4 # Copyright (C) 2014 Wind River Systems, Inc.
6 # The identity.sh provides utilities for services to add tenant/role/users,
7 # and service/endpoints into keystone database
10 # Use shared secret for authentication before any user created.
11 export OS_SERVICE_TOKEN="password"
12 export OS_SERVICE_ENDPOINT="http://localhost:35357/v2.0"
16 # Shortcut function to get a newly generated ID
17 function get_field () {
19 if [ "$1" -lt 0 ]; then
24 echo "$data" | awk -F'[ \t]*\\|[ \t]*' "{print $field}"
31 echo "Usage: $0 <subcommand> ..."
33 echo "Keystone CLI wrapper to create tenant/user/role, and service/endpoint."
34 echo "It uses the default tenant, user and password from environment variables"
35 echo "(OS_TENANT_NAME, OS_USERNAME, OS_PASSWORD) to authenticate with keystone."
37 echo "Positional arguments:"
40 echo " service-create"
42 echo "See \"identity.sh help COMMAND\" for help on a specific command."
48 echo "Usage: $0 $2 [--name=<name>] [--type=<type>] [--description=<description>] [--region=<region>] [--publicurl=<public url>] [--adminurl=<admin url>] [--internalurl=<internal url>]"
50 echo "Create service and endpoint in keystone."
54 echo " The name of the service"
56 echo " The type of the service"
57 echo " --description=<description>"
58 echo " Description of the service"
59 echo " --region=<region>"
60 echo " The region of the service"
61 echo " --publicurl=<public url>"
62 echo " Public URL of the service endpoint"
63 echo " --adminurl=<admin url>"
64 echo " Admin URL of the service endpoint"
65 echo " --internalurl=<internal url>"
66 echo " Internal URL of the service endpoint"
69 echo "Usage: $0 $2 [--name=<name>] [--pass=<password>] [--tenant=<tenant>] [--role=<role>] [--email=<email>]"
73 echo " The name of the user"
74 echo " --pass=<password>"
75 echo " The password of the user"
76 echo " --tenant=<tenant>"
77 echo " The tenant of the user belongs to"
79 echo " The role of the user in the <tenant>"
80 echo " --email=<email>"
81 echo " The email of the user"
84 echo "Usage: $0 help <subcommand> ..."
91 # Parse the command line parameters in an map
93 while [ $# -ne 0 ]; do
97 key=`echo $param | cut -d '=' -f 1`
98 key=`echo $key | tr -d '[-*2]'`
99 PARAMS[$key]=`echo $param | cut -d '=' -f 2`
103 # Create tenant/role/user, and add user to the tenant as role
105 # validation checking
106 if [[ "$@" =~ ^--name=.*\ --pass=.*\ --tenant=.*\ --role=.*\ --email=.*$ ]]; then
107 params=`echo "$@" | sed -e 's%--name=\(.*\) --pass=\(.*\) --tenant=\(.*\) --role=\(.*\) --email=\(.*\)%--name=\1|--pass=\2|--tenant=\3|--role=\4|--email=\5%g'`
113 # parse the cmdline parameters
118 echo "Adding user in keystone ..."
120 if [ "x${PARAMS["tenant"]}" != "x" ]; then
121 # check if tenant exist, create it if not
122 TENANT_ID=$(keystone tenant-get ${PARAMS["tenant"]} | grep " id " | get_field 2)
123 if [ "x$TENANT_ID" == "x" ]; then
124 echo "Creating tenant ${PARAMS["tenant"]} in keystone ..."
125 TENANT_ID=$(keystone tenant-create --name=${PARAMS["tenant"]} | grep " id " | get_field 2)
131 if [ "x${PARAMS["role"]}" != "x" ]; then
132 # check if role exist, create it if not
133 ROLE_ID=$(keystone role-get ${PARAMS["role"]} | grep " id " | get_field 2)
134 if [ "x$ROLE_ID" == "x" ]; then
135 echo "Creating role ${PARAMS["role"]} in keystone ..."
136 ROLE_ID=$(keystone role-create --name=${PARAMS["role"]} | grep " id " | get_field 2)
142 if [ "x${PARAMS["name"]}" != "x" ]; then
143 # check if user exist, create it if not
144 USER_ID=$(keystone user-get ${PARAMS["name"]} | grep " id " | get_field 2)
145 if [ "x$USER_ID" == "x" ]; then
146 echo "Creating user ${PARAMS["name"]} in keystone ..."
147 USER_ID=$(keystone user-create --name=${PARAMS["name"]} --pass=${PARAMS["pass"]} --tenant-id $TENANT_ID --email=${PARAMS["email"]} | grep " id " | get_field 2)
153 if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ] && [ "x$ROLE_ID" != "x" ]; then
154 # add the user to the tenant as role
155 keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID | grep $ROLE_ID &> /dev/null
156 if [ $? -eq 1 ]; then
157 echo "Adding user ${PARAMS["name"]} in tenant ${PARAMS["tenant"]} as ${PARAMS["role"]} ..."
158 keystone user-role-add --tenant-id $TENANT_ID --user-id $USER_ID --role-id $ROLE_ID
162 if [ "x$USER_ID" != "x" ] && [ "x$TENANT_ID" != "x" ]; then
163 echo "User ${PARAMS["name"]} in Tenant ${PARAMS["tenant"]} role list:"
164 keystone user-role-list --user-id $USER_ID --tenant-id $TENANT_ID
168 # Create service and its endpoint
170 # validation checking
171 if [[ "$@" =~ ^--name=.*\ --type=.*\ --description=.*\ --region=.*\ --publicurl=.*\ --adminurl=.*\ --internalurl=.*$ ]]; then
172 params=`echo "$@" | sed -e 's%--name=\(.*\) --type=\(.*\) --description=\(.*\) --region=\(.*\) --publicurl=\(.*\) --adminurl=\(.*\) --internalurl=\(.*\)%--name=\1|--type=\2|--description=\3|--region=\4|--publicurl=\5|--adminurl=\6|--internalurl=\7%g'`
178 # parse the cmdline parameters
183 echo "Creating service in keystone ..."
185 if [ "x${PARAMS["name"]}" != "x" ]; then
186 # check if service already created, create it if not
187 SERVICE_ID=$(keystone service-get ${PARAMS["name"]} | grep " id " | get_field 2)
188 if [ "x$SERVICE_ID" == "x" ]; then
189 echo "Adding service ${PARAMS["name"]} in keystone ..."
190 SERVICE_ID=$(keystone service-create --name ${PARAMS["name"]} --type ${PARAMS["type"]} --description "${PARAMS["description"]}" | grep " id " | get_field 2)
193 keystone service-list
196 if [ "x$SERVICE_ID" != "x" ]; then
197 # create its endpoint
198 keystone endpoint-list | grep $SERVICE_ID | grep ${PARAMS["region"]} | grep ${PARAMS["publicurl"]} | grep ${PARAMS["adminurl"]} | grep ${PARAMS["internalurl"]}
199 if [ $? -eq 1 ]; then
200 echo "Creating endpoint for ${PARAMS["name"]} in keystone ..."
201 keystone endpoint-create --region ${PARAMS["region"]} --service-id $SERVICE_ID --publicurl ${PARAMS["publicurl"]} --adminurl ${PARAMS["adminurl"]} --internalurl ${PARAMS["internalurl"]}
203 echo "Endpoints list:"
204 keystone endpoint-list