k2hr3-api 1.0.26 → 1.0.27

package/ChangeLog

@@ -1,3 +1,9 @@
+k2hr3-api (1.0.27) unstable; urgency=low
+
+  * Updated TENANT API and fixed bugs in TENANT API - #104
+
+ -- Takeshi Nakatani <ggtakec@gmail.com>  Tue, 25 Jul 2023 16:16:10 +0900
+
 k2hr3-api (1.0.26) unstable; urgency=low
 
   * Added response object members in userToken GET API - #102

package/lib/k2hr3dkc.js

@@ -2226,8 +2226,80 @@ function rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)
 }
 
 //---------------------------------------------------------
-// Common remove user from local tenant
+// Common remove local tenant
 //---------------------------------------------------------
+//	tenant		: tenant name
+//	id			: tenant id
+//
+//	result		: true/false
+//
+function rawRemoveLocalTenantEx(dkcobj_permanent, tenant, user, id)
+{
+	if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
+		r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
+		return false;
+	}
+
+	if(!apiutil.isSafeStrings(tenant, user, id)){
+		r3logger.elog('some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id));
+		return false;
+	}
+
+	//
+	// Keys
+	//
+	var	keys = r3keys(user, tenant);
+
+	//
+	// Check tenant name
+	//
+	if(0 !== tenant.indexOf(keys.VALUE_PREFIX_LOCAL_TENANT)){
+		// Not have prefix("local@")
+		r3logger.elog('tenant(' + tenant + ') must be start ' + keys.VALUE_PREFIX_LOCAL_TENANT + ' prefix for local tenant.');
+		return false;
+	}
+
+	//
+	// Find tenant
+	//
+	var	result = rawFindTenantEx(dkcobj_permanent, tenant, user, id);
+	if(!apiutil.isSafeEntity(result)){
+		r3logger.elog('could not find tenant(' + tenant + ') with user=' + JSON.stringify(user) + ' and id=' + JSON.stringify(id));
+		return false;
+	}
+
+	//
+	// Check user in tenant user list
+	//
+	if(!apiutil.findStringInArray(result.users, user)){
+		r3logger.elog('user(' + user + ') is not tenant(' + tenant + ') user member.');
+		return false;
+	}
+
+	//
+	// Remove all user from tenant
+	//
+	// [NOTE]
+	// Deleting all users of a tenant automatically deletes the tenant.
+	//
+	var	error = false;
+	if(apiutil.isArray(result.users)){
+		for(var cnt = 0; cnt < result.users.length; ++cnt){
+			var	delete_user_name = result.users[cnt].replace(keys.USER_TOP_KEY + ':', '');
+			if(!rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, delete_user_name, id)){
+				r3logger.elog('could not delete user(' + delete_user_name + ') from local tenant(' + tenant + '), id(' + id + '), but continue...');
+				error = true;
+			}
+		}
+	}
+	if(error){
+		r3logger.elog('failed to remove some user in local tenant.');
+		return false;
+	}
+
+	return true;
+}
+
 //	tenant		: tenant name
 //	user		: user name
 //	id			: tenant id
@@ -2237,7 +2309,7 @@ function rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)
 //					message:		null or error message
 //				}
 //
-function rawRemoveUserFromLocalTenant(tenant, user, id)
+function rawRemoveLocalTenant(tenant, user, id)
 {
 	var	resobj = {result: true, message: null};
 
@@ -2257,6 +2329,39 @@ function rawRemoveUserFromLocalTenant(tenant, user, id)
 		return resobj;
 	}
 
+	if(!rawRemoveLocalTenantEx(dkcobj, tenant, user, id)){
+		resobj.result	= false;
+		resobj.message	= 'could not remove local tenant(' + JSON.stringify(tenant) + '), id(' + JSON.stringify(id) + ').';
+		r3logger.elog(resobj.message);
+		dkcobj.clean();
+		return resobj;
+	}
+	dkcobj.clean();
+
+	return resobj;
+}
+
+//---------------------------------------------------------
+// Common remove user from local tenant
+//---------------------------------------------------------
+//	tenant		: tenant name
+//	user		: user name
+//	id			: tenant id
+//
+//	result		: true/false
+//
+function rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, user, id)
+{
+	if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
+		r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
+		return false;
+	}
+
+	if(!apiutil.isSafeStrings(tenant, user, id)){
+		r3logger.elog('some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id));
+		return false;
+	}
+
 	//
 	// Keys
 	//
@@ -2267,53 +2372,81 @@ function rawRemoveUserFromLocalTenant(tenant, user, id)
 	//
 	if(0 !== tenant.indexOf(keys.VALUE_PREFIX_LOCAL_TENANT)){
 		// Not have prefix("local@")
-		resobj.result	= false;
-		resobj.message	= 'tenant(' + tenant + ') must be start ' + keys.VALUE_PREFIX_LOCAL_TENANT + ' prefix for local tenant.';
-		r3logger.elog(resobj.message);
-		dkcobj.clean();
-		return resobj;
+		r3logger.elog('tenant(' + tenant + ') must be start ' + keys.VALUE_PREFIX_LOCAL_TENANT + ' prefix for local tenant.');
+		return false;
 	}
 
 	//
 	// Find tenant
 	//
-	var	result = rawFindTenantEx(dkcobj, tenant, user, id);
+	var	result = rawFindTenantEx(dkcobj_permanent, tenant, user, id);
 	if(!apiutil.isSafeEntity(result)){
-		resobj.result	= false;
-		resobj.message	= 'could not find tenant(' + tenant + ') with user=' + JSON.stringify(user) + ' and id=' + JSON.stringify(id);
-		r3logger.elog(resobj.message);
-		dkcobj.clean();
-		return resobj;
+		r3logger.elog('could not find tenant(' + tenant + ') with user=' + JSON.stringify(user) + ' and id=' + JSON.stringify(id));
+		return false;
 	}
 
