Merge "Use keystone v3 API for projects"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
474172490f
@ -740,18 +740,15 @@ function get_or_create_user {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# Gets or creates project
|
# Gets or creates project
|
||||||
# Usage: get_or_create_project <name> [<domain>]
|
# Usage: get_or_create_project <name> <domain>
|
||||||
function get_or_create_project {
|
function get_or_create_project {
|
||||||
# Gets project id
|
|
||||||
local os_cmd="openstack"
|
|
||||||
local domain=""
|
|
||||||
if [[ ! -z "$2" ]]; then
|
|
||||||
domain="--domain=$2"
|
|
||||||
os_cmd="$os_cmd --os-url=$KEYSTONE_SERVICE_URI_V3 --os-identity-api-version=3"
|
|
||||||
fi
|
|
||||||
local project_id=$(
|
local project_id=$(
|
||||||
# Creates new project with --or-show
|
# Creates new project with --or-show
|
||||||
$os_cmd project create $1 $domain --or-show -f value -c id
|
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
||||||
|
--os-identity-api-version=3 \
|
||||||
|
project create $1 \
|
||||||
|
--domain=$2 \
|
||||||
|
--or-show -f value -c id
|
||||||
)
|
)
|
||||||
echo $project_id
|
echo $project_id
|
||||||
}
|
}
|
||||||
|
|||||||
@ -366,7 +366,7 @@ function configure_ironic_conductor {
|
|||||||
fi
|
fi
|
||||||
iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
|
iniset $IRONIC_CONF_FILE glance swift_endpoint_url http://${HOST_IP}:${SWIFT_DEFAULT_BIND_PORT:-8080}
|
||||||
iniset $IRONIC_CONF_FILE glance swift_api_version v1
|
iniset $IRONIC_CONF_FILE glance swift_api_version v1
|
||||||
local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME)
|
local tenant_id=$(get_or_create_project $SERVICE_TENANT_NAME default)
|
||||||
iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
|
iniset $IRONIC_CONF_FILE glance swift_account AUTH_${tenant_id}
|
||||||
iniset $IRONIC_CONF_FILE glance swift_container glance
|
iniset $IRONIC_CONF_FILE glance swift_container glance
|
||||||
iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
|
iniset $IRONIC_CONF_FILE glance swift_temp_url_duration 3600
|
||||||
|
|||||||
@ -357,13 +357,13 @@ function configure_keystone_extensions {
|
|||||||
function create_keystone_accounts {
|
function create_keystone_accounts {
|
||||||
|
|
||||||
# admin
|
# admin
|
||||||
local admin_tenant=$(get_or_create_project "admin")
|
local admin_tenant=$(get_or_create_project "admin" default)
|
||||||
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
|
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
|
||||||
local admin_role=$(get_or_create_role "admin")
|
local admin_role=$(get_or_create_role "admin")
|
||||||
get_or_add_user_project_role $admin_role $admin_user $admin_tenant
|
get_or_add_user_project_role $admin_role $admin_user $admin_tenant
|
||||||
|
|
||||||
# Create service project/role
|
# Create service project/role
|
||||||
get_or_create_project "$SERVICE_TENANT_NAME"
|
get_or_create_project "$SERVICE_TENANT_NAME" default
|
||||||
|
|
||||||
# Service role, so service users do not have to be admins
|
# Service role, so service users do not have to be admins
|
||||||
get_or_create_role service
|
get_or_create_role service
|
||||||
@ -382,10 +382,10 @@ function create_keystone_accounts {
|
|||||||
local another_role=$(get_or_create_role "anotherrole")
|
local another_role=$(get_or_create_role "anotherrole")
|
||||||
|
|
||||||
# invisible tenant - admin can't see this one
|
# invisible tenant - admin can't see this one
|
||||||
local invis_tenant=$(get_or_create_project "invisible_to_admin")
|
local invis_tenant=$(get_or_create_project "invisible_to_admin" default)
|
||||||
|
|
||||||
# demo
|
# demo
|
||||||
local demo_tenant=$(get_or_create_project "demo")
|
local demo_tenant=$(get_or_create_project "demo" default)
|
||||||
local demo_user=$(get_or_create_user "demo" \
|
local demo_user=$(get_or_create_user "demo" \
|
||||||
"$ADMIN_PASSWORD" "demo@example.com")
|
"$ADMIN_PASSWORD" "demo@example.com")
|
||||||
|
|
||||||
|
|||||||
@ -616,7 +616,7 @@ function create_swift_accounts {
|
|||||||
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
|
"$SWIFT_SERVICE_PROTOCOL://$SERVICE_HOST:8080/v1/AUTH_\$(tenant_id)s"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local swift_tenant_test1=$(get_or_create_project swifttenanttest1)
|
local swift_tenant_test1=$(get_or_create_project swifttenanttest1 default)
|
||||||
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
|
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
|
||||||
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
|
SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
|
||||||
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
|
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
|
||||||
@ -626,7 +626,7 @@ function create_swift_accounts {
|
|||||||
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
|
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
|
||||||
get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
|
get_or_add_user_project_role $another_role $swift_user_test3 $swift_tenant_test1
|
||||||
|
|
||||||
local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
|
local swift_tenant_test2=$(get_or_create_project swifttenanttest2 default)
|
||||||
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
|
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
|
||||||
|
|
||||||
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
|
local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
|
||||||
|
|||||||
@ -550,7 +550,7 @@ function create_tempest_accounts {
|
|||||||
if is_service_enabled tempest; then
|
if is_service_enabled tempest; then
|
||||||
# Tempest has some tests that validate various authorization checks
|
# Tempest has some tests that validate various authorization checks
|
||||||
# between two regular users in separate tenants
|
# between two regular users in separate tenants
|
||||||
get_or_create_project alt_demo
|
get_or_create_project alt_demo default
|
||||||
get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
|
get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
|
||||||
get_or_add_user_project_role Member alt_demo alt_demo
|
get_or_add_user_project_role Member alt_demo alt_demo
|
||||||
fi
|
fi
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user