Browse Source

Invalidate shadow_federated_user cache when deleting protocol

When delete identity provider protocol, the related
shadow_federated_user cache should be invalidated as well.

Change-Id: Ia1a86724b7a6747fc5177476ee462d8d062978e0
Closes-bug: 1810393
tags/15.0.0.0rc1
wangxiyuan 1 year ago
parent
commit
3bcd8968e9
2 changed files with 21 additions and 0 deletions
  1. +15
    -0
      keystone/federation/core.py
  2. +6
    -0
      releasenotes/notes/bug-1810393-5a7d379842c51d9b.yaml

+ 15
- 0
keystone/federation/core.py View File

@@ -173,6 +173,21 @@ class Manager(manager.Manager):
self._validate_mapping_exists(protocol['mapping_id'])
return self.driver.create_protocol(idp_id, protocol_id, protocol)

def delete_protocol(self, idp_id, protocol_id):
hints = driver_hints.Hints()
hints.add_filter('protocol_id', protocol_id)
shadow_users = PROVIDERS.shadow_users_api.list_federated_users_info(
hints)

self.driver.delete_protocol(idp_id, protocol_id)

for shadow_user in shadow_users:
PROVIDERS.identity_api.shadow_federated_user.invalidate(
PROVIDERS.identity_api, shadow_user['idp_id'],
shadow_user['protocol_id'], shadow_user['unique_id'],
shadow_user['display_name'],
shadow_user.get('extra', {}).get('email'))

def update_protocol(self, idp_id, protocol_id, protocol):
self._validate_mapping_exists(protocol['mapping_id'])
return self.driver.update_protocol(idp_id, protocol_id, protocol)

+ 6
- 0
releasenotes/notes/bug-1810393-5a7d379842c51d9b.yaml View File

@@ -0,0 +1,6 @@
---
fixes:
- |
[`bug 1810393 <https://bugs.launchpad.net/keystone/+bug/1810393>`_]
Now when an identity provider protocol is deleted, the cache info for the
related federated users will be invalidated as well.

Loading…
Cancel
Save