Handle group NotFound in effective assignment list
When keystone is using an external identity backend such as LDAP for
storing users and groups, but storing role assignments in the local db,
and a group that has role assignments is deleted out-of-band, its
assignments will still exist in the keystone database. If, after this,
a user attempts to list effective role assignments, keystone will try
to lookup the group and fail with NotFound.
This catches the NotFound exception of the list_users_in_group call and
returns an empty user list so that the effective assignments list does
not fail.
Closes-Bug: 1693510
Change-Id: Ie5f69b150d59287bd0bc68f1ce9eecfeab04c91a
(cherry picked from commit d09c337619fed8664272848abb3a1351dd5e4c85)
Reviewed: https:/ /review. openstack. org/469299 /git.openstack. org/cgit/ openstack/ keystone/ commit/ ?id=2fdf89554f7 5c46e20e4b0ec4c 373037da2cfe53
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit 2fdf89554f75c46 e20e4b0ec4c3730 37da2cfe53
Author: prashkre <email address hidden>
Date: Thu May 25 21:41:55 2017 +0530
Handle group NotFound in effective assignment list
When keystone is using an external identity backend such as LDAP for
storing users and groups, but storing role assignments in the local db,
and a group that has role assignments is deleted out-of-band, its
assignments will still exist in the keystone database. If, after this,
a user attempts to list effective role assignments, keystone will try
to lookup the group and fail with NotFound.
This catches the NotFound exception of the list_users_in_group call and
returns an empty user list so that the effective assignments list does
not fail.
Closes-Bug: 1693510 7bd0bc68f1ce9ee cfeab04c91a 64272848abb3a13 51dd5e4c85)
Change-Id: Ie5f69b150d5928
(cherry picked from commit d09c337619fed86