Remove group deletion for non-sql driver when removing domains.
As LDAP is now read-only, trying to remove it was throwing an error.
We now only try to delete it when the driver is sql-based.
Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
Closes-bug: #1848238
(cherry picked from commit d6977a0e9b
)
This commit is contained in:
parent
c65455965a
commit
acef9c6072
|
@ -500,20 +500,21 @@ class Manager(manager.Manager):
|
||||||
|
|
||||||
driver = self._select_identity_driver(domain_id)
|
driver = self._select_identity_driver(domain_id)
|
||||||
|
|
||||||
user_refs = self.list_users(domain_scope=domain_id)
|
if driver.is_sql:
|
||||||
group_refs = self.list_groups(domain_scope=domain_id)
|
group_refs = self.list_groups(domain_scope=domain_id)
|
||||||
|
for group in group_refs:
|
||||||
for group in group_refs:
|
# Cleanup any existing groups.
|
||||||
# Cleanup any existing groups.
|
try:
|
||||||
try:
|
self.delete_group(group['id'])
|
||||||
self.delete_group(group['id'])
|
except exception.GroupNotFound:
|
||||||
except exception.GroupNotFound:
|
LOG.debug(('Group %(groupid)s not found when deleting '
|
||||||
LOG.debug(('Group %(groupid)s not found when deleting domain '
|
'domain contents for %(domainid)s, continuing '
|
||||||
'contents for %(domainid)s, continuing with '
|
'with cleanup.'),
|
||||||
'cleanup.'),
|
{'groupid': group['id'], 'domainid': domain_id})
|
||||||
{'groupid': group['id'], 'domainid': domain_id})
|
|
||||||
|
|
||||||
# And finally, delete the users themselves
|
# And finally, delete the users themselves
|
||||||
|
user_refs = self.list_users(domain_scope=domain_id)
|
||||||
|
|
||||||
for user in user_refs:
|
for user in user_refs:
|
||||||
try:
|
try:
|
||||||
if not driver.is_sql:
|
if not driver.is_sql:
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[bug 1848238 <https://bugs.launchpad.net/keystone/+bug/1848238>]
|
||||||
|
Allow deleting a domain when using the ldap driver for a domain. There was
|
||||||
|
an attempt to delete the group on the ldap whereas this one is read-only.
|
Loading…
Reference in New Issue