Remove references to deprecated ec2 authorizor.

* remove replace_pipeline * removes references to sysadmin and netadmin roles * removes references to admin ec2 api * fixes bug 953744 * related fix in nova: https://review.openstack.org/#change,5024 Change-Id: I8792dae0157b8596a5f946670742411781fe47c0
2012-03-12 17:12:00 -07:00 · 2012-03-12 17:12:00 -07:00 · ae604985e7
commit ae604985e7
parent df0972c1ee
2 changed files with 5 additions and 14 deletions
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@ -10,7 +10,7 @@
 # service              quantum   admin        # if enabled
 # service              swift     admin        # if enabled
 # demo                 admin     admin
-# demo                 demo      Member,sysadmin,netadmin
+# demo                 demo      Member,anotherrole
 # invisible_to_admin   demo      Member
 #
 # Variables set before calling this script:
@ -50,15 +50,15 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
-SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
-NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
+# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
+# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
+ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)


 # Add Roles to Users in Tenants
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT

 # TODO(termie): these two might be dubious
 keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
--- a/stack.sh
+++ b/stack.sh
@ -906,15 +906,6 @@ if is_service_enabled n-api; then
        s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
        s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
    " -i $NOVA_CONF_DIR/api-paste.ini
-
-    # Finally, change the Nova pipelines to use Keystone
-    function replace_pipeline() {
-        sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_CONF_DIR/api-paste.ini
-    }
-    replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor"
-    replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"
-    replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_compute_app_v2"
-    replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_volume_app_v1"
 fi

 # Helper to clean iptables rules