Add cache invalidation when delete application credential

When delete application credentials for a user/project, the realted cache information should be invalidated as well. Closes-Bug: #1747332 Change-Id: I431bf1921a636cce00a807f9d639628da8664c24
2018-02-05 10:37:06 +08:00 · 2018-02-05 10:37:06 +08:00 · c6cfaadf5f
parent 0af4391a08
commit c6cfaadf5f
2 changed files with 11 additions and 5 deletions
--- a/keystone/application_credential/core.py
+++ b/keystone/application_credential/core.py
@ -196,7 +196,11 @@ class Manager(manager.Manager):

        This is triggered when a user is deleted.
        """
+        app_creds = self.driver.list_application_credentials_for_user(
+            user_id, driver_hints.Hints())
        self.driver.delete_application_credentials_for_user(user_id)
+        for app_cred in app_creds:
+            self.get_application_credential.invalidate(self, app_cred['id'])

    def _delete_application_credentials_for_user_on_project(self, user_id,
                                                            project_id):
@ -207,5 +211,12 @@ class Manager(manager.Manager):

        This is triggered when a user loses a role assignment on a project.
        """
+        hints = driver_hints.Hints()
+        hints.add_filter('project_id', project_id)
+        app_creds = self.driver.list_application_credentials_for_user(
+            user_id, hints)
+
        self.driver.delete_application_credentials_for_user_on_project(
            user_id, project_id)
+        for app_cred in app_creds:
+            self.get_application_credential.invalidate(self, app_cred['id'])
--- a/keystone/tests/unit/application_credential/test_backends.py
+++ b/keystone/tests/unit/application_credential/test_backends.py
@ -19,7 +19,6 @@ from keystone.common import driver_hints
 from keystone.common import provider_api
 import keystone.conf
 from keystone import exception
-from keystone.tests.unit import utils as test_utils


 CONF = keystone.conf.CONF
@ -173,8 +172,6 @@ class ApplicationCredentialTests(object):
                          self.app_cred_api.delete_application_credential,
                          uuid.uuid4().hex)

-    @test_utils.wip('Waiting to add cache invalidation from fixing bug '
-                    '1747332')
    def test_deleting_a_user_deletes_application_credentials(self):
        app_cred_1 = self._new_app_cred_data(self.user_foo['id'],
                                             project_id=self.tenant_bar['id'],
@ -208,8 +205,6 @@ class ApplicationCredentialTests(object):
                          self.app_cred_api.get_application_credential,
                          app_cred_2['id'])

-    @test_utils.wip('Waiting to add cache invalidation from fixing bug '
-                    '1747332')
    def test_removing_user_from_project_deletes_application_credentials(self):
        app_cred_proj_A_1 = self._new_app_cred_data(
            self.user_foo['id'], project_id=self.tenant_bar['id'], name='app1')