Fix duplicate role names in trusts bug
Closes-Bug: #1778109 Change-Id: Id0953190b3b1e0b6765430fbb10d16e7f53f53ee
This commit is contained in:
parent
89a5783dd8
commit
50fd6933e8
@ -44,7 +44,6 @@ from keystone.tests.common import auth as common_auth
|
||||
from keystone.tests import unit
|
||||
from keystone.tests.unit import ksfixtures
|
||||
from keystone.tests.unit import test_v3
|
||||
from keystone.tests.unit import utils as test_utils
|
||||
|
||||
|
||||
CONF = keystone.conf.CONF
|
||||
@ -3944,12 +3943,6 @@ class TrustAPIBehavior(test_v3.RestfulTestCase):
|
||||
role_id_set2 = set(r['id'] for r in trust2['roles'])
|
||||
self.assertThat(role_id_set1, matchers.GreaterThan(role_id_set2))
|
||||
|
||||
@test_utils.wip(
|
||||
"Waiting on fix for duplicate role names in token data when trust has "
|
||||
"implied roles",
|
||||
expected_exception=matchers.MismatchError,
|
||||
bug="#1778109"
|
||||
)
|
||||
def test_trust_with_implied_roles(self):
|
||||
# Create some roles
|
||||
role1 = unit.new_role_ref()
|
||||
|
@ -372,6 +372,9 @@ class V3TokenDataHelper(provider_api.ProviderAPIMixin, object):
|
||||
refs = [{'role_id': role['id']} for role in trust['roles']]
|
||||
effective_trust_roles = (
|
||||
PROVIDERS.assignment_api.add_implied_roles(refs))
|
||||
effective_trust_role_ids = (
|
||||
set([r['role_id'] for r in effective_trust_roles])
|
||||
)
|
||||
# Now get the current role assignments for the trustor,
|
||||
# including any domain specific roles.
|
||||
assignments = PROVIDERS.assignment_api.list_role_assignments(
|
||||
@ -384,10 +387,10 @@ class V3TokenDataHelper(provider_api.ProviderAPIMixin, object):
|
||||
# Go through each of the effective trust roles, making sure the
|
||||
# trustor still has them, if any have been removed, then we
|
||||
# will treat the trust as invalid
|
||||
for trust_role in effective_trust_roles:
|
||||
for trust_role_id in effective_trust_role_ids:
|
||||
|
||||
match_roles = [x for x in current_effective_trustor_roles
|
||||
if x == trust_role['role_id']]
|
||||
if x == trust_role_id]
|
||||
if match_roles:
|
||||
role = PROVIDERS.role_api.get_role(match_roles[0])
|
||||
if role['domain_id'] is None:
|
||||
|
8
releasenotes/notes/bug-1778109-ea15ce6a8207f857.yaml
Normal file
8
releasenotes/notes/bug-1778109-ea15ce6a8207f857.yaml
Normal file
@ -0,0 +1,8 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
[`bug 1778109 <https://bugs.launchpad.net/keystone/+bug/1778109>`_]
|
||||
Previously the token data for a trust-scoped token may have contained
|
||||
duplicate roles, when implied roles were present. This is no longer the
|
||||
case, for the sake of accuracy and to prevent the breaking of applications
|
||||
which may consume this role list.
|
Loading…
x
Reference in New Issue
Block a user