Reviewed: https://review.openstack.org/546969 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=1ab693ced85b8bf42fb6b9119225a7ef089e2670 Submitter: Zuul Branch: master
commit 1ab693ced85b8bf42fb6b9119225a7ef089e2670 Author: Jose Castro Leon <[email protected]> Date: Thu Feb 22 13:32:23 2018 +0100 Allow cleaning up non-existant group assignments If a group gets deleted out-of-band in an LDAP environment, the role assignments cannot be cleaned as it checks the existence of the group before triggering the deletion. This fix adds the ability to ignore non-existant group and clean up stale role assignments. We take the same approach with user assignments. Co-Authored-By: Lance Bragstad <[email protected]> Change-Id: I975c8325f50b412c3aa256e1940a27082c009cce Closes-Bug: #1751045 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1751045 Title: The removal of a role on a non existing group throws an error Status in OpenStack Identity (keystone): Fix Released Bug description: In an environment with an ldap server as identity backend, if a group is deleted out-of-band, the role assignment entry cannot be deleted as it checks for the existence of the group in the backend. Therefore the assignments on groups cannot be deleted. There is already a parameter allow_no_user that handles these cases for users but it is not used at all for groups. To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1751045/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
