...
|
...
|
@@ -39,6 +39,9 @@ HEAT_ENV_DIR=$HEAT_CONF_DIR/environment.d
|
39
|
39
|
HEAT_TEMPLATES_DIR=$HEAT_CONF_DIR/templates
|
40
|
40
|
HEAT_STACK_DOMAIN=`trueorfalse True $HEAT_STACK_DOMAIN`
|
41
|
41
|
|
|
42
|
+# other default options
|
|
43
|
+HEAT_DEFERRED_AUTH=${HEAT_DEFERRED_AUTH:-trusts}
|
|
44
|
+
|
42
|
45
|
# Tell Tempest this project is present
|
43
|
46
|
TEMPEST_SERVICES+=,heat
|
44
|
47
|
|
...
|
...
|
@@ -248,18 +251,21 @@ function create_heat_accounts {
|
248
|
248
|
# heat_stack_user role is for users created by Heat
|
249
|
249
|
openstack role create heat_stack_user
|
250
|
250
|
|
251
|
|
- # heat_stack_owner role is given to users who create Heat stacks,
|
252
|
|
- # it's the default role used by heat to delegate to the heat service
|
253
|
|
- # user (for performing deferred operations via trusts), see heat.conf
|
254
|
|
- HEAT_OWNER_ROLE=$(openstack role create \
|
255
|
|
- heat_stack_owner \
|
256
|
|
- | grep " id " | get_field 2)
|
|
251
|
+ if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
|
|
252
|
+ # heat_stack_owner role is given to users who create Heat stacks,
|
|
253
|
+ # it's the default role used by heat to delegate to the heat service
|
|
254
|
+ # user (for performing deferred operations via trusts), see heat.conf
|
|
255
|
+ HEAT_OWNER_ROLE=$(openstack role create \
|
|
256
|
+ heat_stack_owner \
|
|
257
|
+ | grep " id " | get_field 2)
|
257
|
258
|
|
258
|
|
- # Give the role to the demo and admin users so they can create stacks
|
259
|
|
- # in either of the projects created by devstack
|
260
|
|
- openstack role add $HEAT_OWNER_ROLE --project demo --user demo
|
261
|
|
- openstack role add $HEAT_OWNER_ROLE --project demo --user admin
|
262
|
|
- openstack role add $HEAT_OWNER_ROLE --project admin --user admin
|
|
259
|
+ # Give the role to the demo and admin users so they can create stacks
|
|
260
|
+ # in either of the projects created by devstack
|
|
261
|
+ openstack role add $HEAT_OWNER_ROLE --project demo --user demo
|
|
262
|
+ openstack role add $HEAT_OWNER_ROLE --project demo --user admin
|
|
263
|
+ openstack role add $HEAT_OWNER_ROLE --project admin --user admin
|
|
264
|
+ iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
|
|
265
|
+ fi
|
263
|
266
|
|
264
|
267
|
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
265
|
268
|
# Note we have to pass token/endpoint here because the current endpoint and
|