Convert identity defaults to keystone v3 api
At this point all our function calls should be using the V3 APIs anyway
so switch the authentication credentials to v3 compatible ones and
remove all the hacks we added to force v3 API calls.
Implements: bp keystonev3
Change-Id: If92d3e11b9a363454f77527783b6d25f4da9c249
diff --git a/functions-common b/functions-common
index 641eca8..cc5136d 100644
--- a/functions-common
+++ b/functions-common
@@ -687,16 +687,13 @@
# Usage: get_or_create_domain <name> <description>
function get_or_create_domain {
local domain_id
- local os_url="$KEYSTONE_SERVICE_URI_V3"
# Gets domain id
domain_id=$(
# Gets domain id
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 domain show $1 \
+ openstack domain show $1 \
-f value -c id 2>/dev/null ||
# Creates new domain
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 domain create $1 \
+ openstack domain create $1 \
--description "$2" \
-f value -c id
)
@@ -707,13 +704,11 @@
# Usage: get_or_create_group <groupname> <domain> [<description>]
function get_or_create_group {
local desc="${3:-}"
- local os_url="$KEYSTONE_SERVICE_URI_V3"
local group_id
# Gets group id
group_id=$(
# Creates new group with --or-show
- openstack --os-token=$OS_TOKEN --os-url=$os_url \
- --os-identity-api-version=3 group create $1 \
+ openstack group create $1 \
--domain $2 --description "$desc" --or-show \
-f value -c id
)
@@ -735,8 +730,6 @@
openstack user create \
$1 \
--password "$2" \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--domain=$3 \
$email \
--or-show \
@@ -751,9 +744,7 @@
local project_id
project_id=$(
# Creates new project with --or-show
- openstack --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
- project create $1 \
+ openstack project create $1 \
--domain=$2 \
--or-show -f value -c id
)
@@ -767,8 +758,6 @@
role_id=$(
# Creates role with --or-show
openstack role create $1 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--or-show -f value -c id
)
echo $role_id
@@ -781,8 +770,6 @@
# Gets user role id
user_role_id=$(openstack role list \
--user $2 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--column "ID" \
--project $3 \
--column "Name" \
@@ -793,8 +780,6 @@
$1 \
--user $2 \
--project $3 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
| grep " id " | get_field 2)
fi
echo $user_role_id
@@ -806,21 +791,15 @@
local group_role_id
# Gets group role id
group_role_id=$(openstack role list \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
if [[ -z "$group_role_id" ]]; then
# Adds role to group and get it
openstack role add $1 \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3
group_role_id=$(openstack role list \
- --os-url=$KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--group $2 \
--project $3 \
-c "ID" -f value)
@@ -838,8 +817,6 @@
openstack service show $2 -f value -c id 2>/dev/null ||
# Creates new service if not exists
openstack service create \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
$2 \
--name $1 \
--description="$3" \
@@ -858,8 +835,6 @@
# gets support for this, the check for the region name can be removed.
# Related bug in keystone: https://bugs.launchpad.net/keystone/+bug/1482772
endpoint_id=$(openstack endpoint list \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
--service $1 \
--interface $2 \
--region $4 \
@@ -867,8 +842,6 @@
if [[ -z "$endpoint_id" ]]; then
# Creates new endpoint
endpoint_id=$(openstack endpoint create \
- --os-url $KEYSTONE_SERVICE_URI_V3 \
- --os-identity-api-version=3 \
$1 $2 $3 --region $4 -f value -c id)
fi
diff --git a/stack.sh b/stack.sh
index cc8bc8c..fa2e490 100755
--- a/stack.sh
+++ b/stack.sh
@@ -987,13 +987,15 @@
start_keystone
fi
+ export OS_IDENTITY_API_VERSION=3
+
# Set up a temporary admin URI for Keystone
- SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v2.0
+ SERVICE_ENDPOINT=$KEYSTONE_AUTH_URI/v3
if is_service_enabled tls-proxy; then
export OS_CACERT=$INT_CA_DIR/ca-chain.pem
# Until the client support is fixed, just use the internal endpoint
- SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v2.0
+ SERVICE_ENDPOINT=http://$KEYSTONE_AUTH_HOST:$KEYSTONE_AUTH_PORT_INT/v3
fi
# Setup OpenStackClient token-endpoint auth
@@ -1021,14 +1023,13 @@
# Begone token auth
unset OS_TOKEN OS_URL
- # force set to use v2 identity authentication even with v3 commands
- export OS_AUTH_TYPE=v2password
-
# Set up password auth credentials now that Keystone is bootstrapped
- export OS_AUTH_URL=$SERVICE_ENDPOINT
- export OS_TENANT_NAME=admin
+ export OS_AUTH_URL=$KEYSTONE_AUTH_URI
export OS_USERNAME=admin
+ export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=$ADMIN_PASSWORD
+ export OS_PROJECT_NAME=admin
+ export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=$REGION_NAME
fi