fix: safe removal of consumption roles with open share requests (#485)

dlpzx · web-flow · commit fa45abd0b2af · 2023-06-01T17:11:10.000+02:00
### Feature or Bugfix - Bugfix ### Detail - Added check and exception if there are open share requests on a consumption role or on a group that we are removing from an environment ### Relates - #450 By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
diff --git a/backend/dataall/db/api/environment.py b/backend/dataall/db/api/environment.py
@@ -392,6 +392,23 @@ def remove_group(session, username, groups, uri, data=None, check_perm=None):
                 message=f'Team: {group} has created {group_env_objects_count} resources on this environment.',
             )
 
+        shares_count = (
+            session.query(models.ShareObject)
+            .filter(
+                and_(
+                    models.ShareObject.principalId == group,
+                    models.ShareObject.principalType == PrincipalType.Group.value
+                )
+            )
+            .count()
+        )
+
+        if shares_count > 0:
+            raise exceptions.EnvironmentResourcesFound(
+                action='Remove Team',
+                message=f'Team: {group} has created {shares_count} share requests on this environment.',
+            )
+
         group_membership = Environment.find_environment_group(
             session, group, environment.environmentUri
         )
@@ -529,6 +546,23 @@ def remove_consumption_role(session, username, groups, uri, data=None, check_per
 
         consumption_role = Environment.get_environment_consumption_role(session, uri, data.get('environmentUri'))
 
+        shares_count = (
+            session.query(models.ShareObject)
+            .filter(
+                and_(
+                    models.ShareObject.principalId == uri,
+                    models.ShareObject.principalType == PrincipalType.ConsumptionRole.value
+                )
+            )
+            .count()
+        )
+
+        if shares_count > 0:
+            raise exceptions.EnvironmentResourcesFound(
+                action='Remove Consumption Role',
+                message=f'Consumption role: {consumption_role.consumptionRoleName} has created {shares_count} share requests on this environment.',
+            )
+
         if consumption_role:
             session.delete(consumption_role)
             session.commit()
