Reviewed: https://review.openstack.org/530410 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=3c524e6491c1b35a2f8413ebe046c238bf530d71 Submitter: Zuul Branch: master
commit 3c524e6491c1b35a2f8413ebe046c238bf530d71 Author: Lance Bragstad <lbrags...@gmail.com> Date: Thu Dec 28 22:11:32 2017 +0000 Grant admin a role on the system during bootstrap Now that we have system scope in place, we should make sure at least one user has a role assignment on the system. We can do this at the same time we grant the user a role on a project during bootstrap. This is backwards compatible because even if a deployment doesn't use system-scope, the assignment will just sit there. The deployment will have to opt into enforcing scope by updating configuration options for oslo.policy to enforce scoping. This shouldn't prevent deployments from fixing bug 968696 and using system scope. Closes-Bug: 1749268 Change-Id: I6b7196a28867d9a699716c8fef2609d608a5b2a2 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1749268 Title: `keystone-manage bootstrap` doesn't handle system role assignments Status in OpenStack Identity (keystone): Fix Released Status in OpenStack Identity (keystone) queens series: In Progress Bug description: The whole purpose of the `keystone-manage bootstrap` command is to help operators establish an admin account they can use to administer the rest of the deployment. It does this by granting the admin user in the bootstrap command an admin role on a project [0]. A system role assignment should also be created so that operators don't lock themselves out of APIs if they set enabled_scope=True in configuration but don't actually have a user with any system role assignments. [0] https://github.com/openstack/keystone/blob/69b8815d046c4eb0164070976e4351b81a15a0e2/keystone/cmd/cli.py#L283-L293 To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1749268/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp