OpenStack Identity (keystone)

How to cleanly remove a user

Asked by Joe T

Hello,

How can a user cleanly be removed from Keystone? Maybe I am missing a step - and I apologize if so - but I'm running into the following issue:

keystone tenant-create --name=ProjectX
keystone user-create --name=Foo --pass=password
keystone user-role-add --user=$USER_ID --tenant_id=$TENANT_ID --role=$ADMIN_ROLE_ID

In the SQL database, I can now see entries under the user, tenant, user_tenant_membership, and metadata tables.

Now, if I do

keystone user-delete $USER_ID

The entry is removed from the user table, but no other tables.

If I do

keystone user-role-remove --user=$USER_ID --tenant_id=$TENANT_ID --role=$ADMIN_ROLE_ID

The entry is removed from user_tenant_membership, but not the metadata table.

keystone user-delete $USER_ID

removes the user from the user table, but still not metadata.

If I add the user to more than one role, the user will stay in the user_tenant_membership table until all roles have been removed, but there is still an entry in metadata.

Is this a bug or am I missing a step for cleanly removing a user?

Thanks,
Joe

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Identity (keystone) Edit question
Assignee:
No assignee Edit question
Solved by:
Joseph Heck
Solved:
Last query:
Last reply:
Revision history for this message
Best Joseph Heck (heckj) said : 		#1

Joe - this is likely a bug, I'm creating a bug report from this question.

Revision history for this message
Joe T (joe-topjian-v) said : 		#2

Perfect - thanks!

Revision history for this message
Joe T (joe-topjian-v) said : 		#3

Thanks Joseph Heck, that solved my question.