From 7a7a1d1c61cc5f255f3f97b2ba8fd94e038ca5b0 Mon Sep 17 00:00:00 2001 From: lin-hua-cheng Date: Sun, 27 Jul 2014 12:19:17 -0700 Subject: [PATCH] Domain Role assignment to Users Added Domain User step in the Domain Update workflow for managing domain-role assignment to User. Change-Id: I629449c635319e3a4292a4e2be35c5d9fc8a7cf9 Implements: blueprint user-domain-role-assignment --- openstack_dashboard/api/keystone.py | 40 ++- .../dashboards/identity/domains/constants.py | 1 + .../dashboards/identity/domains/tables.py | 20 +- .../dashboards/identity/domains/tests.py | 94 ++++++- .../dashboards/identity/domains/workflows.py | 231 ++++++++++++++++-- .../dashboards/identity/projects/tests.py | 12 +- openstack_dashboard/test/helpers.py | 4 +- .../test/test_data/keystone_data.py | 40 ++- 8 files changed, 404 insertions(+), 38 deletions(-) diff --git a/openstack_dashboard/api/keystone.py b/openstack_dashboard/api/keystone.py index 12890a8ec3..89bebe97f3 100644 --- a/openstack_dashboard/api/keystone.py +++ b/openstack_dashboard/api/keystone.py @@ -17,6 +17,7 @@ # License for the specific language governing permissions and limitations # under the License. +import collections import logging from django.conf import settings @@ -495,23 +496,49 @@ def role_list(request): return keystoneclient(request, admin=True).roles.list() -def roles_for_user(request, user, project): +def roles_for_user(request, user, project=None, domain=None): + """Returns a list of user roles scoped to a project or domain.""" manager = keystoneclient(request, admin=True).roles if VERSIONS.active < 3: return manager.roles_for_user(user, project) else: - return manager.list(user=user, project=project) + return manager.list(user=user, domain=domain, project=project) + + +def get_domain_users_roles(request, domain): + users_roles = collections.defaultdict(list) + domain_role_assignments = role_assignments_list(request, + domain=domain) + for role_assignment in domain_role_assignments: + if not hasattr(role_assignment, 'user'): + continue + user_id = role_assignment.user['id'] + role_id = role_assignment.role['id'] + users_roles[user_id].append(role_id) + return users_roles + + +def add_domain_user_role(request, user, role, domain): + """Adds a role for a user on a domain.""" + manager = keystoneclient(request, admin=True).roles + return manager.grant(role, user=user, domain=domain) + + +def remove_domain_user_role(request, user, role, domain=None): + """Removes a given single role for a user from a domain.""" + manager = keystoneclient(request, admin=True).roles + return manager.revoke(role, user=user, domain=domain) def get_project_users_roles(request, project): - users_roles = {} + users_roles = collections.defaultdict(list) if VERSIONS.active < 3: project_users = user_list(request, project=project) for user in project_users: roles = roles_for_user(request, user.id, project) roles_ids = [role.id for role in roles] - users_roles[user.id] = roles_ids + users_roles[user.id].extend(roles_ids) else: project_role_assignments = role_assignments_list(request, project=project) @@ -520,10 +547,7 @@ def get_project_users_roles(request, project): continue user_id = role_assignment.user['id'] role_id = role_assignment.role['id'] - if user_id in users_roles: - users_roles[user_id].append(role_id) - else: - users_roles[user_id] = [role_id] + users_roles[user_id].append(role_id) return users_roles diff --git a/openstack_dashboard/dashboards/identity/domains/constants.py b/openstack_dashboard/dashboards/identity/domains/constants.py index 32e02b2daf..5f8b897056 100644 --- a/openstack_dashboard/dashboards/identity/domains/constants.py +++ b/openstack_dashboard/dashboards/identity/domains/constants.py @@ -20,3 +20,4 @@ DOMAINS_INDEX_VIEW_TEMPLATE = 'identity/domains/index.html' DOMAINS_CREATE_URL = 'horizon:identity:domains:create' DOMAINS_UPDATE_URL = 'horizon:identity:domains:update' DOMAIN_GROUP_MEMBER_SLUG = "update_group_members" +DOMAIN_USER_MEMBER_SLUG = "update_user_members" diff --git a/openstack_dashboard/dashboards/identity/domains/tables.py b/openstack_dashboard/dashboards/identity/domains/tables.py index 5d31cab865..557b9829be 100644 --- a/openstack_dashboard/dashboards/identity/domains/tables.py +++ b/openstack_dashboard/dashboards/identity/domains/tables.py @@ -32,6 +32,22 @@ from openstack_dashboard.dashboards.identity.domains import constants LOG = logging.getLogger(__name__) +class ViewUsersLink(tables.LinkAction): + name = "users" + verbose_name = _("Modify Users") + url = "horizon:identity:domains:update" + classes = ("ajax-modal",) + policy_rules = (("identity", "identity:list_users"), + ("identity", "identity:list_roles"), + ("identity", "identity:list_role_assignments")) + + def get_link_url(self, domain): + step = 'update_user_members' + base_url = reverse(self.url, args=[domain.id]) + param = urlencode({"step": step}) + return "?".join([base_url, param]) + + class ViewGroupsLink(tables.LinkAction): name = "groups" verbose_name = _("Modify Groups") @@ -173,7 +189,7 @@ class DomainsTable(tables.DataTable): class Meta: name = "domains" verbose_name = _("Domains") - row_actions = (SetDomainContext, ViewGroupsLink, EditDomainLink, - DeleteDomainsAction) + row_actions = (SetDomainContext, ViewUsersLink, ViewGroupsLink, + EditDomainLink, DeleteDomainsAction) table_actions = (DomainFilterAction, CreateDomainLink, DeleteDomainsAction, UnsetDomainContext) diff --git a/openstack_dashboard/dashboards/identity/domains/tests.py b/openstack_dashboard/dashboards/identity/domains/tests.py index 64a4bb1064..fb131f31da 100644 --- a/openstack_dashboard/dashboards/identity/domains/tests.py +++ b/openstack_dashboard/dashboards/identity/domains/tests.py @@ -31,6 +31,7 @@ from openstack_dashboard.dashboards.identity.domains import workflows DOMAINS_INDEX_URL = reverse(constants.DOMAINS_INDEX_URL) DOMAIN_CREATE_URL = reverse(constants.DOMAINS_CREATE_URL) DOMAIN_UPDATE_URL = reverse(constants.DOMAINS_UPDATE_URL, args=[1]) +USER_ROLE_PREFIX = constants.DOMAIN_USER_MEMBER_SLUG + "_role_" GROUP_ROLE_PREFIX = constants.DOMAIN_GROUP_MEMBER_SLUG + "_role_" @@ -177,6 +178,14 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): domain_info = self._get_domain_info(domain) return domain_info + def _get_all_users(self, domain_id=None): + if not domain_id: + users = self.users.list() + else: + users = [user for user in self.users.list() + if user.domain_id == domain_id] + return users + def _get_all_groups(self, domain_id): if not domain_id: groups = self.groups.list() @@ -189,22 +198,35 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): # all domain groups have role assignments return self._get_all_groups(domain_id) + def _get_domain_role_assignment(self, domain_id): + domain_scope = {'domain': {'id': domain_id}} + return self.role_assignments.filter(scope=domain_scope) + @test.create_stubs({api.keystone: ('domain_get', 'get_default_role', 'role_list', + 'user_list', + 'role_assignments_list', 'group_list', 'roles_for_group')}) def test_update_domain_get(self): default_role = self.roles.first() domain = self.domains.get(id="1") + users = self._get_all_users(domain.id) groups = self._get_all_groups(domain.id) roles = self.roles.list() + role_assignments = self._get_domain_role_assignment(domain.id) api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.get_default_role(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(default_role) api.keystone.role_list(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(roles) + api.keystone.user_list(IsA(http.HttpRequest), domain=domain.id) \ + .AndReturn(users) + api.keystone.role_assignments_list(IsA(http.HttpRequest), + domain=domain.id) \ + .AndReturn(role_assignments) api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id) \ .AndReturn(groups) @@ -230,12 +252,18 