Delete system role assignments when deleting groups
Keystone removes role assignments that groups have on projects and domains when deleting groups. This should apply to system role assignments, too. Change-Id: Iebedfcae0b77e350e5359b97fa87894af3f1c8ba Closes-Bug: 1749267
This commit is contained in:
parent
3fa997531f
commit
5a24b96d95
@ -1038,6 +1038,17 @@ class Manager(manager.Manager):
|
||||
role_assign_list.append(new_assign)
|
||||
return role_assign_list
|
||||
|
||||
def delete_group_assignments(self, group_id):
|
||||
# FIXME(lbragstad): This should be refactored in the Rocky release so
|
||||
# that we can pass the group_id to the system assignment backend like
|
||||
# we do with the project and domain assignment backend. Holding off on
|
||||
# this because it will require an interface change to the backend,
|
||||
# making it harder to backport for Queens RC.
|
||||
self.driver.delete_group_assignments(group_id)
|
||||
system_assignments = self.list_system_grants_for_group(group_id)
|
||||
for assignment in system_assignments:
|
||||
self.delete_system_grant_for_group(group_id, assignment['id'])
|
||||
|
||||
def delete_tokens_for_role_assignments(self, role_id):
|
||||
assignments = self.list_role_assignments(role_id=role_id)
|
||||
|
||||
|
@ -24,7 +24,6 @@ import keystone.conf
|
||||
from keystone import exception
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import test_v3
|
||||
from keystone.tests.unit import utils as test_utils
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
@ -426,7 +425,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||
self.head('/auth/tokens', token=token,
|
||||
expected_status=http_client.UNAUTHORIZED)
|
||||
|
||||
@test_utils.wip("Waiting on a fix for bug #1749267")
|
||||
def test_delete_group_before_removing_system_assignments_succeeds(self):
|
||||
system_role = self._create_new_role()
|
||||
group = self._create_group()
|
||||
|
5
releasenotes/notes/bug-1749267-96153d2fa6868f67.yaml
Normal file
5
releasenotes/notes/bug-1749267-96153d2fa6868f67.yaml
Normal file
@ -0,0 +1,5 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_]
|
||||
A group's system role assignments are removed when the group is deleted.
|
Loading…
x
Reference in New Issue
Block a user