From 812982a45f2a62f557c96f61108c3535811276c8 Mon Sep 17 00:00:00 2001 From: Samuel Pilla Date: Tue, 6 Dec 2016 08:26:13 -0600 Subject: [PATCH] Domain included for role in list_role_assignment When calling list_role_assignment and including the "include_names" parameter, it would return the domain name and ID for each party except for roles. This will return the domain name and id for roles when the parameter is included, if the role has a domain. Added tests for roles with domains at manager and API level. Co-Authored-By: Samuel de Medeiros Queiroz Closes-Bug: #1607114 Change-Id: I5dae9299522b5116f8530455dd3d3376e9597b52 --- keystone/assignment/controllers.py | 4 ++++ keystone/assignment/core.py | 5 ++++ .../tests/unit/assignment/test_backends.py | 23 +++++++++++++++++-- keystone/tests/unit/test_v3.py | 5 ++++ keystone/tests/unit/test_v3_assignment.py | 14 ++++++++++- 5 files changed, 48 insertions(+), 3 deletions(-) diff --git a/keystone/assignment/controllers.py b/keystone/assignment/controllers.py index 418b05465..64dcfc5f4 100644 --- a/keystone/assignment/controllers.py +++ b/keystone/assignment/controllers.py @@ -826,6 +826,10 @@ class RoleAssignmentV3(controller.V3Controller): if 'role_name' in entity: formatted_entity['role'] = {'id': entity['role_id'], 'name': entity['role_name']} + if 'role_domain_id' in entity and 'role_domain_name' in entity: + formatted_entity['role'].update( + {'domain': {'id': entity['role_domain_id'], + 'name': entity['role_domain_name']}}) else: formatted_entity['role'] = {'id': entity['role_id']} prior_role_link = '' diff --git a/keystone/assignment/core.py b/keystone/assignment/core.py index f6179f02e..4a4c24f04 100644 --- a/keystone/assignment/core.py +++ b/keystone/assignment/core.py @@ -981,6 +981,11 @@ class Manager(manager.Manager): _role = self.role_api.get_role(id_) new_assign['role_id'] = _role['id'] new_assign['role_name'] = _role['name'] + if _role['domain_id'] is not None: + new_assign['role_domain_id'] = _role['domain_id'] + new_assign['role_domain_name'] = ( + self.resource_api.get_domain(_role['domain_id']) + ['name']) role_assign_list.append(new_assign) return role_assign_list diff --git a/keystone/tests/unit/assignment/test_backends.py b/keystone/tests/unit/assignment/test_backends.py index c1fded4a4..e3b34fa26 100644 --- a/keystone/tests/unit/assignment/test_backends.py +++ b/keystone/tests/unit/assignment/test_backends.py @@ -2147,10 +2147,13 @@ class AssignmentTests(AssignmentTestHelperMixin): {'name': self.role_member['name']}) # If the previous line didn't raise an exception then the test passes. - def test_list_role_assignment_containing_names(self): + def _test_list_role_assignment_containing_names(self, domain_role=False): # Create Refs - new_role = unit.new_role_ref() new_domain = self._get_domain_fixture() + if domain_role: + new_role = unit.new_role_ref(domain_id=new_domain['id']) + else: + new_role = unit.new_role_ref() new_user = unit.new_user_ref(domain_id=new_domain['id']) new_project = unit.new_project_ref(domain_id=new_domain['id']) new_group = unit.new_group_ref(domain_id=new_domain['id']) @@ -2200,6 +2203,9 @@ class AssignmentTests(AssignmentTestHelperMixin): first_asgmt_prj['user_domain_id']) self.assertEqual(new_role['name'], first_asgmt_prj['role_name']) + if domain_role: + self.assertEqual(new_role['domain_id'], + first_asgmt_prj['role_domain_id']) # Assert the names are correct in the group response self.assertEqual(new_group['name'], first_asgmt_grp['group_name']) @@ -2211,6 +2217,9 @@ class AssignmentTests(AssignmentTestHelperMixin): first_asgmt_grp['project_domain_id']) self.assertEqual(new_role['name'], first_asgmt_grp['role_name']) + if domain_role: + self.assertEqual(new_role['domain_id'], + first_asgmt_grp['role_domain_id']) # Assert the names are correct in the domain response self.assertEqual(new_domain['name'], first_asgmt_dmn['domain_name']) @@ -2220,6 +2229,15 @@ class AssignmentTests(AssignmentTestHelperMixin): first_asgmt_dmn['user_domain_id']) self.assertEqual(new_role['name'], first_asgmt_dmn['role_name']) + if domain_role: + self.assertEqual(new_role['domain_id'], + first_asgmt_dmn['role_domain_id']) + + def test_list_role_assignment_containing_names_global_role(self): + self._test_list_role_assignment_containing_names() + + def test_list_role_assignment_containing_names_domain_role(self): + self._test_list_role_assignment_containing_names(domain_role=True) def test_list_role_assignment_does_not_contain_names(self): """Test names are not included with list role assignments. @@ -2236,6 +2254,7 @@ class AssignmentTests(AssignmentTestHelperMixin): self.assertNotIn('user_name', first_asgmt_prj) self.assertNotIn('user_domain_id', first_asgmt_prj) self.assertNotIn('role_name', first_asgmt_prj) + self.assertNotIn('role_domain_id', first_asgmt_prj) # Create Refs new_role = unit.new_role_ref() diff --git a/keystone/tests/unit/test_v3.py b/keystone/tests/unit/test_v3.py index 2f1e00c2d..ccad3d469 100644 --- a/keystone/tests/unit/test_v3.py +++ b/keystone/tests/unit/test_v3.py @@ -1592,6 +1592,11 @@ class AssignmentTestMixin(object): if role_ref: entity['role'] = {'id': role_ref['id'], 'name': role_ref['name']} + if role_ref['domain_id']: + dmn_name = self.resource_api.get_domain( + role_ref['domain_id'])['name'] + entity['role']['domain'] = {'id': role_ref['domain_id'], + 'name': dmn_name} attributes_for_links['role_id'] = role_ref['id'] if inherited_assignment: diff --git a/keystone/tests/unit/test_v3_assignment.py b/keystone/tests/unit/test_v3_assignment.py index f11ea8f4b..ea821b34f 100644 --- a/keystone/tests/unit/test_v3_assignment.py +++ b/keystone/tests/unit/test_v3_assignment.py @@ -1604,7 +1604,7 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, inherited_to_projects=True) self.assertRoleAssignmentInListResponse(r, up_entity) - def test_list_role_assignments_include_names(self): + def _test_list_role_assignments_include_names(self, role1): """Call ``GET /role_assignments with include names``. Test Plan: @@ -1696,6 +1696,18 @@ class AssignmentInheritanceTestCase(test_v3.RestfulTestCase, self.assertRoleAssignmentInListResponse(rs_user, expected_entity3) self.assertRoleAssignmentInListResponse(rs_role, expected_entity1) + def test_list_role_assignments_include_names_global_role(self): + role = unit.new_role_ref() + self.role_api.create_role(role['id'], role) + + self._test_list_role_assignments_include_names(role) + + def test_list_role_assignments_include_names_domain_role(self): + role = unit.new_role_ref(domain_id=self.domain['id']) + self.role_api.create_role(role['id'], role) + + self._test_list_role_assignments_include_names(role) + def test_list_role_assignments_for_disabled_inheritance_extension(self): """Call ``GET /role_assignments with inherited domain grants``.