Enhance tests for delete_grant no user/group

There were no tests to show that when delete a grant and the target user or group doesn't exist then it fails with NotFound. Part of bp use-common-oslo-db-code Change-Id: I4b927bc234621ef164d0e2ebb594b47406699975
2013-10-13 14:12:48 -05:00 · 2013-10-13 14:12:48 -05:00 · a5f8e7746b
parent 402060ad30
commit a5f8e7746b
3 changed files with 52 additions and 0 deletions
--- a/keystone/tests/test_backend.py
+++ b/keystone/tests/test_backend.py
@ -1156,6 +1156,40 @@ class IdentityTests(object):
        self.assertEqual(len(roles_ref), 1)
        self.assertDictEqual(roles_ref[0], role2)

+    def test_delete_user_grant_no_user(self):
+        # If delete grant and the user doesn't exist then fails with
+        # UserNotFound.
+        role_id = uuid.uuid4().hex
+        role = {'id': role_id, 'name': uuid.uuid4().hex}
+        self.assignment_api.create_role(role_id, role)
+
+        user_id = uuid.uuid4().hex
+
+        self.assignment_api.create_grant(role_id, user_id=user_id,
+                                         project_id=self.tenant_bar['id'])
+
+        self.assertRaises(exception.UserNotFound,
+                          self.assignment_api.delete_grant,
+                          role_id, user_id=user_id,
+                          project_id=self.tenant_bar['id'])
+
+    def test_delete_group_grant_no_group(self):
+        # If delete grant and the group doesn't exist then fails with
+        # GroupNotFound.
+        role_id = uuid.uuid4().hex
+        role = {'id': role_id, 'name': uuid.uuid4().hex}
+        self.assignment_api.create_role(role_id, role)
+
+        group_id = uuid.uuid4().hex
+
+        self.assignment_api.create_grant(role_id, group_id=group_id,
+                                         project_id=self.tenant_bar['id'])
+
+        self.assertRaises(exception.GroupNotFound,
+                          self.assignment_api.delete_grant,
+                          role_id, group_id=group_id,
+                          project_id=self.tenant_bar['id'])
+
    def test_multi_role_grant_by_user_group_on_project_domain(self):
        role_list = []
        for _ in range(10):
--- a/keystone/tests/test_backend_kvs.py
+++ b/keystone/tests/test_backend_kvs.py
@ -63,6 +63,18 @@ class KvsIdentity(tests.TestCase, test_backend.IdentityTests):
    def test_move_project_between_domains_with_clashing_names_fails(self):
        self.skipTest('Blocked by bug 1119770')

+    def test_delete_user_grant_no_user(self):
+        # See bug 1239476, kvs checks if user exists and sql does not.
+        self.assertRaises(
+            exception.UserNotFound,
+            super(KvsIdentity, self).test_delete_user_grant_no_user)
+
+    def test_delete_group_grant_no_group(self):
+        # See bug 1239476, kvs checks if group exists and sql does not.
+        self.assertRaises(
+            exception.GroupNotFound,
+            super(KvsIdentity, self).test_delete_group_grant_no_group)
+

 class KvsToken(tests.TestCase, test_backend.TokenTests):
    def setUp(self):
--- a/keystone/tests/test_backend_ldap.py
+++ b/keystone/tests/test_backend_ldap.py
@ -137,6 +137,12 @@ class BaseLDAPIdentity(test_backend.IdentityTests):
    def test_get_and_remove_role_grant_by_group_and_project(self):
        self.skipTest('Blocked by bug 1101287')

+    def test_delete_user_grant_no_user(self):
+        self.skipTest('Blocked by bug 1101287')
+
+    def test_delete_group_grant_no_group(self):
+        self.skipTest('Blocked by bug 1101287')
+
    def test_get_and_remove_role_grant_by_group_and_domain(self):
        self.skipTest('N/A: LDAP does not support multiple domains')