Add docs about bootstrapping immutable roles

Add a note to the ``keystone-manage bootstrap`` documentation about the behavior of immutable roles. Change-Id: I1cdbdc8668ed4312660ec269c40e1259517b327c Depends-on: https://review.opendev.org/705859
author: Colleen Murphy <colleen.murphy@suse.com> 2020-02-11 10:59:01 -0800
committer: Colleen Murphy <colleen.murphy@suse.com> 2020-02-11 10:59:01 -0800
commit: 2e97ec5770e0f042c9710f9535ff228740e7ed70 (patch)
tree: 8ee3eb1ea034ba02c314afde74985762c1b4042b /doc
parent: 37aee24a01f6dcb636b06facd718ef7b628576cb (diff)
download: keystone-2e97ec5770e0f042c9710f9535ff228740e7ed70.tar.gz
1 files changed, 4 insertions, 1 deletions
diff --git a/doc/source/admin/bootstrap.rst b/doc/source/admin/bootstrap.rst
index 8b9fc92af..51142b370 100644
--- a/doc/source/admin/bootstrap.rst
+++ b/doc/source/admin/bootstrap.rst
@@ -80,7 +80,10 @@ overrides to perform additional identity operations.
 
 This command will also create ``member`` and ``reader`` roles. The ``admin``
 role implies the ``member`` role and ``member`` role implies the ``reader``
-role.
+role. By default, these three roles are immutable, meaning they are created with
+the ``immutable`` resource option and cannot be modified or deleted unless the
+option is removed. To disable this behavior, add the ``--no-immutable-roles``
+flag.
 
 By creating an ``admin`` user and an identity endpoint you may
 authenticate to keystone and perform identity operations like creating
author	Colleen Murphy <colleen.murphy@suse.com>	2020-02-11 10:59:01 -0800
committer	Colleen Murphy <colleen.murphy@suse.com>	2020-02-11 10:59:01 -0800
commit	2e97ec5770e0f042c9710f9535ff228740e7ed70 (patch)
tree	8ee3eb1ea034ba02c314afde74985762c1b4042b /doc
parent	37aee24a01f6dcb636b06facd718ef7b628576cb (diff)
download	keystone-2e97ec5770e0f042c9710f9535ff228740e7ed70.tar.gz