Refactor ks-user HTK script

This change refactors the ks-user helm-toolkit script to reduce the number of calls to keystone for domains or projects that already exist. Also added in a case to check if the role is admin to avoid superfluous API calls. Change-Id: Ic4811e668ee1daed194bb4996baadc43aa742d3a
2020-02-19 16:28:28 -06:00 · 2020-02-19 16:28:28 -06:00 · 6300aa6d25
commit 6300aa6d25
parent 47df9fa6b4
1 changed files with 24 additions and 31 deletions
--- a/helm-toolkit/templates/scripts/_ks-user.sh.tpl
+++ b/helm-toolkit/templates/scripts/_ks-user.sh.tpl
@ -33,13 +33,25 @@ limitations under the License.

 set -ex

-# Manage project domain
-PROJECT_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
+if [[ "${SERVICE_OS_PROJECT_DOMAIN_NAME}" == "Default" ]]
+then
+  PROJECT_DOMAIN_ID="default"
+else
+  # Manage project domain
+  PROJECT_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
    --description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}" \
    "${SERVICE_OS_PROJECT_DOMAIN_NAME}")
+fi

-# Display project domain
-openstack domain show "${PROJECT_DOMAIN_ID}"
+if [[ "${SERVICE_OS_USER_DOMAIN_NAME}" == "Default" ]]
+then
+  USER_DOMAIN_ID="default"
+else
+  # Manage user domain
+  USER_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
+    --description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}" \
+    "${SERVICE_OS_USER_DOMAIN_NAME}")
+fi

 # Manage user project
 USER_PROJECT_DESC="Service Project for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_PROJECT_DOMAIN_NAME}"
@ -48,17 +60,6 @@ USER_PROJECT_ID=$(openstack project create --or-show --enable -f value -c id \
    --description="${USER_PROJECT_DESC}" \
    "${SERVICE_OS_PROJECT_NAME}");

-# Display project
-openstack project show "${USER_PROJECT_ID}"
-
-# Manage user domain
-USER_DOMAIN_ID=$(openstack domain create --or-show --enable -f value -c id \
-    --description="Domain for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}" \
-    "${SERVICE_OS_USER_DOMAIN_NAME}")
-
-# Display user domain
-openstack domain show "${USER_DOMAIN_ID}"
-
 # Manage user
 USER_DESC="Service User for ${SERVICE_OS_REGION_NAME}/${SERVICE_OS_USER_DOMAIN_NAME}/${SERVICE_OS_SERVICE_NAME}"
 USER_ID=$(openstack user create --or-show --enable -f value -c id \
@ -74,13 +75,13 @@ echo "Setting user password via: openstack user set --password=xxxxxxx ${USER_ID
 openstack user set --password="${SERVICE_OS_PASSWORD}" "${USER_ID}"
 set -x

-# Display user
-openstack user show "${USER_ID}"
-
 function ks_assign_user_role () {
-  # Get user role
-  USER_ROLE_ID=$(openstack role create --or-show -f value -c id \
-      "${SERVICE_OS_ROLE}");
+  if [[ "$SERVICE_OS_ROLE" == "admin" ]]
+  then
+    USER_ROLE_ID="$SERVICE_OS_ROLE"
+  else
+    USER_ROLE_ID=$(openstack role create --or-show -f value -c id "${SERVICE_OS_ROLE}");
+  fi

  # Manage user role assignment
  openstack role add \
@ -89,12 +90,6 @@ function ks_assign_user_role () {
      --project-domain="${PROJECT_DOMAIN_ID}" \
      --project="${USER_PROJECT_ID}" \
      "${USER_ROLE_ID}"
-
-  # Display user role assignment
-  openstack role assignment list \
-      --role="${USER_ROLE_ID}" \
-      --user-domain="${USER_DOMAIN_ID}" \
-      --user="${USER_ID}"
 }

 # Manage user service role
@ -103,9 +98,7 @@ for SERVICE_OS_ROLE in ${SERVICE_OS_ROLES}; do
  ks_assign_user_role
 done

-# Manage user member role
-: ${MEMBER_OS_ROLE:="member"}
-export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \
-    "${MEMBER_OS_ROLE}");
+# Manage member role for keystone pre-rocky
+SERVICE_OS_ROLE="member"
 ks_assign_user_role
 {{- end }}