diff options
| author | Adam Gandelman <adamg@canonical.com> | 2012-04-02 14:21:43 -0700 |
|---|---|---|
| committer | Adam Gandelman <adamg@canonical.com> | 2012-04-03 18:31:16 -0700 |
| commit | 75a8dfef51f3566cd5d4cacee41f34bbbf9d15bd (patch) | |
| tree | 0ec31a6741d683f5306e672f9b2f051ae78189a3 | |
| parent | 198fe22df9a924e08448b5220a694c4f9491b289 (diff) | |
| download | keystone-75a8dfef51f3566cd5d4cacee41f34bbbf9d15bd.tar.gz keystone-75a8dfef51f3566cd5d4cacee41f34bbbf9d15bd.tar.xz keystone-75a8dfef51f3566cd5d4cacee41f34bbbf9d15bd.zip | |
Remove tenant membership during user deletion
Remove users' tenant membership on user deletion. Resolves a FK constraint
issue that previously went unnoticed due to testing against database
configurations that do not support FK constraints (MyISAM).
Fixes LP bug 959294.
Update: * Move tenant membership cleanup to the sql identity backend
* Add a test case to test_backend_sql
Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e
| -rw-r--r-- | keystone/identity/backends/sql.py | 8 | ||||
| -rw-r--r-- | tests/test_backend_sql.py | 11 |
2 files changed, 19 insertions, 0 deletions
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 7c692475..e4281a8d 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -327,7 +327,15 @@ class Identity(sql.Base, identity.Driver): def delete_user(self, user_id): session = self.get_session() user_ref = session.query(User).filter_by(id=user_id).first() + membership_refs = session.query(UserTenantMembership)\ + .filter_by(user_id=user_id)\ + .all() + with session.begin(): + if membership_refs: + for membership_ref in membership_refs: + session.delete(membership_ref) + session.delete(user_ref) session.flush() diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index 0770cf55..02626e6f 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -37,6 +37,17 @@ class SqlIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api = identity_sql.Identity() self.load_fixtures(default_fixtures) + def test_delete_user_with_tenant_association(self): + user = {'id': 'fake', + 'name': 'fakeuser', + 'password': 'passwd'} + self.identity_api.create_user('fake', user) + self.identity_api.add_user_to_tenant(self.tenant_bar['id'], + user['id']) + self.identity_api.delete_user(user['id']) + tenants = self.identity_api.get_tenants_for_user(user['id']) + self.assertEquals(tenants, []) + class SqlToken(test.TestCase, test_backend.TokenTests): def setUp(self): |