feat: implement deletion of user within user groups when deleting a user

Signed-off-by: Jongmin Kim <[email protected]>

src/spaceone/identity/manager/user_manager.py

@@ -11,8 +11,7 @@
 from spaceone.identity.manager.project_manager import ProjectManager
 from spaceone.identity.manager.role_binding_manager import RoleBindingManager
 from spaceone.identity.manager.user_group_manager import UserGroupManager
-from spaceone.identity.manager.workspace_group_manager import \
-    WorkspaceGroupManager
+from spaceone.identity.manager.workspace_group_manager import WorkspaceGroupManager
 from spaceone.identity.model.user.database import User
 
 _LOGGER = logging.getLogger(__name__)
@@ -108,7 +107,7 @@ def delete_user_by_vo(user_vo: User) -> None:
         for rb_vo in rb_vos:
             rb_mgr.delete_role_binding_by_vo(rb_vo)
 
-        # Delete user groups
+        # Delete user from user groups
         user_group_vos = user_group_mgr.filter_user_groups(
             users=user_vo.user_id, domain_id=user_vo.domain_id
         )

src/spaceone/identity/service/role_binding_service.py

@@ -10,6 +10,7 @@
 from spaceone.identity.manager.role_manager import RoleManager
 from spaceone.identity.manager.user_manager import UserManager
 from spaceone.identity.manager.workspace_manager import WorkspaceManager
+from spaceone.identity.manager.user_group_manager import UserGroupManager
 from spaceone.identity.model import RoleBinding
 from spaceone.identity.model.role_binding.request import *
 from spaceone.identity.model.role_binding.response import *
@@ -262,7 +263,7 @@ def delete(self, params: RoleBindingDeleteRequest) -> None:
         user_vo = self.user_mgr.get_user(rb_vo.user_id, rb_vo.domain_id)
 
         self.user_mgr.update_user_by_vo(user_role_info, user_vo)
-        self.delete_role_binding_by_vo(rb_vo, params.domain_id, params.workspace_id)
+        self.delete_role_binding_by_vo(rb_vo)
 
     @transaction(
         permission="identity:RoleBinding.read",
@@ -390,7 +391,6 @@ def check_duplicate_workspace_role(
     def check_last_domain_admin_role_binding(
         self, new_role_type: Union[str, None], domain_id: str
     ) -> None:
-
         user_ids = self._get_enabled_user_ids(domain_id)
         rb_vos = self.role_binding_manager.filter_role_bindings(
             domain_id=domain_id,
@@ -404,7 +404,6 @@ def check_last_domain_admin_role_binding(
     def check_last_workspace_owner_role_binding(
         self, new_role_type: Union[str, None], workspace_id: str, domain_id: str
     ) -> None:
-
         user_ids = self._get_enabled_user_ids(domain_id)
         rb_vos = self.role_binding_manager.filter_role_bindings(
             domain_id=domain_id,
@@ -462,13 +461,24 @@ def update_workspace_user_count(self, domain_id: str, workspace_id: str) -> None
                 {"user_count": user_rb_total_count}, workspace_vo
             )
 
-    def delete_role_binding_by_vo(
-        self, rb_vo: RoleBinding, domain_id: str, workspace_id: str = None
-    ):
+    def delete_role_binding_by_vo(self, rb_vo: RoleBinding) -> None:
         self.role_binding_manager.delete_role_binding_by_vo(rb_vo)
 
-        if workspace_id:
-            self.update_workspace_user_count(domain_id, workspace_id)
+        if rb_vo.workspace_id:
+            # Delete user from user groups
+            user_group_mgr = UserGroupManager()
+            user_group_vos = user_group_mgr.filter_user_groups(
+                users=rb_vo.user_id, domain_id=rb_vo.domain_id
+            )
+            for user_group_vo in user_group_vos:
+                users = user_group_vo.users
+                users.remove(rb_vo.user_id)
+                user_group_mgr.update_user_group_by_vo(
+                    {"users": users}, user_group_vo=user_group_vo
+                )
+
+            # Update workspace user count
+            self.update_workspace_user_count(rb_vo.domain_id, rb_vo.workspace_id)
 
     def _get_workspace_user_count(self, domain_id: str, workspace_id: str) -> int:
         user_rb_ids = self.role_binding_manager.stat_role_bindings(