Expose bug in system assignment when deleting users

Project and domain role assignment are cleaned up when deleting
users. This commit introduces a test case that shows this isn't the
case for system role assignments. A subsequent patch will implement
a fix to make sure system role assignments are removed when users
are deleted, to be consistent with project and domain assignments.

Change-Id: I1a1e7395f462159037e939aa143e9e24aefb1841
Partial-Bug: 1749264
(cherry picked from commit 25596b874c)
This commit is contained in:
Lance Bragstad 2018-02-13 20:10:00 +00:00
parent 1365916701
commit 298f4458ba
1 changed files with 25 additions and 0 deletions

View File

@ -24,6 +24,7 @@ import keystone.conf
from keystone import exception
from keystone.tests import unit
from keystone.tests.unit import test_v3
from keystone.tests.unit import utils as test_utils
CONF = keystone.conf.CONF
@ -365,6 +366,30 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
# Make sure the role is gone
self.head(member_url, expected_status=http_client.NOT_FOUND)
@test_utils.wip("Waiting for a fix to bug #1749264")
def test_delete_user_before_removing_system_assignments_succeeds(self):
system_role = self._create_new_role()
user = self._create_user()
path = (
'/system/users/%(user_id)s/roles/%(role_id)s' %
{'user_id': user['id'], 'role_id': system_role}
)
self.put(path)
response = self.get('/role_assignments')
number_of_assignments = len(response.json_body['role_assignments'])
path = '/users/%(user_id)s' % {'user_id': user['id']}
self.delete(path)
# The user with the system role assignment is a new user and only has
# one role on the system. We should expect one less role assignment in
# the list.
response = self.get('/role_assignments')
self.assertValidRoleAssignmentListResponse(
response, expected_length=number_of_assignments - 1
)
def test_delete_user_and_check_role_assignment_fails(self):
"""Call ``DELETE`` on the user and check the role assignment."""
member_url, user = self._create_new_user_and_assign_role_on_project()