[MODUSERSKC-13] User policy remains after user deleted Created: 04/Jan/24  Updated: 05/Feb/24

Status: In Review
Project: mod-users-keycloak
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: Yauhen Viazau Assignee: Roman Leshchenko
Resolution: Unresolved Votes: 0
Labels: back-end, epam-eureka
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Attachments: File MODUSERSKC-13_verified.mp4     File User_policy_remains_after_user_deleted.mp4    
Issue links:
Relates
relates to FAT-11820 Review of C436914 test case In Review
Sprint: Eureka Sprint 44, Eureka Sprint 45
Story Points: 2
Development Team: Eureka
RCA Group: TBD

 Description   

Overview: User policy remains after user deleted

Steps to Reproduce:

  1. Create a new user (POST /users-keycloak/users)
  2. Create credentials for created user (POST /authn/credentials)
  3. Assign capability sets to a user (POST /users/capability-sets)
  4. Verify that a policy created for created user (GET /policies?limit=1000&query=name=<<created user name>>)
  5. Delete created user (DELETE /users-keycloak/users/<<created user id>>)
  6. Check if there are policies for deleted user (
  7. Verify that a policy created for created user (GET /policies?limit=1000&query=name=<<deleted user name>>)

Expected Results: No user policy for deleted user found

Actual Results: The same policy that was found on Step 4 for a user remains after this user is deleted

Additional Information:
See attached screencast: User_policy_remains_after_user_deleted.mp4

Happens on both "evrk" and "Demo" envs

Interested parties:



 Comments   
Comment by Roman Leshchenko [ 30/Jan/24 ]

Yauhen Viazau 

Regarding endpoints for verrification:

1. Policy  GET /policies?limit=1000&query=name=<<*created user *ID>>, ** changed in https://folio-org.atlassian.net/browse/MODROLESKC-131

Other resources can be verified:
User-roles:

curl --location '$host/roles/users/$userID' \--header 'Accept: application/json' \--header 'x-okapi-token: $token --header 'x-okapi-tenant: $tenant'

User-capability-set:

curl --location '$host/users/capability-sets?query=userId=={userID}&limit=10&offset=0' \--header 'Accept: application/json' \--header 'x-okapi-token: $token --header 'x-okapi-tenant: $tenant'

User-capabilities:

curl --location $host/users/capabilities?query=userId=={userID}&limit=10&offset=0' \--header 'Accept: application/json' \--header 'x-okapi-token: $token --header 'x-okapi-tenant: $tenant'

 

Comment by Yauhen Viazau [ 05/Feb/24 ]

Tested on “evrk“ environment - works as expected

When a user is deleted, the following entities related to this user are also deleted automatically:

  • user policies
  • user roles
  • user capabilities
  • user capability sets

See example:

Generated at Thu Feb 08 22:29:06 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.