From 449970d91365eaf40261d3ac953a8d47849d0c3e Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Fri, 8 Mar 2024 13:16:37 +0100
Subject: [PATCH] Grant proper privileges to admin user for testing purposes

At the moment we assign `heat_stack_owner` to the `admin` user in a
`service` project, which leads to a completely unwanted behaviour, since
`admin` user does not have any other privileges to the `service` project
rather then `heat_stack_owner`.

Instead we should be granting privileges to the bootstrapped project
for the admin user.

This fixes unclarity and potential issues users might face in horizon
by switching to the `service` project, where they have no permissions.

Change-Id: I95faa779bf62524fafd09576aa7ae27de029bb57
(cherry picked from commit 408f794e2a1d4162cc5211d0c94953ef08b5c0b7)
---
 tasks/heat_service_setup.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/tasks/heat_service_setup.yml b/tasks/heat_service_setup.yml
index 9b32504..3b159e2 100644
--- a/tasks/heat_service_setup.yml
+++ b/tasks/heat_service_setup.yml
@@ -50,10 +50,10 @@
         domain: "{{ heat_service_user_domain_id }}"
         # Any user creating stacks needs to have the 'heat_stack_owner' role assigned.
         # We add to admin user here for testing purposes.
-      - name: "{{ keystone_admin_user_name }}"
+      - name: "{{ keystone_admin_user_name | default('admin') }}"
         role: "{{ heat_stack_owner_name }}"
-        project: "{{ heat_service_project_name }}"
-        domain: "{{ heat_service_user_domain_id }}"
+        project: "{{ keystone_admin_tenant_name | default('admin') }}"
+        domain: "{{ keystone_admin_domain_name | default('default') }}"
       - name: "{{ heat_stack_domain_admin }}"
         password: "{{ heat_stack_domain_admin_password }}"
         domain: "{{ heat_stack_user_domain_name }}"