From 788fbfd98dd444d80f1ed522395dea4988c5c5b5 Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Thu, 17 Mar 2016 10:26:13 -0400
Subject: [PATCH] Remove dependency on the Keystone admin auth token

Now that auth token usage is deprecated, prefer the admin
user and password for all horizon setup tasks run against
keystone.

Change-Id: I37187eaf11d3bd60c577acf7c97c7c2993d65566
---
 README.rst                      |  3 ++-
 tasks/horizon_service_setup.yml | 14 +++++++++-----
 2 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.rst b/README.rst
index 05fe41f5..6ff0c590 100644
--- a/README.rst
+++ b/README.rst
@@ -52,8 +52,9 @@ Example Playbook
         rabbitmq_servers: 10.100.100.101
         rabbitmq_use_ssl: false
         rabbitmq_port: 5671
-        keystone_auth_admin_token: "SuperSecreteTestToken"
+        keystone_admin_user_name: admin
         keystone_auth_admin_password: "SuperSecretePassword"
+        keystone_admin_tenant_name: admin
         keystone_service_adminuri_insecure: false
         keystone_service_internaluri_insecure: false
         keystone_service_internaluri: "http://{{ internal_lb_vip_address }}:5000"
diff --git a/tasks/horizon_service_setup.yml b/tasks/horizon_service_setup.yml
index ee08a2ca..b24cd460 100644
--- a/tasks/horizon_service_setup.yml
+++ b/tasks/horizon_service_setup.yml
@@ -18,14 +18,18 @@
 - name: Ensure default keystone user role
   keystone:
     command: "ensure_role"
-    token: "{{ keystone_auth_admin_token }}"
     endpoint: "{{ keystone_service_adminurl }}"
+    login_user: "{{ keystone_admin_user_name }}"
+    login_password: "{{ keystone_auth_admin_password }}"
+    login_project_name: "{{ keystone_admin_tenant_name }}"
     role_name: "{{ horizon_default_role_name }}"
     insecure: "{{ keystone_service_adminuri_insecure }}"
-  when: >
-    keystone_auth_admin_token is defined
-    and keystone_service_adminurl is defined
-    and keystone_service_adminuri_insecure is defined
+  when:
+    - keystone_admin_user_name is defined
+    - keystone_auth_admin_password is defined
+    - keystone_admin_tenant_name is defined
+    - keystone_service_adminurl is defined
+    - keystone_service_adminuri_insecure is defined
   register: add_member_role
   until: add_member_role|success
   retries: 5