Created
December 14, 2023 12:41
-
-
Save gnuoy/6d61610f31d4844995db84a1a6dd9e61 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
sudo snap install yq | |
tmpfile=$(mktemp /tmp/action-out.XXXXXX) | |
tmpfile_ca=$(mktemp /tmp/ca.XXXXXX) | |
juju run openidc-server/0 get-test-client-data --format json > $tmpfile | |
URL=$(cat $tmpfile | yq '.openidc-server/0.results.url') | |
CERT=$(cat $tmpfile | yq '.openidc-server/0.results.ca') | |
CLIENT=$(cat $tmpfile | yq '.openidc-server/0.results.client') | |
CLIENT_SECRET=$(cat $tmpfile | yq '.openidc-server/0.results.client-secret') | |
USER=$(cat $tmpfile | yq '.openidc-server/0.results.user') | |
PASSWORD=$(cat $tmpfile | yq '.openidc-server/0.results.password') | |
juju config keystone-openidc oidc-provider-metadata-url=$URL | |
juju config keystone-openidc tls-ca="$CERT" | |
juju config keystone-openidc oidc-client-id=$CLIENT | |
juju config keystone-openidc oidc-client-secret=$CLIENT_SECRET | |
KEYSTONE_IP=$(juju status | awk '/^keystone\s/ {print $7}') | |
PROJECT_NAME="${USER}_project" | |
FEDERATED_DOMAIN="federated_domain" | |
CA_FILE="/home/ubuntu/ca.pem" | |
echo "$CERT" > $CA_FILE | |
echo " | |
export OS_AUTH_TYPE=v3oidcpassword | |
export OS_DISCOVERY_ENDPOINT=\"$URL\" | |
export OS_OPENID_SCOPE=\"openid email profile\" | |
export OS_CLIENT_ID=\"$CLIENT\" | |
export OS_CLIENT_SECRET=\"$CLIENT_SECRET\" | |
export OS_IDENTITY_PROVIDER=openid | |
export OS_PROTOCOL=openid | |
export OS_USERNAME=\"$USER\" | |
export OS_PASSWORD=\"$PASSWORD\" | |
export OS_AUTH_URL=\"http://${KEYSTONE_IP}:5000/v3\" | |
export OS_PROJECT_DOMAIN_NAME=\"${FEDERATED_DOMAIN}\" | |
export OS_PROJECT_NAME=\"$PROJECT_NAME\" | |
export OS_CACERT=\"$CA_FILE\" | |
" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment