Merge "Add heat_stack_owner role for heat trusts usage"

2014-03-08 18:12:49 +00:00 · 2014-03-08 18:12:49 +00:00 · 111f0f1bd9
parent 45d5db3dff 2ca3bf18dd
commit 111f0f1bd9
1 changed files with 13 additions and 0 deletions
--- a/lib/heat
+++ b/lib/heat
@ -240,6 +240,19 @@ function create_heat_accounts {
    # heat_stack_user role is for users created by Heat
    openstack role create heat_stack_user

+    # heat_stack_owner role is given to users who create Heat stacks,
+    # it's the default role used by heat to delegate to the heat service
+    # user (for performing deferred operations via trusts), see heat.conf
+    HEAT_OWNER_ROLE=$(openstack role create \
+        heat_stack_owner \
+        | grep " id " | get_field 2)
+
+    # Give the role to the demo and admin users so they can create stacks
+    # in either of the projects created by devstack
+    openstack role add $HEAT_OWNER_ROLE --project demo --user demo
+    openstack role add $HEAT_OWNER_ROLE --project demo --user admin
+    openstack role add $HEAT_OWNER_ROLE --project admin --user admin
+
    # Note we have to pass token/endpoint here because the current endpoint and
    # version negotiation in OSC means just --os-identity-api-version=3 won't work
    KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"