Deleting a domain breaks referential integrity
Bug #1153055 reported by
Henry Nash
This bug report is a duplicate of:
Bug #1097995: Delete domain -- doesn't do anything with groups/users/tenants.
Edit
Remove
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Identity (keystone) |
New
|
High
|
Unassigned | ||
Bug Description
When we delete a domain, we don't check if there are resources that are owned by it. Depending on the database this will either leave the DB in a somewhat inconsistent state...or fail with an integrity check error.
A wider question is what SHOULD happen if someone tries to delete a domain? Logically, we should delete all projects, users and groups that are owned by it - although it would be unfortunate if someone did that in error! I suggest we should ONLY allow a domain to be deleted if it is first disabled, as way of preventing inadvertent deletion - and then we should really delete all the entities owned by that domain.
| description: | updated |
| description: | updated |
To post a comment you must log in.
