Hide Forgot
Description of problem: I created an image and 3 tenants. I added all 3 tenants as members on to the image I deleted one of the tenants but if I look at the image member-list I can still see it in the member list. Version-Release number of selected component (if applicable): openstack-keystone-2013.1.3-1.el6ost.noarch openstack-glance-2013.1.3-1.el6ost.noarch How reproducible: 100% Steps to Reproduce: 1. create an image and a tenants 2. add the tenant as members to the image (glance member-create <image id> <tenant id> 3. delete the tenant 4. list members on the image glance member-list --image-id <image> Actual results: even though tenant is deleted we still have left overs for it in the system Expected results: when deleting a tenant we should clear permissions for it on objects. Additional info: [root@opens-xxxx ~(keystone_admin)]# keystone tenant-create --name gaga +-------------+----------------------------------+ | Property | Value | +-------------+----------------------------------+ | description | | | enabled | True | | id | 187d83ee55b6477eb5dc81b21a296876 | | name | gaga | +-------------+----------------------------------+ [root@opens-xxxx ~(keystone_admin)]# glance member-create 282f2a9a-ab26-4a68-93c3-f534111ba76b 187d83ee55b6477eb5dc81b21a296876 [root@opens-xxxx ~(keystone_admin)]# glance member-list --image-id 282f2a9a-ab26-4a68-93c3-f534111ba76b +--------------------------------------+----------------------------------+-----------+ | Image ID | Member ID | Can Share | +--------------------------------------+----------------------------------+-----------+ | 282f2a9a-ab26-4a68-93c3-f534111ba76b | 187d83ee55b6477eb5dc81b21a296876 | | | 282f2a9a-ab26-4a68-93c3-f534111ba76b | b730cd0430114a24871916d7f112538d | | | 282f2a9a-ab26-4a68-93c3-f534111ba76b | e91123ca35724285a783f33103875dcb | | +--------------------------------------+----------------------------------+-----------+ [root@opens-xxxx ~(keystone_admin)]# keystone tenant-delete 187d83ee55b6477eb5dc81b21a296876 [root@opens-xxxx ~(keystone_admin)]# glance member-list --image-id 282f2a9a-ab26-4a68-93c3-f534111ba76b +--------------------------------------+----------------------------------+-----------+ | Image ID | Member ID | Can Share | +--------------------------------------+----------------------------------+-----------+ | 282f2a9a-ab26-4a68-93c3-f534111ba76b | 187d83ee55b6477eb5dc81b21a296876 | | | 282f2a9a-ab26-4a68-93c3-f534111ba76b | b730cd0430114a24871916d7f112538d | | | 282f2a9a-ab26-4a68-93c3-f534111ba76b | e91123ca35724285a783f33103875dcb | | +--------------------------------------+----------------------------------+-----------+
https://bugs.launchpad.net/keystone/+bug/1221732
From upstream lp 967832: keystone now emits notifications when projects/tenants are delete as part of https://blueprints.launchpad.net/keystone/+spec/notifications Consuming these notifications would be Glance Icehouse feature.
According to the upstream discussion, this bug won't be fixed in Glance[0]. This is something related to the cloud infrastructure management instead. The proposed solution is doing it through horizon[1]. If the `tenant` was deleted using keystone's CLI, then the cleanup must be done manually. [0] https://bugs.launchpad.net/keystone/+bug/967832/comments/17 [1] https://blueprints.launchpad.net/horizon/+spec/tenant-deletion