Expose context to create grant and delete grant
To correctly issue a CADF audit event for a change in role assignments, we need to expose the context at the manager level. Note that the driver signatures are *not* changing, just the manager needs to know the context. implements bp role-assignment-notifications Change-Id: I116b185f5d1fc3f9cbb03ffcf3ce64c56a73d969
This commit is contained in:
parent
2e4977076c
commit
9ffdedb758
|
@ -520,7 +520,7 @@ class RoleV3(controller.V3Controller):
|
|||
|
||||
self.assignment_api.create_grant(
|
||||
role_id, user_id, group_id, domain_id, project_id,
|
||||
self._check_if_inherited(context))
|
||||
self._check_if_inherited(context), context)
|
||||
|
||||
@controller.protected(callback=_check_grant_protection)
|
||||
def list_grants(self, context, user_id=None,
|
||||
|
@ -554,7 +554,7 @@ class RoleV3(controller.V3Controller):
|
|||
|
||||
self.assignment_api.delete_grant(
|
||||
role_id, user_id, group_id, domain_id, project_id,
|
||||
self._check_if_inherited(context))
|
||||
self._check_if_inherited(context), context)
|
||||
|
||||
|
||||
@dependency.requires('assignment_api', 'identity_api')
|
||||
|
|
|
@ -504,9 +504,15 @@ class Manager(manager.Manager):
|
|||
self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
|
||||
project_id=tenant_id)
|
||||
|
||||
def create_grant(self, role_id, user_id=None, group_id=None,
|
||||
domain_id=None, project_id=None,
|
||||
inherited_to_projects=False, context=None):
|
||||
self.driver.create_grant(role_id, user_id, group_id, domain_id,
|
||||
project_id, inherited_to_projects)
|
||||
|
||||
def delete_grant(self, role_id, user_id=None, group_id=None,
|
||||
domain_id=None, project_id=None,
|
||||
inherited_to_projects=False):
|
||||
inherited_to_projects=False, context=None):
|
||||
user_ids = []
|
||||
if group_id is None:
|
||||
if self.revoke_api:
|
||||
|
|
Loading…
Reference in New Issue