I noticed this is being implemented such that the keystone_user_role management is triggered by $configure_user => true, too. However, there are cases where you would want to not manage the user, but would still want to have the role assignment done. (e.g. user/auth backend is read only LDAP, but role assignment is done in Keystone DB.)
Thoughts on implementing a $configure_user_role parameter as well? Or finish this bug out as is, and open a new bug for a parameter for managing the role?
I noticed this is being implemented such that the keystone_user_role management is triggered by $configure_user => true, too. However, there are cases where you would want to not manage the user, but would still want to have the role assignment done. (e.g. user/auth backend is read only LDAP, but role assignment is done in Keystone DB.)
Thoughts on implementing a $configure_ user_role parameter as well? Or finish this bug out as is, and open a new bug for a parameter for managing the role?