From d3246b4c6e3e6274c67f49b282f1077373c3247a Mon Sep 17 00:00:00 2001
From: Jorge Merlino <jorge.merlino@canonical.com>
Date: Thu, 13 Oct 2022 16:23:19 -0300
Subject: [PATCH] Add admin-role parameter value to identity relation

This parameter is added to the relation in order to configure service
tokens on related services. The role of the service user is required for
service token validation.

Closes-Bug: #1992840
Change-Id: Id7e84d38a9f774179808137548307c9174a87f87
(cherry picked from commit 55bd7022242857fd8d8c1cc823411021e61bcba4)
---
 hooks/keystone_utils.py           | 1 +
 unit_tests/test_keystone_utils.py | 1 +
 2 files changed, 2 insertions(+)

diff --git a/hooks/keystone_utils.py b/hooks/keystone_utils.py
index e2688f07..8862d332 100644
--- a/hooks/keystone_utils.py
+++ b/hooks/keystone_utils.py
@@ -2200,6 +2200,7 @@ def add_service_to_keystone(relation_id=None, remote_unit=None):
         "admin_domain_id": leader_get(attribute='admin_domain_id'),
         "admin_project_id": admin_project_id,
         "admin_user_id": admin_user_id,
+        "admin_role": config("admin-role"),
         "created_roles": ','.join(
             get_real_role_names(requested_roles, manager))
     }
diff --git a/unit_tests/test_keystone_utils.py b/unit_tests/test_keystone_utils.py
index f1dcf4e6..423269ee 100644
--- a/unit_tests/test_keystone_utils.py
+++ b/unit_tests/test_keystone_utils.py
@@ -498,6 +498,7 @@ class TestKeystoneUtils(CharmTestCase):
         relation_data = {'admin_domain_id': None,
                          'admin_user_id': admin_user_id,
                          'admin_project_id': admin_project_id,
+                         'admin_role': 'Admin',
                          'auth_host': '10.0.0.3',
                          'service_host': '10.0.0.3',
                          'service_port': 81, 'auth_port': 80,