-
-
Save alistairncoles/b5b905f7f68d82ae242e59982ed902bd to your computer and use it in GitHub Desktop.
Script to set up swift test users in keystone
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
usage="<prog> <identity endpoint> [os-password] --remove" | |
# | |
# identity endpoint should include /v3 at end of url | |
# e.g. <prog> http://hostname:5000/v3 ADMIN | |
# | |
# hostname could be standalone keystone service or devstack keystone service | |
# Note: we are using password auth for keystone admin here - previously token | |
# been just fine but I couldn't get that to auth 'create' commands. | |
# Following pattern of stack.sh which flips to password auth once initial | |
# keystone bootstrap is done. | |
DEFAULT_DOMAIN_NAME=default | |
TEST_DOMAIN=test-domain | |
USER_PREFIX=tester | |
PROJECT_PREFIX=test | |
OS_PASSWORD="admin" | |
OS_URL=$1 | |
shift | |
OS_PASSWORD=$1 | |
if [ -z $1 ]; then | |
OS_PASSWORD="admin" | |
fi | |
shift | |
REMOVE=$1 | |
ADMIN_USERNAME=admin | |
ADMIN_PROJECT_NAME=admin | |
echo "Using keystone admin credentials: {user: $ADMIN_USERNAME, password: $OS_PASSWORD, project: $ADMIN_PROJECT_NAME}" | |
# Note | |
# may need to use token flow auth | |
# http://docs.openstack.org/developer/python-openstackclient/authentication.html | |
# openstack --os-url http://localhost:5000/v3 --os-identity-api-version 3 --os-token ADMIN | |
# common base command | |
OS_CMD="openstack --os-auth-url $OS_URL --os-identity-api-version 3 --os-username $ADMIN_USERNAME --os-project-name $ADMIN_PROJECT_NAME --os-password $OS_PASSWORD --os-user-domain-name $DEFAULT_DOMAIN_NAME --os-project-domain-name $DEFAULT_DOMAIN_NAME" | |
# create_account <user_name> <password> <project_name> <role_name> <domain_name> | |
function create_account { | |
local user_name=$1 | |
local password=$2 | |
local project_name=$3 | |
local role_name=$4 | |
local domain_name=$5 | |
local project_id=$($OS_CMD project create $project_name --domain $domain_name --or-show -f value -c id) | |
if [ -z $project_id ]; then | |
exit 1 | |
fi | |
echo "Created project $project_name with id $project_id" | |
local user_id=$($OS_CMD user create $user_name --password $password --domain $domain_name --or-show -f value -c id) | |
if [ -z $user_id ]; then | |
exit 1 | |
fi | |
echo "Created user $user_name with id $user_id" | |
$($OS_CMD role add --user $user_id --project $project_id $role_name) | |
if [ $? -ne 0 ]; then | |
exit 1 | |
fi | |
echo "Assigned role $role_name to user $user_name on project $project_name" | |
} | |
# create_account <user_name> <password> <project_name> <role_name> <domain_name> | |
function remove_account { | |
local user_name=$1 | |
local project_name=$2 | |
local role_name=$3 | |
local domain_name=$4 | |
if [ "$role_name" != "NONE" ]; then | |
$($OS_CMD role remove --user $user_name --project $project_name $role_name) | |
echo "Removed role $role_name from user $user_name on project $project_name" | |
fi | |
$($OS_CMD project delete $project_name --domain $domain_name) | |
echo "Deleted project $project_name in domain $domain_name" | |
$($OS_CMD user delete $user_name --domain $domain_name) | |
echo "Deleted user $user_name in domain $domain_name" | |
} | |
# not pretending this is elegant | |
if [ "$REMOVE" == "--remove" ]; then | |
remove_account ${USER_PREFIX} ${PROJECT_PREFIX} admin $DEFAULT_DOMAIN_NAME | |
remove_account ${USER_PREFIX}2 ${PROJECT_PREFIX}2 admin $DEFAULT_DOMAIN_NAME | |
remove_account ${USER_PREFIX}3 ${PROJECT_PREFIX} not_admin_role $DEFAULT_DOMAIN_NAME | |
remove_account ${USER_PREFIX}4 ${PROJECT_PREFIX}4 admin $TEST_DOMAIN | |
remove_account ${USER_PREFIX}5 ${PROJECT_PREFIX}5 swiftservice $DEFAULT_DOMAIN_NAME | |
$($OS_CMD role delete swiftservice) | |
else | |
# create a non-admin role for the third account to use | |
role_id=$($OS_CMD role create not_admin_role --or-show -f value -c id) | |
if [ -z $role_id ]; then | |
exit 1 | |
fi | |
echo "Created role swiftservice with id $role_id" | |
# create the 'standard' swift accounts | |
create_account ${USER_PREFIX} testing ${PROJECT_PREFIX} admin $DEFAULT_DOMAIN_NAME | |
create_account ${USER_PREFIX}2 testing2 ${PROJECT_PREFIX}2 admin $DEFAULT_DOMAIN_NAME | |
# no mistake, third user is in first project, but not admin... | |
create_account ${USER_PREFIX}3 testing3 ${PROJECT_PREFIX} not_admin_role $DEFAULT_DOMAIN_NAME | |
# fourth user is in a different domain | |
$OS_CMD domain create --enable $TEST_DOMAIN | |
create_account ${USER_PREFIX}4 testing4 ${PROJECT_PREFIX}4 admin $TEST_DOMAIN | |
# create the 'special service role' (avoiding 'service' which is already used in devstack) | |
role_id=$($OS_CMD role create swiftservice --or-show -f value -c id) | |
if [ -z $role_id ]; then | |
exit 1 | |
fi | |
echo "Created role swiftservice with id $role_id" | |
#create the 'service account' which only has role swiftservice | |
create_account ${USER_PREFIX}5 testing5 ${PROJECT_PREFIX}5 swiftservice $DEFAULT_DOMAIN_NAME | |
fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment