diff options
author | manchandavishal <manchandavishal143@gmail.com> | 2022-01-12 18:32:52 +0530 |
---|---|---|
committer | manchandavishal <manchandavishal143@gmail.com> | 2022-01-17 11:21:31 +0530 |
commit | a375c5418633f8b15c7255030ecc008e20ccc806 (patch) | |
tree | b7884af120e0dac6910dcb272aed131fbe66e1e0 | |
parent | 8fe5bbc8daed71658ae1613e1e67f402bcecc24c (diff) | |
download | horizon-a375c5418633f8b15c7255030ecc008e20ccc806.tar.gz |
Update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE
This patch update default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE
to 'member' from '_member_'. If a user tries to create a new project now
it leads to "Could not find default role "_member_" in Keystone" error.
Also long time ago keystone-bootstrap changed the default member role
that is created to member from the legacy _member_ role. Any deployments
that might still be using _member_ should set this explicitly.
Closes-Bug: #1957173
Change-Id: I1fc7f44326b82ceb303f8d663ff0b42f0bdf7855
5 files changed, 19 insertions, 9 deletions
diff --git a/doc/source/configuration/settings.rst b/doc/source/configuration/settings.rst index ebad4967d..f3ae6ad5f 100644 --- a/doc/source/configuration/settings.rst +++ b/doc/source/configuration/settings.rst @@ -1405,7 +1405,12 @@ OPENSTACK_KEYSTONE_DEFAULT_ROLE .. versionadded:: 2011.3(Diablo) -Default: ``"_member_"`` +.. versionchanged:: 21.0.0(Yoga) + +Default: ``"member"`` + +The default value is changed from ``_member_`` to ``member`` to conform +with what keystone-bootstrap creates. The name of the role which will be assigned to a user when added to a project. This value must correspond to an existing role name in Keystone. In general, diff --git a/doc/source/contributor/topics/ini-based-configuration.rst b/doc/source/contributor/topics/ini-based-configuration.rst index 931b16961..3bb79e021 100644 --- a/doc/source/contributor/topics/ini-based-configuration.rst +++ b/doc/source/contributor/topics/ini-based-configuration.rst @@ -170,7 +170,7 @@ approach will be used in the initial effort. cfg.StrOpt( 'default_role', - default='_member_', + default='member', django-setting='OPENSTACK_KEYSTONE_DEFAULT_ROLE', help=... ) diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index 5a2fcfc08..873895ac4 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -1379,13 +1379,13 @@ class DetailProjectViewTests(test.BaseAdminViewTests): # Check the content of the table users_expected = { '1': {'roles': ['admin'], - 'roles_from_groups': [('_member_', 'group_one'), ], }, - '2': {'roles': ['_member_'], + 'roles_from_groups': [('member', 'group_one'), ], }, + '2': {'roles': ['member'], 'roles_from_groups': [], }, - '3': {'roles': ['_member_'], - 'roles_from_groups': [('_member_', 'group_one'), ], }, + '3': {'roles': ['member'], + 'roles_from_groups': [('member', 'group_one'), ], }, '4': {'roles': [], - 'roles_from_groups': [('_member_', 'group_one'), ], } + 'roles_from_groups': [('member', 'group_one'), ], } } users_id_observed = [user.id for user in @@ -1490,7 +1490,7 @@ class DetailProjectViewTests(test.BaseAdminViewTests): "horizon/common/_detail_table.html") # Check the table content - groups_expected = {'1': ["_member_"], } + groups_expected = {'1': ["member"], } groups_id_observed = [group.id for group in res.context["groupstable_table"].data] diff --git a/openstack_dashboard/defaults.py b/openstack_dashboard/defaults.py index 693395b98..93e188dc1 100644 --- a/openstack_dashboard/defaults.py +++ b/openstack_dashboard/defaults.py @@ -381,7 +381,7 @@ OPENSTACK_CINDER_FEATURES = { # "cloud_admin": "rule:admin_required and domain_id:<your domain id>" # This value must be the name of the domain whose ID is specified there. OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' -OPENSTACK_KEYSTONE_DEFAULT_ROLE = '_member_' +OPENSTACK_KEYSTONE_DEFAULT_ROLE = 'member' # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the # capabilities of the auth backend for Keystone. # If Keystone has been configured to use LDAP as the auth backend then set diff --git a/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml b/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml new file mode 100644 index 000000000..64d96c27a --- /dev/null +++ b/releasenotes/notes/change-keystone-default-role-3f95b6af11aed63b.yaml @@ -0,0 +1,5 @@ +--- +upgrade: + - | + The default value of OPENSTACK_KEYSTONE_DEFAULT_ROLE is changed from + _member_ to member to conform with what keystone-bootstrap creates. |