Gitiles
Code Review Sign In
spfactory.storpool.com / devstack / cbcbd8f33c87904b2293e68ec9868be0b6e4393e^! / . / lib / keystone
commitcbcbd8f33c87904b2293e68ec9868be0b6e4393e[log] [tgz]
authorJamie Lennox <jamielennox@gmail.com>Thu Jan 21 16:08:14 2016 -0600
committerJamie Lennox <jamielennox@gmail.com>Mon Apr 18 09:59:52 2016 +1000
tree1db9c7c8e519fd2c5991730a2ac47858b49be9b3
parent3d0981398a898b7ed5d4cbac4121b22963ffb32f [diff] [blame]
Allow putting service users in a seperate domain

Make it possible to construct the service users in their own seperate
domain. Changing this away from Default will not work for everyone yet,
though it does work for basic service interaction however enabling it
will allow us to start testing and hopefully gating that services aren't
relying on v2 only concepts.

Change-Id: I7e73df5dd1caabf355783da2bc0f3007ade92fba

diff --git a/lib/keystone b/lib/keystone
index b5c107c..cd07b78 100644
--- a/lib/keystone
+++ b/lib/keystone

@@ -106,7 +106,9 @@
 
 # Bind hosts
 KEYSTONE_ADMIN_BIND_HOST=${KEYSTONE_ADMIN_BIND_HOST:-$KEYSTONE_SERVICE_HOST}
+
 # Set the project for service accounts in Keystone
+SERVICE_DOMAIN_NAME=${SERVICE_DOMAIN_NAME:-Default}
 SERVICE_PROJECT_NAME=${SERVICE_PROJECT_NAME:-service}
 SERVICE_TENANT_NAME=${SERVICE_PROJECT_NAME:-service}
 
@@ -370,6 +372,7 @@
     get_or_add_user_domain_role $admin_role $admin_user default
 
     # Create service project/role
+    get_or_create_domain "$SERVICE_DOMAIN_NAME"
     get_or_create_project "$SERVICE_PROJECT_NAME" default
 
     # Service role, so service users do not have to be admins
@@ -442,9 +445,8 @@
 function create_service_user {
     local role=${2:-service}
 
-    local user
-    user=$(get_or_create_user "$1" "$SERVICE_PASSWORD" default)
-    get_or_add_user_project_role "$role" "$user" "$SERVICE_PROJECT_NAME"
+    get_or_create_user "$1" "$SERVICE_PASSWORD" "$SERVICE_DOMAIN_NAME"
+    get_or_add_user_project_role "$role" "$1" "$SERVICE_PROJECT_NAME" "$SERVICE_DOMAIN_NAME" "$SERVICE_DOMAIN_NAME"
 }
 
 # Configure the service to use the auth token middleware.
@@ -464,9 +466,9 @@
     iniset $conf_file $section auth_url $KEYSTONE_AUTH_URI
     iniset $conf_file $section username $admin_user
     iniset $conf_file $section password $SERVICE_PASSWORD
-    iniset $conf_file $section user_domain_id default
+    iniset $conf_file $section user_domain_name "$SERVICE_DOMAIN_NAME"
     iniset $conf_file $section project_name $SERVICE_PROJECT_NAME
-    iniset $conf_file $section project_domain_id default
+    iniset $conf_file $section project_domain_name "$SERVICE_DOMAIN_NAME"
 
     iniset $conf_file $section auth_uri $KEYSTONE_SERVICE_URI
     iniset $conf_file $section cafile $SSL_BUNDLE_FILE