Browse code
Create stack_domain_admin user
Create an additional service user for Heat, which is a domain admin
for the stack_user_domain - this is necessary since the normal service
user cannot manage the projects/users in the stack_user_domain when
keystone is configured to use the v3cloudsample policy (such as in
gate integration tests).
Change-Id: If59c11a74145b9bd02f78a7e0882afe1b0a72e40
Steven Hardy authored on 2014/02/25 03:09:10Showing 1 changed files
| ... | ... |
@@ -207,6 +207,16 @@ function create_heat_accounts() {
|
| 207 | 207 |
--description "Owns users and projects created by heat" \ |
| 208 | 208 |
| grep ' id ' | get_field 2) |
| 209 | 209 |
iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
|
| 210 |
+ |
|
| 211 |
+ openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ |
|
| 212 |
+ --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \ |
|
| 213 |
+ --domain $D_ID heat_domain_admin \ |
|
| 214 |
+ --description "Manages users and projects created by heat" |
|
| 215 |
+ openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \ |
|
| 216 |
+ --os-identity-api-version=3 role add \ |
|
| 217 |
+ --user ${U_ID} --domain ${D_ID} admin
|
|
| 218 |
+ iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin |
|
| 219 |
+ iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD |
|
| 210 | 220 |
} |
| 211 | 221 |
|
| 212 | 222 |
# Restore xtrace |