Make our usual admin user to be a real admin,
and open the way for improving the per project
policy.json files.
Change-Id: I133a5953d209bc1edbd03ecfae750f77e3eaa64d
Related-Change: https://review.openstack.org/#/c/242232
... | ... |
@@ -340,6 +340,12 @@ function configure_keystone { |
340 | 340 |
iniset $KEYSTONE_CONF DEFAULT max_token_size 16384 |
341 | 341 |
|
342 | 342 |
iniset $KEYSTONE_CONF fernet_tokens key_repository "$KEYSTONE_CONF_DIR/fernet-keys/" |
343 |
+ |
|
344 |
+ # Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project. |
|
345 |
+ # The users from this project are globally admin as before, but it also |
|
346 |
+ # allows policy changes in order to clarify the adminess scope. |
|
347 |
+ iniset $KEYSTONE_CONF resource admin_project_domain_name default |
|
348 |
+ iniset $KEYSTONE_CONF resource admin_project_name admin |
|
343 | 349 |
} |
344 | 350 |
|
345 | 351 |
# create_keystone_accounts() - Sets up common required keystone accounts |