Don't remove user from groups if groups don't change

If there is no change of 'groups' property when updating
a keystone user resource, do not remove the user from
the groups.

Change-Id: Ib8e920e6ef95d654d0641e8635bd586047c89047
Closes-Bug: #1522247
changes/29/252829/4
huangtianhua 7 years ago
parent 2467d83377
commit a23e6a6b63

@ -159,8 +159,8 @@ class KeystoneUser(resource.Resource,
removed_group_ids = [self.client_plugin().get_group_id(group)
for group in
(set(stored_prps or [])
- set(updated_prps or []))]
(set(stored_prps or []) -
set(updated_prps or []))]
return new_group_ids, removed_group_ids
@ -194,7 +194,11 @@ class KeystoneUser(resource.Resource,
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
if prop_diff:
name = prop_diff.get(self.NAME) or self.physical_resource_name()
name = None
# Don't update the name if no change
if self.NAME in prop_diff:
name = prop_diff[self.NAME] or self.physical_resource_name()
description = prop_diff.get(self.DESCRIPTION)
enabled = prop_diff.get(self.ENABLED)
email = prop_diff.get(self.EMAIL)
@ -204,11 +208,6 @@ class KeystoneUser(resource.Resource,
default_project = prop_diff.get(self.DEFAULT_PROJECT)
(new_group_ids,
removed_group_ids) = self._find_diff(
prop_diff.get(self.GROUPS),
self._stored_properties_data.get(self.GROUPS))
self._update_user(
user_id=self.resource_id,
domain=domain,
@ -220,12 +219,16 @@ class KeystoneUser(resource.Resource,
new_password=password
)
if len(new_group_ids) > 0:
self._add_user_to_groups(self.resource_id, new_group_ids)
if self.GROUPS in prop_diff:
(new_group_ids, removed_group_ids) = self._find_diff(
prop_diff[self.GROUPS],
self._stored_properties_data.get(self.GROUPS))
if new_group_ids:
self._add_user_to_groups(self.resource_id, new_group_ids)
if len(removed_group_ids) > 0:
self._remove_user_from_groups(self.resource_id,
removed_group_ids)
if removed_group_ids:
self._remove_user_from_groups(self.resource_id,
removed_group_ids)
self.update_assignment(prop_diff=prop_diff,
user_id=self.resource_id)

@ -237,8 +237,36 @@ class KeystoneUserTest(common.HeatTestCase):
# validate the role assignment isn't updated
self.roles = self.keystoneclient.roles
self.assertEqual(0, self.roles.revoke.call_count)
self.assertEqual(0, self.roles.grant.call_count)
self.roles.revoke.assert_not_called()
self.roles.grant.assert_not_called()
def test_user_handle_update_password_only(self):
self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
# Make the existing groups as group1 and group2
self.test_user._stored_properties_data = {
'groups': ['group1', 'group2'],
'domain': 'default'
}
# Update the password only
prop_diff = {user.KeystoneUser.PASSWORD: 'passWORD'}
self.test_user.handle_update(json_snippet=None,
tmpl_diff=None,
prop_diff=prop_diff)
# Validate user update
self.users.update.assert_called_once_with(
user=self.test_user.resource_id,
domain=self.test_user._stored_properties_data[
user.KeystoneUser.DOMAIN],
password=prop_diff[user.KeystoneUser.PASSWORD]
)
# Validate that there is no change in groups
self.users.add_to_group.assert_not_called()
self.users.remove_from_group.assert_not_called()
def test_user_handle_delete(self):
self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'

Loading…
Cancel
Save