heat-keystone-setup workaround keystone arg syntax

Keystone user-role-add syntax is not the same on essex
and folsom, so try both formats so we can work with either
Removes potentially unreliable approach to detecting keystone
version, and also avoids error on folsom when the user already
has the specified role

Fixes #272

Change-Id: Iece52223a29069a1fd517018cc49613be6fac318
Signed-off-by: Steven Hardy <shardy@redhat.com>

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index 74691bd0b883251ca91a3ef37ccb6657898ad1e0..e3cc784111dd9d164416f7ace26d5fb897485cc6 100755 (executable)
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -72,23 +72,37 @@ get_user() {
     fi
 }
 
-ver=`nova-manage version list | cut -d . -f1`
-if [ $ver -lt 2013 ]; then
-    user_arg=user
-    role_arg=role
-else
-    user_arg=user_id
-    role_arg=role_id
-fi
-
 add_role() {
     local user_id=$1
     local tenant=$2
     local role_id=$3
-
-    keystone user-role-add --tenant_id $tenant \
-                           --$user_arg $user_id \
-                           --$role_arg $role_id
+    local username=$4
+
+    # The keystone argument format changed between essex and folsom
+    # so we use the fact that the folsom keystone version has a new
+    # option "user-role-list" to detect we're on that newer version
+    # This also allows us to detect when the user already has the
+    # requested role_id, preventing an error on folsom
+    user_roles=$(keystone --os-username $username\
+                          --os-tenant-id $tenant\
+                          user-role-list 2>/dev/null)
+    if [ $? == 0 ]; then
+        # Folsom
+        existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
+        if [ -n "$existing_role" ]
+        then
+            echo "User $username already has role $role_id" >&2
+            return
+        fi
+        keystone user-role-add --tenant_id $tenant \
+                           --user_id $user_id \
+                           --role_id $role_id
+    else
+        # Essex
+        keystone user-role-add --tenant_id $tenant \
+                               --user $user_id \
+                               --role $role_id
+    fi
 }
 
 get_endpoint() {
@@ -176,9 +190,10 @@ echo SERVICE_TENANT $SERVICE_TENANT
 echo SERVICE_PASSWORD $SERVICE_PASSWORD
 echo SERVICE_TOKEN $SERVICE_TOKEN
 
-HEAT_USER=$(get_user heat)
-echo HEAT_USER $HEAT_USER
-add_role $HEAT_USER $SERVICE_TENANT $ADMIN_ROLE
+HEAT_USERNAME="heat"
+HEAT_USERID=$(get_user $HEAT_USERNAME)
+echo HEAT_USERID $HEAT_USERID
+add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")