Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / ae604985e78ae5e9763a348d132cb8e120b85c95^! / .
commitae604985e78ae5e9763a348d132cb8e120b85c95[log] [tgz]
authorAnthony Young <sleepsonthefloor@gmail.com>Mon Mar 12 17:12:00 2012 -0700
committerAnthony Young <sleepsonthefloor@gmail.com>Tue Mar 13 16:10:56 2012 -0700
treee47e02f7d42176d8f3a6298cd14333a237af8c84
parentdf0972c1ee4d8dbb5b7a053198d8772a39fbdf86 [diff]
Remove references to deprecated ec2 authorizor.

 * remove replace_pipeline
 * removes references to sysadmin and netadmin roles
 * removes references to admin ec2 api
 * fixes bug 953744
 * related fix in nova: https://review.openstack.org/#change,5024

Change-Id: I8792dae0157b8596a5f946670742411781fe47c0

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index e97ad73..319bae3 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh

@@ -10,7 +10,7 @@
 # service              quantum   admin        # if enabled
 # service              swift     admin        # if enabled
 # demo                 admin     admin
-# demo                 demo      Member,sysadmin,netadmin
+# demo                 demo      Member,anotherrole
 # invisible_to_admin   demo      Member
 #
 # Variables set before calling this script:
@@ -50,15 +50,15 @@
 ADMIN_ROLE=$(get_id keystone role-create --name=admin)
 KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
 KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
-SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
-NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
+# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
+# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
+ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
 
 
 # Add Roles to Users in Tenants
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
 keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
-keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
+keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
 
 # TODO(termie): these two might be dubious
 keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT

diff --git a/stack.sh b/stack.sh
index 83adc8d..f6b5e9e 100755
--- a/stack.sh
+++ b/stack.sh

@@ -906,15 +906,6 @@
         s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
         s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
     " -i $NOVA_CONF_DIR/api-paste.ini
-
-    # Finally, change the Nova pipelines to use Keystone
-    function replace_pipeline() {
-        sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_CONF_DIR/api-paste.ini
-    }
-    replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor"
-    replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"
-    replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_compute_app_v2"
-    replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_volume_app_v1"
 fi
 
 # Helper to clean iptables rules