Permalink
Browse files

Remove tenant membership during user deletion

Remove users' tenant membership on user deletion.  Resolves a FK constraint
issue that previously went unnoticed due to testing against database
configurations that do not support FK constraints (MyISAM).

Fixes LP bug 959294.

Update: * Move tenant membership cleanup to the sql identity backend
        * Add a test case to test_backend_sql

Change-Id: Ib4f5da03033f7886b36d1ab3b8b4ac37f08b2e0e
  • Loading branch information...
1 parent aa542c4 commit 7d08d12cea96910145f05499ba7d124603d7c4f6 Adam Gandelman committed with devcamcar Apr 2, 2012
Showing with 19 additions and 0 deletions.
  1. +8 −0 keystone/identity/backends/sql.py
  2. +11 −0 tests/test_backend_sql.py
@@ -327,7 +327,15 @@ def update_user(self, user_id, user):
def delete_user(self, user_id):
session = self.get_session()
user_ref = session.query(User).filter_by(id=user_id).first()
+ membership_refs = session.query(UserTenantMembership)\
+ .filter_by(user_id=user_id)\
+ .all()
+
with session.begin():
+ if membership_refs:
+ for membership_ref in membership_refs:
+ session.delete(membership_ref)
+
session.delete(user_ref)
session.flush()
View
@@ -37,6 +37,17 @@ def setUp(self):
self.identity_api = identity_sql.Identity()
self.load_fixtures(default_fixtures)
+ def test_delete_user_with_tenant_association(self):
+ user = {'id': 'fake',
+ 'name': 'fakeuser',
+ 'password': 'passwd'}
+ self.identity_api.create_user('fake', user)
+ self.identity_api.add_user_to_tenant(self.tenant_bar['id'],
+ user['id'])
+ self.identity_api.delete_user(user['id'])
+ tenants = self.identity_api.get_tenants_for_user(user['id'])
+ self.assertEquals(tenants, [])
+
class SqlToken(test.TestCase, test_backend.TokenTests):
def setUp(self):

0 comments on commit 7d08d12

Please sign in to comment.