Bug 1005247

Summary: Glance: tenant that has been added as a member on an image is not cleaned when deleting the tenant
Product: Red Hat OpenStack Reporter: Dafna Ron <dron>
Component: openstack-glanceAssignee: Flavio Percoco <fpercoco>
Status: CLOSED WONTFIX QA Contact: Tzach Shefi <tshefi>
Severity: high Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: abaron, apevec, ayoung, eglynn, fpercoco, hateya, yeylon
Target Milestone: ---Keywords: FutureFeature
Target Release: 5.0 (RHEL 7)   
Hardware: x86_64   
OS: Linux   
Whiteboard: storage
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-03 09:46:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Dafna Ron 2013-09-06 13:58:35 UTC 
Description of problem:

I created an image and 3 tenants. 
I added all 3 tenants as members on to the image 

I deleted one of the tenants but if I look at the image member-list I can still see it in the member list. 
 
Version-Release number of selected component (if applicable):

openstack-keystone-2013.1.3-1.el6ost.noarch
openstack-glance-2013.1.3-1.el6ost.noarch

How reproducible:

100%

Steps to Reproduce:
1. create an image and a tenants
2. add the tenant as members to the image (glance member-create <image id> <tenant id> 
3. delete the tenant
4. list members on the image glance member-list --image-id <image>

Actual results:

even though tenant is deleted we still have left overs for it in the system 

Expected results:

when deleting a tenant we should clear permissions for it on objects. 

Additional info:



[root@opens-xxxx ~(keystone_admin)]# keystone tenant-create --name gaga
+-------------+----------------------------------+
|   Property  |              Value               |
+-------------+----------------------------------+
| description |                                  |
|   enabled   |               True               |
|      id     | 187d83ee55b6477eb5dc81b21a296876 |
|     name    |               gaga               |
+-------------+----------------------------------+

[root@opens-xxxx ~(keystone_admin)]# glance member-create 282f2a9a-ab26-4a68-93c3-f534111ba76b 187d83ee55b6477eb5dc81b21a296876

[root@opens-xxxx ~(keystone_admin)]# glance member-list --image-id 282f2a9a-ab26-4a68-93c3-f534111ba76b
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | 187d83ee55b6477eb5dc81b21a296876 |           |
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | b730cd0430114a24871916d7f112538d |           |
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | e91123ca35724285a783f33103875dcb |           |
+--------------------------------------+----------------------------------+-----------+

[root@opens-xxxx ~(keystone_admin)]# keystone tenant-delete 187d83ee55b6477eb5dc81b21a296876

[root@opens-xxxx ~(keystone_admin)]# glance member-list --image-id 282f2a9a-ab26-4a68-93c3-f534111ba76b
+--------------------------------------+----------------------------------+-----------+
| Image ID                             | Member ID                        | Can Share |
+--------------------------------------+----------------------------------+-----------+
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | 187d83ee55b6477eb5dc81b21a296876 |           |
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | b730cd0430114a24871916d7f112538d |           |
| 282f2a9a-ab26-4a68-93c3-f534111ba76b | e91123ca35724285a783f33103875dcb |           |
+--------------------------------------+----------------------------------+-----------+
Comment 1 Dafna Ron 2013-09-06 14:16:13 UTC 
https://bugs.launchpad.net/keystone/+bug/1221732
Comment 2 Alan Pevec 2013-09-06 17:33:12 UTC 
From upstream lp 967832:
keystone now emits notifications when projects/tenants are delete as part of https://blueprints.launchpad.net/keystone/+spec/notifications

Consuming these notifications would be Glance Icehouse feature.
Comment 5 Flavio Percoco 2014-01-03 09:46:17 UTC 
According to the upstream discussion, this bug won't be fixed in Glance[0]. This is something related to the cloud infrastructure management instead. The proposed solution is doing it through horizon[1]. If the `tenant` was deleted using keystone's CLI, then the cleanup must be done manually.

[0] https://bugs.launchpad.net/keystone/+bug/967832/comments/17
[1] https://blueprints.launchpad.net/horizon/+spec/tenant-deletion