Reject IdZ deletion if an IdP with alias exists in the zone #2850
Conversation
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/187492139 The labels on this github issue will be updated when the story is started. |
|
Sonar issues should be solved @adrianhoelzl-sap |
|
This appears to be a pretty major feature change. It looks like we are trying to merge this to develop, which would imply that it's going to be shipped in a new minor release in a few weeks. It seems to me like this should be in a major release. I am uncertain of the ramifications of this change. The code was clearly set to do the opposite of what you are trying to do. |
|
I had not checked the logic before only code style and sonar issues, but now I see the impact because @bruce-ricard comments. So I do not see a need for this PR. If you have the power to delete a zone , then we should not prevent it because some values in the zone are not as expected. I do not understand the relation to mentioned issue #2505 . |
server/src/test/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpointsTests.java
Show resolved
Hide resolved
Tallicia
added
in progress
clarification needed
server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
I know #2505 but during the review process we defined that this new feature should come with extra options, but for all others UAA should not change.
We have an option for this, e.g. aliasEntitiesEnabled and therefore with this aliasEntitiesEnabled = false there should not be any differences to UAAs before
server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Show resolved
Hide resolved
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Show resolved
Hide resolved
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Show resolved
Hide resolved
hsinn0
dismissed
Tallicia’s stale review
Taking over this PR review as Alicia is out of office
hsinn0
removed
in progress
clarification needed
mainly resolved with the indexed search now @adrianhoelzl-sap , please ensure happy sonar |
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Outdated
Show resolved
Hide resolved
server/src/main/java/org/cloudfoundry/identity/uaa/zone/IdentityZoneEndpoints.java
Outdated
Show resolved
Hide resolved
...r/src/main/java/org/cloudfoundry/identity/uaa/provider/JdbcIdentityProviderProvisioning.java
Outdated
Show resolved
Hide resolved
…oning to IdentityProviderProvisioning interface
…re/reject-idz-deletion-if-idp-with-alias-present # Conflicts: # uaa/src/test/java/org/cloudfoundry/identity/uaa/mock/zones/IdentityZoneEndpointsMockMvcTests.java
adrianhoelzl-sap
deleted the
feature/reject-idz-deletion-if-idp-with-alias-present
branch
see issue #2505
Reject deletion if an IdP with alias exists in the zone to be deleted. With this restriction, we want to avoid that callers of the endpoint accidentally remove IdPs (and thereby the associated users) from the alias zone. Now the callers must actively delete the IdPs with alias beforehand (which will also remove all associated users, their alias users and the alias IdP in the "uaa" zone).