Delete system role assignments when deleting users
Keystone removes role assignments that users have on projects and domains when deleting users. This should also apply to system role assignments, too. Change-Id: Ied51b9c3b58714b2d5dbcb933eca1839d1351fc7 Closes-Bug: 1749264
This commit is contained in:
parent
25596b874c
commit
3a3b3c5b5a
|
@ -1107,6 +1107,17 @@ class Manager(manager.Manager):
|
|||
payload
|
||||
)
|
||||
|
||||
def delete_user_assignments(self, user_id):
|
||||
# FIXME(lbragstad): This should be refactored in the Rocky release so
|
||||
# that we can pass the user_id to the system assignment backend like we
|
||||
# do with the project and domain assignment backend. Holding off on
|
||||
# this because it will require an interface change to the backend,
|
||||
# making it harder to backport for Queens RC.
|
||||
self.driver.delete_user_assignments(user_id)
|
||||
system_assignments = self.list_system_grants_for_user(user_id)
|
||||
for assignment in system_assignments:
|
||||
self.delete_system_grant_for_user(user_id, assignment['id'])
|
||||
|
||||
def check_system_grant_for_user(self, user_id, role_id):
|
||||
"""Check if a user has a specific role on the system.
|
||||
|
||||
|
|
|
@ -24,7 +24,6 @@ import keystone.conf
|
|||
from keystone import exception
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import test_v3
|
||||
from keystone.tests.unit import utils as test_utils
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
|
@ -366,7 +365,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
|||
# Make sure the role is gone
|
||||
self.head(member_url, expected_status=http_client.NOT_FOUND)
|
||||
|
||||
@test_utils.wip("Waiting for a fix to bug #1749264")
|
||||
def test_delete_user_before_removing_system_assignments_succeeds(self):
|
||||
system_role = self._create_new_role()
|
||||
user = self._create_user()
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1749264 <https://bugs.launchpad.net/keystone/+bug/1749264>`_]
|
||||
A user's system role assignment will be removed when the user is deleted.
|
||||
|
Loading…
Reference in New Issue