Skip to content

Commit ae60498

Browse files
sleepsonthefloorsleepsonthefloor
committed
Remove references to deprecated ec2 authorizor.
 * remove replace_pipeline * removes references to sysadmin and netadmin roles * removes references to admin ec2 api * fixes bug 953744 * related fix in nova: https://review.openstack.org/#change,5024 Change-Id: I8792dae0157b8596a5f946670742411781fe47c0
1 parent df0972c commit ae60498

File tree

2 files changed

+5
-14
lines changed

2 files changed

+5
-14
lines changed

files/keystone_data.sh

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@
1010
# service quantum admin # if enabled
1111
# service swift admin # if enabled
1212
# demo admin admin
13-
# demo demo Member,sysadmin,netadmin
13+
# demo demo Member,anotherrole
1414
# invisible_to_admin demo Member
1515
#
1616
# Variables set before calling this script:
@@ -50,15 +50,15 @@ DEMO_USER=$(get_id keystone user-create --name=demo \
5050
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
5151
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
5252
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)
53-
SYSADMIN_ROLE=$(get_id keystone role-create --name=sysadmin)
54-
NETADMIN_ROLE=$(get_id keystone role-create --name=netadmin)
53+
# ANOTHER_ROLE demonstrates that an arbitrary role may be created and used
54+
# TODO(sleepsonthefloor): show how this can be used for rbac in the future!
55+
ANOTHER_ROLE=$(get_id keystone role-create --name=anotherrole)
5556

5657

5758
# Add Roles to Users in Tenants
5859
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
5960
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
60-
keystone user-role-add --user $DEMO_USER --role $SYSADMIN_ROLE --tenant_id $DEMO_TENANT
61-
keystone user-role-add --user $DEMO_USER --role $NETADMIN_ROLE --tenant_id $DEMO_TENANT
61+
keystone user-role-add --user $DEMO_USER --role $ANOTHER_ROLE --tenant_id $DEMO_TENANT
6262

6363
# TODO(termie): these two might be dubious
6464
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT

stack.sh

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -906,15 +906,6 @@ if is_service_enabled n-api; then
906906
s,%SERVICE_TENANT_NAME%,$SERVICE_TENANT_NAME,g;
907907
s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g;
908908
" -i $NOVA_CONF_DIR/api-paste.ini
909-
910-
# Finally, change the Nova pipelines to use Keystone
911-
function replace_pipeline() {
912-
sed "/\[pipeline:$1\]/,/\[/s/^pipeline = .*/pipeline = $2/" -i $NOVA_CONF_DIR/api-paste.ini
913-
}
914-
replace_pipeline "ec2cloud" "ec2faultwrap logrequest totoken authtoken keystonecontext cloudrequest authorizer validator ec2executor"
915-
replace_pipeline "ec2admin" "ec2faultwrap logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor"
916-
replace_pipeline "openstack_compute_api_v2" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_compute_app_v2"
917-
replace_pipeline "openstack_volume_api_v1" "faultwrap authtoken keystonecontext $OSAPI_RATE_LIMIT osapi_volume_app_v1"
918909
fi
919910

920911
# Helper to clean iptables rules

0 commit comments

Comments
 (0)