yahoo-eng-team team mailing list archive

[OpenStack Infra <1751045@xxxxxxxxxxxxxxxxxx>]

Reviewed:  https://review.openstack.org/546969
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=1ab693ced85b8bf42fb6b9119225a7ef089e2670
Submitter: Zuul
Branch:    master

commit 1ab693ced85b8bf42fb6b9119225a7ef089e2670
Author: Jose Castro Leon <jose.castro.leon@xxxxxxx>
Date:   Thu Feb 22 13:32:23 2018 +0100

    Allow cleaning up non-existant group assignments
    
    If a group gets deleted out-of-band in an LDAP environment, the role
    assignments cannot be cleaned as it checks the existence of the group
    before triggering the deletion. This fix adds the ability to ignore
    non-existant group and clean up stale role assignments. We take the
    same approach with user assignments.
    
    Co-Authored-By: Lance Bragstad <lbragstad@xxxxxxxxx>
    
    Change-Id: I975c8325f50b412c3aa256e1940a27082c009cce
    Closes-Bug: #1751045


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1751045

Title:
  The removal of a role on a non existing group throws an error

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  In an environment with an ldap server as identity backend, if a group
  is deleted out-of-band, the role assignment entry cannot be deleted as
  it checks for the existence of the group in the backend.

  Therefore the assignments on groups cannot be deleted.

  There is already a parameter allow_no_user that handles these cases
  for users but it is not used at all for groups.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1751045/+subscriptions