Update federated user display name with shadow_users_api
When a user comes to the cloud for the first time, a shadow user is
created. When the user authenticates again, this shadow user is
fetched and returned. Before it is returned, its display name should
be updated. But the call to update the display name fails because
neither identity manager nor identity drivers have the required
method. However, the required method exists in shadow_users_api.
The issue was hidden because method shadow_federated_user was
cached and while the cache lived, the user could authenticate.
Use the method of shadow_user_api instead of identity_api to update
federated user display name.
Change-Id: I58e65bdf3a953f3ded485003939b81f908738e1e
Closes-Bug: 1566282
(cherry picked from commit 7ad4f8728c
)
This commit is contained in:
parent
dba04cdd23
commit
3e5fca06c6
|
@ -1239,8 +1239,8 @@ class Manager(manager.Manager):
|
|||
try:
|
||||
user_dict = self.shadow_users_api.get_federated_user(
|
||||
idp_id, protocol_id, unique_id)
|
||||
self.update_federated_user_display_name(idp_id, protocol_id,
|
||||
unique_id, display_name)
|
||||
self.shadow_users_api.update_federated_user_display_name(
|
||||
idp_id, protocol_id, unique_id, display_name)
|
||||
except exception.UserNotFound:
|
||||
federated_dict = {
|
||||
'idp_id': idp_id,
|
||||
|
|
|
@ -499,6 +499,34 @@ class IdentityTestCase(test_v3.RestfulTestCase):
|
|||
self.assertIsNone(user['domain_id'])
|
||||
self.assertEqual(user['enabled'], True)
|
||||
|
||||
def test_shadow_existing_federated_user(self):
|
||||
fed_user = unit.new_federated_user_ref()
|
||||
|
||||
# introduce the user to keystone for the first time
|
||||
shadow_user1 = self.identity_api.shadow_federated_user(
|
||||
fed_user["idp_id"],
|
||||
fed_user["protocol_id"],
|
||||
fed_user["unique_id"],
|
||||
fed_user["display_name"])
|
||||
self.assertEqual(fed_user['display_name'], shadow_user1['name'])
|
||||
|
||||
# shadow the user again, with another name to invalidate the cache
|
||||
# internally, this operation causes request to the driver. It should
|
||||
# not fail.
|
||||
fed_user['display_name'] = uuid.uuid4().hex
|
||||
shadow_user2 = self.identity_api.shadow_federated_user(
|
||||
fed_user["idp_id"],
|
||||
fed_user["protocol_id"],
|
||||
fed_user["unique_id"],
|
||||
fed_user["display_name"])
|
||||
# FIXME(dolph): These assertEqual / assertNotEqual should be reversed,
|
||||
# to illustrate that the display name has been updated as expected.
|
||||
self.assertNotEqual(fed_user['display_name'], shadow_user2['name'])
|
||||
self.assertEqual(shadow_user1['name'], shadow_user2['name'])
|
||||
|
||||
# The shadowed users still share the same unique ID.
|
||||
self.assertEqual(shadow_user1['id'], shadow_user2['id'])
|
||||
|
||||
# group crud tests
|
||||
|
||||
def test_create_group(self):
|
||||
|
|
Loading…
Reference in New Issue