Add roles when we create groups

We should prime the groups that were created with some roles on projects. Eventually we can add users directly to the groups and not have to resort to individual user assignments. Change-Id: Icebafc06859f8879c584cfd67aa51cb0c9ce48af
2015-03-12 21:30:58 -04:00 · 2015-03-12 21:30:58 -04:00 · 4599fd174c
commit 4599fd174c
parent 5e159edab3
2 changed files with 35 additions and 2 deletions
--- a/21
+++ b/21
@ -728,6 +728,27 @@ function get_or_add_user_project_role {
    echo $user_role_id
 }

+# Gets or adds group role to project
+# Usage: get_or_add_group_project_role <role> <group> <project>
+function get_or_add_group_project_role {
+    # Gets group role id
+    local group_role_id=$(openstack role list \
+        --group $2 \
+        --project $3 \
+        --column "ID" \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$group_role_id" ]]; then
+        # Adds role to group
+        group_role_id=$(openstack role add \
+            $1 \
+            --group $2 \
+            --project $3 \
+            | grep " id " | get_field 2)
+    fi
+    echo $group_role_id
+}
+
 # Gets or creates service
 # Usage: get_or_create_service <name> <type> <description>
 function get_or_create_service {
--- a/lib/keystone
+++ b/lib/keystone
@ -362,6 +362,12 @@ function configure_keystone_extensions {
 # demo                 demo       Member, anotherrole
 # invisible_to_admin   demo       Member

+# Group                Users      Roles                 Tenant
+# ------------------------------------------------------------------
+# admins               admin      admin                 admin
+# nonadmin             demo       Member, anotherrole   demo
+
+
 # Migrated from keystone_data.sh
 function create_keystone_accounts {

@ -403,8 +409,14 @@ function create_keystone_accounts {
    get_or_add_user_project_role $another_role $demo_user $demo_tenant
    get_or_add_user_project_role $member_role $demo_user $invis_tenant

-    get_or_create_group "developers" "default" "openstack developers"
-    get_or_create_group "testers" "default"
+    local admin_group=$(get_or_create_group "admins" \
+        "default" "openstack admin group")
+    local non_admin_group=$(get_or_create_group "nonadmins" \
+        "default" "non-admin group")
+
+    get_or_add_group_project_role $member_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $another_role $non_admin_group $demo_tenant
+    get_or_add_group_project_role $admin_role $admin_group $admin_tenant

    # Keystone
    if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then