From f0a9affcaf25b5b53b465b96a5afddf560703d95 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dirk@dmllr.de>
Date: Sat, 18 May 2013 16:10:10 +0200
Subject: Require keystone-user/-group for pki_setup

If pki_setup is run as root, require the keystone-user
and keystone-group parameter to be set, to enforce
the proper permissions to be created on the files.

This follows a suggestion in the Bugreport.

Fixes LP Bug #1031372

Change-Id: I00d9e0499d16716af3267914b6b78841f1ad1e0f
---
 keystone/cli.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/keystone/cli.py b/keystone/cli.py
index b635878e..f3e62f1c 100644
--- a/keystone/cli.py
+++ b/keystone/cli.py
@@ -17,6 +17,7 @@
 from __future__ import absolute_import
 
 import grp
+import os
 import pwd
 
 from oslo.config import cfg
@@ -61,8 +62,9 @@ class BaseCertificateSetup(BaseApp):
     def add_argument_parser(cls, subparsers):
         parser = super(BaseCertificateSetup,
                        cls).add_argument_parser(subparsers)
-        parser.add_argument('--keystone-user')
-        parser.add_argument('--keystone-group')
+        running_as_root = (os.geteuid() == 0)
+        parser.add_argument('--keystone-user', required=running_as_root)
+        parser.add_argument('--keystone-group', required=running_as_root)
         return parser
 
     @staticmethod
-- 
cgit