Merge "Fix role_assignments role.id filter"
This commit is contained in:
commit
7bb26ffd15
|
@ -925,9 +925,11 @@ class Manager(manager.Manager):
|
||||||
a['system'] = {'all': True}
|
a['system'] = {'all': True}
|
||||||
system_assignments.append(a)
|
system_assignments.append(a)
|
||||||
|
|
||||||
for i, assignment in enumerate(system_assignments):
|
if role_id:
|
||||||
if role_id and role_id != assignment['role_id']:
|
system_assignments = [
|
||||||
system_assignments.pop(i)
|
sa for sa in system_assignments
|
||||||
|
if role_id == sa['role_id']
|
||||||
|
]
|
||||||
|
|
||||||
assignments = []
|
assignments = []
|
||||||
for assignment in itertools.chain(
|
for assignment in itertools.chain(
|
||||||
|
|
|
@ -385,6 +385,8 @@ class _SystemUserTests(object):
|
||||||
|
|
||||||
def test_user_can_filter_role_assignments_by_role(self):
|
def test_user_can_filter_role_assignments_by_role(self):
|
||||||
assignments = self._setup_test_role_assignments()
|
assignments = self._setup_test_role_assignments()
|
||||||
|
self.expected = [ra for ra in self.expected
|
||||||
|
if ra['role_id'] == assignments['role_id']]
|
||||||
self.expected.append({
|
self.expected.append({
|
||||||
'user_id': assignments['user_id'],
|
'user_id': assignments['user_id'],
|
||||||
'project_id': assignments['project_id'],
|
'project_id': assignments['project_id'],
|
||||||
|
@ -484,6 +486,8 @@ class _SystemUserTests(object):
|
||||||
|
|
||||||
def test_user_can_filter_role_assignments_by_system_and_role(self):
|
def test_user_can_filter_role_assignments_by_system_and_role(self):
|
||||||
assignments = self._setup_test_role_assignments()
|
assignments = self._setup_test_role_assignments()
|
||||||
|
self.expected = [ra for ra in self.expected
|
||||||
|
if ra['role_id'] == assignments['role_id']]
|
||||||
self.expected.append({
|
self.expected.append({
|
||||||
'user_id': assignments['user_id'],
|
'user_id': assignments['user_id'],
|
||||||
'system': 'all',
|
'system': 'all',
|
||||||
|
|
|
@ -1402,6 +1402,8 @@ class AssignmentTestMixin(object):
|
||||||
"""
|
"""
|
||||||
if attribs.get('domain_id'):
|
if attribs.get('domain_id'):
|
||||||
link = '/domains/' + attribs['domain_id']
|
link = '/domains/' + attribs['domain_id']
|
||||||
|
elif attribs.get('system'):
|
||||||
|
link = '/system'
|
||||||
else:
|
else:
|
||||||
link = '/projects/' + attribs['project_id']
|
link = '/projects/' + attribs['project_id']
|
||||||
|
|
||||||
|
@ -1429,6 +1431,8 @@ class AssignmentTestMixin(object):
|
||||||
|
|
||||||
if attribs.get('domain_id'):
|
if attribs.get('domain_id'):
|
||||||
entity['scope'] = {'domain': {'id': attribs['domain_id']}}
|
entity['scope'] = {'domain': {'id': attribs['domain_id']}}
|
||||||
|
elif attribs.get('system'):
|
||||||
|
entity['scope'] = {'system': {'all': True}}
|
||||||
else:
|
else:
|
||||||
entity['scope'] = {'project': {'id': attribs['project_id']}}
|
entity['scope'] = {'project': {'id': attribs['project_id']}}
|
||||||
|
|
||||||
|
|
|
@ -920,7 +920,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
self.role2 = unit.new_role_ref()
|
self.role2 = unit.new_role_ref()
|
||||||
PROVIDERS.role_api.create_role(self.role2['id'], self.role2)
|
PROVIDERS.role_api.create_role(self.role2['id'], self.role2)
|
||||||
|
|
||||||
# Now add one of each of the four types of assignment
|
# Now add one of each of the six types of assignment
|
||||||
|
|
||||||
gd_entity = self.build_role_assignment_entity(
|
gd_entity = self.build_role_assignment_entity(
|
||||||
domain_id=self.domain_id, group_id=group1['id'],
|
domain_id=self.domain_id, group_id=group1['id'],
|
||||||
|
@ -944,6 +944,22 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
role_id=self.role2['id'])
|
role_id=self.role2['id'])
|
||||||
self.put(up_entity['links']['assignment'])
|
self.put(up_entity['links']['assignment'])
|
||||||
|
|
||||||
|
gs_entity = self.build_role_assignment_entity(
|
||||||
|
system='all',
|
||||||
|
group_id=group1['id'],
|
||||||
|
