commit 4ce859ab2b99e68ce937c9c9df83d9270c8ef9fb
author Steve Martinelli <stevemar@ca.ibm.com> Sun Dec 20 01:27:30 2015 -0500
committer Steve Martinelli <stevemar@ca.ibm.com> Sun Dec 20 01:27:30 2015 -0500
tree 762f2168ff84b832c5e2d197ca766a5cbe3eefc5
parent 1adb2e1c119c0862d2661f2492a9352257954c4a

update create_heat_accounts, don't use os_url and os_token

Currently, the function create_heat_accounts uses the OS_URL and
OS_TOKEN environment variables. This is a bad choice for several
reasons, most importantly we are sending the "ADMIN_TOKEN" value
as a header. There is also no reason to not use a standard admin
user to create these resources.

Change-Id: I70b41d69917b9e53ad09c2c61e022ef09a50acfd

lib/heat

diff --git a/lib/heat b/lib/heat
index fdcf5bc..ff196f4 100644
--- a/lib/heat
+++ b/lib/heat
@@ -402,28 +402,13 @@
     fi
 
     if [[ "$HEAT_STACK_DOMAIN" == "True" ]]; then
-        # Note we have to pass token/endpoint here because the current endpoint and
-        # version negotiation in OSC means just --os-identity-api-version=3 won't work
-        D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
-            --os-identity-api-version=3 domain list | grep ' heat ' | get_field 1)
-
-        if [[ -z "$D_ID" ]]; then
-            D_ID=$(openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
-                --os-identity-api-version=3 domain create heat \
-                --description "Owns users and projects created by heat" \
-                | grep ' id ' | get_field 2)
-            iniset $HEAT_CONF DEFAULT stack_user_domain_id ${D_ID}
-
-            openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
-                --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
-                --domain $D_ID heat_domain_admin \
-                --description "Manages users and projects created by heat"
-            openstack --os-token $OS_TOKEN --os-url=$KEYSTONE_SERVICE_URI_V3 \
-                --os-identity-api-version=3 role add \
-                --user heat_domain_admin --domain ${D_ID} admin
-            iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
-            iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
-        fi
+        # domain -> heat and user -> heat_domain_admin
+        domain_id=$(get_or_create_domain heat 'Owns users and projects created by heat')
+        iniset $HEAT_CONF DEFAULT stack_user_domain_id ${domain_id}
+        get_or_create_user heat_domain_admin $SERVICE_PASSWORD heat
+        get_or_add_user_domain_role admin heat_domain_admin heat
+        iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
+        iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
     fi
 }