Fix modifying a role with same name using LDAP
When the keystone server was configured to use the LDAP assignment backend and a role was modified with the same name as the role the operation would fail. This is because the server would check that a role with the same name existed already and it would of course find the entry that is currently being modified. The server is changed to check if the entry currently being modified is the one with the same name and the operation is allowed if this is the case. Change-Id: Ia86ef9fabfd438367a7ed09efb55711860e47d8b Closes-Bug: #1401721
This commit is contained in:
parent
79c2fedd6f
commit
b6f7cad8ba
|
@ -690,9 +690,10 @@ class RoleApi(common_ldap.BaseLdap):
|
|||
new_name = role.get('name')
|
||||
if new_name is not None:
|
||||
try:
|
||||
old_name = self.get_by_name(new_name)
|
||||
raise exception.Conflict(
|
||||
_('Cannot duplicate name %s') % old_name)
|
||||
old_role = self.get_by_name(new_name)
|
||||
if old_role['id'] != role_id:
|
||||
raise exception.Conflict(
|
||||
_('Cannot duplicate name %s') % old_role)
|
||||
except exception.NotFound:
|
||||
pass
|
||||
return super(RoleApi, self).update(role_id, role)
|
||||
|
|
|
@ -1916,14 +1916,6 @@ class LDAPIdentity(BaseLDAPIdentity, tests.TestCase):
|
|||
self.assertEqual('crap', user_ref['id'])
|
||||
self.assertEqual('Foo Bar', user_ref['name'])
|
||||
|
||||
def test_update_role_same_name(self):
|
||||
# Override
|
||||
# This test is failing using the LDAP assignment backend, see
|
||||
# bug 1401721.
|
||||
# FIXME(blk-u): This should work.
|
||||
self.assertRaises(exception.Conflict,
|
||||
super(LDAPIdentity, self).test_update_role_same_name)
|
||||
|
||||
|
||||
class LDAPIdentityEnabledEmulation(LDAPIdentity):
|
||||
def setUp(self):
|
||||
|
|
Loading…
Reference in New Issue