From e5cce5337e9cd57a9b1043aa8241675bc125d7a0 Mon Sep 17 00:00:00 2001 From: Goutham Pacha Ravi Date: Wed, 21 Sep 2022 08:03:14 -0700 Subject: [PATCH] [devstack][RBAC] Update bootstrap user We need an admin to setup share and group types and per recent changes [1], this needs to be a user with the "admin" role, operating with "project" scope and not "system" scope. Also remove a TODO in the code that was completed with a prior SRBAC patch. [1] https://review.opendev.org/c/openstack/manila/+/856394 Change-Id: I7bd2bca2bac6b892e7b8a07654d33a56d915e3bb Signed-off-by: Goutham Pacha Ravi --- devstack/plugin.sh | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/devstack/plugin.sh b/devstack/plugin.sh index 4010e83de6..c32271db1b 100755 --- a/devstack/plugin.sh +++ b/devstack/plugin.sh @@ -309,7 +309,7 @@ function configure_manila { if [[ "$MANILA_ENFORCE_SCOPE" == True ]] ; then iniset $MANILA_CONF oslo_policy enforce_scope true iniset $MANILA_CONF oslo_policy enforce_new_defaults true - OS_CLOUD="devstack-system-admin" + OS_CLOUD="devstack-admin" fi } @@ -517,13 +517,6 @@ function create_manila_accounts { # create_default_share_group_type - create share group type that will be set as default. function create_default_share_group_type { - # NOTE(gouthamr): manilaclient's shell doesn't support cloud profiles; - # OSC is the best approach here: https://review.opendev.org/805064, but, - # we need a temporary workaround to use legacy credentials while we wait - # for OSC support - # TODO(gouthamr): Remove workaround when we replace the commands below - # with OSC equivalents - local type_exists=$( openstack --os-cloud $OS_CLOUD share group type list | grep " $MANILA_DEFAULT_SHARE_GROUP_TYPE " ) if [[ -z $type_exists ]]; then openstack --os-cloud $OS_CLOUD share group type create $MANILA_DEFAULT_SHARE_GROUP_TYPE $MANILA_DEFAULT_SHARE_TYPE