Browse code
Use `member` instead of `Member`
Keystone now provides a set of default roles in addition to `admin`
by default [0]. This is done during the `keystone-manage bootstrap`
process.
This change aligns the `Member` role override from devstack with the
`member` role provided from keystone.
[0] https://review.openstack.org/#/c/572243/
Change-Id: I3da3530aa73a8a1500116bcefdcba7b947d5e05e
Closes-Bug: 1777359
Lance Bragstad authored on 2018/06/19 00:06:48Showing 2 changed files
| ... | ... |
@@ -87,7 +87,7 @@ function configure_horizon {
|
| 87 | 87 |
_horizon_config_set $local_settings "" WEBROOT \"$HORIZON_APACHE_ROOT/\" |
| 88 | 88 |
|
| 89 | 89 |
_horizon_config_set $local_settings "" COMPRESS_OFFLINE True |
| 90 |
- _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"Member\" |
|
| 90 |
+ _horizon_config_set $local_settings "" OPENSTACK_KEYSTONE_DEFAULT_ROLE \"member\" |
|
| 91 | 91 |
|
| 92 | 92 |
_horizon_config_set $local_settings "" OPENSTACK_HOST \"${KEYSTONE_SERVICE_HOST}\"
|
| 93 | 93 |
|
| ... | ... |
@@ -309,30 +309,32 @@ function configure_keystone {
|
| 309 | 309 |
# service -- -- |
| 310 | 310 |
# -- -- service |
| 311 | 311 |
# -- -- ResellerAdmin |
| 312 |
-# -- -- Member |
|
| 312 |
+# -- -- member |
|
| 313 | 313 |
# demo admin admin |
| 314 |
-# demo demo Member, anotherrole |
|
| 314 |
+# demo demo member, anotherrole |
|
| 315 | 315 |
# alt_demo admin admin |
| 316 |
-# alt_demo alt_demo Member, anotherrole |
|
| 317 |
-# invisible_to_admin demo Member |
|
| 316 |
+# alt_demo alt_demo member, anotherrole |
|
| 317 |
+# invisible_to_admin demo member |
|
| 318 | 318 |
|
| 319 | 319 |
# Group Users Roles Project |
| 320 | 320 |
# ------------------------------------------------------------------ |
| 321 | 321 |
# admins admin admin admin |
| 322 |
-# nonadmins demo, alt_demo Member, anotherrole demo, alt_demo |
|
| 322 |
+# nonadmins demo, alt_demo member, anotherrole demo, alt_demo |
|
| 323 | 323 |
|
| 324 | 324 |
|
| 325 | 325 |
# Migrated from keystone_data.sh |
| 326 | 326 |
function create_keystone_accounts {
|
| 327 | 327 |
|
| 328 |
- # The keystone bootstrapping process (performed via keystone-manage bootstrap) |
|
| 329 |
- # creates an admin user, admin role and admin project. As a sanity check |
|
| 330 |
- # we exercise the CLI to retrieve the IDs for these values. |
|
| 328 |
+ # The keystone bootstrapping process (performed via keystone-manage |
|
| 329 |
+ # bootstrap) creates an admin user, admin role, member role, and admin |
|
| 330 |
+ # project. As a sanity check we exercise the CLI to retrieve the IDs for |
|
| 331 |
+ # these values. |
|
| 331 | 332 |
local admin_project |
| 332 | 333 |
admin_project=$(openstack project show "admin" -f value -c id) |
| 333 | 334 |
local admin_user |
| 334 | 335 |
admin_user=$(openstack user show "admin" -f value -c id) |
| 335 | 336 |
local admin_role="admin" |
| 337 |
+ local member_role="member" |
|
| 336 | 338 |
|
| 337 | 339 |
get_or_add_user_domain_role $admin_role $admin_user default |
| 338 | 340 |
|
| ... | ... |
@@ -349,17 +351,6 @@ function create_keystone_accounts {
|
| 349 | 349 |
# role is also configurable in swift-proxy.conf |
| 350 | 350 |
get_or_create_role ResellerAdmin |
| 351 | 351 |
|
| 352 |
- # The Member role is used by Horizon and Swift so we need to keep it: |
|
| 353 |
- local member_role="member" |
|
| 354 |
- |
|
| 355 |
- # Capital Member role is legacy hard coded in Horizon / Swift |
|
| 356 |
- # configs. Keep it around. |
|
| 357 |
- get_or_create_role "Member" |
|
| 358 |
- |
|
| 359 |
- # The reality is that the rest of the roles listed below honestly |
|
| 360 |
- # should work by symbolic names. |
|
| 361 |
- get_or_create_role $member_role |
|
| 362 |
- |
|
| 363 | 352 |
# another_role demonstrates that an arbitrary role may be created and used |
| 364 | 353 |
# TODO(sleepsonthefloor): show how this can be used for rbac in the future! |
| 365 | 354 |
local another_role="anotherrole" |