Reviewed: https://review.openstack.org/415906 Committed: https://git.openstack.org/cgit/openstack/keystone/commit/?id=45f7ff3918ce8d05585d1c2e1740462e711965fe Submitter: Jenkins Branch: master
commit 45f7ff3918ce8d05585d1c2e1740462e711965fe Author: Rodrigo Duarte Sousa <[email protected]> Date: Tue Jan 3 10:41:07 2017 -0300 Cascade delete federated_user fk The bug was caused by a foreign key in the federated_user table. This key prevents a protocol from being deleted after a successful authentication has happened (so the creation of a federated user via shadowing). We take advantage of the same foreign key by adding the cascade delete behavior to it. Closes-Bug: 1642692 Change-Id: I3b3e265d20f0cfe0ee10c6a274d9bdf4e840b742 ** Changed in: keystone Status: In Progress => Fix Released -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Identity (keystone). https://bugs.launchpad.net/bugs/1642692 Title: Protocol can't be deleted after federated_user is created Status in OpenStack Identity (keystone): Fix Released Bug description: When authenticating a user via federation, a federated_user entry is created in keystone's database, an example of such entry is below: mysql> select * from federated_user; +----+----------------------------------+----------+-------------+-----------------------+---------------------+ | id | user_id | idp_id | protocol_id | unique_id | display_name | +----+----------------------------------+----------+-------------+-----------------------+---------------------+ | 1 | 15ddf8fda20842c68b99999b6d91d1a7 | testshib | mapped | myself%40testshib.org | [email protected] | +----+----------------------------------+----------+-------------+-----------------------+---------------------+ The federated_user_protocol_id foreign key prevents the protocol deletion: Details: An unexpected error prevented the server from fulfilling your request: (pymysql.err.IntegrityError) (1451, u'Cannot delete or update a parent row: a foreign key constraint fails (`keystone`.`federated_user`, CONSTRAINT `federated_user_protocol_id_fkey` FOREIGN KEY (`protocol_id`, `idp_id`) REFERENCES `federation_protocol` (`id`, `idp_id`))') [SQL: u'DELETE FROM federation_protocol WHERE federation_protocol.id = %(id)s AND federation_protocol.idp_id = %(idp_id)s'] [parameters: {'idp_id': u'testshib', 'id': u'mapped'}] This can be also happening with the "idp_id" column as well. This prevents automated tests like [1] to properly work, since it creates and destroys the identity provider, mapping and protocol during its execution. [1] https://review.openstack.org/#/c/324769/ To manage notifications about this bug go to: https://bugs.launchpad.net/keystone/+bug/1642692/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
