diff options
| author | Adam Gandelman <adamg@canonical.com> | 2012-04-02 14:21:43 -0700 |
|---|---|---|
| committer | Devin Carlen <devin.carlen@gmail.com> | 2012-04-03 19:05:18 -0700 |
| commit | 7d08d12cea96910145f05499ba7d124603d7c4f6 (patch) | |
| tree | 52579053b246dca941e9509c3220074b2d11e34a | |
| parent | aa542c420aa283968a0154a29038ec0bb1be9326 (diff) | |
| download | keystone-essex-rc2.tar.gz | |
Remove users' tenant membership on user deletion. Resolves a FK constraint
issue that previously went unnoticed due to testing against database
configurations that do not support FK constraints (MyISAM).
Fixes LP bug 959294.
Update: * Move tenant membership cleanup to the sql identity backend
* Add a test case to test_backend_sql
Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e
| -rw-r--r-- | keystone/identity/backends/sql.py | 8 | ||||
| -rw-r--r-- | tests/test_backend_sql.py | 11 |
2 files changed, 19 insertions, 0 deletions
diff --git a/keystone/identity/backends/sql.py b/keystone/identity/backends/sql.py index 7c692475c..e4281a8d5 100644 --- a/keystone/identity/backends/sql.py +++ b/keystone/identity/backends/sql.py @@ -327,7 +327,15 @@ class Identity(sql.Base, identity.Driver): def delete_user(self, user_id): session = self.get_session() user_ref = session.query(User).filter_by(id=user_id).first() + membership_refs = session.query(UserTenantMembership)\ + .filter_by(user_id=user_id)\ + .all() + with session.begin(): + if membership_refs: + for membership_ref in membership_refs: + session.delete(membership_ref) + session.delete(user_ref) session.flush() diff --git a/tests/test_backend_sql.py b/tests/test_backend_sql.py index a8951512e..4d1da37c3 100644 --- a/tests/test_backend_sql.py +++ b/tests/test_backend_sql.py @@ -37,6 +37,17 @@ class SqlIdentity(test.TestCase, test_backend.IdentityTests): self.identity_api = identity_sql.Identity() self.load_fixtures(default_fixtures) + def test_delete_user_with_tenant_association(self): + user = {'id': 'fake', + 'name': 'fakeuser', + 'password': 'passwd'} + self.identity_api.create_user('fake', user) + self.identity_api.add_user_to_tenant(self.tenant_bar['id'], + user['id']) + self.identity_api.delete_user(user['id']) + tenants = self.identity_api.get_tenants_for_user(user['id']) + self.assertEquals(tenants, []) + class SqlToken(test.TestCase, test_backend.TokenTests): def setUp(self): |