The _member_ role is a handicap for the v2 API to provide an explicit
means of expressing default tenancy. The existing behavior satisfies
that behavior just fine.
There's really no reason you should be creating the "_member_" role
manually as a deployer. Use another role name instead, such as "Member"
(the pre-existing role which ayoung opted to not conflict with).
** Changed in: keystone
Status: New => Invalid
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1426184
Title:
CONF.member_role_name isn't used for lookups
Status in OpenStack Identity (Keystone):
Invalid
Bug description:
The CONF.member_role_name is completely overridden by the
CONF.member_role_id parameter. The only time that _name is used is on
first request if there is not a role with member_role_id it will be
created with _name. However from a deployment perspective I can't set
the _id, the id is given to me when i create the role so i would need
to:
1. openstack role create _member_
2. take the id and put it into the CONF file
3. restart keystone
to make this work. Worse there is a default member_role_id.
I think member_role_id should default to None, the _id should be
generated on first request as per now and saved (somewhere), if
member_role_id is needed and not cached then the first step should be
to do a role lookup on an existing member_role_name.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1426184/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
