As described above, this is by design. Granting authorization in v3 is
more explicit than in v2.
** Changed in: keystone
Status: New => Won't Fix
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1366133
Title:
User create via v3 API doesn't add _member_ role in default project
Status in OpenStack Identity (Keystone):
Won't Fix
Bug description:
There is a discrepancy between creating users via the v2 and v3 API's,
which I'm not sure is a bug or by design:
When creating a user via the v2 API, the _member_ role is added in
their default project, but when creating via the v3 API, despite
default_project_id being specified, it is not.
If possible, I'd like the _member_ role to always be present, as we
need a default role to delegate via trust for heat, and I'd like to
move away from using a special heat_stack_owner role as it's confusing
for users:
https://review.openstack.org/#/c/119415/
-bash-4.2$ openstack --os-token foobar --os-url=http://127.0.0.1:5000/v3
--os-identity-api-version=3 user create --domain Default --project demo
test123456
+--------------------+---------------------------------------------------------------------------------+
| Field | Value
|
+--------------------+---------------------------------------------------------------------------------+
| default_project_id | 19d521c102844134b4c141af967d75fd
|
| domain_id | default
|
| enabled | True
|
| id | 479882b84fed407a9bc5a95778aba85e
|
| links | {u'self':
u'http://192.168.0.4:5000/v3/users/479882b84fed407a9bc5a95778aba85e'} |
| name | test123456
|
+--------------------+---------------------------------------------------------------------------------+
-bash-4.2$ keystone user-create --tenant demo --name v2test123456
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | c8d14d95bec24a56b0414b41b94a9e4e |
| name | v2test123456 |
| tenantId | 19d521c102844134b4c141af967d75fd |
| username | v2test123456 |
+----------+----------------------------------+
-bash-4.2$ keystone user-role-list --tenant demo --user test123456
-bash-4.2$ keystone user-role-list --tenant demo --user v2test123456
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id
| tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
c8d14d95bec24a56b0414b41b94a9e4e | 19d521c102844134b4c141af967d75fd |
+----------------------------------+----------+----------------------------------+----------------------------------+
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1366133/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : [email protected]
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
