diff options
| author | Sami MAKKI <mail@samimakki.fr> | 2019-10-16 16:10:15 +0200 |
|---|---|---|
| committer | Grzegorz Grasza <xek@redhat.com> | 2021-07-15 08:56:40 +0000 |
| commit | acef9c60722edf78bcb85328ca5ab23331ab9273 (patch) | |
| tree | 51251c7a7a466d667f400fd8f78a054403008bd8 | |
| parent | c65455965aec303b55bc76388314a2b96a2bc12c (diff) | |
| download | keystone-acef9c60722edf78bcb85328ca5ab23331ab9273.tar.gz | |
Remove group deletion for non-sql driver when removing domains.
As LDAP is now read-only, trying to remove it was throwing an error.
We now only try to delete it when the driver is sql-based.
Change-Id: I15b92b35b31d0e5d735a629e7c154ddd7bdda03d
Closes-bug: #1848238
(cherry picked from commit d6977a0e9b3ed8ae80527d6f6ace67b687b46c60)
| -rw-r--r-- | keystone/identity/core.py | 25 | ||||
| -rw-r--r-- | releasenotes/notes/bug-1848238-f6533644f7907358.yaml | 6 |
2 files changed, 19 insertions, 12 deletions
diff --git a/keystone/identity/core.py b/keystone/identity/core.py index 73102ee5f..2d0c266db 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -500,20 +500,21 @@ class Manager(manager.Manager): driver = self._select_identity_driver(domain_id) - user_refs = self.list_users(domain_scope=domain_id) - group_refs = self.list_groups(domain_scope=domain_id) - - for group in group_refs: - # Cleanup any existing groups. - try: - self.delete_group(group['id']) - except exception.GroupNotFound: - LOG.debug(('Group %(groupid)s not found when deleting domain ' - 'contents for %(domainid)s, continuing with ' - 'cleanup.'), - {'groupid': group['id'], 'domainid': domain_id}) + if driver.is_sql: + group_refs = self.list_groups(domain_scope=domain_id) + for group in group_refs: + # Cleanup any existing groups. + try: + self.delete_group(group['id']) + except exception.GroupNotFound: + LOG.debug(('Group %(groupid)s not found when deleting ' + 'domain contents for %(domainid)s, continuing ' + 'with cleanup.'), + {'groupid': group['id'], 'domainid': domain_id}) # And finally, delete the users themselves + user_refs = self.list_users(domain_scope=domain_id) + for user in user_refs: try: if not driver.is_sql: diff --git a/releasenotes/notes/bug-1848238-f6533644f7907358.yaml b/releasenotes/notes/bug-1848238-f6533644f7907358.yaml new file mode 100644 index 000000000..db6f20754 --- /dev/null +++ b/releasenotes/notes/bug-1848238-f6533644f7907358.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + [bug 1848238 <https://bugs.launchpad.net/keystone/+bug/1848238>] + Allow deleting a domain when using the ldap driver for a domain. There was + an attempt to delete the group on the ldap whereas this one is read-only. |