From b6f7cad8ba432e6d3e33812238620e768c529996 Mon Sep 17 00:00:00 2001 From: Brant Knudson Date: Thu, 11 Dec 2014 19:18:45 -0600 Subject: [PATCH] Fix modifying a role with same name using LDAP When the keystone server was configured to use the LDAP assignment backend and a role was modified with the same name as the role the operation would fail. This is because the server would check that a role with the same name existed already and it would of course find the entry that is currently being modified. The server is changed to check if the entry currently being modified is the one with the same name and the operation is allowed if this is the case. Change-Id: Ia86ef9fabfd438367a7ed09efb55711860e47d8b Closes-Bug: #1401721 --- keystone/assignment/backends/ldap.py | 7 ++++--- keystone/tests/test_backend_ldap.py | 8 -------- 2 files changed, 4 insertions(+), 11 deletions(-) diff --git a/keystone/assignment/backends/ldap.py b/keystone/assignment/backends/ldap.py index b37e66fe93..48f6703f38 100644 --- a/keystone/assignment/backends/ldap.py +++ b/keystone/assignment/backends/ldap.py @@ -690,9 +690,10 @@ class RoleApi(common_ldap.BaseLdap): new_name = role.get('name') if new_name is not None: try: - old_name = self.get_by_name(new_name) - raise exception.Conflict( - _('Cannot duplicate name %s') % old_name) + old_role = self.get_by_name(new_name) + if old_role['id'] != role_id: + raise exception.Conflict( + _('Cannot duplicate name %s') % old_role) except exception.NotFound: pass return super(RoleApi, self).update(role_id, role) diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py index 7a4e11185c..76b52fc830 100644 --- a/keystone/tests/test_backend_ldap.py +++ b/keystone/tests/test_backend_ldap.py @@ -1916,14 +1916,6 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase): self.assertEqual('crap', user_ref['id']) self.assertEqual('Foo Bar', user_ref['name']) - def test_update_role_same_name(self): - # Override - # This test is failing using the LDAP assignment backend, see - # bug 1401721. - # FIXME(blk-u): This should work. - self.assertRaises(exception.Conflict, - super(LDAPIdentity, self).test_update_role_same_name) - class LDAPIdentityEnabledEmulation(LDAPIdentity): def setUp(self):