Bug 1658381 - admin user should have admin role in the Default domain
Summary: admin user should have admin role in the Default domain
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-keystone
Version: 13.0 (Queens)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: John Dennis
QA Contact: nlevinki
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-12-11 22:26 UTC by David Vallee Delisle
Modified: 2018-12-19 17:47 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-12-19 17:46:52 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Launchpad 1808059 None None None 2018-12-11 22:26:07 UTC

Description David Vallee Delisle 2018-12-11 22:26:08 UTC
Description of problem:
* Some 3rd party (NFV) require the admin user to have the admin role in the Default domain.

* Some deployers automatically add the admin user to the Default domain post deployment but it could probably be better to have keystone-manage bootstrap a domain with --bootstrap-domain-name.

* We already assign user to project and create the Default domain in the bootstrapping procedure.

Version-Release number of selected component (if applicable):
Any

How reproducible:
All the time

Steps to Reproduce:
1. Deploy overcloud
2. Verify role for admin user in Default domain

Actual results:
Admin user doesn't have admin role in Default domain

Expected results:
Admin user should have admin role in Default domain

Additional info:
At least Trillio is known to require this.

Adam Young says the right place to do it would be in the upstream keystone-manager bootstrap.

Comment 2 Raildo Mascena de Sousa Filho 2018-12-19 15:37:08 UTC
Can you provide the upstream feedback to the Customer, so we can confirm if we can close this BZ?


Note You need to log in before you can comment on or make changes to this bug.