Description of problem: When I add a role to user on a specific tenant I get no indication if the operation succeeded or not . I prefer to get an object which represent the user details or alternately to get a message : "user role has been added successfully" or something similar . See additional information for more details . Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: [root@aqua-vds10 ~(keystone_admin)]# keystone user-list +----------------------------------+---------+---------+-------------------+ | id | name | enabled | email | +----------------------------------+---------+---------+-------------------+ | 5a5fee70ab7d4cab9bc93ca1bb65092c | admin | True | test | | baeaba899b644f5db1ec68ccb4c14867 | alice | True | alice | | 2770f42c57c74f678cb10e1c007bf78b | cinder | True | cinder@localhost | | ea1c55f1e09141df81bd474dc0fb71db | glance | True | glance@localhost | | 3885924867dd4a37978931fa293709ae | nova | True | nova@localhost | | 7fb99e00501d42099b3dabfc20b3caec | quantum | True | quantum@localhost | +----------------------------------+---------+---------+-------------------+ [root@aqua-vds10 ~(keystone_admin)]# keystone role-list +----------------------------------+--------------+ | id | name | +----------------------------------+--------------+ | 39ab475f8d364d7daa7e257bc97922f1 | Member | | 9fe2ff9ee4384b1894a90878d3e92bab | _member_ | | 10a5365539434f96b7cb9a147739e294 | admin | | 0c56d49148a6466f9aa6c349642f3316 | compute-user | +----------------------------------+--------------+ [root@aqua-vds10 ~(keystone_admin)]# keystone tenant-list +----------------------------------+----------+---------+ | id | name | enabled | +----------------------------------+----------+---------+ | 50bed28de0cf4a94abb08b25bcee656a | acme | True | | ebe2b14c28714976823150a0516b675b | admin | True | | db2c4517468448349b9f96d4fc5c7d84 | services | True | +----------------------------------+----------+---------+ ## adding the user role first time [root@aqua-vds10 ~(keystone_admin)]# keystone user-role-add --user=baeaba899b644f5db1ec68ccb4c14867 --role=0c56d49148a6466f9aa6c349642f3316 --tenant-id=50bed28de0cf4a94abb08b25bcee656a [root@aqua-vds10 ~(keystone_admin)]# ## adding the user role second time [root@aqua-vds10 ~(keystone_admin)]# keystone user-role-add --user=baeaba899b644f5db1ec68ccb4c14867 --role=0c56d49148a6466f9aa6c349642f3316 --tenant-id=50bed28de0cf4a94abb08b25bcee656a Unable to communicate with identity service: {"error": {"message": "Conflict occurred attempting to store role grant. User baeaba899b644f5db1ec68ccb4c14867 already has role 0c56d49148a6466f9aa6c349642f3316 in tenant 50bed28de0cf4a94abb08b25bcee656a", "code": 409, "title": "Conflict"}}. (HTTP 409)
Please file this as upstream bug with status of wishlist and link to report here. We will link to the upstream target milestone.