summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJenkins <jenkins@review.openstack.org>2013-02-05 06:31:44 +0000
committerGerrit Code Review <review@openstack.org>2013-02-05 06:31:44 +0000
commit9134c1a5acda4ba03a261fde6d95dabfe3bbcc83 (patch)
tree4be69632919c9c757dfa78137b36ce79f374ea2c
parent0bc423a697214eb1f261aebd4a340c0082e9843a (diff)
parent74c3e879f4ae1e6ed0af26b13d082915335c4d0b (diff)
Merge "Delete Roles for User and Project LDAP"
Diffstat
-rw-r--r--keystone/identity/backends/ldap/core.py30
-rw-r--r--tests/test_backend.py14
2 files changed, 34 insertions, 10 deletions
diff --git a/keystone/identity/backends/ldap/core.py b/keystone/identity/backends/ldap/core.py
index ca2177b7..ef7f0bba 100644
--- a/keystone/identity/backends/ldap/core.py
+++ b/keystone/identity/backends/ldap/core.py
@@ -644,11 +644,15 @@ class ProjectApi(common_ldap.BaseLdap, ApiShimMixin):
class UserRoleAssociation(object):
"""Role Grant model."""
- def __init__(self, user_id=None, role_id=None, tenant_id=None,
+ def __init__(self, user_id=None, role_id=None, tenant_id=None, id=None,
*args, **kw):
self.user_id = str(user_id)
self.role_id = role_id
self.project_id = str(tenant_id)
+ if id is None:
+ self.id = create_role_ref(role_id, tenant_id, user_id)
+ else:
+ self.id = id
class GroupRoleAssociation(object):
@@ -661,6 +665,17 @@ class GroupRoleAssociation(object):
self.project_id = str(tenant_id)
+def create_role_ref(role_id, tenant_id, user_id):
+ role_id = '' if role_id is None else str(role_id)
+ tenant_id = '' if tenant_id is None else str(tenant_id)
+ user_id = '' if user_id is None else str(user_id)
+ return '%d-%d-%s%s%s' % (len(role_id),
+ len(tenant_id),
+ role_id,
+ tenant_id,
+ user_id)
+
+
# TODO(termie): turn this into a data object and move logic to driver
class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
DEFAULT_OU = 'ou=Roles'
@@ -685,14 +700,7 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
@staticmethod
def _create_ref(role_id, tenant_id, user_id):
- role_id = '' if role_id is None else str(role_id)
- tenant_id = '' if tenant_id is None else str(tenant_id)
- user_id = '' if user_id is None else str(user_id)
- return '%d-%d-%s%s%s' % (len(role_id),
- len(tenant_id),
- role_id,
- tenant_id,
- user_id)
+ return create_role_ref(role_id, tenant_id, user_id)
@staticmethod
def _explode_ref(rolegrant):
@@ -902,7 +910,9 @@ class RoleApi(common_ldap.BaseLdap, ApiShimMixin):
role_dn = self._subrole_id_to_dn(role_id, tenant_id)
conn = self.get_connection()
try:
- conn.modify_s(role_dn, [(ldap.MOD_DELETE, '', [user_dn])])
+ conn.modify_s(role_dn, [(ldap.MOD_DELETE,
+ self.member_attribute,
+ [user_dn])])
except ldap.NO_SUCH_ATTRIBUTE:
raise exception.Error("No such user in role")
diff --git a/tests/test_backend.py b/tests/test_backend.py
index 2967eb55..f8194a80 100644
--- a/tests/test_backend.py
+++ b/tests/test_backend.py
@@ -666,6 +666,20 @@ class IdentityTests(object):
self.identity_api.get_projects_for_user,
user['id'])
+ def test_delete_user_with_project_roles(self):
+ user = {'id': uuid.uuid4().hex,
+ 'name': uuid.uuid4().hex,
+ 'password': uuid.uuid4().hex}
+ self.identity_api.create_user(user['id'], user)
+ self.identity_api.add_role_to_user_and_project(
+ user['id'],
+ self.tenant_bar['id'],
+ self.role_member['id'])
+ self.identity_api.delete_user(user['id'])
+ self.assertRaises(exception.UserNotFound,
+ self.identity_api.get_projects_for_user,
+ user['id'])
+
def test_delete_user_404(self):
self.assertRaises(exception.UserNotFound,
self.identity_api.delete_user,
generated by cgit (git 2.34.1) at 2026-03-20 18:06:57 +0000