Populate context roles when using stored context
Currently we leave the context roles empty when loading the stored context, even though there are roles associated with e.g the trust scoped token used via loading the stored context. Loading the auth ref and populating the roles from the token ensure any RBAC performed on the context roles will work as expected. Change-Id: I7d699bcf947940357a6eb6ae2d17027ec8d6bd04 Closes-Bug: #1529354
This commit is contained in:
parent
db52df4633
commit
ce46629661
|
@ -554,6 +554,10 @@ class KeystoneClientV3(object):
|
||||||
def auth_token(self):
|
def auth_token(self):
|
||||||
return self.context.auth_plugin.get_token(self.session)
|
return self.context.auth_plugin.get_token(self.session)
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_ref(self):
|
||||||
|
return self.context.auth_plugin.get_access(self.session)
|
||||||
|
|
||||||
|
|
||||||
class KeystoneClient(object):
|
class KeystoneClient(object):
|
||||||
"""Keystone Auth Client.
|
"""Keystone Auth Client.
|
||||||
|
|
|
@ -191,6 +191,8 @@ class Stack(collections.Mapping):
|
||||||
|
|
||||||
if use_stored_context:
|
if use_stored_context:
|
||||||
self.context = self.stored_context()
|
self.context = self.stored_context()
|
||||||
|
self.context.roles = self.context.clients.client(
|
||||||
|
'keystone').auth_ref.role_names
|
||||||
|
|
||||||
self.clients = self.context.clients
|
self.clients = self.context.clients
|
||||||
|
|
||||||
|
|
|
@ -94,7 +94,7 @@ class FakeKeystoneClient(object):
|
||||||
def __init__(self, username='test_username', password='password',
|
def __init__(self, username='test_username', password='password',
|
||||||
user_id='1234', access='4567', secret='8901',
|
user_id='1234', access='4567', secret='8901',
|
||||||
credential_id='abcdxyz', auth_token='abcd1234',
|
credential_id='abcdxyz', auth_token='abcd1234',
|
||||||
context=None, stack_domain_id='4321'):
|
context=None, stack_domain_id='4321', roles=None):
|
||||||
self.username = username
|
self.username = username
|
||||||
self.password = password
|
self.password = password
|
||||||
self.user_id = user_id
|
self.user_id = user_id
|
||||||
|
@ -106,6 +106,7 @@ class FakeKeystoneClient(object):
|
||||||
self.context = context
|
self.context = context
|
||||||
self.v3_endpoint = 'http://localhost:5000/v3'
|
self.v3_endpoint = 'http://localhost:5000/v3'
|
||||||
self.stack_domain_id = stack_domain_id
|
self.stack_domain_id = stack_domain_id
|
||||||
|
self.roles = roles or []
|
||||||
|
|
||||||
class FakeCred(object):
|
class FakeCred(object):
|
||||||
id = self.credential_id
|
id = self.credential_id
|
||||||
|
@ -191,6 +192,19 @@ class FakeKeystoneClient(object):
|
||||||
else:
|
else:
|
||||||
return self.token
|
return self.token
|
||||||
|
|
||||||
|
@property
|
||||||
|
def auth_ref(self):
|
||||||
|
return FakeAccessInfo(roles=self.roles)
|
||||||
|
|
||||||
|
|
||||||
|
class FakeAccessInfo(object):
|
||||||
|
def __init__(self, roles):
|
||||||
|
self.roles = roles
|
||||||
|
|
||||||
|
@property
|
||||||
|
def role_names(self):
|
||||||
|
return self.roles
|
||||||
|
|
||||||
|
|
||||||
class FakeEventSink(object):
|
class FakeEventSink(object):
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue