yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1593542] [NEW] Keystone-manage bootstrap can't bootstrap domains other than default

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Shawn Berger <slberger@xxxxxxxxxx>
Date: Fri, 17 Jun 2016 03:49:28 -0000
Reply-to: Bug 1593542 <1593542@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Public bug reported:

When using keystone-manage bootstrap, you can't define the domain that
you want to bootstrap.  It will always work with default.  The problem
is this doesn't help with a multi-domain environment.  An admin user
defined in the default domain doesn't have any permissions in other
domains.  Once a new domain is created a different admin user specific
to that domain would need to be created in order to be able to act
within it.

If the keystone-manage bootstrap utility could allow bootstrapping of
non-default domains then it could facilitate the administration of
larger, multi-domain cloud environments without the security concern
that arises from the older admin_token method.

** Affects: keystone
     Importance: Undecided
     Assignee: Shawn Berger (slberger)
         Status: New

** Changed in: keystone
     Assignee: (unassigned) => Shawn Berger (slberger)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1593542

Title:
  Keystone-manage bootstrap can't bootstrap domains other than default

Status in OpenStack Identity (keystone):
  New

Bug description:
  When using keystone-manage bootstrap, you can't define the domain that
  you want to bootstrap.  It will always work with default.  The problem
  is this doesn't help with a multi-domain environment.  An admin user
  defined in the default domain doesn't have any permissions in other
  domains.  Once a new domain is created a different admin user specific
  to that domain would need to be created in order to be able to act
  within it.

  If the keystone-manage bootstrap utility could allow bootstrapping of
  non-default domains then it could facilitate the administration of
  larger, multi-domain cloud environments without the security concern
  that arises from the older admin_token method.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1593542/+subscriptions

Follow ups

[Bug 1593542] Re: Keystone-manage bootstrap can't bootstrap domains other than default
From: David Stanek, 2016-07-07