Invalidate shadow_federated_user cache when deleting protocol

When delete identity provider protocol, the related shadow_federated_user cache should be invalidated as well. Change-Id: Ia1a86724b7a6747fc5177476ee462d8d062978e0 Closes-bug: 1810393
2019-01-03 17:40:15 +08:00 · 2019-01-03 17:40:15 +08:00 · 3bcd8968e9
parent 5c55e472a4
commit 3bcd8968e9
2 changed files with 21 additions and 0 deletions
--- a/keystone/federation/core.py
+++ b/keystone/federation/core.py
@ -173,6 +173,21 @@ class Manager(manager.Manager):
        self._validate_mapping_exists(protocol['mapping_id'])
        return self.driver.create_protocol(idp_id, protocol_id, protocol)

+    def delete_protocol(self, idp_id, protocol_id):
+        hints = driver_hints.Hints()
+        hints.add_filter('protocol_id', protocol_id)
+        shadow_users = PROVIDERS.shadow_users_api.list_federated_users_info(
+            hints)
+
+        self.driver.delete_protocol(idp_id, protocol_id)
+
+        for shadow_user in shadow_users:
+            PROVIDERS.identity_api.shadow_federated_user.invalidate(
+                PROVIDERS.identity_api, shadow_user['idp_id'],
+                shadow_user['protocol_id'], shadow_user['unique_id'],
+                shadow_user['display_name'],
+                shadow_user.get('extra', {}).get('email'))
+
    def update_protocol(self, idp_id, protocol_id, protocol):
        self._validate_mapping_exists(protocol['mapping_id'])
        return self.driver.update_protocol(idp_id, protocol_id, protocol)
--- a/releasenotes/notes/bug-1810393-5a7d379842c51d9b.yaml
+++ b/releasenotes/notes/bug-1810393-5a7d379842c51d9b.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    [`bug 1810393 <https://bugs.launchpad.net/keystone/+bug/1810393>`_]
+    Now when an identity provider protocol is deleted, the cache info for the
+    related federated users will be invalidated as well.