Add swift user and project in non-default domain
Swift has functional tests that check access controls between users and projects in differing domains. Those tests are currently skipped by default since swift tests are configured to use keystone v2 API. In order for those tests to pass when using keystone v3 API, a user and project must be setup in a non-default domain. This patch creates a domain, and a user and project in that domain, in support of swift functional tests moving to using keystone v3 API. Changes: lib/swift - create a new domain, project and user for swift testing - add new project and user credentials to swift test config file - set correct identity service url in swift test config file according to kesytone API version functions-common - add function get_or_create_domain - modify get_or_create_user and get_or_create_project functions to optionally specify a domain Change-Id: I557de01bf196075f2f3adcdf4dd1b43756d8a0ae
This commit is contained in:
parent
572a4c4c3c
commit
24779f65a6
@ -790,38 +790,70 @@ function policy_add {
|
||||
mv ${tmpfile} ${policy_file}
|
||||
}
|
||||
|
||||
# Gets or creates a domain
|
||||
# Usage: get_or_create_domain <name> <description>
|
||||
function get_or_create_domain {
|
||||
local os_url="$KEYSTONE_SERVICE_URI/v3"
|
||||
# Gets domain id
|
||||
local domain_id=$(
|
||||
# Gets domain id
|
||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
||||
--os-identity-api-version=3 domain show $1 \
|
||||
-f value -c id 2>/dev/null ||
|
||||
# Creates new domain
|
||||
openstack --os-token=$OS_TOKEN --os-url=$os_url \
|
||||
--os-identity-api-version=3 domain create $1 \
|
||||
--description "$2" \
|
||||
-f value -c id
|
||||
)
|
||||
echo $domain_id
|
||||
}
|
||||
|
||||
# Gets or creates user
|
||||
# Usage: get_or_create_user <username> <password> <project> [<email>]
|
||||
# Usage: get_or_create_user <username> <password> <project> [<email> [<domain>]]
|
||||
function get_or_create_user {
|
||||
if [[ ! -z "$4" ]]; then
|
||||
local email="--email=$4"
|
||||
else
|
||||
local email=""
|
||||
fi
|
||||
local os_cmd="openstack"
|
||||
local domain=""
|
||||
if [[ ! -z "$5" ]]; then
|
||||
domain="--domain=$5"
|
||||
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
|
||||
fi
|
||||
# Gets user id
|
||||
local user_id=$(
|
||||
# Gets user id
|
||||
openstack user show $1 -f value -c id 2>/dev/null ||
|
||||
$os_cmd user show $1 $domain -f value -c id 2>/dev/null ||
|
||||
# Creates new user
|
||||
openstack user create \
|
||||
$os_cmd user create \
|
||||
$1 \
|
||||
--password "$2" \
|
||||
--project $3 \
|
||||
$email \
|
||||
$domain \
|
||||
-f value -c id
|
||||
)
|
||||
echo $user_id
|
||||
}
|
||||
|
||||
# Gets or creates project
|
||||
# Usage: get_or_create_project <name>
|
||||
# Usage: get_or_create_project <name> [<domain>]
|
||||
function get_or_create_project {
|
||||
# Gets project id
|
||||
local os_cmd="openstack"
|
||||
local domain=""
|
||||
if [[ ! -z "$2" ]]; then
|
||||
domain="--domain=$2"
|
||||
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
|
||||
fi
|
||||
local project_id=$(
|
||||
# Gets project id
|
||||
openstack project show $1 -f value -c id 2>/dev/null ||
|
||||
$os_cmd project show $1 $domain -f value -c id 2>/dev/null ||
|
||||
# Creates new project if not exists
|
||||
openstack project create $1 -f value -c id
|
||||
$os_cmd project create $1 $domain -f value -c id
|
||||
)
|
||||
echo $project_id
|
||||
}
|
||||
|
31
lib/swift
31
lib/swift
@ -468,13 +468,22 @@ EOF
|
||||
iniset ${testfile} func_test username3 swiftusertest3
|
||||
iniset ${testfile} func_test account2 swifttenanttest2
|
||||
iniset ${testfile} func_test username2 swiftusertest2
|
||||
iniset ${testfile} func_test account4 swifttenanttest4
|
||||
iniset ${testfile} func_test username4 swiftusertest4
|
||||
iniset ${testfile} func_test password4 testing4
|
||||
iniset ${testfile} func_test domain4 swift_test
|
||||
|
||||
if is_service_enabled key;then
|
||||
iniuncomment ${testfile} func_test auth_version
|
||||
local auth_vers=$(iniget ${testfile} func_test auth_version)
|
||||
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
|
||||
iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
|
||||
if [[ $auth_vers == "3" ]]; then
|
||||
iniset ${testfile} func_test auth_prefix /v3/
|
||||
else
|
||||
iniset ${testfile} func_test auth_prefix /v2.0/
|
||||
fi
|
||||
fi
|
||||
|
||||
local swift_log_dir=${SWIFT_DATA_DIR}/logs
|
||||
rm -rf ${swift_log_dir}
|
||||
@ -548,12 +557,13 @@ function create_swift_disk {
|
||||
# since we want to make it compatible with tempauth which use
|
||||
# underscores for separators.
|
||||
|
||||
# Tenant User Roles
|
||||
# Tenant User Roles Domain
|
||||
# ------------------------------------------------------------------
|
||||
# service swift service
|
||||
# swifttenanttest1 swiftusertest1 admin
|
||||
# swifttenanttest1 swiftusertest3 anotherrole
|
||||
# swifttenanttest2 swiftusertest2 admin
|
||||
# service swift service default
|
||||
# swifttenanttest1 swiftusertest1 admin default
|
||||
# swifttenanttest1 swiftusertest3 anotherrole default
|
||||
# swifttenanttest2 swiftusertest2 admin default
|
||||
# swifttenanttest4 swiftusertest4 admin swift_test
|
||||
|
||||
function create_swift_accounts {
|
||||
# Defines specific passwords used by tools/create_userrc.sh
|
||||
@ -562,6 +572,7 @@ function create_swift_accounts {
|
||||
export swiftusertest1_password=testing
|
||||
export swiftusertest2_password=testing2
|
||||
export swiftusertest3_password=testing3
|
||||
export swiftusertest4_password=testing4
|
||||
|
||||
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
|
||||
|
||||
@ -603,6 +614,16 @@ function create_swift_accounts {
|
||||
"$swift_tenant_test2" "test2@example.com")
|
||||
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
|
||||
get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
|
||||
|
||||
local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
|
||||
die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
|
||||
|
||||
local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
|
||||
die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
|
||||
local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
|
||||
$swift_tenant_test4 "test4@example.com" $swift_domain)
|
||||
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
|
||||
get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
|
||||
}
|
||||
|
||||
# init_swift() - Initialize rings
|
||||
|
Loading…
Reference in New Issue
Block a user