From a33558da1914065f8af3d4ea0ca4fa899c6fc8a5 Mon Sep 17 00:00:00 2001
From: LIU Yulong <liuyulong@le.com>
Date: Thu, 23 Jun 2016 13:19:48 +0800
Subject: [PATCH] Add default role name to rally config

If the OpenStack env does not have a 'member' role, the
rally task will get a WARNING: Unable to set member role
to created user. And then task will stop due to the 401
Unauthorized error.

This patch adds default role to rally config. So for each,
test, rally will create the test user with the set
keystone_default_role.

Closes-Bug: #1595081

Change-Id: Ic97ce50f40d3a3e7f9e8fc6ef142c5465ab41a51
---
 rally/plugins/openstack/context/keystone/users.py | 12 +++++++++---
 rally/plugins/openstack/wrappers/keystone.py      | 13 ++++++++-----
 2 files changed, 17 insertions(+), 8 deletions(-)

diff --git a/rally/plugins/openstack/context/keystone/users.py b/rally/plugins/openstack/context/keystone/users.py
index f39c7931..9a840264 100644
--- a/rally/plugins/openstack/context/keystone/users.py
+++ b/rally/plugins/openstack/context/keystone/users.py
@@ -46,6 +46,9 @@ USER_CONTEXT_OPTS = [
     cfg.StrOpt("user_domain",
                default="default",
                help="ID of domain in which users will be created."),
+    cfg.StrOpt("keystone_default_role",
+               default="member",
+               help="The default role name of the keystone."),
 ]
 
 CONF = cfg.CONF
@@ -223,6 +226,7 @@ class UserGenerator(UserContextMixin, context.Context):
         # NOTE(msdubov): This should be called after _create_tenants().
         threads = self.config["resource_management_workers"]
         users_per_tenant = self.config["users_per_tenant"]
+        default_role = cfg.CONF.users_context.keystone_default_role
 
         users = collections.deque()
 
@@ -241,9 +245,11 @@ class UserGenerator(UserContextMixin, context.Context):
                 clients = osclients.Clients(self.credential)
                 cache["client"] = keystone.wrap(clients.keystone())
             client = cache["client"]
-            user = client.create_user(username, password,
-                                      "%s@email.me" % username,
-                                      tenant_id, user_dom)
+            user = client.create_user(
+                username, password,
+                "%s@email.me" % username,
+                tenant_id, user_dom,
+                default_role=default_role)
             user_credential = objects.Credential(
                 client.auth_url, user.name, password,
                 self.context["tenants"][tenant_id]["name"],
diff --git a/rally/plugins/openstack/wrappers/keystone.py b/rally/plugins/openstack/wrappers/keystone.py
index 44708f98..e26190dc 100644
--- a/rally/plugins/openstack/wrappers/keystone.py
+++ b/rally/plugins/openstack/wrappers/keystone.py
@@ -55,7 +55,7 @@ class KeystoneWrapper(object):
 
     @abc.abstractmethod
     def create_user(self, username, password, email=None, project_id=None,
-                    domain_name="Default"):
+                    domain_name="Default", default_role="member"):
         """Create user.
 
         :param username: name of user
@@ -64,6 +64,7 @@ class KeystoneWrapper(object):
         :param domain_name: Name or id of domain where to create project, for
                             implementations that don't support domains this
                             argument must be None or 'Default'.
+        :param default_role: user's default role
         """
 
     @abc.abstractmethod
@@ -136,7 +137,8 @@ class KeystoneV2Wrapper(KeystoneWrapper):
         self.client.tenants.delete(project_id)
 
     def create_user(self, username, password, email=None, project_id=None,
-                    domain_name="Default"):
+                    domain_name="Default", default_role="member"):
+        # NOTE(liuyulong): For v2 wrapper the `default_role` here is not used.
         self._check_domain(domain_name)
         user = self.client.users.create(username, password, email, project_id)
         return KeystoneV2Wrapper._wrap_v2_user(user)
@@ -194,18 +196,19 @@ class KeystoneV3Wrapper(KeystoneWrapper):
         self.client.projects.delete(project_id)
 
     def create_user(self, username, password, email=None, project_id=None,
-                    domain_name="Default"):
+                    domain_name="Default", default_role="member"):
         domain_id = self._get_domain_id(domain_name)
         user = self.client.users.create(name=username, password=password,
                                         default_project=project_id,
                                         email=email, domain=domain_id)
         for role in self.client.roles.list():
-            if "member" in role.name.lower():
+            if default_role in role.name.lower():
                 self.client.roles.grant(role.id, user=user.id,
                                         project=project_id)
                 break
         else:
-            LOG.warning("Unable to set member role to created user.")
+            LOG.warning(
+                "Unable to set %s role to created user." % default_role)
         return KeystoneV3Wrapper._wrap_v3_user(user)
 
     def delete_user(self, user_id):