summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2017-08-11 01:52:33 +0000
committerGerrit Code Review <review@openstack.org>2017-08-11 01:52:33 +0000
commite45e77170329f8af0f4d479838bfc69fa9f19014 (patch)
tree4bb9e363ba16522c6bc064338c72641ec08e0579
parent6a1d5b0e4dad11a8c99fc2da187df5a36cf83f49 (diff)
parentd0ad287df397513dd7cb8dd4da0cae383c6b49b0 (diff)
Merge "Unset project ids for all identity backends"12.0.0.0rc1
-rw-r--r--keystone/identity/core.py23
-rw-r--r--keystone/tests/unit/test_backend_ldap.py14
2 files changed, 28 insertions, 9 deletions
diff --git a/keystone/identity/core.py b/keystone/identity/core.py
index afa397b..b53d269 100644
--- a/keystone/identity/core.py
+++ b/keystone/identity/core.py
@@ -15,6 +15,7 @@
15"""Main entry point into the Identity service.""" 15"""Main entry point into the Identity service."""
16 16
17import functools 17import functools
18import itertools
18import operator 19import operator
19import os 20import os
20import threading 21import threading
@@ -530,15 +531,19 @@ class Manager(manager.Manager):
530 531
531 """ 532 """
532 project_id = payload['resource_info'] 533 project_id = payload['resource_info']
533 try: 534 drivers = itertools.chain(
534 self.driver.unset_default_project_id(project_id) 535 self.domain_configs.values(), [{'driver': self.driver}]
535 except exception.Forbidden: 536 )
536 # NOTE(lbragstad): If the driver throws a Forbidden, it's because 537 for d in drivers:
537 # the driver doesn't support writes. This is the case with the 538 try:
538 # in-tree LDAP implementation since it is read-only. This also 539 d['driver'].unset_default_project_id(project_id)
539 # ensures consistency for out-of-tree backends that might be 540 except exception.Forbidden:
540 # read-only. 541 # NOTE(lbragstad): If the driver throws a Forbidden, it's
541 pass 542 # because the driver doesn't support writes. This is the case
543 # with the in-tree LDAP implementation since it is read-only.
544 # This also ensures consistency for out-of-tree backends that
545 # might be read-only.
546 pass
542 547
543 # Domain ID normalization methods 548 # Domain ID normalization methods
544 def _set_domain_id_and_mapping(self, ref, domain_id, driver, 549 def _set_domain_id_and_mapping(self, ref, domain_id, driver,
diff --git a/keystone/tests/unit/test_backend_ldap.py b/keystone/tests/unit/test_backend_ldap.py
index a553504..ddf8852 100644
--- a/keystone/tests/unit/test_backend_ldap.py
+++ b/keystone/tests/unit/test_backend_ldap.py
@@ -33,6 +33,7 @@ from keystone import exception
33from keystone import identity 33from keystone import identity
34from keystone.identity.backends import ldap as ldap_identity 34from keystone.identity.backends import ldap as ldap_identity
35from keystone.identity.backends.ldap import common as common_ldap 35from keystone.identity.backends.ldap import common as common_ldap
36from keystone.identity.backends import sql as sql_identity
36from keystone.identity.mapping_backends import mapping as map 37from keystone.identity.mapping_backends import mapping as map
37from keystone.tests import unit 38from keystone.tests import unit
38from keystone.tests.unit.assignment import test_backends as assignment_tests 39from keystone.tests.unit.assignment import test_backends as assignment_tests
@@ -2500,6 +2501,19 @@ class MultiLDAPandSQLIdentity(BaseLDAPIdentity, unit.SQLDriverOverrides,
2500 base = super(BaseLDAPIdentity, self) 2501 base = super(BaseLDAPIdentity, self)
2501 base.test_remove_foreign_assignments_when_deleting_a_domain() 2502 base.test_remove_foreign_assignments_when_deleting_a_domain()
2502 2503
2504 @mock.patch.object(ldap_identity.Identity, 'unset_default_project_id')
2505 @mock.patch.object(sql_identity.Identity, 'unset_default_project_id')
2506 def test_delete_project_unset_project_ids_for_all_backends(self, sql_mock,
2507 ldap_mock):
2508 ldap_mock.side_effect = exception.Forbidden
2509 project = unit.new_project_ref(
2510 domain_id=CONF.identity.default_domain_id
2511 )
2512 project = self.resource_api.create_project(project['id'], project)
2513 self.resource_api.delete_project(project['id'])
2514 ldap_mock.assert_called_with(project['id'])
2515 sql_mock.assert_called_with(project['id'])
2516
2503 2517
2504class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity): 2518class MultiLDAPandSQLIdentityDomainConfigsInSQL(MultiLDAPandSQLIdentity):
2505 """Class to test the use of domain configs stored in the database. 2519 """Class to test the use of domain configs stored in the database.