diff --git a/bin/heat-keystone-setup b/bin/heat-keystone-setup index 74691bd0b8..e3cc784111 100755 --- a/bin/heat-keystone-setup +++ b/bin/heat-keystone-setup @@ -72,23 +72,37 @@ get_user() { fi } -ver=`nova-manage version list | cut -d . -f1` -if [ $ver -lt 2013 ]; then - user_arg=user - role_arg=role -else - user_arg=user_id - role_arg=role_id -fi - add_role() { local user_id=$1 local tenant=$2 local role_id=$3 + local username=$4 - keystone user-role-add --tenant_id $tenant \ - --$user_arg $user_id \ - --$role_arg $role_id + # The keystone argument format changed between essex and folsom + # so we use the fact that the folsom keystone version has a new + # option "user-role-list" to detect we're on that newer version + # This also allows us to detect when the user already has the + # requested role_id, preventing an error on folsom + user_roles=$(keystone --os-username $username\ + --os-tenant-id $tenant\ + user-role-list 2>/dev/null) + if [ $? == 0 ]; then + # Folsom + existing_role=$(get_data 1 $role_id 1 echo "$user_roles") + if [ -n "$existing_role" ] + then + echo "User $username already has role $role_id" >&2 + return + fi + keystone user-role-add --tenant_id $tenant \ + --user_id $user_id \ + --role_id $role_id + else + # Essex + keystone user-role-add --tenant_id $tenant \ + --user $user_id \ + --role $role_id + fi } get_endpoint() { @@ -176,9 +190,10 @@ echo SERVICE_TENANT $SERVICE_TENANT echo SERVICE_PASSWORD $SERVICE_PASSWORD echo SERVICE_TOKEN $SERVICE_TOKEN -HEAT_USER=$(get_user heat) -echo HEAT_USER $HEAT_USER -add_role $HEAT_USER $SERVICE_TENANT $ADMIN_ROLE +HEAT_USERNAME="heat" +HEAT_USERID=$(get_user $HEAT_USERNAME) +echo HEAT_USERID $HEAT_USERID +add_role $HEAT_USERID $SERVICE_TENANT $ADMIN_ROLE $HEAT_USERNAME HEAT_CFN_SERVICE=$(get_service heat-cfn cloudformation \ "Heat CloudFormation API")