From 24779f65a675f2e78c09b2520ebefcd52b4f0be0 Mon Sep 17 00:00:00 2001
From: Alistair Coles <alistair.coles@hp.com>
Date: Wed, 15 Oct 2014 18:57:59 +0100
Subject: [PATCH] Add swift user and project in non-default domain

Swift has functional tests that check access controls
between users and projects in differing domains. Those tests
are currently skipped by default since swift tests are
configured to use keystone v2 API. In order for those
tests to pass when using keystone v3 API, a user and
project must be setup in a non-default domain.

This patch creates a domain, and a user and project in
that domain, in support of swift functional tests moving
to using keystone v3 API.

Changes:
lib/swift
    - create a new domain, project and user for
      swift testing
    - add new project and user credentials to swift
      test config file
    - set correct identity service url in swift test
      config file according to kesytone API version

functions-common
    - add function get_or_create_domain
    - modify get_or_create_user and get_or_create_project
      functions to optionally specify a domain

Change-Id: I557de01bf196075f2f3adcdf4dd1b43756d8a0ae
---
 functions-common | 44 ++++++++++++++++++++++++++++++++++++++------
 lib/swift        | 33 +++++++++++++++++++++++++++------
 2 files changed, 65 insertions(+), 12 deletions(-)

diff --git a/functions-common b/functions-common
index 333f31da02..4b41bedbbd 100644
--- a/functions-common
+++ b/functions-common
@@ -790,38 +790,70 @@ function policy_add {
     mv ${tmpfile} ${policy_file}
 }
 
+# Gets or creates a domain
+# Usage: get_or_create_domain <name> <description>
+function get_or_create_domain {
+    local os_url="$KEYSTONE_SERVICE_URI/v3"
+    # Gets domain id
+    local domain_id=$(
+        # Gets domain id
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain show $1 \
+            -f value -c id 2>/dev/null ||
+        # Creates new domain
+        openstack --os-token=$OS_TOKEN --os-url=$os_url \
+            --os-identity-api-version=3 domain create $1 \
+            --description "$2" \
+            -f value -c id
+    )
+    echo $domain_id
+}
+
 # Gets or creates user
-# Usage: get_or_create_user <username> <password> <project> [<email>]
+# Usage: get_or_create_user <username> <password> <project> [<email> [<domain>]]
 function get_or_create_user {
     if [[ ! -z "$4" ]]; then
         local email="--email=$4"
     else
         local email=""
     fi
+    local os_cmd="openstack"
+    local domain=""
+    if [[ ! -z "$5" ]]; then
+        domain="--domain=$5"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+    fi
     # Gets user id
     local user_id=$(
         # Gets user id
-        openstack user show $1 -f value -c id 2>/dev/null ||
+        $os_cmd user show $1 $domain -f value -c id 2>/dev/null ||
         # Creates new user
-        openstack user create \
+        $os_cmd user create \
             $1 \
             --password "$2" \
             --project $3 \
             $email \
+            $domain \
             -f value -c id
     )
     echo $user_id
 }
 
 # Gets or creates project
-# Usage: get_or_create_project <name>
+# Usage: get_or_create_project <name> [<domain>]
 function get_or_create_project {
     # Gets project id
+    local os_cmd="openstack"
+    local domain=""
+    if [[ ! -z "$2" ]]; then
+        domain="--domain=$2"
+        os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI/v3 --os-identity-api-version=3"
+    fi
     local project_id=$(
         # Gets project id
-        openstack project show $1 -f value -c id 2>/dev/null ||
+        $os_cmd project show $1 $domain -f value -c id 2>/dev/null ||
         # Creates new project if not exists
-        openstack project create $1 -f value -c id
+        $os_cmd project create $1 $domain -f value -c id
     )
     echo $project_id
 }
diff --git a/lib/swift b/lib/swift
index 15bd2a9471..c8780ba322 100644
--- a/lib/swift
+++ b/lib/swift
@@ -468,12 +468,21 @@ EOF
     iniset ${testfile} func_test username3 swiftusertest3
     iniset ${testfile} func_test account2 swifttenanttest2
     iniset ${testfile} func_test username2 swiftusertest2
+    iniset ${testfile} func_test account4 swifttenanttest4
+    iniset ${testfile} func_test username4 swiftusertest4
+    iniset ${testfile} func_test password4 testing4
+    iniset ${testfile} func_test domain4 swift_test
 
     if is_service_enabled key;then
         iniuncomment ${testfile} func_test auth_version
+        local auth_vers=$(iniget ${testfile} func_test auth_version)
         iniset ${testfile} func_test auth_host ${KEYSTONE_SERVICE_HOST}
         iniset ${testfile} func_test auth_port ${KEYSTONE_AUTH_PORT}
-        iniset ${testfile} func_test auth_prefix /v2.0/
+        if [[ $auth_vers == "3" ]]; then
+            iniset ${testfile} func_test auth_prefix /v3/
+        else
+            iniset ${testfile} func_test auth_prefix /v2.0/
+        fi
     fi
 
     local swift_log_dir=${SWIFT_DATA_DIR}/logs
@@ -548,12 +557,13 @@ function create_swift_disk {
 # since we want to make it compatible with tempauth which use
 # underscores for separators.
 
-# Tenant               User       Roles
+# Tenant             User               Roles          Domain
 # ------------------------------------------------------------------
-# service            swift              service
-# swifttenanttest1   swiftusertest1     admin
-# swifttenanttest1   swiftusertest3     anotherrole
-# swifttenanttest2   swiftusertest2     admin
+# service            swift              service        default
+# swifttenanttest1   swiftusertest1     admin          default
+# swifttenanttest1   swiftusertest3     anotherrole    default
+# swifttenanttest2   swiftusertest2     admin          default
+# swifttenanttest4   swiftusertest4     admin          swift_test
 
 function create_swift_accounts {
     # Defines specific passwords used by tools/create_userrc.sh
@@ -562,6 +572,7 @@ function create_swift_accounts {
     export swiftusertest1_password=testing
     export swiftusertest2_password=testing2
     export swiftusertest3_password=testing3
+    export swiftusertest4_password=testing4
 
     KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 
@@ -603,6 +614,16 @@ function create_swift_accounts {
         "$swift_tenant_test2" "test2@example.com")
     die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
     get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
+
+    local swift_domain=$(get_or_create_domain swift_test 'Used for swift functional testing')
+    die_if_not_set $LINENO swift_domain "Failure creating swift_test domain"
+
+    local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
+    die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
+    local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
+        $swift_tenant_test4 "test4@example.com" $swift_domain)
+    die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
+    get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
 }
 
 # init_swift() - Initialize rings