Don't remove role assignment if no change

If there is no change of role assignment, do not update.

Change-Id: I4f1c89b265e2cbeacc9f110bd1e27d5c9234f714
Closes-Bug: #1522310
changes/47/252847/1
huangtianhua 7 years ago
parent e7ec1982cc
commit 0500ac6765

@ -254,30 +254,32 @@ class KeystoneRoleAssignmentMixin(object):
self.properties.get(self.ROLES))
def update_assignment(self, prop_diff, user_id=None, group_id=None):
(new_role_assignments,
removed_role_assignments) = self._find_differences(
prop_diff.get(self.ROLES),
self._stored_properties_data.get(self.ROLES))
if len(new_role_assignments) > 0:
if user_id is not None:
self._add_role_assignments_to_user(
user_id,
new_role_assignments)
elif group_id is not None:
self._add_role_assignments_to_group(
group_id,
new_role_assignments)
if len(removed_role_assignments) > 0:
if user_id is not None:
self._remove_role_assignments_from_user(
user_id,
removed_role_assignments)
elif group_id is not None:
self._remove_role_assignments_from_group(
group_id,
removed_role_assignments)
# if there is no change do not update
if self.ROLES in prop_diff:
(new_role_assignments,
removed_role_assignments) = self._find_differences(
prop_diff.get(self.ROLES),
self._stored_properties_data.get(self.ROLES))
if len(new_role_assignments) > 0:
if user_id is not None:
self._add_role_assignments_to_user(
user_id,
new_role_assignments)
elif group_id is not None:
self._add_role_assignments_to_group(
group_id,
new_role_assignments)
if len(removed_role_assignments) > 0:
if user_id is not None:
self._remove_role_assignments_from_user(
user_id,
removed_role_assignments)
elif group_id is not None:
self._remove_role_assignments_from_group(
group_id,
removed_role_assignments)
def delete_assignment(self, user_id=None, group_id=None):
if self._stored_properties_data.get(self.ROLES) is not None:

@ -261,6 +261,11 @@ class KeystoneGroupTest(common.HeatTestCase):
domain_id='test_domain'
)
# validate the role assignment isn't updated
self.roles = self.keystoneclient.roles
self.assertEqual(0, self.roles.revoke.call_count)
self.assertEqual(0, self.roles.grant.call_count)
def test_group_handle_update_default(self):
self.test_group.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
self.test_group._stored_properties_data = dict(domain='default')

@ -309,6 +309,20 @@ class KeystoneRoleAssignmentMixinTest(common.HeatTestCase):
group='group_1',
project='project_1')
def test_role_assignment_update_roles_no_change(self):
prop_diff = {}
self.test_role_assignment.update_assignment(
group_id='group_1',
prop_diff=prop_diff)
self.assertEqual(0, self.roles.grant.call_count)
self.assertEqual(0, self.roles.revoke.call_count)
self.test_role_assignment.update_assignment(
user_id='user_1',
prop_diff=prop_diff)
self.assertEqual(0, self.roles.grant.call_count)
self.assertEqual(0, self.roles.revoke.call_count)
def test_role_assignment_delete_user(self):
self.test_role_assignment._stored_properties_data = {
'roles': [

@ -235,6 +235,11 @@ class KeystoneUserTest(common.HeatTestCase):
self.test_user.resource_id,
group)
# validate the role assignment isn't updated
self.roles = self.keystoneclient.roles
self.assertEqual(0, self.roles.revoke.call_count)
self.assertEqual(0, self.roles.grant.call_count)
def test_user_handle_delete(self):
self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
self.test_user._stored_properties_data = {

Loading…
Cancel
Save