heat-keystone-setup workaround keystone arg syntax

Keystone user-role-add syntax is not the same on essex
and folsom, so try both formats so we can work with either
Removes potentially unreliable approach to detecting keystone
version, and also avoids error on folsom when the user already
has the specified role

Fixes #272

Change-Id: Iece52223a29069a1fd517018cc49613be6fac318
Signed-off-by: Steven Hardy <shardy@redhat.com>
This commit is contained in:
Steven Hardy 2012-10-24 13:48:22 +01:00
parent b3b56ff59d
commit f5099e02d5
1 changed files with 30 additions and 15 deletions

View File

@ -72,23 +72,37 @@ get_user() {
fi
}
ver=`nova-manage version list | cut -d . -f1`
if [ $ver -lt 2013 ]; then
user_arg=user
role_arg=role
else
user_arg=user_id
role_arg=role_id
fi
add_role() {
local user_id=$1
local tenant=$2
local role_id=$3
local username=$4
keystone user-role-add --tenant_id $tenant \
--$user_arg $user_id \
--$role_arg $role_id
# The keystone argument format changed between essex and folsom
# so we use the fact that the folsom keystone version has a new
# option "user-role-list" to detect we're on that newer version
# This also allows us to detect when the user already has the
# requested role_id, preventing an error on folsom
user_roles=$(keystone --os-username $username\
--os-tenant-id $tenant\
user-role-list 2>/dev/null)
if [ $? == 0 ]; then
# Folsom
existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
if [ -n "$existing_role" ]
then
echo "User $username already has role $role_id" >&2
return
fi
keystone user-role-add --tenant_id $tenant \
--user_id $user_id \
--role_id $role_id
else
# Essex
keystone user-role-add --tenant_id $tenant \
--user $user_id \
--role $role_id
fi
}
get_endpoint() {
@ -176,9 +190,10 @@ echo SERVICE_TENANT $SERVICE_TENANT
echo SERVICE_PASSWORD $SERVICE_PASSWORD
echo SERVICE_TOKEN $SERVICE_TOKEN
HEAT_USER=$(get_user heat)
echo HEAT_USER $HEAT_USER
add_role $HEAT_USER $SERVICE_TENANT $ADMIN_ROLE
HEAT_USERNAME="heat"
HEAT_USERID=$(get_user $HEAT_USERNAME)
echo HEAT_USERID $HEAT_USERID
add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
"Heat CloudFormation API")