Refactor trust roles check

When checking the current effective trust roles, the current implementation creates a list from a set, then iterates over the list to find a single id's existance in the list. This change keeps the list as a set and utilizes the set collection's speedier existance check to see if a trust_role_id is present in the list of current_effective_trustor_roles. This removes the casting back into a list, as well as a redundant list iteration. Change-Id: I63ffbcc294e77b96f7a302543d335d3cb630090c
2018-06-27 13:09:25 -05:00 · 2018-06-27 13:09:25 -05:00 · 114e0fb486
parent 589152d094
commit 114e0fb486
1 changed files with 3 additions and 6 deletions
--- a/keystone/token/providers/common.py
+++ b/keystone/token/providers/common.py
@ -383,16 +383,13 @@ class V3TokenDataHelper(provider_api.ProviderAPIMixin, object):
                    project_id=token_project_id,
                    effective=True, strip_domain_roles=False)
                current_effective_trustor_roles = (
-                    list(set([x['role_id'] for x in assignments])))
+                    set([x['role_id'] for x in assignments]))
                # Go through each of the effective trust roles, making sure the
                # trustor still has them, if any have been removed, then we
                # will treat the trust as invalid
                for trust_role_id in effective_trust_role_ids:
-
-                    match_roles = [x for x in current_effective_trustor_roles
-                                   if x == trust_role_id]
-                    if match_roles:
-                        role = PROVIDERS.role_api.get_role(match_roles[0])
+                    if trust_role_id in current_effective_trustor_roles:
+                        role = PROVIDERS.role_api.get_role(trust_role_id)
                        if role['domain_id'] is None:
                            filtered_roles.append(role)
                    else: