yahoo-eng-team team mailing list archive

[Dolph Mathews <1426184@xxxxxxxxxxxxxxxxxx>]

The _member_ role is a handicap for the v2 API to provide an explicit
means of expressing default tenancy. The existing behavior satisfies
that behavior just fine.

There's really no reason you should be creating the "_member_" role
manually as a deployer. Use another role name instead, such as "Member"
(the pre-existing role which ayoung opted to not conflict with).

** Changed in: keystone
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1426184

Title:
  CONF.member_role_name isn't used for lookups

Status in OpenStack Identity (Keystone):
  Invalid

Bug description:
  The CONF.member_role_name is completely overridden by the
  CONF.member_role_id parameter. The only time that _name is used is on
  first request if there is not a role with member_role_id it will be
  created with _name. However from a deployment perspective I can't set
  the _id, the id is given to me when i create the role so i would need
  to:

  1. openstack role create _member_
  2. take the id and put it into the CONF file
  3. restart keystone

  to make this work. Worse there is a default member_role_id.

  I think member_role_id should default to None, the _id should be
  generated on first request as per now and saved (somewhere), if
  member_role_id is needed and not cached then the first step should be
  to do a role lookup on an existing member_role_name.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1426184/+subscriptions