keystone doesn't cleanly remove all data for a user when using SQL backend for Identity

I think we should use foreign key and cascading deletion to make sure the clean deletion. In addition, since token table use extra column to save roles, tenants information, we will enhance auth process to deal with if the user, role or tenant has been deleted and then return the right information.
below is an extra field for a certain token:
{"metadata": {"roles": ["ca43893555be4153acc701568beeec8e", "85c54052d4dc41aba5d1671216766064", "3d3f2139ef514935ba698f40012ddaeb"]}, "user": {"email": "<email address hidden>", "enabled": true, "id": "44c3d88f257a4dc39790c318fcb1a2cc", "name": "admin", "tenantId": null}, "tenant": {"enabled": true, "id": "36cf36c3972a437890e5df7bf9805097", "name": "admin", "description": null}}

I'm seeing the same problem when a role is removed using keystone role-remove. The role ID remains in the json stored in the 'data' column.

I have the same problem :(

Me too.

user-delete should be fixed as a part of bug 973243

The problem above results in unexpected behavior when calling user-role-list. If an user is being assigned to a role, and then the role is deleted, the user-role-list fails with 404:

$ keystone user-role-list --user-id 779d85b855824501a9d526a316ed63a5
Could not find role: 5bf8cf73290041bc8954dd123e1c959b (HTTP 404)

The original bug has been fixed on https://bugs.launchpad.net/bugs/973243.

Working on the issue when the role is deleted, as reported on 2012-08-08.

The original bug has already been fixed.

The issue reported on 2012-08-08:

$ keystone user-role-list --user-id 779d85b855824501a9d526a316ed63a5
Could not find role: 5bf8cf73290041bc8954dd123e1c959b (HTTP 404)

can't be recreated (keystone user-role-list --user-id <user_id> works properly after the role is deleted).

Rgds,

cannot reproduce bug anymore. based on comments, bug is fixed.