 	//
 	// Check user list in tenant
 	//
 	if(!apiutil.findStringInArray(result.users, user)){
-		resobj.result	= false;
-		resobj.message	= 'user(' + user + ') is not tenant(' + tenant + ') member.';
-		r3logger.elog(resobj.message);
-		dkcobj.clean();
-		return resobj;
+		r3logger.elog('user(' + user + ') is not tenant(' + tenant + ') member.');
+		return false;
 	}
 
 	//
 	// Remove tenant from user
 	//
-	if(!rawRemoveTenantFromUser(dkcobj, user, tenant)){
+	if(!rawRemoveTenantFromUser(dkcobj_permanent, user, tenant)){
+		r3logger.elog('failed to remove tenant(' + tenant + ') from user(' + user + ').');
+		return false;
+	}
+
+	//
+	// Remove user from tenant
+	//
+	// [NOTE]
+	// If all users of a tenant disappear after deletion, the tenant is automatically deleted.
+	//
+	if(!rawRemoveUserFromTenant(dkcobj_permanent, tenant, user)){
+		r3logger.elog('failed to remove user(' + user + ') from tenant(' + tenant + ').');
+		return false;
+	}
+
+	return true;
+}
+
+//	tenant		: tenant name
+//	user		: user name
+//	id			: tenant id
+//
+//	result		{
+//					result:			true/false
+//					message:		null or error message
+//				}
+//
+function rawRemoveUserFromLocalTenant(tenant, user, id)
+{
+	var	resobj = {result: true, message: null};
+
+	if(!apiutil.isSafeStrings(tenant, user, id)){
 		resobj.result	= false;
-		resobj.message	= 'failed to remove tenant(' + tenant + ') from user(' + user + ').';
+		resobj.message	= 'some parameters are wrong : tenant=' + JSON.stringify(tenant) + ', user=' + JSON.stringify(user) + ', id=' + JSON.stringify(id);
+		r3logger.elog(resobj.message);
+		return resobj;
+	}
+
+	var	dkcobj			= k2hdkc(dkcconf, dkcport, dkccuk, true, false);			// use permanent object(need to clean)
+	if(!rawInitKeyHierarchy(dkcobj)){
+		resobj.result	= false;
+		resobj.message	= 'Not initialize yet, or configuration is not set';
 		r3logger.elog(resobj.message);
 		dkcobj.clean();
 		return resobj;
 	}
 
-	//
-	// Remove user from tenant
-	//
-	if(!rawRemoveUserFromTenant(dkcobj, tenant, user)){
+	if(!rawRemoveUserFromLocalTenantEx(dkcobj, tenant, user, id)){
 		resobj.result	= false;
-		resobj.message	= 'failed to remove user(' + user + ') from tenant(' + tenant + ').';
+		resobj.message	= 'could not remove user(' + JSON.stringify(user) + ') from tenant(' + JSON.stringify(tenant) + '), id(' + JSON.stringify(id) + ').';
 		r3logger.elog(resobj.message);
 		dkcobj.clean();
 		return resobj;
@@ -2387,14 +2520,14 @@ function rawAddTenantToExistedUser(dkcobj_permanent, user, tenant)
 //	id				: tenant id, if user is specified(service is specified, do not need this)
 //	desc			: tenant description, if user is specified(service is specified, do not need this)
 //	display			: display name, if user is specified(service is specified, do not need this)
-//	other_users		: other users in this tenant (this parameter is invalid if service is specified)
+//	tenant_users	: tenant users in this tenant (this parameter is invalid if service is specified)
 //
 // [NOTE]
 // Both user and service can not be specified at same time.
 // This function create keys without resource/policy/role, you must be careful for service
 // case.
 //
-function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, display, other_users)
+function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, display, tenant_users)
 {
 	if(!(dkcobj_permanent instanceof Object) || !dkcobj_permanent.isPermanent()){
 		r3logger.elog('parameter dkcobj_permanent is not object or not permanent');
@@ -2420,10 +2553,10 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
 		}
 		service	= null;
 
-		if(apiutil.isEmptyArray(other_users)){
-			other_users = [];
+		if(apiutil.isEmptyArray(tenant_users)){
+			r3logger.elog('parameter is wrong : tenant_users=' + JSON.stringify(tenant_users));
+			return false;
 		}
-		apiutil.tryAddStringToArray(other_users, user);		// add user to other_users
 
 	}else if(apiutil.isSafeString(service) && !apiutil.isSafeString(user)){
 		//
@@ -2431,7 +2564,7 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
 		//
 		service		= service.toLowerCase();
 		user		= null;
-		other_users	= null;
+		tenant_users= null;
 	}else{
 		r3logger.elog('some parameters are wrong(both are empty or not empty) : service=' + JSON.stringify(service) + ', user=' + JSON.stringify(user));
 		return false;
@@ -2661,32 +2794,42 @@ function rawCreateTenantEx(dkcobj_permanent, user, tenant, service, id, desc, di
 		}
 
