System role assignments exist after system role delete

Bug #1878938 reported by s10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Fix Released
Medium
Vishakha Agarwal

Bug Description

How to reproduce:

1. Create role:
openstack role create dumb_reader
2. Create system role assignment
openstack role add --system all --user admin dumb_reader
3. Check role:
openstack role assignment list --system all
4. Delete role:
openstack role delete dumb_reader

What is expected:
All role assignments with the deleted role are removed.

What is in the reality:
System role assignments are left in the keystone.system_assignment table.

Version of the Keystone: stable/train

s10 (vlad-esten)
summary: - System role assignments are left after system role delete
+ System role assignments exist after system role delete
Colleen Murphy (krinkle)
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Changed in keystone:
assignee: nobody → Vishakha Agarwal (vishakha.agarwal)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/731087

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/760613

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/760614

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/760615

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/760616

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/760619

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/760623

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/731087
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c1dcbb05b4488f1fa3e7af4d9171d11702d94119
Submitter: Zuul
Branch: master

commit c1dcbb05b4488f1fa3e7af4d9171d11702d94119
Author: Vishakha Agarwal <email address hidden>
Date: Wed May 27 12:08:41 2020 +0530

    Delete system role assignments from system_assignment table

    This patch ensures to delete the system role assignments from
    all the assignment tables in keystone after deleting the role
    user has over the system.

    This also make sure of deleting stale role assignments before
    deleting role for the deployments that are already in this state.

    Closes-Bug: #1878938

    Change-Id: I4df19c45c870ff3fb78578ca1fb7dd0d35da3c82

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 19.0.0.0rc1

This issue was fixed in the openstack/keystone 19.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 16.0.2

This issue was fixed in the openstack/keystone 16.0.2 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 17.0.1

This issue was fixed in the openstack/keystone 17.0.1 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/rocky)

Reviewed: https://review.opendev.org/c/openstack/keystone/+/760619
Committed: https://opendev.org/openstack/keystone/commit/226fdb34c18cdec2c69f62b00f3b620c26cf0542
Submitter: "Zuul (22348)"
Branch: stable/rocky

commit 226fdb34c18cdec2c69f62b00f3b620c26cf0542
Author: Vishakha Agarwal <email address hidden>
Date: Wed May 27 12:08:41 2020 +0530

    Delete system role assignments from system_assignment table

    This patch ensures to delete the system role assignments from
    all the assignment tables in keystone after deleting the role
    user has over the system.

    This also make sure of deleting stale role assignments before
    deleting role for the deployments that are already in this state.

    Closes-Bug: #1878938

    Change-Id: I4df19c45c870ff3fb78578ca1fb7dd0d35da3c82
    (cherry picked from commit c1dcbb05b4488f1fa3e7af4d9171d11702d94119)
    (cherry picked from commit b83170a386ba8da2195c7494d04d832ce9b6d7b0)
    (cherry picked from commit 6f93063ff95f3c65af106a09281427e411d01850)
    (cherry picked from commit 7ac0891375656d156f1a9601e3520052dddb39d0)
    (cherry picked from commit e8b477847cabe449be4d3b8a21d8236ddbd84064)
    (cherry picked from commit e4e43d75d56083ca5a05daba1f3a95eb61346f69)

tags: added: in-stable-rocky
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 18.1.0

This issue was fixed in the openstack/keystone 18.1.0 release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Change abandoned on keystone (stable/queens)

Change abandoned by "Douglas Mendizábal <email address hidden>" on branch: stable/queens
Review: https://review.opendev.org/c/openstack/keystone/+/760623
Reason: Abandoning unmerged stable/queens changes.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone rocky-eol

This issue was fixed in the openstack/keystone rocky-eol release.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone stein-eol

This issue was fixed in the openstack/keystone stein-eol release.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.