yahoo-eng-team team mailing list archive

[Henry Nash <henryn@xxxxxxxxxxxxxxxxxx>]

Public bug reported:

Trying to delete a grant with an invalid role ID will throw a
RoleNotFound exception.  However, the check for this is buried in the
driver...after the time the assignment manager has already carried out a
bunch of processing (e.g. send out revokes). Is this by design (e.g. let
people clear up tokens for a role ID that somehow has been already
deleted) or just an error?  Given that some processing for the revoking
tokens also happens AFTER the driver call to delete the grant (which
would abort on RoleNotFound), I'm kind of guessing the later.  Views?

** Affects: keystone
     Importance: Undecided
     Assignee: Henry Nash (henry-nash)
         Status: New

** Description changed:

  Trying to delete a grant with an invalid role ID will throw a
  RoleNotFound exception.  However, the check for this is buried in the
  driver...after the time the manager has already carried out a bunch of
- processing (e.g. send out a bunch of revokes). Is this by design (e.g.
- let people clear up tokens for a role ID that has someone been already
- delete) or just an error?  Given that some processing for the revoking
- tokens also happens AFTER the driver call to delete the grant (which
- would abort on RoleNotFound), I'm kind of guessing the later.  Views?
+ processing (e.g. send out revokes). Is this by design (e.g. let people
+ clear up tokens for a role ID that somehow has been already deleted) or
+ just an error?  Given that some processing for the revoking tokens also
+ happens AFTER the driver call to delete the grant (which would abort on
+ RoleNotFound), I'm kind of guessing the later.  Views?

** Description changed:

  Trying to delete a grant with an invalid role ID will throw a
  RoleNotFound exception.  However, the check for this is buried in the
- driver...after the time the manager has already carried out a bunch of
- processing (e.g. send out revokes). Is this by design (e.g. let people
- clear up tokens for a role ID that somehow has been already deleted) or
- just an error?  Given that some processing for the revoking tokens also
- happens AFTER the driver call to delete the grant (which would abort on
- RoleNotFound), I'm kind of guessing the later.  Views?
+ driver...after the time the assignment manager has already carried out a
+ bunch of processing (e.g. send out revokes). Is this by design (e.g. let
+ people clear up tokens for a role ID that somehow has been already
+ deleted) or just an error?  Given that some processing for the revoking
+ tokens also happens AFTER the driver call to delete the grant (which
+ would abort on RoleNotFound), I'm kind of guessing the later.  Views?

** Changed in: keystone
     Assignee: (unassigned) => Henry Nash (henry-nash)

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1406776

Title:
  Trying to delete a grant with an invalid role ID causes unnecessary
  processing

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Trying to delete a grant with an invalid role ID will throw a
  RoleNotFound exception.  However, the check for this is buried in the
  driver...after the time the assignment manager has already carried out
  a bunch of processing (e.g. send out revokes). Is this by design (e.g.
  let people clear up tokens for a role ID that somehow has been already
  deleted) or just an error?  Given that some processing for the
  revoking tokens also happens AFTER the driver call to delete the grant
  (which would abort on RoleNotFound), I'm kind of guessing the later.
  Views?

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1406776/+subscriptions