Fix modifying a role with same name using LDAP

When the keystone server was configured to use the LDAP assignment
backend and a role was modified with the same name as the role the
operation would fail. This is because the server would check that a
role with the same name existed already and it would of course find
the entry that is currently being modified.

The server is changed to check if the entry currently being modified
is the one with the same name and the operation is allowed if this is
the case.

(cherry picked from commit b6f7cad8ba)

Change-Id: Ia86ef9fabfd438367a7ed09efb55711860e47d8b
Closes-Bug: #1401721

keystone/assignment/backends/ldap.py

@@ -645,9 +645,10 @@ class RoleApi(common_ldap.BaseLdap):
         new_name = role.get('name')
         if new_name is not None:
             try:
-                old_name = self.get_by_name(new_name)
-                raise exception.Conflict(
-                    _('Cannot duplicate name %s') % old_name)
+                old_role = self.get_by_name(new_name)
+                if old_role['id'] != role_id:
+                    raise exception.Conflict(
+                        _('Cannot duplicate name %s') % old_role)
             except exception.NotFound:
                 pass
         return super(RoleApi, self).update(role_id, role)

keystone/tests/test_backend_ldap.py

@@ -1825,14 +1825,6 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
         self.assertEqual('crap', user_ref['id'])
         self.assertEqual('Foo Bar', user_ref['name'])
 
-    def test_update_role_same_name(self):
-        # Override
-        # This test is failing using the LDAP assignment backend, see
-        # bug 1401721.
-        # FIXME(blk-u): This should work.
-        self.assertRaises(exception.Conflict,
-                          super(LDAPIdentity, self).test_update_role_same_name)
-
 
 class LDAPIdentityEnabledEmulation(LDAPIdentity):
     def setUp(self):