Submitter: Zuul
Branch:    master

commit 3fa997531f757a832aab209d585bb98503e72cc2
Author: Lance Bragstad <>
Date:   Tue Feb 13 20:37:03 2018 +0000

    Expose bug in system assignment when deleting groups
    Project and domain role assignment are cleaned up when deleting
    groups. This commit introduces a test case that shows this isn't the
    case for system role assignments. A subsequent patch will implement
    a fix to make sure system role assignments are removed when groups
    are deleted, to be consistent with project and domain assignments.
    Change-Id: I9b452aff144fd8867cdac2f44cbcaa0d1de63a12
    Partial-Bug: 1749267

** Changed in: keystone
       Status: In Progress => Fix Released

You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).

  System role assignments exist after removing groups

Status in OpenStack Identity (keystone):
  Fix Released
Status in OpenStack Identity (keystone) queens series:
  In Progress

Bug description:
  Keystone cleans up role assignments a group has on projects and
  domains when deleting the group. This isn't true for system role
  assignments. Instead, they are left after the group is deleted. I
  recreate the issue by doing the following with a basic devstack

  $ openstack group create testers
  $ openstack role add --group testers --system all admin
  $ openstack role assignment list --names (testers will have an assignment on 
the system)
  $ openstack group delete testers
  $ openstack role assignment list --names (an empty group assignment will 
exist on the system)

  Paste recreating the issue [0].


To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to