Remove the default project from all users
The default project means that a user gains token scoping information
for a project if they don't specify another. This is something we want
to discourage for user creation. User's should specify there own
authentication scope when they authenticate.
Change-Id: I42c3060d59edfcd44d04cd166bad500419dd99bc
diff --git a/lib/ceilometer b/lib/ceilometer
index d48751e..a83d093 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -110,8 +110,7 @@
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer-api" ]]; then
- local ceilometer_user=$(get_or_create_user "ceilometer" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local ceilometer_user=$(get_or_create_user "ceilometer" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $ceilometer_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/cinder b/lib/cinder
index 6043891..dbccf44 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -348,8 +348,7 @@
# Cinder
if [[ "$ENABLED_SERVICES" =~ "c-api" ]]; then
- local cinder_user=$(get_or_create_user "cinder" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local cinder_user=$(get_or_create_user "cinder" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $cinder_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/glance b/lib/glance
index 8768761..bee57a3 100644
--- a/lib/glance
+++ b/lib/glance
@@ -232,15 +232,14 @@
function create_glance_accounts {
if is_service_enabled g-api; then
- local glance_user=$(get_or_create_user "glance" \
- "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME)
+ local glance_user=$(get_or_create_user "glance" "$SERVICE_PASSWORD")
get_or_add_user_role service $glance_user $SERVICE_TENANT_NAME
# required for swift access
if is_service_enabled s-proxy; then
local glance_swift_user=$(get_or_create_user "glance-swift" \
- "$SERVICE_PASSWORD" $SERVICE_TENANT_NAME "glance-swift@example.com")
+ "$SERVICE_PASSWORD" "glance-swift@example.com")
get_or_add_user_role "ResellerAdmin" $glance_swift_user $SERVICE_TENANT_NAME
fi
diff --git a/lib/heat b/lib/heat
index 813c2fe..5bc7283 100644
--- a/lib/heat
+++ b/lib/heat
@@ -243,8 +243,7 @@
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
- local heat_user=$(get_or_create_user "heat" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local heat_user=$(get_or_create_user "heat" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $heat_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/ironic b/lib/ironic
index 2075a9c..fced294 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -365,8 +365,7 @@
if [[ "$ENABLED_SERVICES" =~ "ir-api" ]]; then
# Get ironic user if exists
- local ironic_user=$(get_or_create_user "ironic" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local ironic_user=$(get_or_create_user "ironic" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $ironic_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/keystone b/lib/keystone
index afa7f00..d5ccc2f 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -362,8 +362,7 @@
# admin
local admin_tenant=$(get_or_create_project "admin")
- local admin_user=$(get_or_create_user "admin" \
- "$ADMIN_PASSWORD" "$admin_tenant")
+ local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD")
local admin_role=$(get_or_create_role "admin")
get_or_add_user_role $admin_role $admin_user $admin_tenant
@@ -392,7 +391,7 @@
# demo
local demo_tenant=$(get_or_create_project "demo")
local demo_user=$(get_or_create_user "demo" \
- "$ADMIN_PASSWORD" "$demo_tenant" "demo@example.com")
+ "$ADMIN_PASSWORD" "demo@example.com")
get_or_add_user_role $member_role $demo_user $demo_tenant
get_or_add_user_role $admin_role $admin_user $demo_tenant
diff --git a/lib/neutron b/lib/neutron
index b22c00b..d16cd38 100755
--- a/lib/neutron
+++ b/lib/neutron
@@ -513,8 +513,7 @@
if [[ "$ENABLED_SERVICES" =~ "q-svc" ]]; then
- local neutron_user=$(get_or_create_user "neutron" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local neutron_user=$(get_or_create_user "neutron" "$SERVICE_PASSWORD")
get_or_add_user_role $service_role $neutron_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/nova b/lib/nova
index 76212ed..c8d0d94 100644
--- a/lib/nova
+++ b/lib/nova
@@ -359,8 +359,7 @@
# Nova
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
- local nova_user=$(get_or_create_user "nova" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local nova_user=$(get_or_create_user "nova" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $nova_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/sahara b/lib/sahara
index 995935a..44c06d3 100644
--- a/lib/sahara
+++ b/lib/sahara
@@ -64,8 +64,7 @@
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
- local sahara_user=$(get_or_create_user "sahara" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local sahara_user=$(get_or_create_user "sahara" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $sahara_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/swift b/lib/swift
index ee4543c..1ddfa45 100644
--- a/lib/swift
+++ b/lib/swift
@@ -594,8 +594,7 @@
local admin_role=$(openstack role list | awk "/ admin / { print \$2 }")
local another_role=$(openstack role list | awk "/ anotherrole / { print \$2 }")
- local swift_user=$(get_or_create_user "swift" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local swift_user=$(get_or_create_user "swift" "$SERVICE_PASSWORD")
get_or_add_user_role $admin_role $swift_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
@@ -611,21 +610,18 @@
local swift_tenant_test1=$(get_or_create_project swifttenanttest1)
die_if_not_set $LINENO swift_tenant_test1 "Failure creating swift_tenant_test1"
- SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password \
- "$swift_tenant_test1" "test@example.com")
+ SWIFT_USER_TEST1=$(get_or_create_user swiftusertest1 $swiftusertest1_password "test@example.com")
die_if_not_set $LINENO SWIFT_USER_TEST1 "Failure creating SWIFT_USER_TEST1"
get_or_add_user_role $admin_role $SWIFT_USER_TEST1 $swift_tenant_test1
- local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password \
- "$swift_tenant_test1" "test3@example.com")
+ local swift_user_test3=$(get_or_create_user swiftusertest3 $swiftusertest3_password "test3@example.com")
die_if_not_set $LINENO swift_user_test3 "Failure creating swift_user_test3"
get_or_add_user_role $another_role $swift_user_test3 $swift_tenant_test1
local swift_tenant_test2=$(get_or_create_project swifttenanttest2)
die_if_not_set $LINENO swift_tenant_test2 "Failure creating swift_tenant_test2"
- local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password \
- "$swift_tenant_test2" "test2@example.com")
+ local swift_user_test2=$(get_or_create_user swiftusertest2 $swiftusertest2_password "test2@example.com")
die_if_not_set $LINENO swift_user_test2 "Failure creating swift_user_test2"
get_or_add_user_role $admin_role $swift_user_test2 $swift_tenant_test2
@@ -634,8 +630,8 @@
local swift_tenant_test4=$(get_or_create_project swifttenanttest4 $swift_domain)
die_if_not_set $LINENO swift_tenant_test4 "Failure creating swift_tenant_test4"
- local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password \
- $swift_tenant_test4 "test4@example.com" $swift_domain)
+
+ local swift_user_test4=$(get_or_create_user swiftusertest4 $swiftusertest4_password "test4@example.com" $swift_domain)
die_if_not_set $LINENO swift_user_test4 "Failure creating swift_user_test4"
get_or_add_user_role $admin_role $swift_user_test4 $swift_tenant_test4
}
diff --git a/lib/tempest b/lib/tempest
index 1ae9457..86f30b4 100644
--- a/lib/tempest
+++ b/lib/tempest
@@ -502,7 +502,7 @@
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
get_or_create_project alt_demo
- get_or_create_user alt_demo "$ADMIN_PASSWORD" alt_demo "alt_demo@example.com"
+ get_or_create_user alt_demo "$ADMIN_PASSWORD" "alt_demo@example.com"
get_or_add_user_role Member alt_demo alt_demo
fi
}
diff --git a/lib/trove b/lib/trove
index 3249ce0..5e6b1b3 100644
--- a/lib/trove
+++ b/lib/trove
@@ -84,8 +84,7 @@
if [[ "$ENABLED_SERVICES" =~ "trove" ]]; then
- local trove_user=$(get_or_create_user "trove" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local trove_user=$(get_or_create_user "trove" "$SERVICE_PASSWORD")
get_or_add_user_role $service_role $trove_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
diff --git a/lib/zaqar b/lib/zaqar
index dfa3452..618ac30 100644
--- a/lib/zaqar
+++ b/lib/zaqar
@@ -218,8 +218,7 @@
local service_tenant=$(openstack project list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
ADMIN_ROLE=$(openstack role list | awk "/ admin / { print \$2 }")
- local zaqar_user=$(get_or_create_user "zaqar" \
- "$SERVICE_PASSWORD" $service_tenant)
+ local zaqar_user=$(get_or_create_user "zaqar" "$SERVICE_PASSWORD")
get_or_add_user_role $ADMIN_ROLE $zaqar_user $service_tenant
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then