Adding one more check on project_id

Project_id is not a required attribute in creating Trust. Authentication with this kind of trust results in an error: "Expecting to find id or name in project". This message is misleading as the trust creation without project_id was successful which is a valid behavior. This error message is generated from checking if project_id is in trust metadata. One more check is needed to verify if project_id is None or populated. Closes-Bug: #1301622 Change-Id: Ic711a63f43ca87a97cb7f761170fa8aa2d45e11e
2014-04-03 23:13:48 +00:00 · 2014-04-03 23:13:48 +00:00 · 01eea87dea
commit 01eea87dea
parent f630a18304
2 changed files with 18 additions and 1 deletions
--- a/keystone/auth/controllers.py
+++ b/keystone/auth/controllers.py
@ -197,7 +197,7 @@ class AuthInfo(object):
            trust_ref = self._lookup_trust(
                self.auth['scope']['OS-TRUST:trust'])
            # TODO(ayoung): when trusts support domains, fill in domain data
-            if 'project_id' in trust_ref:
+            if trust_ref.get('project_id') is not None:
                project_ref = self._lookup_project(
                    {'id': trust_ref['project_id']})
                self._scope_data = (None, project_ref['id'], trust_ref)
--- a/keystone/tests/test_auth.py
+++ b/keystone/tests/test_auth.py
@ -729,6 +729,23 @@ class AuthWithTrust(AuthTest):
                          self.create_trust,
                          expires_at="Z")

+    def test_create_trust_without_project_id(self):
+        """Verify that trust can be created without project id and
+        token can be generated with that trust.
+        """
+        context = self._create_auth_context(
+            self.unscoped_token['access']['token']['id'])
+        self.sample_data['project_id'] = None
+        self.sample_data['roles'] = []
+        self.new_trust = self.trust_controller.create_trust(
+            context, trust=self.sample_data)['trust']
+        self.assertEqual(self.trustor['id'], self.new_trust['trustor_user_id'])
+        self.assertEqual(self.trustee['id'], self.new_trust['trustee_user_id'])
+        self.assertIs(self.new_trust['impersonation'], True)
+        auth_response = self.fetch_v2_token_from_trust()
+        token_user = auth_response['access']['user']
+        self.assertEqual(token_user['id'], self.new_trust['trustor_user_id'])
+
    def test_get_trust(self):
        context = {'token_id': self.unscoped_token['access']['token']['id'],
                   'host_url': HOST_URL}