diff --git a/heat/templates/configmap-etc.yaml b/heat/templates/configmap-etc.yaml index 80e2c53365..1e7fb1dd37 100644 --- a/heat/templates/configmap-etc.yaml +++ b/heat/templates/configmap-etc.yaml @@ -51,6 +51,10 @@ {{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path | set .Values.conf.heat.clients_keystone.heat.common.config "auth_uri" | quote | trunc 0 -}} {{- end -}} +{{- if empty .Values.conf.heat.trustee.heat.common.context.auth_url -}} +{{- tuple "identity" "internal" "api" . | include "helm-toolkit.endpoints.keystone_endpoint_uri_lookup" | trimSuffix .Values.endpoints.identity.path | set .Values.conf.heat.trustee.heat.common.context "auth_url" | quote | trunc 0 -}} +{{- end -}} + apiVersion: v1 kind: ConfigMap metadata: diff --git a/heat/values.yaml b/heat/values.yaml index f480900b0e..f49109ba04 100644 --- a/heat/values.yaml +++ b/heat/values.yaml @@ -105,7 +105,7 @@ conf: stack_domain_admin: heat-domain stack_domain_admin_password: password num_engine_workers: 4 - trusts_delegated_roles: Member + trusts_delegated_roles: _member_ keystone_authtoken: keystonemiddleware: auth_token: @@ -121,11 +121,15 @@ conf: heat: common: context: + auth_section: trustee + auth_type: password password: password user_domain_name: default username: heat-trust project_domain_name: default project_name: service + region_name: RegionOne + auth_version: v3 heat_api: heat: common: diff --git a/helm-toolkit/templates/scripts/_ks-user.sh.tpl b/helm-toolkit/templates/scripts/_ks-user.sh.tpl index 41a28704b6..71121a3877 100644 --- a/helm-toolkit/templates/scripts/_ks-user.sh.tpl +++ b/helm-toolkit/templates/scripts/_ks-user.sh.tpl @@ -54,21 +54,30 @@ USER_ID=$(openstack user create --or-show --enable -f value -c id \ # Display user openstack user show "${USER_ID}" -# Manage user role -USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ +function ks_assign_user_role () { + # Manage user role assignment + openstack role add \ + --user="${USER_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ + --project="${USER_PROJECT_ID}" \ + "${USER_ROLE_ID}" + + # Display user role assignment + openstack role assignment list \ + --role="${USER_ROLE_ID}" \ + --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ + --user="${USER_ID}" +} + +# Manage user service role +export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ "${SERVICE_OS_ROLE}"); +ks_assign_user_role -# Manage user role assignment -openstack role add \ - --user="${USER_ID}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --project-domain="${SERVICE_OS_PROJECT_DOMAIN_NAME}" \ - --project="${USER_PROJECT_ID}" \ - "${USER_ROLE_ID}" - -# Display user role assignment -openstack role assignment list \ - --role="${SERVICE_OS_ROLE}" \ - --user-domain="${SERVICE_OS_USER_DOMAIN_NAME}" \ - --user="${USER_ID}" +# Manage user member role +: ${MEMBER_OS_ROLE:="_member_"} +export USER_ROLE_ID=$(openstack role create --or-show -f value -c id \ + "${MEMBER_OS_ROLE}"); +ks_assign_user_role {{- end }} diff --git a/keystone/values.yaml b/keystone/values.yaml index 46db9a9bfe..05fb28de22 100644 --- a/keystone/values.yaml +++ b/keystone/values.yaml @@ -58,8 +58,14 @@ keystone: admin_project_domain: default bootstrap: - enabled: false - script: null + enabled: true + script: | + openstack role add \ + --user="${OS_USERNAME}" \ + --user-domain="${OS_USER_DOMAIN_NAME}" \ + --project-domain="${OS_PROJECT_DOMAIN_NAME}" \ + --project="${OS_PROJECT_NAME}" \ + "_member_" network: api: