yahoo-eng-team team mailing list archive
-
yahoo-eng-team team
-
Mailing list archive
-
Message #74862
[Bug 1473292] Re: Cannot delete or show a trust with an expired date
Reviewed: https://review.openstack.org/589378
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=8232dabcf9cf182c4dc34eafecbe5b60b2438ed1
Submitter: Zuul
Branch: master
commit 8232dabcf9cf182c4dc34eafecbe5b60b2438ed1
Author: Vishakha Agarwal <agarwalvishakha18@xxxxxxxxx>
Date: Tue Aug 7 12:16:51 2018 +0530
Implement Trust Flush via keystone-manage.
Creates a cli entry 'trust_flush' which removes
all expired trusts.
Change-Id: I1c85b67d24e05db86c85e722fbd773a411c24ac4
Closes-Bug: #1473292
** Changed in: keystone
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1473292
Title:
Cannot delete or show a trust with an expired date
Status in OpenStack Identity (keystone):
Fix Released
Bug description:
Using keystone V3 trusts (Kilo 2015.1.0)
Deleting a non expired trust works as expected, meanwhile when trying
to remove an expired trust, Keystone returns the trust doesn't exist.
Also nothing in the documentation [1] indicates expired trusts cannot
be removed or have to flushed from database (using a separate
process):
[1] http://specs.openstack.org/openstack/keystone-specs/api/v3
/identity-api-v3-os-trust-ext.html
--- Trust list ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust list --format csv
"ID","Expires At","Impersonation","Project ID","Trustee User ID","Trustor User ID"
"38861fcd00594aa2ac4bfb6355833025","2018-01-01T00:00:00.000000Z",True,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
"3b98a91e56df4f4f879ae982083fdfd4","2015-01-01T00:00:00.000000Z",False,"78e22bb71862481dbe8335b4ce4551e8","ac994e5701d644b6a3ac78c9dd1ad04a","24b047f52ff94029923f7f0ea982f03f"
-----------------
--- Trust delete a non-expired trust ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 38861fcd00594aa2ac4bfb6355833025
--------------------------------------------
--- Trust delete an expired trust ---
# openstack --os-username adminv3 --os-password testing --os-auth-url http://192.168.64.11:5000/v3 --os-project-name openstackv3 --os-identity-api-version 3 --os-user-domain-name admin_domain --os-project-domain-name admin_domain trust delete 3b98a91e56df4f4f879ae982083fdfd4
ERROR: openstack No trust with a name or ID of '3b98a91e56df4f4f879ae982083fdfd4' exists.
--------------------------------------------
----Keystone log file ---
2015-07-08 16:29:18.134 1635 WARNING keystone.common.wsgi [-] Could not find trust: 3b98a91e56df4f4f879ae982083fdfd4
--------------------------
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1473292/+subscriptions
References