Browse code
pass role by name not id
Change-Id: Ie67758bed3563c9a46a5180eaa9c8d47721fffd8
Sean Dague authored on 2017/02/09 01:24:31Showing 1 changed files
| ... | ... |
@@ -384,8 +384,7 @@ function create_keystone_accounts {
|
| 384 | 384 |
admin_project=$(openstack project show "admin" -f value -c id) |
| 385 | 385 |
local admin_user |
| 386 | 386 |
admin_user=$(openstack user show "admin" -f value -c id) |
| 387 |
- local admin_role |
|
| 388 |
- admin_role=$(openstack role show "admin" -f value -c id) |
|
| 387 |
+ local admin_role="admin" |
|
| 389 | 388 |
|
| 390 | 389 |
get_or_add_user_domain_role $admin_role $admin_user default |
| 391 | 390 |
|
| ... | ... |
@@ -403,13 +402,20 @@ function create_keystone_accounts {
|
| 403 | 403 |
get_or_create_role ResellerAdmin |
| 404 | 404 |
|
| 405 | 405 |
# The Member role is used by Horizon and Swift so we need to keep it: |
| 406 |
- local member_role |
|
| 407 |
- member_role=$(get_or_create_role "Member") |
|
| 406 |
+ local member_role="member" |
|
| 407 |
+ |
|
| 408 |
+ # Captial Member role is legacy hard coded in Horizon / Swift |
|
| 409 |
+ # configs. Keep it around. |
|
| 410 |
+ get_or_create_role "Member" |
|
| 411 |
+ |
|
| 412 |
+ # The reality is that the rest of the roles listed below honestly |
|
| 413 |
+ # should work by symbolic names. |
|
| 414 |
+ get_or_create_role $member_role |
|
| 408 | 415 |
|
| 409 | 416 |
# another_role demonstrates that an arbitrary role may be created and used |
| 410 | 417 |
# TODO(sleepsonthefloor): show how this can be used for rbac in the future! |
| 411 |
- local another_role |
|
| 412 |
- another_role=$(get_or_create_role "anotherrole") |
|
| 418 |
+ local another_role="anotherrole" |
|
| 419 |
+ get_or_create_role $another_role |
|
| 413 | 420 |
|
| 414 | 421 |
# invisible project - admin can't see this one |
| 415 | 422 |
local invis_project |