make the alt_demo user during normal install

For testing reasons it's typically very useful to have a second non
admin user to cross check that it can't do a thing to the first
user. It was useful enough we always created it with tempest (though
we didn't always use it).

This makes devstack always create an alt_demo user, which is available
in occ as devstack-alt. This will help us unwind some of the keystone
v3 breaks with functional tests using keystone cli to build this
second user.

Change-Id: Iaaf02469180563e2d8c413fee0ee66ada2296cfa
This commit is contained in:
Sean Dague 2016-02-02 05:51:14 -05:00
parent 3c92590101
commit c67d22e2ed
4 changed files with 32 additions and 17 deletions

View File

@ -9,7 +9,7 @@ if is_service_enabled tempest; then
install_tempest install_tempest
elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then elif [[ "$1" == "stack" && "$2" == "post-config" ]]; then
# Tempest config must come after layer 2 services are running # Tempest config must come after layer 2 services are running
create_tempest_accounts :
elif [[ "$1" == "stack" && "$2" == "extra" ]]; then elif [[ "$1" == "stack" && "$2" == "extra" ]]; then
echo_summary "Initializing Tempest" echo_summary "Initializing Tempest"
configure_tempest configure_tempest
@ -28,4 +28,3 @@ if is_service_enabled tempest; then
: :
fi fi
fi fi

View File

@ -86,6 +86,7 @@ function write_clouds_yaml {
if [ -f "$SSL_BUNDLE_FILE" ]; then if [ -f "$SSL_BUNDLE_FILE" ]; then
CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE" CA_CERT_ARG="--os-cacert $SSL_BUNDLE_FILE"
fi fi
# demo -> devstack
$TOP_DIR/tools/update_clouds_yaml.py \ $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \ --file $CLOUDS_YAML \
--os-cloud devstack \ --os-cloud devstack \
@ -96,6 +97,20 @@ function write_clouds_yaml {
--os-username demo \ --os-username demo \
--os-password $ADMIN_PASSWORD \ --os-password $ADMIN_PASSWORD \
--os-project-name demo --os-project-name demo
# alt_demo -> devstack-alt
$TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack \
--os-region-name $REGION_NAME \
--os-identity-api-version 3 \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_AUTH_URI \
--os-username alt_demo \
--os-password $ADMIN_PASSWORD \
--os-project-name alt_demo
# admin -> devstack-admin
$TOP_DIR/tools/update_clouds_yaml.py \ $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \ --file $CLOUDS_YAML \
--os-cloud devstack-admin \ --os-cloud devstack-admin \

View File

@ -327,6 +327,8 @@ function configure_keystone {
# -- -- Member # -- -- Member
# demo admin admin # demo admin admin
# demo demo Member, anotherrole # demo demo Member, anotherrole
# alt_demo admin admin
# alt_demo alt_demo Member, anotherrole
# invisible_to_admin demo Member # invisible_to_admin demo Member
# Group Users Roles Tenant # Group Users Roles Tenant
@ -387,6 +389,18 @@ function create_keystone_accounts {
get_or_add_user_project_role $another_role $demo_user $demo_tenant get_or_add_user_project_role $another_role $demo_user $demo_tenant
get_or_add_user_project_role $member_role $demo_user $invis_tenant get_or_add_user_project_role $member_role $demo_user $invis_tenant
# alt_demo
local alt_demo_tenant
alt_demo_tenant=$(get_or_create_project "alt_demo" default)
local alt_demo_user
alt_demo_user=$(get_or_create_user "alt_demo" \
"$ADMIN_PASSWORD" "default" "alt_demo@example.com")
get_or_add_user_project_role $member_role $alt_demo_user $alt_demo_tenant
get_or_add_user_project_role $admin_role $admin_user $alt_demo_tenant
get_or_add_user_project_role $another_role $alt_demo_user $alt_demo_tenant
# groups
local admin_group local admin_group
admin_group=$(get_or_create_group "admins" \ admin_group=$(get_or_create_group "admins" \
"default" "openstack admin group") "default" "openstack admin group")
@ -396,6 +410,8 @@ function create_keystone_accounts {
get_or_add_group_project_role $member_role $non_admin_group $demo_tenant get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $demo_tenant get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
get_or_add_group_project_role $member_role $non_admin_group $alt_demo_tenant
get_or_add_group_project_role $another_role $non_admin_group $alt_demo_tenant
get_or_add_group_project_role $admin_role $admin_group $admin_tenant get_or_add_group_project_role $admin_role $admin_group $admin_tenant
} }

View File

@ -568,21 +568,6 @@ function configure_tempest {
IFS=$ifs IFS=$ifs
} }
# create_tempest_accounts() - Set up common required tempest accounts
# Project User Roles
# ------------------------------------------------------------------
# alt_demo alt_demo Member
function create_tempest_accounts {
if is_service_enabled tempest; then
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
get_or_create_project alt_demo default
get_or_create_user alt_demo "$ADMIN_PASSWORD" "default" "alt_demo@example.com"
get_or_add_user_project_role Member alt_demo alt_demo
fi
}
# install_tempest_lib() - Collect source, prepare, and install ``tempest-lib`` # install_tempest_lib() - Collect source, prepare, and install ``tempest-lib``
function install_tempest_lib { function install_tempest_lib {