diff --git a/rally/plugins/openstack/context/keystone/users.py b/rally/plugins/openstack/context/keystone/users.py index f39c793196..9a84026418 100644 --- a/rally/plugins/openstack/context/keystone/users.py +++ b/rally/plugins/openstack/context/keystone/users.py @@ -46,6 +46,9 @@ USER_CONTEXT_OPTS = [ cfg.StrOpt("user_domain", default="default", help="ID of domain in which users will be created."), + cfg.StrOpt("keystone_default_role", + default="member", + help="The default role name of the keystone."), ] CONF = cfg.CONF @@ -223,6 +226,7 @@ class UserGenerator(UserContextMixin, context.Context): # NOTE(msdubov): This should be called after _create_tenants(). threads = self.config["resource_management_workers"] users_per_tenant = self.config["users_per_tenant"] + default_role = cfg.CONF.users_context.keystone_default_role users = collections.deque() @@ -241,9 +245,11 @@ class UserGenerator(UserContextMixin, context.Context): clients = osclients.Clients(self.credential) cache["client"] = keystone.wrap(clients.keystone()) client = cache["client"] - user = client.create_user(username, password, - "%s@email.me" % username, - tenant_id, user_dom) + user = client.create_user( + username, password, + "%s@email.me" % username, + tenant_id, user_dom, + default_role=default_role) user_credential = objects.Credential( client.auth_url, user.name, password, self.context["tenants"][tenant_id]["name"], diff --git a/rally/plugins/openstack/wrappers/keystone.py b/rally/plugins/openstack/wrappers/keystone.py index 44708f98da..e26190dcea 100644 --- a/rally/plugins/openstack/wrappers/keystone.py +++ b/rally/plugins/openstack/wrappers/keystone.py @@ -55,7 +55,7 @@ class KeystoneWrapper(object): @abc.abstractmethod def create_user(self, username, password, email=None, project_id=None, - domain_name="Default"): + domain_name="Default", default_role="member"): """Create user. :param username: name of user @@ -64,6 +64,7 @@ class KeystoneWrapper(object): :param domain_name: Name or id of domain where to create project, for implementations that don't support domains this argument must be None or 'Default'. + :param default_role: user's default role """ @abc.abstractmethod @@ -136,7 +137,8 @@ class KeystoneV2Wrapper(KeystoneWrapper): self.client.tenants.delete(project_id) def create_user(self, username, password, email=None, project_id=None, - domain_name="Default"): + domain_name="Default", default_role="member"): + # NOTE(liuyulong): For v2 wrapper the `default_role` here is not used. self._check_domain(domain_name) user = self.client.users.create(username, password, email, project_id) return KeystoneV2Wrapper._wrap_v2_user(user) @@ -194,18 +196,19 @@ class KeystoneV3Wrapper(KeystoneWrapper): self.client.projects.delete(project_id) def create_user(self, username, password, email=None, project_id=None, - domain_name="Default"): + domain_name="Default", default_role="member"): domain_id = self._get_domain_id(domain_name) user = self.client.users.create(name=username, password=password, default_project=project_id, email=email, domain=domain_id) for role in self.client.roles.list(): - if "member" in role.name.lower(): + if default_role in role.name.lower(): self.client.roles.grant(role.id, user=user.id, project=project_id) break else: - LOG.warning("Unable to set member role to created user.") + LOG.warning( + "Unable to set %s role to created user." % default_role) return KeystoneV3Wrapper._wrap_v3_user(user) def delete_user(self, user_id):