Bug 983412 - create tenant before the user
create tenant before the user
Status: CLOSED NOTABUG
Product: Red Hat OpenStack
Classification: Red Hat
Component: python-keystoneclient (Show other bugs)
3.0
x86_64 Linux
unspecified Severity unspecified
: ---
: 4.0
Assigned To: Jakub Ruzicka
Ami Jeain
: Documentation
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-11 03:30 EDT by liziyan
Modified: 2016-04-26 12:49 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Build: CSProcessor Builder Version 1.11 Build Name: 15807, Installation and Configuration Guide-null-1 Build Date: 08-07-2013 12:33:42 Topic ID: 15986-472717 [Latest]
Last Closed: 2013-09-23 09:46:38 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description liziyan 2013-07-11 03:30:07 EDT
Title: Creating an Administrator Account

Describe the issue:

When I create a user ,it doesn't have tenant id.
The command "user-role-add" have no use.


Suggestions for improvement:

1- create tenant;
2- create user with tenant id.

Additional information:
Comment 2 Stephen Gordon 2013-07-11 07:22:47 EDT
(In reply to liziyan from comment #0)
> Title: Creating an Administrator Account
> 
> Describe the issue:
> 
> When I create a user ,it doesn't have tenant id.
> The command "user-role-add" have no use.
> 
> 
> Suggestions for improvement:
> 
> 1- create tenant;
> 2- create user with tenant id.
> 
> Additional information:

Can you please provide some more information? Looking at the "Creating an Administrator Account" section ( https://access.redhat.com/site/documentation/en-US/Red_Hat_OpenStack/3/html/Installation_and_Configuration_Guide/Creating_Roles1.html ) tenant creation occurs in step 5, the user is created in step 6.
Comment 3 liziyan 2013-07-11 23:33:31 EDT
Yes,I follow the steps as this section says,but the step 6 can't give user the tenant_id.

what I did:

1- keystone user-create --name admin --pass admin

2- keystone role-create --name admin

3- keystone tenant-create --name admin 

4- keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID
(userid\roleid\tenantid get from step 1-3)

Now in my database(MySQL)

mysql>use keystone
mysql>select * from user;

"tenantId": null

Then I can't login dashboard,so I think we can create tenant first.

1- keystone tenant-create --name admin

2- keystone user-create --tenant-id TENANTID --name admin --pass admin
Comment 4 Stephen Gordon 2013-07-25 17:13:27 EDT
To me if this command fails:

keystone user-role-add --user-id USERID --role-id ROLEID --tenant-id TENANTID

Then I think that is an issue with Keystone or the client, not something we should be trying to work around in the documentation. Moving to the python-keystoneclient component for further analysis.
Comment 5 Adam Young 2013-09-09 17:10:33 EDT
This bug is invalid as reported.  

user-role-add must be executed by an administrator.  It should give the user a role on a project.  This has nothing to do with the origianal creation of the user:  it would be an additional role.

When you create a user, you can specify the default tenant/project ID for the user, but it has to be a pre-existing project.

If you desire any functionality above what is listed above, please open it as a upstream bug as a wishlist item, and link to the remote report from here.

Note You need to log in before you can comment on or make changes to this bug.