make the alt_demo user during normal install

For testing reasons it's typically very useful to have a second non admin user to cross check that it can't do a thing to the first user. It was useful enough we always created it with tempest (though we didn't always use it). This makes devstack always create an alt_demo user, which is available in occ as devstack-alt. This will help us unwind some of the keystone v3 breaks with functional tests using keystone cli to build this second user. Change-Id: Iaaf02469180563e2d8c413fee0ee66ada2296cfa
2016-02-02 05:51:14 -05:00 · 2016-02-02 05:51:14 -05:00 · c67d22e2ed
commit c67d22e2ed
parent 3c92590101
4 changed files with 32 additions and 17 deletions
--- a/extras.d/80-tempest.sh
+++ b/extras.d/80-tempest.sh
@ -9,7 +9,7 @@ if is_service_enabled tempest; then
        install_tempest
    elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
        # Tempest config must come after layer 2 services are running
-        create_tempest_accounts
+        :
    elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
        echo_summary "Initializing Tempest"
        configure_tempest
@ -28,4 +28,3 @@ if is_service_enabled tempest; then
        :
    fi
 fi
-
--- a/15
+++ b/15
@ -86,6 +86,7 @@ function write_clouds_yaml {
    if [ -f "$SSL_BUNDLE_FILE" ]; then
        CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
    fi
+    # demo -> devstack
    $TOP_DIR/tools/update_clouds_yaml.py \
        --file $CLOUDS_YAML \
        --os-cloud devstack \
@ -96,6 +97,20 @@ function write_clouds_yaml {
        --os-username demo \
        --os-password $ADMIN_PASSWORD \
        --os-project-name demo
+
+    # alt_demo -> devstack-alt
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version 3 \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI \
+        --os-username alt_demo \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name alt_demo
+
+    # admin -> devstack-admin
    $TOP_DIR/tools/update_clouds_yaml.py \
        --file $CLOUDS_YAML \
        --os-cloud devstack-admin \
--- a/lib/keystone
+++ b/lib/keystone
@ -327,6 +327,8 @@ function configure_keystone {
 # --                   --         Member
 # demo                 admin      admin
 # demo                 demo       Member, anotherrole
+# alt_demo             admin      admin
+# alt_demo             alt_demo   Member, anotherrole
 # invisible_to_admin   demo       Member

 # Group                Users      Roles                 Tenant
@ -387,6 +389,18 @@ function create_keystone_accounts {
    get_or_add_user_project_role $another_role $demo_user $demo_tenant
    get_or_add_user_project_role $member_role $demo_user $invis_tenant

+    # alt_demo
+    local alt_demo_tenant
+    alt_demo_tenant=$(get_or_create_project "alt_demo" default)
+    local alt_demo_user
+    alt_demo_user=$(get_or_create_user "alt_demo" \
+        "$ADMIN_PASSWORD" "default" "alt_demo@example.com")
+
+    get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
+    get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
+    get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
+
+    # groups
    local admin_group
    admin_group=$(get_or_create_group "admins" \
        "default" "openstack admin group")
@ -396,6 +410,8 @@ function create_keystone_accounts {

    get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
    get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
+    get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
    get_or_add_group_project_role $admin_role $admin_group $admin_tenant
 }

--- a/lib/tempest
+++ b/lib/tempest
@ -568,21 +568,6 @@ function configure_tempest {
    IFS=$ifs
 }

-# create_tempest_accounts() - Set up common required tempest accounts
-
-# Project              User         Roles
-# ------------------------------------------------------------------
-# alt_demo             alt_demo     Member
-
-function create_tempest_accounts {
-    if is_service_enabled tempest; then
-        # Tempest has some tests that validate various authorization checks
-        # between two regular users in separate tenants
-        get_or_create_project alt_demo default
-        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
-        get_or_add_user_project_role Member alt_demo alt_demo
-    fi
-}

 # install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
 function install_tempest_lib {