From c3f590bc13efcdddb3fa82e8d116239f4e8d8b1f Mon Sep 17 00:00:00 2001
From: wangxiyuan <wangxiyuan@huawei.com>
Date: Wed, 15 Aug 2018 15:43:57 +0800
Subject: [PATCH] Add a test for idp and federated user cascade deleting

If a idp is deleted, the related federated user should be
cascade deleted as well.

Change-Id: I2c9b4052413f9a31ffc22c5f3b1bee30dda2c42a
Partial-bug: #1744195
---
 keystone/tests/unit/test_v3_federation.py | 27 +++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/keystone/tests/unit/test_v3_federation.py b/keystone/tests/unit/test_v3_federation.py
index 0b81c3de09..5feafbe9d2 100644
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@@ -35,6 +35,7 @@ if not xmldsig:
 
 from keystone.api._shared import authentication
 from keystone.api import auth as auth_api
+from keystone.common import driver_hints
 from keystone.common import provider_api
 from keystone.common import render_token
 import keystone.conf
@@ -2134,6 +2135,32 @@ class FederatedTokenTests(test_v3.RestfulTestCase, FederatedSetupMixin):
             expected_status=http_client.NOT_FOUND
         )
 
+    def test_deleting_idp_cascade_deleting_fed_user(self):
+        token = self.v3_create_token(
+            self.TOKEN_SCOPE_PROJECT_EMPLOYEE_FROM_ADMIN
+        )
+        federated_info = token.json_body['token']['user']['OS-FEDERATION']
+        idp_id = federated_info['identity_provider']['id']
+
+        # There are three fed users (from 'EMPLOYEE_ASSERTION',
+        # 'CUSTOMER_ASSERTION', 'ADMIN_ASSERTION') with the specified idp.
+        hints = driver_hints.Hints()
+        hints.add_filter('idp_id', idp_id)
+        fed_users = PROVIDERS.shadow_users_api.get_federated_users(hints)
+        self.assertEqual(3, len(fed_users))
+        idp_domain_id = PROVIDERS.federation_api.get_idp(idp_id)['domain_id']
+        for fed_user in fed_users:
+            self.assertEqual(idp_domain_id, fed_user['domain_id'])
+
+        # Delete the idp
+        PROVIDERS.federation_api.delete_idp(idp_id)
+
+        # The related federated user should be deleted as well.
+        hints = driver_hints.Hints()
+        hints.add_filter('idp_id', idp_id)
+        fed_users = PROVIDERS.shadow_users_api.get_federated_users(hints)
+        self.assertEqual([], fed_users)
+
     def test_scope_to_bad_project(self):
         """Scope unscoped token with a project we don't have access to."""
         self.v3_create_token(