Author: Lance Bragstad <lbrags...@gmail.com>
Date: Tue Feb 13 20:37:03 2018 +0000
Expose bug in system assignment when deleting groups
Project and domain role assignment are cleaned up when deleting
groups. This commit introduces a test case that shows this isn't the
case for system role assignments. A subsequent patch will implement
a fix to make sure system role assignments are removed when groups
are deleted, to be consistent with project and domain assignments.
** Changed in: keystone
Status: In Progress => Fix Released
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
System role assignments exist after removing groups
Status in OpenStack Identity (keystone):
Status in OpenStack Identity (keystone) queens series:
Keystone cleans up role assignments a group has on projects and
domains when deleting the group. This isn't true for system role
assignments. Instead, they are left after the group is deleted. I
recreate the issue by doing the following with a basic devstack
$ openstack group create testers
$ openstack role add --group testers --system all admin
$ openstack role assignment list --names (testers will have an assignment on
$ openstack group delete testers
$ openstack role assignment list --names (an empty group assignment will
exist on the system)
Paste recreating the issue .
To manage notifications about this bug go to:
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : firstname.lastname@example.org
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp