Delete role does not delete role assignments in tenants (bug 1057436)
Change-Id: I2474c2a74135470162030a243491ced59533c024
This commit is contained in:
parent
8b6b07faed
commit
d05d112849
|
@ -356,6 +356,17 @@ class Identity(kvs.Base, identity.Driver):
|
|||
def delete_role(self, role_id):
|
||||
try:
|
||||
self.db.delete('role-%s' % role_id)
|
||||
metadata_keys = filter(lambda x: x.startswith("metadata-"),
|
||||
self.db.keys())
|
||||
for key in metadata_keys:
|
||||
tenant_id = key.split('-')[1]
|
||||
user_id = key.split('-')[2]
|
||||
try:
|
||||
self.remove_role_from_user_and_tenant(user_id,
|
||||
tenant_id,
|
||||
role_id)
|
||||
except exception.RoleNotFound:
|
||||
pass
|
||||
except exception.NotFound:
|
||||
raise exception.RoleNotFound(role_id=role_id)
|
||||
role_list = set(self.db.get('role_list', []))
|
||||
|
|
|
@ -969,3 +969,16 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
|
|||
super(RoleApi, self).update(role_id, role)
|
||||
except exception.NotFound:
|
||||
raise exception.RoleNotFound(role_id=role_id)
|
||||
|
||||
def delete(self, id):
|
||||
conn = self.get_connection()
|
||||
query = '(objectClass=%s)' % self.object_class
|
||||
tenant_dn = self.tenant_api.tree_dn
|
||||
try:
|
||||
for role_dn, _ in conn.search_s(tenant_dn,
|
||||
ldap.SCOPE_SUBTREE,
|
||||
query):
|
||||
conn.delete_s(role_dn)
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
pass
|
||||
super(RoleApi, self).delete(id)
|
||||
|
|
|
@ -487,6 +487,17 @@ class Identity(sql.Base, identity.Driver):
|
|||
def delete_role(self, role_id):
|
||||
session = self.get_session()
|
||||
with session.begin():
|
||||
metadata_refs = session.query(Metadata)
|
||||
for metadata_ref in metadata_refs:
|
||||
metadata = metadata_ref.to_dict()
|
||||
user_id = metadata['user_id']
|
||||
tenant_id = metadata['tenant_id']
|
||||
try:
|
||||
self.remove_role_from_user_and_tenant(user_id,
|
||||
tenant_id,
|
||||
role_id)
|
||||
except exception.RoleNotFound:
|
||||
pass
|
||||
if not session.query(Role).filter_by(id=role_id).delete():
|
||||
raise exception.RoleNotFound(role_id=role_id)
|
||||
session.flush()
|
||||
|
|
|
@ -636,6 +636,16 @@ class IdentityTests(object):
|
|||
self.identity_api.get_tenant,
|
||||
tenant['id'])
|
||||
|
||||
def test_delete_role_check_role_grant(self):
|
||||
role = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
|
||||
self.identity_api.create_role(role['id'], role)
|
||||
self.identity_api.add_role_to_user_and_tenant(
|
||||
self.user_foo['id'], self.tenant_bar['id'], role['id'])
|
||||
self.identity_api.delete_role(role['id'])
|
||||
roles_ref = self.identity_api.get_roles_for_user_and_tenant(
|
||||
self.user_foo['id'], self.tenant_bar['id'])
|
||||
self.assertNotIn(role['id'], roles_ref)
|
||||
|
||||
|
||||
class TokenTests(object):
|
||||
def test_token_crud(self):
|
||||
|
|
Loading…
Reference in New Issue