Update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE

This patch update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE to 'member' from '_member_'. If a user tries to create a new project now it leads to "Could not find default role "_member_" in Keystone" error. Also long time ago keystone-bootstrap changed the default member role that is created to member from the legacy _member_ role. Any deployments that might still be using _member_ should set this explicitly. Closes-Bug: #1957173 Change-Id: I1fc7f44326b82ceb303f8d663ff0b42f0bdf7855
author: manchandavishal <manchandavishal143@gmail.com> 2022-01-12 18:32:52 +0530
committer: manchandavishal <manchandavishal143@gmail.com> 2022-01-17 11:21:31 +0530
commit: a375c5418633f8b15c7255030ecc008e20ccc806 (patch)
tree: b7884af120e0dac6910dcb272aed131fbe66e1e0
parent: 8fe5bbc8daed71658ae1613e1e67f402bcecc24c (diff)
download: horizon-a375c5418633f8b15c7255030ecc008e20ccc806.tar.gz
5 files changed, 19 insertions, 9 deletions
diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst
index ebad4967d..f3ae6ad5f 100644
--- a/doc/source/configuration/settings.rst
+++ b/doc/source/configuration/settings.rst
@@ -1405,7 +1405,12 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE
 
 .. versionadded:: 2011.3(Diablo)
 
-Default: ``"_member_"``
+.. versionchanged:: 21.0.0(Yoga)
+
+Default: ``"member"``
+
+The default value is changed from ``_member_`` to ``member`` to conform
+with what keystone-bootstrap creates.
 
 The name of the role which will be assigned to a user when added to a project.
 This value must correspond to an existing role name in Keystone. In general,
diff --git a/doc/source/contributor/topics/ini-based-configuration.rst b/doc/source/contributor/topics/ini-based-configuration.rst
index 931b16961..3bb79e021 100644
--- a/doc/source/contributor/topics/ini-based-configuration.rst
+++ b/doc/source/contributor/topics/ini-based-configuration.rst
@@ -170,7 +170,7 @@ approach will be used in the initial effort.
 
    cfg.StrOpt(
      'default_role',
-     default='_member_',
+     default='member',
      django-setting='OPENSTACK_KEYSTONE_DEFAULT_ROLE',
      help=...
    )
diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py
index 5a2fcfc08..873895ac4 100644
--- a/openstack_dashboard/dashboards/identity/projects/tests.py
+++ b/openstack_dashboard/dashboards/identity/projects/tests.py
@@ -1379,13 +1379,13 @@ class DetailProjectViewTests(test.BaseAdminViewTests):
         # Check the content of the table
         users_expected = {
             '1': {'roles': ['admin'],
-                  'roles_from_groups': [('_member_', 'group_one'), ], },
-            '2': {'roles': ['_member_'],
+                  'roles_from_groups': [('member', 'group_one'), ], },
+            '2': {'roles': ['member'],
                   'roles_from_groups': [], },
-            '3': {'roles': ['_member_'],
-                  'roles_from_groups': [('_member_', 'group_one'), ], },
+            '3': {'roles': ['member'],
+                  'roles_from_groups': [('member', 'group_one'), ], },
             '4': {'roles': [],
-                  'roles_from_groups': [('_member_', 'group_one'), ], }
+                  'roles_from_groups': [('member', 'group_one'), ], }
         }
 
         users_id_observed = [user.id for user in
@@ -1490,7 +1490,7 @@ class DetailProjectViewTests(test.BaseAdminViewTests):
                                 "horizon/common/_detail_table.html")
 
         # Check the table content
-        groups_expected = {'1': ["_member_"], }
+        groups_expected = {'1': ["member"], }
         groups_id_observed = [group.id for group in
                               res.context["groupstable_table"].data]
 
diff --git a/openstack_dashboard/defaults.py b/openstack_dashboard/defaults.py
index 693395b98..93e188dc1 100644
--- a/openstack_dashboard/defaults.py
+++ b/openstack_dashboard/defaults.py
@@ -381,7 +381,7 @@ OPENSTACK_CINDER_FEATURES = {
 #    "cloud_admin": "rule:admin_required and domain_id:<your domain id>"
 # This value must be the name of the domain whose ID is specified there.
 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
-OPENSTACK_KEYSTONE_DEFAULT_ROLE = '_member_'
+OPENSTACK_KEYSTONE_DEFAULT_ROLE = 'member'
 # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the
 # capabilities of the auth backend for Keystone.
 # If Keystone has been configured to use LDAP as the auth backend then set
diff --git a/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml b/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml
new file mode 100644
index 000000000..64d96c27a
--- /dev/null
+++ b/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml
@@ -0,0 +1,5 @@
+---
+upgrade:
+  - |
+    The default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE is changed from
+    _member_ to member to conform with what keystone-bootstrap creates.
author	manchandavishal <manchandavishal143@gmail.com>	2022-01-12 18:32:52 +0530
committer	manchandavishal <manchandavishal143@gmail.com>	2022-01-17 11:21:31 +0530
commit	a375c5418633f8b15c7255030ecc008e20ccc806 (patch)
tree	b7884af120e0dac6910dcb272aed131fbe66e1e0
parent	8fe5bbc8daed71658ae1613e1e67f402bcecc24c (diff)
download	horizon-a375c5418633f8b15c7255030ecc008e20ccc806.tar.gz