When removing an account, not everything is cleaned up

[jmkleijer]

ISSUE TYPE

• Bug Report

COMPONENT NAME

UI

CLOUDSTACK VERSION

4.19.1.2

CONFIGURATION

Networks that are shared with multiple accounts.

OS / ENVIRONMENT

N/A

SUMMARY

When an account is created we can assign it a particular project role as well as grant it particular network permissions in order to use those guest networks.

When we then decide to delete that account, we first get a message that this cannot be done because the account is still linked to the project. When we remove the account from the project, we are then able to delete the account. However, the account was still granted network permissions. If we now try to remove those network permissions for that account, Apache CloudStack isn't able to and you need to go manually into the database to remove the corresponding entry in the network_permissions table.

STEPS TO REPRODUCE

Create an account called accountA
Grant account accountA network permissions on a particular guest network
Delete account accountA
Try to remove accountA network permissions

EXPECTED RESULTS

I would expect Apache CloudStack to fail stating that there are still networks that are shared with this particular account (similar to how an account cannot be removed when it's still linked to a project)

ACTUAL RESULTS

Account is removed but the network permissions are still there leaving a cluttered UI with network permissions to an account that no longer exist but also cannot be removed (through the UI).

[DaanHoogland]

fixed in #10176