diff --git a/heat/engine/resources/openstack/keystone/user.py b/heat/engine/resources/openstack/keystone/user.py index f0ed5c023a..a9139e6018 100644 --- a/heat/engine/resources/openstack/keystone/user.py +++ b/heat/engine/resources/openstack/keystone/user.py @@ -159,8 +159,8 @@ class KeystoneUser(resource.Resource, removed_group_ids = [self.client_plugin().get_group_id(group) for group in - (set(stored_prps or []) - - set(updated_prps or []))] + (set(stored_prps or []) - + set(updated_prps or []))] return new_group_ids, removed_group_ids @@ -194,7 +194,11 @@ class KeystoneUser(resource.Resource, def handle_update(self, json_snippet, tmpl_diff, prop_diff): if prop_diff: - name = prop_diff.get(self.NAME) or self.physical_resource_name() + name = None + # Don't update the name if no change + if self.NAME in prop_diff: + name = prop_diff[self.NAME] or self.physical_resource_name() + description = prop_diff.get(self.DESCRIPTION) enabled = prop_diff.get(self.ENABLED) email = prop_diff.get(self.EMAIL) @@ -204,11 +208,6 @@ class KeystoneUser(resource.Resource, default_project = prop_diff.get(self.DEFAULT_PROJECT) - (new_group_ids, - removed_group_ids) = self._find_diff( - prop_diff.get(self.GROUPS), - self._stored_properties_data.get(self.GROUPS)) - self._update_user( user_id=self.resource_id, domain=domain, @@ -220,12 +219,16 @@ class KeystoneUser(resource.Resource, new_password=password ) - if len(new_group_ids) > 0: - self._add_user_to_groups(self.resource_id, new_group_ids) + if self.GROUPS in prop_diff: + (new_group_ids, removed_group_ids) = self._find_diff( + prop_diff[self.GROUPS], + self._stored_properties_data.get(self.GROUPS)) + if new_group_ids: + self._add_user_to_groups(self.resource_id, new_group_ids) - if len(removed_group_ids) > 0: - self._remove_user_from_groups(self.resource_id, - removed_group_ids) + if removed_group_ids: + self._remove_user_from_groups(self.resource_id, + removed_group_ids) self.update_assignment(prop_diff=prop_diff, user_id=self.resource_id) diff --git a/heat/tests/openstack/keystone/test_user.py b/heat/tests/openstack/keystone/test_user.py index 426ebe60f0..422e2351c1 100644 --- a/heat/tests/openstack/keystone/test_user.py +++ b/heat/tests/openstack/keystone/test_user.py @@ -237,8 +237,36 @@ class KeystoneUserTest(common.HeatTestCase): # validate the role assignment isn't updated self.roles = self.keystoneclient.roles - self.assertEqual(0, self.roles.revoke.call_count) - self.assertEqual(0, self.roles.grant.call_count) + self.roles.revoke.assert_not_called() + self.roles.grant.assert_not_called() + + def test_user_handle_update_password_only(self): + self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151' + + # Make the existing groups as group1 and group2 + self.test_user._stored_properties_data = { + 'groups': ['group1', 'group2'], + 'domain': 'default' + } + + # Update the password only + prop_diff = {user.KeystoneUser.PASSWORD: 'passWORD'} + + self.test_user.handle_update(json_snippet=None, + tmpl_diff=None, + prop_diff=prop_diff) + + # Validate user update + self.users.update.assert_called_once_with( + user=self.test_user.resource_id, + domain=self.test_user._stored_properties_data[ + user.KeystoneUser.DOMAIN], + password=prop_diff[user.KeystoneUser.PASSWORD] + ) + + # Validate that there is no change in groups + self.users.add_to_group.assert_not_called() + self.users.remove_from_group.assert_not_called() def test_user_handle_delete(self): self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'