Enhance tests for deleting a role not assigned

There wasn't a test that showed what happens when a role is deleted that was never assigned. Change-Id: I2845e3f03dc8e8f1dd41d8f41d2f6669004bc506 Related-bug: #1242855
2013-10-21 15:21:12 -05:00 · 2013-10-21 15:21:12 -05:00 · b17e7bec76
commit b17e7bec76
parent 2df1b7cba4
2 changed files with 17 additions and 0 deletions
--- a/keystone/tests/test_backend.py
+++ b/keystone/tests/test_backend.py
@ -61,6 +61,15 @@ class IdentityTests(object):
            self.tenant_bar['id'])
        self.assertNotIn(self.user_two['id'], user_ids)

+    def test_remove_user_role_not_assigned(self):
+        # Expect failure if attempt to remove a role that was never assigned to
+        # the user.
+        self.assertRaises(exception.RoleNotFound,
+                          self.identity_api.remove_role_from_user_and_project,
+                          tenant_id=self.tenant_bar['id'],
+                          user_id=self.user_two['id'],
+                          role_id=self.role_other['id'])
+
    def test_authenticate_bad_user(self):
        self.assertRaises(AssertionError,
                          self.identity_api.authenticate,
--- a/keystone/tests/test_backend_ldap.py
+++ b/keystone/tests/test_backend_ldap.py
@ -870,6 +870,14 @@ class LDAPIdentity(tests.TestCase, BaseLDAPIdentity):
        self.skipTest(
            'N/A: LDAP does not support multiple domains')

+    def test_remove_user_role_not_assigned(self):
+        # This raises exception as expected with SQL assignment backend but
+        # not with LDAP (see bug #1242855)
+        self.identity_api.remove_role_from_user_and_project(
+            tenant_id=self.tenant_bar['id'],
+            user_id=self.user_two['id'],
+            role_id=self.role_other['id'])
+

 class LDAPIdentityEnabledEmulation(LDAPIdentity):
    def setUp(self):