openstack/barbican
Code Issues Proposed changes

Fix devstack gate (and new gate_hook.sh)

Browse Source 
Change-Id: I95219c75b59fc4d49874fb228bba1ae131495159
This commit is contained in:
Adam Harwell 2015-09-03 22:04:51 -07:00
parent b30fd9cdf4
commit 5fde4ea84f
3 changed files with 205 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
contrib/devstack/lib/barbican
View File

@ -234,147 +234,146 @@ function create_barbican_accounts {
#
# Setup Default Admin User
#
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
BARBICAN_USER=$(keystone user-create --name=barbican \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=barbican@example.com \
| grep " id " | get_field 2)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $BARBICAN_USER \
--role-id $ADMIN_ROLE
BARBICAN_USER=$(openstack user create \
--password "$SERVICE_PASSWORD" \
--project $SERVICE_TENANT \
--email "barbican@example.com" \
barbican \
| grep " id " | get_field 2)
openstack role add --project $SERVICE_TENANT \
--user $BARBICAN_USER \
$ADMIN_ROLE
#
# Setup Default service-admin User
#
SERVICE_ADMIN=$(get_id keystone user-create \
--name="service-admin" \
--pass="$SERVICE_PASSWORD" \
--email="service-admin@example.com")
SERVICE_ADMIN_ROLE=$(get_id keystone role-create \
--name="key-manager:service-admin")
keystone user-role-add \
--tenant_id="$SERVICE_TENANT" \
--user_id="$SERVICE_ADMIN" \
--role_id="$SERVICE_ADMIN_ROLE"
SERVICE_ADMIN=$(get_id openstack user create \
--password "$SERVICE_PASSWORD" \
--email "service-admin@example.com" \
"service-admin")
SERVICE_ADMIN_ROLE=$(get_id openstack role create \
"key-manager:service-admin")
openstack role add \
--user "$SERVICE_ADMIN" \
--project "$SERVICE_TENANT" \
"$SERVICE_ADMIN_ROLE"
#
# Setup RBAC User Projects and Roles
#
PASSWORD="barbican"
PROJECT_A_ID=$(get_id keystone tenant-create \
--name="project_a")
PROJECT_B_ID=$(get_id keystone tenant-create \
--name="project_b")
ROLE_ADMIN_ID=$(get_id keystone role-get admin)
ROLE_CREATOR_ID=$(get_id keystone role-create \
--name="creator")
ROLE_OBSERVER_ID=$(get_id keystone role-create \
--name="observer")
ROLE_AUDIT_ID=$(get_id keystone role-create \
--name="audit")
PROJECT_A_ID=$(get_id openstack project create "project_a")
PROJECT_B_ID=$(get_id openstack project create "project_b")
ROLE_ADMIN_ID=$(get_id openstack role show admin)
ROLE_CREATOR_ID=$(get_id openstack role create "creator")
ROLE_OBSERVER_ID=$(get_id openstack role create "observer")
ROLE_AUDIT_ID=$(get_id openstack role create "audit")
#
# Setup RBAC Admin of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_admin" \
--pass="$PASSWORD" \
--email="admin_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_ADMIN_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "admin_a@example.net" \
"project_a_admin")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_ADMIN_ID"
#
# Setup RBAC Creator of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_creator" \
--pass="$PASSWORD" \
--email="creator_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_CREATOR_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "creator_a@example.net" \
"project_a_creator")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_CREATOR_ID"
#
# Setup RBAC Observer of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_observer" \
--pass="$PASSWORD" \
--email="observer_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_OBSERVER_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "observer_a@example.net" \
"project_a_observer")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_OBSERVER_ID"
#
# Setup RBAC Auditor of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_auditor" \
--pass="$PASSWORD" \
--email="auditor_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_AUDIT_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "auditor_a@example.net" \
"project_a_auditor")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_AUDIT_ID"
#
# Setup RBAC Admin of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_admin" \
--pass="$PASSWORD" \
--email="admin_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_ADMIN_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "admin_b@example.net" \
"project_b_admin")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_ADMIN_ID"
#
# Setup RBAC Creator of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_creator" \
--pass="$PASSWORD" \
--email="creator_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_CREATOR_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "creator_b@example.net" \
"project_b_creator")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_CREATOR_ID"
#
# Setup RBAC Observer of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_observer" \
--pass="$PASSWORD" \
--email="observer_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_OBSERVER_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "observer_b@example.net" \
"project_b_observer")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_OBSERVER_ID"
#
# Setup RBAC auditor of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_auditor" \
--pass="$PASSWORD" \
--email="auditor_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_AUDIT_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "auditor_b@example.net" \
"project_b_auditor")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_AUDIT_ID"
#
# Setup Admin Endpoint
#
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
BARBICAN_SERVICE=$(keystone service-create \
--name=barbican \
--type='key-manager' \
--description="Barbican Service" \
BARBICAN_SERVICE=$(openstack service create \
--name barbican \
--description "Barbican Service" \
'key-manager' \
| grep " id " | get_field 2)
keystone endpoint-create \
openstack endpoint create \
--region RegionOne \
--service_id $BARBICAN_SERVICE \
--publicurl "http://$SERVICE_HOST:9311" \
--internalurl "http://$SERVICE_HOST:9311"
$BARBICAN_SERVICE \
public "http://$SERVICE_HOST:9311"
openstack endpoint create \
--region RegionOne \
$BARBICAN_SERVICE \
internal "http://$SERVICE_HOST:9311"
fi
}

