openstack/devstack
Code Issues Proposed changes

Convert identity defaults to keystone v3 api

Browse Source 
At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.

Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
This commit is contained in:
Jamie Lennox 2015-05-29 08:36:40 +00:00
parent b1ea5eacbc
commit 4b115ad526
2 changed files with 12 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
functions-common
View File

@ -687,16 +687,13 @@ function policy_add {
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id
domain_id=$(
# Gets domain id
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 domain show $1 \
openstack domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 domain create $1 \
openstack domain create $1 \
--description "$2" \
-f value -c id
)
@ -707,13 +704,11 @@ function get_or_create_domain {
# Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group {
local desc="${3:-}"
local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id
# Gets group id
group_id=$(
# Creates new group with --or-show
openstack --os-token=$OS_TOKEN --os-url=$os_url \
--os-identity-api-version=3 group create $1 \
openstack group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@ -735,8 +730,6 @@ function get_or_create_user {
openstack user create \
$1 \
--password "$2" \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--domain=$3 \
$email \
--or-show \
@ -751,9 +744,7 @@ function get_or_create_project {
local project_id
project_id=$(
# Creates new project with --or-show
openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
project create $1 \
openstack project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@ -767,8 +758,6 @@ function get_or_create_role {
role_id=$(
# Creates role with --or-show
openstack role create $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--or-show -f value -c id
)
echo $role_id
@ -781,8 +770,6 @@ function get_or_add_user_project_role {
# Gets user role id
user_role_id=$(openstack role list \
--user $2 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--column "ID" \
--project $3 \
--column "Name" \
@ -793,8 +780,6 @@ function get_or_add_user_project_role {
$1 \
--user $2 \
--project $3 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
| grep " id " | get_field 2)
fi
echo $user_role_id
@ -806,21 +791,15 @@ function get_or_add_group_project_role {
local group_role_id
# Gets group role id
group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \
--project $3
group_role_id=$(openstack role list \
--os-url=$KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
@ -838,8 +817,6 @@ function get_or_create_service {
openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$2 \
--name $1 \
--description="$3" \
@ -858,8 +835,6 @@ function _get_or_create_endpoint_with_interface {
# gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
--service $1 \
--interface $2 \
--region $4 \
@ -867,8 +842,6 @@ function _get_or_create_endpoint_with_interface {
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
--os-url $KEYSTONE_SERVICE_URI_V3 \
--os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id)
fi

15
stack.sh
View File

@ -987,13 +987,15 @@ if is_service_enabled keystone; then
start_keystone
fi
export OS_IDENTITY_API_VERSION=3
# Set up a temporary admin URI for Keystone
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi
# Setup OpenStackClient token-endpoint auth
@ -1021,14 +1023,13 @@ if is_service_enabled keystone; then
# Begone token auth
unset OS_TOKEN OS_URL
# force set to use v2 identity authentication even with v3 commands
export OS_AUTH_TYPE=v2password
# Set up password auth credentials now that Keystone is bootstrapped
export OS_AUTH_URL=$SERVICE_ENDPOINT
export OS_TENANT_NAME=admin
export OS_AUTH_URL=$KEYSTONE_AUTH_URI
export OS_USERNAME=admin
export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME
fi