Add swift user and project in non-default domain

Swift has functional tests that check access controls
between users and projects in differing domains. Those tests
are currently skipped by default since swift tests are
configured to use keystone v2 API. In order for those
tests to pass when using keystone v3 API, a user and
project must be setup in a non-default domain.

This patch creates a domain, and a user and project in
that domain, in support of swift functional tests moving
to using keystone v3 API.

Changes:
lib/swift
    - create a new domain, project and user for
      swift testing
    - add new project and user credentials to swift
      test config file
    - set correct identity service url in swift test
      config file according to kesytone API version

functions-common
    - add function get_or_create_domain
    - modify get_or_create_user and get_or_create_project
      functions to optionally specify a domain

Change-Id: I557de01bf196075f2f3adcdf4dd1b43756d8a0ae
This commit is contained in:
Alistair Coles 2014-10-15 18:57:59 +01:00
parent 572a4c4c3c
commit 24779f65a6
2 changed files with 65 additions and 12 deletions

View File

@ -790,38 +790,70 @@ function policy_add {
mv ${tmpfile} ${policy_file}
}
# Gets or creates a domain
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local os_url="$KEYSTONE_SERVICE_URI/v3"
# Gets domain id
local domain_id=$(
# Gets domain id
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 domain create $1 \
--description "$2" \
-f value -c id
)
echo $domain_id
}
# Gets or creates user
# Usage: get_or_create_user <username> <password> <project> [<email>]
# Usage: get_or_create_user <username> <password> <project> [<email> [<domain>]]
function get_or_create_user {
if [[ ! -z "$4" ]]; then
local email="--email=$4"
else
local email=""
fi
local os_cmd="openstack"
local domain=""
if [[ ! -z "$5" ]]; then
domain="--domain=$5"
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
fi
# Gets user id
local user_id=$(
# Gets user id
openstack user show $1 -f value -c id 2>/dev/null ||
$os_cmd user show $1 $domain -f value -c id 2>/dev/null ||
# Creates new user
openstack user create \
$os_cmd user create \
$1 \
--password "$2" \
--project $3 \
$email \
$domain \
-f value -c id
)
echo $user_id
}
# Gets or creates project
# Usage: get_or_create_project <name>
# Usage: get_or_create_project <name> [<domain>]
function get_or_create_project {
# Gets project id
local os_cmd="openstack"
local domain=""
if [[ ! -z "$2" ]]; then
domain="--domain=$2"
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
fi
local project_id=$(
# Gets project id
openstack project show $1 -f value -c id 2>/dev/null ||
$os_cmd project show $1 $domain -f value -c id 2>/dev/null ||
# Creates new project if not exists
openstack project create $1 -f value -c id
$os_cmd project create $1 $domain -f value -c id
)
echo $project_id
}

View File

@ -468,13 +468,22 @@ EOF
iniset ${testfile} func_test username3 swiftusertest3
iniset ${testfile} func_test account2 swifttenanttest2
iniset ${testfile} func_test username2 swiftusertest2
iniset ${testfile} func_test account4 swifttenanttest4
iniset ${testfile} func_test username4 swiftusertest4
iniset ${testfile} func_test password4 testing4
iniset ${testfile} func_test domain4 swift_test
if is_service_enabled key;then
iniuncomment ${testfile} func_test auth_version
local auth_vers=$(iniget ${testfile} func_test auth_version)
iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
if [[ $auth_vers == "3" ]]; then
iniset ${testfile} func_test auth_prefix /v3/
else
iniset ${testfile} func_test auth_prefix /v2.0/
fi
fi
local swift_log_dir=${SWIFT_DATA_DIR}/logs
rm -rf ${swift_log_dir}
@ -548,12 +557,13 @@ function create_swift_disk {
# since we want to make it compatible with tempauth which use
# underscores for separators.
# Tenant User Roles
# Tenant User Roles Domain
# ------------------------------------------------------------------
# service swift service
# swifttenanttest1 swiftusertest1 admin
# swifttenanttest1 swiftusertest3 anotherrole
# swifttenanttest2 swiftusertest2 admin
# service swift service default
# swifttenanttest1 swiftusertest1 admin default
# swifttenanttest1 swiftusertest3 anotherrole default
# swifttenanttest2 swiftusertest2 admin default
# swifttenanttest4 swiftusertest4 admin swift_test
function create_swift_accounts {
# Defines specific passwords used by tools/create_userrc.sh
@ -562,6 +572,7 @@ function create_swift_accounts {
export swiftusertest1_password=testing
export swiftusertest2_password=testing2
export swiftusertest3_password=testing3
export swiftusertest4_password=testing4
KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
@ -603,6 +614,16 @@ function create_swift_accounts {
"$swift_tenant_test2" "test2@example.com")
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
$swift_tenant_test4 "test4@example.com" $swift_domain)
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
}
# init_swift() - Initialize rings