Return an error when a non-existing tenant is added to a user
Currently, if a user is created without a tenantId, adding a non-existing tenantId to that user succeeds. This change checks for whether the tenant exists in cases where the check was previously skipped. Closes-Bug: #1246473 Change-Id: I2a814c5df902a97297ad05950ae4205664ddf6e6
This commit is contained in:
parent
58ff2bc511
commit
50d52538cf
|
@ -234,9 +234,15 @@ class User(controller.V2Controller):
|
|||
old_user_ref = self.identity_api.v3_to_v2_user(
|
||||
self.identity_api.get_user(user_id))
|
||||
|
||||
if ('tenantId' in old_user_ref and
|
||||
# Check whether a tenant is being added or changed for the user.
|
||||
# Catch the case where the tenant is being changed for a user and also
|
||||
# where a user previously had no tenant but a tenant is now being
|
||||
# added for the user.
|
||||
if (('tenantId' in old_user_ref and
|
||||
old_user_ref['tenantId'] != default_project_id and
|
||||
default_project_id is not None):
|
||||
default_project_id is not None) or
|
||||
('tenantId' not in old_user_ref and
|
||||
default_project_id is not None)):
|
||||
# Make sure the new project actually exists before we perform the
|
||||
# user update.
|
||||
self.assignment_api.get_project(default_project_id)
|
||||
|
|
|
@ -538,6 +538,38 @@ class CoreApiTests(object):
|
|||
token=token,
|
||||
expected_status=404)
|
||||
|
||||
def test_update_user_with_invalid_tenant_no_prev_tenant(self):
|
||||
token = self.get_scoped_token()
|
||||
|
||||
# Create a new user
|
||||
r = self.admin_request(
|
||||
method='POST',
|
||||
path='/v2.0/users',
|
||||
body={
|
||||
'user': {
|
||||
'name': 'test_invalid_tenant',
|
||||
'password': uuid.uuid4().hex,
|
||||
'enabled': True,
|
||||
},
|
||||
},
|
||||
token=token,
|
||||
expected_status=200)
|
||||
user_id = self._get_user_id(r.result)
|
||||
|
||||
# Update user with an invalid tenant
|
||||
r = self.admin_request(
|
||||
method='PUT',
|
||||
path='/v2.0/users/%(user_id)s' % {
|
||||
'user_id': user_id,
|
||||
},
|
||||
body={
|
||||
'user': {
|
||||
'tenantId': 'abcde12345heha',
|
||||
},
|
||||
},
|
||||
token=token,
|
||||
expected_status=404)
|
||||
|
||||
def test_update_user_with_old_tenant(self):
|
||||
token = self.get_scoped_token()
|
||||
|
||||
|
|
Loading…
Reference in New Issue