Adds more uniformity to identity update_user calls

* It was not possible to change a user's name using the KVS driver. * The KVS driver was not filtering the user dict before handing it back to that caller. * Adds a test to the LDAP driver to explicitly show that changing a user's name is not allowed. Related-Bug: #1214686 Change-Id: Ia0951a58ef09833849d3eb5e714c7efbd901f5c5
openstack · Oct 9, 2013 · 63820df · 63820df
1 parent a513ea7
commit 63820df
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 2 deletions.
diff --git a/keystone/identity/backends/kvs.py b/keystone/identity/backends/kvs.py
@@ -96,7 +96,7 @@ def create_user(self, user_id, user):
 
     def update_user(self, user_id, user):
         if 'name' in user:
-            existing = self.db.get('user_name-%s' % user['name'])
+            existing = self.db.get('user_name-%s' % user['name'], False)
             if existing and user_id != existing['id']:
                 msg = 'Duplicate name, %s.' % user['name']
                 raise exception.Conflict(type='user', details=msg)
@@ -113,7 +113,7 @@ def update_user(self, user_id, user):
         self.db.delete('user_name-%s' % old_user['name'])
         self.db.set('user-%s' % user_id, new_user)
         self.db.set('user_name-%s' % new_user['name'], new_user)
-        return new_user
+        return identity.filter_user(new_user)
 
     def add_user_to_group(self, user_id, group_id):
         self.get_group(group_id)

diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py
@@ -1969,6 +1969,30 @@ def test_update_user_enable(self):
         user_ref = self.identity_api.get_user('fake1')
         self.assertEqual(user_ref['enabled'], True)
 
+    def test_update_user_name(self):
+        user = {'id': uuid.uuid4().hex,
+                'name': uuid.uuid4().hex,
+                'enabled': True,
+                'domain_id': DEFAULT_DOMAIN_ID}
+        self.identity_api.create_user(user['id'], user)
+        user_ref = self.identity_api.get_user(user['id'])
+        self.assertEqual(user['name'], user_ref['name'])
+
+        changed_name = user_ref['name'] + '_changed'
+        user_ref['name'] = changed_name
+        updated_user = self.identity_api.update_user(user_ref['id'], user_ref)
+
+        # NOTE(dstanek): the SQL backend adds an 'extra' field containing a
+        #                dictionary of the extra fields in addition to the
+        #                fields in the object. For the details see:
+        #                SqlIdentity.test_update_project_returns_extra
+        updated_user.pop('extra', None)
+
+        self.assertDictEqual(user_ref, updated_user)
+
+        user_ref = self.identity_api.get_user(user_ref['id'])
+        self.assertEqual(user_ref['name'], changed_name)
+
     def test_update_user_enable_fails(self):
         user = {'id': 'fake1', 'name': 'fake1', 'enabled': True,
                 'domain_id': DEFAULT_DOMAIN_ID}

diff --git a/keystone/tests/test_backend_ldap.py b/keystone/tests/test_backend_ldap.py
@@ -327,6 +327,11 @@ def test_create_user_none_mapping(self):
         # If this doesn't raise, then the test is successful.
         self.identity_api.create_user('fake1', user)
 
+    def test_update_user_name(self):
+        """A user's name cannot be changed through the LDAP driver."""
+        self.assertRaises(exception.Conflict,
+                          super(BaseLDAPIdentity, self).test_update_user_name)
+
 
 class LDAPIdentity(tests.TestCase, BaseLDAPIdentity):
     def setUp(self):