OpenStack Identity (keystone)

  1. Series ocata
  2. Bug #1693510
  3. Comment #5

Comment 5 for bug 1693510

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to keystone (stable/ocata)

Reviewed: https://review.openstack.org/469299
Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=2fdf89554f75c46e20e4b0ec4c373037da2cfe53
Submitter: Jenkins
Branch: stable/ocata

commit 2fdf89554f75c46e20e4b0ec4c373037da2cfe53
Author: prashkre <email address hidden>
Date: Thu May 25 21:41:55 2017 +0530

    Handle group NotFound in effective assignment list

    When keystone is using an external identity backend such as LDAP for
    storing users and groups, but storing role assignments in the local db,
    and a group that has role assignments is deleted out-of-band, its
    assignments will still exist in the keystone database. If, after this,
    a user attempts to list effective role assignments, keystone will try
    to lookup the group and fail with NotFound.

    This catches the NotFound exception of the list_users_in_group call and
    returns an empty user list so that the effective assignments list does
    not fail.

    Closes-Bug: 1693510
    Change-Id: Ie5f69b150d59287bd0bc68f1ce9eecfeab04c91a
    (cherry picked from commit d09c337619fed8664272848abb3a1351dd5e4c85)