Correctly scope role assignment for heat_domain_admin
The admin role assignment for the heat_domain_admin user needs to be scoped to the heat domain; update domain-setup action to scope the role assigment correctly. This change also stops ignoring the return code of the role assignment; re-assigning a role already granted is idemponent in openstackclient. Change-Id: Ia5ba409e2f566614e6db9bbf9540c563af8e4a82 Closes-Bug: 1715465
This commit is contained in:
parent
6cb0ede086
commit
501e3415b3
|
@ -14,7 +14,10 @@ openstack user show heat_domain_admin || {
|
|||
openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin
|
||||
}
|
||||
|
||||
openstack role add --domain heat --user heat_domain_admin admin || :
|
||||
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin || {
|
||||
# NOTE(jamespage): Fallback to trying older style --user-domain -less configuration
|
||||
openstack role add --domain heat --user heat_domain_admin admin
|
||||
}
|
||||
|
||||
openstack role show heat_stack_user || {
|
||||
openstack role create heat_stack_user
|
||||
|
|
Loading…
Reference in New Issue