clean tenant permissions for objects when deleteing tenant
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
New
|
Undecided
|
Unassigned | ||
Bug Description
I created a tenant and added it as a member on an image.
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-create --name blabla
+------
| Property | Value |
+------
| description | |
| enabled | True |
| id | 13583923a738481
| name | blabla |
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-list
+------
| id | name | enabled |
+------
| ad326a6c11a742c
| 13583923a738481
| e91123ca3572428
| b730cd0430114a2
| 5266b423a0324fc
+------
I added the tenant as a member on an image:
[root@opens-XXXX ~(keystone_admin)]# glance member-list --image-id 282f2a9a-
+------
| Image ID | Member ID | Can Share |
+------
| 282f2a9a-
| 282f2a9a-
| 282f2a9a-
+------
Than I deleted the tenant:
[root@opens-XXXX ~(keystone_admin)]# keystone tenant-delete 13583923a738481
The tenant still appears as a member on the object:
[root@opens-XXXX ~(keystone_admin)]# glance member-list --image-id 282f2a9a-
+------
| Image ID | Member ID | Can Share |
+------
| 282f2a9a-
| 282f2a9a-
| 282f2a9a-
+------
I think that if we delete the tenant we should clean permissions that were added to it on different objects.
| Dolph Mathews (dolph) wrote | #1 |
Adding glance to bug 967832 and broadening the scope of that bug as a result.