OpenStack Identity (keystone)

Delete domain -- doesn't do anything with groups/users/tenants

Bug #1097995 reported by Haneef Ali
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Henry Nash
OpenStack Identity (keystone) 2013.1 "grizzly"

Bug Description

What is the expected behaviour for delete domain? Document doesn't say anything. Code just deletes the domain. What will happen to associated projects/users/groups?

Revision history for this message
Dolph Mathews (dolph) wrote :

The effect should cascade to delete projects, users, groups, role grants among them, user's credentials, tokens, etc. Pretty much everything should be affected except services & endpoints.

Changed in keystone:
milestone: none → grizzly-rc1
status: New → Triaged
Dolph Mathews (dolph)
Changed in keystone:
importance: Undecided → Medium
Dolph Mathews (dolph)
Changed in keystone:
assignee: nobody → Henry Nash (henry-nash)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.openstack.org/24575

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.openstack.org/24575
Committed: http://github.com/openstack/keystone/commit/90fcb996cb2acf7b829b2cccfa485c09e4c0d0e8
Submitter: Jenkins
Branch: master

commit 90fcb996cb2acf7b829b2cccfa485c09e4c0d0e8
Author: Henry Nash <email address hidden>
Date: Fri Mar 15 22:48:50 2013 +0000

    Ensure delete domain removes all owned entities

    Deleting a domain should delete all Users, Groups and Projects
    that are owned by that domain. This is intertwined with making sure
    that deleting Users/Projects clean up their relevant Tokens and
    Credentials (raised as a separate bug, bug fixed here).

    To help avoid inadvertent deletion, we insist that a domain must
    be disabled before it can be deleted.

    In implementing this change, it was discovered that the exception
    CredentialNotFound is referenced in the identity backend, but
    never defined - this was needed here for the unit tests. This is raised
    as a separate bug, and fixed here. A further bug has been raised
    that this indicates we are lacking in negative testing for
    Credentials (not fixed in this change)

    Fixes Bug #1097995
    Fixes Bug #1155921
    Fixes Bug #1155924

    Change-Id: Ibc926f8212fb9bd4426088339a21002a07c86984

Changed in keystone:
status: In Progress → Fix Committed
Thierry Carrez (ttx)
Changed in keystone:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in keystone:
milestone: grizzly-rc1 → 2013.1
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.