From ae604985e78ae5e9763a348d132cb8e120b85c95 Mon Sep 17 00:00:00 2001
From: Anthony Young <sleepsonthefloor@gmail.com>
Date: Mon, 12 Mar 2012 17:12:00 -0700
Subject: [PATCH] Remove references to deprecated ec2 authorizor.

 * remove replace_pipeline
 * removes references to sysadmin and netadmin roles
 * removes references to admin ec2 api
 * fixes bug 953744
 * related fix in nova: https://review.openstack.org/#change,5024

Change-Id: I8792dae0157b8596a5f946670742411781fe47c0
---
 files/keystone_data.sh | 10 +++++-----
 stack.sh               |  9 ---------
 2 files changed, 5 insertions(+), 14 deletions(-)

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index e97ad73d42..319bae344c 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -10,7 +10,7 @@
 # service              quantum   admin        # if enabled
 # service              swift     admin        # if enabled
 # demo                 admin     admin
-# demo                 demo      Member,sysadmin,netadmin
+# demo                 demo      Member,anotherrole
 # invisible_to_admin   demo      Member
 #
 # Variables set before calling this script:
@@ -50,15 +50,15 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
-SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
-NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
+# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
+# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
+ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
 
 
 # Add Roles to Users in Tenants
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
 
 # TODO(termie): these two might be dubious
 keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
diff --git a/stack.sh b/stack.sh
index 83adc8dd0e..f6b5e9ebe1 100755
--- a/stack.sh
+++ b/stack.sh
@@ -906,15 +906,6 @@ if is_service_enabled n-api; then
         s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
         s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
     " -i $NOVA_CONF_DIR/api-paste.ini
-
-    # Finally, change the Nova pipelines to use Keystone
-    function replace_pipeline() {
-        sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_CONF_DIR/api-paste.ini
-    }
-    replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor"
-    replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"
-    replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_compute_app_v2"
-    replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_volume_app_v1"
 fi
 
 # Helper to clean iptables rules