openstack/keystone
Code Issues Proposed changes

Merge "Implement get_unique_role_by_name"

Browse Source
This commit is contained in:
Zuul 2017-12-30 05:40:38 +00:00 committed by Gerrit Code Review
commit 1f1ec829d7
3 changed files with 32 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
keystone/assignment/core.py
View File

@ -22,6 +22,7 @@ from oslo_log import log
from keystone.common import cache
from keystone.common import driver_hints
from keystone.common import manager
from keystone.common import provider_api
import keystone.conf
from keystone import exception
from keystone.i18n import _
@ -30,6 +31,7 @@ from keystone import notifications
CONF = keystone.conf.CONF
LOG = log.getLogger(__name__)
PROVIDERS = provider_api.ProviderAPIs
# This is a general cache region for assignment administration (CRUD
# operations).
@ -1245,6 +1247,21 @@ class RoleManager(manager.Manager):
def get_role(self, role_id):
return self.driver.get_role(role_id)
def get_unique_role_by_name(self, role_name, hints=None):
if not hints:
hints = driver_hints.Hints()
hints.add_filter("name", role_name, case_sensitive=True)
found_roles = PROVIDERS.role_api.list_roles(hints)
if not found_roles:
raise exception.RoleNotFound(
_("Role %s is not defined") % role_name
)
elif len(found_roles) == 1:
return {'id': found_roles[0]['id']}
else:
raise exception.AmbiguityError(resource='role',
name=role_name)
def create_role(self, role_id, role, initiator=None):
ret = self.driver.create_role(role_id, role)
notifications.Audit.created(self._ROLE, role_id, initiator)

9
keystone/tests/unit/assignment/test_core.py
View File

@ -27,6 +27,11 @@ class RoleTests(object):
self.role_api.get_role,
uuid.uuid4().hex)
def test_get_unique_role_by_name_returns_not_found(self):
self.assertRaises(exception.RoleNotFound,
self.role_api.get_unique_role_by_name,
uuid.uuid4().hex)
def test_create_duplicate_role_name_fails(self):
role_id = uuid.uuid4().hex
role = unit.new_role_ref(id=role_id, name='fake1name')
@ -53,11 +58,15 @@ class RoleTests(object):
def test_role_crud(self):
role = unit.new_role_ref()
role_name = role['name']
self.role_api.create_role(role['id'], role)
role_ref = self.role_api.get_role(role['id'])
role_ref_dict = {x: role_ref[x] for x in role_ref}
self.assertDictEqual(role, role_ref_dict)
role_ref = self.role_api.get_unique_role_by_name(role_name)
self.assertEqual(role['id'], role_ref['id'])
role['name'] = uuid.uuid4().hex
updated_role_ref = self.role_api.update_role(role['id'], role)
role_ref = self.role_api.get_role(role['id'])

19
keystone/trust/controllers.py
View File

@ -18,7 +18,7 @@ from oslo_utils import timeutils
from keystone import assignment
from keystone.common import controller
from keystone.common import driver_hints
from keystone.common import provider_api
from keystone.common import utils
from keystone.common import validation
from keystone import exception
@ -26,6 +26,9 @@ from keystone.i18n import _
from keystone.trust import schema
PROVIDERS = provider_api.ProviderAPIs
def _trustor_trustee_only(trust, user_id):
if user_id not in [trust.get('trustee_user_id'),
trust.get('trustor_user_id')]:
@ -81,18 +84,8 @@ class TrustV3(controller.V3Controller):
if role.get('id'):
roles.append({'id': role['id']})
else:
hints = driver_hints.Hints()
hints.add_filter("name", role['name'], case_sensitive=True)
found_roles = self.role_api.list_roles(hints)
if not found_roles:
raise exception.RoleNotFound(
_("Role %s is not defined") % role['name']
)
elif len(found_roles) == 1:
roles.append({'id': found_roles[0]['id']})
else:
raise exception.AmbiguityError(resource='role',
name=role['name'])
role_api = PROVIDERS.role_api
roles.append(role_api.get_unique_role_by_name(role['name']))
return roles
def _find_redelegated_trust(self, request):