1 files changed, 23 insertions, 12 deletions

diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py
index b71e2a18..0a2ee681 100644
--- a/keystone/assignment/core.py
+++ b/keystone/assignment/core.py
@@ -35,6 +35,7 @@ DEFAULT_DOMAIN = {'description':
 
 
 @dependency.provider('assignment_api')
+@dependency.requires('identity_api')
 class Manager(manager.Manager):
     """Default pivot point for the Assignment backend.
 
@@ -45,18 +46,14 @@ class Manager(manager.Manager):
     api object by both managers.
     """
 
-    def __init__(self, identity_api=None):
-        if identity_api is None:
-            from keystone import identity
-            identity_api = identity.Manager(self)
-
+    def __init__(self):
         assignment_driver = CONF.assignment.driver
+
         if assignment_driver is None:
-            assignment_driver = identity_api.default_assignment_driver()
+            identity_driver = dependency.REGISTRY['identity_api'].driver
+            assignment_driver = identity_driver.default_assignment_driver()
+
         super(Manager, self).__init__(assignment_driver)
-        self.driver.identity_api = identity_api
-        self.identity_api = identity_api
-        self.identity_api.assignment_api = self
 
     def get_roles_for_user_and_project(self, user_id, tenant_id):
         """Get the roles associated with a user within given project.
@@ -181,9 +178,23 @@ class Manager(manager.Manager):
                  keystone.exception.UserNotFound
 
         """
-        self.driver.add_role_to_user_and_project(user_id,
-                                                 tenant_id,
-                                                 config.CONF.member_role_id)
+        try:
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
+        except exception.RoleNotFound:
+            LOG.info(_("Creating the default role %s "
+                       "because it does not exist.") %
+                     config.CONF.member_role_id)
+            role = {'id': CONF.member_role_id,
+                    'name': CONF.member_role_name}
+            self.driver.create_role(config.CONF.member_role_id, role)
+            #now that default role exists, the add should succeed
+            self.driver.add_role_to_user_and_project(
+                user_id,
+                tenant_id,
+                config.CONF.member_role_id)
 
     def remove_user_from_project(self, tenant_id, user_id):
         """Remove user from a tenant