~"$STACK_USER")/.config/openstack/clouds.yaml |
| 125 | 136 |
} |
| ... | ... |
@@ -41,12 +41,19 @@ class UpdateCloudsYaml(object): |
| 41 | 41 |
'auth_url': args.os_auth_url, |
| 42 | 42 |
'username': args.os_username, |
| 43 | 43 |
'password': args.os_password, |
| 44 |
- 'project_name': args.os_project_name, |
|
| 45 | 44 |
}, |
| 46 | 45 |
} |
| 47 |
- if args.os_identity_api_version == '3': |
|
| 46 |
+ if args.os_project_name and args.os_system_scope: |
|
| 47 |
+ print( |
|
| 48 |
+ "WARNING: os_project_name and os_system_scope were both" |
|
| 49 |
+ " given. os_system_scope will take priority.") |
|
| 50 |
+ if args.os_project_name and not args.os_system_scope: |
|
| 51 |
+ self._cloud_data['auth']['project_name'] = args.os_project_name |
|
| 52 |
+ if args.os_identity_api_version == '3' and not args.os_system_scope: |
|
| 48 | 53 |
self._cloud_data['auth']['user_domain_id'] = 'default' |
| 49 | 54 |
self._cloud_data['auth']['project_domain_id'] = 'default' |
| 55 |
+ if args.os_system_scope: |
|
| 56 |
+ self._cloud_data['auth']['system_scope'] = args.os_system_scope |
|
| 50 | 57 |
if args.os_cacert: |
| 51 | 58 |
self._cloud_data['cacert'] = args.os_cacert |
| 52 | 59 |
|
| ... | ... |
@@ -88,7 +95,8 @@ def main(): |
| 88 | 88 |
parser.add_argument('--os-auth-url', required=True)
|
| 89 | 89 |
parser.add_argument('--os-username', required=True)
|
| 90 | 90 |
parser.add_argument('--os-password', required=True)
|
| 91 |
- parser.add_argument('--os-project-name', required=True)
|
|
| 91 |
+ parser.add_argument('--os-project-name')
|
|
| 92 |
+ parser.add_argument('--os-system-scope')
|
|
| 92 | 93 |
|
| 93 | 94 |
args = parser.parse_args() |
| 94 | 95 |
|