openstack/keystone
Code Issues Proposed changes

Merge "Fix for notifications for v2 role grant/delete"

Browse Source
This commit is contained in:
Jenkins 2015-04-07 18:38:40 +00:00 committed by Gerrit Code Review
commit 7ed6717076
2 changed files with 69 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
keystone/assignment/core.py
View File

@ -261,10 +261,24 @@ class Manager(manager.Manager):
tenant_id,
CONF.member_role_id)
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
self.resource_api.get_project(tenant_id)
@notifications.role_assignment('created')
def _add_role_to_user_and_project_adapter(self, role_id, user_id=None,
group_id=None, domain_id=None,
project_id=None,
inherited_to_projects=False,
context=None):
# The parameters for this method must match the parameters for
# create_grant so that the notifications.role_assignment decorator
# will work.
self.resource_api.get_project(project_id)
self.role_api.get_role(role_id)
self.driver.add_role_to_user_and_project(user_id, tenant_id, role_id)
self.driver.add_role_to_user_and_project(user_id, project_id, role_id)
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
self._add_role_to_user_and_project_adapter(
role_id, user_id=user_id, project_id=tenant_id)
def remove_user_from_project(self, tenant_id, user_id):
"""Remove user from a tenant
@ -383,12 +397,27 @@ class Manager(manager.Manager):
return [r for r in self.driver.list_role_assignments()
if r['role_id'] == role_id]
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
self.driver.remove_role_from_user_and_project(user_id, tenant_id,
@notifications.role_assignment('deleted')
def _remove_role_from_user_and_project_adapter(self, role_id, user_id=None,
group_id=None,
domain_id=None,
project_id=None,
inherited_to_projects=False,
context=None):
# The parameters for this method must match the parameters for
# delete_grant so that the notifications.role_assignment decorator
# will work.
self.driver.remove_role_from_user_and_project(user_id, project_id,
role_id)
self.identity_api.emit_invalidate_user_token_persistence(user_id)
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
project_id=tenant_id)
project_id=project_id)
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
self._remove_role_from_user_and_project_adapter(
role_id, user_id=user_id, project_id=tenant_id)
@notifications.internal(notifications.INVALIDATE_USER_TOKEN_PERSISTENCE)
def _emit_invalidate_user_token_persistence(self, user_id):

34
keystone/tests/unit/common/test_notifications.py
View File

@ -887,6 +887,40 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
domain=self.domain_id,
group=group['id'])
def test_add_role_to_user_and_project(self):
# A notification is sent when add_role_to_user_and_project is called on
# the assignment manager.
project_ref = self.new_project_ref(self.domain_id)
project = self.resource_api.create_project(
project_ref['id'], project_ref)
tenant_id = project['id']
self.assignment_api.add_role_to_user_and_project(
self.user_id, tenant_id, self.role_id)
self.assertTrue(self._notifications)
note = self._notifications[-1]
self.assertEqual(note['action'], 'created.role_assignment')
self.assertTrue(note['send_notification_called'])
self._assert_event(self.role_id, project=tenant_id, user=self.user_id)
def test_remove_role_from_user_and_project(self):
# A notification is sent when remove_role_from_user_and_project is
# called on the assignment manager.
self.assignment_api.remove_role_from_user_and_project(
self.user_id, self.project_id, self.role_id)
self.assertTrue(self._notifications)
note = self._notifications[-1]
self.assertEqual(note['action'], 'deleted.role_assignment')
self.assertTrue(note['send_notification_called'])
self._assert_event(self.role_id, project=self.project_id,
user=self.user_id)
class TestCallbackRegistration(testtools.TestCase):
def setUp(self):