From 8b469c1c5e36047a9e5a80e040f137957bdb8d66 Mon Sep 17 00:00:00 2001
From: Steven Hardy <shardy@redhat.com>
Date: Thu, 4 Dec 2014 10:43:52 +0000
Subject: [PATCH] Remove heat_stack_owner role

Since https://review.openstack.org/#/c/128509/ heat no longer requires
the "heat_stack_owner" role by default, as we now delegate all roles
via the trust.  So remove the now unnecessary role creation and assignment
from lib/heat.

Change-Id: Ia097ac9a76b3242ed6e62b11ca64c7ac7680b97c
---
 lib/heat | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/lib/heat b/lib/heat
index 2b55cf0f6a..74163bdc31 100644
--- a/lib/heat
+++ b/lib/heat
@@ -252,17 +252,6 @@ function create_heat_accounts {
     get_or_create_role "heat_stack_user"
 
     if [[ $HEAT_DEFERRED_AUTH == trusts ]]; then
-
-        # heat_stack_owner role is given to users who create Heat stacks,
-        # it's the default role used by heat to delegate to the heat service
-        # user (for performing deferred operations via trusts), see heat.conf
-        local heat_owner_role=$(get_or_create_role "heat_stack_owner")
-
-        # Give the role to the demo and admin users so they can create stacks
-        # in either of the projects created by devstack
-        get_or_add_user_role $heat_owner_role demo demo
-        get_or_add_user_role $heat_owner_role admin demo
-        get_or_add_user_role $heat_owner_role admin admin
         iniset $HEAT_CONF DEFAULT deferred_auth_method trusts
     fi