 		//
-		// Add other users(with user) to tenant
+		// Add tenant users to tenant
 		//
-		if(!apiutil.isEmptyArray(other_users)){
-			var	need_update_user_key = false;
-			for(var cnt = 0; cnt < other_users.length; ++cnt){
-				// add one other user
-				var	added_other_user = rawAddTenantToExistedUser(dkcobj_permanent, other_users[cnt], tenant);
-				if(!apiutil.isSafeString(added_other_user)){
-					continue;
-				}
-				// check new adding user
-				if(apiutil.tryAddStringToArray(user_subkeylist, added_other_user)){
-					user_subkeylist.sort();
-					need_update_user_key = true;
-				}
+		var	new_user_subkeylist = [];
+		for(var cnt = 0; cnt < tenant_users.length; ++cnt){
+			// add one tenant user
+			var	added_other_user = rawAddTenantToExistedUser(dkcobj_permanent, tenant_users[cnt], tenant);
+			if(!apiutil.isSafeString(added_other_user)){
+				continue;
 			}
-			//
-			// Re-update user key in tenant
-			//
-			if(need_update_user_key){
-				if(!dkcobj_permanent.setSubkeys(keys.TENANT_USER_KEY, user_subkeylist)){	// add subkey yrn:yahoo::::user:<user> -> yrn:yahoo:::<tenant>:user
-					r3logger.elog('could not add ' + keys.USER_KEY + ' subkey under ' + keys.TENANT_USER_KEY + ' key');
-					return false;
-				}
+			// check new adding user
+			if(apiutil.tryAddStringToArray(new_user_subkeylist, added_other_user)){
+				new_user_subkeylist.sort();
 			}
 		}
+
+		//
+		// Delete tenant users
+		//
+		for(cnt = 0; cnt < user_subkeylist.length; ++cnt){
+			if(apiutil.findStringInArray(new_user_subkeylist, user_subkeylist[cnt])){
+				continue;
+			}
+			// user does not in new tenant users
+			var	delete_user_name = user_subkeylist[cnt].replace(keys.USER_TOP_KEY + ':', '');
+			if(!rawRemoveUserFromLocalTenantEx(dkcobj_permanent, tenant, delete_user_name, id)){
+				r3logger.elog('could not delete user(' + delete_user_name + ') from tenant(' + tenant + '), id(' + id + '), but continue...');
+			}
+		}
+
+		//
+		// Re-update user key in tenant(always update...)
+		//
+		if(!dkcobj_permanent.setSubkeys(keys.TENANT_USER_KEY, new_user_subkeylist)){	// add subkey yrn:yahoo::::user:<user> -> yrn:yahoo:::<tenant>:user
+			r3logger.elog('could not add ' + keys.USER_KEY + ' subkey under ' + keys.TENANT_USER_KEY + ' key');
+			return false;
+		}
 	}
 
 	//
@@ -2856,13 +2999,14 @@ function rawCheckTenantEnable(dkcobj_permanent, tenant, servicename)
 //	id				: tenant id
 //	desc			: tenant description
 //	display			: display name
-//	other_users		: other users in this tenant (this parameter is invalid if service is specified)
+//	tenant_users	: tenant users in this tenant (this parameter is invalid if service is specified)
+//	is_replace_users: replace with tenant_users if this flag is true (default). if false, tenant_users will be added.
 //
 // [NOTE]
 // This function does not check the user is a member in tenant, then 
 // you must check it before calling this function.
 //
-function rawCreateTenant(user, tenant, id, desc, display, other_users)
+function rawCreateTenant(user, tenant, id, desc, display, tenant_users, is_replace_users)
 {
 	var	resobj = {result: true, message: null};
 
@@ -2884,6 +3028,19 @@ function rawCreateTenant(user, tenant, id, desc, display, other_users)
 		// to string
 		id = String(id);
 	}
+	if(!apiutil.isArray(tenant_users) && !apiutil.isSafeString(tenant_users)){
+		// tenant_users must be array or string
+		//
+		resobj.result	= false;
+		resobj.message	= 'parameter is wrong : tenant_users=' + JSON.stringify(tenant_users);
+		r3logger.elog(resobj.message);
+		return resobj;
+	}else if(!apiutil.isArray(tenant_users)){
+		tenant_users = [tenant_users];
+	}
+	if('boolean' !== typeof is_replace_users){
+		is_replace_users = true;
+	}
 
 	var	dkcobj			= k2hdkc(dkcconf, dkcport, dkccuk, true, false);					// use permanent object(need to clean)
 	if(!rawInitKeyHierarchy(dkcobj)){
@@ -2894,10 +3051,19 @@ function rawCreateTenant(user, tenant, id, desc, display, other_users)
 		return resobj;
 	}
 
+	if(!is_replace_users){
+		var	findobj = rawFindTenantEx(dkcobj, tenant, user, id);
+		if(apiutil.isSafeEntity(findobj)){
+			// found tenant
+			tenant_users = apiutil.mergeArray(tenant_users, apiutil.getSafeArray(findobj.users));
+			tenant_users.sort();
+		}
+	}
+
 	//
 	// Create tenant top
 	//
-	if(!rawCreateTenantEx(dkcobj, user, tenant, null, id, desc, display, other_users)){
+	if(!rawCreateTenantEx(dkcobj, user, tenant, null, id, desc, display, tenant_users)){
 		resobj.result	= false;
 		resobj.message	= 'could not create tenant(' + tenant + ') with id(' + id + '), desc(' + JSON.stringify(desc) + '), display(' + JSON.stringify(display) + '), user(' + user + ')';
 		r3logger.elog(resobj.message);
@@ -11783,12 +11949,12 @@ function rawCompareChildrenListName(child1, child2)
 //
 // These functions initializing tenant is without service.
 //
-exports.initTenant = function(tenantname, id, desc, display, user, other_users)
+exports.initTenant = function(tenantname, id, desc, display, user, tenant_users)
 {
 	//
 	// Must initialize service key before calling this if specified service parameter
 	//
-	return rawCreateTenant(user, tenantname, id, desc, display, other_users);
+	return rawCreateTenant(user, tenantname, id, desc, display, tenant_users, true);
 };
 
 exports.initUser = function(user, id, username, tenant)
@@ -11801,7 +11967,7 @@ exports.initUserTenant = function(user, userid, username, tenant, tenantid, tena
 	//
 	// Must initialize service key before calling this if specified service parameter
 	//
-	var	resobj = rawCreateTenant(user, tenant, tenantid, tenantdesc, tenantdisplay);
+	var	resobj = rawCreateTenant(user, tenant, tenantid, tenantdesc, tenantdisplay, user, false);
 	if(resobj.result){
 		resobj = rawCreateUser(user, userid, username, tenant);
 	}
@@ -11823,6 +11989,11 @@ exports.removeUserFromLocalTenant = function(tenant, user, id)
 	return rawRemoveUserFromLocalTenant(tenant, user, id);
 };
 