2
devstack/gate_hook.sh
View File

@ -15,6 +15,6 @@
set -ex
# Install barbican devstack integration
export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://review.openstack.org/openstack/barbican refs/changes/85/167885/25"
export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://git.openstack.org/openstack/barbican"
$BASE/new/devstack-gate/devstack-vm-gate.sh

206
devstack/lib/barbican
View File

@ -208,147 +208,146 @@ function create_barbican_accounts {
#
# Setup Default Admin User
#
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
BARBICAN_USER=$(keystone user-create --name=barbican \
--pass="$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \
--email=barbican@example.com \
| grep " id " | get_field 2)
keystone user-role-add --tenant-id $SERVICE_TENANT \
--user-id $BARBICAN_USER \
--role-id $ADMIN_ROLE
BARBICAN_USER=$(openstack user create \
--password "$SERVICE_PASSWORD" \
--project $SERVICE_TENANT \
--email "barbican@example.com" \
barbican \
| grep " id " | get_field 2)
openstack role add --project $SERVICE_TENANT \
--user $BARBICAN_USER \
$ADMIN_ROLE
#
# Setup Default service-admin User
#
SERVICE_ADMIN=$(get_id keystone user-create \
--name="service-admin" \
--pass="$SERVICE_PASSWORD" \
--email="service-admin@example.com")
SERVICE_ADMIN_ROLE=$(get_id keystone role-create \
--name="key-manager:service-admin")
keystone user-role-add \
--tenant_id="$SERVICE_TENANT" \
--user_id="$SERVICE_ADMIN" \
--role_id="$SERVICE_ADMIN_ROLE"
SERVICE_ADMIN=$(get_id openstack user create \
--password "$SERVICE_PASSWORD" \
--email "service-admin@example.com" \
"service-admin")
SERVICE_ADMIN_ROLE=$(get_id openstack role create \
"key-manager:service-admin")
openstack role add \
--user "$SERVICE_ADMIN" \
--project "$SERVICE_TENANT" \
"$SERVICE_ADMIN_ROLE"
#
# Setup RBAC User Projects and Roles
#
PASSWORD="barbican"
PROJECT_A_ID=$(get_id keystone tenant-create \
--name="project_a")
PROJECT_B_ID=$(get_id keystone tenant-create \
--name="project_b")
ROLE_ADMIN_ID=$(get_id keystone role-get admin)
ROLE_CREATOR_ID=$(get_id keystone role-create \
--name="creator")
ROLE_OBSERVER_ID=$(get_id keystone role-create \
--name="observer")
ROLE_AUDIT_ID=$(get_id keystone role-create \
--name="audit")
PROJECT_A_ID=$(get_id openstack project create "project_a")
PROJECT_B_ID=$(get_id openstack project create "project_b")
ROLE_ADMIN_ID=$(get_id openstack role show admin)
ROLE_CREATOR_ID=$(get_id openstack role create "creator")
ROLE_OBSERVER_ID=$(get_id openstack role create "observer")
ROLE_AUDIT_ID=$(get_id openstack role create "audit")
#
# Setup RBAC Admin of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_admin" \
--pass="$PASSWORD" \
--email="admin_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_ADMIN_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "admin_a@example.net" \
"project_a_admin")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_ADMIN_ID"
#
# Setup RBAC Creator of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_creator" \
--pass="$PASSWORD" \
--email="creator_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_CREATOR_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "creator_a@example.net" \
