Bug 1658381

Summary: admin user should have admin role in the Default domain
Product: Red Hat OpenStack Reporter: David Vallee Delisle <dvd>
Component: openstack-keystoneAssignee: John Dennis <jdennis>
Status: CLOSED WONTFIX QA Contact: nlevinki <nlevinki>
Severity: medium Docs Contact:
Priority: medium    
Version: 13.0 (Queens)CC: dvd, jdennis, marjones, nkinder, rmascena
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-12-19 17:46:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Vallee Delisle 2018-12-11 22:26:08 UTC
Description of problem:
* Some 3rd party (NFV) require the admin user to have the admin role in the Default domain.

* Some deployers automatically add the admin user to the Default domain post deployment but it could probably be better to have keystone-manage bootstrap a domain with --bootstrap-domain-name.

* We already assign user to project and create the Default domain in the bootstrapping procedure.

Version-Release number of selected component (if applicable):
Any

How reproducible:
All the time

Steps to Reproduce:
1. Deploy overcloud
2. Verify role for admin user in Default domain

Actual results:
Admin user doesn't have admin role in Default domain

Expected results:
Admin user should have admin role in Default domain

Additional info:
At least Trillio is known to require this.

Adam Young says the right place to do it would be in the upstream keystone-manager bootstrap.

Comment 2 Raildo Mascena de Sousa Filho 2018-12-19 15:37:08 UTC
Can you provide the upstream feedback to the Customer, so we can confirm if we can close this BZ?