Correctly scope role assignment for heat_domain_admin
The admin role assignment for the heat_domain_admin user
needs to be scoped to the heat domain; update domain-setup
action to scope the role assigment correctly.
This change also stops ignoring the return code of the
role assignment; re-assigning a role already granted is
idemponent in openstackclient.
Change-Id: Ia5ba409e2f566614e6db9bbf9540c563af8e4a82
Closes-Bug: 1715465
(cherry picked from commit 501e3415b3
)
This commit is contained in:
parent
ec424f87d1
commit
f30723b839
|
@ -14,7 +14,10 @@ openstack user show heat_domain_admin || {
|
|||
openstack user create --domain heat --password `leader-get heat-domain-admin-passwd` heat_domain_admin
|
||||
}
|
||||
|
||||
openstack role add --domain heat --user heat_domain_admin admin || :
|
||||
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin || {
|
||||
# NOTE(jamespage): Fallback to trying older style --user-domain -less configuration
|
||||
openstack role add --domain heat --user heat_domain_admin admin
|
||||
}
|
||||
|
||||
openstack role show heat_stack_user || {
|
||||
openstack role create heat_stack_user
|
||||
|
|
Loading…
Reference in New Issue