yahoo-eng-team team mailing list archive

Thread
Date
[Bug 1473292] [NEW] Cannot delete trust with an expired date

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Gilles Dubreuil <gilles@xxxxxxxxxx>
Date: Fri, 10 Jul 2015 05:58:32 -0000
Reply-to: Bug 1473292 <1473292@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Public bug reported:

Using keystone V3 trusts (Kilo 2015.1.0)

Deleting a non expired trust works as expected, meanwhile when trying to
remove an expired trust, Keystone returns the trust doesn't exist.

Also nothing in the documentation [1] indicates expired trusts cannot be
removed or have to flushed from database (using a separate process):

[1] http://specs.openstack.org/openstack/keystone-specs/api/v3/identity-
api-v3-os-trust-ext.html

--- Trust list ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust list --format csv
"ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
"38861fcd00594aa2ac4bfb6355833025","2018-01-01T00:00:00.000000Z",True,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
"3b98a91e56df4f4f879ae982083fdfd4","2015-01-01T00:00:00.000000Z",False,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
-----------------

--- Trust delete a non expired trust ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 38861fcd00594aa2ac4bfb6355833025
--------------------------------------------


--- Trust delete a non expired trust ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 3b98a91e56df4f4f879ae982083fdfd4
ERROR: openstack No trust with a name or ID of '3b98a91e56df4f4f879ae982083fdfd4' exists.
--------------------------------------------


----Keystone log file ---
2015-07-08 16:29:18.134 1635 WARNING keystone.common.wsgi [-] Could not find trust: 3b98a91e56df4f4f879ae982083fdfd4
--------------------------

** Affects: keystone
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1473292

Title:
  Cannot delete trust with an expired date

Status in OpenStack Identity (Keystone):
  New

Bug description:
  Using keystone V3 trusts (Kilo 2015.1.0)

  Deleting a non expired trust works as expected, meanwhile when trying
  to remove an expired trust, Keystone returns the trust doesn't exist.

  Also nothing in the documentation [1] indicates expired trusts cannot
  be removed or have to flushed from database (using a separate
  process):

  [1] http://specs.openstack.org/openstack/keystone-specs/api/v3
  /identity-api-v3-os-trust-ext.html

  --- Trust list ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust list --format csv
  "ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
  "38861fcd00594aa2ac4bfb6355833025","2018-01-01T00:00:00.000000Z",True,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
  "3b98a91e56df4f4f879ae982083fdfd4","2015-01-01T00:00:00.000000Z",False,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
  -----------------

  --- Trust delete a non expired trust ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 38861fcd00594aa2ac4bfb6355833025
  --------------------------------------------

  
  --- Trust delete a non expired trust ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 3b98a91e56df4f4f879ae982083fdfd4
  ERROR: openstack No trust with a name or ID of '3b98a91e56df4f4f879ae982083fdfd4' exists.
  --------------------------------------------

  
  ----Keystone log file ---
  2015-07-08 16:29:18.134 1635 WARNING keystone.common.wsgi [-] Could not find trust: 3b98a91e56df4f4f879ae982083fdfd4
  --------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1473292/+subscriptions
Follow ups

[Bug 1473292] Re: Cannot delete or show a trust with an expired date
From: OpenStack Infra, 2018-09-24