role_id=self.role1['id'])
|
||||||
|
self.put(gs_entity['links']['assignment'])
|
||||||
|
us_entity = self.build_role_assignment_entity(
|
||||||
|
system='all',
|
||||||
|
user_id=user1['id'],
|
||||||
|
role_id=self.role2['id'])
|
||||||
|
self.put(us_entity['links']['assignment'])
|
||||||
|
us2_entity = self.build_role_assignment_entity(
|
||||||
|
system='all',
|
||||||
|
user_id=user2['id'],
|
||||||
|
role_id=self.role2['id'])
|
||||||
|
self.put(us2_entity['links']['assignment'])
|
||||||
|
|
||||||
# Now list by various filters to make sure we get back the right ones
|
# Now list by various filters to make sure we get back the right ones
|
||||||
|
|
||||||
collection_url = ('/role_assignments?scope.project.id=%s' %
|
collection_url = ('/role_assignments?scope.project.id=%s' %
|
||||||
|
@ -970,7 +986,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
r = self.get(collection_url, expected_status=http_client.OK)
|
r = self.get(collection_url, expected_status=http_client.OK)
|
||||||
self.head(collection_url, expected_status=http_client.OK)
|
self.head(collection_url, expected_status=http_client.OK)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
expected_length=2,
|
expected_length=3,
|
||||||
resource_url=collection_url)
|
resource_url=collection_url)
|
||||||
self.assertRoleAssignmentInListResponse(r, up_entity)
|
self.assertRoleAssignmentInListResponse(r, up_entity)
|
||||||
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
||||||
|
@ -979,7 +995,7 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
r = self.get(collection_url, expected_status=http_client.OK)
|
r = self.get(collection_url, expected_status=http_client.OK)
|
||||||
self.head(collection_url, expected_status=http_client.OK)
|
self.head(collection_url, expected_status=http_client.OK)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
expected_length=2,
|
expected_length=3,
|
||||||
resource_url=collection_url)
|
resource_url=collection_url)
|
||||||
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
||||||
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
||||||
|
@ -988,10 +1004,21 @@ class AssignmentTestCase(test_v3.RestfulTestCase,
|
||||||
r = self.get(collection_url, expected_status=http_client.OK)
|
r = self.get(collection_url, expected_status=http_client.OK)
|
||||||
self.head(collection_url, expected_status=http_client.OK)
|
self.head(collection_url, expected_status=http_client.OK)
|
||||||
self.assertValidRoleAssignmentListResponse(r,
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
expected_length=2,
|
expected_length=3,
|
||||||
resource_url=collection_url)
|
resource_url=collection_url)
|
||||||
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
self.assertRoleAssignmentInListResponse(r, gd_entity)
|
||||||
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
self.assertRoleAssignmentInListResponse(r, gp_entity)
|
||||||
|
self.assertRoleAssignmentInListResponse(r, gs_entity)
|
||||||
|
|
||||||
|
collection_url = '/role_assignments?role.id=%s' % self.role2['id']
|
||||||
|
r = self.get(collection_url, expected_status=http_client.OK)
|
||||||
|
self.head(collection_url, expected_status=http_client.OK)
|
||||||
|
self.assertValidRoleAssignmentListResponse(r,
|
||||||
|
expected_length=4,
|
||||||
|
resource_url=collection_url)
|
||||||
|
self.assertRoleAssignmentInListResponse(r, ud_entity)
|
||||||
|
self.assertRoleAssignmentInListResponse(r, up_entity)
|
||||||
|
self.assertRoleAssignmentInListResponse(r, us_entity)
|
||||||
|
|
||||||
# Let's try combining two filers together....
|
# Let's try combining two filers together....
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
[`bug 1858012 <https://bugs.launchpad.net/keystone/+bug/1858012>`_]
|
||||||
|
Fixes a bug in the /v3/role_assignments filtering where the `role.id` query
|
||||||
|
parameter didn't properly filter role assignments by role in cases where
|
||||||
|
there were multiple system role assignments.
|
Loading…
Reference in New Issue