[Yahoo-eng-team] [Bug 1321378] Re: keystone user-role-delete operation fails when user no longer exists in backend

Mon, 29 Aug 2016 14:12:20 -0700 

So...this is a continuing Saga.  The fix that went in for Keystone only
allows the V3  AP call to continue.  However, there is currently no way
to call that API except for CURL.


Something like:

 curl -X DELETE  -H"X-Auth-Token:$TOKEN" -H "Content-type:
application/json"
$OS_AUTH_URL/projects/e9d504e8524e4c8d9876d179420dab89/users/tuser/roles/95a2366f8b514d43a5584342aefe448e

Will work, but there is no way to invoke that from python-keystoneclient
or python-openwstackclient as both will attempt to list the users and do
a lookup.

We probably need a --userid option that indicates that the passed in
value is a userid, and do not attempt to look it up.

** Also affects: python-openstackclient
   Importance: Undecided
       Status: New

** Also affects: python-keystoneclient
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Identity (keystone).
https://bugs.launchpad.net/bugs/1321378

Title:
  keystone user-role-delete operation fails when user no longer exists
  in backend

Status in OpenStack Identity (keystone):
  Fix Released
Status in python-keystoneclient:
  New
Status in python-openstackclient:
  New

Bug description:
  When using an external user catalog (in our case, AD), if the user is
  removed on the backend catalog, the user-role-* keystone CLI commands
  no longer work, because keystone cannot look up the user.

  The specific situation is a user had been granted roles on some
  projects, but then that user left the company and was removed from the
  backend directory.  When going back to remove the roles assigned to
  that user, the keystone commands fail.

  It may still be possible to do these operations directly through the
  API, I didn't check that.  But ultimately was able to work around it
  by directly removing the entries in the keystone user_project_metadata
  table.

To manage notifications about this bug go to:
https://bugs.launchpad.net/keystone/+bug/1321378/+subscriptions

-- 
Mailing list: https://launchpad.net/~yahoo-eng-team
Post to     : yahoo-eng-team@lists.launchpad.net
Unsubscribe : https://launchpad.net/~yahoo-eng-team
More help   : https://help.launchpad.net/ListHelp

Reply via email to