From f5099e02d5b2f1312f10dd255c11d951c75ce34e Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Wed, 24 Oct 2012 13:48:22 +0100
Subject: [PATCH] heat-keystone-setup workaround keystone arg syntax

Keystone user-role-add syntax is not the same on essex
and folsom, so try both formats so we can work with either
Removes potentially unreliable approach to detecting keystone
version, and also avoids error on folsom when the user already
has the specified role

Fixes #272

Change-Id: Iece52223a29069a1fd517018cc49613be6fac318
Signed-off-by: Steven Hardy <shardy@redhat.com>
---
 bin/heat-keystone-setup | 47 +++++++++++++++++++++++++++--------------
 1 file changed, 31 insertions(+), 16 deletions(-)

diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup
index 74691bd0..e3cc7841 100755
--- a/bin/heat-keystone-setup
+++ b/bin/heat-keystone-setup
@@ -72,23 +72,37 @@ get_user() {
     fi
 }
 
-ver=`nova-manage version list | cut -d . -f1`
-if [ $ver -lt 2013 ]; then
-    user_arg=user
-    role_arg=role
-else
-    user_arg=user_id
-    role_arg=role_id
-fi
-
 add_role() {
     local user_id=$1
     local tenant=$2
     local role_id=$3
-
-    keystone user-role-add --tenant_id $tenant \
-                           --$user_arg $user_id \
-                           --$role_arg $role_id
+    local username=$4
+
+    # The keystone argument format changed between essex and folsom
+    # so we use the fact that the folsom keystone version has a new
+    # option "user-role-list" to detect we're on that newer version
+    # This also allows us to detect when the user already has the
+    # requested role_id, preventing an error on folsom
+    user_roles=$(keystone --os-username $username\
+                          --os-tenant-id $tenant\
+                          user-role-list 2>/dev/null)
+    if [ $? == 0 ]; then
+        # Folsom
+        existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
+        if [ -n "$existing_role" ]
+        then
+            echo "User $username already has role $role_id" >&2
+            return
+        fi
+        keystone user-role-add --tenant_id $tenant \
+                           --user_id $user_id \
+                           --role_id $role_id
+    else
+        # Essex
+        keystone user-role-add --tenant_id $tenant \
+                               --user $user_id \
+                               --role $role_id
+    fi
 }
 
 get_endpoint() {
@@ -176,9 +190,10 @@ echo SERVICE_TENANT $SERVICE_TENANT
 echo SERVICE_PASSWORD $SERVICE_PASSWORD
 echo SERVICE_TOKEN $SERVICE_TOKEN
 
-HEAT_USER=$(get_user heat)
-echo HEAT_USER $HEAT_USER
-add_role $HEAT_USER $SERVICE_TENANT $ADMIN_ROLE
+HEAT_USERNAME="heat"
+HEAT_USERID=$(get_user $HEAT_USERNAME)
+echo HEAT_USERID $HEAT_USERID
+add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
 
 HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
                    "Heat CloudFormation API")
-- 
2.45.2