Merge "Expand implied roles in trust tokens"
This commit is contained in:
commit
406fbfaa26
@ -601,7 +601,7 @@ class Manager(manager.Manager):
|
||||
return expand_group_assignment(ref, user_id)
|
||||
return [ref]
|
||||
|
||||
def _add_implied_roles(self, role_refs):
|
||||
def add_implied_roles(self, role_refs):
|
||||
"""Expand out implied roles.
|
||||
|
||||
The role_refs passed in have had all inheritance and group assignments
|
||||
@ -821,7 +821,7 @@ class Manager(manager.Manager):
|
||||
refs += self._expand_indirect_assignment(
|
||||
ref, user_id, project_id, subtree_ids, expand_groups)
|
||||
|
||||
refs = self._add_implied_roles(refs)
|
||||
refs = self.add_implied_roles(refs)
|
||||
if role_id:
|
||||
refs = self._filter_by_role_id(role_id, refs)
|
||||
|
||||
|
@ -20,7 +20,6 @@ from testtools import matchers
|
||||
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import test_v3
|
||||
from keystone.tests.unit import utils
|
||||
|
||||
|
||||
CONF = cfg.CONF
|
||||
@ -2611,7 +2610,6 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin,
|
||||
implied_role_id=accepted_role1['id'])
|
||||
self.put(url, expected_status=http_client.CREATED)
|
||||
|
||||
@utils.wip('This will fail because of bug #1543318.')
|
||||
def test_trusts_from_implied_role(self):
|
||||
self._create_three_roles()
|
||||
self._create_implied_role(self.role_list[0], self.role_list[1])
|
||||
@ -2639,11 +2637,12 @@ class ImpliedRolesTests(test_v3.RestfulTestCase, test_v3.AssignmentTestMixin,
|
||||
trust_id=trust['id'])
|
||||
r = self.v3_create_token(auth_data)
|
||||
token = r.result['token']
|
||||
|
||||
# FIXME(stevemar): See bug 1543318: Only one role appears in the
|
||||
# token, it should have all the implied roles (3).
|
||||
self.assertThat(token['roles'],
|
||||
matchers.HasLength(len(self.role_list)))
|
||||
for role in token['roles']:
|
||||
self.assertIn(role, self.role_list)
|
||||
for role in self.role_list:
|
||||
self.assertIn(role, token['roles'])
|
||||
|
||||
|
||||
class DomainSpecificRoleTests(test_v3.RestfulTestCase, unit.TestCase):
|
||||
|
@ -32,7 +32,7 @@ LOG = log.getLogger(__name__)
|
||||
CONF = cfg.CONF
|
||||
|
||||
|
||||
@dependency.requires('catalog_api', 'resource_api')
|
||||
@dependency.requires('catalog_api', 'resource_api', 'assignment_api')
|
||||
class V2TokenDataHelper(object):
|
||||
"""Creates V2 token data."""
|
||||
|
||||
@ -401,9 +401,12 @@ class V3TokenDataHelper(object):
|
||||
token_project_id)
|
||||
filtered_roles = []
|
||||
if CONF.trust.enabled and trust:
|
||||
for trust_role in trust['roles']:
|
||||
refs = [{'role_id': role['id']} for role in trust['roles']]
|
||||
effective_roles = self.assignment_api.add_implied_roles(refs)
|
||||
for trust_role in effective_roles:
|
||||
|
||||
match_roles = [x for x in roles
|
||||
if x['id'] == trust_role['id']]
|
||||
if x['id'] == trust_role['role_id']]
|
||||
if match_roles:
|
||||
filtered_roles.append(match_roles[0])
|
||||
else:
|
||||
|
Loading…
x
Reference in New Issue
Block a user