Public bug reported:
When Keystone is configured to use the LDAP backend for assignments, if a group
with a role assignment is deleted then the role assignments are not deleted as
they should be.
See bug 1365787 for instructions on creating the group role assignment.
Here's an example where I set up a group role assignment:
$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group
| Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
...
| fc4bf67b5d004581b375b98bbc31af38 | |
ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
bknudson@f1-ds:~$ openstack group delete blktest1
bknudson@f1-ds:~$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group
| Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| fc4bf67b5d004581b375b98bbc31af38 | |
ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
That role assignment shouldn't be there anymore.
** Affects: keystone
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to Keystone.
https://bugs.launchpad.net/bugs/1366211
Title:
Using LDAP assignments, delete group doesn't remove assignments
Status in OpenStack Identity (Keystone):
New
Bug description:
When Keystone is configured to use the LDAP backend for assignments, if a
group with a role assignment is deleted then the role assignments are not
deleted as they should be.
See bug 1365787 for instructions on creating the group role
assignment.
Here's an example where I set up a group role assignment:
$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group
| Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
...
| fc4bf67b5d004581b375b98bbc31af38 | |
ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
bknudson@f1-ds:~$ openstack group delete blktest1
bknudson@f1-ds:~$ openstack role assignment list
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| Role | User | Group
| Project | Domain |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
| fc4bf67b5d004581b375b98bbc31af38 | |
ae467ef324584807894ab52566db41f4 | 31e82447e7b2415f934a328e121595ce | |
+----------------------------------+----------------------------------+----------------------------------+----------------------------------+--------+
That role assignment shouldn't be there anymore.
To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1366211/+subscriptions
--
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help : https://help.launchpad.net/ListHelp
