Merge "update create_heat_accounts, don't use os_url and os_token"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
227f20ceb2
@ -866,6 +866,32 @@ function get_or_add_user_project_role {
|
|||||||
echo $user_role_id
|
echo $user_role_id
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Gets or adds user role to domain
|
||||||
|
# Usage: get_or_add_user_domain_role <role> <user> <domain>
|
||||||
|
function get_or_add_user_domain_role {
|
||||||
|
local user_role_id
|
||||||
|
# Gets user role id
|
||||||
|
user_role_id=$(openstack role list \
|
||||||
|
--user $2 \
|
||||||
|
--column "ID" \
|
||||||
|
--domain $3 \
|
||||||
|
--column "Name" \
|
||||||
|
| grep " $1 " | get_field 1)
|
||||||
|
if [[ -z "$user_role_id" ]]; then
|
||||||
|
# Adds role to user and get it
|
||||||
|
openstack role add $1 \
|
||||||
|
--user $2 \
|
||||||
|
--domain $3
|
||||||
|
user_role_id=$(openstack role list \
|
||||||
|
--user $2 \
|
||||||
|
--column "ID" \
|
||||||
|
--domain $3 \
|
||||||
|
--column "Name" \
|
||||||
|
| grep " $1 " | get_field 1)
|
||||||
|
fi
|
||||||
|
echo $user_role_id
|
||||||
|
}
|
||||||
|
|
||||||
# Gets or adds group role to project
|
# Gets or adds group role to project
|
||||||
# Usage: get_or_add_group_project_role <role> <group> <project>
|
# Usage: get_or_add_group_project_role <role> <group> <project>
|
||||||
function get_or_add_group_project_role {
|
function get_or_add_group_project_role {
|
||||||
|
|||||||
29
lib/heat
29
lib/heat
@ -415,28 +415,13 @@ function create_heat_accounts {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
|
||||||
# Note we have to pass token/endpoint here because the current endpoint and
|
# domain -> heat and user -> heat_domain_admin
|
||||||
# version negotiation in OSC means just --os-identity-api-version=3 won't work
|
domain_id=$(get_or_create_domain heat 'Owns users and projects created by heat')
|
||||||
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
iniset $HEAT_CONF DEFAULT stack_user_domain_id ${domain_id}
|
||||||
--os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
|
get_or_create_user heat_domain_admin $SERVICE_PASSWORD heat
|
||||||
|
get_or_add_user_domain_role admin heat_domain_admin heat
|
||||||
if [[ -z "$D_ID" ]]; then
|
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
||||||
D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
||||||
--os-identity-api-version=3 domain create heat \
|
|
||||||
--description "Owns users and projects created by heat" \
|
|
||||||
| grep ' id ' | get_field 2)
|
|
||||||
iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID}
|
|
||||||
|
|
||||||
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
|
|
||||||
--domain $D_ID heat_domain_admin \
|
|
||||||
--description "Manages users and projects created by heat"
|
|
||||||
openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
|
|
||||||
--os-identity-api-version=3 role add \
|
|
||||||
--user heat_domain_admin --domain ${D_ID} admin
|
|
||||||
iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
|
|
||||||
iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user