Fixes LP #996571 - Alternate Tempest user
Adds an alternate user to Keystone for Tempest Tempest has a number of tests that are skipped if the compute.alt_username is the same as compute.username or None. Here, we modify files/keystone_data.sh to add an additional regular user called alt_demo if Tempest is enabled in stackrc. We also make corresponding changes to the tools/configure_tempest.sh script to make use of this alternate user credential Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3
This commit is contained in:
parent
33a19d4345
commit
b297d2d0a8
@ -12,6 +12,8 @@
|
|||||||
# demo admin admin
|
# demo admin admin
|
||||||
# demo demo Member, anotherrole
|
# demo demo Member, anotherrole
|
||||||
# invisible_to_admin demo Member
|
# invisible_to_admin demo Member
|
||||||
|
# Tempest Only:
|
||||||
|
# alt_demo alt_demo Member
|
||||||
#
|
#
|
||||||
# Variables set before calling this script:
|
# Variables set before calling this script:
|
||||||
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
# SERVICE_TOKEN - aka admin_token in keystone.conf
|
||||||
@ -116,3 +118,13 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
|
|||||||
--user $QUANTUM_USER \
|
--user $QUANTUM_USER \
|
||||||
--role $ADMIN_ROLE
|
--role $ADMIN_ROLE
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
|
||||||
|
# Tempest has some tests that validate various authorization checks
|
||||||
|
# between two regular users in separate tenants
|
||||||
|
ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo)
|
||||||
|
ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \
|
||||||
|
--pass="$ADMIN_PASSWORD" \
|
||||||
|
--email=alt_demo@example.com)
|
||||||
|
keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT
|
||||||
|
fi
|
||||||
|
@ -93,6 +93,10 @@ fi
|
|||||||
# copy every time, because the image UUIDS are going to change
|
# copy every time, because the image UUIDS are going to change
|
||||||
cp $TEMPEST_CONF.tpl $TEMPEST_CONF
|
cp $TEMPEST_CONF.tpl $TEMPEST_CONF
|
||||||
|
|
||||||
|
ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
||||||
|
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
||||||
|
ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
|
||||||
|
|
||||||
IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False}
|
IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False}
|
||||||
IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1}
|
IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1}
|
||||||
IDENTITY_PORT=${IDENTITY_PORT:-5000}
|
IDENTITY_PORT=${IDENTITY_PORT:-5000}
|
||||||
@ -107,22 +111,18 @@ IDENTITY_STRATEGY=${IDENTITY_STRATEGY:-keystone}
|
|||||||
# OS_USERNAME et all should be defined in openrc.
|
# OS_USERNAME et all should be defined in openrc.
|
||||||
OS_USERNAME=${OS_USERNAME:-demo}
|
OS_USERNAME=${OS_USERNAME:-demo}
|
||||||
OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
|
OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
|
||||||
OS_PASSWORD=${OS_PASSWORD:-secrete}
|
OS_PASSWORD=${OS_PASSWORD:$ADMIN_PASSWORD}
|
||||||
|
|
||||||
# TODO(jaypipes): Support multiple regular user accounts instead
|
# See files/keystone_data.sh where alt_demo user
|
||||||
# of using the same regular user account for the alternate user...
|
# and tenant are set up...
|
||||||
ALT_USERNAME=$OS_USERNAME
|
ALT_USERNAME=${ALT_USERNAME:-alt_demo}
|
||||||
|
ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
|
||||||
ALT_PASSWORD=$OS_PASSWORD
|
ALT_PASSWORD=$OS_PASSWORD
|
||||||
ALT_TENANT_NAME=$OS_TENANT_NAME
|
|
||||||
|
|
||||||
# TODO(jaypipes): Support configurable flavor refs here...
|
# TODO(jaypipes): Support configurable flavor refs here...
|
||||||
FLAVOR_REF=1
|
FLAVOR_REF=1
|
||||||
FLAVOR_REF_ALT=2
|
FLAVOR_REF_ALT=2
|
||||||
|
|
||||||
ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
|
|
||||||
ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
|
|
||||||
ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
|
|
||||||
|
|
||||||
# Do any of the following need to be configurable?
|
# Do any of the following need to be configurable?
|
||||||
COMPUTE_CATALOG_TYPE=compute
|
COMPUTE_CATALOG_TYPE=compute
|
||||||
COMPUTE_CREATE_IMAGE_ENABLED=True
|
COMPUTE_CREATE_IMAGE_ENABLED=True
|
||||||
|
Loading…
Reference in New Issue
Block a user