Keystone will automatically create the _member_ role (or whatever role name/id is configured in keystone.conf) when a user is added to a project if the role doesn't exist already:
I suspect that we are only using the v3 API during deployment now, which means that the _member_ role will not be automatically created by Keystone. We should have puppet create the _member_ role.
Keystone will automatically create the _member_ role (or whatever role name/id is configured in keystone.conf) when a user is added to a project if the role doesn't exist already:
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ assignment/ core.py# L166-L173
The method that this code is a part of is only used by the v2 User class in identity/ controller. py:
https:/ /github. com/openstack/ keystone/ blob/master/ keystone/ identity/ controllers. py#L33
I suspect that we are only using the v3 API during deployment now, which means that the _member_ role will not be automatically created by Keystone. We should have puppet create the _member_ role.