Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / 5690582073756bdc156550b90a8e284a8d4e0e5f^! / .
commit5690582073756bdc156550b90a8e284a8d4e0e5f[log] [tgz]
authorMonty Taylor <mordred@inaugust.com>Tue Jan 08 15:29:16 2019 +0000
committerMonty Taylor <mordred@inaugust.com>Tue Jan 08 23:25:57 2019 +0000
treefeb9281201c0cfcca1109501620c97ea00385660
parenta88a22969cb557456d3a8db8ae734a59a1ba8066 [diff]
Add devstack-system-admin for system scoped actions

Keystone is moving more things to require a system scoped token to
work. Getting one of those requires that domain and project information
are not set.

Change-Id: I2e1640e9f9ef6cdf56bef49d1ae8f0591570c3e6

diff --git a/functions-common b/functions-common
index 9be1513..e5962db 100644
--- a/functions-common
+++ b/functions-common

@@ -120,6 +120,17 @@
         --os-password $ADMIN_PASSWORD \
         --os-project-name admin
 
+    # admin with a system-scoped token -> devstack-system
+    $PYTHON $TOP_DIR/tools/update_clouds_yaml.py \
+        --file $CLOUDS_YAML \
+        --os-cloud devstack-system-admin \
+        --os-region-name $REGION_NAME \
+        $CA_CERT_ARG \
+        --os-auth-url $KEYSTONE_SERVICE_URI \
+        --os-username admin \
+        --os-password $ADMIN_PASSWORD \
+        --os-system-scope all
+
     # CLean up any old clouds.yaml files we had laying around
     rm -f $(eval echo ~"$STACK_USER")/.config/openstack/clouds.yaml
 }

diff --git a/tools/update_clouds_yaml.py b/tools/update_clouds_yaml.py
index 3aad0e0..9187c66 100755
--- a/tools/update_clouds_yaml.py
+++ b/tools/update_clouds_yaml.py

@@ -41,12 +41,19 @@
                 'auth_url': args.os_auth_url,
                 'username': args.os_username,
                 'password': args.os_password,
-                'project_name': args.os_project_name,
             },
         }
-        if args.os_identity_api_version == '3':
+        if args.os_project_name and args.os_system_scope:
+            print(
+                "WARNING: os_project_name and os_system_scope were both"
+                " given. os_system_scope will take priority.")
+        if args.os_project_name and not args.os_system_scope:
+            self._cloud_data['auth']['project_name'] = args.os_project_name
+        if args.os_identity_api_version == '3' and not args.os_system_scope:
             self._cloud_data['auth']['user_domain_id'] = 'default'
             self._cloud_data['auth']['project_domain_id'] = 'default'
+        if args.os_system_scope:
+            self._cloud_data['auth']['system_scope'] = args.os_system_scope
         if args.os_cacert:
             self._cloud_data['cacert'] = args.os_cacert
 
@@ -88,7 +95,8 @@
     parser.add_argument('--os-auth-url', required=True)
     parser.add_argument('--os-username', required=True)
     parser.add_argument('--os-password', required=True)
-    parser.add_argument('--os-project-name', required=True)
+    parser.add_argument('--os-project-name')
+    parser.add_argument('--os-system-scope')
 
     args = parser.parse_args()