From c70ad80a9d91217ca669749ece4ccf1aceccdb04 Mon Sep 17 00:00:00 2001 From: Youngjin Jo Date: Thu, 29 Aug 2024 13:12:00 +0900 Subject: [PATCH 1/2] feat: delete the role binding when delete a workspace group Signed-off-by: Youngjin Jo --- .../manager/workspace_group_manager.py | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/spaceone/identity/manager/workspace_group_manager.py b/src/spaceone/identity/manager/workspace_group_manager.py index c0baf089..cb348257 100644 --- a/src/spaceone/identity/manager/workspace_group_manager.py +++ b/src/spaceone/identity/manager/workspace_group_manager.py @@ -4,6 +4,7 @@ from mongoengine import QuerySet from spaceone.core.manager import BaseManager +from spaceone.identity.manager.role_binding_manager import RoleBindingManager from spaceone.identity.model.workspace_group.database import WorkspaceGroup _LOGGER = logging.getLogger(__name__) @@ -13,6 +14,7 @@ class WorkspaceGroupManager(BaseManager): def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) self.workspace_group_model = WorkspaceGroup + self.rb_mgr = RoleBindingManager() def create_workspace_group(self, params: dict) -> WorkspaceGroup: def _rollback(vo: WorkspaceGroup): @@ -39,8 +41,20 @@ def _rollback(old_data): return workspace_group_vo.update(params) - @staticmethod - def delete_workspace_group_by_vo(workspace_group_vo: WorkspaceGroup) -> None: + def delete_workspace_group_by_vo(self, workspace_group_vo: WorkspaceGroup) -> None: + user_ids = [user["user_id"] for user in workspace_group_vo.users] + rb_vos = self.rb_mgr.filter_role_bindings( + user_id=user_ids, + workspace_group_id=workspace_group_vo.workspace_group_id, + domain_id=workspace_group_vo.domain_id, + ) + + if rb_vos.count() > 0: + _LOGGER.debug( + f"[delete_workspace_group_by_vo] Delete role bindings count with {workspace_group_vo.workspaces}: {rb_vos.count()}" + ) + rb_vos.delete() + workspace_group_vo.delete() # TODO: When add_users and remove_users, are user_id and role_type required? From 58102f4866f3c332cbdd3682e1605ee1f8ef84e5 Mon Sep 17 00:00:00 2001 From: Youngjin Jo Date: Thu, 29 Aug 2024 13:13:37 +0900 Subject: [PATCH 2/2] feat: delete role bindings when role bindings exist Signed-off-by: Youngjin Jo --- .../identity/service/workspace_group_service.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/src/spaceone/identity/service/workspace_group_service.py b/src/spaceone/identity/service/workspace_group_service.py index ade4c031..e17d6551 100644 --- a/src/spaceone/identity/service/workspace_group_service.py +++ b/src/spaceone/identity/service/workspace_group_service.py @@ -3,7 +3,6 @@ from typing import Union from spaceone.core.error import ( - ERROR_EXIST_RESOURCE, ERROR_INVALID_PARAMETER, ERROR_NOT_FOUND, ERROR_PERMISSION_DENIED, @@ -147,9 +146,6 @@ def delete(self, params: WorkspaceGroupDeleteRequest) -> None: params.workspace_group_id, params.domain_id ) - if workspace_group_vo.users: - _LOGGER.error("Workspace Group has users. Please remove users first.") - raise ERROR_EXIST_RESOURCE(child="users", parent="workspace_group") self.workspace_group_mgr.delete_workspace_group_by_vo(workspace_group_vo) @transaction( @@ -454,12 +450,17 @@ def remove_users( raise ERROR_NOT_FOUND(key="params_user_id", value=params_user_id) workspace_group_users = [users for users in workspace_group_vo["users"]] - role_binding_vos = self.rb_mgr.filter_role_bindings( + rb_vos = self.rb_mgr.filter_role_bindings( user_id=params_user_ids, workspace_group_id=params.workspace_group_id, domain_id=params.domain_id, ) - role_binding_vos.delete() + + if rb_vos.count() > 0: + _LOGGER.debug( + f"[remove_users] Delete role bindings count with {workspace_group_vo.workspaces}: {rb_vos.count()}" + ) + rb_vos.delete() params.users = [] for user in workspace_group_users: