Fix remove role assignment adds role using LDAP assignment
When using the LDAP assignment backend, attempting to remove a role assignment when the role hadn't been used before would actually add the role assignment and would not return a 404 Not Found like the SQL backend. This change makes it so that when attempt to remove a role that wasn't assigned then 404 Not Found is returned. Closes-Bug: #1242855 Change-Id: I28ccd26cc4bb1a241d0363d0ab52d2c11410e8b3 (cherry picked from commitc6800ca1ac
) (cherry picked from commitb17e7bec76
)
This commit is contained in:
parent
e6adb2f75a
commit
4221b6020e
|
@ -426,20 +426,10 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
try:
|
||||
conn.modify_s(role_dn, [(ldap.MOD_DELETE,
|
||||
self.member_attribute, user_dn)])
|
||||
except ldap.NO_SUCH_OBJECT:
|
||||
if tenant_dn is None:
|
||||
raise exception.RoleNotFound(role_id=role_id)
|
||||
attrs = [('objectClass', [self.object_class]),
|
||||
(self.member_attribute, [user_dn])]
|
||||
|
||||
if self.use_dumb_member:
|
||||
attrs[1][1].append(self.dumb_member)
|
||||
try:
|
||||
conn.add_s(role_dn, attrs)
|
||||
except Exception as inst:
|
||||
raise inst
|
||||
except ldap.NO_SUCH_ATTRIBUTE:
|
||||
raise exception.UserNotFound(user_id=user_id)
|
||||
except (ldap.NO_SUCH_OBJECT, ldap.NO_SUCH_ATTRIBUTE):
|
||||
raise exception.RoleNotFound(message=_(
|
||||
'Cannot remove role that has not been granted, %s') %
|
||||
role_id)
|
||||
finally:
|
||||
conn.unbind_s()
|
||||
|
||||
|
|
|
@ -61,6 +61,15 @@ class IdentityTests(object):
|
|||
self.tenant_bar['id'])
|
||||
self.assertNotIn(self.user_two['id'], user_ids)
|
||||
|
||||
def test_remove_user_role_not_assigned(self):
|
||||
# Expect failure if attempt to remove a role that was never assigned to
|
||||
# the user.
|
||||
self.assertRaises(exception.RoleNotFound,
|
||||
self.identity_api.remove_role_from_user_and_project,
|
||||
tenant_id=self.tenant_bar['id'],
|
||||
user_id=self.user_two['id'],
|
||||
role_id=self.role_other['id'])
|
||||
|
||||
def test_authenticate_bad_user(self):
|
||||
self.assertRaises(AssertionError,
|
||||
self.identity_api.authenticate,
|
||||
|
|
Loading…
Reference in New Issue