Don't remove user from groups if groups don't change
If there is no change of 'groups' property when updating a keystone user resource, do not remove the user from the groups. Change-Id: Ib8e920e6ef95d654d0641e8635bd586047c89047 Closes-Bug: #1522247
This commit is contained in:
parent
2467d83377
commit
a23e6a6b63
|
@ -159,8 +159,8 @@ class KeystoneUser(resource.Resource,
|
|||
|
||||
removed_group_ids = [self.client_plugin().get_group_id(group)
|
||||
for group in
|
||||
(set(stored_prps or [])
|
||||
- set(updated_prps or []))]
|
||||
(set(stored_prps or []) -
|
||||
set(updated_prps or []))]
|
||||
|
||||
return new_group_ids, removed_group_ids
|
||||
|
||||
|
@ -194,7 +194,11 @@ class KeystoneUser(resource.Resource,
|
|||
|
||||
def handle_update(self, json_snippet, tmpl_diff, prop_diff):
|
||||
if prop_diff:
|
||||
name = prop_diff.get(self.NAME) or self.physical_resource_name()
|
||||
name = None
|
||||
# Don't update the name if no change
|
||||
if self.NAME in prop_diff:
|
||||
name = prop_diff[self.NAME] or self.physical_resource_name()
|
||||
|
||||
description = prop_diff.get(self.DESCRIPTION)
|
||||
enabled = prop_diff.get(self.ENABLED)
|
||||
email = prop_diff.get(self.EMAIL)
|
||||
|
@ -204,11 +208,6 @@ class KeystoneUser(resource.Resource,
|
|||
|
||||
default_project = prop_diff.get(self.DEFAULT_PROJECT)
|
||||
|
||||
(new_group_ids,
|
||||
removed_group_ids) = self._find_diff(
|
||||
prop_diff.get(self.GROUPS),
|
||||
self._stored_properties_data.get(self.GROUPS))
|
||||
|
||||
self._update_user(
|
||||
user_id=self.resource_id,
|
||||
domain=domain,
|
||||
|
@ -220,12 +219,16 @@ class KeystoneUser(resource.Resource,
|
|||
new_password=password
|
||||
)
|
||||
|
||||
if len(new_group_ids) > 0:
|
||||
self._add_user_to_groups(self.resource_id, new_group_ids)
|
||||
if self.GROUPS in prop_diff:
|
||||
(new_group_ids, removed_group_ids) = self._find_diff(
|
||||
prop_diff[self.GROUPS],
|
||||
self._stored_properties_data.get(self.GROUPS))
|
||||
if new_group_ids:
|
||||
self._add_user_to_groups(self.resource_id, new_group_ids)
|
||||
|
||||
if len(removed_group_ids) > 0:
|
||||
self._remove_user_from_groups(self.resource_id,
|
||||
removed_group_ids)
|
||||
if removed_group_ids:
|
||||
self._remove_user_from_groups(self.resource_id,
|
||||
removed_group_ids)
|
||||
|
||||
self.update_assignment(prop_diff=prop_diff,
|
||||
user_id=self.resource_id)
|
||||
|
|
|
@ -237,8 +237,36 @@ class KeystoneUserTest(common.HeatTestCase):
|
|||
|
||||
# validate the role assignment isn't updated
|
||||
self.roles = self.keystoneclient.roles
|
||||
self.assertEqual(0, self.roles.revoke.call_count)
|
||||
self.assertEqual(0, self.roles.grant.call_count)
|
||||
self.roles.revoke.assert_not_called()
|
||||
self.roles.grant.assert_not_called()
|
||||
|
||||
def test_user_handle_update_password_only(self):
|
||||
self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
|
||||
|
||||
# Make the existing groups as group1 and group2
|
||||
self.test_user._stored_properties_data = {
|
||||
'groups': ['group1', 'group2'],
|
||||
'domain': 'default'
|
||||
}
|
||||
|
||||
# Update the password only
|
||||
prop_diff = {user.KeystoneUser.PASSWORD: 'passWORD'}
|
||||
|
||||
self.test_user.handle_update(json_snippet=None,
|
||||
tmpl_diff=None,
|
||||
prop_diff=prop_diff)
|
||||
|
||||
# Validate user update
|
||||
self.users.update.assert_called_once_with(
|
||||
user=self.test_user.resource_id,
|
||||
domain=self.test_user._stored_properties_data[
|
||||
user.KeystoneUser.DOMAIN],
|
||||
password=prop_diff[user.KeystoneUser.PASSWORD]
|
||||
)
|
||||
|
||||
# Validate that there is no change in groups
|
||||
self.users.add_to_group.assert_not_called()
|
||||
self.users.remove_from_group.assert_not_called()
|
||||
|
||||
def test_user_handle_delete(self):
|
||||
self.test_user.resource_id = '477e8273-60a7-4c41-b683-fdb0bc7cd151'
|
||||
|
|
Loading…
Reference in New Issue