From 55bd7022242857fd8d8c1cc823411021e61bcba4 Mon Sep 17 00:00:00 2001
From: Jorge Merlino <jorge.merlino@canonical.com>
Date: Thu, 13 Oct 2022 16:23:19 -0300
Subject: [PATCH] Add admin-role parameter value to identity relation

This parameter is added to the relation in order to configure service
tokens on related services. The role of the service user is required for
service token validation.

Closes-Bug: #1992840
Change-Id: Id7e84d38a9f774179808137548307c9174a87f87
---
 hooks/keystone_utils.py           | 1 +
 unit_tests/test_keystone_utils.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py
index 56b50d5b..407be6a4 100644
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@@ -2081,6 +2081,7 @@ def add_service_to_keystone(relation_id=None, remote_unit=None):
         "admin_domain_id": leader_get(attribute='admin_domain_id'),
         "admin_project_id": admin_project_id,
         "admin_user_id": admin_user_id,
+        "admin_role": config("admin-role"),
         "created_roles": ','.join(
             get_real_role_names(requested_roles, manager))
     }
diff --git a/unit_tests/test_keystone_utils.py b/unit_tests/test_keystone_utils.py
index d167006c..3270b7b8 100644
--- a/unit_tests/test_keystone_utils.py
+++ b/unit_tests/test_keystone_utils.py
@@ -498,6 +498,7 @@ class TestKeystoneUtils(CharmTestCase):
         relation_data = {'admin_domain_id': None,
                          'admin_user_id': admin_user_id,
                          'admin_project_id': admin_project_id,
+                         'admin_role': 'Admin',
                          'auth_host': '10.0.0.3',
                          'service_host': '10.0.0.3',
                          'service_port': 81, 'auth_port': 80,