OpenStack Identity (keystone)

add_user_to_project fails if default role_id hasn't been previously created

Bug #1176270 reported by Eduardo Patrocinio on 2013-05-04

6

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	OpenStack Identity (keystone)	Fix Released	High	Adam Young	OpenStack Identity (keystone) 2013.2 "havana"

Bug Description

The function add_user_to_project (self, tenant_id, user_id) uses the default role_id (config.CONF.role_id) without ensuring it has been created beforehand.

If the default role_id hasn't been created, this function throws an error:

  File "/home/edu/OpenStack/keystone/keystone/identity/core.py", line 125, in add_user_to_project
    config.CONF.member_role_id)
  File "/home/edu/OpenStack/keystone/keystone/identity/backends/kvs.py", line 153, in add_role_to_user_and_project
    self.get_role(role_id)
  File "/home/edu/OpenStack/keystone/keystone/identity/backends/kvs.py", line 127, in get_role
    raise exception.RoleNotFound(role_id=role_id)
RoleNotFound: Could not find role: 9fe2ff9ee4384b1894a90878d3e92bab

Revision history for this message

Adam Young (ayoung) wrote on 2013-05-07:

#1

Default Role gets created in the SQL migration. KVS either needs an equivalent, or we need to generate the role on demand.

Changed in keystone:
assignee:	nobody → Adam Young (ayoung)

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-07:

#2

I imagine this makes the kvs identity driver completely useless in grizzly..?

Changed in keystone:
status:	New → Incomplete
importance:	Undecided → Medium
status:	Incomplete → Confirmed

Revision history for this message

Dolph Mathews (dolph) wrote on 2013-06-12:

#3

This applies to LDAP as well.

Changed in keystone:
importance:	Medium → High
tags:	added: grizzly-backport-potential

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-07-31: Fix proposed to keystone (master)

#4

Fix proposed to branch: master
Review: https://review.openstack.org/39476

Changed in keystone:
status:	Confirmed → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2013-08-10: Fix merged to keystone (master)

#5

Reviewed: https://review.openstack.org/39476
Committed: http://github.com/openstack/keystone/commit/5977b9f2f08ea6e984bebdd17953550adb80df84
Submitter: Jenkins
Branch: master

commit 5977b9f2f08ea6e984bebdd17953550adb80df84
Author: Adam Young <email address hidden>
Date: Wed Jul 31 08:52:25 2013 -0400

Create default role on demand

When adding a user to a project, if the default role is missing, create it.

Change-Id: Id972ccf9c132c362a0b85049d248530dc2d56d54

Changed in keystone:
status:	In Progress → Fix Committed

Thierry Carrez (ttx) on 2013-09-05

Changed in keystone:
milestone:	none → havana-3
status:	Fix Committed → Fix Released

Thierry Carrez (ttx) on 2013-10-17

Changed in keystone:
milestone:	havana-3 → 2013.2

Alan Pevec (apevec) on 2014-03-30

tags:

removed: grizzly-backport-potential

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.