Add LDAP support for k8s-keystone-auth in gate

This patch set changes the keystone in the k8s-keystone-auth to
be backed by LDAP. It also updates the test to use the LDAP users
instead of created users in the database.

Co-Authored-By: Samuel Pilla <sp516w@att.com>
Change-Id: Ia34dac51b36a300068ad5fd936c48b0f30821a52
Signed-off-by: Tin Lam <tin@irrational.io>
This commit is contained in:
Samuel Pilla 2018-10-16 09:24:43 -05:00 committed by Chris Wedgwood
parent 7d3bda1307
commit 6fe001361a
2 changed files with 7 additions and 10 deletions

View File

@ -17,4 +17,4 @@
set -xe set -xe
#NOTE: Move into openstack-helm root dir & Run keystone deployment script #NOTE: Move into openstack-helm root dir & Run keystone deployment script
cd "${OSH_PATH}"; ./tools/deployment/developer/nfs/080-keystone.sh cd "${OSH_PATH}"; ./tools/deployment/developer/ldap/080-keystone.sh

View File

@ -30,10 +30,6 @@ kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods -n openstack kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get pods -n openstack
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get secrets -n openstack kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get secrets -n openstack
# create users
openstack user create --or-show --password demoPassword demoUser
openstack user create --or-show --password demoPassword kube-system-admin
# create project # create project
openstack project create --or-show openstack-system openstack project create --or-show openstack-system
openstack project create --or-show demoProject openstack project create --or-show demoProject
@ -43,15 +39,16 @@ openstack role create --or-show openstackRole
openstack role create --or-show kube-system-admin openstack role create --or-show kube-system-admin
# assign user role to project # assign user role to project
openstack role add --project openstack-system --user demoUser --project-domain default --user-domain default openstackRole openstack role add --project openstack-system --user bob --project-domain default --user-domain ldapdomain openstackRole
openstack role add --project demoProject --user kube-system-admin --project-domain default --user-domain default kube-system-admin openstack role add --project demoProject --user alice --project-domain default --user-domain ldapdomain kube-system-admin
unset OS_CLOUD unset OS_CLOUD
export OS_AUTH_URL="http://keystone.openstack.svc.cluster.local/v3" export OS_AUTH_URL="http://keystone.openstack.svc.cluster.local/v3"
export OS_IDENTITY_API_VERSION="3" export OS_IDENTITY_API_VERSION="3"
export OS_PROJECT_NAME="openstack-system" export OS_PROJECT_NAME="openstack-system"
export OS_PASSWORD="demoPassword" export OS_PASSWORD="password"
export OS_USERNAME="demoUser" export OS_USERNAME="bob"
export OS_USER_DOMAIN_NAME="ldapdomain"
# See this does fail as the policy does not allow for a non-admin user # See this does fail as the policy does not allow for a non-admin user
@ -64,7 +61,7 @@ else
exit 1 exit 1
fi fi
export OS_USERNAME="kube-system-admin" export OS_USERNAME="alice"
export OS_PROJECT_NAME="demoProject" export OS_PROJECT_NAME="demoProject"
TOKEN=$(keystone_token) TOKEN=$(keystone_token)
kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get ingress -n kube-system kubectl --kubeconfig /tmp/kubeconfig.yaml --token $TOKEN get ingress -n kube-system