+exports.removeLocalTenant = function(tenant, user, id)
+{
+	return rawRemoveLocalTenant(tenant, user, id);
+};
+
 exports.getUserId = function(username)
 {
 	return rawGetUserId(username);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "k2hr3-api",
-  "version": "1.0.26",
+  "version": "1.0.27",
   "dependencies": {
     "@kubernetes/client-node": "^0.18.1",
     "body-parser": "^1.20.2",
@@ -12,7 +12,7 @@
     "jose": "^4.14.4",
     "k2hdkc": "^1.0.5",
     "morgan": "~1.10.0",
-    "rotating-file-stream": "^3.1.0"
+    "rotating-file-stream": "^3.1.1"
   },
   "bin": {
     "k2hr3-api": "./bin/www",
@@ -30,12 +30,12 @@
   "devDependencies": {
     "chai": "^4.3.7",
     "chai-http": "^4.4.0",
-    "eslint": "^8.44.0",
+    "eslint": "^8.45.0",
     "mocha": "^10.2.0",
     "nyc": "^15.1.0"
   },
   "scripts": {
-    "help": "echo 'command list:\n    npm run start\n    npm run start:prod\n    npm run start:production\n    npm run start:prod:dbg\n    npm run start:prod:debug\n    npm run start:prod:debug:break\n    npm run start:prod:debug:nobreak\n    npm run start:dev\n    npm run start:develop\n    npm run start:dev:dbg\n    npm run start:dev:debug\n    npm run start:dev:debug:break\n    npm run start:dev:debug:nobreak\n    npm run start:watcher:prod\n    npm run start:watcher:production\n    npm run start:watcher:dev\n    npm run start:watcher:develop\n    npm run start:watcher:dbg\n    npm run start:watcher:debug\n    npm run start:watcher:debug:break\n    npm run start:watcher:debug:nobreak\n    npm run start:watcher:oneshot:prod\n    npm run start:watcher:oneshot:production\n    npm run start:watcher:oneshot:dev\n    npm run start:watcher:oneshot:develop\n    npm run start:watcher:oneshot:dbg\n    npm run start:watcher:oneshot:debug\n    npm run start:watcher:oneshot:debug:break\n    npm run start:watcher:oneshot:debug:nobreak\n    npm run stop\n    npm run stop:watcher\n    npm run test\n    npm run test:lint\n    npm run test:cover\n    npm run test:auto:all{:dbg}\n    npm run test:auto:version{:dbg}\n    npm run test:auto:usertokens{:dbg}\n    npm run test:auto:list{:dbg}\n    npm run test:auto:resource{:dbg}\n    npm run test:auto:policy{:dbg}\n    npm run test:auto:role{:dbg}\n    npm run test:auto:service{:dbg}\n    npm run test:auto:acr{:dbg}\n    npm run test:auto:userdata{:dbg}\n    npm run test:auto:extdata{:dbg}\n    npm run test:auto:watcher{:dbg}\n    npm run test:auto:templengine\n    npm run test:auto:templengine:async\n    npm run test:manual:apis:version_get\n    npm run test:manual:apis:usertoken_postput\n    npm run test:manual:apis:usertoken_gethead\n    npm run test:manual:apis:policy_postput\n    npm run test:manual:apis:policy_gethead\n    npm run test:manual:apis:policy_delete\n    npm run test:manual:apis:resource_postput\n    npm run test:manual:apis:resource_gethead\n    npm run test:manual:apis:resource_delete\n    npm run test:manual:apis:role_postput\n    npm run test:manual:apis:role_gethead\n    npm run test:manual:apis:role_delete\n    npm run test:manual:apis:tenant_postput\n    npm run test:manual:apis:tenant_gethead\n    npm run test:manual:apis:tenant_delete\n    npm run test:manual:apis:service_postput\n    npm run test:manual:apis:service_gethead\n    npm run test:manual:apis:service_delete\n    npm run test:manual:apis:acr_postput\n    npm run test:manual:apis:acr_get\n    npm run test:manual:apis:acr_delete\n    npm run test:manual:apis:list_gethead\n    npm run test:manual:apis:userdata_get\n    npm run test:manual:apis:extdata_get\n    npm run test:manual:apis:allusertenant_get\n    npm run test:manual:apis:k2hr3keys_get\n    npm run test:manual:load:k2hdkcdata:auto\n    npm run test:manual:load:k2hdkcdata:local\n    npm run test:manual:templengine\n    npm run test:manual:templengine:async\n'",
