openstack
/
keystone
Code Issues Proposed changes

Remove group deletion for non-sql driver when removing domains. 

As LDAP is now read-only, trying to remove it was throwing an error.
We now only try to delete it when the driver is sql-based.

Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
Closes-bug: #1848238
(cherry picked from commit d6977a0e9b)
This commit is contained in:
Sami MAKKI 2019-10-16 16:10:15 +02:00 committed by Grzegorz Grasza
parent c65455965a
commit acef9c6072
2 changed files with 19 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
keystone/identity/core.py
View File

@ -500,20 +500,21 @@ class Manager(manager.Manager):
driver = self._select_identity_driver(domain_id) driver = self._select_identity_driver(domain_id)
user_refs = self.list_users(domain_scope=domain_id) if driver.is_sql:
group_refs = self.list_groups(domain_scope=domain_id) group_refs = self.list_groups(domain_scope=domain_id)
for group in group_refs:
for group in group_refs: # Cleanup any existing groups.
# Cleanup any existing groups. try:
try: self.delete_group(group['id'])
self.delete_group(group['id']) except exception.GroupNotFound:
except exception.GroupNotFound: LOG.debug(('Group %(groupid)s not found when deleting '
LOG.debug(('Group %(groupid)s not found when deleting domain ' 'domain contents for %(domainid)s, continuing '
'contents for %(domainid)s, continuing with ' 'with cleanup.'),
'cleanup.'), {'groupid': group['id'], 'domainid': domain_id})
{'groupid': group['id'], 'domainid': domain_id})
# And finally, delete the users themselves # And finally, delete the users themselves
user_refs = self.list_users(domain_scope=domain_id)
for user in user_refs: for user in user_refs:
try: try:
if not driver.is_sql: if not driver.is_sql:

6
releasenotes/notes/bug-1848238-f6533644f7907358.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
[bug 1848238 <https://bugs.launchpad.net/keystone/+bug/1848238>]
Allow deleting a domain when using the ldap driver for a domain. There was
an attempt to delete the group on the ldap whereas this one is read-only.