Assign admin role for admin user on default domain
This patch adds an admin role assignment for the admin user on
the default domain as part of the Keystone configuration stage.
Closes-Bug: #1494081
Change-Id: I91c88917bd51be4572e4970c94e65d866798df26
diff --git a/functions-common b/functions-common
index 446de53..c38a772 100644
--- a/functions-common
+++ b/functions-common
@@ -803,6 +803,38 @@
echo $user_role_id
}
+# Gets or adds user role to domain
+# Usage: get_or_add_user_domain_role <role> <user> <domain>
+function get_or_add_user_domain_role {
+ local user_role_id
+ # Gets user role id
+ user_role_id=$(openstack role list \
+ --user $2 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --column "ID" \
+ --domain $3 \
+ --column "Name" \
+ | grep " $1 " | get_field 1)
+ if [[ -z "$user_role_id" ]]; then
+ # Adds role to user and get it
+ openstack role add $1 \
+ --user $2 \
+ --domain $3 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3
+ user_role_id=$(openstack role list \
+ --user $2 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --column "ID" \
+ --domain $3 \
+ --column "Name" \
+ | grep " $1 " | get_field 1)
+ fi
+ echo $user_role_id
+}
+
# Gets or adds group role to project
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
diff --git a/lib/keystone b/lib/keystone
index e2448c9..b15abe1 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -364,6 +364,7 @@
local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
local admin_role=$(get_or_create_role "admin")
get_or_add_user_project_role $admin_role $admin_user $admin_tenant
+ get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
get_or_create_project "$SERVICE_TENANT_NAME" default