OpenStack Identity (Keystone)

add_user_to_project fails if default role_id hasn't been previously created

Reported by Eduardo Patrocinio on 2013-05-04
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Keystone
High
Adam Young

Bug Description

The function add_user_to_project (self, tenant_id, user_id) uses the default role_id (config.CONF.role_id) without ensuring it has been created beforehand.

If the default role_id hasn't been created, this function throws an error:

  File "/home/edu/OpenStack/keystone/keystone/identity/core.py", line 125, in add_user_to_project
    config.CONF.member_role_id)
  File "/home/edu/OpenStack/keystone/keystone/identity/backends/kvs.py", line 153, in add_role_to_user_and_project
    self.get_role(role_id)
  File "/home/edu/OpenStack/keystone/keystone/identity/backends/kvs.py", line 127, in get_role
    raise exception.RoleNotFound(role_id=role_id)
RoleNotFound: Could not find role: 9fe2ff9ee4384b1894a90878d3e92bab

Adam Young (ayoung) wrote :

Default Role gets created in the SQL migration. KVS either needs an equivalent, or we need to generate the role on demand.

Changed in keystone:
assignee: nobody → Adam Young (ayoung)
Dolph Mathews (dolph) wrote :

I imagine this makes the kvs identity driver completely useless in grizzly..?

Changed in keystone:
status: New → Incomplete
importance: Undecided → Medium
status: Incomplete → Confirmed
Dolph Mathews (dolph) wrote :

This applies to LDAP as well.

Changed in keystone:
importance: Medium → High
tags: added: grizzly-backport-potential

Fix proposed to branch: master
Review: https://review.openstack.org/39476

Changed in keystone:
status: Confirmed → In Progress

Reviewed: https://review.openstack.org/39476
Committed: http://github.com/openstack/keystone/commit/5977b9f2f08ea6e984bebdd17953550adb80df84
Submitter: Jenkins
Branch: master

commit 5977b9f2f08ea6e984bebdd17953550adb80df84
Author: Adam Young <email address hidden>
Date: Wed Jul 31 08:52:25 2013 -0400

    Create default role on demand

    When adding a user to a project, if the default role is missing, create it.

    Bug 1176270

    Change-Id: Id972ccf9c132c362a0b85049d248530dc2d56d54

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2013-09-05
Changed in keystone:
milestone: none → havana-3
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2013-10-17
Changed in keystone:
milestone: havana-3 → 2013.2
Alan Pevec (apevec) on 2014-03-30
tags: removed: grizzly-backport-potential
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers