Browse code
Merge "Reduce service user permissions"
Jenkins authored on 2015/02/12 00:55:40Showing 8 changed files
| ... | ... |
@@ -108,7 +108,7 @@ function create_ceilometer_accounts {
|
| 108 | 108 |
# Ceilometer |
| 109 | 109 |
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then |
| 110 | 110 |
|
| 111 |
- create_service_user "ceilometer" "admin" |
|
| 111 |
+ create_service_user "ceilometer" |
|
| 112 | 112 |
|
| 113 | 113 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 114 | 114 |
local ceilometer_service=$(get_or_create_service "ceilometer" \ |
| ... | ... |
@@ -362,7 +362,7 @@ function create_ironic_accounts {
|
| 362 | 362 |
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then |
| 363 | 363 |
# Get ironic user if exists |
| 364 | 364 |
|
| 365 |
- create_service_user "ironic" "admin" |
|
| 365 |
+ create_service_user "ironic" |
|
| 366 | 366 |
|
| 367 | 367 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 368 | 368 |
|
| ... | ... |
@@ -356,6 +356,8 @@ function create_nova_accounts {
|
| 356 | 356 |
# Nova |
| 357 | 357 |
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then |
| 358 | 358 |
|
| 359 |
+ # NOTE(jamielennox): Nova doesn't need the admin role here, however neutron uses |
|
| 360 |
+ # this service user when notifying nova of changes and that requires the admin role. |
|
| 359 | 361 |
create_service_user "nova" "admin" |
| 360 | 362 |
|
| 361 | 363 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| ... | ... |
@@ -603,7 +603,7 @@ function create_swift_accounts {
|
| 603 | 603 |
|
| 604 | 604 |
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
|
| 605 | 605 |
|
| 606 |
- create_service_user "swift" "admin" |
|
| 606 |
+ create_service_user "swift" |
|
| 607 | 607 |
|
| 608 | 608 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |
| 609 | 609 |
|