From 33d1f86a4931de76fba555a9a3f5e5fa3fd7c171 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Thu, 13 Feb 2014 15:00:33 +0000
Subject: [PATCH] Add support for creating heat stack domain

The Heat instance-users blueprint requires an additional domain
where heat creates projects and users related to stack resources
so add support for creating this domain when configured to install
Heat.  Note a workaround is currently required to make the
openstack command work with the v3 keystone API.

Change-Id: I36157372d85b577952b55481ca5cc42146011a54
---
 lib/heat | 20 ++++++++++++++++++++
 stack.sh |  4 ++++
 2 files changed, 24 insertions(+)

diff --git a/lib/heat b/lib/heat
index 9f5dd8b588..efb01ef3b8 100644
--- a/lib/heat
+++ b/lib/heat
@@ -110,6 +110,15 @@ function configure_heat() {
     iniset $HEAT_CONF ec2authtoken auth_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0
     iniset $HEAT_CONF ec2authtoken keystone_ec2_uri $KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v2.0/ec2tokens
 
+    # stack user domain
+    # Note we have to pass token/endpoint here because the current endpoint and
+    # version negotiation in OSC means just --os-identity-api-version=3 won't work
+    KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
+    D_ID=$(openstack --os-token $OS_SERVICE_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 domain show heat \
+        | grep ' id ' | get_field 2)
+    iniset $HEAT_CONF stack_user_domain ${D_ID}
+
     # paste_deploy
     [[ "$HEAT_STANDALONE" = "True" ]] && iniset $HEAT_CONF paste_deploy flavor standalone
 
@@ -196,6 +205,17 @@ function disk_image_create {
     upload_image "http://localhost/$output.qcow2" $TOKEN
 }
 
+# create_heat_accounts() - Set up common required heat accounts
+# Note this is in addition to what is in files/keystone_data.sh
+function create_heat_accounts() {
+    # Note we have to pass token/endpoint here because the current endpoint and
+    # version negotiation in OSC means just --os-identity-api-version=3 won't work
+    KS_ENDPOINT_V3="$KEYSTONE_SERVICE_PROTOCOL://$KEYSTONE_SERVICE_HOST:$KEYSTONE_SERVICE_PORT/v3"
+    openstack --os-token $OS_SERVICE_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 domain create heat \
+        --description "Owns users and projects created by heat"
+}
+
 # Restore xtrace
 $XTRACE
 
diff --git a/stack.sh b/stack.sh
index c153132485..824982e4c6 100755
--- a/stack.sh
+++ b/stack.sh
@@ -938,6 +938,10 @@ if is_service_enabled key; then
         create_swift_accounts
     fi
 
+    if is_service_enabled heat; then
+        create_heat_accounts
+    fi
+
     # ``keystone_data.sh`` creates services, admin and demo users, and roles.
     ADMIN_PASSWORD=$ADMIN_PASSWORD SERVICE_TENANT_NAME=$SERVICE_TENANT_NAME SERVICE_PASSWORD=$SERVICE_PASSWORD \
     SERVICE_TOKEN=$SERVICE_TOKEN SERVICE_ENDPOINT=$SERVICE_ENDPOINT SERVICE_HOST=$SERVICE_HOST \