Correctly scope role assignment for heat_domain_admin

The admin role assignment for the heat_domain_admin user needs to be scoped to the heat domain; update domain-setup action to scope the role assigment correctly. This change also stops ignoring the return code of the role assignment; re-assigning a role already granted is idemponent in openstackclient. Change-Id: Ia5ba409e2f566614e6db9bbf9540c563af8e4a82 Closes-Bug: 1715465
2017-09-14 14:20:49 -06:00 · 2017-09-14 14:20:49 -06:00 · 501e3415b3
parent 6cb0ede086
commit 501e3415b3
1 changed files with 4 additions and 1 deletions
--- a/actions/domain-setup
+++ b/actions/domain-setup
@ -14,7 +14,10 @@ openstack user show heat_domain_admin || {
    openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin
 }

-openstack role add --domain heat --user heat_domain_admin admin || :
+openstack role add --domain heat --user-domain heat --user heat_domain_admin admin || {
+    # NOTE(jamespage): Fallback to trying older style --user-domain -less configuration
+    openstack role add --domain heat --user heat_domain_admin admin
+}

 openstack role show heat_stack_user || {
    openstack role create heat_stack_user