diff options
| author | Brant Knudson <bknudson@us.ibm.com> | 2013-04-29 19:19:27 -0500 |
|---|---|---|
| committer | Brant Knudson <bknudson@us.ibm.com> | 2013-05-03 14:32:05 -0500 |
| commit | 4eb8233d9c6b73cedf25ea66edaccbcd092e13aa (patch) | |
| tree | 7f0a5f1decb2559666091acac39034e5390615c8 /tests | |
| parent | 22d96b270b6794f15471761073a4d5e1065f35b0 (diff) | |
| download | keystone-4eb8233d9c6b73cedf25ea66edaccbcd092e13aa.tar.gz keystone-4eb8233d9c6b73cedf25ea66edaccbcd092e13aa.tar.xz keystone-4eb8233d9c6b73cedf25ea66edaccbcd092e13aa.zip | |
LDAP list groups with missing member entry
Using the LDAP identity backend,
if a group member entry doesn't exist in the LDAP server anymore
and the group's members are listed using GET /v3/groups/{groupId}/users,
Keystone returns 404 Not Found.
The server should return all the group members that do exist
and ignore the missing members,
and probably log a warning message about the missing user.
Fixes bug 1174585
Change-Id: Idf7c8c7f87affc4a72c5fe5e18e09a0f362e2646
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/test_backend_ldap.py | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/tests/test_backend_ldap.py b/tests/test_backend_ldap.py index fbecab63..ef409902 100644 --- a/tests/test_backend_ldap.py +++ b/tests/test_backend_ldap.py @@ -1,6 +1,7 @@ # vim: tabstop=4 shiftwidth=4 softtabstop=4 # Copyright 2012 OpenStack LLC +# Copyright 2013 IBM Corp. # # Licensed under the Apache License, Version 2.0 (the "License"); you may # not use this file except in compliance with the License. You may obtain @@ -533,6 +534,41 @@ class LDAPIdentity(test.TestCase, test_backend.IdentityTests): def test_get_roles_for_user_and_domain(self): raise nose.exc.SkipTest('Blocked by bug 1101287') + def test_list_group_members_missing_entry(self): + """List group members with deleted user. + + If a group has a deleted entry for a member, the non-deleted members + are returned. + + """ + + # Create a group + group_id = None + group = dict(name=uuid.uuid4().hex) + group_id = self.identity_api.create_group(group_id, group)['id'] + + # Create a couple of users and add them to the group. + user_id = None + user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex) + user_1_id = self.identity_api.create_user(user_id, user)['id'] + + self.identity_api.add_user_to_group(user_1_id, group_id) + + user_id = None + user = dict(name=uuid.uuid4().hex, id=uuid.uuid4().hex) + user_2_id = self.identity_api.create_user(user_id, user)['id'] + + self.identity_api.add_user_to_group(user_2_id, group_id) + + # Delete user 2. + self.identity_api.user.delete(user_2_id) + + # List group users and verify only user 1. + res = self.identity_api.list_users_in_group(group_id) + + self.assertEqual(len(res), 1, "Expected 1 entry (user_1)") + self.assertEqual(res[0]['id'], user_1_id, "Expected user 1 id") + class LDAPIdentityEnabledEmulation(LDAPIdentity): def setUp(self): |