From 9d559f4495d12684c633232ca5090cd35a99e822 Mon Sep 17 00:00:00 2001 From: Raphael Lima Date: Fri, 19 Apr 2024 16:46:54 -0300 Subject: [PATCH] Create update_users, create_roles and create_projects methods This commit creates the update_users, create_roles and create_projects methods in openstack_config_endpoints.py, which is required in [1] in order to set the required services, roles and users during keystone bootstrap. [1]: https://review.opendev.org/c/starlingx/ansible-playbooks/+/915284 Test plan: Note that all of the test cases were performed with the changes from [1]. 1. PASS: Verify the services, roles and users were created after the keystone bootstrap. 2. PASS: Validate that the admin and sysinv users have the ignore_lockout_failure_attempts set to true. 3. PASS: Validate the sql dump of the keystone database generated in a subcloud deployment in relation to the one generated before the changes from [1]. Story: 2011035 Task: 49966 Change-Id: I5be50bec1174a451d11e4dbc2eff0b01fc182576 Signed-off-by: Raphael Lima --- .../common/openstack_config_endpoints.py | 61 +++++++++++++++++-- 1 file changed, 56 insertions(+), 5 deletions(-) diff --git a/sysinv/sysinv/sysinv/sysinv/common/openstack_config_endpoints.py b/sysinv/sysinv/sysinv/sysinv/common/openstack_config_endpoints.py index a98ac3490b..86702ae874 100644 --- a/sysinv/sysinv/sysinv/sysinv/common/openstack_config_endpoints.py +++ b/sysinv/sysinv/sysinv/sysinv/common/openstack_config_endpoints.py @@ -185,20 +185,20 @@ def create_users(keystone, users_to_create): @retry(stop_max_attempt_number=3, wait_fixed=1000) -def set_users_options(keystone, users_to_update, options): +def update_users(keystone, users_to_update): """ Set the options for a list of users :param keystone: keystone's client - :param users_to_update: list of user's names to update - :param options: a dictionary of options to set for the users + :param users_to_update: list of users to update """ keystone_users = keystone.users.list() for user in keystone_users: - if user.name in users_to_update: - keystone.users.update(user.id, options=options) + for user_to_update in users_to_update: + if user_to_update["name"] == user.name: + keystone.users.update(user.id, **user_to_update) @retry(stop_max_attempt_number=3, wait_fixed=1000) @@ -231,6 +231,57 @@ def grant_admin_role(keystone, users_to_create, project_name): LOG.info(f'Granted admin role for user {username}') +@retry(stop_max_attempt_number=3, wait_fixed=1000) +def create_roles(keystone, roles_to_create): + """ + Creates a new role + + :param keystone: keystone's client + :param roles_to_create: list of roles to create + """ + + if not roles_to_create: + LOG.info('No roles to create') + return + + existing_roles = keystone.roles.list() + existing_roles_list = [role.name for role in existing_roles] + + for role in roles_to_create: + if role["name"] in existing_roles_list: + LOG.info(f"Role {role} already exists") + continue + keystone.roles.create(role["name"], role["domain"]) + LOG.info(f"Role {role} successfully created") + + +@retry(stop_max_attempt_number=3, wait_fixed=1000) +def create_projects(keystone, projects_to_create): + """ + Creates a new project + + :param keystone: keystone's client + :param projects_to_create: list of projects to create + """ + + if not projects_to_create: + LOG.info('No projects to create') + return + + existing_projects = keystone.projects.list() + existing_projects_list = [project.name for project in existing_projects] + + for project in projects_to_create: + if project["name"] in existing_projects_list: + LOG.info(f"Project {project} already exists") + continue + keystone.projects.create( + project["name"], project["domain"], project["description"], + parent=project["parent"] + ) + LOG.info(f"Project {project} successfully created") + + @retry(stop_max_attempt_number=3, wait_fixed=1000) def create_services(keystone, services_to_create): if not services_to_create: