Expose context to create grant and delete grant
To correctly issue a CADF audit event for a change in role assignments, we need to expose the context at the manager level. Note that the driver signatures are *not* changing, just the manager needs to know the context. implements bp role-assignment-notifications Change-Id: I116b185f5d1fc3f9cbb03ffcf3ce64c56a73d969
This commit is contained in:
parent
2e4977076c
commit
9ffdedb758
|
@ -520,7 +520,7 @@ class RoleV3(controller.V3Controller):
|
||||||
|
|
||||||
self.assignment_api.create_grant(
|
self.assignment_api.create_grant(
|
||||||
role_id, user_id, group_id, domain_id, project_id,
|
role_id, user_id, group_id, domain_id, project_id,
|
||||||
self._check_if_inherited(context))
|
self._check_if_inherited(context), context)
|
||||||
|
|
||||||
@controller.protected(callback=_check_grant_protection)
|
@controller.protected(callback=_check_grant_protection)
|
||||||
def list_grants(self, context, user_id=None,
|
def list_grants(self, context, user_id=None,
|
||||||
|
@ -554,7 +554,7 @@ class RoleV3(controller.V3Controller):
|
||||||
|
|
||||||
self.assignment_api.delete_grant(
|
self.assignment_api.delete_grant(
|
||||||
role_id, user_id, group_id, domain_id, project_id,
|
role_id, user_id, group_id, domain_id, project_id,
|
||||||
self._check_if_inherited(context))
|
self._check_if_inherited(context), context)
|
||||||
|
|
||||||
|
|
||||||
@dependency.requires('assignment_api', 'identity_api')
|
@dependency.requires('assignment_api', 'identity_api')
|
||||||
|
|
|
@ -504,9 +504,15 @@ class Manager(manager.Manager):
|
||||||
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
|
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
|
||||||
project_id=tenant_id)
|
project_id=tenant_id)
|
||||||
|
|
||||||
|
def create_grant(self, role_id, user_id=None, group_id=None,
|
||||||
|
domain_id=None, project_id=None,
|
||||||
|
inherited_to_projects=False, context=None):
|
||||||
|
self.driver.create_grant(role_id, user_id, group_id, domain_id,
|
||||||
|
project_id, inherited_to_projects)
|
||||||
|
|
||||||
def delete_grant(self, role_id, user_id=None, group_id=None,
|
def delete_grant(self, role_id, user_id=None, group_id=None,
|
||||||
domain_id=None, project_id=None,
|
domain_id=None, project_id=None,
|
||||||
inherited_to_projects=False):
|
inherited_to_projects=False, context=None):
|
||||||
user_ids = []
|
user_ids = []
|
||||||
if group_id is None:
|
if group_id is None:
|
||||||
if self.revoke_api:
|
if self.revoke_api:
|
||||||
|
|
Loading…
Reference in New Issue