keystone: default domain fix

Provide the default domain id and assign the admin role to it on bootstrap. Currently we cannot provide domain scoped tokens with the admin user due to it not being assigned the admin role for the default domain. This patch makes it so we assign the proper role on bootstrap. Depends-on: https://review.opendev.org/662992 Change-Id: Ide1918c1ed264ccc2998008b2334542e3d683bfc
2019-06-04 11:53:16 +02:00 · 2019-06-04 11:53:16 +02:00 · d4b8f16f26
commit d4b8f16f26
parent 8ec7e3208a
1 changed files with 8 additions and 0 deletions
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -64,6 +64,12 @@ bootstrap:
          --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
          --project="${OS_PROJECT_NAME}" \
          "member"
+    # admin needs the admin role for the default domain
+    openstack role add \
+          --user="${OS_USERNAME}" \
+          --domain="${OS_DEFAULT_DOMAIN}" \
+          "admin"
+

 network:
  api:
@ -1149,6 +1155,7 @@ endpoints:
        project_name: admin
        user_domain_name: default
        project_domain_name: default
+        default_domain_id: default
      test:
        role: admin
        region_name: RegionOne
@ -1157,6 +1164,7 @@ endpoints:
        project_name: test
        user_domain_name: default
        project_domain_name: default
+        default_domain_id: default
    hosts:
      default: keystone
      internal: keystone-api