← Back to team overview

yahoo-eng-team team mailing list archive

  1. yahoo-eng-team team
  2. Mailing list archive
  3. Message #04272

[Bug 1212485] Re: Need to migrate project and role when mix identity backends

  Thread PreviousDate PreviousThread Next 
I'm not clear on your proposed solution, so perhaps a blueprint would be
best?

However, what you're describing is 100% expected. The data simply
doesn't exist in the new backend, nor was keystone responsible for
creating it in the LDAP backend in the first place.

** Changed in: keystone
   Importance: Undecided => Wishlist

** Changed in: keystone
       Status: New => Opinion

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1212485

Title:
  Need to migrate project and role when mix identity backends

Status in OpenStack Identity (Keystone):
  Opinion

Bug description:
  1. Install OpenStack via Devstack with LDAP identity backend, which creates default data like users (e.g. admin), project (e.g. admin project) and role (e.g. admin or member role). Log-in to horizon dashboard with user "admin", which works fine.
  2. Now modify the keystone.conf to set Assignment driver to SQL.
  3. Restart keystone.
  4. Try log-in to horizon dashboard with user "admin" and it fails with error that "you are not authorized for any projects".

  I believe it's happening because the default role and project for user
  'admin' were still in the LDAP and Assignment is now pointing to SQL.

  I was debating myself about opening this is as a bug or blueprint. In
  a way, if user set the identity and assignment to mix backend then one
  can argue that user is aware of changes that need to make to use
  default user, role and project so it's not a bug but with a new
  blueprint we migrate those data and make end user's life simple to use
  the default data. But we can see this as bug too.

  I think besides default data, it can be extended to migrate other data
  that's present in user's environment and need to migrate to assignment
  driver.

  Dolph/Adam, please let me know if this bug makes sense or I should
  open a blueprint or none of these makes sense.

  Thanks!

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1212485/+subscriptions
  Thread PreviousDate PreviousThread Next