Kaynağa Gözat

Merge "Ensure bootstrap handles multiple roles with the same name" into stable/stein

changes/68/705768/1
Zuul Gerrit Code Review 2 ay önce
ebeveyn
işleme
3907f65600
3 değiştirilmiş dosya ile 39 ekleme ve 0 silme
  1. +8
    -0
      keystone/cmd/bootstrap.py
  2. +24
    -0
      keystone/tests/unit/test_cli.py
  3. +7
    -0
      releasenotes/notes/bug-1856881-277103af343187f1.yaml

+ 8
- 0
keystone/cmd/bootstrap.py Dosyayı Görüntüle

@@ -124,6 +124,14 @@ class Bootstrapper(object):
# name instead.
hints = driver_hints.Hints()
hints.add_filter('name', role_name)
# Only return global roles, domain-specific roles can't be used in
# system assignments and bootstrap isn't designed to work with
# domain-specific roles.
hints.add_filter('domain_id', None)

# NOTE(lbragstad): Global roles are unique based on name. At this
# point we should be safe to return the first, and only, element in
# the list.
return PROVIDERS.role_api.list_roles(hints)[0]

def _ensure_implied_role(self, prior_role_id, implied_role_id):


+ 24
- 0
keystone/tests/unit/test_cli.py Dosyayı Görüntüle

@@ -289,6 +289,30 @@ class CliBootStrapTestCase(unit.SQLDriverOverrides, unit.TestCase):
user_id,
self.bootstrap.password)

def test_bootstrap_with_ambiguous_role_names(self):
# bootstrap system to create the default admin role
self._do_test_bootstrap(self.bootstrap)

# create a domain-specific roles that share the same names as the
# default roles created by keystone-manage bootstrap
domain = {'id': uuid.uuid4().hex, 'name': uuid.uuid4().hex}
domain = PROVIDERS.resource_api.create_domain(domain['id'], domain)
domain_roles = {}

for name in ['admin', 'member', 'reader']:
domain_role = {
'domain_id': domain['id'],
'id': uuid.uuid4().hex,
'name': name
}
domain_roles[name] = PROVIDERS.role_api.create_role(
domain_role['id'], domain_role
)

# ensure subsequent bootstrap attempts don't fail because of
# ambiguity
self._do_test_bootstrap(self.bootstrap)


class CliBootStrapTestCaseWithEnvironment(CliBootStrapTestCase):



+ 7
- 0
releasenotes/notes/bug-1856881-277103af343187f1.yaml Dosyayı Görüntüle

@@ -0,0 +1,7 @@
---
fixes:
- |
[`bug 1856881 <https://bugs.launchpad.net/keystone/+bug/1856881>`_]
``keystone-manage bootstrap`` can be run in upgrade scenarios where
pre-existing domain-specific roles exist named ``admin``, ``member``, and
``reader``.

Yükleniyor…
İptal
Kaydet