Add devstack-system-admin for system scoped actions

Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.

Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6
This commit is contained in:
Monty Taylor 2019-01-08 15:29:16 +00:00
parent a88a22969c
commit 5690582073
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
2 changed files with 22 additions and 3 deletions

View File

@ -120,6 +120,17 @@ function write_clouds_yaml {
--os-password $ADMIN_PASSWORD \ --os-password $ADMIN_PASSWORD \
--os-project-name admin --os-project-name admin
# admin with a system-scoped token -> devstack-system
$PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
--file $CLOUDS_YAML \
--os-cloud devstack-system-admin \
--os-region-name $REGION_NAME \
$CA_CERT_ARG \
--os-auth-url $KEYSTONE_SERVICE_URI \
--os-username admin \
--os-password $ADMIN_PASSWORD \
--os-system-scope all
# CLean up any old clouds.yaml files we had laying around # CLean up any old clouds.yaml files we had laying around
rm -f $(eval echo ~"$STACK_USER")/.config/openstack/clouds.yaml rm -f $(eval echo ~"$STACK_USER")/.config/openstack/clouds.yaml
} }

View File

@ -41,12 +41,19 @@ class UpdateCloudsYaml(object):
'auth_url': args.os_auth_url, 'auth_url': args.os_auth_url,
'username': args.os_username, 'username': args.os_username,
'password': args.os_password, 'password': args.os_password,
'project_name': args.os_project_name,
}, },
} }
if args.os_identity_api_version == '3': if args.os_project_name and args.os_system_scope:
print(
"WARNING: os_project_name and os_system_scope were both"
" given. os_system_scope will take priority.")
if args.os_project_name and not args.os_system_scope:
self._cloud_data['auth']['project_name'] = args.os_project_name
if args.os_identity_api_version == '3' and not args.os_system_scope:
self._cloud_data['auth']['user_domain_id'] = 'default' self._cloud_data['auth']['user_domain_id'] = 'default'
self._cloud_data['auth']['project_domain_id'] = 'default' self._cloud_data['auth']['project_domain_id'] = 'default'
if args.os_system_scope:
self._cloud_data['auth']['system_scope'] = args.os_system_scope
if args.os_cacert: if args.os_cacert:
self._cloud_data['cacert'] = args.os_cacert self._cloud_data['cacert'] = args.os_cacert
@ -88,7 +95,8 @@ def main():
parser.add_argument('--os-auth-url', required=True) parser.add_argument('--os-auth-url', required=True)
parser.add_argument('--os-username', required=True) parser.add_argument('--os-username', required=True)
parser.add_argument('--os-password', required=True) parser.add_argument('--os-password', required=True)
parser.add_argument('--os-project-name', required=True) parser.add_argument('--os-project-name')
parser.add_argument('--os-system-scope')
args = parser.parse_args() args = parser.parse_args()