We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.
Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
... | ... |
@@ -728,6 +728,27 @@ function get_or_add_user_project_role { |
728 | 728 |
echo $user_role_id |
729 | 729 |
} |
730 | 730 |
|
731 |
+# Gets or adds group role to project |
|
732 |
+# Usage: get_or_add_group_project_role <role> <group> <project> |
|
733 |
+function get_or_add_group_project_role { |
|
734 |
+ # Gets group role id |
|
735 |
+ local group_role_id=$(openstack role list \ |
|
736 |
+ --group $2 \ |
|
737 |
+ --project $3 \ |
|
738 |
+ --column "ID" \ |
|
739 |
+ --column "Name" \ |
|
740 |
+ | grep " $1 " | get_field 1) |
|
741 |
+ if [[ -z "$group_role_id" ]]; then |
|
742 |
+ # Adds role to group |
|
743 |
+ group_role_id=$(openstack role add \ |
|
744 |
+ $1 \ |
|
745 |
+ --group $2 \ |
|
746 |
+ --project $3 \ |
|
747 |
+ | grep " id " | get_field 2) |
|
748 |
+ fi |
|
749 |
+ echo $group_role_id |
|
750 |
+} |
|
751 |
+ |
|
731 | 752 |
# Gets or creates service |
732 | 753 |
# Usage: get_or_create_service <name> <type> <description> |
733 | 754 |
function get_or_create_service { |
... | ... |
@@ -362,6 +362,12 @@ function configure_keystone_extensions { |
362 | 362 |
# demo demo Member, anotherrole |
363 | 363 |
# invisible_to_admin demo Member |
364 | 364 |
|
365 |
+# Group Users Roles Tenant |
|
366 |
+# ------------------------------------------------------------------ |
|
367 |
+# admins admin admin admin |
|
368 |
+# nonadmin demo Member, anotherrole demo |
|
369 |
+ |
|
370 |
+ |
|
365 | 371 |
# Migrated from keystone_data.sh |
366 | 372 |
function create_keystone_accounts { |
367 | 373 |
|
... | ... |
@@ -403,8 +409,14 @@ function create_keystone_accounts { |
403 | 403 |
get_or_add_user_project_role $another_role $demo_user $demo_tenant |
404 | 404 |
get_or_add_user_project_role $member_role $demo_user $invis_tenant |
405 | 405 |
|
406 |
- get_or_create_group "developers" "default" "openstack developers" |
|
407 |
- get_or_create_group "testers" "default" |
|
406 |
+ local admin_group=$(get_or_create_group "admins" \ |
|
407 |
+ "default" "openstack admin group") |
|
408 |
+ local non_admin_group=$(get_or_create_group "nonadmins" \ |
|
409 |
+ "default" "non-admin group") |
|
410 |
+ |
|
411 |
+ get_or_add_group_project_role $member_role $non_admin_group $demo_tenant |
|
412 |
+ get_or_add_group_project_role $another_role $non_admin_group $demo_tenant |
|
413 |
+ get_or_add_group_project_role $admin_role $admin_group $admin_tenant |
|
408 | 414 |
|
409 | 415 |
# Keystone |
410 | 416 |
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then |