Create stack_domain_admin user

Create an additional service user for Heat, which is a domain admin for the stack_user_domain - this is necessary since the normal service user cannot manage the projects/users in the stack_user_domain when keystone is configured to use the v3cloudsample policy (such as in gate integration tests). Change-Id: If59c11a74145b9bd02f78a7e0882afe1b0a72e40
2014-02-24 18:09:10 +00:00 · 2014-02-24 18:09:10 +00:00 · dd029da5b9
commit dd029da5b9
parent f1eb0475d9
1 changed files with 10 additions and 0 deletions
--- a/lib/heat
+++ b/lib/heat
@ -207,6 +207,16 @@ function create_heat_accounts() {
        --description "Owns users and projects created by heat" \
        | grep ' id ' | get_field 2)
    iniset $HEAT_CONF DEFAULT stack_user_domain ${D_ID}
+
+    openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 user create --password $SERVICE_PASSWORD \
+        --domain $D_ID heat_domain_admin \
+        --description "Manages users and projects created by heat"
+    openstack --os-token $OS_TOKEN --os-url=$KS_ENDPOINT_V3 \
+        --os-identity-api-version=3 role add \
+        --user ${U_ID} --domain ${D_ID} admin
+    iniset $HEAT_CONF DEFAULT stack_domain_admin heat_domain_admin
+    iniset $HEAT_CONF DEFAULT stack_domain_admin_password $SERVICE_PASSWORD
 }

 # Restore xtrace