When deleting a domain group assignment using a not domain-aware backend, such as LDAP, we should get an exception like: 'NotImplemented: Domain metadata not supported by LDAP', as we have for user assignments.
However, trying to delete an assignment of such type, we get:
Traceback (most recent call last):
File "keystone/assignment/core.py", line 570, in delete_grant
domain_id):
File "keystone/common/manager.py", line 47, in wrapper
return f(self, *args, **kwargs)
File "keystone/identity/core.py", line 202, in wrapper
return f(self, *args, **kwargs)
File "keystone/identity/core.py", line 213, in wrapper
return f(self, *args, **kwargs)
File "keystone/identity/core.py", line 816, in list_users_in_group
self._mark_domain_id_filter_satisfied(hints)
File "keystone/identity/core.py", line 526, in _mark_domain_id_filter_satisfied
for filter in hints.filters:
AttributeError: 'str' object has no attribute 'filters'
Pointers to the code are [1][2][3].
This occurs because we pass the domain_id (of type str) as it was a hint (of type driver_hints.Hints) on [1].
A patch to this bug should create a driver_hints.Hints() object with domain_id as a filter of it and pass it as argument, instead of passing domain_id directly.
[1] https://github.com/openstack/keystone/blob/master/keystone/assignment/core.py#L569-L570
[2] https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L813-L816
[3] https://github.com/openstack/keystone/blob/master/keystone/identity/core.py#L526
Fix proposed to branch: master
Review: https:/