From 5fde4ea84f6b5c68bf6c9c01772d0623621bea8d Mon Sep 17 00:00:00 2001 From: Adam Harwell Date: Thu, 3 Sep 2015 22:04:51 -0700 Subject: [PATCH] Fix devstack gate (and new gate_hook.sh) Change-Id: I95219c75b59fc4d49874fb228bba1ae131495159 --- contrib/devstack/lib/barbican | 205 +++++++++++++++++---------------- devstack/gate_hook.sh | 2 +- devstack/lib/barbican | 206 +++++++++++++++++----------------- 3 files changed, 205 insertions(+), 208 deletions(-) diff --git a/contrib/devstack/lib/barbican b/contrib/devstack/lib/barbican index d2f227d4..d2db8a01 100755 --- a/contrib/devstack/lib/barbican +++ b/contrib/devstack/lib/barbican @@ -234,147 +234,146 @@ function create_barbican_accounts { # # Setup Default Admin User # - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - BARBICAN_USER=$(keystone user-create --name=barbican \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=barbican@example.com \ - | grep " id " | get_field 2) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $BARBICAN_USER \ - --role-id $ADMIN_ROLE + BARBICAN_USER=$(openstack user create \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email "barbican@example.com" \ + barbican \ + | grep " id " | get_field 2) + openstack role add --project $SERVICE_TENANT \ + --user $BARBICAN_USER \ + $ADMIN_ROLE # # Setup Default service-admin User # - SERVICE_ADMIN=$(get_id keystone user-create \ - --name="service-admin" \ - --pass="$SERVICE_PASSWORD" \ - --email="service-admin@example.com") - SERVICE_ADMIN_ROLE=$(get_id keystone role-create \ - --name="key-manager:service-admin") - keystone user-role-add \ - --tenant_id="$SERVICE_TENANT" \ - --user_id="$SERVICE_ADMIN" \ - --role_id="$SERVICE_ADMIN_ROLE" + SERVICE_ADMIN=$(get_id openstack user create \ + --password "$SERVICE_PASSWORD" \ + --email "service-admin@example.com" \ + "service-admin") + SERVICE_ADMIN_ROLE=$(get_id openstack role create \ + "key-manager:service-admin") + openstack role add \ + --user "$SERVICE_ADMIN" \ + --project "$SERVICE_TENANT" \ + "$SERVICE_ADMIN_ROLE" # # Setup RBAC User Projects and Roles # PASSWORD="barbican" - PROJECT_A_ID=$(get_id keystone tenant-create \ - --name="project_a") - PROJECT_B_ID=$(get_id keystone tenant-create \ - --name="project_b") - ROLE_ADMIN_ID=$(get_id keystone role-get admin) - ROLE_CREATOR_ID=$(get_id keystone role-create \ - --name="creator") - ROLE_OBSERVER_ID=$(get_id keystone role-create \ - --name="observer") - ROLE_AUDIT_ID=$(get_id keystone role-create \ - --name="audit") + PROJECT_A_ID=$(get_id openstack project create "project_a") + PROJECT_B_ID=$(get_id openstack project create "project_b") + ROLE_ADMIN_ID=$(get_id openstack role show admin) + ROLE_CREATOR_ID=$(get_id openstack role create "creator") + ROLE_OBSERVER_ID=$(get_id openstack role create "observer") + ROLE_AUDIT_ID=$(get_id openstack role create "audit") # # Setup RBAC Admin of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_admin" \ - --pass="$PASSWORD" \ - --email="admin_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_ADMIN_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "admin_a@example.net" \ + "project_a_admin") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_ADMIN_ID" # # Setup RBAC Creator of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_creator" \ - --pass="$PASSWORD" \ - --email="creator_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_CREATOR_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "creator_a@example.net" \ + "project_a_creator") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_CREATOR_ID" # # Setup RBAC Observer of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_observer" \ - --pass="$PASSWORD" \ - --email="observer_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_OBSERVER_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "observer_a@example.net" \ + "project_a_observer") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_OBSERVER_ID" # # Setup RBAC Auditor of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_auditor" \ - --pass="$PASSWORD" \ - --email="auditor_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_AUDIT_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "auditor_a@example.net" \ + "project_a_auditor") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_AUDIT_ID" # # Setup RBAC Admin of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_admin" \ - --pass="$PASSWORD" \ - --email="admin_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_ADMIN_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "admin_b@example.net" \ + "project_b_admin") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_ADMIN_ID" # # Setup RBAC Creator of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_creator" \ - --pass="$PASSWORD" \ - --email="creator_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_CREATOR_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "creator_b@example.net" \ + "project_b_creator") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_CREATOR_ID" # # Setup RBAC Observer of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_observer" \ - --pass="$PASSWORD" \ - --email="observer_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_OBSERVER_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "observer_b@example.net" \ + "project_b_observer") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_OBSERVER_ID" # # Setup RBAC auditor of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_auditor" \ - --pass="$PASSWORD" \ - --email="auditor_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_AUDIT_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "auditor_b@example.net" \ + "project_b_auditor") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_AUDIT_ID" # # Setup Admin Endpoint # if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - BARBICAN_SERVICE=$(keystone service-create \ - --name=barbican \ - --type='key-manager' \ - --description="Barbican Service" \ + BARBICAN_SERVICE=$(openstack service create \ + --name barbican \ + --description "Barbican Service" \ + 'key-manager' \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ --region RegionOne \ - --service_id $BARBICAN_SERVICE \ - --publicurl "http://$SERVICE_HOST:9311" \ - --internalurl "http://$SERVICE_HOST:9311" + $BARBICAN_SERVICE \ + public "http://$SERVICE_HOST:9311" + openstack endpoint create \ + --region RegionOne \ + $BARBICAN_SERVICE \ + internal "http://$SERVICE_HOST:9311" fi } diff --git a/devstack/gate_hook.sh b/devstack/gate_hook.sh index fcf5b56c..99e9b52f 100755 --- a/devstack/gate_hook.sh +++ b/devstack/gate_hook.sh @@ -15,6 +15,6 @@ set -ex # Install barbican devstack integration -export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://review.openstack.org/openstack/barbican refs/changes/85/167885/25" +export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://git.openstack.org/openstack/barbican" $BASE/new/devstack-gate/devstack-vm-gate.sh diff --git a/devstack/lib/barbican b/devstack/lib/barbican index 6fcc25c2..0f58edce 100644 --- a/devstack/lib/barbican +++ b/devstack/lib/barbican @@ -208,147 +208,146 @@ function create_barbican_accounts { # # Setup Default Admin User # - SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") - ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") + SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") + ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }") - BARBICAN_USER=$(keystone user-create --name=barbican \ - --pass="$SERVICE_PASSWORD" \ - --tenant-id $SERVICE_TENANT \ - --email=barbican@example.com \ - | grep " id " | get_field 2) - keystone user-role-add --tenant-id $SERVICE_TENANT \ - --user-id $BARBICAN_USER \ - --role-id $ADMIN_ROLE + BARBICAN_USER=$(openstack user create \ + --password "$SERVICE_PASSWORD" \ + --project $SERVICE_TENANT \ + --email "barbican@example.com" \ + barbican \ + | grep " id " | get_field 2) + openstack role add --project $SERVICE_TENANT \ + --user $BARBICAN_USER \ + $ADMIN_ROLE # # Setup Default service-admin User # - SERVICE_ADMIN=$(get_id keystone user-create \ - --name="service-admin" \ - --pass="$SERVICE_PASSWORD" \ - --email="service-admin@example.com") - SERVICE_ADMIN_ROLE=$(get_id keystone role-create \ - --name="key-manager:service-admin") - keystone user-role-add \ - --tenant_id="$SERVICE_TENANT" \ - --user_id="$SERVICE_ADMIN" \ - --role_id="$SERVICE_ADMIN_ROLE" + SERVICE_ADMIN=$(get_id openstack user create \ + --password "$SERVICE_PASSWORD" \ + --email "service-admin@example.com" \ + "service-admin") + SERVICE_ADMIN_ROLE=$(get_id openstack role create \ + "key-manager:service-admin") + openstack role add \ + --user "$SERVICE_ADMIN" \ + --project "$SERVICE_TENANT" \ + "$SERVICE_ADMIN_ROLE" # # Setup RBAC User Projects and Roles # PASSWORD="barbican" - PROJECT_A_ID=$(get_id keystone tenant-create \ - --name="project_a") - PROJECT_B_ID=$(get_id keystone tenant-create \ - --name="project_b") - ROLE_ADMIN_ID=$(get_id keystone role-get