heat-keystone-setup add instance role

Add "heat_instance" role which we will assign all "instance users"
to in the engine when we create them

Ref #279

Change-Id: If7cc07c605f7696c1e9f617dbfca1b81d5b04196
Signed-off-by: Steven Hardy <shardy@redhat.com>

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index e3cc784111dd9d164416f7ace26d5fb897485cc6..7fb740069cf5c058bcbba8708b365ad584b6c974 100755 (executable)
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -105,6 +105,18 @@ add_role() {
     fi
 }
 
+create_role() {
+    local role_name=$1
+
+    role_id=$(get_data 2 $role_name 1 keystone role-list)
+    if [ -n "$role_id" ]
+    then
+        echo "Role $role_name already exists : $role_id" >&2
+    else
+        keystone role-create --name $role_name
+    fi
+}
+
 get_endpoint() {
     local service_type=$1
 
@@ -195,6 +207,10 @@ HEAT_USERID=$(get_user $HEAT_USERNAME)
 echo HEAT_USERID $HEAT_USERID
 add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
+# Create a special role which "instance users" are assigned to
+INSTANCE_ROLE="heat_instance"
+create_role $INSTANCE_ROLE
+
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")
 add_endpoint $HEAT_CFN_SERVICE 'http://localhost:8000/v1'