Merge "Reduce service user permissions"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
ee2e53592b
@ -108,7 +108,7 @@ function create_ceilometer_accounts {
|
|||||||
# Ceilometer
|
# Ceilometer
|
||||||
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
|
||||||
|
|
||||||
create_service_user "ceilometer" "admin"
|
create_service_user "ceilometer"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
local ceilometer_service=$(get_or_create_service "ceilometer" \
|
local ceilometer_service=$(get_or_create_service "ceilometer" \
|
||||||
|
|||||||
@ -333,7 +333,7 @@ function create_cinder_accounts {
|
|||||||
# Cinder
|
# Cinder
|
||||||
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
|
||||||
|
|
||||||
create_service_user "cinder" "admin"
|
create_service_user "cinder"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|
||||||
|
|||||||
@ -362,7 +362,7 @@ function create_ironic_accounts {
|
|||||||
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
|
||||||
# Get ironic user if exists
|
# Get ironic user if exists
|
||||||
|
|
||||||
create_service_user "ironic" "admin"
|
create_service_user "ironic"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|
||||||
|
|||||||
2
lib/nova
2
lib/nova
@ -356,6 +356,8 @@ function create_nova_accounts {
|
|||||||
# Nova
|
# Nova
|
||||||
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
|
||||||
|
|
||||||
|
# NOTE(jamielennox): Nova doesn't need the admin role here, however neutron uses
|
||||||
|
# this service user when notifying nova of changes and that requires the admin role.
|
||||||
create_service_user "nova" "admin"
|
create_service_user "nova" "admin"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|||||||
@ -61,7 +61,7 @@ TEMPEST_SERVICES+=,sahara
|
|||||||
# service sahara admin
|
# service sahara admin
|
||||||
function create_sahara_accounts {
|
function create_sahara_accounts {
|
||||||
|
|
||||||
create_service_user "sahara" "admin"
|
create_service_user "sahara"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|
||||||
|
|||||||
@ -603,7 +603,7 @@ function create_swift_accounts {
|
|||||||
|
|
||||||
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
|
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
|
||||||
|
|
||||||
create_service_user "swift" "admin"
|
create_service_user "swift"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|
||||||
|
|||||||
@ -81,7 +81,7 @@ function setup_trove_logging {
|
|||||||
function create_trove_accounts {
|
function create_trove_accounts {
|
||||||
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
|
||||||
|
|
||||||
create_service_user "trove" "admin"
|
create_service_user "trove"
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user