From 83e72d74431526b27b8a2f4ac362582a73edea44 Mon Sep 17 00:00:00 2001
From: Sami MAKKI <mail@samimakki.fr>
Date: Tue, 10 Jul 2018 14:21:28 +0200
Subject: [PATCH] Invalidate 'computed assignments' cache when creating a
 project.

Without it, listing projects results were missing project on which the
user had an inherited role.

Change-Id: If8edb3d1d1d3a0dab691ab6c81dd4b42e3b10ab3
Closes-Bug: #1780159
---
 keystone/resource/core.py                     |  3 ++
 keystone/tests/unit/test_v3_resource.py       | 32 +++++++++++++++++++
 .../notes/bug-1780159-095ffa0e53be2464.yaml   |  6 ++++
 3 files changed, 41 insertions(+)
 create mode 100644 releasenotes/notes/bug-1780159-095ffa0e53be2464.yaml

diff --git a/keystone/resource/core.py b/keystone/resource/core.py
index c7006d2480..e4ec7e9756 100644
--- a/keystone/resource/core.py
+++ b/keystone/resource/core.py
@@ -223,6 +223,9 @@ class Manager(manager.Manager):
             self.get_project.set(ret, self, project_id)
             self.get_project_by_name.set(ret, self, ret['name'],
                                          ret['domain_id'])
+
+        assignment.COMPUTED_ASSIGNMENTS_REGION.invalidate()
+
         return ret
 
     def assert_domain_enabled(self, domain_id, domain=None):
diff --git a/keystone/tests/unit/test_v3_resource.py b/keystone/tests/unit/test_v3_resource.py
index f5ee87a831..a1e8b4589a 100644
--- a/keystone/tests/unit/test_v3_resource.py
+++ b/keystone/tests/unit/test_v3_resource.py
@@ -1702,3 +1702,35 @@ class ResourceTestCase(test_v3.RestfulTestCase,
             '/projects/%(project_id)s/tags' % {'project_id': project['id']},
             body={'tags': tags},
             expected_status=http_client.BAD_REQUEST)
+
+    def test_list_projects_by_user_with_inherited_role(self):
+        """Ensure the cache is invalidated when creating/deleting a project."""
+        domain_ref = unit.new_domain_ref()
+        resp = self.post('/domains', body={'domain': domain_ref})
+        domain = resp.result['domain']
+
+        user_ref = unit.new_user_ref(domain_id=self.domain_id)
+        resp = self.post('/users', body={'user': user_ref})
+        user = resp.result['user']
+
+        role_ref = unit.new_role_ref()
+        resp = self.post('/roles', body={'role': role_ref})
+        role = resp.result['role']
+
+        self.put('/OS-INHERIT/domains/%(domain_id)s/users/%(user_id)s/roles/'
+                 '%(role_id)s/inherited_to_projects' % {
+                     'domain_id': domain['id'],
+                     'user_id': user['id'],
+                     'role_id': role['id']})
+
+        resp = self.get('/users/%(user)s/projects' % {'user': user['id']})
+        self.assertValidProjectListResponse(resp)
+        self.assertEqual([], resp.result['projects'])
+
+        project_ref = unit.new_project_ref(domain_id=domain['id'])
+        resp = self.post('/projects', body={'project': project_ref})
+        project = resp.result['project']
+
+        resp = self.get('/users/%(user)s/projects' % {'user': user['id']})
+        self.assertValidProjectListResponse(resp)
+        self.assertEqual(project['id'], resp.result['projects'][0]['id'])
diff --git a/releasenotes/notes/bug-1780159-095ffa0e53be2464.yaml b/releasenotes/notes/bug-1780159-095ffa0e53be2464.yaml
new file mode 100644
index 0000000000..1158824909
--- /dev/null
+++ b/releasenotes/notes/bug-1780159-095ffa0e53be2464.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    [`bug 1780159 <https://bugs.launchpad.net/keystone/+bug/1780159>`_]
+    Revoke the `role` cache when creating a project. This removes the delay
+    before making it appear in the list when a user has inherited role on it.