Merge "Delete system role assignments when deleting groups" into stable/queens
This commit is contained in:
commit
1dc2173c1c
|
@ -1042,6 +1042,17 @@ class Manager(manager.Manager):
|
||||||
role_assign_list.append(new_assign)
|
role_assign_list.append(new_assign)
|
||||||
return role_assign_list
|
return role_assign_list
|
||||||
|
|
||||||
|
def delete_group_assignments(self, group_id):
|
||||||
|
# FIXME(lbragstad): This should be refactored in the Rocky release so
|
||||||
|
# that we can pass the group_id to the system assignment backend like
|
||||||
|
# we do with the project and domain assignment backend. Holding off on
|
||||||
|
# this because it will require an interface change to the backend,
|
||||||
|
# making it harder to backport for Queens RC.
|
||||||
|
self.driver.delete_group_assignments(group_id)
|
||||||
|
system_assignments = self.list_system_grants_for_group(group_id)
|
||||||
|
for assignment in system_assignments:
|
||||||
|
self.delete_system_grant_for_group(group_id, assignment['id'])
|
||||||
|
|
||||||
def delete_tokens_for_role_assignments(self, role_id):
|
def delete_tokens_for_role_assignments(self, role_id):
|
||||||
assignments = self.list_role_assignments(role_id=role_id)
|
assignments = self.list_role_assignments(role_id=role_id)
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,6 @@ import keystone.conf
|
||||||
from keystone import exception
|
from keystone import exception
|
||||||
from keystone.tests import unit
|
from keystone.tests import unit
|
||||||
from keystone.tests.unit import test_v3
|
from keystone.tests.unit import test_v3
|
||||||
from keystone.tests.unit import utils as test_utils
|
|
||||||
|
|
||||||
|
|
||||||
CONF = keystone.conf.CONF
|
CONF = keystone.conf.CONF
|
||||||
|
@ -449,7 +448,6 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
self.head('/auth/tokens', token=token,
|
self.head('/auth/tokens', token=token,
|
||||||
expected_status=http_client.UNAUTHORIZED)
|
expected_status=http_client.UNAUTHORIZED)
|
||||||
|
|
||||||
@test_utils.wip("Waiting on a fix for bug #1749267")
|
|
||||||
def test_delete_group_before_removing_system_assignments_succeeds(self):
|
def test_delete_group_before_removing_system_assignments_succeeds(self):
|
||||||
system_role = self._create_new_role()
|
system_role = self._create_new_role()
|
||||||
group = self._create_group()
|
group = self._create_group()
|
||||||
|
|
|
@ -0,0 +1,5 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1749267 <https://bugs.launchpad.net/keystone/+bug/1749267>`_]
|
||||||
|
A group's system role assignments are removed when the group is deleted.
|
Loading…
Reference in New Issue