From d4b8f16f262a2125c15b367dceb5a1733a3eb777 Mon Sep 17 00:00:00 2001
From: Itxaka <igarcia@suse.com>
Date: Tue, 4 Jun 2019 11:53:16 +0200
Subject: [PATCH] keystone: default domain fix

Provide the default domain id and assign the admin
role to it on bootstrap.
Currently we cannot provide domain scoped tokens with
the admin user due to it not being assigned the admin
role for the default domain.

This patch makes it so we assign the proper role on bootstrap.

Depends-on: https://review.opendev.org/662992
Change-Id: Ide1918c1ed264ccc2998008b2334542e3d683bfc
---
 keystone/values.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/keystone/values.yaml b/keystone/values.yaml
index 4809c56f86..b271846b4d 100644
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@@ -64,6 +64,12 @@ bootstrap:
           --project-domain="${OS_PROJECT_DOMAIN_NAME}" \
           --project="${OS_PROJECT_NAME}" \
           "member"
+    # admin needs the admin role for the default domain
+    openstack role add \
+          --user="${OS_USERNAME}" \
+          --domain="${OS_DEFAULT_DOMAIN}" \
+          "admin"
+
 
 network:
   api:
@@ -1149,6 +1155,7 @@ endpoints:
         project_name: admin
         user_domain_name: default
         project_domain_name: default
+        default_domain_id: default
       test:
         role: admin
         region_name: RegionOne
@@ -1157,6 +1164,7 @@ endpoints:
         project_name: test
         user_domain_name: default
         project_domain_name: default
+        default_domain_id: default
     hosts:
       default: keystone
       internal: keystone-api