OpenStack Identity (keystone)

member_role_id/name conf options reference v2

Bug #1728690 reported by Matthew Edmonds on 2017-10-30

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	Medium	wangxiyuan	OpenStack Identity (keystone) queens-3

Bug Description

The keystone v2 API has been removed, yet we still define the member_role_id and member_role_name conf options that say they are for v2. It appears that they may be used in some v3 code. That should either be modified so that these can be removed, or the help and docs for these options should be updated to explain their usage with v3.

Tags:

Revision history for this message

Adam Young (ayoung) wrote on 2017-10-30:

I think the whole thing is safe to remove. The only logic that is not test or config that I can find is this which is called when creating a role:

        if role['name'] == CONF.member_role_name:
            # Use the configured member role ID when creating the configured
            # member role name. This avoids the potential of creating a
            # "member" role with an unexpected ID.
            role['id'] = CONF.member_role_id
        else:
            role = self._assign_unique_id(role)

In core, there is add_user_to_project( which was the v2 implementation. That called ensure_default_role() to make sure the role existed. This whole path should be V2 onlymy and can be removed.

Revision history for this message

Matthew Edmonds (edmondsw) wrote on 2017-10-30:

ensure_default_role() is also called by bootstrap, and it's not overtly v2-specific other than the fact that the conf settings say v2 in their description. Someone could be relying on that in a v3-only deployment.

There's also https://github.com/openstack/keystone/blob/cc294b7ccdb202ef6e2f80207c037078e3080038/keystone/assignment/controllers.py#L199-L203 in explicitly v3 code. Probably shouldn't be there, but again someone might be relying on it...

Revision history for this message

Adam Young (ayoung) wrote on 2017-10-31:

I don't think there is any harm in leaving the conf option available and documenting it better for now, and also deprecating the behavior explicitly.

Revision history for this message

Lance Bragstad (lbragstad) wrote on 2017-11-21:

Add documentation sounds like the right path forward in the event someone is relying on that role for a v3 deployment.

tags:	added: documentation
Changed in keystone:
importance:	Undecided → Medium

Lance Bragstad (lbragstad) on 2017-11-21

tags:

added: office-hours

wangxiyuan (wangxiyuan) on 2017-11-22

Changed in keystone:
assignee:	nobody → wangxiyuan (wangxiyuan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-11-23: Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/522461

Changed in keystone:
status:	New → In Progress

OpenStack Infra (hudson-openstack) on 2017-11-30

Changed in keystone:
assignee:	wangxiyuan (wangxiyuan) → Colleen Murphy (krinkle)

Colleen Murphy (krinkle) on 2017-11-30

Changed in keystone:
assignee:	Colleen Murphy (krinkle) → wangxiyuan (wangxiyuan)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-20: Fix merged to keystone (master)

Reviewed: https://review.openstack.org/522461
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=23d14f55627ffdabe2749274095975b17796beed
Submitter: Zuul
Branch: master

commit 23d14f55627ffdabe2749274095975b17796beed
Author: wangxiyuan <email address hidden>
Date: Thu Nov 23 15:17:24 2017 +0800

Deprecate member_role_id and member_role_name

    ``member_role_id`` and ``member_role_name`` config options
    are only used for V2. Instead of removing, just deprecate
    them because that maybe some consumers still use them
    for V3.

This patch also removed the usage in
``keystone-manage bootstrap`` as well.

Closes-bug: #1728690

bp: deprecated-as-of-queens
bp: removed-as-of-queens

Change-Id: Ib85479442ec68f9a67615c23e5c39bd217c9b109

Changed in keystone:
status:	In Progress → Fix Released

Lance Bragstad (lbragstad) on 2018-01-08

Changed in keystone:
milestone:	none → queens-3

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2018-01-26: Fix included in openstack/keystone 13.0.0.0b3

This issue was fixed in the openstack/keystone 13.0.0.0b3 development milestone.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.