This patch adds an admin role assignment for the admin user on
the default domain as part of the Keystone configuration stage.
Closes-Bug: #1494081
Change-Id: I91c88917bd51be4572e4970c94e65d866798df26
... | ... |
@@ -803,6 +803,38 @@ function get_or_add_user_project_role { |
803 | 803 |
echo $user_role_id |
804 | 804 |
} |
805 | 805 |
|
806 |
+# Gets or adds user role to domain |
|
807 |
+# Usage: get_or_add_user_domain_role <role> <user> <domain> |
|
808 |
+function get_or_add_user_domain_role { |
|
809 |
+ local user_role_id |
|
810 |
+ # Gets user role id |
|
811 |
+ user_role_id=$(openstack role list \ |
|
812 |
+ --user $2 \ |
|
813 |
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
814 |
+ --os-identity-api-version=3 \ |
|
815 |
+ --column "ID" \ |
|
816 |
+ --domain $3 \ |
|
817 |
+ --column "Name" \ |
|
818 |
+ | grep " $1 " | get_field 1) |
|
819 |
+ if [[ -z "$user_role_id" ]]; then |
|
820 |
+ # Adds role to user and get it |
|
821 |
+ openstack role add $1 \ |
|
822 |
+ --user $2 \ |
|
823 |
+ --domain $3 \ |
|
824 |
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
825 |
+ --os-identity-api-version=3 |
|
826 |
+ user_role_id=$(openstack role list \ |
|
827 |
+ --user $2 \ |
|
828 |
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \ |
|
829 |
+ --os-identity-api-version=3 \ |
|
830 |
+ --column "ID" \ |
|
831 |
+ --domain $3 \ |
|
832 |
+ --column "Name" \ |
|
833 |
+ | grep " $1 " | get_field 1) |
|
834 |
+ fi |
|
835 |
+ echo $user_role_id |
|
836 |
+} |
|
837 |
+ |
|
806 | 838 |
# Gets or adds group role to project |
807 | 839 |
# Usage: get_or_add_group_project_role <role> <group> <project> |
808 | 840 |
function get_or_add_group_project_role { |
... | ... |
@@ -364,6 +364,7 @@ function create_keystone_accounts { |
364 | 364 |
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default) |
365 | 365 |
local admin_role=$(get_or_create_role "admin") |
366 | 366 |
get_or_add_user_project_role $admin_role $admin_user $admin_tenant |
367 |
+ get_or_add_user_domain_role $admin_role $admin_user default |
|
367 | 368 |
|
368 | 369 |
# Create service project/role |
369 | 370 |
get_or_create_project "$SERVICE_TENANT_NAME" default |