Add LDAP support for k8s-keystone-auth in gate
This patch set changes the keystone in the k8s-keystone-auth to be backed by LDAP. It also updates the test to use the LDAP users instead of created users in the database. Co-Authored-By: Samuel Pilla <sp516w@att.com> Change-Id: Ia34dac51b36a300068ad5fd936c48b0f30821a52 Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
parent
7d3bda1307
commit
6fe001361a
@ -17,4 +17,4 @@
|
|||||||
set -xe
|
set -xe
|
||||||
|
|
||||||
#NOTE: Move into openstack-helm root dir & Run keystone deployment script
|
#NOTE: Move into openstack-helm root dir & Run keystone deployment script
|
||||||
cd "${OSH_PATH}"; ./tools/deployment/developer/nfs/080-keystone.sh
|
cd "${OSH_PATH}"; ./tools/deployment/developer/ldap/080-keystone.sh
|
||||||
|
@ -30,10 +30,6 @@ kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods
|
|||||||
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods -n openstack
|
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods -n openstack
|
||||||
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get secrets -n openstack
|
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get secrets -n openstack
|
||||||
|
|
||||||
# create users
|
|
||||||
openstack user create --or-show --password demoPassword demoUser
|
|
||||||
openstack user create --or-show --password demoPassword kube-system-admin
|
|
||||||
|
|
||||||
# create project
|
# create project
|
||||||
openstack project create --or-show openstack-system
|
openstack project create --or-show openstack-system
|
||||||
openstack project create --or-show demoProject
|
openstack project create --or-show demoProject
|
||||||
@ -43,15 +39,16 @@ openstack role create --or-show openstackRole
|
|||||||
openstack role create --or-show kube-system-admin
|
openstack role create --or-show kube-system-admin
|
||||||
|
|
||||||
# assign user role to project
|
# assign user role to project
|
||||||
openstack role add --project openstack-system --user demoUser --project-domain default --user-domain default openstackRole
|
openstack role add --project openstack-system --user bob --project-domain default --user-domain ldapdomain openstackRole
|
||||||
openstack role add --project demoProject --user kube-system-admin --project-domain default --user-domain default kube-system-admin
|
openstack role add --project demoProject --user alice --project-domain default --user-domain ldapdomain kube-system-admin
|
||||||
|
|
||||||
unset OS_CLOUD
|
unset OS_CLOUD
|
||||||
export OS_AUTH_URL="http://keystone.openstack.svc.cluster.local/v3"
|
export OS_AUTH_URL="http://keystone.openstack.svc.cluster.local/v3"
|
||||||
export OS_IDENTITY_API_VERSION="3"
|
export OS_IDENTITY_API_VERSION="3"
|
||||||
export OS_PROJECT_NAME="openstack-system"
|
export OS_PROJECT_NAME="openstack-system"
|
||||||
export OS_PASSWORD="demoPassword"
|
export OS_PASSWORD="password"
|
||||||
export OS_USERNAME="demoUser"
|
export OS_USERNAME="bob"
|
||||||
|
export OS_USER_DOMAIN_NAME="ldapdomain"
|
||||||
|
|
||||||
# See this does fail as the policy does not allow for a non-admin user
|
# See this does fail as the policy does not allow for a non-admin user
|
||||||
|
|
||||||
@ -64,7 +61,7 @@ else
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
export OS_USERNAME="kube-system-admin"
|
export OS_USERNAME="alice"
|
||||||
export OS_PROJECT_NAME="demoProject"
|
export OS_PROJECT_NAME="demoProject"
|
||||||
TOKEN=$(keystone_token)
|
TOKEN=$(keystone_token)
|
||||||
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get ingress -n kube-system
|
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get ingress -n kube-system
|
||||||
|
Loading…
Reference in New Issue
Block a user