From 90fcb996cb2acf7b829b2cccfa485c09e4c0d0e8 Mon Sep 17 00:00:00 2001
From: Henry Nash <henryn@linux.vnet.ibm.com>
Date: Fri, 15 Mar 2013 22:48:50 +0000
Subject: Ensure delete domain removes all owned entities

Deleting a domain should delete all Users, Groups and Projects
that are owned by that domain.  This is intertwined with making sure
that deleting Users/Projects clean up their relevant Tokens and
Credentials (raised as a separate bug, bug fixed here).

To help avoid inadvertent deletion, we insist that a domain must
be disabled before it can be deleted.

In implementing this change, it was discovered that the exception
CredentialNotFound is referenced in the identity backend, but
never defined - this was needed here for the unit tests. This is raised
as a separate bug, and fixed here. A further bug has been raised
that this indicates we are lacking in negative testing for
Credentials (not fixed in this change)

Fixes Bug #1097995
Fixes Bug #1155921
Fixes Bug #1155924

Change-Id: Ibc926f8212fb9bd4426088339a21002a07c86984
---
 keystone/exception.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'keystone/exception.py')

diff --git a/keystone/exception.py b/keystone/exception.py
index 09c43585..5b519cd4 100644
--- a/keystone/exception.py
+++ b/keystone/exception.py
@@ -194,6 +194,10 @@ class TrustNotFound(NotFound):
     """Could not find trust: %(trust_id)s"""
 
 
+class CredentialNotFound(NotFound):
+    """Could not find credential: %(credential_id)s"""
+
+
 class Conflict(Error):
     """Conflict occurred attempting to store %(type)s.
 
-- 
cgit