openstack/devstack
Code Issues Proposed changes

Add roles when we create groups

Browse Source 
We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.

Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
This commit is contained in:
Steve Martinelli 2015-03-12 21:30:58 -04:00
parent 5e159edab3
commit 4599fd174c
2 changed files with 35 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
functions-common
View File

@ -728,6 +728,27 @@ function get_or_add_user_project_role {
echo $user_role_id echo $user_role_id
} }
# Gets or adds group role to project
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
# Gets group role id
local group_role_id=$(openstack role list \
--group $2 \
--project $3 \
--column "ID" \
--column "Name" \
| grep " $1 " | get_field 1)
if [[ -z "$group_role_id" ]]; then
# Adds role to group
group_role_id=$(openstack role add \
$1 \
--group $2 \
--project $3 \
| grep " id " | get_field 2)
fi
echo $group_role_id
}
# Gets or creates service # Gets or creates service
# Usage: get_or_create_service <name> <type> <description> # Usage: get_or_create_service <name> <type> <description>
function get_or_create_service { function get_or_create_service {

16
lib/keystone
View File

@ -362,6 +362,12 @@ function configure_keystone_extensions {
# demo demo Member, anotherrole # demo demo Member, anotherrole
# invisible_to_admin demo Member # invisible_to_admin demo Member
# Group Users Roles Tenant
# ------------------------------------------------------------------
# admins admin admin admin
# nonadmin demo Member, anotherrole demo
# Migrated from keystone_data.sh # Migrated from keystone_data.sh
function create_keystone_accounts { function create_keystone_accounts {
@ -403,8 +409,14 @@ function create_keystone_accounts {
get_or_add_user_project_role $another_role $demo_user $demo_tenant get_or_add_user_project_role $another_role $demo_user $demo_tenant
get_or_add_user_project_role $member_role $demo_user $invis_tenant get_or_add_user_project_role $member_role $demo_user $invis_tenant
get_or_create_group "developers" "default" "openstack developers" local admin_group=$(get_or_create_group "admins" \
get_or_create_group "testers" "default" "default" "openstack admin group")
local non_admin_group=$(get_or_create_group "nonadmins" \
"default" "non-admin group")
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
# Keystone # Keystone
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then