GitList

Browse code

Use Keystone v3 API for user creation

This includes requiring a domain when creating a user. This will allow us to
control where users are created in a later patch.

Adding the token to the user creation call is required because of a bad
interaction between OpenStackClient, os-client-config and keystoneclient
when dealing with v2 authentication but v3 API calls. It will be cleaned
up when we switch to v3 credentials.

Change-Id: I6ef50fd384d423bc0f13ee1016a8bdbb0650ecd9
Implements: bp keystonev3

Jamie Lennox authored on 2015/05/29 10:08:53
Showing 6 changed files

functions-common index 33245fb..48c0c75 100644
lib/glance index 016ade3..2fae002 100644
lib/keystone index 90ff31a..c33d466 100644
lib/swift index 420350b..0cd51aa 100644
lib/tempest index 4e7133a..f3703a0 100644
stack.sh index dc79fa9..489fbe4 100755

functions-common

History View file @ 9d7e776

@@ -675,9 +675,8 @@ function get_or_create_domain {
+                     }
                      # Gets or creates group
                     -# Usage: get_or_create_group <groupname> [<domain> <description>]
                     +# Usage: get_or_create_group <groupname> <domain> [<description>]
                      function get_or_create_group {
                     -    local domain=${2:+--domain ${2}}
                          local desc="${3:-}"
                          local os_url="$KEYSTONE_SERVICE_URI_V3"
                          # Gets group id
@@ -685,34 +684,30 @@ function get_or_create_group {
                              # Creates new group with --or-show
                              openstack --os-token=$OS_TOKEN --os-url=$os_url \
                                  --os-identity-api-version=3 group create $1 \
                     -            $domain --description "$desc" --or-show \
                     +            --domain $2 --description "$desc" --or-show \
                                  -f value -c id
+                         )
                          echo $group_id
+                     }
                      # Gets or creates user
                     -# Usage: get_or_create_user <username> <password> [<email> [<domain>]]
                     +# Usage: get_or_create_user <username> <password> <domain> [<email>]
                      function get_or_create_user {
                     -    if [[ ! -z "$3" ]]; then
                     -        local email="--email=$3"
                     +    if [[ ! -z "$4" ]]; then
                     +        local email="--email=$4"
                          else
                              local email=""
                          fi
                     -    local os_cmd="openstack"
                     -    local domain=""
                     -    if [[ ! -z "$4" ]]; then
                     -        domain="--domain=$4"
                     -        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
                     -    fi
                          # Gets user id
                          local user_id=$(
                              # Creates new user with --or-show
                     -        $os_cmd user create \
                     +        openstack user create \
                                  $1 \
                                  --password "$2" \
                     +            --os-url=$KEYSTONE_SERVICE_URI_V3 \
                     +            --os-identity-api-version=3 \
                     +            --domain=$3 \
                                  $email \
                     -            $domain \
                                  --or-show \
                                  -f value -c id
+                         )

lib/glance

History View file @ 9d7e776

@@ -254,7 +254,7 @@ function create_glance_accounts {
                              if is_service_enabled s-proxy; then
                                  local glance_swift_user=$(get_or_create_user "glance-swift" \
                     -                "$SERVICE_PASSWORD" "glance-swift@example.com")
                     +                "$SERVICE_PASSWORD" "default" "glance-swift@example.com")
                                  get_or_add_user_project_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
                              fi

lib/keystone

History View file @ 9d7e776

@@ -358,7 +358,7 @@ function create_keystone_accounts {
                          # admin
                          local admin_tenant=$(get_or_create_project "admin" default)
                     -    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
                     +    local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
                          local admin_role=$(get_or_create_role "admin")
                          get_or_add_user_project_role $admin_role $admin_user $admin_tenant
@@ -387,7 +387,7 @@ function create_keystone_accounts {
                          # demo
                          local demo_tenant=$(get_or_create_project "demo" default)
                          local demo_user=$(get_or_create_user "demo" \
                     -        "$ADMIN_PASSWORD" "demo@example.com")
                     +        "$ADMIN_PASSWORD" "default" "demo@example.com")
                          get_or_add_user_project_role $member_role $demo_user $demo_tenant
                          get_or_add_user_project_role $admin_role $admin_user $demo_tenant
@@ -426,7 +426,7 @@ function create_keystone_accounts {
                      function create_service_user {
                          local role=${2:-service}
                     -    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD")
                     +    local user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
                          get_or_add_user_project_role "$role" "$user" "$SERVICE_TENANT_NAME"
+                     }

lib/swift

History View file @ 9d7e776

@@ -618,18 +618,21 @@ function create_swift_accounts {
                          local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
                          die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
                     -    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
                     +    SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
                     +                        "default" "test@example.com")
                          die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
                          get_or_add_user_project_role admin $SWIFT_USER_TEST1 $swift_tenant_test1
                     -    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
                     +    local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
                     +                                "default" "test3@example.com")
                          die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
                          get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
                          local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
                          die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
                     -    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
                     +    local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
                     +                                "default" "test2@example.com")
                          die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
                          get_or_add_user_project_role admin $swift_user_test2 $swift_tenant_test2
@@ -639,7 +642,8 @@ function create_swift_accounts {
                          local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
                          die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
                     -    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
                     +    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
                     +                                $swift_domain "test4@example.com")
                          die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
                          get_or_add_user_project_role admin $swift_user_test4 $swift_tenant_test4
+                     }

lib/tempest

History View file @ 9d7e776

@@ -547,7 +547,7 @@ function create_tempest_accounts {
                              # Tempest has some tests that validate various authorization checks
                              # between two regular users in separate tenants
                              get_or_create_project alt_demo default
                     -        get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
                     +        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
                              get_or_add_user_project_role Member alt_demo alt_demo
                          fi
+                     }

stack.sh

History View file @ 9d7e776

@@ -1006,6 +1006,9 @@ if is_service_enabled keystone; then
                          # Begone token auth
                          unset OS_TOKEN OS_URL
                     +    # force set to use v2 identity authentication even with v3 commands
                     +    export OS_AUTH_TYPE=v2password
+                    +
                          # Set up password auth credentials now that Keystone is bootstrapped
                          export OS_AUTH_URL=$SERVICE_ENDPOINT
                          export OS_TENANT_NAME=admin