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): domain.description) self.assertQuerysetEqual(workflow.steps, ['', + '', '']) @test.create_stubs({api.keystone: ('domain_get', 'domain_update', 'get_default_role', 'role_list', + 'user_list', + 'role_assignments_list', + 'roles_for_user', + 'add_domain_user_role', + 'remove_domain_user_role', 'group_list', 'roles_for_group', 'remove_group_role', @@ -244,15 +272,22 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): default_role = self.roles.first() domain = self.domains.get(id="1") test_description = 'updated description' + users = self._get_all_users(domain.id) groups = self._get_all_groups(domain.id) domain_groups = self._get_domain_groups(domain.id) roles = self.roles.list() + role_assignments = self._get_domain_role_assignment(domain.id) api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.get_default_role(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(default_role) api.keystone.role_list(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(roles) + api.keystone.user_list(IsA(http.HttpRequest), domain=domain.id) \ + .AndReturn(users) + api.keystone.role_assignments_list(IsA(http.HttpRequest), + domain=domain.id) \ + .AndReturn(role_assignments) api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id) \ .AndReturn(groups) @@ -265,7 +300,9 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): workflow_data = self._get_workflow_data(domain) # update some fields workflow_data['description'] = test_description - + # User assignment form data + workflow_data[USER_ROLE_PREFIX + "1"] = ['3'] # admin role + workflow_data[USER_ROLE_PREFIX + "2"] = ['2'] # member role # Group assignment form data workflow_data[GROUP_ROLE_PREFIX + "1"] = ['3'] # admin role workflow_data[GROUP_ROLE_PREFIX + "2"] = ['2'] # member role @@ -277,6 +314,49 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): enabled=domain.enabled, name=domain.name).AndReturn(None) + api.keystone.user_list(IsA(http.HttpRequest), + domain=domain.id).AndReturn(users) + + # admin user - try to remove all roles on current domain, warning + api.keystone.roles_for_user(IsA(http.HttpRequest), '1', + domain=domain.id) \ + .AndReturn(roles) + + # member user 1 - has role 1, will remove it + api.keystone.roles_for_user(IsA(http.HttpRequest), '2', + domain=domain.id) \ + .AndReturn((roles[0],)) + # remove role 1 + api.keystone.remove_domain_user_role(IsA(http.HttpRequest), + domain=domain.id, + user='2', + role='1') + # add role 2 + api.keystone.add_domain_user_role(IsA(http.HttpRequest), + domain=domain.id, + user='2', + role='2') + + # member user 3 - has role 2 + api.keystone.roles_for_user(IsA(http.HttpRequest), '3', + domain=domain.id) \ + .AndReturn((roles[1],)) + # remove role 2 + api.keystone.remove_domain_user_role(IsA(http.HttpRequest), + domain=domain.id, + user='3', + role='2') + # add role 1 + api.keystone.add_domain_user_role(IsA(http.HttpRequest), + domain=domain.id, + user='3', + role='1') + + # member user 5 - do nothing + api.keystone.roles_for_user(IsA(http.HttpRequest), '5', + domain=domain.id) \ + .AndReturn([]) + # Group assignments api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id).AndReturn(domain_groups) @@ -349,20 +429,29 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): 'domain_update', 'get_default_role', 'role_list', + 'user_list', + 'role_assignments_list', 'group_list', 'roles_for_group')}) def test_update_domain_post_error(self): default_role = self.roles.first() domain = self.domains.get(id="1") test_description = 'updated description' + users = self._get_all_users(domain.id) groups = self._get_all_groups(domain.id) roles = self.roles.list() + role_assignments = self._get_domain_role_assignment(domain.id) api.keystone.domain_get(IsA(http.HttpRequest), '1').AndReturn(domain) api.keystone.get_default_role(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(default_role) api.keystone.role_list(IsA(http.HttpRequest)) \ .MultipleTimes().AndReturn(roles) + api.keystone.user_list(IsA(http.HttpRequest), domain=domain.id) \ + .AndReturn(users) + api.keystone.role_assignments_list(IsA(http.HttpRequest), + domain=domain.id) \ + .AndReturn(role_assignments) api.keystone.group_list(IsA(http.HttpRequest), domain=domain.id) \ .AndReturn(groups) @@ -376,6 +465,9 @@ class UpdateDomainWorkflowTests(test.BaseAdminViewTests): # update some fields workflow_data['description'] = test_description + # User assignment form data + workflow_data[USER_ROLE_PREFIX + "1"] = ['3'] # admin role + workflow_data[USER_ROLE_PREFIX + "2"] = ['2'] # member role # Group assignment form data workflow_data[GROUP_ROLE_PREFIX + "1"] = ['3'] # admin role workflow_data[GROUP_ROLE_PREFIX + "2"] = ['2'] # member role diff --git a/openstack_dashboard/dashboards/identity/domains/workflows.py b/openstack_dashboard/dashboards/identity/domains/workflows.py index 4b8c21fda8..25cba8306d 100644 --- a/openstack_dashboard/dashboards/identity/domains/workflows.py +++ b/openstack_dashboard/dashboards/identity/domains/workflows.py @@ -20,6 +20,7 @@ from django.utils.translation import ugettext_lazy as _ from horizon import exceptions from horizon import forms +from horizon import messages from horizon import workflows from openstack_dashboard import api @@ -53,15 +54,111 @@ class CreateDomainInfo(workflows.Step): "enabled") +class UpdateDomainUsersAction(workflows.MembershipAction): + def __init__(self, request, *args, **kwargs): + super(UpdateDomainUsersAction, self).__init__(request, + *args, + **kwargs) + domain_id = self.initial.get("domain_id", '') + + # Get the default role + try: + default_role = api.keystone.get_default_role(self.request) + # Default role is necessary to add members to a domain + if default_role is None: + default = getattr(settings, + "OPENSTACK_KEYSTONE_DEFAULT_ROLE", None) + msg = _('Could not find default role "%s" in Keystone') % \ + default + raise exceptions.NotFound(msg) + except Exception: + exceptions.handle(self.request, + _('Unable to find default role.'), + redirect=reverse(constants.DOMAINS_INDEX_URL)) + default_role_name = self.get_default_role_field_name() + self.fields[default_role_name] = forms.CharField(required=False) + self.fields[default_role_name].initial = default_role.id + + # Get list of available users + all_users = [] + try: + all_users = api.keystone.user_list(request, + domain=domain_id) + except Exception: + exceptions.handle(request, _('Unable to retrieve user list.')) + users_list = [(user.id, user.name) for user in all_users] + + # Get list of roles + role_list = [] + try: + role_list = api.keystone.role_list(request) + except Exception: + exceptions.handle(request, + _('Unable to retrieve role list.'), + redirect=reverse(constants.DOMAINS_INDEX_URL)) + for role in role_list: + field_name = self.get_member_field_name(role.id) + label = role.name + self.fields[field_name] = forms.MultipleChoiceField(required=False, + label=label) + self.fields[field_name].choices = users_list + self.fields[field_name].initial = [] + + # Figure out users & roles + if domain_id: + try: + users_roles = api.keystone.get_domain_users_roles(request, + domain_id) + except Exception: + exceptions.handle(request, + _('Unable to retrieve user domain role ' + 'assignments.'), + redirect=reverse( + constants.DOMAINS_INDEX_URL)) + + for user_id in users_roles: + roles_ids = users_roles[user_id] + for role_id in roles_ids: + field_name = self.get_member_field_name(role_id) + self.fields[field_name].initial.append(user_id) + + class Meta: + name = _("Domain Members") + slug = constants.DOMAIN_USER_MEMBER_SLUG + + +class UpdateDomainUsers(workflows.UpdateMembersStep): + action_class = UpdateDomainUsersAction + available_list_title = _("All Users") + members_list_title = _("Domain Members") + no_available_text = _("No users found.") + no_members_text = _("No users.") + + def contribute(self, data, context): + context = super(UpdateDomainUsers, self).contribute(data, context) + if data: + try: + roles = api.keystone.role_list(self.workflow.request) + except Exception: + exceptions.handle(self.workflow.request, + _('Unable to retrieve role list.'), + redirect=reverse( + constants.DOMAINS_INDEX_URL)) + + post = self.workflow.request.POST + for role in roles: + field = self.get_member_field_name(role.id) + context[field] = post.getlist(field) + return context + + class UpdateDomainGroupsAction(workflows.MembershipAction): def __init__(self, request, *args, **kwargs): super(UpdateDomainGroupsAction, self).__init__(request, *args, **kwargs) err_msg = _('Unable to retrieve group list. Please try again later.') - domain_id = '' - if 'domain_id' in args[0]: - domain_id = args[0]['domain_id'] + domain_id = self.initial.get("domain_id", '') # Get the default role try: @@ -135,6 +232,7 @@ class UpdateDomainGroups(workflows.UpdateMembersStep): no_members_text = _("No groups.") def contribute(self, data, context): + context = super(UpdateDomainGroups, self).contribute(data, context) if data: try: roles = api.keystone.role_list(self.workflow.request) @@ -200,25 +298,109 @@ class UpdateDomain(workflows.Workflow): failure_message = _('Unable to modify domain "%s".') success_url = constants.DOMAINS_INDEX_URL default_steps = (UpdateDomainInfo, + UpdateDomainUsers, UpdateDomainGroups) def format_status_message(self, message): return message % self.context.get('name', 'unknown domain') - def handle(self, request, data): - domain_id = data.pop('domain_id') - + def _update_domain_members(self, request, domain_id, data): + # update domain members + users_to_modify = 0 + # Project-user member step + member_step = self.get_step(constants.DOMAIN_USER_MEMBER_SLUG) try: - LOG.info('Updating domain with name "%s"' % data['name']) - api.keystone.domain_update(request, - domain_id=domain_id, - name=data['name'], - description=data['description'], - enabled=data['enabled']) + # Get our role options + available_roles = api.keystone.role_list(request) + # Get the users currently associated with this project so we + # can diff against it. + domain_members = api.keystone.user_list(request, + domain=domain_id) + users_to_modify = len(domain_members) + + for user in domain_members: + # Check if there have been any changes in the roles of + # Existing project members. + current_roles = api.keystone.roles_for_user(self.request, + user.id, + domain=domain_id) + current_role_ids = [role.id for role in current_roles] + + for role in available_roles: + field_name = member_step.get_member_field_name(role.id) + # Check if the user is in the list of users with this role. + if user.id in data[field_name]: + # Add it if necessary + if role.id not in current_role_ids: + # user role has changed + api.keystone.add_domain_user_role( + request, + domain=domain_id, + user=user.id, + role=role.id) + else: + # User role is unchanged, so remove it from the + # remaining roles list to avoid removing it later. + index = current_role_ids.index(role.id) + current_role_ids.pop(index) + + # Prevent admins from doing stupid things to themselves. + is_current_user = user.id == request.user.id + # TODO(lcheng) When Horizon moves to Domain scoped token for + # invoking identity operation, replace this with: + # domain_id == request.user.domain_id + is_current_domain = True + + admin_roles = [role for role in current_roles + if role.name.lower() == 'admin'] + if len(admin_roles): + removing_admin = any([role.id in current_role_ids + for role in admin_roles]) + else: + removing_admin = False + if is_current_user and is_current_domain and removing_admin: + # Cannot remove "admin" role on current(admin) domain + msg = _('You cannot revoke your administrative privileges ' + 'from the domain you are currently logged into. ' + 'Please switch to another