diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index d0bdd914f1..61fd3abdb0 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -1038,6 +1038,17 @@ class Manager(manager.Manager): role_assign_list.append(new_assign) return role_assign_list + def delete_group_assignments(self, group_id): + # FIXME(lbragstad): This should be refactored in the Rocky release so + # that we can pass the group_id to the system assignment backend like + # we do with the project and domain assignment backend. Holding off on + # this because it will require an interface change to the backend, + # making it harder to backport for Queens RC. + self.driver.delete_group_assignments(group_id) + system_assignments = self.list_system_grants_for_group(group_id) + for assignment in system_assignments: + self.delete_system_grant_for_group(group_id, assignment['id']) + def delete_tokens_for_role_assignments(self, role_id): assignments = self.list_role_assignments(role_id=role_id) diff --git a/keystone/tests/unit/test_v3_assignment.py b/keystone/tests/unit/test_v3_assignment.py index 04d937fbcf..247f77a2fc 100644 --- a/keystone/tests/unit/test_v3_assignment.py +++ b/keystone/tests/unit/test_v3_assignment.py @@ -24,7 +24,6 @@ import keystone.conf from keystone import exception from keystone.tests import unit from keystone.tests.unit import test_v3 -from keystone.tests.unit import utils as test_utils CONF = keystone.conf.CONF @@ -426,7 +425,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase, self.head('/auth/tokens', token=token, expected_status=http_client.UNAUTHORIZED) - @test_utils.wip("Waiting on a fix for bug #1749267") def test_delete_group_before_removing_system_assignments_succeeds(self): system_role = self._create_new_role() group = self._create_group() diff --git a/releasenotes/notes/bug-1749267-96153d2fa6868f67.yaml b/releasenotes/notes/bug-1749267-96153d2fa6868f67.yaml new file mode 100644 index 0000000000..310247ae7b --- /dev/null +++ b/releasenotes/notes/bug-1749267-96153d2fa6868f67.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - | + [`bug 1749267 `_] + A group's system role assignments are removed when the group is deleted.