From c67d22e2ed0eb3fa0786f4314752ab7b26758ea3 Mon Sep 17 00:00:00 2001
From: Sean Dague <sean@dague.net>
Date: Tue, 2 Feb 2016 05:51:14 -0500
Subject: [PATCH] make the alt_demo user during normal install

For testing reasons it's typically very useful to have a second non
admin user to cross check that it can't do a thing to the first
user. It was useful enough we always created it with tempest (though
we didn't always use it).

This makes devstack always create an alt_demo user, which is available
in occ as devstack-alt. This will help us unwind some of the keystone
v3 breaks with functional tests using keystone cli to build this
second user.

Change-Id: Iaaf02469180563e2d8c413fee0ee66ada2296cfa
---
 extras.d/80-tempest.sh |  3 +--
 functions-common       | 15 +++++++++++++++
 lib/keystone           | 16 ++++++++++++++++
 lib/tempest            | 15 ---------------
 4 files changed, 32 insertions(+), 17 deletions(-)

diff --git a/extras.d/80-tempest.sh b/extras.d/80-tempest.sh
index 5e8da99a92..fcf79bd4d9 100644
--- a/extras.d/80-tempest.sh
+++ b/extras.d/80-tempest.sh
@@ -9,7 +9,7 @@ if is_service_enabled tempest; then
         install_tempest
     elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
         # Tempest config must come after layer 2 services are running
-        create_tempest_accounts
+        :
     elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
         echo_summary "Initializing Tempest"
         configure_tempest
@@ -28,4 +28,3 @@ if is_service_enabled tempest; then
         :
     fi
 fi
-
diff --git a/functions-common b/functions-common
index 12c925b0ff..2a08f5f112 100644
--- a/functions-common
+++ b/functions-common
@@ -86,6 +86,7 @@ function write_clouds_yaml {
     if [ -f "$SSL_BUNDLE_FILE" ]; then
         CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
     fi
+    # demo -> devstack
     $TOP_DIR/tools/update_clouds_yaml.py \
         --file $CLOUDS_YAML \
         --os-cloud devstack \
@@ -96,6 +97,20 @@ function write_clouds_yaml {
         --os-username demo \
         --os-password $ADMIN_PASSWORD \
         --os-project-name demo
+
+    # alt_demo -> devstack-alt
+    $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack \
+        --os-region-name $REGION_NAME \
+        --os-identity-api-version 3 \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_AUTH_URI \
+        --os-username alt_demo \
+        --os-password $ADMIN_PASSWORD \
+        --os-project-name alt_demo
+
+    # admin -> devstack-admin
     $TOP_DIR/tools/update_clouds_yaml.py \
         --file $CLOUDS_YAML \
         --os-cloud devstack-admin \
diff --git a/lib/keystone b/lib/keystone
index d60a4ba4c9..507ee555c2 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -327,6 +327,8 @@ function configure_keystone {
 # --                   --         Member
 # demo                 admin      admin
 # demo                 demo       Member, anotherrole
+# alt_demo             admin      admin
+# alt_demo             alt_demo   Member, anotherrole
 # invisible_to_admin   demo       Member
 
 # Group                Users      Roles                 Tenant
@@ -387,6 +389,18 @@ function create_keystone_accounts {
     get_or_add_user_project_role $another_role $demo_user $demo_tenant
     get_or_add_user_project_role $member_role $demo_user $invis_tenant
 
+    # alt_demo
+    local alt_demo_tenant
+    alt_demo_tenant=$(get_or_create_project "alt_demo" default)
+    local alt_demo_user
+    alt_demo_user=$(get_or_create_user "alt_demo" \
+        "$ADMIN_PASSWORD" "default" "alt_demo@example.com")
+
+    get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
+    get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
+    get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
+
+    # groups
     local admin_group
     admin_group=$(get_or_create_group "admins" \
         "default" "openstack admin group")
@@ -396,6 +410,8 @@ function create_keystone_accounts {
 
     get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
     get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
+    get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
     get_or_add_group_project_role $admin_role $admin_group $admin_tenant
 }
 
diff --git a/lib/tempest b/lib/tempest
index 5c771f9d47..add1b0e4c6 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -568,21 +568,6 @@ function configure_tempest {
     IFS=$ifs
 }
 
-# create_tempest_accounts() - Set up common required tempest accounts
-
-# Project              User         Roles
-# ------------------------------------------------------------------
-# alt_demo             alt_demo     Member
-
-function create_tempest_accounts {
-    if is_service_enabled tempest; then
-        # Tempest has some tests that validate various authorization checks
-        # between two regular users in separate tenants
-        get_or_create_project alt_demo default
-        get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
-        get_or_add_user_project_role Member alt_demo alt_demo
-    fi
-}
 
 # install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
 function install_tempest_lib {