Add roles when we create groups
We should prime the groups that were created with some roles on
projects. Eventually we can add users directly to the groups
and not have to resort to individual user assignments.
Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
diff --git a/lib/keystone b/lib/keystone
index c9433d9..acc8c2c 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -362,6 +362,12 @@
# demo demo Member, anotherrole
# invisible_to_admin demo Member
+# Group Users Roles Tenant
+# ------------------------------------------------------------------
+# admins admin admin admin
+# nonadmin demo Member, anotherrole demo
+
+
# Migrated from keystone_data.sh
function create_keystone_accounts {
@@ -403,8 +409,14 @@
get_or_add_user_project_role $another_role $demo_user $demo_tenant
get_or_add_user_project_role $member_role $demo_user $invis_tenant
- get_or_create_group "developers" "default" "openstack developers"
- get_or_create_group "testers" "default"
+ local admin_group=$(get_or_create_group "admins" \
+ "default" "openstack admin group")
+ local non_admin_group=$(get_or_create_group "nonadmins" \
+ "default" "non-admin group")
+
+ get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
+ get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+ get_or_add_group_project_role $admin_role $admin_group $admin_tenant
# Keystone
if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then