Comment 13 for bug 1604479

So a few additional comments:

1) In Keystone V2, if a user has a default project, then they are automatically assigned a role on it (the member role). This is not true for V3 (and this is by design). Having a default project with a user created via the V3 API does not give them any role assignments. You have to add these manually.

2) Sounds to me like the puppet models for deploying keystone you are using do not take this into account

3) For a user that does not have a default project, granting them a role on a project will absolutely not make this project their default project (and nor should it).

4) The one thing I am not clear on, is whether there is an issue for a client (e.g. Horizon) talking the keystone V2 API with the fact that if a user has no default project, then the tennatID attribute will not appear at all in the user entity returned (whereas using V3 you would get default_project_id=None in the entity)