Browse code
Use keystone v3 API for projects
Always use the keystone v3 API for project creation. Make domain a
required argument. Whilst we could simply default this value within the
function I think it's better to make this explicit as these are things
deployers and services need to consider.
In future we will want to figure out how we want devstack to organize domains
however I don't believe that it belongs in this patch.
Change-Id: Ib9587193c5c8419dc4b5a608246709baaddd2a52
Implements: bp keystonev3
Jamie Lennox authored on 2015/05/29 08:36:15Showing 5 changed files
| ... | ... |
@@ -720,18 +720,15 @@ function get_or_create_user {
|
| 720 | 720 |
} |
| 721 | 721 |
|
| 722 | 722 |
# Gets or creates project |
| 723 |
-# Usage: get_or_create_project <name> [<domain>] |
|
| 723 |
+# Usage: get_or_create_project <name> <domain> |
|
| 724 | 724 |
function get_or_create_project {
|
| 725 |
- # Gets project id |
|
| 726 |
- local os_cmd="openstack" |
|
| 727 |
- local domain="" |
|
| 728 |
- if [[ ! -z "$2" ]]; then |
|
| 729 |
- domain="--domain=$2" |
|
| 730 |
- os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3" |
|
| 731 |
- fi |
|
| 732 | 725 |
local project_id=$( |
| 733 | 726 |
# Creates new project with --or-show |
| 734 |
- $os_cmd project create $1 $domain --or-show -f value -c id |
|
| 727 |
+ openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
| 728 |
+ --os-identity-api-version=3 \ |
|
| 729 |
+ project create $1 \ |
|
| 730 |
+ --domain=$2 \ |
|
| 731 |
+ --or-show -f value -c id |
|
| 735 | 732 |
) |
| 736 | 733 |
echo $project_id |
| 737 | 734 |
} |
| ... | ... |
@@ -366,7 +366,7 @@ function configure_ironic_conductor {
|
| 366 | 366 |
fi |
| 367 | 367 |
iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
|
| 368 | 368 |
iniset $IRONIC_CONF_FILE glance swift_api_version v1 |
| 369 |
- local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME) |
|
| 369 |
+ local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default) |
|
| 370 | 370 |
iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
|
| 371 | 371 |
iniset $IRONIC_CONF_FILE glance swift_container glance |
| 372 | 372 |
iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600 |
| ... | ... |
@@ -357,13 +357,13 @@ function configure_keystone_extensions {
|
| 357 | 357 |
function create_keystone_accounts {
|
| 358 | 358 |
|
| 359 | 359 |
# admin |
| 360 |
- local admin_tenant=$(get_or_create_project "admin") |
|
| 360 |
+ local admin_tenant=$(get_or_create_project "admin" default) |
|
| 361 | 361 |
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD") |
| 362 | 362 |
local admin_role=$(get_or_create_role "admin") |
| 363 | 363 |
get_or_add_user_project_role $admin_role $admin_user $admin_tenant |
| 364 | 364 |
|
| 365 | 365 |
# Create service project/role |
| 366 |
- get_or_create_project "$SERVICE_TENANT_NAME" |
|
| 366 |
+ get_or_create_project "$SERVICE_TENANT_NAME" default |
|
| 367 | 367 |
|
| 368 | 368 |
# Service role, so service users do not have to be admins |
| 369 | 369 |
get_or_create_role service |
| ... | ... |
@@ -382,10 +382,10 @@ function create_keystone_accounts {
|
| 382 | 382 |
local another_role=$(get_or_create_role "anotherrole") |
| 383 | 383 |
|
| 384 | 384 |
# invisible tenant - admin can't see this one |
| 385 |
- local invis_tenant=$(get_or_create_project "invisible_to_admin") |
|
| 385 |
+ local invis_tenant=$(get_or_create_project "invisible_to_admin" default) |
|
| 386 | 386 |
|
| 387 | 387 |
# demo |
| 388 |
- local demo_tenant=$(get_or_create_project "demo") |
|
| 388 |
+ local demo_tenant=$(get_or_create_project "demo" default) |
|
| 389 | 389 |
local demo_user=$(get_or_create_user "demo" \ |
| 390 | 390 |
"$ADMIN_PASSWORD" "demo@example.com") |
| 391 | 391 |
|
| ... | ... |
@@ -616,7 +616,7 @@ function create_swift_accounts {
|
| 616 | 616 |
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s" |
| 617 | 617 |
fi |
| 618 | 618 |
|
| 619 |
- local swift_tenant_test1=$(get_or_create_project swifttenanttest1) |
|
| 619 |
+ local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default) |
|
| 620 | 620 |
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1" |
| 621 | 621 |
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com") |
| 622 | 622 |
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1" |
| ... | ... |
@@ -626,7 +626,7 @@ function create_swift_accounts {
|
| 626 | 626 |
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3" |
| 627 | 627 |
get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1 |
| 628 | 628 |
|
| 629 |
- local swift_tenant_test2=$(get_or_create_project swifttenanttest2) |
|
| 629 |
+ local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default) |
|
| 630 | 630 |
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2" |
| 631 | 631 |
|
| 632 | 632 |
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com") |
| ... | ... |
@@ -546,7 +546,7 @@ function create_tempest_accounts {
|
| 546 | 546 |
if is_service_enabled tempest; then |
| 547 | 547 |
# Tempest has some tests that validate various authorization checks |
| 548 | 548 |
# between two regular users in separate tenants |
| 549 |
- get_or_create_project alt_demo |
|
| 549 |
+ get_or_create_project alt_demo default |
|
| 550 | 550 |
get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com" |
| 551 | 551 |
get_or_add_user_project_role Member alt_demo alt_demo |
| 552 | 552 |
fi |