Description of problem: IMHO keystone should include predefined roles like network-admin, network-viewer ,network-operator , tenant-admin , storage-admin , storage-operator .... These predefined role can secure and ease operation of tenants currently default role is admin . Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
This won't happen upstream. It is not considered keystone's job to dictate how deployments set up their roles. It is also non-trivial to provide this information by packaging as roles are stored in the database rather than config files which is not under the packages control. I think this deployment decisions like this should remain the domain of installers.