From a1606f875edda6c89668ae18ea7d88a596d6212b Mon Sep 17 00:00:00 2001
From: shaofeng_cheng <chengsf@winhong.com>
Date: Tue, 16 May 2017 11:10:46 +0800
Subject: [PATCH] Add heat_stack_owner role to admin project

The Orchestration service automatically assigns the heat_stack_user
role to users that it creates during stack deployment.
To avoid conflicts, do not add this role to users with the heat_stack_owner role.

Closes-Bug: #1690975

Change-Id: I7a4cb7f4a13de7be4fc9ce9c24057ece6a0ced5c
---
 ansible/roles/heat/tasks/register.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/ansible/roles/heat/tasks/register.yml b/ansible/roles/heat/tasks/register.yml
index 3d5adfdd9a..5b1c4cacd9 100644
--- a/ansible/roles/heat/tasks/register.yml
+++ b/ansible/roles/heat/tasks/register.yml
@@ -55,3 +55,16 @@
     module_extra_vars:
       openstack_heat_auth: "{{ openstack_heat_auth }}"
   run_once: True
+
+- name: Add the heat_stack_owner role to the admin project
+  kolla_toolbox:
+    module_name: "os_user_role"
+    module_args:
+      project: "{{ openstack_auth.project_name }}"
+      user: "{{ openstack_auth.username }}"
+      role: "{{ heat_stack_owner_role }}"
+      region_name: "{{ openstack_region_name }}"
+      auth: "{{ '{{ openstack_heat_auth }}' }}"
+    module_extra_vars:
+      openstack_heat_auth: "{{ openstack_heat_auth }}"
+  run_once: True