Public bug reported: The whole purpose of the `keystone-manage bootstrap` command is to help operators establish an admin account they can use to administer the rest of the deployment. It does this by granting the admin user in the bootstrap command an admin role on a project [0].
A system role assignment should also be created so that operators don't lock themselves out of APIs if they set enabled_scope=True in configuration but don't actually have a user with any system role assignments. [0] https://github.com/openstack/keystone/blob/69b8815d046c4eb0164070976e4351b81a15a0e2/keystone/cmd/cli.py#L283-L293 ** Affects: keystone Importance: High Status: Triaged ** Changed in: keystone Milestone: None => queens-rc2 ** Changed in: keystone Importance: Undecided => High ** Changed in: keystone Status: New => Triaged -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1749268 Title: `keystone-manage bootstrap` doesn't handle system role assignments Status in OpenStack Identity (keystone): Triaged Bug description: The whole purpose of the `keystone-manage bootstrap` command is to help operators establish an admin account they can use to administer the rest of the deployment. It does this by granting the admin user in the bootstrap command an admin role on a project [0]. A system role assignment should also be created so that operators don't lock themselves out of APIs if they set enabled_scope=True in configuration but don't actually have a user with any system role assignments. [0] https://github.com/openstack/keystone/blob/69b8815d046c4eb0164070976e4351b81a15a0e2/keystone/cmd/cli.py#L283-L293 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1749268/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp