yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #20592
[Bug 1366211] [NEW] Using LDAP assignments, delete group doesn't remove assignments
Public bug reported:
When Keystone is configured to use the LDAP backend for assignments, if a group with a role assignment is deleted then the role assignments are not deleted as they should be.
See bug 1365787 for instructions on creating the group role assignment.
Here's an example where I set up a group role assignment:
$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group | Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
...
| fc4bf67b5d004581b375b98bbc31af38 | | ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
bknudson@f1-ds:~$ openstack group delete blktest1
bknudson@f1-ds:~$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group | Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| fc4bf67b5d004581b375b98bbc31af38 | | ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
That role assignment shouldn't be there anymore.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1366211
Title:
Using LDAP assignments, delete group doesn't remove assignments
Status in OpenStack Identity (Keystone):
New
Bug description:
When Keystone is configured to use the LDAP backend for assignments, if a group with a role assignment is deleted then the role assignments are not deleted as they should be.
See bug 1365787 for instructions on creating the group role
assignment.
Here's an example where I set up a group role assignment:
$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group | Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
...
| fc4bf67b5d004581b375b98bbc31af38 | | ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
bknudson@f1-ds:~$ openstack group delete blktest1
bknudson@f1-ds:~$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group | Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| fc4bf67b5d004581b375b98bbc31af38 | | ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
That role assignment shouldn't be there anymore.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1366211/+subscriptions
Follow ups
References
