Reviewed: https://review.openstack.org/268738 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=cda3853c412a79e0146e248feb315686ca2c7970 Submitter: Jenkins Branch: master
commit cda3853c412a79e0146e248feb315686ca2c7970 Author: Dave Chen <wei.d.c...@intel.com> Date: Sun Jan 17 15:45:30 2016 +0800 Make sure the assignment creation use the right arguments `keystone-manage bootstrap` will fail to create the assignment if project or role exists, this is because the assignment creation is not using the right role id or project id. This patch will fix this issue. Change-Id: I7359cfe8f573ae56556654f1eafcc75079e69ccc Closes-Bug: #1534140 bp: bootstrap ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1534140 Title: keystone-manage bootstrap failed to create assignment if user/project/role exists Status in OpenStack Identity (keystone): Fix Released Bug description: If `keystone-manage bootstrap` fails with the role already exists (this may happen if someone use OSC CLI created a role but someone else want to boostrap a set of `user`, `project` or `role` without aware of the role has already created.), the project or user can still be created successfully. And then if redefine the role, `keystone-manage bootstrap` will still fail since `user`, `project` have been created, but `keystone-manage bootstrap` cannot handle with this. See the example: dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name admin --bootstrap-password abc123 25784 TRACE keystone details=_('Duplicate Entry')) 25784 TRACE keystone Conflict: Conflict occurred attempting to store role - Duplicate Entry 25784 TRACE keystone change the role to `bootstrap_role` ... dave@shldeOTCopen005:~$ keystone-manage bootstrap --bootstrap-username bootstrap_user --bootstrap-project-name bootstrap_project --bootstrap-role-name bootstrap_role --bootstrap-password abc123 25813 TRACE keystone details=_('Duplicate Entry')) 25813 TRACE keystone Conflict: Conflict occurred attempting to store project - Duplicate Entry 25813 TRACE keystone So, if we want to boostrap again, we need delete project, user manually, this is not friendly to end user. `keystone-manage bootstrap` should not create any `user`, `project` if the command is not executed successfully. According to the comments from Morgan, the `user`, `project` or `role` should be created but the real issue is that assignment cannot be created if either of them exists, see the comments #2 for the updated. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1534140/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : yahoo-eng-team@lists.launchpad.net Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp