From b297d2d0a8e1b38ffaebc4590bced3361df6fe89 Mon Sep 17 00:00:00 2001 From: Jay Pipes Date: Thu, 10 May 2012 11:21:22 -0400 Subject: [PATCH] Fixes LP #996571 - Alternate Tempest user Adds an alternate user to Keystone for Tempest Tempest has a number of tests that are skipped if the compute.alt_username is the same as compute.username or None. Here, we modify files/keystone_data.sh to add an additional regular user called alt_demo if Tempest is enabled in stackrc. We also make corresponding changes to the tools/configure_tempest.sh script to make use of this alternate user credential Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3 --- files/keystone_data.sh | 12 ++++++++++++ tools/configure_tempest.sh | 18 +++++++++--------- 2 files changed, 21 insertions(+), 9 deletions(-) diff --git a/files/keystone_data.sh b/files/keystone_data.sh index a49eb426ed..9e994fd11c 100755 --- a/files/keystone_data.sh +++ b/files/keystone_data.sh @@ -12,6 +12,8 @@ # demo admin admin # demo demo Member, anotherrole # invisible_to_admin demo Member +# Tempest Only: +# alt_demo alt_demo Member # # Variables set before calling this script: # SERVICE_TOKEN - aka admin_token in keystone.conf @@ -116,3 +118,13 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then --user $QUANTUM_USER \ --role $ADMIN_ROLE fi + +if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then + # Tempest has some tests that validate various authorization checks + # between two regular users in separate tenants + ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo) + ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \ + --pass="$ADMIN_PASSWORD" \ + --email=alt_demo@example.com) + keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT +fi diff --git a/tools/configure_tempest.sh b/tools/configure_tempest.sh index a84c42b592..2c069343b2 100755 --- a/tools/configure_tempest.sh +++ b/tools/configure_tempest.sh @@ -93,6 +93,10 @@ fi # copy every time, because the image UUIDS are going to change cp $TEMPEST_CONF.tpl $TEMPEST_CONF +ADMIN_USERNAME=${ADMIN_USERNAME:-admin} +ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} +ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin} + IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False} IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1} IDENTITY_PORT=${IDENTITY_PORT:-5000} @@ -107,22 +111,18 @@ IDENTITY_STRATEGY=${IDENTITY_STRATEGY:-keystone} # OS_USERNAME et all should be defined in openrc. OS_USERNAME=${OS_USERNAME:-demo} OS_TENANT_NAME=${OS_TENANT_NAME:-demo} -OS_PASSWORD=${OS_PASSWORD:-secrete} +OS_PASSWORD=${OS_PASSWORD:$ADMIN_PASSWORD} -# TODO(jaypipes): Support multiple regular user accounts instead -# of using the same regular user account for the alternate user... -ALT_USERNAME=$OS_USERNAME +# See files/keystone_data.sh where alt_demo user +# and tenant are set up... +ALT_USERNAME=${ALT_USERNAME:-alt_demo} +ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo} ALT_PASSWORD=$OS_PASSWORD -ALT_TENANT_NAME=$OS_TENANT_NAME # TODO(jaypipes): Support configurable flavor refs here... FLAVOR_REF=1 FLAVOR_REF_ALT=2 -ADMIN_USERNAME=${ADMIN_USERNAME:-admin} -ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete} -ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin} - # Do any of the following need to be configurable? COMPUTE_CATALOG_TYPE=compute COMPUTE_CREATE_IMAGE_ENABLED=True