Merge "Assign admin role for admin user on default domain"
diff --git a/functions-common b/functions-common
index 361d27c..c6bf648 100644
--- a/functions-common
+++ b/functions-common
@@ -896,6 +896,38 @@
echo $user_role_id
}
+# Gets or adds user role to domain
+# Usage: get_or_add_user_domain_role <role> <user> <domain>
+function get_or_add_user_domain_role {
+ local user_role_id
+ # Gets user role id
+ user_role_id=$(openstack role list \
+ --user $2 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --column "ID" \
+ --domain $3 \
+ --column "Name" \
+ | grep " $1 " | get_field 1)
+ if [[ -z "$user_role_id" ]]; then
+ # Adds role to user and get it
+ openstack role add $1 \
+ --user $2 \
+ --domain $3 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3
+ user_role_id=$(openstack role list \
+ --user $2 \
+ --os-url=$KEYSTONE_SERVICE_URI_V3 \
+ --os-identity-api-version=3 \
+ --column "ID" \
+ --domain $3 \
+ --column "Name" \
+ | grep " $1 " | get_field 1)
+ fi
+ echo $user_role_id
+}
+
# Gets or adds group role to project
# Usage: get_or_add_group_project_role <role> <group> <project>
function get_or_add_group_project_role {
diff --git a/lib/keystone b/lib/keystone
index 733f1bb..057bb47 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -332,6 +332,7 @@
local admin_role
admin_role=$(get_or_create_role "admin")
get_or_add_user_project_role $admin_role $admin_user $admin_tenant
+ get_or_add_user_domain_role $admin_role $admin_user default
# Create service project/role
get_or_create_project "$SERVICE_TENANT_NAME" default