bernardodemarco opened a new pull request, #10176: URL: https://github.com/apache/cloudstack/pull/10176
### Description Currently, if an account with network permissions for guest networks is deleted, CloudStack does not automatically delete these permissions, and operators cannot delete them later through the APIs. The workaround for this scenario is to manually remove the permissions entries from the `cloud.network_permissions` table. Therefore, this PR proposes to clean up the network permissions of an account when it is deleted. Additionally, when attempting to delete an account that is a project administrator, an error message is returned. This error message has been enhanced to include instructions on the next steps the operator should perform to properly delete the given account. --- Fixes #10103 ### Types of changes - [ ] Breaking change (fix or feature that would cause existing functionality to change) - [ ] New feature (non-breaking change which adds functionality) - [ ] Bug fix (non-breaking change which fixes an issue) - [X] Enhancement (improves an existing feature and functionality) - [ ] Cleanup (Code refactoring and cleanup, that may add test cases) - [ ] build/CI - [ ] test (unit or integration test code) ### Feature/Enhancement Scale or Bug Severity #### Feature/Enhancement Scale - [ ] Major - [X] Minor ### Screenshots (if appropriate): ### How Has This Been Tested? First, I created a domain `ROOT/d1`, a domain admin (`d1`) and two regular users within it (`u1` and `u2`). With the `d1` account, I created a project and added the `u1` account as a project administrator. When attempting to delete the `u1` account, an error message was returned, indicating that the account was a project administrator.  After demoting the account to a regular project role, I created two guest networks and granted permission to both `u1` and `u2` accounts. ```bash MariaDB [cloud]> select * from network_permissions; +----+------------+------------+ | id | network_id | account_id | +----+------------+------------+ | 8 | 209 | 14 | | 9 | 209 | 16 | | 10 | 210 | 16 | | 11 | 210 | 14 | +----+------------+------------+ 4 rows in set (0.001 sec) ``` Then, I deleted the `u1` account, which has a serial ID equal to `16`, and verified that the network permissions were correctly expunged: ```bash MariaDB [cloud]> select * from network_permissions; +----+------------+------------+ | id | network_id | account_id | +----+------------+------------+ | 8 | 209 | 14 | | 11 | 210 | 14 | +----+------------+------------+ 2 rows in set (0.001 sec) ``` I reproduced these same steps with the `u2` account and verified that the network permissions were also correctly deleted. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@cloudstack.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