+    "help": "echo 'command list:\n    npm run start\n    npm run start:prod\n    npm run start:production\n    npm run start:prod:dbg\n    npm run start:prod:debug\n    npm run start:prod:debug:break\n    npm run start:prod:debug:nobreak\n    npm run start:dev\n    npm run start:develop\n    npm run start:dev:dbg\n    npm run start:dev:debug\n    npm run start:dev:debug:break\n    npm run start:dev:debug:nobreak\n    npm run start:watcher:prod\n    npm run start:watcher:production\n    npm run start:watcher:dev\n    npm run start:watcher:develop\n    npm run start:watcher:dbg\n    npm run start:watcher:debug\n    npm run start:watcher:debug:break\n    npm run start:watcher:debug:nobreak\n    npm run start:watcher:oneshot:prod\n    npm run start:watcher:oneshot:production\n    npm run start:watcher:oneshot:dev\n    npm run start:watcher:oneshot:develop\n    npm run start:watcher:oneshot:dbg\n    npm run start:watcher:oneshot:debug\n    npm run start:watcher:oneshot:debug:break\n    npm run start:watcher:oneshot:debug:nobreak\n    npm run stop\n    npm run stop:watcher\n    npm run test\n    npm run test:lint\n    npm run test:cover\n    npm run test:auto:all{:dbg}\n    npm run test:auto:version{:dbg}\n    npm run test:auto:usertokens{:dbg}\n    npm run test:auto:list{:dbg}\n    npm run test:auto:resource{:dbg}\n    npm run test:auto:policy{:dbg}\n    npm run test:auto:role{:dbg}\n    npm run test:auto:tenant{:dbg}\n    npm run test:auto:service{:dbg}\n    npm run test:auto:acr{:dbg}\n    npm run test:auto:userdata{:dbg}\n    npm run test:auto:extdata{:dbg}\n    npm run test:auto:watcher{:dbg}\n    npm run test:auto:templengine\n    npm run test:auto:templengine:async\n    npm run test:manual:apis:version_get\n    npm run test:manual:apis:usertoken_postput\n    npm run test:manual:apis:usertoken_gethead\n    npm run test:manual:apis:policy_postput\n    npm run test:manual:apis:policy_gethead\n    npm run test:manual:apis:policy_delete\n    npm run test:manual:apis:resource_postput\n    npm run test:manual:apis:resource_gethead\n    npm run test:manual:apis:resource_delete\n    npm run test:manual:apis:role_postput\n    npm run test:manual:apis:role_gethead\n    npm run test:manual:apis:role_delete\n    npm run test:manual:apis:tenant_postput\n    npm run test:manual:apis:tenant_gethead\n    npm run test:manual:apis:tenant_delete\n    npm run test:manual:apis:service_postput\n    npm run test:manual:apis:service_gethead\n    npm run test:manual:apis:service_delete\n    npm run test:manual:apis:acr_postput\n    npm run test:manual:apis:acr_get\n    npm run test:manual:apis:acr_delete\n    npm run test:manual:apis:list_gethead\n    npm run test:manual:apis:userdata_get\n    npm run test:manual:apis:extdata_get\n    npm run test:manual:apis:allusertenant_get\n    npm run test:manual:apis:k2hr3keys_get\n    npm run test:manual:load:k2hdkcdata:auto\n    npm run test:manual:load:k2hdkcdata:local\n    npm run test:manual:templengine\n    npm run test:manual:templengine:async\n'",
     "start": "npm run start:production",
     "start:prod": "npm run start:production",
     "start:production": "bin/run.sh -bg --production && echo '' && echo 'Start on production - Success' && echo ''",
@@ -70,7 +70,7 @@
     "test": "npm run test:cover",
     "test:lint": "eslint lib/*.js app.js bin/www bin/watcher routes/*.js tests/*.js",
     "test:cover": "echo 'Test with coverage' && nyc --reporter=lcov --reporter=text npm run test:auto:all",
-    "test:auto": "echo 'Auto test : npm run test:auto:*\n      test:auto:all{:dbg}\n      test:auto:version{:dbg}\n      test:auto:usertokens{:dbg}\n      test:auto:list{:dbg}\n      test:auto:resource{:dbg}\n      test:auto:policy{:dbg}\n      test:auto:role{:dbg}\n      test:auto:tenant{:dbg}\n      test:auto:service{:dbg}\n      test:auto:acr{:dbg}\n      test:auto:userdata{:dbg}\n      test:auto:extdata{:dbg}\n      test:auto:watcher{:dbg}\n      test:auto:templengine\n      test:auto:templengine:async\n'",
+    "test:auto": "echo 'Auto test : npm run test:auto:*\n      test:auto:all{:dbg}\n      test:auto:version{:dbg}\n      test:auto:usertokens{:dbg}\n      test:auto:list{:dbg}\n      test:auto:resource{:dbg}\n      test:auto:policy{:dbg}\n      test:auto:role{:dbg}\n      test:auto:tenant{:dbg}\n      test:auto:tenant{:dbg}\n      test:auto:service{:dbg}\n      test:auto:acr{:dbg}\n      test:auto:userdata{:dbg}\n      test:auto:extdata{:dbg}\n      test:auto:watcher{:dbg}\n      test:auto:templengine\n      test:auto:templengine:async\n'",
     "test:auto:all": "echo 'All test' && npm run test:lint && tests/test.sh -t 8000 all && npm run test:auto:templengine && npm run test:auto:templengine:async && echo 'Succeed test' && echo ''",
     "test:auto:all:dbg": "echo 'All test with debugging' && npm run test:lint && tests/test.sh -t 8000 -d dbg all && echo 'Succeed test' && echo ''",
     "test:auto:version": "echo 'Test Version' && tests/test.sh -t 8000 version && echo 'Succeed test' && echo ''",

