Exempt openstack app's admin account from auth faillockout

overrides script to set 'ignore_lockout_failure_attempts' be true
in user option to avoid admin be locked due to authentication failure.

Partial-Bug: 1887755

Change-Id: I71505fabc51be839b60460cca9d5850dd49f0ade
Signed-off-by: Shuicheng Lin <shuicheng.lin@intel.com>
Shuicheng Lin 2020-08-20 19:13:14 +08:00
parent 8bd9842dfd
commit da3a6dd8e0
1 changed files with 22 additions and 0 deletions

View File

@ -452,6 +452,28 @@ data:
CustomLog /dev/stdout combined env=!forwarded
CustomLog /dev/stdout proxy env=forwarded
script: |
#NOTE(gagehugo): As of Rocky, keystone creates a member role by default
openstack role create --or-show member
openstack role add \
--user="${OS_USERNAME}" \
--user-domain="${OS_USER_DOMAIN_NAME}" \
--project-domain="${OS_PROJECT_DOMAIN_NAME}" \
--project="${OS_PROJECT_NAME}" \
# admin needs the admin role for the default domain
openstack role add \
--user="${OS_USERNAME}" \
--domain="${OS_DEFAULT_DOMAIN}" \
#STX: exempt admin from auth faillockout
TOKEN=$(openstack token issue -c id -f value)
USER_ID=$(openstack user show ${OS_USERNAME} -c id -f value)
DATA_JSON="{\"user\": {\"options\": {\"ignore_lockout_failure_attempts\": true}}}"
curl -X PATCH -H "X-Auth-Token: ${TOKEN}" -H "Content-Type: application/json" -d "${DATA_JSON}" "${REQ_URL}"
type: tar