Bug 983412

Summary: create tenant before the user
Product: Red Hat OpenStack Reporter: liziyan <zeastion>
Component: python-keystoneclientAssignee: Jakub Ruzicka <jruzicka>
Status: CLOSED NOTABUG QA Contact: Ami Jeain <ajeain>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 3.0CC: ayoung, dallan, hateya, sgordon, yeylon, zeastion
Target Milestone: ---Keywords: Documentation
Target Release: 4.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Build: CSProcessor Builder Version 1.11 Build Name: 15807, Installation and Configuration Guide-null-1 Build Date: 08-07-2013 12:33:42 Topic ID: 15986-472717 [Latest]
Last Closed: 2013-09-23 13:46:38 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description liziyan 2013-07-11 07:30:07 UTC 
Title: Creating an Administrator Account

Describe the issue:

When I create a user ,it doesn't have tenant id.
The command "user-role-add" have no use.


Suggestions for improvement:

1- create tenant;
2- create user with tenant id.

Additional information:
Comment 2 Stephen Gordon 2013-07-11 11:22:47 UTC 
(In reply to liziyan from comment #0)
> Title: Creating an Administrator Account
> 
> Describe the issue:
> 
> When I create a user ,it doesn't have tenant id.
> The command "user-role-add" have no use.
> 
> 
> Suggestions for improvement:
> 
> 1- create tenant;
> 2- create user with tenant id.
> 
> Additional information:

Can you please provide some more information? Looking at the "Creating an Administrator Account" section ( https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Creating_Roles1.html ) tenant creation occurs in step 5, the user is created in step 6.
Comment 3 liziyan 2013-07-12 03:33:31 UTC 
Yes,I follow the steps as this section says,but the step 6 can't give user the tenant_id.

what I did:

1- keystone user-create --name admin --pass admin

2- keystone role-create --name admin

3- keystone tenant-create --name admin 

4- keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID
(userid\roleid\tenantid get from step 1-3)

Now in my database(MySQL)

mysql>use keystone
mysql>select * from user;

"tenantId": null

Then I can't login dashboard,so I think we can create tenant first.

1- keystone tenant-create --name admin

2- keystone user-create --tenant-id TENANTID --name admin --pass admin
Comment 4 Stephen Gordon 2013-07-25 21:13:27 UTC 
To me if this command fails:

keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID

Then I think that is an issue with Keystone or the client, not something we should be trying to work around in the documentation. Moving to the python-keystoneclient component for further analysis.
Comment 5 Adam Young 2013-09-09 21:10:33 UTC 
This bug is invalid as reported.  

user-role-add must be executed by an administrator.  It should give the user a role on a project.  This has nothing to do with the origianal creation of the user:  it would be an additional role.

When you create a user, you can specify the default tenant/project ID for the user, but it has to be a pre-existing project.

If you desire any functionality above what is listed above, please open it as a upstream bug as a wishlist item, and link to the remote report from here.