domain with ' + 'administrative privileges or remove the ' + 'administrative role manually via the CLI.') + messages.warning(request, msg) + + # Otherwise go through and revoke any removed roles. + else: + for id_to_delete in current_role_ids: + api.keystone.remove_domain_user_role( + request, + domain=domain_id, + user=user.id, + role=id_to_delete) + users_to_modify -= 1 + + # Grant new roles on the project. + for role in available_roles: + field_name = member_step.get_member_field_name(role.id) + # Count how many users may be added for exception handling. + users_to_modify += len(data[field_name]) + for role in available_roles: + users_added = 0 + field_name = member_step.get_member_field_name(role.id) + for user_id in data[field_name]: + if not filter(lambda x: user_id == x.id, domain_members): + api.keystone.add_tenant_user_role(request, + project=domain_id, + user=user_id, + role=role.id) + users_added += 1 + users_to_modify -= users_added + return True except Exception: - exceptions.handle(request, ignore=True) + exceptions.handle(request, _('Failed to modify %s project ' + 'members and update domain groups.') + % users_to_modify) return False + def _update_domain_groups(self, request, domain_id, data): # update domain groups groups_to_modify = 0 member_step = self.get_step(constants.DOMAIN_GROUP_MEMBER_SLUG) @@ -282,10 +464,31 @@ class UpdateDomain(workflows.Workflow): domain=domain_id) groups_added += 1 groups_to_modify -= groups_added + return True except Exception: exceptions.handle(request, _('Failed to modify %s domain groups.') % groups_to_modify) - return True + return False + + def handle(self, request, data): + domain_id = data.pop('domain_id') + + try: + LOG.info('Updating domain with name "%s"' % data['name']) + api.keystone.domain_update(request, + domain_id=domain_id, + name=data['name'], + description=data['description'], + enabled=data['enabled']) + except Exception: + exceptions.handle(request, ignore=True) + return False + + if not self._update_domain_members(request, domain_id, data): + return False + + if not self._update_domain_groups(request, domain_id, data): + return False return True diff --git a/openstack_dashboard/dashboards/identity/projects/tests.py b/openstack_dashboard/dashboards/identity/projects/tests.py index 006723b4ea..d0d3ec6bfb 100644 --- a/openstack_dashboard/dashboards/identity/projects/tests.py +++ b/openstack_dashboard/dashboards/identity/projects/tests.py @@ -749,6 +749,10 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests): return [group for group in self.groups.list() if group.project_id == project_id] + def _get_proj_role_assignment(self, project_id): + project_scope = {'project': {'id': project_id}} + return self.role_assignments.filter(scope=project_scope) + @test.create_stubs({api.keystone: ('get_default_role', 'roles_for_user', 'tenant_get', @@ -771,7 +775,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests): groups = self._get_all_groups(domain_id) roles = self.roles.list() proj_users = self._get_proj_users(project.id) - role_assignments = self.role_assignments.list() + role_assignments = self._get_proj_role_assignment(project.id) api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id, admin=True) \ @@ -868,7 +872,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests): groups = self._get_all_groups(domain_id) proj_groups = self._get_proj_groups(project.id) roles = self.roles.list() - role_assignments = self.role_assignments.list() + role_assignments = self._get_proj_role_assignment(project.id) # get/init api.keystone.tenant_get(IsA(http.HttpRequest), @@ -1235,7 +1239,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests): groups = self._get_all_groups(domain_id) proj_groups = self._get_proj_groups(project.id) roles = self.roles.list() - role_assignments = self.role_assignments.list() + role_assignments = self._get_proj_role_assignment(project.id) # get/init