package/routes/tenant.js

@@ -393,7 +393,23 @@ router.post('/', function(req, res, next)					// eslint-disable-line no-unused-v
 		// add own user
 		apiutil.tryAddStringToArray(tenant_users, comparam.user_name);
 	}else{
-		if(!apiutil.findStringInArray(tenant_users, comparam.user_name)){
+		if(apiutil.isEmptyArray(tenant_users)){
+			result.result	= false;
+			result.message	= 'POST request tenant(' + tenant_name + ') does not have any user list.';
+			r3logger.elog(result.message);
+			resutil.errResponse(req, res, 400, result);		// 400: Bad Request
+			return;
+		}
+
+		var	findobj = k2hr3.findTenant(tenant_name, comparam.user_name, tenant_id);
+		if(	!apiutil.isSafeEntity(findobj)											||
+			!apiutil.isSafeEntity(findobj.result)									||
+			false === findobj.result												||
+			!apiutil.isSafeEntity(findobj.tenant)									||
+			!apiutil.isSafeEntity(findobj.tenant.name)								||
+			!apiutil.getSafeArray(findobj.tenant.users)								||
+			!apiutil.findStringInArray(findobj.tenant.users, comparam.user_name)	)
+		{
 			result.result	= false;
 			result.message	= 'POST request tenant(' + tenant_name + ') does not allow user(' + comparam.user_name + ').';
 			r3logger.elog(result.message);
@@ -604,21 +620,37 @@ router.put('/', function(req, res, next)					// eslint-disable-line no-unused-va
 		tenant_users = apiutil.parseJSON(req.query.users);
 		if(!apiutil.isArray(tenant_users) && apiutil.isSafeString(tenant_users)){
 			tenant_users = [tenant_users];
-		}else if(!apiutil.isArray(tenant_users)){
-			tenant_users = [];
+		}else{
+			tenant_users = apiutil.getSafeArray(tenant_users);
 		}
-	}else if(apiutil.isArray(req.query.users)){
-		tenant_users = req.query.users;
-	}else if(apiutil.isSafeString(req.query.users)){
+	}else if(!apiutil.isArray(req.query.users) && apiutil.isSafeString(req.query.users)){
 		tenant_users = [req.query.users];
 	}else{
-		tenant_users = [];
+		tenant_users = apiutil.getSafeArray(req.query.users);
 	}
+
 	if(is_create){
 		// add own user
 		apiutil.tryAddStringToArray(tenant_users, comparam.user_name);
 	}else{
-		if(!apiutil.findStringInArray(tenant_users, comparam.user_name)){
+		// check user in current tenant users
+		if(apiutil.isEmptyArray(tenant_users)){
+			result.result	= false;
+			result.message	= 'PUT request tenant(' + tenant_name + ') does not have any user list.';
+			r3logger.elog(result.message);
+			resutil.errResponse(req, res, 400, result);		// 400: Bad Request
+			return;
+		}
+
+		var	findobj = k2hr3.findTenant(tenant_name, comparam.user_name, tenant_id);
+		if(	!apiutil.isSafeEntity(findobj)											||
+			!apiutil.isSafeEntity(findobj.result)									||
+			false === findobj.result												||
+			!apiutil.isSafeEntity(findobj.tenant)									||
+			!apiutil.isSafeEntity(findobj.tenant.name)								||
+			!apiutil.getSafeArray(findobj.tenant.users)								||
+			!apiutil.findStringInArray(findobj.tenant.users, comparam.user_name)	)
+		{
 			result.result	= false;
 			result.message	= 'PUT request tenant(' + tenant_name + ') does not allow user(' + comparam.user_name + ').';
 			r3logger.elog(result.message);
@@ -917,11 +949,26 @@ router.head('/', function(req, res, next)
 // Router DELETE
 //=========================================================
 //
-// Mountpath					: '/v1/tenant/<tenant>'
+// Mountpath				: '/v1/tenant'
 //
-// DELETE '/v1/tenant/<tenant>'	: delete tenant on version 1
+//---------------------------------------------------------
+// [DELETE] No tenant path
+//---------------------------------------------------------
+// DELETE '/v1/tenant'			: delete tenant version 1
 // HEADER						: X-Auth-Token	= <User token>
-// url argument					: "id":	 <id>			=>	key is "yrn:yahoo:::<tenant>:id"
+// url argument					: "tenant"		= <tenant name>
+// url argument					: "id"			= <id>			=>	key is "yrn:yahoo:::<tenant>:id"
+// response status code			: 204 or 4xx/5xx
+// response body				: nothing
+//
+// This mount point deletes the specified <K2HR3 cluster LOCAL> tenant.
+//
+//---------------------------------------------------------
+// [DELETE] With tenant path
+//---------------------------------------------------------
+// DELETE '/v1/tenant/tenant'	: delete tenant version 1
+// HEADER						: X-Auth-Token	= <User token>
+// url argument					: "id"			=  <id>			=>	key is "yrn:yahoo:::<tenant>:id"
 // response status code			: 204 or 4xx/5xx
 // response body				: nothing
 //
@@ -930,7 +977,7 @@ router.head('/', function(req, res, next)
 // [NOTE]
 // Only users registered in the tenant to be deleted can delete this tenant.
 //
-router.delete('/', function(req, res, next)								// eslint-disable-line no-unused-vars
+router.delete('/', function(req, res, next)					// eslint-disable-line no-unused-vars
 {
 	r3logger.dlog('CALL:', req.method, req.url);
 
@@ -940,7 +987,7 @@ router.delete('/', function(req, res, next)								// eslint-disable-line no-unu
 		!apiutil.isSafeEntity(req.baseUrl)	)
 	{
 		r3logger.elog('DELETE request or url or query is wrong');
-		resutil.errResponse(req, res, 400);								// 400: Bad Request
+		resutil.errResponse(req, res, 400);					// 400: Bad Request
 		return;
 	}
 
@@ -965,39 +1012,73 @@ router.delete('/', function(req, res, next)								// eslint-disable-line no-unu
 	}
 
 	//------------------------------
-	// Check uri paths(tenant name)
+	// Check uri paths
 	//------------------------------
+	var	tenant_name;
+	var	tenant_id;
 	if(!apiutil.isSafeString(comparam.tenant_name)){
-		r3logger.elog('DELETE request tenant must specify <tenant> path');
-		resutil.errResponse(req, res, 400);				// 400: Bad Request
-		return;
-	}
+		//------------------------------
+		// Check argments(tenant)
+		//------------------------------
+		tenant_name = apiutil.getSafeString(req.query.tenant);
+		if(!apiutil.isSafeString(tenant_name)){
+			r3logger.elog('DELETE request tenant must specify in argument');
+			resutil.errResponse(req, res, 400);			// 400: Bad Request
+			return;
+		}
 
