commit 4599fd174c0c10f3a7e51ad6cba5d4c74abac207
author Steve Martinelli <stevemar@ca.ibm.com> Thu Mar 12 21:30:58 2015 -0400
committer Steve Martinelli <stevemar@ca.ibm.com> Thu Mar 19 00:59:47 2015 -0400
tree 11179f93e0f88054534f8b475aa2ad482530a69a
parent 5e159edab375ed950cc5c91a6c445bbc5541b3c1

Add roles when we create groups

We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.

Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af

functions-common

diff --git a/functions-common b/functions-common
index 4739e42..6769767 100644
--- a/functions-common
+++ b/functions-common
@@ -728,6 +728,27 @@
     echo $user_role_id
 }
 
+# Gets or adds group role to project
+# Usage: get_or_add_group_project_role <role> <group> <project>
+function get_or_add_group_project_role {
+    # Gets group role id
+    local group_role_id=$(openstack role list \
+        --group $2 \
+        --project $3 \
+        --column "ID" \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$group_role_id" ]]; then
+        # Adds role to group
+        group_role_id=$(openstack role add \
+            $1 \
+            --group $2 \
+            --project $3 \
+            | grep " id " | get_field 2)
+    fi
+    echo $group_role_id
+}
+
 # Gets or creates service
 # Usage: get_or_create_service <name> <type> <description>
 function get_or_create_service {

lib/keystone

diff --git a/lib/keystone b/lib/keystone
index c9433d9..acc8c2c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -362,6 +362,12 @@
 # demo                 demo       Member, anotherrole
 # invisible_to_admin   demo       Member
 
+# Group                Users      Roles                 Tenant
+# ------------------------------------------------------------------
+# admins               admin      admin                 admin
+# nonadmin             demo       Member, anotherrole   demo
+
+
 # Migrated from keystone_data.sh
 function create_keystone_accounts {
 
@@ -403,8 +409,14 @@
     get_or_add_user_project_role $another_role $demo_user $demo_tenant
     get_or_add_user_project_role $member_role $demo_user $invis_tenant
 
-    get_or_create_group "developers" "default" "openstack developers"
-    get_or_create_group "testers" "default"
+    local admin_group=$(get_or_create_group "admins" \
+        "default" "openstack admin group")
+    local non_admin_group=$(get_or_create_group "nonadmins" \
+        "default" "non-admin group")
+
+    get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $admin_role $admin_group $admin_tenant
 
     # Keystone
     if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then