Expose a bug in domain creation from idps

When creating an identity provider, a domain will be created with it if it isn't already provided. If a database conflict occurs when an identity provider is created, the domain associated with it isn't cleaned up. This essentially orphans a domain that shouldn't have been created because the identity provider was never successfully created. Change-Id: Ie59d21abda422d4e9668725de4604ab99701dc59 Related-Bug: 1688188
2017-05-06 03:25:59 +00:00 · 2017-05-06 03:25:59 +00:00 · c668400d52
parent da472c5f3b
commit c668400d52
1 changed files with 23 additions and 0 deletions
--- a/keystone/tests/unit/test_v3_federation.py
+++ b/keystone/tests/unit/test_v3_federation.py
@ -912,6 +912,29 @@ class FederatedIdentityProviderTests(test_v3.RestfulTestCase):
        attr = self._fetch_attribute_from_response(resp, 'identity_provider')
        self.assertIdpDomainCreated(attr['id'], attr['domain_id'])

+    @utils.wip('This will fail because of bug #1688188')
+    def test_conflicting_idp_results_in_unhandled_domain_cleanup(self):
+        # NOTE(lbragstad): Create an identity provider, save its ID, and count
+        # the number of domains.
+        resp = self._create_default_idp()
+        idp_id = resp.json_body['identity_provider']['id']
+        domains = self.resource_api.list_domains()
+        number_of_domains = len(domains)
+
+        # Create an identity provider with the same ID to intentionally cause a
+        # conflict, this is going to result in a domain getting created for the
+        # new identity provider. The domain for the new identity provider is
+        # going to be created before the conflict is raised from the database
+        # layer. The resulting domain is never cleaned up but it should be
+        # since the identity provider was never created.
+        resp = self.put(
+            self.base_url(suffix=idp_id),
+            body={'identity_provider': self.default_body.copy()},
+            expected_status=http_client.CONFLICT
+        )
+        domains = self.resource_api.list_domains()
+        self.assertEqual(number_of_domains, len(domains))
+
    def test_create_idp_domain_id_unique_constraint(self):
        # create domain and add domain_id to keys to check
        domain = unit.new_domain_ref()