From 75a8dfef51f3566cd5d4cacee41f34bbbf9d15bd Mon Sep 17 00:00:00 2001
From: Adam Gandelman <adamg@canonical.com>
Date: Mon, 2 Apr 2012 14:21:43 -0700
Subject: Remove tenant membership during user deletion

Remove users' tenant membership on user deletion.  Resolves a FK constraint
issue that previously went unnoticed due to testing against database
configurations that do not support FK constraints (MyISAM).

Fixes LP bug 959294.

Update: * Move tenant membership cleanup to the sql identity backend
        * Add a test case to test_backend_sql

Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e
---
 keystone/identity/backends/sql.py | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'keystone')

diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py
index 7c692475..e4281a8d 100644
--- a/keystone/identity/backends/sql.py
+++ b/keystone/identity/backends/sql.py
@@ -327,7 +327,15 @@ class Identity(sql.Base, identity.Driver):
     def delete_user(self, user_id):
         session = self.get_session()
         user_ref = session.query(User).filter_by(id=user_id).first()
+        membership_refs = session.query(UserTenantMembership)\
+                          .filter_by(user_id=user_id)\
+                          .all()
+
         with session.begin():
+            if membership_refs:
+                for membership_ref in membership_refs:
+                    session.delete(membership_ref)
+
             session.delete(user_ref)
             session.flush()
 
-- 
cgit