heat-keystone-setup workaround keystone arg syntax
Keystone user-role-add syntax is not the same on essex and folsom, so try both formats so we can work with either Removes potentially unreliable approach to detecting keystone version, and also avoids error on folsom when the user already has the specified role Fixes #272 Change-Id: Iece52223a29069a1fd517018cc49613be6fac318 Signed-off-by: Steven Hardy <shardy@redhat.com>
This commit is contained in:
parent
b3b56ff59d
commit
f5099e02d5
|
@ -72,23 +72,37 @@ get_user() {
|
|||
fi
|
||||
}
|
||||
|
||||
ver=`nova-manage version list | cut -d . -f1`
|
||||
if [ $ver -lt 2013 ]; then
|
||||
user_arg=user
|
||||
role_arg=role
|
||||
else
|
||||
user_arg=user_id
|
||||
role_arg=role_id
|
||||
fi
|
||||
|
||||
add_role() {
|
||||
local user_id=$1
|
||||
local tenant=$2
|
||||
local role_id=$3
|
||||
local username=$4
|
||||
|
||||
keystone user-role-add --tenant_id $tenant \
|
||||
--$user_arg $user_id \
|
||||
--$role_arg $role_id
|
||||
# The keystone argument format changed between essex and folsom
|
||||
# so we use the fact that the folsom keystone version has a new
|
||||
# option "user-role-list" to detect we're on that newer version
|
||||
# This also allows us to detect when the user already has the
|
||||
# requested role_id, preventing an error on folsom
|
||||
user_roles=$(keystone --os-username $username\
|
||||
--os-tenant-id $tenant\
|
||||
user-role-list 2>/dev/null)
|
||||
if [ $? == 0 ]; then
|
||||
# Folsom
|
||||
existing_role=$(get_data 1 $role_id 1 echo "$user_roles")
|
||||
if [ -n "$existing_role" ]
|
||||
then
|
||||
echo "User $username already has role $role_id" >&2
|
||||
return
|
||||
fi
|
||||
keystone user-role-add --tenant_id $tenant \
|
||||
--user_id $user_id \
|
||||
--role_id $role_id
|
||||
else
|
||||
# Essex
|
||||
keystone user-role-add --tenant_id $tenant \
|
||||
--user $user_id \
|
||||
--role $role_id
|
||||
fi
|
||||
}
|
||||
|
||||
get_endpoint() {
|
||||
|
@ -176,9 +190,10 @@ echo SERVICE_TENANT $SERVICE_TENANT
|
|||
echo SERVICE_PASSWORD $SERVICE_PASSWORD
|
||||
echo SERVICE_TOKEN $SERVICE_TOKEN
|
||||
|
||||
HEAT_USER=$(get_user heat)
|
||||
echo HEAT_USER $HEAT_USER
|
||||
add_role $HEAT_USER $SERVICE_TENANT $ADMIN_ROLE
|
||||
HEAT_USERNAME="heat"
|
||||
HEAT_USERID=$(get_user $HEAT_USERNAME)
|
||||
echo HEAT_USERID $HEAT_USERID
|
||||
add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME
|
||||
|
||||
HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \
|
||||
"Heat CloudFormation API")
|
||||
|
|
Loading…
Reference in New Issue