-	//------------------------------
-	// Check argments(id)
-	//------------------------------
-	var	tenant_id = apiutil.getSafeString(req.query.id);
-	if(!apiutil.isSafeString(tenant_id)){
-		r3logger.elog('DELETE request id must specify in argument');
-		resutil.errResponse(req, res, 400);				// 400: Bad Request
-		return;
-	}
+		//------------------------------
+		// Check argments(id)
+		//------------------------------
+		tenant_id = apiutil.getSafeString(req.query.id);
+		if(!apiutil.isSafeString(tenant_id)){
+			r3logger.elog('DELETE request id must specify in argument');
+			resutil.errResponse(req, res, 400);			// 400: Bad Request
+			return;
+		}
 
-	//------------------------------
-	// Processing
-	//------------------------------
-	resobj = k2hr3.removeUserFromLocalTenant(comparam.tenant_name, comparam.user_name, tenant_id);
-	if(!apiutil.isSafeEntity(resobj) || !apiutil.isSafeEntity(resobj.result) || false === resobj.result){
-		if(apiutil.isSafeEntity(resobj) && apiutil.isSafeString(resobj.message)){
-			r3logger.elog('DELETE request failed to remove user from tenant by ' + resobj.message);
-		}else{
-			r3logger.elog('DELETE request failed to remove user from tenant by unknown reason');
+		//------------------------------
+		// Processing
+		//------------------------------
+		resobj = k2hr3.removeLocalTenant(tenant_name, comparam.user_name, tenant_id);
+		if(!apiutil.isSafeEntity(resobj) || !apiutil.isSafeEntity(resobj.result) || false === resobj.result){
+			if(apiutil.isSafeEntity(resobj) && apiutil.isSafeString(resobj.message)){
+				r3logger.elog('DELETE request failed to remove user from tenant by ' + resobj.message);
+			}else{
+				r3logger.elog('DELETE request failed to remove user from tenant by unknown reason');
+			}
+			resutil.errResponse(req, res, 400);			// 400: Bad Request
+			return;
 		}
-		resutil.errResponse(req, res, 400);				// 400: Bad Request
-		return;
+		r3logger.dlog('DELETE request succeed - remove tenant');
+
+	}else{
+		//------------------------------
+		// Check argments(id)
+		//------------------------------
+		tenant_id = apiutil.getSafeString(req.query.id);
+		if(!apiutil.isSafeString(tenant_id)){
+			r3logger.elog('DELETE request id must specify in argument');
+			resutil.errResponse(req, res, 400);			// 400: Bad Request
+			return;
+		}
+
+		//------------------------------
+		// Processing
+		//------------------------------
+		resobj = k2hr3.removeUserFromLocalTenant(comparam.tenant_name, comparam.user_name, tenant_id);
+		if(!apiutil.isSafeEntity(resobj) || !apiutil.isSafeEntity(resobj.result) || false === resobj.result){
+			if(apiutil.isSafeEntity(resobj) && apiutil.isSafeString(resobj.message)){
+				r3logger.elog('DELETE request failed to remove user from tenant by ' + resobj.message);
+			}else{
+				r3logger.elog('DELETE request failed to remove user from tenant by unknown reason');
+			}
+			resutil.errResponse(req, res, 400);			// 400: Bad Request
+			return;
+		}
+		r3logger.dlog('DELETE request succeed - remove user from tenant');
 	}
 
-	r3logger.dlog('DELETE request succeed - remove user from tenant');
 	res.status(204);									// 204: No Content
 	res.send();
 });

package/tests/auto_tenant.js

@@ -604,8 +604,7 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 				expect(res).to.be.json;
 				expect(res.body).to.be.an('object');
 				expect(res.body.result).to.be.a('boolean').to.be.false;
-				expect(res.body.message).to.be.a('string').to.have.string('PUT request failed to update tenant by failed to update tenant by could not find tenant(local@autotest_put_tenant_3) with user="dummyuser" and id=');
-
+				expect(res.body.message).to.be.a('string').to.have.string('PUT request tenant(local@autotest_put_tenant_3) does not allow user(dummyuser).');
 				done();
 			});
 	});
@@ -904,9 +903,9 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 	});
 
 	//
-	// Run Test(DELETE - TENANT - SUCCESS/FAILURE)
+	// Run Test(DELETE - TENANT USER - SUCCESS/FAILURE)
 	//
-	it('DELETE /v1/tenant/<tenant> : delete tenant(autotest_put_tenant_0) : success 200', function(done){					// eslint-disable-line no-undef
+	it('DELETE /v1/tenant/<tenant> : delete tenant user(autotest_put_tenant_0) : success 204', function(done){				// eslint-disable-line no-undef
 		var	uri	= '/v1/tenant/autotest_put_tenant_0';							// tenant name
 		uri		+= '?id=' + autotest_put_tenant_0_id;							// correct id
 
@@ -921,7 +920,7 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 			});
 	});
 
-	it('DELETE /v1/tenant/<tenant> : delete tenant(local@autotest_put_tenant_1) : success 200', function(done){				// eslint-disable-line no-undef
+	it('DELETE /v1/tenant/<tenant> : delete tenant user(local@autotest_put_tenant_1) : success 204', function(done){		// eslint-disable-line no-undef
 		var	uri	= '/v1/tenant/local@autotest_put_tenant_1';						// tenant name
 		uri		+= '?id=' + autotest_put_tenant_1_id;							// correct id
 
@@ -936,7 +935,7 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 			});
 	});
 
-	it('DELETE /v1/tenant/<tenant> : delete tenant(autotest_post_tenant_0) : failure(no token) 400', function(done){		// eslint-disable-line no-undef
+	it('DELETE /v1/tenant/<tenant> : delete tenant user(autotest_post_tenant_0) : failure(no token) 400', function(done){			// eslint-disable-line no-undef
 		var	uri	= '/v1/tenant/autotest_post_tenant_0';							// tenant name
 		uri		+= '?id=' + autotest_post_tenant_0_id;							// correct id
 
@@ -950,7 +949,7 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 			});
 	});
 
