From 6bc880ad03f86680507e5606d2798719f4ecb80c Mon Sep 17 00:00:00 2001
From: Pauline <ribeyre@uchicago.edu>
Date: Thu, 12 Dec 2019 15:41:07 -0600
Subject: [PATCH] do not try to delete built in groups

---
 fence/sync/sync_users.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/fence/sync/sync_users.py b/fence/sync/sync_users.py
index 46703dfbd..ecf98aef4 100644
--- a/fence/sync/sync_users.py
+++ b/fence/sync/sync_users.py
@@ -1210,12 +1210,14 @@ def _update_arborist(self, session, user_yaml):
 
         # delete from arborist the groups that have been deleted
         # from the user.yaml
-        current_group_names = set(
+        arborist_groups = set(
             g["name"] for g in self.arborist_client.list_groups().get("groups", [])
         )
-        useryaml_group_names = set(g["name"] for g in groups)
-        for deleted_group in current_group_names.difference(useryaml_group_names):
-            self.arborist_client.delete_group(deleted_group)
+        useryaml_groups = set(g["name"] for g in groups)
+        for deleted_group in arborist_groups.difference(useryaml_groups):
+            # do not try to delete built in groups
+            if deleted_group not in ["anonymous", "logged-in"]:
+                self.arborist_client.delete_group(deleted_group)
 
         # create/update the groups defined in the user.yaml
         for group in groups: