diff --git a/keystone/identity/backends/base.py b/keystone/identity/backends/base.py index c4252db53f..953311b465 100644 --- a/keystone/identity/backends/base.py +++ b/keystone/identity/backends/base.py @@ -223,7 +223,7 @@ class IdentityDriverBase(object): @abc.abstractmethod def unset_default_project_id(self, project_id): - """Unset a users default project given a specific project ID. + """Unset a user's default project given a specific project ID. :param str project_id: project ID diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py index a146647175..54e7ad13a4 100644 --- a/keystone/identity/backends/ldap/core.py +++ b/keystone/identity/backends/ldap/core.py @@ -88,8 +88,8 @@ class Identity(base.IdentityDriverBase): return self.user.get_all_filtered(hints) def unset_default_project_id(self, project_id): - # This function is not implemented for the LDAP backend - # LDAP backend is readonly. + # This function is not implemented for the LDAP backend. The LDAP + # backend is readonly. self._disallow_write() def get_user_by_name(self, user_name, domain_id): diff --git a/keystone/identity/core.py b/keystone/identity/core.py index d6ae7ebf54..67352b2ff8 100644 --- a/keystone/identity/core.py +++ b/keystone/identity/core.py @@ -491,7 +491,7 @@ class Manager(manager.Manager): self.event_callbacks = { notifications.ACTIONS.deleted: { 'domain': [self._domain_deleted], - 'project': [self._set_default_project_to_none], + 'project': [self._unset_default_project], }, } @@ -522,15 +522,13 @@ class Manager(manager.Manager): 'cleanup.'), {'userid': user['id'], 'domainid': domain_id}) - def _set_default_project_to_none(self, service, resource_type, operation, - payload): + def _unset_default_project(self, service, resource_type, operation, + payload): """Callback, clears user default_project_id after project deletion. - Notification approach was used instead of using a FK constraint. - Reason being, operators are allowed to have separate backends for - various keystone subsystems. This doesn't guarantee that projects and - users will be stored in the same backend, meaning we can't rely on FK - constraints to do this work for us. + Notifications are used to unset a user's default project because + there is no foreign key to the project. Projects can be in a non-SQL + backend, making FKs impossible. """ project_id = payload['resource_info'] diff --git a/keystone/releasenotes/notes/unset-user-default_project_id-when-project-is-deleted-4d42c841b6e7e54e.yaml b/keystone/releasenotes/notes/unset-user-default_project_id-when-project-is-deleted-4d42c841b6e7e54e.yaml index 569abc9b63..b35ed3fa8b 100644 --- a/keystone/releasenotes/notes/unset-user-default_project_id-when-project-is-deleted-4d42c841b6e7e54e.yaml +++ b/keystone/releasenotes/notes/unset-user-default_project_id-when-project-is-deleted-4d42c841b6e7e54e.yaml @@ -1,14 +1,13 @@ fixes: - | [`bug 1523369 `_] - Currently, if a project is deleted, it is not removed as a user's default - project id. Now the default project id is set to none, however changes may - not be visible until memcache end of life. + Deleting a project will now cause it to be removed as a default project + for users. If caching is enabled the changes may not be visible until the + user's cache entry expires. upgrade: - | - The identity backend driver interface has changed. We've added a new - ``unset_default_project_id(project_id)`` method to unset a users default - project id matching the given project id. If you have a custom - implementation for the identity driver, you will need to implement this - new method. + The identity backend driver interface has changed. A new method, + ``unset_default_project_id(project_id)``, was added to unset a user's + default project ID for a given project ID. Custom backend implementations + must implement this method.