Remove changes from PR#2850

server/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java

@@ -40,7 +40,7 @@ public class JdbcIdentityProviderProvisioning implements IdentityProviderProvisi
 
     public static final String DELETE_IDENTITY_PROVIDER_BY_ORIGIN_SQL = "delete from identity_provider where identity_zone_id=? and origin_key = ?";
 
-    public static final String DELETE_IDENTITY_PROVIDER_BY_ZONE_SQL = "delete from identity_provider where identity_zone_id=?";
+    public static final String DELETE_IDENTITY_PROVIDER_BY_ZONE_SQL = "delete from identity_provider where identity_zone_id=? or alias_zid=?";
 
     public static final String IDENTITY_PROVIDER_BY_ID_QUERY = "select " + ID_PROVIDER_FIELDS + " from identity_provider " + "where id=? and identity_zone_id=?";
 
@@ -150,9 +150,12 @@ protected void validate(IdentityProvider provider) {
         }
     }
 
+    /**
+     * Delete all identity providers in the given zone as well as all alias identity providers of them.
+     */
     @Override
     public int deleteByIdentityZone(String zoneId) {
-        return jdbcTemplate.update(DELETE_IDENTITY_PROVIDER_BY_ZONE_SQL, zoneId);
+        return jdbcTemplate.update(DELETE_IDENTITY_PROVIDER_BY_ZONE_SQL, zoneId, zoneId);
     }
 
     @Override

server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java

@@ -336,18 +336,7 @@ public ResponseEntity<IdentityZone> deleteIdentityZone(@PathVariable String id)
             IdentityZone zone = zoneDao.retrieveIgnoreActiveFlag(id);
             // ignore the id in the body, the id in the path is the only one that matters
             IdentityZoneHolder.set(zone);
-
-            /* reject deletion if an IdP with alias exists in the zone - checking for users with alias is not required
-             * here, since they can only exist if their origin IdP has an alias as well */
-            final List<IdentityProvider> idps = idpDao.retrieveAll(false, zone.getId());
-            final boolean idpWithAliasExists = idps.stream()
-                    .map(IdentityProvider::getAliasZid)
-                    .anyMatch(UaaStringUtils::isNotEmpty);
-            if (idpWithAliasExists) {
-                return new ResponseEntity<>(UNPROCESSABLE_ENTITY);
-            }
-
-            if (publisher != null) {
+            if (publisher != null && zone != null) {
                 publisher.publishEvent(new EntityDeletedEvent<>(zone, SecurityContextHolder.getContext().getAuthentication(), IdentityZoneHolder.getCurrentZoneId()));
                 logger.debug("Zone - deleted id[" + zone.getId() + "]");
                 return new ResponseEntity<>(removeKeys(zone), OK);

server/src/test/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioningTests.java

@@ -69,7 +69,7 @@ void deleteProvidersInZone() {
     }
 
     @Test
-    void deleteByIdentityZone_ShouldNotDeleteAliasIdentityProviders() {
+    void deleteByIdentityZone_ShouldAlsoDeleteAliasIdentityProviders() {
         final String originSuffix = generator.generate();
 
         // IdP 1: created in custom zone, no alias
@@ -105,13 +105,13 @@ void deleteByIdentityZone_ShouldNotDeleteAliasIdentityProviders() {
         // delete by zone
         final int rowsDeleted = jdbcIdentityProviderProvisioning.deleteByIdentityZone(otherZoneId1);
 
-        // number should not include the alias IdP
-        Assertions.assertThat(rowsDeleted).isEqualTo(2);
+        // number should also include the alias IdP
+        Assertions.assertThat(rowsDeleted).isEqualTo(3);
 
-        // the two IdPs in the custom zone should be deleted, the alias should still be present
+        // check if all three entries are gone
         assertIdentityProviderDoesNotExist(createdIdp1.getId(), otherZoneId1);
         assertIdentityProviderDoesNotExist(createdIdp2.getId(), otherZoneId1);
-        assertIdentityProviderExists(createdIdp2Alias.getId(), uaaZoneId);
+        assertIdentityProviderDoesNotExist(createdIdp2Alias.getId(), uaaZoneId);
     }
 
     private void assertIdentityProviderExists(final String id, final String zoneId) {

server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpointsTests.java

@@ -2,27 +2,22 @@
 
 import org.cloudfoundry.identity.uaa.error.UaaException;
 import org.cloudfoundry.identity.uaa.extensions.PollutionPreventionExtension;
-import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
 import org.cloudfoundry.identity.uaa.provider.IdentityProviderProvisioning;
 import org.cloudfoundry.identity.uaa.saml.SamlKey;
 import org.cloudfoundry.identity.uaa.scim.ScimGroup;
 import org.cloudfoundry.identity.uaa.scim.ScimGroupProvisioning;
-import org.cloudfoundry.identity.uaa.util.AlphanumericRandomValueStringGenerator;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
 import org.mockito.ArgumentCaptor;
 import org.mockito.InjectMocks;
 import org.mockito.Mock;
 import org.mockito.Mockito;
 import org.mockito.junit.jupiter.MockitoExtension;
-import org.springframework.http.HttpStatus;
-import org.springframework.http.ResponseEntity;
 import org.springframework.validation.BindingResult;
 
 import java.util.List;
 import java.util.stream.Collectors;
 
-import static org.cloudfoundry.identity.uaa.constants.OriginKeys.UAA;
 import static org.cloudfoundry.identity.uaa.util.AssertThrowsWithMessage.assertThrowsWithMessageThat;
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.containsInAnyOrder;
@@ -174,28 +169,6 @@ void reduce_zone_allowed_groups_on_update_should_fail() throws InvalidIdentityZo
             is("The identity zone user configuration contains not-allowed groups."));
     }
 
-    @Test
-    void deleteIdentityZone_ShouldReject_IfIdpWithAliasExists() {
-        final IdentityZone idz = new IdentityZone();
-        final String idzId = new AlphanumericRandomValueStringGenerator(5).generate();
-        idz.setName(idzId);
-        idz.setId(idzId);
-        idz.setSubdomain(idzId);
-        when(mockIdentityZoneProvisioning.retrieveIgnoreActiveFlag(idzId)).thenReturn(idz);
-
-        // arrange IdP with alias exists in zone
-        final IdentityProvider idpWithoutAlias = mock(IdentityProvider.class);
-        when(idpWithoutAlias.getAliasZid()).thenReturn("");
-        final IdentityProvider idpWithAlias = mock(IdentityProvider.class);
-        when(idpWithAlias.getAliasZid()).thenReturn(UAA);
-        when(mockIdentityProviderProvisioning.retrieveAll(false, idzId))
-                .thenReturn(List.of(idpWithoutAlias, idpWithAlias));
-
-        final ResponseEntity<IdentityZone> response = endpoints.deleteIdentityZone(idzId);
-        assertNotNull(response);
-        assertEquals(HttpStatus.UNPROCESSABLE_ENTITY, response.getStatusCode());
-    }
-
     private static IdentityZone createZone() {
         IdentityZone zone = MultitenancyFixture.identityZone("id", "subdomain");
         IdentityZoneConfiguration config = zone.getConfig();

uaa/slateCustomizations/source/index.html.md.erb

@@ -871,7 +871,6 @@ _Error Codes_
 | 401        | Unauthorized - Invalid token                                                |
 | 403        | Forbidden - Insufficient scope (zone admins can only delete their own zone) |
 | 404        | Not Found - Zone does not exist                                             |
-| 422        | Unprocessable Entity - at least one IdP with alias exists in the zone       |
 
 
 # Identity Providers