- # TODO - need to support groups
- return keystone.users.create(name=user_settings.name, password=user_settings.password,
- email=user_settings.email, project=project,
- # email=user_settings.email, project=project, group='default',
- domain=user_settings.domain_name,
- enabled=user_settings.enabled)
+ os_domain = __get_os_domain_by_name(
+ keystone, user_settings.domain_name)
+ if not os_domain:
+ os_domain = user_settings.domain_name
+ os_user = keystone.users.create(
+ name=user_settings.name, password=user_settings.password,
+ email=user_settings.email, project=project,
+ domain=os_domain, enabled=user_settings.enabled)
+
+ for role_name, role_project in user_settings.roles.items():
+ os_role = get_role_by_name(keystone, role_name)
+ os_project = get_project(keystone=keystone, project_name=role_project)
+
+ if os_role and os_project:
+ existing_roles = get_roles_by_user(keystone, os_user, os_project)
+ found = False
+ for role in existing_roles:
+ if role.id == os_role.id:
+ found = True
+
+ if not found:
+ grant_user_role_to_project(
+ keystone=keystone, user=os_user, role=os_role,
+ project=os_project)
+
+ if os_user:
+ logger.info('Created user with name - %s', os_user.name)
+ return User(name=os_user.name, user_id=os_user.id)