barbican deployment is missing creator role
Bug #1812209 reported by
Juan Antonio Osorio Robles
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
Fix Released
|
Low
|
Juan Antonio Osorio Robles |
Bug Description
The barbican service is not usable out of the box without the creator role. TripleO should create it as part of the deployment in order to get folks a usable deployment without extra steps.
This would be more of a usability fix.
Changed in tripleo: | |
importance: | Undecided → Low |
status: | New → Confirmed |
milestone: | none → stein-3 |
Changed in tripleo: | |
assignee: | nobody → Juan Antonio Osorio Robles (juan-osorio-robles) |
status: | Confirmed → In Progress |
To post a comment you must log in.
Reviewed: https:/ /review. openstack. org/631477 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=dfd408a73d1 4ca2e8b8785d685 b7d88a0739c71d
Committed: https:/
Submitter: Zuul
Branch: master
commit dfd408a73d14ca2 e8b8785d685b7d8 8a0739c71d
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Thu Jan 17 14:17:36 2019 +0200
Create barbican's creator role by default
Barbican has a very specific set of keystone roles that it uses in order
to properly enforce RBAC. One of them (and the most important) is the
creator role. Which you'll assign to your users in order to allow them
to create and retrieve secrets (the other role that can do this is
admin... but we don't want to rely on this).
For usability, lets create this role automatically as part of the
TripleO installation.
Closes-Bug: #1812209 7a6bdf244321215 bd5595a0fa0
Change-Id: I9d5f912684a098