clean tenant permissions for objects when deleteing tenant
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned |
Bug Description
I created a tenant and added it as a member on an image.
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-create --name blabla
+------
| Property | Value |
+------
| description | |
| enabled | True |
| id | 13583923a738481
| name | blabla |
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-list
+------
| id | name | enabled |
+------
| ad326a6c11a742c
| 13583923a738481
| e91123ca3572428
| b730cd0430114a2
| 5266b423a0324fc
+------
I added the tenant as a member on an image:
[root@opens-XXXX ~(keystone_admin)]# glance member-list --image-id 282f2a9a-
+------
| Image ID | Member ID | Can Share |
+------
| 282f2a9a-
| 282f2a9a-
| 282f2a9a-
+------
Than I deleted the tenant:
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-delete 13583923a738481
The tenant still appears as a member on the object:
[root@opens-XXXX ~(keystone_admin)]# glance member-list --image-id 282f2a9a-
+------
| Image ID | Member ID | Can Share |
+------
| 282f2a9a-
| 282f2a9a-
| 282f2a9a-
+------
I think that if we delete the tenant we should clean permissions that were added to it on different objects.
Adding glance to bug 967832 and broadening the scope of that bug as a result.