When a user/tenant pair already has a role and there is a request to add
the role to the pair, we can choose to either return 200 and let the
client feel it's alright to do so, or return a 409 error (Conflict) to
inform the client of the pre-existing role for the pair. I feel the
latter is a bit more appropriate.
The KVS and the pam backends were simply accepting the request, while
the LDAP backend was raising an error. So be consistent, and always
return 409.
Reviewed: https:/ /review. openstack. org/9009 github. com/openstack/ keystone/ commit/ 7297afc75dd9477 1d5054daa20b1aa 10aa5667d2
Committed: http://
Submitter: Jenkins
Branch: master
commit 7297afc75dd9477 1d5054daa20b1aa 10aa5667d2
Author: Vincent Untz <email address hidden>
Date: Tue Jun 26 17:04:08 2012 +0200
Return a 409 error when adding a second time a role to user/tenant
Fix bug 999594.
When a user/tenant pair already has a role and there is a request to add
the role to the pair, we can choose to either return 200 and let the
client feel it's alright to do so, or return a 409 error (Conflict) to
inform the client of the pre-existing role for the pair. I feel the
latter is a bit more appropriate.
The KVS and the pam backends were simply accepting the request, while
the LDAP backend was raising an error. So be consistent, and always
return 409.
Change-Id: I7328d2932f6907 d48e6422674eeee e22dc7a7149