From 89358afe3598cc5d4636f050deeacf8c5cc2354f Mon Sep 17 00:00:00 2001
From: Jesse Andrews <anotherjesse@gmail.com>
Date: Sun, 2 Oct 2011 14:11:17 -0400
Subject: [PATCH] don't use secrete as admin password - fixes #34

---
 files/keystone_data.sh | 12 +++++++-----
 stack.sh               |  4 ++++
 2 files changed, 11 insertions(+), 5 deletions(-)

diff --git a/files/keystone_data.sh b/files/keystone_data.sh
index cfb4572..f48eaf9 100755
--- a/files/keystone_data.sh
+++ b/files/keystone_data.sh
@@ -6,8 +6,8 @@ $BIN_DIR/keystone-manage $* tenant add demo
 $BIN_DIR/keystone-manage $* tenant add invisible_to_admin
 
 # Users
-$BIN_DIR/keystone-manage $* user add admin secrete
-$BIN_DIR/keystone-manage $* user add demo secrete
+$BIN_DIR/keystone-manage $* user add admin %ADMIN_PASSWORD%
+$BIN_DIR/keystone-manage $* user add demo %ADMIN_PASSWORD%
 
 # Roles
 $BIN_DIR/keystone-manage $* role add Admin
@@ -36,6 +36,8 @@ $BIN_DIR/keystone-manage $* endpointTemplates add RegionOne keystone http://%HOS
 # Tokens
 $BIN_DIR/keystone-manage $* token add %SERVICE_TOKEN% admin admin 2015-02-05T00:00
 
-# EC2 related creds
-$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin:admin' admin admin || echo "no support for adding credentials"
-$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo:demo' demo demo || echo "no support for adding credentials"
+# EC2 related creds - note we are setting the token to user_password
+# but keystone doesn't parse them - it is just a blob from keystone's 
+# point of view
+$BIN_DIR/keystone-manage $* credentials add admin EC2 'admin_%ADMIN_PASSWORD%' admin admin || echo "no support for adding credentials"
+$BIN_DIR/keystone-manage $* credentials add demo EC2 'demo_%ADMIN_PASSWORD%' demo demo || echo "no support for adding credentials"
diff --git a/stack.sh b/stack.sh
index 27ea5ec..07b323b 100755
--- a/stack.sh
+++ b/stack.sh
@@ -147,6 +147,7 @@ GLANCE_HOSTPORT=${GLANCE_HOSTPORT:-$HOST_IP:9292}
 # Service Token - Openstack components need to have an admin token
 # to validate user tokens.
 SERVICE_TOKEN=${SERVICE_TOKEN:-`uuidgen`}
+ADMIN_PASSWORD=${ADMIN_PASSWORD:-`openssl rand -hex 12`}
 
 # Install Packages
 # ================
@@ -415,6 +416,7 @@ if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
     cp $FILES/keystone_data.sh $KEYSTONE_DATA
     sudo sed -e "s,%HOST_IP%,$HOST_IP,g" -i $KEYSTONE_DATA
     sudo sed -e "s,%SERVICE_TOKEN%,$SERVICE_TOKEN,g" -i $KEYSTONE_DATA
+    sudo sed -e "s,%ADMIN_PASSWORD%,$ADMIN_PASSWORD,g" -i $KEYSTONE_DATA
     # initialize keystone with default users/endpoints
     BIN_DIR=$KEYSTONE_DIR/bin bash $KEYSTONE_DATA
 fi
@@ -513,6 +515,8 @@ fi
 if [[ "$ENABLED_SERVICES" =~ "key" ]]; then
     echo "keystone is serving at http://$HOST_IP:5000/v2.0/"
     echo "examples on using novaclient command line is in exercise.sh"
+    echo "the default users are: admin and demo"
+    echo "the password: $ADMIN_PASSWORD"
 fi
 
 # Summary