Keystone Admin: Creating a roleRef for a non existent user or role returns Internal Server Error

Awesome bug report, thank you!

This should be fixed by the patch already in review for bug 968519.

Hrm, I just noticed that the bug title cites a 500 Internal Server Error, but in the description you indicate an actual result of "200 OK". If you received a 500, then this probably isn't related to the bug cited above.

Dolph, I actually ran the test again, and did observe a ComputeFault.

This is what my test does:

1. Create a new tenant
2. Create a new user for the tenant in Step1.
3. Create a new role
4. Try to assign the role in Step3 to 'a_non_existent_user' for tenant from Step1.

Operation 4 returns a ComputeFault.

Attempt to assign a role to a non existent user should fail ... ERROR

======================================================================
ERROR: Attempt to assign a role to a non existent user should fail
----------------------------------------------------------------------
Traceback (most recent call last):
  File "/opt/stack/tempest/tests/identity/test_roles.py", line 128, in test_assign_user_role_for_non_existent_user
    'junk-user-id-999', role['id'], tenant['id'])
  File "/usr/lib/pymodules/python2.7/unittest2/case.py", line 475, in assertRaises
    callableObj(*args, **kwargs)
  File "/opt/stack/tempest/services/identity/json/admin_client.py", line 74, in assign_user_role
    self.headers)
  File "/opt/stack/tempest/common/rest_client.py", line 152, in post
    return self.request('POST', url, headers, body)
  File "/opt/stack/tempest/common/rest_client.py", line 224, in request
    message = resp_body['computeFault']['message']
KeyError: '\'computeFault\'\n-------------------- >> begin captured logging << --------------------\ntempest.config: INFO: Using tempest config file /home/rohit/dev/community_tempest/etc/tempest.conf\ntempest.common.rest_client: ERROR: Request URL: http://10.2.3.164:35357/v2.0/users/junk-user-id-999/roleRefs\ntempest.common.rest_client: ERROR: Request Body: {"role": {"roleId": "9c3cb25b82f84b3a92f1a60d6ed29da6", "tenantId": "e09f60b4d6e948e2a59f228350e883f2"}}\ntempest.common.rest_client: ERROR: Response Headers: {\'date\': \'Wed, 30 May 2012 16:33:41 GMT\', \'content-type\': \'application/json\', \'content-length\': \'497\', \'status\': \'500\', \'vary\': \'X-Auth-Token\'}\ntempest.common.rest_client: ERROR: Response Body: {u\'error\': {u\'message\': u"An unexpected error prevented the server from fulfilling your request. (IntegrityError) (1452, \'Cannot add or update a child row: a foreign key constraint fails (`keystone`.`user_tenant_membership`, CONSTRAINT `user_tenant_membership_ibfk_2` FOREIGN KEY (`user_id`) REFERENCES `user` (`id`))\') \'INSERT INTO user_tenant_membership (user_id, tenant_id) VALUES (%s, %s)\' (\'junk-user-id-999\', \'e09f60b4d6e948e2a59f228350e883f2\')", u\'code\': 500, u\'title\': u\'Internal Server Error\'}}\n--------------------- >> end captured logging << ---------------------'

At this point I can confirm the above behavior, contrary to my bug description above, but complying with the summary.

I observed this on stable/essex btw.

Reviewed: https://review.openstack.org/6875
Committed: http://github.com/openstack/keystone/commit/23ca656927947dada40591bdd1badd5a531c2983
Submitter: Jenkins
Branch: master

commit 23ca656927947dada40591bdd1badd5a531c2983
Author: Dolph Mathews <email address hidden>
Date: Wed Mar 28 10:37:16 2012 -0700

    Refactor 404's into managers & drivers (bug 968519)

    The goal is to move the responsibility of reference checks away from
    controllers and into the underlying managers & drivers, which can
    handle the task with equal or greater efficiency.

    - Tenant references from create_user/update_user are NOT tested
      due to inconsistencies between backends
    - Additional test coverage improvements

    Also fixes bug 999209, bug 999608, bug 1006029, bug 1006055, bug 1006287,
    bug 1006334, and bug 1006344.

    Change-Id: I7de592e7dd4518038436b9a9fdaab559b00a0537