- projects = get_projects
- projects.each do |project|
- users = get_users(project)
- users.each do |user|
- user_roles = request('user role', 'list', [user, '--project', project])
- hash["#{user}@#{project}"] = []
- user_roles.each do |role|
- hash["#{user}@#{project}"] << role[:name]
+ # Need a mapping of project id to names.
+ project_hash = {}
+ Puppet::Type.type(:keystone_tenant).provider(:openstack).instances.each do |project|
+ project_hash[project.id] = project.name
+ end
+ # Need a mapping of user id to names.
+ user_hash = {}
+ Puppet::Type.type(:keystone_user).provider(:openstack).instances.each do |user|
+ user_hash[user.id] = user.name
+ end
+ # need a mapping of role id to name
+ role_hash = {}
+ request('role', 'list').each {|role| role_hash[role[:id]] = role[:name]}
+ # now, get all role assignments
+ request('role assignment', 'list').each do |assignment|
+ if assignment[:user]
+ if assignment[:project]
+ hash["#{user_hash[assignment[:user]]}@#{project_hash[assignment[:project]]}"] << role_hash[assignment[:role]]
+ else
+ domainname = domain_id_to_name(assignment[:domain])
+ hash["#{user_hash[assignment[:user]]}@::#{domainname}"] << role_hash[assignment[:role]]