Browse code
Fixes LP #996571 - Alternate Tempest user
Adds an alternate user to Keystone for Tempest
Tempest has a number of tests that are skipped if
the compute.alt_username is the same as compute.username
or None. Here, we modify files/keystone_data.sh to add
an additional regular user called alt_demo if Tempest
is enabled in stackrc. We also make corresponding changes
to the tools/configure_tempest.sh script to make use
of this alternate user credential
Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3
Jay Pipes authored on 2012/05/11 00:21:22Showing 2 changed files
| ... | ... |
@@ -12,6 +12,8 @@ |
| 12 | 12 |
# demo admin admin |
| 13 | 13 |
# demo demo Member, anotherrole |
| 14 | 14 |
# invisible_to_admin demo Member |
| 15 |
+# Tempest Only: |
|
| 16 |
+# alt_demo alt_demo Member |
|
| 15 | 17 |
# |
| 16 | 18 |
# Variables set before calling this script: |
| 17 | 19 |
# SERVICE_TOKEN - aka admin_token in keystone.conf |
| ... | ... |
@@ -116,3 +118,13 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then |
| 116 | 116 |
--user $QUANTUM_USER \ |
| 117 | 117 |
--role $ADMIN_ROLE |
| 118 | 118 |
fi |
| 119 |
+ |
|
| 120 |
+if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then |
|
| 121 |
+ # Tempest has some tests that validate various authorization checks |
|
| 122 |
+ # between two regular users in separate tenants |
|
| 123 |
+ ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo) |
|
| 124 |
+ ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \ |
|
| 125 |
+ --pass="$ADMIN_PASSWORD" \ |
|
| 126 |
+ --email=alt_demo@example.com) |
|
| 127 |
+ keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT |
|
| 128 |
+fi |
| ... | ... |
@@ -93,6 +93,10 @@ fi |
| 93 | 93 |
# copy every time, because the image UUIDS are going to change |
| 94 | 94 |
cp $TEMPEST_CONF.tpl $TEMPEST_CONF |
| 95 | 95 |
|
| 96 |
+ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
|
| 97 |
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|
| 98 |
+ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
|
|
| 99 |
+ |
|
| 96 | 100 |
IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False}
|
| 97 | 101 |
IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1}
|
| 98 | 102 |
IDENTITY_PORT=${IDENTITY_PORT:-5000}
|
| ... | ... |
@@ -107,22 +111,18 @@ IDENTITY_STRATEGY=${IDENTITY_STRATEGY:-keystone}
|
| 107 | 107 |
# OS_USERNAME et all should be defined in openrc. |
| 108 | 108 |
OS_USERNAME=${OS_USERNAME:-demo}
|
| 109 | 109 |
OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
|
| 110 |
-OS_PASSWORD=${OS_PASSWORD:-secrete}
|
|
| 110 |
+OS_PASSWORD=${OS_PASSWORD:$ADMIN_PASSWORD}
|
|
| 111 | 111 |
|
| 112 |
-# TODO(jaypipes): Support multiple regular user accounts instead |
|
| 113 |
-# of using the same regular user account for the alternate user... |
|
| 114 |
-ALT_USERNAME=$OS_USERNAME |
|
| 112 |
+# See files/keystone_data.sh where alt_demo user |
|
| 113 |
+# and tenant are set up... |
|
| 114 |
+ALT_USERNAME=${ALT_USERNAME:-alt_demo}
|
|
| 115 |
+ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
|
|
| 115 | 116 |
ALT_PASSWORD=$OS_PASSWORD |
| 116 |
-ALT_TENANT_NAME=$OS_TENANT_NAME |
|
| 117 | 117 |
|
| 118 | 118 |
# TODO(jaypipes): Support configurable flavor refs here... |
| 119 | 119 |
FLAVOR_REF=1 |
| 120 | 120 |
FLAVOR_REF_ALT=2 |
| 121 | 121 |
|
| 122 |
-ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
|
| 123 |
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|
| 124 |
-ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
|
|
| 125 |
- |
|
| 126 | 122 |
# Do any of the following need to be configurable? |
| 127 | 123 |
COMPUTE_CATALOG_TYPE=compute |
| 128 | 124 |
COMPUTE_CREATE_IMAGE_ENABLED=True |