diff --git a/functions-common b/functions-common index 21c74c6cf7..f442211a61 100644 --- a/functions-common +++ b/functions-common @@ -768,6 +768,27 @@ function get_or_add_user_project_role { echo $user_role_id } +# Gets or adds group role to project +# Usage: get_or_add_group_project_role +function get_or_add_group_project_role { + # Gets group role id + local group_role_id=$(openstack role list \ + --group $2 \ + --project $3 \ + --column "ID" \ + --column "Name" \ + | grep " $1 " | get_field 1) + if [[ -z "$group_role_id" ]]; then + # Adds role to group + group_role_id=$(openstack role add \ + $1 \ + --group $2 \ + --project $3 \ + | grep " id " | get_field 2) + fi + echo $group_role_id +} + # Gets or creates service # Usage: get_or_create_service function get_or_create_service { diff --git a/lib/keystone b/lib/keystone index 1e39ab6bc2..7b41812fca 100644 --- a/lib/keystone +++ b/lib/keystone @@ -366,6 +366,12 @@ function configure_keystone_extensions { # demo demo Member, anotherrole # invisible_to_admin demo Member +# Group Users Roles Tenant +# ------------------------------------------------------------------ +# admins admin admin admin +# nonadmin demo Member, anotherrole demo + + # Migrated from keystone_data.sh function create_keystone_accounts { @@ -407,8 +413,14 @@ function create_keystone_accounts { get_or_add_user_project_role $another_role $demo_user $demo_tenant get_or_add_user_project_role $member_role $demo_user $invis_tenant - get_or_create_group "developers" "default" "openstack developers" - get_or_create_group "testers" "default" + local admin_group=$(get_or_create_group "admins" \ + "default" "openstack admin group") + local non_admin_group=$(get_or_create_group "nonadmins" \ + "default" "non-admin group") + + get_or_add_group_project_role $member_role $non_admin_group $demo_tenant + get_or_add_group_project_role $another_role $non_admin_group $demo_tenant + get_or_add_group_project_role $admin_role $admin_group $admin_tenant # Keystone if [[ "$KEYSTONE_CATALOG_BACKEND" = 'sql' ]]; then