openstack/barbican
Code Issues Proposed changes

Fix devstack gate (and new gate_hook.sh)

Browse Source 
Change-Id: I95219c75b59fc4d49874fb228bba1ae131495159
This commit is contained in:
Adam Harwell 2015-09-03 22:04:51 -07:00
parent b30fd9cdf4
commit 5fde4ea84f
3 changed files with 205 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

205
contrib/devstack/lib/barbican
View File

@ -234,147 +234,146 @@ function create_barbican_accounts {
# #
# Setup Default Admin User # Setup Default Admin User
# #
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
BARBICAN_USER=$(keystone user-create --name=barbican \ BARBICAN_USER=$(openstack user create \
--pass="$SERVICE_PASSWORD" \ --password "$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \ --project $SERVICE_TENANT \
--email=barbican@example.com \ --email "barbican@example.com" \
| grep " id " | get_field 2) barbican \
keystone user-role-add --tenant-id $SERVICE_TENANT \ | grep " id " | get_field 2)
--user-id $BARBICAN_USER \ openstack role add --project $SERVICE_TENANT \
--role-id $ADMIN_ROLE --user $BARBICAN_USER \
$ADMIN_ROLE
# #
# Setup Default service-admin User # Setup Default service-admin User
# #
SERVICE_ADMIN=$(get_id keystone user-create \ SERVICE_ADMIN=$(get_id openstack user create \
--name="service-admin" \ --password "$SERVICE_PASSWORD" \
--pass="$SERVICE_PASSWORD" \ --email "service-admin@example.com" \
--email="service-admin@example.com") "service-admin")
SERVICE_ADMIN_ROLE=$(get_id keystone role-create \ SERVICE_ADMIN_ROLE=$(get_id openstack role create \
--name="key-manager:service-admin") "key-manager:service-admin")
keystone user-role-add \ openstack role add \
--tenant_id="$SERVICE_TENANT" \ --user "$SERVICE_ADMIN" \
--user_id="$SERVICE_ADMIN" \ --project "$SERVICE_TENANT" \
--role_id="$SERVICE_ADMIN_ROLE" "$SERVICE_ADMIN_ROLE"
# #
# Setup RBAC User Projects and Roles # Setup RBAC User Projects and Roles
# #
PASSWORD="barbican" PASSWORD="barbican"
PROJECT_A_ID=$(get_id keystone tenant-create \ PROJECT_A_ID=$(get_id openstack project create "project_a")
--name="project_a") PROJECT_B_ID=$(get_id openstack project create "project_b")
PROJECT_B_ID=$(get_id keystone tenant-create \ ROLE_ADMIN_ID=$(get_id openstack role show admin)
--name="project_b") ROLE_CREATOR_ID=$(get_id openstack role create "creator")
ROLE_ADMIN_ID=$(get_id keystone role-get admin) ROLE_OBSERVER_ID=$(get_id openstack role create "observer")
ROLE_CREATOR_ID=$(get_id keystone role-create \ ROLE_AUDIT_ID=$(get_id openstack role create "audit")
--name="creator")
ROLE_OBSERVER_ID=$(get_id keystone role-create \
--name="observer")
ROLE_AUDIT_ID=$(get_id keystone role-create \
--name="audit")
# #
# Setup RBAC Admin of Project A # Setup RBAC Admin of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_admin" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "admin_a@example.net" \
--email="admin_a@example.net") "project_a_admin")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_ADMIN_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_ADMIN_ID"
# #
# Setup RBAC Creator of Project A # Setup RBAC Creator of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_creator" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "creator_a@example.net" \
--email="creator_a@example.net") "project_a_creator")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_CREATOR_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_CREATOR_ID"
# #
# Setup RBAC Observer of Project A # Setup RBAC Observer of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_observer" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "observer_a@example.net" \
--email="observer_a@example.net") "project_a_observer")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_OBSERVER_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_OBSERVER_ID"
# #
# Setup RBAC Auditor of Project A # Setup RBAC Auditor of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_auditor" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "auditor_a@example.net" \
--email="auditor_a@example.net") "project_a_auditor")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_AUDIT_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_AUDIT_ID"
# #
# Setup RBAC Admin of Project B # Setup RBAC Admin of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_admin" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "admin_b@example.net" \
--email="admin_b@example.net") "project_b_admin")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_ADMIN_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_ADMIN_ID"
# #
# Setup RBAC Creator of Project B # Setup RBAC Creator of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_creator" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "creator_b@example.net" \
--email="creator_b@example.net") "project_b_creator")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_CREATOR_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_CREATOR_ID"
# #
# Setup RBAC Observer of Project B # Setup RBAC Observer of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_observer" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "observer_b@example.net" \
--email="observer_b@example.net") "project_b_observer")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_OBSERVER_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_OBSERVER_ID"
# #
# Setup RBAC auditor of Project B # Setup RBAC auditor of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_auditor" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "auditor_b@example.net" \
--email="auditor_b@example.net") "project_b_auditor")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_AUDIT_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_AUDIT_ID"
# #
# Setup Admin Endpoint # Setup Admin Endpoint
# #
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
BARBICAN_SERVICE=$(keystone service-create \ BARBICAN_SERVICE=$(openstack service create \
--name=barbican \ --name barbican \
--type='key-manager' \ --description "Barbican Service" \
--description="Barbican Service" \ 'key-manager' \
| grep " id " | get_field 2) | grep " id " | get_field 2)
keystone endpoint-create \ openstack endpoint create \
--region RegionOne \ --region RegionOne \
--service_id $BARBICAN_SERVICE \ $BARBICAN_SERVICE \
--publicurl "http://$SERVICE_HOST:9311" \ public "http://$SERVICE_HOST:9311"
--internalurl "http://$SERVICE_HOST:9311" openstack endpoint create \
--region RegionOne \
$BARBICAN_SERVICE \
internal "http://$SERVICE_HOST:9311"
fi fi
} }

