Grant proper privileges to admin user for testing purposes

At the moment we assign `heat_stack_owner` to the `admin` user in a `service` project, which leads to a completely unwanted behaviour, since `admin` user does not have any other privileges to the `service` project rather then `heat_stack_owner`. Instead we should be granting privileges to the bootstrapped project for the admin user. This fixes unclarity and potential issues users might face in horizon by switching to the `service` project, where they have no permissions. Change-Id: I95faa779bf62524fafd09576aa7ae27de029bb57 (cherry picked from commit 408f794e2a)
2024-03-08 13:16:37 +01:00 · 2024-03-08 13:16:37 +01:00 · fb9a68f359
parent 662b0817b9
commit fb9a68f359
1 changed files with 3 additions and 3 deletions
--- a/tasks/heat_service_setup.yml
+++ b/tasks/heat_service_setup.yml
@ -50,10 +50,10 @@
        domain: "{{ heat_service_user_domain_id }}"
        # Any user creating stacks needs to have the 'heat_stack_owner' role assigned.
        # We add to admin user here for testing purposes.
-      - name: "{{ keystone_admin_user_name }}"
+      - name: "{{ keystone_admin_user_name | default('admin') }}"
        role: "{{ heat_stack_owner_name }}"
-        project: "{{ heat_service_project_name }}"
-        domain: "{{ heat_service_user_domain_id }}"
+        project: "{{ keystone_admin_tenant_name | default('admin') }}"
+        domain: "{{ keystone_admin_domain_name | default('default') }}"
      - name: "{{ heat_stack_domain_admin }}"
        password: "{{ heat_stack_domain_admin_password }}"
        domain: "{{ heat_stack_user_domain_name }}"