yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1749267] Re: System role assignments exist after removing groups

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Lance Bragstad <lbragstad@xxxxxxxxx>
Date: Tue, 13 Feb 2018 20:22:52 -0000
Reply-to: Bug 1749267 <1749267@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Tags added: queens-backport-potential

** Also affects: keystone/queens
   Importance: High
       Status: Triaged

** Also affects: keystone/rocky
   Importance: Undecided
       Status: New

** No longer affects: keystone/rocky

** Also affects: keystone/rocky
   Importance: Undecided
       Status: New

** No longer affects: keystone/rocky

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1749267

Title:
  System role assignments exist after removing groups

Status in OpenStack Identity (keystone):
  Triaged
Status in OpenStack Identity (keystone) queens series:
  Triaged

Bug description:
  Keystone cleans up role assignments a group has on projects and
  domains when deleting the group. This isn't true for system role
  assignments. Instead, they are left after the group is deleted. I
  recreate the issue by doing the following with a basic devstack
  install:

  $ openstack group create testers
  $ openstack role add --group testers --system all admin
  $ openstack role assignment list --names (testers will have an assignment on the system)
  $ openstack group delete testers
  $ openstack role assignment list --names (an empty group assignment will exist on the system)

  Paste recreating the issue [0].

  [0] http://paste.openstack.org/raw/671041/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1749267/+subscriptions

References

[Bug 1749267] [NEW] System role assignments exist after removing groups
From: Lance Bragstad, 2018-02-13