Author: Lance Bragstad <lbrags...@gmail.com>
Date: Tue Aug 8 20:31:26 2017 +0000
Unset project ids for all identity backends
Previously, the default behavior for the callback that unset
default project ids was to only call the method for the default
domain's identity driver. This meant that when a project was deleted,
only the default identity backend would have references to that
project removed. This means it would be possible for other identity
backends to still have references to a project that doesn't exist
because the callback wasn't invoked for that specific backend.
This commit ensures each backend clears project id from a user's
default_project_id attribute when a project is deleted.
** Changed in: keystone
Status: In Progress => Fix Released
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
clearing default project_id from users using wrong driver
Status in OpenStack Identity (keystone):
#diff-271e091a68fb7b6526431423e4efe6e5 attempts to clear the default
project_id for users if/when the project to which that ID belongs is
deleted. However it only calls the identity driver for a single
backend (the default driver from /etc/keystone/keystone.conf) instead
of doing this for all backends like it should. In a multiple-backend
environment, this will mean that only users in the backend using the
default driver configuration will have their default project_id field
cleaned up. Any users in a different backend that were using that
project_id as their default would not have that appropriately cleaned
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : email@example.com
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp