yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1473292] Re: Cannot delete or show a trust with an expired date

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: OpenStack Infra <1473292@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Sep 2018 17:06:40 -0000
Reply-to: Bug 1473292 <1473292@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Reviewed:  https://review.openstack.org/589378
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8232dabcf9cf182c4dc34eafecbe5b60b2438ed1
Submitter: Zuul
Branch:    master

commit 8232dabcf9cf182c4dc34eafecbe5b60b2438ed1
Author: Vishakha Agarwal <agarwalvishakha18@xxxxxxxxx>
Date:   Tue Aug 7 12:16:51 2018 +0530

    Implement Trust Flush via keystone-manage.
    
    Creates a cli entry 'trust_flush' which removes
    all expired trusts.
    
    Change-Id: I1c85b67d24e05db86c85e722fbd773a411c24ac4
    Closes-Bug: #1473292


** Changed in: keystone
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1473292

Title:
  Cannot delete or show a trust with an expired date

Status in OpenStack Identity (keystone):
  Fix Released

Bug description:
  Using keystone V3 trusts (Kilo 2015.1.0)

  Deleting a non expired trust works as expected, meanwhile when trying
  to remove an expired trust, Keystone returns the trust doesn't exist.

  Also nothing in the documentation [1] indicates expired trusts cannot
  be removed or have to flushed from database (using a separate
  process):

  [1] http://specs.openstack.org/openstack/keystone-specs/api/v3
  /identity-api-v3-os-trust-ext.html

  --- Trust list ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust list --format csv
  "ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
  "38861fcd00594aa2ac4bfb6355833025","2018-01-01T00:00:00.000000Z",True,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
  "3b98a91e56df4f4f879ae982083fdfd4","2015-01-01T00:00:00.000000Z",False,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
  -----------------

  --- Trust delete a non-expired trust ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 38861fcd00594aa2ac4bfb6355833025
  --------------------------------------------

  --- Trust delete an expired trust ---
  # openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 3b98a91e56df4f4f879ae982083fdfd4
  ERROR: openstack No trust with a name or ID of '3b98a91e56df4f4f879ae982083fdfd4' exists.
  --------------------------------------------

  ----Keystone log file ---
  2015-07-08 16:29:18.134 1635 WARNING keystone.common.wsgi [-] Could not find trust: 3b98a91e56df4f4f879ae982083fdfd4
  --------------------------

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1473292/+subscriptions

References

[Bug 1473292] [NEW] Cannot delete trust with an expired date
From: Gilles Dubreuil, 2015-07-10