admin) - ROLE_CREATOR_ID=$(get_id keystone role-create \ - --name="creator") - ROLE_OBSERVER_ID=$(get_id keystone role-create \ - --name="observer") - ROLE_AUDIT_ID=$(get_id keystone role-create \ - --name="audit") + PROJECT_A_ID=$(get_id openstack project create "project_a") + PROJECT_B_ID=$(get_id openstack project create "project_b") + ROLE_ADMIN_ID=$(get_id openstack role show admin) + ROLE_CREATOR_ID=$(get_id openstack role create "creator") + ROLE_OBSERVER_ID=$(get_id openstack role create "observer") + ROLE_AUDIT_ID=$(get_id openstack role create "audit") # # Setup RBAC Admin of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_admin" \ - --pass="$PASSWORD" \ - --email="admin_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_ADMIN_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "admin_a@example.net" \ + "project_a_admin") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_ADMIN_ID" # # Setup RBAC Creator of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_creator" \ - --pass="$PASSWORD" \ - --email="creator_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_CREATOR_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "creator_a@example.net" \ + "project_a_creator") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_CREATOR_ID" # # Setup RBAC Observer of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_observer" \ - --pass="$PASSWORD" \ - --email="observer_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_OBSERVER_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "observer_a@example.net" \ + "project_a_observer") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_OBSERVER_ID" # # Setup RBAC Auditor of Project A # - USER_ID=$(get_id keystone user-create \ - --name="project_a_auditor" \ - --pass="$PASSWORD" \ - --email="auditor_a@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_AUDIT_ID" \ - --tenant-id="$PROJECT_A_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "auditor_a@example.net" \ + "project_a_auditor") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_A_ID" \ + "$ROLE_AUDIT_ID" # # Setup RBAC Admin of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_admin" \ - --pass="$PASSWORD" \ - --email="admin_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_ADMIN_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "admin_b@example.net" \ + "project_b_admin") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_ADMIN_ID" # # Setup RBAC Creator of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_creator" \ - --pass="$PASSWORD" \ - --email="creator_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_CREATOR_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "creator_b@example.net" \ + "project_b_creator") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_CREATOR_ID" # # Setup RBAC Observer of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_observer" \ - --pass="$PASSWORD" \ - --email="observer_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_OBSERVER_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "observer_b@example.net" \ + "project_b_observer") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_OBSERVER_ID" # # Setup RBAC auditor of Project B # - USER_ID=$(get_id keystone user-create \ - --name="project_b_auditor" \ - --pass="$PASSWORD" \ - --email="auditor_b@example.net") - keystone user-role-add \ - --user="$USER_ID" \ - --role="$ROLE_AUDIT_ID" \ - --tenant-id="$PROJECT_B_ID" + USER_ID=$(get_id openstack user create \ + --password "$PASSWORD" \ + --email "auditor_b@example.net" \ + "project_b_auditor") + openstack role add \ + --user "$USER_ID" \ + --project "$PROJECT_B_ID" \ + "$ROLE_AUDIT_ID" # # Setup Admin Endpoint # if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then - BARBICAN_SERVICE=$(keystone service-create \ - --name=barbican \ - --type='key-manager' \ - --description="Barbican Service" \ + BARBICAN_SERVICE=$(openstack service create \ + --name barbican \ + --description "Barbican Service" \ + 'key-manager' \ | grep " id " | get_field 2) - keystone endpoint-create \ + openstack endpoint create \ --region RegionOne \ - --service_id $BARBICAN_SERVICE \ - --publicurl "http://$SERVICE_HOST:9311" \ - --internalurl "http://$SERVICE_HOST:9311" + $BARBICAN_SERVICE \ + public "http://$SERVICE_HOST:9311" + openstack endpoint create \ + --region RegionOne \ + $BARBICAN_SERVICE \ + internal "http://$SERVICE_HOST:9311" fi } @@ -491,4 +490,3 @@ function install_dogtag_components { # Restore xtrace $XTRACE -