yahoo-eng-team team mailing list archive

[OpenStack Infra <1749264@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/543622
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=3a3b3c5b5a35c93b9f3df79887805956208eaf5f
Submitter: Zuul
Branch:    master

commit 3a3b3c5b5a35c93b9f3df79887805956208eaf5f
Author: Lance Bragstad <lbragstad@xxxxxxxxx>
Date:   Mon Feb 12 21:23:45 2018 +0000

    Delete system role assignments when deleting users
    
    Keystone removes role assignments that users have on projects and
    domains when deleting users. This should also apply to system role
    assignments, too.
    
    Change-Id: Ied51b9c3b58714b2d5dbcb933eca1839d1351fc7
    Closes-Bug: 1749264


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1749264

Title:
  System role assignments exist after removing users

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) queens series:
  In Progress

Bug description:
  Keystone cleans up role assignments a user has on projects and domains
  when deleting the user. This isn't true for system role assignments.
  Instead, they are left after the user is deleted. I recreate the issue
  by doing the following with a basic devstack install:

  $ openstack user create bob
  $ openstack role add --user bob --system all admin
  $ openstack role assignment list --names (bob will have a role assignment on the system)
  $ openstack user delete bob
  $ openstack role assignment list --names (an empty assignment will exist on the system)

  Paste recreating the issue [0].

  [0] http://paste.openstack.org/raw/671038/

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1749264/+subscriptions