From dd029da5b9b5600b8f6893247645db4fb0b95efe Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Mon, 24 Feb 2014 18:09:10 +0000
Subject: [PATCH] Create stack_domain_admin user

Create an additional service user for Heat, which is a domain admin
for the stack_user_domain - this is necessary since the normal service
user cannot manage the projects/users in the stack_user_domain when
keystone is configured to use the v3cloudsample policy (such as in
gate integration tests).

Change-Id: If59c11a74145b9bd02f78a7e0882afe1b0a72e40
---
 lib/heat | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/heat b/lib/heat
index af10fa6f1d..1b6dc86989 100644
--- a/lib/heat
+++ b/lib/heat
@@ -207,6 +207,16 @@ function create_heat_accounts() {
         --description "Owns users and projects created by heat" \
         | grep ' id ' | get_field 2)
     iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
+
+    openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
+        --domain $D_ID heat_domain_admin \
+        --description "Manages users and projects created by heat"
+    openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 role add \
+        --user ${U_ID} --domain ${D_ID} admin
+    iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
+    iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
 }
 
 # Restore xtrace