Create default role as a part of bootstrap

Closes-Bug: #1635306

cherry-picked from 357bb561b8cf0f9d9cb62bf96f346e62f0122965

Change-Id: Ib9b7fd3695799766c91e2fbeaaa9015c575b2829

3 files changed, 34 insertions, 18 deletions

diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py
index 56c457809..e549abbe6 100644
--- a/keystone/assignment/core.py
+++ b/keystone/assignment/core.py
@@ -180,21 +180,9 @@ class Manager(manager.Manager):
         role_ids = list(set([x['role_id'] for x in assignment_list]))
         return self.role_api.list_roles_from_ids(role_ids)
 
-    def add_user_to_project(self, tenant_id, user_id):
-        """Add user to a tenant by creating a default role relationship.
-
-        :raises keystone.exception.ProjectNotFound: If the project doesn't
-            exist.
-        :raises keystone.exception.UserNotFound: If the user doesn't exist.
-
-        """
-        self.resource_api.get_project(tenant_id)
+    def ensure_default_role(self):
         try:
             self.role_api.get_role(CONF.member_role_id)
-            self.driver.add_role_to_user_and_project(
-                user_id,
-                tenant_id,
-                CONF.member_role_id)
         except exception.RoleNotFound:
             LOG.info(_LI("Creating the default role %s "
                          "because it does not exist."),
@@ -207,11 +195,23 @@ class Manager(manager.Manager):
                 LOG.info(_LI("Creating the default role %s failed because it "
                              "was already created"),
                          CONF.member_role_id)
-            # now that default role exists, the add should succeed
-            self.driver.add_role_to_user_and_project(
-                user_id,
-                tenant_id,
-                CONF.member_role_id)
+
+    def add_user_to_project(self, tenant_id, user_id):
+        """Add user to a tenant by creating a default role relationship.
+
+        :raises keystone.exception.ProjectNotFound: If the project doesn't
+            exist.
+        :raises keystone.exception.UserNotFound: If the user doesn't exist.
+
+        """
+        self.resource_api.get_project(tenant_id)
+        self.ensure_default_role()
+
+        # now that default role exists, the add should succeed
+        self.driver.add_role_to_user_and_project(
+            user_id,
+            tenant_id,
+            CONF.member_role_id)
         COMPUTED_ASSIGNMENTS_REGION.invalidate()
 
     @notifications.role_assignment('created')
diff --git a/keystone/cmd/cli.py b/keystone/cmd/cli.py
index 83f4da4da..d04e447a5 100644
--- a/keystone/cmd/cli.py
+++ b/keystone/cmd/cli.py
@@ -357,6 +357,8 @@ class BootStrap(BaseApp):
 
                 self.endpoints[interface] = endpoint_ref['id']
 
+        self.assignment_manager.ensure_default_role()
+
     @classmethod
     def main(cls):
         klass = cls()
diff --git a/keystone/tests/unit/test_cli.py b/keystone/tests/unit/test_cli.py
index 6b187ece0..5f51f90e2 100644
--- a/keystone/tests/unit/test_cli.py
+++ b/keystone/tests/unit/test_cli.py
@@ -27,6 +27,7 @@ from keystone.cmd import cli
 from keystone.common import dependency
 from keystone.common.sql import migration_helpers
 import keystone.conf
+from keystone import exception
 from keystone.i18n import _
 from keystone.identity.mapping_backends import mapping as identity_mapping
 from keystone.tests import unit
@@ -183,6 +184,19 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
             user_id,
             bootstrap.password)
 
+    def test_bootstrap_creates_default_role(self):
+        bootstrap = cli.BootStrap()
+        try:
+            role = bootstrap.role_manager.get_role(CONF.member_role_id)
+            self.fail('Member Role is created and should not be.')
+        except exception.RoleNotFound:
+            pass
+
+        self._do_test_bootstrap(bootstrap)
+        role = bootstrap.role_manager.get_role(CONF.member_role_id)
+        self.assertEqual(role['name'], CONF.member_role_name)
+        self.assertEqual(role['id'], CONF.member_role_id)
+
 
 class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):