From 59c6377ae51c024c28a6fba72de567bc97edda10 Mon Sep 17 00:00:00 2001
From: Roxana Gherle <roxana.gherle@hp.com>
Date: Wed, 9 Sep 2015 18:22:31 -0700
Subject: [PATCH] Assign admin role for admin user on default domain

This patch adds an admin role assignment for the admin user on
the default domain as part of the Keystone configuration stage.

Closes-Bug: #1494081
Change-Id: I91c88917bd51be4572e4970c94e65d866798df26
---
 functions-common | 32 ++++++++++++++++++++++++++++++++
 lib/keystone     |  1 +
 2 files changed, 33 insertions(+)

diff --git a/functions-common b/functions-common
index 446de5374f..c38a77243e 100644
--- a/functions-common
+++ b/functions-common
@@ -803,6 +803,38 @@ function get_or_add_user_project_role {
     echo $user_role_id
 }
 
+# Gets or adds user role to domain
+# Usage: get_or_add_user_domain_role <role> <user> <domain>
+function get_or_add_user_domain_role {
+    local user_role_id
+    # Gets user role id
+    user_role_id=$(openstack role list \
+        --user $2 \
+        --os-url=$KEYSTONE_SERVICE_URI_V3 \
+        --os-identity-api-version=3 \
+        --column "ID" \
+        --domain $3 \
+        --column "Name" \
+        | grep " $1 " | get_field 1)
+    if [[ -z "$user_role_id" ]]; then
+        # Adds role to user and get it
+        openstack role add $1 \
+            --user $2 \
+            --domain $3 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3
+        user_role_id=$(openstack role list \
+            --user $2 \
+            --os-url=$KEYSTONE_SERVICE_URI_V3 \
+            --os-identity-api-version=3 \
+            --column "ID" \
+            --domain $3 \
+            --column "Name" \
+            | grep " $1 " | get_field 1)
+    fi
+    echo $user_role_id
+}
+
 # Gets or adds group role to project
 # Usage: get_or_add_group_project_role <role> <group> <project>
 function get_or_add_group_project_role {
diff --git a/lib/keystone b/lib/keystone
index e2448c9068..b15abe1cb5 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -364,6 +364,7 @@ function create_keystone_accounts {
     local admin_user=$(get_or_create_user "admin" "$ADMIN_PASSWORD" default)
     local admin_role=$(get_or_create_role "admin")
     get_or_add_user_project_role $admin_role $admin_user $admin_tenant
+    get_or_add_user_domain_role $admin_role $admin_user default
 
     # Create service project/role
     get_or_create_project "$SERVICE_TENANT_NAME" default