From 063e0f344f0814e61a0adfd7d30c885dd6ce5ebd Mon Sep 17 00:00:00 2001
From: Youngjin Jo <youngjinjo@megazone.com>
Date: Mon, 30 Sep 2024 16:57:00 +0900
Subject: [PATCH] fix: delete workspace role binding when workspace group is
 added

Signed-off-by: Youngjin Jo <youngjinjo@megazone.com>
---
 src/spaceone/identity/service/workspace_service.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/src/spaceone/identity/service/workspace_service.py b/src/spaceone/identity/service/workspace_service.py
index e0327c97..62d02a21 100644
--- a/src/spaceone/identity/service/workspace_service.py
+++ b/src/spaceone/identity/service/workspace_service.py
@@ -417,7 +417,7 @@ def _add_workspace_to_group(
         if old_workspace_group_id:
             if old_workspace_group_id != workspace_group_id:
                 self._delete_role_bindings(
-                    workspace_id, old_workspace_group_id, domain_id
+                    workspace_id, domain_id, old_workspace_group_id
                 )
 
                 self._create_role_bindings(
@@ -459,6 +459,7 @@ def _add_workspace_to_group(
             else:
                 is_updatable = False
         else:
+            self._delete_role_bindings(workspace_id, domain_id)
             self._create_role_bindings(
                 workspace_group_vo.users,
                 workspace_id,
@@ -478,7 +479,7 @@ def _remove_workspace_from_group_with_workspace_vo(
         self, workspace_vo: Workspace, old_workspace_group_id: str, domain_id: str
     ) -> None:
         workspace_id = workspace_vo.workspace_id
-        self._delete_role_bindings(workspace_id, old_workspace_group_id, domain_id)
+        self._delete_role_bindings(workspace_id, domain_id, old_workspace_group_id)
 
         workspace_vo.changed_at = datetime.utcnow()
         workspace_vo.workspace_group_id = None
@@ -504,12 +505,12 @@ def _remove_workspace_from_group_with_workspace_vo(
         )
 
     def _delete_role_bindings(
-        self, workspace_id: str, existing_workspace_group_id: str, domain_id: str
+        self, workspace_id: str, domain_id: str, existing_workspace_group_id: str = None
     ):
         rb_vos = self.rb_mgr.filter_role_bindings(
             workspace_id=workspace_id,
-            workspace_group_id=existing_workspace_group_id,
             domain_id=domain_id,
+            workspace_group_id=existing_workspace_group_id,
         )
         for rb_vo in rb_vos:
             self.rb_mgr.delete_role_binding_by_vo(rb_vo)