make the alt_demo user during normal install
For testing reasons it's typically very useful to have a second non admin user to cross check that it can't do a thing to the first user. It was useful enough we always created it with tempest (though we didn't always use it). This makes devstack always create an alt_demo user, which is available in occ as devstack-alt. This will help us unwind some of the keystone v3 breaks with functional tests using keystone cli to build this second user. Change-Id: Iaaf02469180563e2d8c413fee0ee66ada2296cfa
This commit is contained in:
parent
3c92590101
commit
c67d22e2ed
@ -9,7 +9,7 @@ if is_service_enabled tempest; then
|
|||||||
install_tempest
|
install_tempest
|
||||||
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
|
||||||
# Tempest config must come after layer 2 services are running
|
# Tempest config must come after layer 2 services are running
|
||||||
create_tempest_accounts
|
:
|
||||||
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
|
||||||
echo_summary "Initializing Tempest"
|
echo_summary "Initializing Tempest"
|
||||||
configure_tempest
|
configure_tempest
|
||||||
@ -28,4 +28,3 @@ if is_service_enabled tempest; then
|
|||||||
:
|
:
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -86,6 +86,7 @@ function write_clouds_yaml {
|
|||||||
if [ -f "$SSL_BUNDLE_FILE" ]; then
|
if [ -f "$SSL_BUNDLE_FILE" ]; then
|
||||||
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
|
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
|
||||||
fi
|
fi
|
||||||
|
# demo -> devstack
|
||||||
$TOP_DIR/tools/update_clouds_yaml.py \
|
$TOP_DIR/tools/update_clouds_yaml.py \
|
||||||
--file $CLOUDS_YAML \
|
--file $CLOUDS_YAML \
|
||||||
--os-cloud devstack \
|
--os-cloud devstack \
|
||||||
@ -96,6 +97,20 @@ function write_clouds_yaml {
|
|||||||
--os-username demo \
|
--os-username demo \
|
||||||
--os-password $ADMIN_PASSWORD \
|
--os-password $ADMIN_PASSWORD \
|
||||||
--os-project-name demo
|
--os-project-name demo
|
||||||
|
|
||||||
|
# alt_demo -> devstack-alt
|
||||||
|
$TOP_DIR/tools/update_clouds_yaml.py \
|
||||||
|
--file $CLOUDS_YAML \
|
||||||
|
--os-cloud devstack \
|
||||||
|
--os-region-name $REGION_NAME \
|
||||||
|
--os-identity-api-version 3 \
|
||||||
|
$CA_CERT_ARG \
|
||||||
|
--os-auth-url $KEYSTONE_AUTH_URI \
|
||||||
|
--os-username alt_demo \
|
||||||
|
--os-password $ADMIN_PASSWORD \
|
||||||
|
--os-project-name alt_demo
|
||||||
|
|
||||||
|
# admin -> devstack-admin
|
||||||
$TOP_DIR/tools/update_clouds_yaml.py \
|
$TOP_DIR/tools/update_clouds_yaml.py \
|
||||||
--file $CLOUDS_YAML \
|
--file $CLOUDS_YAML \
|
||||||
--os-cloud devstack-admin \
|
--os-cloud devstack-admin \
|
||||||
|
16
lib/keystone
16
lib/keystone
@ -327,6 +327,8 @@ function configure_keystone {
|
|||||||
# -- -- Member
|
# -- -- Member
|
||||||
# demo admin admin
|
# demo admin admin
|
||||||
# demo demo Member, anotherrole
|
# demo demo Member, anotherrole
|
||||||
|
# alt_demo admin admin
|
||||||
|
# alt_demo alt_demo Member, anotherrole
|
||||||
# invisible_to_admin demo Member
|
# invisible_to_admin demo Member
|
||||||
|
|
||||||
# Group Users Roles Tenant
|
# Group Users Roles Tenant
|
||||||
@ -387,6 +389,18 @@ function create_keystone_accounts {
|
|||||||
get_or_add_user_project_role $another_role $demo_user $demo_tenant
|
get_or_add_user_project_role $another_role $demo_user $demo_tenant
|
||||||
get_or_add_user_project_role $member_role $demo_user $invis_tenant
|
get_or_add_user_project_role $member_role $demo_user $invis_tenant
|
||||||
|
|
||||||
|
# alt_demo
|
||||||
|
local alt_demo_tenant
|
||||||
|
alt_demo_tenant=$(get_or_create_project "alt_demo" default)
|
||||||
|
local alt_demo_user
|
||||||
|
alt_demo_user=$(get_or_create_user "alt_demo" \
|
||||||
|
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
|
||||||
|
|
||||||
|
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
|
||||||
|
get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
|
||||||
|
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
|
||||||
|
|
||||||
|
# groups
|
||||||
local admin_group
|
local admin_group
|
||||||
admin_group=$(get_or_create_group "admins" \
|
admin_group=$(get_or_create_group "admins" \
|
||||||
"default" "openstack admin group")
|
"default" "openstack admin group")
|
||||||
@ -396,6 +410,8 @@ function create_keystone_accounts {
|
|||||||
|
|
||||||
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
|
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
|
||||||
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
|
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
|
||||||
|
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
|
||||||
|
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
|
||||||
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
|
get_or_add_group_project_role $admin_role $admin_group $admin_tenant
|
||||||
}
|
}
|
||||||
|
|
||||||
|
15
lib/tempest
15
lib/tempest
@ -568,21 +568,6 @@ function configure_tempest {
|
|||||||
IFS=$ifs
|
IFS=$ifs
|
||||||
}
|
}
|
||||||
|
|
||||||
# create_tempest_accounts() - Set up common required tempest accounts
|
|
||||||
|
|
||||||
# Project User Roles
|
|
||||||
# ------------------------------------------------------------------
|
|
||||||
# alt_demo alt_demo Member
|
|
||||||
|
|
||||||
function create_tempest_accounts {
|
|
||||||
if is_service_enabled tempest; then
|
|
||||||
# Tempest has some tests that validate various authorization checks
|
|
||||||
# between two regular users in separate tenants
|
|
||||||
get_or_create_project alt_demo default
|
|
||||||
get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
|
|
||||||
get_or_add_user_project_role Member alt_demo alt_demo
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
|
# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
|
||||||
function install_tempest_lib {
|
function install_tempest_lib {
|
||||||
|
Loading…
Reference in New Issue
Block a user