-	it('DELETE /v1/tenant/<tenant> : delete tenant(local@autotest_post_tenant_0) : failure(no token) 400', function(done){	// eslint-disable-line no-undef
+	it('DELETE /v1/tenant/<tenant> : delete tenant user(local@autotest_post_tenant_0) : failure(no token) 400', function(done){		// eslint-disable-line no-undef
 		var	uri	= '/v1/tenant/local@autotest_post_tenant_0';					// tenant name
 		uri		+= '?id=' + autotest_post_tenant_0_id;							// correct id
 
@@ -964,7 +963,7 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 			});
 	});
 
-	it('DELETE /v1/tenant/<tenant> : delete tenant(autotest_post_tenant_X) : failure(no exist tenant) 400', function(done){	// eslint-disable-line no-undef
+	it('DELETE /v1/tenant/<tenant> : delete tenant user(autotest_post_tenant_X) : failure(no exist tenant) 400', function(done){	// eslint-disable-line no-undef
 		var	uri	= '/v1/tenant/autotest_post_tenant_X';							// not exist tenant name
 		uri		+= '?id=' + autotest_post_tenant_0_id;							// wrong id
 
@@ -977,6 +976,118 @@ describe('API : TENANT', function(){					// eslint-disable-line no-undef
 				done();
 			});
 	});
+
+	//
+	// Run Test(DELETE - TENANT - SUCCESS/FAILURE)
+	//
+	it('DELETE /v1/tenant : delete tenant(autotest_post_tenant_0) : failure(no token) 400', function(done){				// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=autotest_post_tenant_0';							// tenant name
+		uri		+= '&id=' + autotest_post_tenant_0_id;							// correct id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant : delete tenant(local@autotest_post_tenant_0) : failure(no tenant) 400', function(done){		// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?id=' + autotest_post_tenant_0_id;							// correct id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant : delete tenant(local@autotest_post_tenant_0) : failure(no id) 400', function(done){			// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=autotest_post_tenant_0';							// tenant name
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant : delete tenant(autotest_post_tenant_X) : failure(no exist tenant) 400', function(done){		// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=autotest_post_tenant_X';							// not exist tenant name
+		uri		+= '&id=' + autotest_post_tenant_0_id;							// id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant : delete tenant(autotest_post_tenant_X) : failure(wrong id) 400', function(done){		// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=autotest_post_tenant_0';							// tenant name
+		uri		+= '&id=' + autotest_post_tenant_1_id;							// wrong id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant : delete tenant(autotest_post_tenant_0) : failure(not local@) 400', function(done){	// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=autotest_post_tenant_0';							// tenant name
+		uri		+= '&id=' + autotest_post_tenant_0_id;							// correct id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(400);
+
+				done();
+			});
+	});
+
+	it('DELETE /v1/tenant/<tenant> : delete tenant(local@autotest_post_tenant_1) : success 204', function(done){		// eslint-disable-line no-undef
+		var	uri	= '/v1/tenant';
+		uri		+= '?tenant=local@autotest_post_tenant_1';						// tenant name
+		uri		+= '&id=' + autotest_post_tenant_1_id;							// correct id
+
+		chai.request(app)
+			.delete(uri)
+			.set('content-type', 'application/json')
+			.set('x-auth-token', alltokens.unscopedtoken)						// unscoped token
+			.end(function(err, res){
+				expect(res).to.have.status(204);
+
+				done();
+			});
+	});
 });
 
 /*

package/tests/manual_tenant_delete.js

@@ -40,20 +40,32 @@ var	is_https = apiutil.compareCaseString('yes', process.env.HTTPS_ENV);
 //
 // Request API for test
 //
-function deleteV1Tenant(token, name, id)
+function deleteV1Tenant(token, name, id, remove_all)
 {
 	var	headers = {
 		'Content-Type':		'application/json',
 		'Content-Length':	0,
 		'X-Auth-Token':		token
 	};
-	var	options = {
-		'host':				hostname,
-		'port':				hostport,
-		'path': 			'/v1/tenant/' + name + encodeURI('?id=' + id),
-		'method':			'DELETE',
-		'headers':			headers
-	};
+
+	var	options;
+	if(remove_all){
+		options = {
+			'host':				hostname,
+			'port':				hostport,
+			'path': 			'/v1/tenant' + encodeURI('?tenant=' + name) + '&' + encodeURI('id=' + id),
+			'method':			'DELETE',
+			'headers':			headers
+		};
+	}else{
+		options = {
+			'host':				hostname,
+			'port':				hostport,
+			'path': 			'/v1/tenant/' + name + encodeURI('?id=' + id),
+			'method':			'DELETE',
+			'headers':			headers
+		};
+	}
 
 	r3logger.dlog('request options   = ' + JSON.stringify(options));
 	r3logger.dlog('request headers   = ' + JSON.stringify(headers));
@@ -134,10 +146,32 @@ cliutil.getConsoleInput('Unscoped(or Scoped) user token       : ', true, false,
 			}
 			var	_id = apiutil.getSafeString(id);
 
-			//
-			// Run
-			//
-			deleteV1Tenant(_token, _tenant, _id);
+			cliutil.getConsoleInput('Remove tenant(yes/no(default))       : ', true, false, function(isbreak, remove_all)
+			{
+				if(isbreak){
+					process.exit(0);
+				}
+
+				var	_remove_all;
+				if(!apiutil.isSafeString(remove_all) || 'no' == remove_all || 'n' == remove_all){
+					_remove_all = false;
+				}else if('yes' == remove_all || 'y' == remove_all){
+					_remove_all = true;
+
+					if(0 !== _tenant.indexOf('local@')){
+						console.log('Need tenant name started with local@ for remove it.');
+						process.exit(0);
+					}
+				}else{
+					console.log('input must be yes or no(null)');
+					process.exit(0);
+				}
+
+				//
+				// Run
+				//
+				deleteV1Tenant(_token, _tenant, _id, _remove_all);
+			});
 		});
 	});
 });