Browse Source

Revert change 438035 is_admin_project default

This change reverts having is_admin_project default to False [0]
since we currently need to have it revert to True in order to
account for anyone who has not configured an admin project. This
will be truely fixed at a later date.

This also adds comments from another change [1] which clarifies
the for why this should not be changed at this moment.

[0] https://review.openstack.org/#/c/438035/
[1] https://review.openstack.org/#/c/257636/

Partial-Bug: 968696

Change-Id: I039bfc8a41d43634ebad545725b9188a82afb990
Co-Authored-By: Adam Young <ayoung@redhat.com>
Co-Authored-By: Matthew Edmonds <edmondsw@us.ibm.com>
tags/12.0.0.0b2
Gage Hugo 2 years ago
parent
commit
4a82ab9065
2 changed files with 9 additions and 4 deletions
  1. 7
    2
      keystone/models/token_model.py
  2. 2
    2
      keystone/tests/unit/token/test_token_model.py

+ 7
- 2
keystone/models/token_model.py View File

@@ -192,10 +192,15 @@ class KeystoneToken(dict):
192 192
 
193 193
     @property
194 194
     def is_admin_project(self):
195
+        # Prevent domain scoped tokens from acting as is_admin_project
195 196
         if self.domain_scoped:
196
-            # Currently, domain scoped tokens cannot act as is_admin_project
197 197
             return False
198
-        return self.get('is_admin_project', False)
198
+        # TODO(ayoung/edmondsw): Having is_admin_project default to True is
199
+        # essential for fixing bug #968696. If an admin project is not
200
+        # configured, we can add checks for is_admin_project:True and not
201
+        # block anyone that hasn't configured an admin_project. Do not change
202
+        # this until we can assume admin_project is actually set
203
+        return self.get('is_admin_project', True)
199 204
 
200 205
     @property
201 206
     def trust_id(self):

+ 2
- 2
keystone/tests/unit/token/test_token_model.py View File

@@ -87,8 +87,8 @@ class TestKeystoneTokenModel(core.TestCase):
87 87
         self.assertTrue(token_data.scoped)
88 88
         self.assertTrue(token_data.trust_scoped)
89 89
 
90
-        # by default admin project is False for project scoped tokens
91
-        self.assertFalse(token_data.is_admin_project)
90
+        # by default admin project is True for project scoped tokens
91
+        self.assertTrue(token_data.is_admin_project)
92 92
 
93 93
         self.assertEqual(
94 94
             [r['id'] for r in self.v3_sample_token['token']['roles']],

Loading…
Cancel
Save