Remove some keystone resource parsers
Current "keystone" command can parse the specified resources(tenant,
user, role, service) by itself. Then it is unnecessary to translate
resource names to resource ids in devstack.
This patch removes these resource parsers from devstack for cleanup.
Change-Id: Ibae06581b471f02168b559b4ca0c10f14996d661
diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index ea2d52d..07b6b60 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -28,16 +28,6 @@
export SERVICE_ENDPOINT=$SERVICE_ENDPOINT
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}
-function get_id () {
- echo `"$@" | awk '/ id / { print $4 }'`
-}
-
-# Lookups
-SERVICE_TENANT=$(keystone tenant-list | awk "/ $SERVICE_TENANT_NAME / { print \$2 }")
-ADMIN_ROLE=$(keystone role-list | awk "/ admin / { print \$2 }")
-MEMBER_ROLE=$(keystone role-list | awk "/ Member / { print \$2 }")
-
-
# Roles
# -----
@@ -45,53 +35,52 @@
# The admin role in swift allows a user to act as an admin for their tenant,
# but ResellerAdmin is needed for a user to act as any tenant. The name of this
# role is also configurable in swift-proxy.conf
-RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
+keystone role-create --name=ResellerAdmin
# Service role, so service users do not have to be admins
-SERVICE_ROLE=$(get_id keystone role-create --name=service)
+keystone role-create --name=service
# Services
# --------
if [[ "$ENABLED_SERVICES" =~ "n-api" ]] && [[ "$ENABLED_SERVICES" =~ "s-proxy" || "$ENABLED_SERVICES" =~ "swift" ]]; then
- NOVA_USER=$(keystone user-list | awk "/ nova / { print \$2 }")
# Nova needs ResellerAdmin role to download images when accessing
# swift through the s3 api.
keystone user-role-add \
- --tenant-id $SERVICE_TENANT \
- --user-id $NOVA_USER \
- --role-id $RESELLER_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --user nova \
+ --role ResellerAdmin
fi
# Heat
if [[ "$ENABLED_SERVICES" =~ "heat" ]]; then
- HEAT_USER=$(get_id keystone user-create --name=heat \
+ keystone user-create --name=heat \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=heat@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $HEAT_USER \
- --role-id $SERVICE_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --email=heat@example.com
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user heat \
+ --role service
# heat_stack_user role is for users created by Heat
keystone role-create --name heat_stack_user
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- HEAT_CFN_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=heat-cfn \
--type=cloudformation \
- --description="Heat CloudFormation Service")
+ --description="Heat CloudFormation Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $HEAT_CFN_SERVICE \
+ --service heat-cfn \
--publicurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_CFN_PORT/v1"
- HEAT_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=heat \
--type=orchestration \
- --description="Heat Service")
+ --description="Heat Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $HEAT_SERVICE \
+ --service heat \
--publicurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--adminurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s" \
--internalurl "http://$SERVICE_HOST:$HEAT_API_PORT/v1/\$(tenant_id)s"
@@ -100,23 +89,23 @@
# Glance
if [[ "$ENABLED_SERVICES" =~ "g-api" ]]; then
- GLANCE_USER=$(get_id keystone user-create \
+ keystone user-create \
--name=glance \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=glance@example.com)
+ --tenant $SERVICE_TENANT_NAME \
+ --email=glance@example.com
keystone user-role-add \
- --tenant-id $SERVICE_TENANT \
- --user-id $GLANCE_USER \
- --role-id $ADMIN_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --user glance \
+ --role admin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- GLANCE_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=glance \
--type=image \
- --description="Glance Image Service")
+ --description="Glance Image Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $GLANCE_SERVICE \
+ --service glance \
--publicurl "http://$SERVICE_HOST:9292" \
--adminurl "http://$SERVICE_HOST:9292" \
--internalurl "http://$SERVICE_HOST:9292"
@@ -125,25 +114,25 @@
# Ceilometer
if [[ "$ENABLED_SERVICES" =~ "ceilometer" ]]; then
- CEILOMETER_USER=$(get_id keystone user-create --name=ceilometer \
+ keystone user-create --name=ceilometer \
--pass="$SERVICE_PASSWORD" \
- --tenant_id $SERVICE_TENANT \
- --email=ceilometer@example.com)
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $CEILOMETER_USER \
- --role-id $ADMIN_ROLE
+ --tenant $SERVICE_TENANT_NAME \
+ --email=ceilometer@example.com
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user ceilometer \
+ --role admin
# Ceilometer needs ResellerAdmin role to access swift account stats.
- keystone user-role-add --tenant-id $SERVICE_TENANT \
- --user-id $CEILOMETER_USER \
- --role-id $RESELLER_ROLE
+ keystone user-role-add --tenant $SERVICE_TENANT_NAME \
+ --user ceilometer \
+ --role ResellerAdmin
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- CEILOMETER_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=ceilometer \
--type=metering \
- --description="Ceilometer Service")
+ --description="Ceilometer Service"
keystone endpoint-create \
--region RegionOne \
- --service_id $CEILOMETER_SERVICE \
+ --service ceilometer \
--publicurl "http://$SERVICE_HOST:8777" \
--adminurl "http://$SERVICE_HOST:8777" \
--internalurl "http://$SERVICE_HOST:8777"
@@ -153,13 +142,13 @@
# EC2
if [[ "$ENABLED_SERVICES" =~ "n-api" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- EC2_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=ec2 \
--type=ec2 \
- --description="EC2 Compatibility Layer")
+ --description="EC2 Compatibility Layer"
keystone endpoint-create \
--region RegionOne \
- --service_id $EC2_SERVICE \
+ --service ec2 \
--publicurl "http://$SERVICE_HOST:8773/services/Cloud" \
--adminurl "http://$SERVICE_HOST:8773/services/Admin" \
--internalurl "http://$SERVICE_HOST:8773/services/Cloud"
@@ -169,13 +158,13 @@
# S3
if [[ "$ENABLED_SERVICES" =~ "n-obj" || "$ENABLED_SERVICES" =~ "swift3" ]]; then
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then
- S3_SERVICE=$(get_id keystone service-create \
+ keystone service-create \
--name=s3 \
--type=s3 \
- --description="S3")
+ --description="S3"
keystone endpoint-create \
--region RegionOne \
- --service_id $S3_SERVICE \
+ --service s3 \
--publicurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--adminurl "http://$SERVICE_HOST:$S3_SERVICE_PORT" \
--internalurl "http://$SERVICE_HOST:$S3_SERVICE_PORT"
@@ -185,14 +174,14 @@
if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
# Tempest has some tests that validate various authorization checks
# between two regular users in separate tenants
- ALT_DEMO_TENANT=$(get_id keystone tenant-create \
- --name=alt_demo)
- ALT_DEMO_USER=$(get_id keystone user-create \
+ keystone tenant-create \
+ --name=alt_demo
+ keystone user-create \
--name=alt_demo \
--pass="$ADMIN_PASSWORD" \
- --email=alt_demo@example.com)
+ --email=alt_demo@example.com
keystone user-role-add \
- --tenant-id $ALT_DEMO_TENANT \
- --user-id $ALT_DEMO_USER \
- --role-id $MEMBER_ROLE
+ --tenant alt_demo \
+ --user alt_demo \
+ --role Member
fi