Add role implication note to basic-default-roles

Expanding upon the Risk Mitigation section of the spec. Note that role implications will be created admin->member->reader regardless of whether or not a new role was created during bootstrap. Change-Id: Ie5cfd122554ccb06be3a7b165209c6b9c3f453db
2018-06-13 11:12:18 -04:00 · 2018-06-13 11:12:18 -04:00 · fa3479f3a3
parent 357c3706aa
commit fa3479f3a3
1 changed files with 2 additions and 1 deletions
--- a/specs/keystone/rocky/define-default-roles.rst
+++ b/specs/keystone/rocky/define-default-roles.rst
@ -270,7 +270,8 @@ for specific instructions on how make one role imply another.
 exists**: Let us assume that Deployment B already has a ``member`` role.
 Keystone will not attempt to overwrite any existing roles that have been
 populated. It will instead note that a role with the name ``member`` already
-exists in log output.
+exists in log output. However, the role implications *will* still be created
+regardless of whether the role existed previously or not.

 Alternatives
 ------------