Shadowing a nonlocal_user incorrectly creates a local_user

This patch fixes a bug where when shadowing a nonlocal_user (LDAP, custom driver) it also incorrectly creates a local_user. The error is related to hybrid properties and calling the class from_dict method, which set the local_user attributes. Change-Id: I6e69cce5f337a330f2531ff71db3e931b785271c Closes-Bug: #1615000
2016-08-19 15:40:21 +00:00 · 2016-08-19 15:40:21 +00:00 · 70e6d58f46
parent 45a181928f
commit 70e6d58f46
2 changed files with 12 additions and 0 deletions
--- a/keystone/identity/shadow_backends/sql.py
+++ b/keystone/identity/shadow_backends/sql.py
@ -90,6 +90,12 @@ class ShadowUsers(base.ShadowUsersDriverV10):
    @sql.handle_conflicts(conflict_type='nonlocal_user')
    def create_nonlocal_user(self, user_dict):
        new_user_dict = copy.deepcopy(user_dict)
+        # remove local_user attributes from new_user_dict
+        keys_to_delete = ['domain_id', 'name', 'password']
+        for key in keys_to_delete:
+            if key in new_user_dict:
+                del new_user_dict[key]
+        # create nonlocal_user dict
        new_nonlocal_user_dict = {
            'domain_id': user_dict['domain_id'],
            'name': user_dict['name']
--- a/keystone/tests/unit/identity/test_backends.py
+++ b/keystone/tests/unit/identity/test_backends.py
@ -1345,6 +1345,12 @@ class ShadowUsersTests(object):
                          self.shadow_users_api.create_nonlocal_user,
                          new_user)

+    def test_create_nonlocal_user_does_not_create_local_user(self):
+        user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
+        new_nonlocal_user = self.shadow_users_api.create_nonlocal_user(user)
+        user_ref = self._get_user_ref(new_nonlocal_user['id'])
+        self.assertIsNone(user_ref.local_user)
+
    def test_get_user(self):
        user = unit.new_user_ref(domain_id=CONF.identity.default_domain_id)
        user.pop('email')