Grant admin role in heat domain to heat_domain_admin

This patch grants heat_domain_admin the admin role in the heat domain
(rather then in the service project).

We use :grant_domain instead of :grant_role, because we are setting a
role in a domain, not in a project.

Note that for the user to actually exist in the heat domain, a
sufficiently recent openstackclient cookbook is required -- otherwise
the domain_name attribute is ignored during user creation.

Also, we remove the user_name attribute (gets ignored by resource
action).

Change-Id: I747e2dedbc517cc3deb2675590fb982459c560a0
This commit is contained in:
Roger Luethi 2017-11-01 10:23:24 +01:00 committed by Samuel Cassiba
parent 00341ef50a
commit dc2d594b05
2 changed files with 2 additions and 3 deletions

View File

@ -163,9 +163,8 @@ end
openstack_user stack_domain_admin do
domain_name heat_domain_name
role_name 'admin'
user_name stack_domain_admin
connection_params connection_params
action :grant_role
action :grant_domain
end
openstack_role 'heat_stack_owner' do

View File

@ -117,7 +117,7 @@ describe 'openstack-orchestration::identity_registration' do
end
it do
expect(chef_run).to grant_role_openstack_user(
expect(chef_run).to grant_domain_openstack_user(
stack_domain_admin
).with(
domain_name: stack_domain_name,