"project_a_creator")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_CREATOR_ID"
#
# Setup RBAC Observer of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_observer" \
--pass="$PASSWORD" \
--email="observer_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_OBSERVER_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "observer_a@example.net" \
"project_a_observer")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_OBSERVER_ID"
#
# Setup RBAC Auditor of Project A
#
USER_ID=$(get_id keystone user-create \
--name="project_a_auditor" \
--pass="$PASSWORD" \
--email="auditor_a@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_AUDIT_ID" \
--tenant-id="$PROJECT_A_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "auditor_a@example.net" \
"project_a_auditor")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_A_ID" \
"$ROLE_AUDIT_ID"
#
# Setup RBAC Admin of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_admin" \
--pass="$PASSWORD" \
--email="admin_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_ADMIN_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "admin_b@example.net" \
"project_b_admin")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_ADMIN_ID"
#
# Setup RBAC Creator of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_creator" \
--pass="$PASSWORD" \
--email="creator_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_CREATOR_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "creator_b@example.net" \
"project_b_creator")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_CREATOR_ID"
#
# Setup RBAC Observer of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_observer" \
--pass="$PASSWORD" \
--email="observer_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_OBSERVER_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "observer_b@example.net" \
"project_b_observer")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_OBSERVER_ID"
#
# Setup RBAC auditor of Project B
#
USER_ID=$(get_id keystone user-create \
--name="project_b_auditor" \
--pass="$PASSWORD" \
--email="auditor_b@example.net")
keystone user-role-add \
--user="$USER_ID" \
--role="$ROLE_AUDIT_ID" \
--tenant-id="$PROJECT_B_ID"
USER_ID=$(get_id openstack user create \
--password "$PASSWORD" \
--email "auditor_b@example.net" \
"project_b_auditor")
openstack role add \
--user "$USER_ID" \
--project "$PROJECT_B_ID" \
"$ROLE_AUDIT_ID"
#
# Setup Admin Endpoint
#
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
BARBICAN_SERVICE=$(keystone service-create \
--name=barbican \
--type='key-manager' \
--description="Barbican Service" \
BARBICAN_SERVICE=$(openstack service create \
--name barbican \
--description "Barbican Service" \
'key-manager' \
| grep " id " | get_field 2)
keystone endpoint-create \
openstack endpoint create \
--region RegionOne \
--service_id $BARBICAN_SERVICE \
--publicurl "http://$SERVICE_HOST:9311" \
--internalurl "http://$SERVICE_HOST:9311"
$BARBICAN_SERVICE \
public "http://$SERVICE_HOST:9311"
openstack endpoint create \
--region RegionOne \
$BARBICAN_SERVICE \
internal "http://$SERVICE_HOST:9311"
fi
}
@ -491,4 +490,3 @@ function install_dogtag_components {
# Restore xtrace
$XTRACE