System role assignments exist after removing groups
Bug #1749267 reported by
Lance Bragstad
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Identity (keystone) |
Fix Released
|
High
|
Lance Bragstad | ||
Queens |
Fix Committed
|
High
|
Lance Bragstad |
Bug Description
Keystone cleans up role assignments a group has on projects and domains when deleting the group. This isn't true for system role assignments. Instead, they are left after the group is deleted. I recreate the issue by doing the following with a basic devstack install:
$ openstack group create testers
$ openstack role add --group testers --system all admin
$ openstack role assignment list --names (testers will have an assignment on the system)
$ openstack group delete testers
$ openstack role assignment list --names (an empty group assignment will exist on the system)
Paste recreating the issue [0].
Changed in keystone: | |
milestone: | none → queens-rc2 |
Changed in keystone: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: queens-backport-potential |
no longer affects: | keystone/rocky |
no longer affects: | keystone/rocky |
Changed in keystone: | |
milestone: | queens-rc2 → rocky-1 |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/544073
Review: https:/