Fixes LP #996571 - Alternate Tempest user

Adds an alternate user to Keystone for Tempest Tempest has a number of tests that are skipped if the compute.alt_username is the same as compute.username or None. Here, we modify files/keystone_data.sh to add an additional regular user called alt_demo if Tempest is enabled in stackrc. We also make corresponding changes to the tools/configure_tempest.sh script to make use of this alternate user credential Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3
2012-05-10 11:21:22 -04:00 · 2012-05-10 11:21:22 -04:00 · b297d2d0a8
commit b297d2d0a8
parent 33a19d4345
2 changed files with 21 additions and 9 deletions
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@ -12,6 +12,8 @@
 # demo                 admin     admin
 # demo                 demo      Member, anotherrole
 # invisible_to_admin   demo      Member
+# Tempest Only:
+# alt_demo             alt_demo  Member
 #
 # Variables set before calling this script:
 # SERVICE_TOKEN - aka admin_token in keystone.conf
@ -116,3 +118,13 @@ if [[ "$ENABLED_SERVICES" =~ "quantum" ]]; then
                           --user $QUANTUM_USER \
                           --role $ADMIN_ROLE
 fi
+
+if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
+    # Tempest has some tests that validate various authorization checks
+    # between two regular users in separate tenants
+    ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo)
+    ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \
+                                        --pass="$ADMIN_PASSWORD" \
+                                        --email=alt_demo@example.com)
+    keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT
+fi
--- a/tools/configure_tempest.sh
+++ b/tools/configure_tempest.sh
@ -93,6 +93,10 @@ fi
 # copy every time, because the image UUIDS are going to change
 cp $TEMPEST_CONF.tpl $TEMPEST_CONF

+ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
+
 IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False}
 IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1}
 IDENTITY_PORT=${IDENTITY_PORT:-5000}
@ -107,22 +111,18 @@ IDENTITY_STRATEGY=${IDENTITY_STRATEGY:-keystone}
 # OS_USERNAME et all should be defined in openrc.
 OS_USERNAME=${OS_USERNAME:-demo}
 OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
-OS_PASSWORD=${OS_PASSWORD:-secrete}
+OS_PASSWORD=${OS_PASSWORD:$ADMIN_PASSWORD}

-# TODO(jaypipes): Support multiple regular user accounts instead
-# of using the same regular user account for the alternate user...
-ALT_USERNAME=$OS_USERNAME
+# See files/keystone_data.sh where alt_demo user
+# and tenant are set up...
+ALT_USERNAME=${ALT_USERNAME:-alt_demo}
+ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
 ALT_PASSWORD=$OS_PASSWORD
-ALT_TENANT_NAME=$OS_TENANT_NAME

 # TODO(jaypipes): Support configurable flavor refs here...
 FLAVOR_REF=1
 FLAVOR_REF_ALT=2

-ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
-ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
-
 # Do any of the following need to be configurable?
 COMPUTE_CATALOG_TYPE=compute
 COMPUTE_CREATE_IMAGE_ENABLED=True