From: Steven Hardy <shardy@redhat.com>
Date: Thu, 25 Oct 2012 09:16:29 +0000 (+0100)
Subject: heat-keystone-setup add instance role
X-Git-Tag: 2014.1~1271
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=4743749b80593878ac85bc1aa2d844b606cda6b0;p=openstack-build%2Fheat-build.git

heat-keystone-setup add instance role

Add "heat_instance" role which we will assign all "instance users"
to in the engine when we create them

Ref #279

Change-Id: If7cc07c605f7696c1e9f617dbfca1b81d5b04196
Signed-off-by: Steven Hardy <shardy@redhat.com>
---

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index e3cc7841..7fb74006 100755
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -105,6 +105,18 @@ add_role() {
     fi
 }
 
+create_role() {
+    local role_name=$1
+
+    role_id=$(get_data 2 $role_name 1 keystone role-list)
+    if [ -n "$role_id" ]
+    then
+        echo "Role $role_name already exists : $role_id" >&2
+    else
+        keystone role-create --name $role_name
+    fi
+}
+
 get_endpoint() {
     local service_type=$1
 
@@ -195,6 +207,10 @@ HEAT_USERID=$(get_user $HEAT_USERNAME)
 echo HEAT_USERID $HEAT_USERID
 add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
+# Create a special role which "instance users" are assigned to
+INSTANCE_ROLE="heat_instance"
+create_role $INSTANCE_ROLE
+
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")
 add_endpoint $HEAT_CFN_SERVICE 'http://localhost:8000/v1'