Update lib/keystone to add more system users Keystone has supported system-scope since Queens and we already make sure we create a cloud profile for system-admin in /etc/openstack/clouds.yaml. This commit ensures keystone creates a couple of new users to model system-member and system-reader personas. Doing this by default in devstack makes it easier for people to use. We've already taken a similar approach in tempest by setting up the various system personas for tempest clients to use. Change-Id: Iceb7c5f517db20072e121dc7538abaa888423c67

commit: 021ae0bcc8f67b6fd307aaf3c8ac59ba6cbe23b6 [log] [tgz]
author: Lance Bragstad <lbragstad@gmail.com> Thu Mar 11 15:47:50 2021 +0000
committer: Dr. Jens Harbott <harbott@osism.tech> Fri Nov 05 10:44:58 2021 +0100
tree: 97e7ede9caaabb4d805befa235e714d8b51dabbd
parent: 9101fbf5c40119ba717f4267265e9d99c067bc4d [diff] [blame]
diff --git a/functions-common b/functions-common
index 11679e4..111d339 100644
--- a/functions-common
+++ b/functions-common

@@ -129,6 +129,28 @@
         --os-password $ADMIN_PASSWORD \
         --os-system-scope all
 
+    # system member
+    $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack-system-member \
+        --os-region-name $REGION_NAME \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_SERVICE_URI \
+        --os-username system_member \
+        --os-password $ADMIN_PASSWORD \
+        --os-system-scope all
+
+    # system reader
+    $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack-system-reader \
+        --os-region-name $REGION_NAME \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_SERVICE_URI \
+        --os-username system_reader \
+        --os-password $ADMIN_PASSWORD \
+        --os-system-scope all
+
     cat >> $CLOUDS_YAML <<EOF
 functional:
   image_name: $DEFAULT_IMAGE_NAME
@@ -936,6 +958,37 @@
     echo $user_role_id
 }
 
+# Gets or adds user role to system
+# Usage: get_or_add_user_system_role <role> <user> <system> [<user_domain>]
+function get_or_add_user_system_role {
+    local user_role_id
+    local domain_args
+
+    domain_args=$(_get_domain_args $4)
+
+    # Gets user role id
+    user_role_id=$(openstack role assignment list \
+        --role $1 \
+        --user $2 \
+        --system $3 \
+        $domain_args \
+        -f value -c Role)
+    if [[ -z "$user_role_id" ]]; then
+        # Adds role to user and get it
+        openstack role add $1 \
+            --user $2 \
+            --system $3 \
+            $domain_args
+        user_role_id=$(openstack role assignment list \
+            --role $1 \
+            --user $2 \
+            --system $3 \
+            $domain_args \
+            -f value -c Role)
+    fi
+    echo $user_role_id
+}
+
 # Gets or adds group role to project
 # Usage: get_or_add_group_project_role <role> <group> <project>
 function get_or_add_group_project_role {
commit	021ae0bcc8f67b6fd307aaf3c8ac59ba6cbe23b6	[log] [tgz]
author	Lance Bragstad <lbragstad@gmail.com>	Thu Mar 11 15:47:50 2021 +0000
committer	Dr. Jens Harbott <harbott@osism.tech>	Fri Nov 05 10:44:58 2021 +0100
tree	97e7ede9caaabb4d805befa235e714d8b51dabbd
parent	9101fbf5c40119ba717f4267265e9d99c067bc4d [diff] [blame]