Prevent deletion of currently scoped tenant

Bug #1360362 reported by Ryan Hallisey
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Opinion
Wishlist
Unassigned

Bug Description

While being the admin, you are able to delete the admin project.

[rhallisey@localhost devstack]$ keystone tenant-list
keystone +----------------------------------+--------------------+---------+
| id | name | enabled |
+----------------------------------+--------------------+---------+
| e00677dd11c545cfaaf9b80ed23791a1 | admin | True |
| 97dc1ee5558642a0b193179e1efa79f7 | alt_demo | True |
| 06a3bb546b5f4889b0ea76e0987a4087 | demo | True |
| 2af18f242b3c4025b8cdafb73b5a7788 | invisible_to_admin | True |
| ff386a5825304cd29a5b6235bfea5aa5 | scrub | True |
| bfa6846390a64f9aa416fe2692ada9d3 | service | True |
+----------------------------------+--------------------+---------+
[rhallisey@localhost devstack]$ keystone tenant-delete admin
[rhallisey@localhost devstack]$ keystone tenant-list
Could not find project: admin (Disable debug mode to suppress these details.) (HTTP 401)

Revision history for this message
Morgan Fainberg (mdrnstm) wrote :

The "admin" tenant (as built in devstack) is an example, not all deployments utilize a tenant called "admin". It is perfectly valid to delete *any* tenant regardless of the name.

Would a sufficient fix be to prevent the deletion of the currently scoped tenant? that is to say, is this a UX issue?

example: If I am using a token for the admin tenant, i cannot delete the admin tenant.

As it stands preventing deletion of a specific tenant based on name is a bad idea, what if a deployment wants to change to a new "admin" tenant called "Cloud Administration"?

Changed in keystone:
status: New → Incomplete
Revision history for this message
Lon Hohberger (lhh) wrote :

That's a really elegant solution, Morgan.

Revision history for this message
Ryan Hallisey (rthall14) wrote :

Good suggestion. Since only admins can delete other admin tenants this will guarantee
that there will be at least one tenant at all times.

summary: - Admin tenant can be deleted
+ Prevent deletion of currently scoped tenant
Changed in keystone:
status: Incomplete → New
Changed in keystone:
milestone: none → juno-rc1
Revision history for this message
Dolph Mathews (dolph) wrote :

We'd also have to not allow the current user to delete themselves, nor the user to remove their last role assignment from the current scope, etc. I'm all in favor of UX, but I also prefer the power to shoot myself in the foot if I so choose. If we "fixed" this, I guarantee we'd get a subsequent bug report complaining that they weren't allowed to delete the last tenant, or whatever.

Changed in keystone:
milestone: juno-rc1 → none
status: New → Opinion
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.