diff options
| author | Colleen Murphy <colleen.murphy@suse.de> | 2019-10-09 16:30:33 -0700 |
|---|---|---|
| committer | Colleen Murphy <colleen.murphy@suse.de> | 2019-10-11 14:12:57 -0700 |
| commit | c4d60977881ac2f014dc6e2eaaba37892f075266 (patch) | |
| tree | 1df531e4b0ddd68dccb1e9e59f809f972f2d0fca /keystone/federation | |
| parent | e4626f4bc32b846ca9b99f954101a7a462675ea5 (diff) | |
| download | keystone-c4d60977881ac2f014dc6e2eaaba37892f075266.tar.gz | |
Drop project.id foreign keys
In 2bd88d30 we added a new column domain_id to the user table to
deduplicate the domain_id columns in the local_user and nonlocal_user
tables, and at that point made the user.domain_id column a foreign key
referencing the project.id column. This is a problem that led to
3d46c8a5 in which we removed the ability for the resource driver to be
pluggable, since we had linked two sql backends together and made them
reliant on one another.
This commit removes the foreign key constraint from the user table and
the identity_provider table. For the user table, the sqlalchemy model
never reflected this schema so we don't need to change the model. For
the identity_provider table, we need to update the model. In both cases,
we already enforce, at the manager layer, the constraint that the
domain_id needs to reference a real domain ID[1][2], so we do not need
to rely on this constraint at the database layer.
[1] https://opendev.org/openstack/keystone/src/commit/43142e4470df976a459a1a2e95cfb163afc42893/keystone/identity/core.py#L935
[2] https://opendev.org/openstack/keystone/src/commit/43142e4470df976a459a1a2e95cfb163afc42893/keystone/federation/core.py#L73-L77
Partial-bug: #1672713
Change-Id: I7c068e350811e22622d1f1e7d8b0a55d4d7cab11
Diffstat (limited to 'keystone/federation')
| -rw-r--r-- | keystone/federation/backends/sql.py | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/keystone/federation/backends/sql.py b/keystone/federation/backends/sql.py index 9451e1a4b..0b7997327 100644 --- a/keystone/federation/backends/sql.py +++ b/keystone/federation/backends/sql.py @@ -56,8 +56,7 @@ class IdentityProviderModel(sql.ModelBase, sql.ModelDictMixin): mutable_attributes = frozenset(['description', 'enabled', 'remote_ids']) id = sql.Column(sql.String(64), primary_key=True) - domain_id = sql.Column(sql.String(64), sql.ForeignKey('project.id'), - nullable=False) + domain_id = sql.Column(sql.String(64), nullable=False) enabled = sql.Column(sql.Boolean, nullable=False) description = sql.Column(sql.Text(), nullable=True) remote_ids = orm.relationship('IdPRemoteIdsModel', |