Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / b297d2d0a8e1b38ffaebc4590bced3361df6fe89^! / .
commitb297d2d0a8e1b38ffaebc4590bced3361df6fe89[log] [tgz]
authorJay Pipes <jaypipes@gmail.com>Thu May 10 11:21:22 2012 -0400
committerJay Pipes <jaypipes@gmail.com>Thu May 10 11:25:39 2012 -0400
tree3de17190680149463e7a8c323e4e95a627395dce
parent33a19d4345ffc32a06f74dadd70842335e9c6400 [diff]
Fixes LP #996571 - Alternate Tempest user

Adds an alternate user to Keystone for Tempest

Tempest has a number of tests that are skipped if
the compute.alt_username is the same as compute.username
or None. Here, we modify files/keystone_data.sh to add
an additional regular user called alt_demo if Tempest
is enabled in stackrc. We also make corresponding changes
to the tools/configure_tempest.sh script to make use
of this alternate user credential

Change-Id: I551f3b378f843c62fffcf6effa916056708d54d3

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index a49eb42..9e994fd 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh

@@ -12,6 +12,8 @@
 # demo                 admin     admin
 # demo                 demo      Member, anotherrole
 # invisible_to_admin   demo      Member
+# Tempest Only:
+# alt_demo             alt_demo  Member
 #
 # Variables set before calling this script:
 # SERVICE_TOKEN - aka admin_token in keystone.conf
@@ -116,3 +118,13 @@
                            --user $QUANTUM_USER \
                            --role $ADMIN_ROLE
 fi
+
+if [[ "$ENABLED_SERVICES" =~ "tempest" ]]; then
+    # Tempest has some tests that validate various authorization checks
+    # between two regular users in separate tenants
+    ALT_DEMO_TENANT=$(get_id keystone tenant-create --name=alt_demo)
+    ALT_DEMO_USER=$(get_id keystone user-create --name=alt_demo \
+                                        --pass="$ADMIN_PASSWORD" \
+                                        --email=alt_demo@example.com)
+    keystone user-role-add --user $ALT_DEMO_USER --role $MEMBER_ROLE --tenant_id $ALT_DEMO_TENANT
+fi

diff --git a/tools/configure_tempest.sh b/tools/configure_tempest.sh
index a84c42b..2c06934 100755
--- a/tools/configure_tempest.sh
+++ b/tools/configure_tempest.sh

@@ -93,6 +93,10 @@
 # copy every time, because the image UUIDS are going to change
 cp $TEMPEST_CONF.tpl $TEMPEST_CONF
 
+ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
+ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
+
 IDENTITY_USE_SSL=${IDENTITY_USE_SSL:-False}
 IDENTITY_HOST=${IDENTITY_HOST:-127.0.0.1}
 IDENTITY_PORT=${IDENTITY_PORT:-5000}
@@ -107,22 +111,18 @@
 # OS_USERNAME et all should be defined in openrc.
 OS_USERNAME=${OS_USERNAME:-demo}
 OS_TENANT_NAME=${OS_TENANT_NAME:-demo}
-OS_PASSWORD=${OS_PASSWORD:-secrete}
+OS_PASSWORD=${OS_PASSWORD:$ADMIN_PASSWORD}
 
-# TODO(jaypipes): Support multiple regular user accounts instead
-# of using the same regular user account for the alternate user...
-ALT_USERNAME=$OS_USERNAME
+# See files/keystone_data.sh where alt_demo user
+# and tenant are set up...
+ALT_USERNAME=${ALT_USERNAME:-alt_demo}
+ALT_TENANT_NAME=${ALT_TENANT_NAME:-alt_demo}
 ALT_PASSWORD=$OS_PASSWORD
-ALT_TENANT_NAME=$OS_TENANT_NAME
 
 # TODO(jaypipes): Support configurable flavor refs here...
 FLAVOR_REF=1
 FLAVOR_REF_ALT=2
 
-ADMIN_USERNAME=${ADMIN_USERNAME:-admin}
-ADMIN_PASSWORD=${ADMIN_PASSWORD:-secrete}
-ADMIN_TENANT_NAME=${ADMIN_TENANT:-admin}
-
 # Do any of the following need to be configurable?
 COMPUTE_CATALOG_TYPE=compute
 COMPUTE_CREATE_IMAGE_ENABLED=True