System role assignments exist after system role delete

Bug #1878938 reported by s10
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Identity (keystone)
Medium
Vishakha Agarwal

Bug Description

How to reproduce:

1. Create role:
openstack role create dumb_reader
2. Create system role assignment
openstack role add --system all --user admin dumb_reader
3. Check role:
openstack role assignment list --system all
4. Delete role:
openstack role delete dumb_reader

What is expected:
All role assignments with the deleted role are removed.

What is in the reality:
System role assignments are left in the keystone.system_assignment table.

Version of the Keystone: stable/train

s10 (vlad-esten)
summary: - System role assignments are left after system role delete
+ System role assignments exist after system role delete
Colleen Murphy (krinkle)
Changed in keystone:
status: New → Triaged
importance: Undecided → Medium
Changed in keystone:
assignee: nobody → Vishakha Agarwal (vishakha.agarwal)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (master)

Fix proposed to branch: master
Review: https://review.opendev.org/731087

Changed in keystone:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/victoria)

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/760613

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/760614

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/train)

Fix proposed to branch: stable/train
Review: https://review.opendev.org/760615

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/stein)

Fix proposed to branch: stable/stein
Review: https://review.opendev.org/760616

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/rocky)

Fix proposed to branch: stable/rocky
Review: https://review.opendev.org/760619

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to keystone (stable/queens)

Fix proposed to branch: stable/queens
Review: https://review.opendev.org/760623

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (master)

Reviewed: https://review.opendev.org/731087
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=c1dcbb05b4488f1fa3e7af4d9171d11702d94119
Submitter: Zuul
Branch: master

commit c1dcbb05b4488f1fa3e7af4d9171d11702d94119
Author: Vishakha Agarwal <email address hidden>
Date: Wed May 27 12:08:41 2020 +0530

    Delete system role assignments from system_assignment table

    This patch ensures to delete the system role assignments from
    all the assignment tables in keystone after deleting the role
    user has over the system.

    This also make sure of deleting stale role assignments before
    deleting role for the deployments that are already in this state.

    Closes-Bug: #1878938

    Change-Id: I4df19c45c870ff3fb78578ca1fb7dd0d35da3c82

Changed in keystone:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 19.0.0.0rc1

This issue was fixed in the openstack/keystone 19.0.0.0rc1 release candidate.

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix included in openstack/keystone 16.0.2

This issue was fixed in the openstack/keystone 16.0.2 release.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers