Merge "Fix for notifications for v2 role grant/delete"
This commit is contained in:
Jenkins
Gerrit Code Review
commit
7ed6717076
@ -261,10 +261,24 @@ class Manager(manager.Manager):
|
|||||||
tenant_id,
|
tenant_id,
|
||||||
CONF.member_role_id)
|
CONF.member_role_id)
|
||||||
|
|
||||||
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
|
@notifications.role_assignment('created')
|
||||||
self.resource_api.get_project(tenant_id)
|
def _add_role_to_user_and_project_adapter(self, role_id, user_id=None,
|
||||||
|
group_id=None, domain_id=None,
|
||||||
|
project_id=None,
|
||||||
|
inherited_to_projects=False,
|
||||||
|
context=None):
|
||||||
|
|
||||||
|
# The parameters for this method must match the parameters for
|
||||||
|
# create_grant so that the notifications.role_assignment decorator
|
||||||
|
# will work.
|
||||||
|
|
||||||
|
self.resource_api.get_project(project_id)
|
||||||
self.role_api.get_role(role_id)
|
self.role_api.get_role(role_id)
|
||||||
self.driver.add_role_to_user_and_project(user_id, tenant_id, role_id)
|
self.driver.add_role_to_user_and_project(user_id, project_id, role_id)
|
||||||
|
|
||||||
|
def add_role_to_user_and_project(self, user_id, tenant_id, role_id):
|
||||||
|
self._add_role_to_user_and_project_adapter(
|
||||||
|
role_id, user_id=user_id, project_id=tenant_id)
|
||||||
|
|
||||||
def remove_user_from_project(self, tenant_id, user_id):
|
def remove_user_from_project(self, tenant_id, user_id):
|
||||||
"""Remove user from a tenant
|
"""Remove user from a tenant
|
||||||
@ -383,12 +397,27 @@ class Manager(manager.Manager):
|
|||||||
return [r for r in self.driver.list_role_assignments()
|
return [r for r in self.driver.list_role_assignments()
|
||||||
if r['role_id'] == role_id]
|
if r['role_id'] == role_id]
|
||||||
|
|
||||||
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
|
@notifications.role_assignment('deleted')
|
||||||
self.driver.remove_role_from_user_and_project(user_id, tenant_id,
|
def _remove_role_from_user_and_project_adapter(self, role_id, user_id=None,
|
||||||
|
group_id=None,
|
||||||
|
domain_id=None,
|
||||||
|
project_id=None,
|
||||||
|
inherited_to_projects=False,
|
||||||
|
context=None):
|
||||||
|
|
||||||
|
# The parameters for this method must match the parameters for
|
||||||
|
# delete_grant so that the notifications.role_assignment decorator
|
||||||
|
# will work.
|
||||||
|
|
||||||
|
self.driver.remove_role_from_user_and_project(user_id, project_id,
|
||||||
role_id)
|
role_id)
|
||||||
self.identity_api.emit_invalidate_user_token_persistence(user_id)
|
self.identity_api.emit_invalidate_user_token_persistence(user_id)
|
||||||
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
|
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
|
||||||
project_id=tenant_id)
|
project_id=project_id)
|
||||||
|
|
||||||
|
def remove_role_from_user_and_project(self, user_id, tenant_id, role_id):
|
||||||
|
self._remove_role_from_user_and_project_adapter(
|
||||||
|
role_id, user_id=user_id, project_id=tenant_id)
|
||||||
|
|
||||||
@notifications.internal(notifications.INVALIDATE_USER_TOKEN_PERSISTENCE)
|
@notifications.internal(notifications.INVALIDATE_USER_TOKEN_PERSISTENCE)
|
||||||
def _emit_invalidate_user_token_persistence(self, user_id):
|
def _emit_invalidate_user_token_persistence(self, user_id):
|
||||||
|
|||||||
@ -887,6 +887,40 @@ class CadfNotificationsWrapperTestCase(test_v3.RestfulTestCase):
|
|||||||
domain=self.domain_id,
|
domain=self.domain_id,
|
||||||
group=group['id'])
|
group=group['id'])
|
||||||
|
|
||||||
|
def test_add_role_to_user_and_project(self):
|
||||||
|
# A notification is sent when add_role_to_user_and_project is called on
|
||||||
|
# the assignment manager.
|
||||||
|
|
||||||
|
project_ref = self.new_project_ref(self.domain_id)
|
||||||
|
project = self.resource_api.create_project(
|
||||||
|
project_ref['id'], project_ref)
|
||||||
|
tenant_id = project['id']
|
||||||
|
|
||||||
|
self.assignment_api.add_role_to_user_and_project(
|
||||||
|
self.user_id, tenant_id, self.role_id)
|
||||||
|
|
||||||
|
self.assertTrue(self._notifications)
|
||||||
|
note = self._notifications[-1]
|
||||||
|
self.assertEqual(note['action'], 'created.role_assignment')
|
||||||
|
self.assertTrue(note['send_notification_called'])
|
||||||
|
|
||||||
|
self._assert_event(self.role_id, project=tenant_id, user=self.user_id)
|
||||||
|
|
||||||
|
def test_remove_role_from_user_and_project(self):
|
||||||
|
# A notification is sent when remove_role_from_user_and_project is
|
||||||
|
# called on the assignment manager.
|
||||||
|
|
||||||
|
self.assignment_api.remove_role_from_user_and_project(
|
||||||
|
self.user_id, self.project_id, self.role_id)
|
||||||
|
|
||||||
|
self.assertTrue(self._notifications)
|
||||||
|
note = self._notifications[-1]
|
||||||
|
self.assertEqual(note['action'], 'deleted.role_assignment')
|
||||||
|
self.assertTrue(note['send_notification_called'])
|
||||||
|
|
||||||
|
self._assert_event(self.role_id, project=self.project_id,
|
||||||
|
user=self.user_id)
|
||||||
|
|
||||||
|
|
||||||
class TestCallbackRegistration(testtools.TestCase):
|
class TestCallbackRegistration(testtools.TestCase):
|
||||||
def setUp(self):
|
def setUp(self):
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user