Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Heat OS::Keystone::User return user name not just user id

I'm attempting to create a user inside of a heat stack, give that user read access to a swift container and then build some servers that pull content out of the swift container. Seems simple enough, right?

The first issue arises when I try to build a curl GET against swift using the user id and password. For whatever reason OSP10 requires v2 keystone tokens to use swift. I suppose there is a chance I could use tempURLs here, but haven't followed up on that.

So here is how I pull down my token, and then list the contents of a container (and then download)

publicURL="http://<someURL>:8080/v1/AUTH_05c<etc>"

OUTPUT=$(curl -sS -d '
{ "auth":
  { "tenantName": "admin", 
    "passwordCredentials": 
      { "username": "foo-stackuser1", "password": "<somepassword>" }
  }
}' -H "Content-type: application/json" http://<someURL>:5000/v2.0/tokens | jq --raw-output '.access.token.id')

curl -X GET -i $publicURL/c1 -H "X-Auth-Token: ${OUTPUT}"

Keep in mind here, that the v2 api's don't let me use a userid for passwordCredentials v2 api found here

The heat stack that's generating the foo-stackuser1 looks like this,

heat_template_version: 2013-05-23

description: Sample Keystone User template

parameters:
  user_password:
    type: string
    description: Keystone user password

resources:
  admin_user:
    type: OS::Keystone::User
    properties:
      name: foo-stackuser1
      domain: default
      password: {get_param: user_password}
      default_project: admin
      roles:
        - role: _member_
          project: admin
outputs:
  admin_user_id:
    value: {get_resource: admin_user}

The thing is, I'm really not interested in hard-setting the foo-stackuser and I'd prefer to nix the name: field entirely. However, I can't find a way to get the return value of admin_user to include the username (only the user id).