2
devstack/gate_hook.sh
View File

@ -15,6 +15,6 @@
set -ex set -ex
# Install barbican devstack integration # Install barbican devstack integration
export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://review.openstack.org/openstack/barbican refs/changes/85/167885/25" export DEVSTACK_LOCAL_CONFIG="enable_plugin barbican https://git.openstack.org/openstack/barbican"
$BASE/new/devstack-gate/devstack-vm-gate.sh $BASE/new/devstack-gate/devstack-vm-gate.sh

206
devstack/lib/barbican
View File

@ -208,147 +208,146 @@ function create_barbican_accounts {
# #
# Setup Default Admin User # Setup Default Admin User
# #
SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }") SERVICE_TENANT=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }") ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
BARBICAN_USER=$(keystone user-create --name=barbican \ BARBICAN_USER=$(openstack user create \
--pass="$SERVICE_PASSWORD" \ --password "$SERVICE_PASSWORD" \
--tenant-id $SERVICE_TENANT \ --project $SERVICE_TENANT \
--email=barbican@example.com \ --email "barbican@example.com" \
| grep " id " | get_field 2) barbican \
keystone user-role-add --tenant-id $SERVICE_TENANT \ | grep " id " | get_field 2)
--user-id $BARBICAN_USER \ openstack role add --project $SERVICE_TENANT \
--role-id $ADMIN_ROLE --user $BARBICAN_USER \
$ADMIN_ROLE
# #
# Setup Default service-admin User # Setup Default service-admin User
# #
SERVICE_ADMIN=$(get_id keystone user-create \ SERVICE_ADMIN=$(get_id openstack user create \
--name="service-admin" \ --password "$SERVICE_PASSWORD" \
--pass="$SERVICE_PASSWORD" \ --email "service-admin@example.com" \
--email="service-admin@example.com") "service-admin")
SERVICE_ADMIN_ROLE=$(get_id keystone role-create \ SERVICE_ADMIN_ROLE=$(get_id openstack role create \
--name="key-manager:service-admin") "key-manager:service-admin")
keystone user-role-add \ openstack role add \
--tenant_id="$SERVICE_TENANT" \ --user "$SERVICE_ADMIN" \
--user_id="$SERVICE_ADMIN" \ --project "$SERVICE_TENANT" \
--role_id="$SERVICE_ADMIN_ROLE" "$SERVICE_ADMIN_ROLE"
# #
# Setup RBAC User Projects and Roles # Setup RBAC User Projects and Roles
# #
PASSWORD="barbican" PASSWORD="barbican"
PROJECT_A_ID=$(get_id keystone tenant-create \ PROJECT_A_ID=$(get_id openstack project create "project_a")
--name="project_a") PROJECT_B_ID=$(get_id openstack project create "project_b")
PROJECT_B_ID=$(get_id keystone tenant-create \ ROLE_ADMIN_ID=$(get_id openstack role show admin)
--name="project_b") ROLE_CREATOR_ID=$(get_id openstack role create "creator")
ROLE_ADMIN_ID=$(get_id keystone role-get admin) ROLE_OBSERVER_ID=$(get_id openstack role create "observer")
ROLE_CREATOR_ID=$(get_id keystone role-create \ ROLE_AUDIT_ID=$(get_id openstack role create "audit")
--name="creator")
ROLE_OBSERVER_ID=$(get_id keystone role-create \
--name="observer")
ROLE_AUDIT_ID=$(get_id keystone role-create \
--name="audit")
# #
# Setup RBAC Admin of Project A # Setup RBAC Admin of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_admin" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "admin_a@example.net" \
--email="admin_a@example.net") "project_a_admin")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_ADMIN_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_ADMIN_ID"
# #
# Setup RBAC Creator of Project A # Setup RBAC Creator of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_creator" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "creator_a@example.net" \
--email="creator_a@example.net") "project_a_creator")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_CREATOR_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_CREATOR_ID"
# #
# Setup RBAC Observer of Project A # Setup RBAC Observer of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_observer" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "observer_a@example.net" \
--email="observer_a@example.net") "project_a_observer")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_OBSERVER_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_OBSERVER_ID"
# #
# Setup RBAC Auditor of Project A # Setup RBAC Auditor of Project A
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_a_auditor" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "auditor_a@example.net" \
--email="auditor_a@example.net") "project_a_auditor")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_AUDIT_ID" \ --project "$PROJECT_A_ID" \
--tenant-id="$PROJECT_A_ID" "$ROLE_AUDIT_ID"
# #
# Setup RBAC Admin of Project B # Setup RBAC Admin of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_admin" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "admin_b@example.net" \
--email="admin_b@example.net") "project_b_admin")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_ADMIN_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_ADMIN_ID"
# #
# Setup RBAC Creator of Project B # Setup RBAC Creator of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_creator" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "creator_b@example.net" \
--email="creator_b@example.net") "project_b_creator")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_CREATOR_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_CREATOR_ID"
# #
# Setup RBAC Observer of Project B # Setup RBAC Observer of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_observer" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "observer_b@example.net" \
--email="observer_b@example.net") "project_b_observer")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_OBSERVER_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_OBSERVER_ID"
# #
# Setup RBAC auditor of Project B # Setup RBAC auditor of Project B
# #
USER_ID=$(get_id keystone user-create \ USER_ID=$(get_id openstack user create \
--name="project_b_auditor" \ --password "$PASSWORD" \
--pass="$PASSWORD" \ --email "auditor_b@example.net" \
--email="auditor_b@example.net") "project_b_auditor")
keystone user-role-add \ openstack role add \
--user="$USER_ID" \ --user "$USER_ID" \
--role="$ROLE_AUDIT_ID" \ --project "$PROJECT_B_ID" \
--tenant-id="$PROJECT_B_ID" "$ROLE_AUDIT_ID"
# #
# Setup Admin Endpoint # Setup Admin Endpoint
# #
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
BARBICAN_SERVICE=$(keystone service-create \ BARBICAN_SERVICE=$(openstack service create \
--name=barbican \ --name barbican \
--type='key-manager' \ --description "Barbican Service" \
--description="Barbican Service" \ 'key-manager' \
| grep " id " | get_field 2) | grep " id " | get_field 2)
keystone endpoint-create \ openstack endpoint create \
--region RegionOne \ --region RegionOne \
--service_id $BARBICAN_SERVICE \ $BARBICAN_SERVICE \
--publicurl "http://$SERVICE_HOST:9311" \ public "http://$SERVICE_HOST:9311"
--internalurl "http://$SERVICE_HOST:9311" openstack endpoint create \
--region RegionOne \
$BARBICAN_SERVICE \
internal "http://$SERVICE_HOST:9311"
fi fi
} }
@ -491,4 +490,3 @@ function install_dogtag_components {
# Restore xtrace # Restore xtrace
$XTRACE $XTRACE