api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id, @@ -1408,7 +1412,7 @@ class UpdateProjectWorkflowTests(test.BaseAdminViewTests): proj_users = self._get_proj_users(project.id) groups = self._get_all_groups(domain_id) roles = self.roles.list() - role_assignments = self.role_assignments.list() + role_assignments = self._get_proj_role_assignment(project.id) # get/init api.keystone.tenant_get(IsA(http.HttpRequest), self.tenant.id, diff --git a/openstack_dashboard/test/helpers.py b/openstack_dashboard/test/helpers.py index 6d65ef0d37..9950ed8349 100644 --- a/openstack_dashboard/test/helpers.py +++ b/openstack_dashboard/test/helpers.py @@ -137,6 +137,7 @@ class TestCase(horizon_helpers.TestCase): self.setActiveUser(id=self.user.id, token=self.token, username=self.user.name, + domain_id=self.domain.id, tenant_id=self.tenant.id, service_catalog=self.service_catalog, authorized_tenants=tenants) @@ -157,11 +158,12 @@ class TestCase(horizon_helpers.TestCase): def setActiveUser(self, id=None, token=None, username=None, tenant_id=None, service_catalog=None, tenant_name=None, roles=None, - authorized_tenants=None, enabled=True): + authorized_tenants=None, enabled=True, domain_id=None): def get_user(request): return user.User(id=id, token=token, user=username, + domain_id=domain_id, tenant_id=tenant_id, service_catalog=service_catalog, roles=roles, diff --git a/openstack_dashboard/test/test_data/keystone_data.py b/openstack_dashboard/test/test_data/keystone_data.py index 1fceceea11..280d8093d4 100644 --- a/openstack_dashboard/test/test_data/keystone_data.py +++ b/openstack_dashboard/test/test_data/keystone_data.py @@ -249,27 +249,51 @@ def data(TEST): role_assignments_dict = {'user': {'id': '1'}, 'role': {'id': '1'}, 'scope': {'project': {'id': '1'}}} - role_assignment1 = role_assignments.RoleAssignment( + proj_role_assignment1 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '2'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} - role_assignment2 = role_assignments.RoleAssignment( + proj_role_assignment2 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'group': {'id': '1'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} - role_assignment3 = role_assignments.RoleAssignment( + proj_role_assignment3 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) role_assignments_dict = {'user': {'id': '3'}, 'role': {'id': '2'}, 'scope': {'project': {'id': '1'}}} - role_assignment4 = role_assignments.RoleAssignment( + proj_role_assignment4 = role_assignments.RoleAssignment( role_assignments.RoleAssignmentManager, role_assignments_dict) - TEST.role_assignments.add(role_assignment1, - role_assignment2, - role_assignment3, - role_assignment4) + role_assignments_dict = {'user': {'id': '1'}, + 'role': {'id': '1'}, + 'scope': {'domain': {'id': '1'}}} + domain_role_assignment1 = role_assignments.RoleAssignment( + role_assignments.RoleAssignmentManager, role_assignments_dict) + role_assignments_dict = {'user': {'id': '2'}, + 'role': {'id': '2'}, + 'scope': {'domain': {'id': '1'}}} + domain_role_assignment2 = role_assignments.RoleAssignment( + role_assignments.RoleAssignmentManager, role_assignments_dict) + role_assignments_dict = {'group': {'id': '1'}, + 'role': {'id': '2'}, + 'scope': {'domain': {'id': '1'}}} + domain_role_assignment3 = role_assignments.RoleAssignment( + role_assignments.RoleAssignmentManager, role_assignments_dict) + role_assignments_dict = {'user': {'id': '3'}, + 'role': {'id': '2'}, + 'scope': {'domain': {'id': '1'}}} + domain_role_assignment4 = role_assignments.RoleAssignment( + role_assignments.RoleAssignmentManager, role_assignments_dict) + TEST.role_assignments.add(proj_role_assignment1, + proj_role_assignment2, + proj_role_assignment3, + proj_role_assignment4, + domain_role_assignment1, + domain_role_assignment2, + domain_role_assignment3, + domain_role_assignment4) tenant_dict = {'id': "1", 'name': 'test_tenant',